last executing test programs:

10.602702683s ago: executing program 2 (id=253):
r0 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, 0x0, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$keyring(&(0x7f0000000300), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000540)=@bpf_lsm={0x1d, 0xf, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x10, 0x9, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x581, 0x20000000008c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x11, 0x3, 0x10)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r3, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x6c}]}, 0x10)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, 0x0, 0x0)
r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000340)=@keyring={'key_or_keyring:', r1})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000800)=@bridge_getneigh={0x220, 0x1e, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x20200}, [@IFLA_GSO_MAX_SIZE={0x8}, @IFLA_WEIGHT={0x8}, @IFLA_VF_PORTS={0x1f0, 0x18, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@IFLA_PORT_VF={0x8, 0x1, 0xdc6}, @IFLA_PORT_VF={0x8, 0x1, 0x3e4}, @IFLA_PORT_REQUEST={0x5, 0x6, 0xd}]}, {0x50, 0x1, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "431c2a4cc6c1355857eb99b876ebfa19"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "fa982d7cb868cd6d772fdf18b7d330c2"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "52a5d7b320e97bdb1aff90f4bfa8484f"}, @IFLA_PORT_PROFILE={0xd, 0x2, 'macvlan1\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0xd, 0x2, 'macvlan1\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "e52fe97f966698244c3afb38005057ed"}]}, {0x158, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x154, 0x2, 'eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|'}]}]}]}, 0x220}}, 0x0)
r6 = socket(0x2a, 0x2, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfff1}, {}, {0x8, 0xfff2}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_PERTURB={0x8, 0xc, 0x3}, @TCA_FLOW_KEYS={0x8, 0x1, 0x32ad}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x408c0}, 0x4000)

8.61694873s ago: executing program 3 (id=256):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000040)={{@local}, @local, 0x8, 0x6, 0x343, 0xffffffff7fffffe1, 0x7, 0x100, 0x9}) (fail_nth: 3)

8.266821009s ago: executing program 2 (id=258):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r0 = getpid()
syz_pidfd_open(r0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000300), 0x48100)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000040)={0x0, 0x8000, 0x0, 'queue1\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

8.155840886s ago: executing program 3 (id=259):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000006d85500001e0a05010000000000000000070000000900020073797a31000000000900010073797a3000000000ac55038014000080100001800a000100fefe807eb37b0000580100800c0005400000000000000003a40002803c000280080003400000000208000180fffffffb08000180000000000900020073797a320000000008000180ffffffff0900020073797a31000000005000028008000340000000030800034000000003080003400000000408000180fffffffb0900020073797a3200000000080001800000000008000180fffffffc08000180fffffffe08000180fffffffc1400028008000180fffffffa08000340000000019c000a801400028008000340000000040800034000000003100001000d1cfcc7882b26f27f5ce2160e0001007f39ca4ec7a221b1c39a00004400028008000180fffffffb0900020073797a320000000008000180fffffffb08000340000000010900020073797a300000000008000180ffffffff08000180000000001f000100513ee19e9cf377f3d8edc674439f8624bfa0d9fb3c25f5f647c23f000800034000000002"], 0x565c}}, 0x0)

7.124028454s ago: executing program 3 (id=261):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = fsmount(0xffffffffffffffff, 0x0, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8000}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}, @map_fd={0x18, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x1, 0x79, &(0x7f0000000140)=""/121, 0x41000, 0x21, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f00000001c0)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000200)={0x5, 0xa, 0x1ff, 0x8}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000240)=[{0x0, 0x3, 0x3}, {0x3, 0x1, 0x2, 0x5}, {0x3, 0x1, 0xe, 0xb}, {0x2, 0x1, 0x0, 0x9}, {0x2, 0x3, 0xd}, {0x2, 0x3, 0x5, 0xb}, {0x5, 0x4, 0x10, 0x4}], 0x10, 0x4, @void, @value}, 0x94)
r3 = fcntl$dupfd(r0, 0x0, r1)
ioctl$KDSIGACCEPT(r3, 0x400455c8, 0x9)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000))

7.055156578s ago: executing program 4 (id=262):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000240)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x11, @multicast2, 0x0, 0x0, 'wlc\x00', 0x3e, 0x1000, 0x42}, 0x2c)

6.778625157s ago: executing program 3 (id=264):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1, 0x50)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f00000002c0)={0x4000, r1}, 0x0)
landlock_restrict_self(r2, 0x0)
truncate(&(0x7f0000000280)='./file1\x00', 0x1)
openat$rfkill(0xffffff9c, 0x0, 0xc81, 0x0)
r3 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = dup3(0xffffffffffffffff, r4, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340), 0x0, 0x0, 0x0})

6.617783352s ago: executing program 2 (id=265):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000380)={0x48, 0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x4})
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'veth1_vlan\x00'})
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0)
r3 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100005ae4c41096050100f5050102030109021b0001000000000904d60001b5e14500090583"], 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000a00)={0x84, &(0x7f0000000400)={0x0, 0x16, 0x12, "9a8687d6899addd9f3b102ad1928c008af38"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file0\x00', 0x200000, 0x0)
read$FUSE(r2, &(0x7f0000008180)={0x2020, 0x0, <r4=>0x0, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000180)={0x50, 0x0, r4, {0x7, 0x27}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f0000002140)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e62bec1881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa6fdc5cd687c3b3fcbf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de5007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e3807665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9a0100e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beac69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3000000009540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007d010000801717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db06000000000000008442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b702d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5e146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a00", 0x2000, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x90, 0x0, 0x3, {0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x4, 0x0, 0x8, 0x9e, 0x4, 0x80000000000, 0x0, 0x400000, 0x0, 0xc000, 0x5f, 0x0, r5, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r2, &(0x7f0000004140)="c98bb9a2a79e72fbca051478fe6e24cbeab04e730a86fef02db30a01d33d07efbac36f4e0e786aa540e01cc4ec64adbac57f750e7b0b749206bb7fc70de5cbcd7bf78bdb59c1095a03ef60a8d22a4e0dcea0aa96c523a2c7f666f1ac51acec733c589f2ab3ca2c8e129a652d7ec8ce120c530ca4fad46123b30cb061fb9998ff71ed9844b1f49f8b8e30e887ecd82a0f44450a325720e5b5065ae543bad2cef4486d5759515a29f048b21b3c78e9a95913a9df61bc854512fc21a6d0376742532ad21cf3b18c7f70b25345a81ede616baf89824f817fb808ea9ca55ac0ecdb91687f27177bbf1f1cdb2321efa1366e8287587ec7f39237537c625c813feae6cffdcb4c829e5ac0bda5c1b746edeb78bc7e1c198ae04f319f0fe41f24c7cbc7c0e3278a349bbf7c804dd729114792d4f81f19f49b2c018e49f43e72eaf5fd4c0ae32f73c0106c2b202152cdb28b21cf2132c6f9c7c583114d7790d397177165952670ccbfc0f4eff26391e8f4faca3536a070470e76d26625a6ec4df17b0fb0923fc31dfc1606f6a9cadaf4718d681d2351ddd138df20ff419c67f684d0d13792c78bfa348e5d76f00503124114034f41283e15ddbe79d5f4e200d5f28ada106334eca95a37fa843aa23236ef3d8aff07df194e8c4396561132379a60c449c5f1b400d2709d5c5f1ee1542790d5843e35f11be0ca4e7caa32c8329320069daea18ab51fad9ae4080d79671d73242278044391b9187eb0c05bbfef7d51bf64275f64ce780b25b509741c695f9e396234e3a67bc6988f05f6ad547371709e50b599179f7fc3def57115b58be578feb01612126bf5d1f08091743b76cd9cac032998adeb68a066387edb528b08d2063c3c504574e3d64ebee51da66e92bc3201baf0fa10bf5686e077a606c2b03a5529c97612b5d299078b99fc644aa101565836991bdcb92afae97b0330fc10c9af1edf05337221c05731246d57f7b063ee01778b99c768c8a8eb07e88f472d53bb59ec1db64191a32e981d384653943289d58970f4785d0081e321e5411bbe8738ee580a36be332a9082126579c797e162a37987a348743225786cf2e4e46f0c0ab0f7c14a6a16dc33e0f7042f203855db6776a3d760846ba5fd2173af04989b2f21cfd7e9e61df98adebef311c1c31f8b14f49c63ce924258af21d2d1766313a60dd23cf1966772551649ed78110d2462e47f14de5eed932bb03d3635f3bcbb8824bfa8b5c77649f097d78ec071b0d09dcdfc2078d0a97f96cb3e32f4cf80da4e07fad909eeabeb5715296ce578ada637a133ada68676e30632acba4f32fd2d23267a685f14a47fad0b36f2940494283a15b30576ff31e2b4472388fe3fecaa2e243818fce1d5de9a0e10aed4dc38a8636bec2ce0d43da7aa2541e8123bc4229ba6f9db4ec6b03c208125be4c389f8e587081209531f3c187077318698b08ace5b1e5a1c5b82633abfb6c4ef2bad7f9e61a142caef3c44dd6b81a9937650f75dfdb6f56bc26edc801fb0f53aa49655ce5f51283d8bb56ba56e9fc9f48395299a4ca4ae5b74398e1be02e2ea0565976ab155ae5df2114301565e23c25595853247dae9c2a598776c44ec0cfc26b3447c20b08424762dd29bfff90cf3f71f0fe933d1b1a29c3f6839858c7993a666401e2a03a1117988b28ae1c82adef8caf1ab564eb445199b57666397a7e7301ccfa9304dbf2854c8b50ab72ce6887e9cd69a647766f87a59d580a19964c9f691fb1eabe8143228bb375cbf12b5167085168ed22de2fee1b26d44324321a632b43d1b7bd13f15b807f1ab259b8456ba5d014fad3876b492b7f14af2ac75cb0f19eef7ad5c3d7f692d81ce1eb3e3fb96200d9253d338cb6d4097f3e6f4f061edcc98994b694b64ce1a266eac23e0506e68d09e4a3d0049420be6e73d684f7566e01bb43c1d51ed2e2c76be592bf4c6cf7471a21ba817f8c708ed76e14d6352e28deb6199bd7ec1232a041c6a655fbc01be4f749def876e0a94275c79bded1eb5bb3f9bfe286e14702e81c0e8a65f4b0a0a7ae62cfd4093a7e0fb07a02ab6a2f005ef538fd56392a3072f8317a1cedcdaecd857cef0f574efca11a6a28fbaa6fa2f6d74676197dec824d96b4ce0cc5999766b4926a6c21e21d4a78f71e87e9a8f1e2c4e3005da888457957377defd70d82fe26041f5399f295d869eb65c8e185a4f853c64603decb3c499a6921534730afbc41c1be57539603f0c1bdc2f61b8d7cfc971fe3fff189faae8411928dc039cb1ee33404544992a7f5646efd1e12d890ef7290ecc5e957a35cc6defb180b8006f8c016621bf17a6546022b9c579e781a66e57bc30d4c5ec8c56c42efce79bb8f203cb3c08133be710f2061879b90905671b346aaf735f2a614e7e46755d35570754e365490e2658090f40c2cb9164b0a1742b3bda5a32a4ebe25166c4ec0b387538362e7998092b1b737370239ef58f1f68f80753146ca2c166119fae83b2c60a19a1461903341d315d5ef8c57473bfd995964dc7b73ca7d35e88589cc7766480c9829ce44af423dcbef90b1ec62d8da8d812ad001e8e67df683dcb9de40db531e9eab3ca59b84689453b40f7df2b04051a6f052f179df5989bcb2e9245d23dee5d9b9ee03ee1ca0cef1b843acf0eb8dacd69047f5afda11b2a7ce274279c8b8a5da4618580f14d6c80bf1a647c90d2ef66395da4a0284427227ed59cc010088f39c12af4fb420683803db81f5ed467508b4e34886ce1550d7e9e29f9c92872d50566726af8b66b10498ce695ebc41573bc9100b6373c53cec7696bb79260d8214390d453d3223b9261c49fca17cf9923d7d1f3ac3abb332f37ddd9d0e09fb4df9305e88fc11f00ca1ddfce8dcc386e05a517c9b42d74629ff2460557107e7d39c0c1938e5b5f1da2dbffb30e3eb77c53d459580077eefb5260d59ad9fba11a66ffa703a3750d5979850acd8644de3c23a5514b4ba922dc20f5911b0d5078a1704f4016c84e39719c280db3ad2cd5f0693c8da07969c239608067fa82aba83d9a3a0f5f3e1f845a27bae1d8708d82eb10c7c205c07234b6e71312d54e878b960c821fd2dd01685143ffad375598dfd10038002a0d9aeceec499669523fb865683cb9379229761ac546e700a26523769ff1432d00073eb387e393d674eeb33a17422b3c0cedd91b3f0802ee59f1307467900c0a919bfaf92578fc18765cfc29cee13da07e821cc26354f5793d9e507cf13fdb55befeb814f4863552cc22440c3e80a61d7db867d72dfb41196bcc020f265fc9beec0004afff442c4a01a772db48a02d2f109a2096ec6d0f938cf8bc0835e07fa180f17cebf8a25b950380be955c4eb6a4f7fc6543a7eee578f800f5137069d08cd04f50cd02580aa7b249156baecd972eb6d8d9ff7598b85c0b0395016ade7107dcc8663c265857fbd7e42b3d4fb7a8c5f58b8befb22530ab47add8ca50611b23770d39a041c7291f30a92873d6c9f193f0bd8a7dc0949d435a3dbd554bf884bee76c3b28b2836e297a7b2dd940e6199b3c14ddf6bf7989eb9f721da9adbd2c754e91304b431c61deff5a7a24107a4f5bbeb1f422fcf10af1f5bcd204deb239c47e93d2f4ac55f4920bb4cbb0c358567ae115bfbcbdb2ff940f0d897fd54e9c198142e5445dc4a6ca4f794e26382394f6f11fc93acc4930cdb6fb39b04867eae0dad3cd2414ca0a1d9d8836a54894697bc3710e1ec9f58b28588a7108e6d8ea098c3e26646818345680dfd4812f89a2b632d2197e8d0d88fe932a1e52a1345d9e9d968e000ccf3658162ca9f50beb08b858a26ffe9cc320bc49cba66582647c5358234d9b38d3e605a2c1c4ddce61dd90070e26fc211d01fbec9fbfcc4cb0c1882014438284303cc80dee1760f631fc66a72d0eb6c6d01a7701a92c2a45613000ce87734f37ecce7774083b8e71dfba4a455516447b4dffe7288d578a37908ce0256d70d07c936a5d21ae223a3197f9cbede4ae983b9356a7073f2b6ba2068556721fd9379041897472c237a0c2007aa8f75a6e145c60a2f0cb7ffda5b6443e2682ec08eea3c851a72aa31508a186185962e79620791a3337abfdf527e513ea287a7b95f2a50f58575aac96af999ce667b1e415545fb931a02282eefad0e9489ec6478218b2a9478aa6060566f2ce636e28ce3d7a6d0c62c340c224efe58b8c99b9d59e6890e858244cf85102a44909645fcd66f57a1e4cde0697e53547aefeadef57db39543bc4b444f1fb5e99d3df8860fa13b91b3c9c47cba2ef823f7739d93f1d59251f2ecbe25b2cd67be1fe37359c5a673564688806154cd28bff8cf321578ef5580b945d208050f13e4429247dadbfeb417519d6b48aeef36e32c656d138191d612b99bcd11225187c41cba1b17b401698a12a3d28f6807be56dee75b93a27a5a120ce4fa25b45a41e2ff5affcd8771ef5efaeba4763fca7f3cadb4a96fd45dc42767dac4efc77aec8803b9edb4e2a3843a5a4936754d42c6bfe35a677aa972873190683712960a9172e75d039ae8f724e51f3770e85efb65dceedbf3e41f5e25244771a004b77777d745ef7401ab7f4586e2c10b0bece0137db9e5285a27621cf0dbe74ddbdeb2904beea55318ff8d65836dd2a57ee5354ac92e7727d2efefa10885184a2647597fb6d482f928baf0be5f83feb05be019268d05e419f58e9e590094a7e3ad7da2aa0fdcd2cfa2f7e7b26750d9049c0402d3def15b15491e1326f71a1d1e4a2a24ff9902f2d0e0e36cfd4314610be7a4e5f6ded81cc6048ee9f4e857f91a131220eedb51838cb1e406c20ef20a5783fb2cfdbaebce5d56a59579b994a0bebf58626e98bc4a7387b9bee07d5dd14a38e27d350cf159200fb2761d8953f1906298c74ee6c78deadd208bb84d3bc074ef127166f6b6c9c6315a76e2606a3aa91b19ae867e3e7372225d8266b6c87aec5fe40af5c816e7771cba0ba9957b6736b6d556daac4c1f60479c7ca81783f6e97509ce609ee07891b79020199018e67c05de3ba577af655ab3b5c79672cfb14c57499558d76f9e1e9681a07acde5064380e0f0446b1e9c2a15cbfdf5fae562884c2bd1f724fec6b0c520aa7df5239c1d54bcbaeb711be9e224eb5aa5dac0df99d8782248f70d9f86c1b576bef030d386beb50ca315c14b768baa013f3b70d85b6fe13bdfe7aa839804a139877c54c5135c920e11404d33a8385559acca5600e96cae8f459bfe295df4198fd19a192ae26c8a694151c70d70d5101b002f2c2580f969571d2cce22218d577b9ec43136e6284953546650b5974da34ad5dd4b0fb1e8e699eb3333e7e3477f21aacd908c69b4d9d092f881039c59c03f4503dfb1dc84f89c16be07b39a0aba23ad387fbb0980809b4147fce3127aaeb40638c889ceda0144189352a3497912daebdde46fb603cec06d9dc6e49fc916c7265c8ef0122f60f46dfd5047f75178e8eed1e2323e67ffbb1de6ca51dfb052862eebc8c81a038906831ae942bbd1148c632af20a06e032f7d91d7a07c740b174d641eee12e66d8db9aa9fadb4004290302d4e35485d9118b4abbb97a2690ec53a1d8555861185f66ec039c627dc74b7b51c7e7754a1391ae29488dce09416116d3e5fb2511865181471a6e8d11febe050358294738931a58326faf5ad405941a8a90cf88b9e155470e4034ad0c3de21c03697d09ce094b5532a77ea66f9c05609f079edac54b310fdd8452a2134ecfddc899f57014754b4783dd4cf190bb957271e9f9f4aa1bf1e792f711c2156cf09015707371a4e88987c25707c5c5a7fc7891b358d1ce9b0ec38983853d0059d5bf5da2c4c5a7e8863ba0b91cb18e94ce20ff72c7cba848355f5afd5e5c086fd16c1647d145cef93f2e7e337f43f67198abff32dc3e624f768ace48bb989e49e02b42bb4831610f561c47b84624f00c011ffee7376ca0b0aa09b048826a40463a6949c47473ac1d524bd808ec7e876822f15512a6814dc335daa536e7148fbfb8200603b882e4c693f5960965e419bb00fe41743084b619cefa3fddf2485e753f1b96de55e3e54cef66885c73dde661978fe65a6966767c9991f030d1dc9b882cd6fbb83181474fb57360a591c2782369d00df5be76697dcc697351006d7fe8363437a220df1cf36f464de3ada90fb8b6c56d607f245a8a8175bbf63fea0c45c8a6462140c285a86ca0bc0b872297c0981bc33c53a0499f849cf9a86db6bb48b87b597f2dd04b29e376a757e070d6b724d7a4ded0a01fd03e58c2d1d7c9bd084c8388e3a193423010e328952c5a62b4100788d1ac5b61c203c31997003d7669f4eff0e01a75d3a06cc7ef7b9a621a93cc6954118d8f7736245665c24ba84f9bf5851c481cac617fbb0ff71f3eaf5441348e61f5e4e7e8bca22d9e91e4a6e843bf02d324c8b55ec8a519b6f95818d84ac9e0f4ec36b7fb44b3db6924bef1a431dde856cecfb479072bc2d97efedb1dfd9fffbcf6dd430899d0fd8dcf33a2c137296d28373cf70984d6ffd823abd4721303c0c4072bd9c0723b7e868290b9e6f2d5b92feb6a4d2ea5dfb31c3a9cae8611a567ade5fc050eb7b74a240ead9a70679e61b4b8ac671695e70879459afd7151bb29655274d7ec3d10766eb919f5dcc648394717507588a95800b0c9969c70b981dd37e1b5702f50f49a67aed32db437746da94c965344e7fda47d36488fd24489f462b8abc2bd08ffc7c54dd7a2d1ebffe3b126565b89b764a289e505411ae846f5b8f9877ffcd70a8a57b3b7dcf8356d774aaa2746f63fd8e9e5e4b6d5b2ea62bdea0a90696608d156623863985f13b312a56960e3d5cd908ce456a2465ac72232fafd4f1c779b8e6707f3b34c5dc1356ae159bcf311d77e15dccb6c094ab12e999e1aea1026afd8c3dafa5f761a7e82bc139951e1cac736d0e3ed163837b3e8a120df674355c32a17efb6d126beda38ac57722f16e5e2ff5a5979b219e6a886f3cb853291cb5c835d591b6229ae938cb59ac73caaff0a1e13f6efb4a3e1385fc8fe77a33a189cf1b1a5eed06bee4d5237aafdede0f3c883f64ceaed04d88ac0e3738f89f7eba17fa71ea5bdad5af6c2a3c281c6762cc70f277361aec24a666ccfd95a8cc9af0dbb331f840e1990083cf648f7068808f903f281e6222d3ea6da539d047f6309d2d0c0d1fc9b7e2b2b7d082432f8d819f923f54e2ffff2e1504c3f7b17a9b19c32bed9ef376fe6d0d0647f9be85c617eacc82cf9ec9a9c901cc4088fa90e1abbb6f1340e34e4445313922286d5d1e655da8b42e799eb04a8f766d88ae24dcbe9f589104ee2c83335d6b3a498fd236fdd26c1b8e72258925de84861e3946a389bbce2d87e044d242ce9684afaf75ff20306db09dfead4481c844dbba005146a50dfbe3b4d939d3bb587a00daefb7db1f1cfe616c0528941d28cae06f057650475dad0fd3be6e85f5693b32636e8677634fb17ed60379b9a74a22f0abb12f74f2084c8bff00afd1e7ccc43a3b08ecabc1aa4a722e1f3b1c2510476e643df4b4a6f069e8029c975f471c89a3c0c49c63c6c0899950ea89f6d692a0f2e2e7a8e828f7e9cadda537119db284505380296a689a7bc168da713671c3d47af2ac32e53a05796ae11afc14d87f2daae13201275228d0d536d72cd43580726378be6b9a7b4e56670998adf46cbcb2a61d5daffc57acbc682d1e1716409527db61a11bf2d0b6b8ec8ac9a6fb553935329ba9f877b1019d1bea3ea0e98d65b830765e50786a2dc0600000061efc79e406155f2e6df3187b0a22864cbd5ee9d29c0ed153fd2751ce7d6cc9178481c0a3806791f6e4be674352a76eeffcf07dc867fac687933d2b7597008c2614a2e0157cad1f7bcf75a3e98bfafa4addf57db94421b54c8e3580c554c11b15e9f10a33c21e430bf3e13f3fcea6b17ce4d7f32ac0ecc9540b1deebb0b73bcb56f9632cced1b0f5f1ba4a9fa5100e8916bb7f47f71e5fc4cc46b344dadc9a9bc1a470583490a6304b374da44a179533dc00f3614678b292841b47f34dde4f08f0f86fd50f4a6984bed2a1d8dbb49f987dc196180aa6797f8b9cf739a5b6b940c841346ed2189f76733ddad49787b44737ffd2179ce2d3c9b94332014ee0f3882f62ab697d09dd37cb5d602e1fb24fef4309e72e76cb43a2bdcfd5ba97ff84f19801aba142c1be10851cf937d4cef92423d630646b1c9ae3580907c84db42ec4132cb9702781760c5a7d3aadc0395bdd0b7dce7bbdf8cfe6610dd7187ae6534cdf6267f8e9423e9805bab23e22169f9af3312cbea92d784a343419e4f038d1547625e13258e2f7330c75adf5d810efd666ca9b93368ae3a745113f125f961a0ca79287c3eba8ac2a81e7ea5b66bbd04b5e12a9e73f776ff17bbb3deb2473e10a284ec98e9e52c178cff024e1885b86ef7559227e033ec4f8074e513d85b50810b158e9dc1d42a810251443b44f325dcca8e47f7b1dfcdccdca14947083a9377694bef2acc5af03e63edcd03f54bb53c0cb8769d1a009f096de7f43c79eb83d2f360fd5118f4ca54367389b9b3c68e0f655a25328585cd27d3d908787ff816968da7769838e26bb215e6823d987f09f3d5cea873c788d667e92fd590463c579bcccd21b0edc12eab5c6939487baa24a1e22ceff90b9d6587d6b7bd69a15efa818e30f3b65c4234de7951ba94f0e6726d1237e0168b2044b7067de2c0766e1d3502094ccf35d0882a09e9f50d7d20e3ac8ecfe6e1c0606fc750dd9f340a7776d2eeb6eb5e50823a82f308eaf3ad5908baf58a780759d6ae8022aaddcd599c427dde8d986f14fb433b5b351edf64e943f1fcc31a0e1fb7c077557d9581d91e9ce1f71193db30cc42d280517b8de8818dc1477882039247841870285cf1e1da4c443b83b5c791b0a8eaf697f571e7c3d51baf0cd27dfb809cb31df5f714051f5a9a83773102641f7d345bb18641f0eb4c8a168ad8f056662ef7565906a71ba7a79ce9f0853054655c432dcf32b78b7b3b4bdc5b40092da20b5a8859b4d2b863f94e21fcd70425177e6dd9a64b2ab690e14ccee1374a7815f06a5f09de4f6043d2b39fddcef29e92910a6eea18ced41c1bedfcdee1089ec2deee3ad76b7cabd255b1a2a53f7575f459e0230c018165747126060172d5f13816edc644972a072a7e401d439dad958949ef477d8a2b5e5899a8ea8846cbc7b335b78c7f2644c8c69a1e6b254f58b8aa7a7885c4234bfd962352c311a007c2a7bb5a8e34202dd52692304624117be8ce6f110782767587aa4943a9ddbb960b7e00396fdbabcddd4854e0313daa94422601af0462314c173afc2528db6052e221dc59d594f89e7c9452b5c605b5955b469482d5135cfbf2d0d3b455508d9f40f37eca2b11fbac931f4e2ebcc9bc690de80641ce0213689946735ea8473f6c89e24f5246d22ebb22dd377ef43579702cd3d80650e14766ce7a37a8823841967b650a7a3a347a6f0b2ba7d8bb1e9fded9cd7e2b47742fd726d07447de92ae4b02db7c30a7e065b2d05ff5ff5709b7cf283606903f80e99810799780780d6a28cdda40505d3a4df0996b9d9bb237477cac4fdd3fa1717c9365ac7318de52070fc91861db4624f83dc374690209ae7ff09a0d2aae536937cd86ddd187bace3b7b42974e81cbe54fc011ca1817c1323cd0914ea96b6e7ebb10b7213a51a34b3bba4c129d571ca9f41a6aa41ce336bca6911f24f45cbb4122e1100a559a3e580957dcdf5f14bb32154ed64f250f480b282f5fe9ee65621093d370682afd2b8f37a7e9aaab1447c5162887f3d0f6c74959938c0716ab03dd242f967f574df9cd25cfd64bcb2e6f5788530e761711990778960bd7a828497cec05da36777433fb27bd80d517f6850c46d84b101ea644b596d352714945d6e31b2c43c1acb4e09e443fe51890559a0dd049dbe33d375e46f008bb5ee4af3a7609120cb5498a7aa33fd64f7b3e18170cfe1875cb6e25ce1dc78d04130894d757b66da2349a7f038c747138b0eaf0f2fa933ef7f51dfedb586bc0f49c76860f46009e28ab730290080e0483c70635da84b373e7413fa576e2a3e464c1d2432b3fe5e1a08e06e004d6c47948da8f8290db7ef807a23aabce4fc3e2164be066a721a7ace91f82ceecf3a1339d60134e410dee712bc5585c2ad61389ddeb49bf8679112d537418f9d2379c4bc56850fc400c6ba0b3f9252d43bf5271167adea041bc537b33d22a6c7226a6b9897aa1d34a35198f151865243de05435a58716e5f8a864e01ebe6ec6fd841210b5a1c39027f59e3df97b3090ea6a0e7113bd1ee146e174aec4139bbf6f9fdd7b6dc5d92ee3b4d5044db49e04a90a820993bda6858c36e414e8fa033cb86c58ca687043a0754d0a96cd9833f188cb5b9ca73f412a81dc92b3b88f8585fc357129ab44fcd3c04d46aa09b6373539e784aa546106b7a7472829206a5a1df78df26d0cc691d158136da9661990109e74d75e866388e2fbc8a905c5e939e56a09bb168954ddac4be6f1b9770137440129c4328246cb71bcfc2e95925616fba756806fac7b4256597a837bd170674fa678d8bb70c9c50c4d62ed7bab199363854d073f50758f89d2670b39ba58e16267aa45f69367e003e3ee1899f7400580b375984dd040ab6eab1ec0fcd3ffa536004727ae17dc4cd76d4c2534bd50b92a5e1039e4cceeeb7e48cf347314db3534c6e835d94315fe129bdfbaaf4ab528d20fc0c802eebba43b81d31f2f25079057e25f3fab4bb1b61a8380694e586a5d248fdd0b30a54794eb3852267ea6e5b6d3dcec4e3c889ff42759c96f535f5330b1d869bdc41592791dc4a56f9de48e90182bcf0af670155b79291e811fee0098a39d12f6001f71547bed9f07a10ad3d8054dc5cabfa30feadcf25c851a64fa03d75c0f2e57f9887c9606707005d6d1fb9dee4b4ae52637ae6d963f6c3409e8506c165ae21185f04c55e7bc5af51de5b561a3493f2d7b30ec26bb8a03e4493d27de6608ede356b6b62111c25f446f4fac3056c70f762919f021d7bc4c1470ece9776dac82ed0678c88cd3c8fcd92de28e0ce9a091405f9b8f2d3aac3a78553f47b75b6d91cf53e4e93857b55edfc7afe956b264067d9a0591acd3f6b32ddd93de8ddc046ff55d1f41de1021ce62c988fb378e9e4e1efdc428dbccacf0fa8232a52673aa67ac0251bed7ec2eddad07ed57d9cc6a735171cc180544a8ba5887f7cb588474897376c3b5d0b633a54ea821f2117ef8bf9d4f509bd6487042b0208069d44aceff75f49fe3ab2a39069ec0ac2f3dbee0b982b8f04013ed2e99907030eff31be0b847bbc818f68103e8c24d99f8fee0fdd968751ee3482e90c210ee47cb2f6b5e5fb87248ed281dad438af5808128f83a3b602a2238632d3067e19a764b4386e726bbe17b70499c5b381d94d83c9ff03667f3b6cb8505efc134a7e2c1460349f0efe1b5ef15519445d5f4c146a1af51a164353733f8dd16704f462fdd309cdc5aa1d6be35643cbb94e3872d82c9ded4f3a287d199e6bf2a35567bc382b34957b8730b0dd9400", 0x2000, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)={0x90, 0x0, 0x6, {0x4, 0x0, 0x0, 0x3, 0x0, 0x0, {0x0, 0x0, 0x0, 0xd297, 0x0, 0x0, 0x100000, 0x800000, 0x1, 0xc000, 0x0, 0x0, r5}}}, 0x0, 0x0, 0x0, 0x0, 0x0})

5.213127745s ago: executing program 4 (id=267):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002640)=@newtaction={0xe0, 0x30, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [{0xcc, 0x1, [@m_tunnel_key={0xc8, 0x1c, 0x0, 0x0, {{0xf}, {0x4}, {0x97, 0x6, "ebb7905fe91e9be4677d59a9642fd119d19ac5e190bf4b0f9f2859657921b9c6fce506e2b627b610552adbd25f19af61b6f9b1603735a6e3d97188050bf1e9e04f7b370bf4a6645e82f7d27fe7ecb451e477ceac7c3e03294761182420c71011ec9e6197a94d09c8348554283a8308b47f98b0290d3149d466fd232ac06f2714af49e9c6aab9f06632e3c3c186c30993075db9"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}]}]}, 0xe0}}, 0x0)
socket(0x10, 0x803, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x0, 0x0})
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2})
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r1, 0xc1004111, &(0x7f0000000300)={0x0, [0xfcef, 0x3800, 0x3], [{0xffffffff, 0x9, 0x1, 0x0, 0x0, 0x1}, {0xfffffffc, 0x3, 0x1, 0x0, 0x0, 0x1}, {0xffffffff, 0x1, 0x0, 0x1, 0x1, 0x1}, {0x2, 0x6, 0x1, 0x1}, {0xfe3, 0x3, 0x0, 0x0, 0x1, 0x1}, {0x9, 0x10, 0x1, 0x1}, {0x30, 0xe369, 0x1, 0x1, 0x1}, {0x100, 0x4, 0x0, 0x0, 0x0, 0x1}, {0x7fffffff, 0x8, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0xfffffffe, 0x0, 0x0, 0x1, 0x1}], 0x200})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r3, 0x1)
connect$bt_rfcomm(r3, &(0x7f0000000200)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)
close(r3)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xfffffffffffffcef, 0x0, 0x0})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), 0x0}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, &(0x7f0000000300)='GPL\x00', 0x5, 0xffd, &(0x7f0000002840)=""/4093, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = dup3(r2, r0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xfc}}, 0x80)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r6, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x2e9, &(0x7f0000000b00)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv6={0x86dd, @generic={0xe, 0x6, "c19ddd", 0x2b3, 0x2e, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00', {[@fragment={0x87, 0x0, 0x0, 0x1, 0x0, 0x6, 0x64}, @routing={0x16, 0x2, 0x2, 0xb, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}, @routing={0x89, 0x8, 0x0, 0x9, 0x0, [@remote, @private1={0xfc, 0x1, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x2c}, @dev={0xfe, 0x80, '\x00', 0x13}]}, @srh={0x3c, 0xe, 0x4, 0x7, 0xff, 0x48, 0xfffc, [@loopback, @private1, @remote, @local, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local]}, @hopopts={0x1d, 0x1, '\x00', [@jumbo={0xc2, 0x4, 0x4}, @enc_lim={0x4, 0x1, 0xb}]}, @fragment={0x9, 0x0, 0x2, 0x0, 0x0, 0x1d, 0xfff}, @dstopts={0x88, 0x1e, '\x00', [@generic={0x2, 0xcf, "a8ed909f90c9addc555f8c0f8259bb813be49bbd26f975dfc0bc9c01b6d79f2069e32031060a421e0b66d244b8e15f544c7baa289a2b42c9e7f216e018caeec6dd1b6844b2330601e8300515633500c043b2fd36e697c5f27b5420f6795b64917e91518cf199b591f8f1ac92d64daf7e0b6f59888e3b2dcdcad322b0aadda008fcbe6bb0af17e2541e66473313b9d44bbe9603694357cee5d6190322840855d7524b5f8a88fc09d57e5187bb1642519e794a75a94c220599423dcae9512206fe821a5b8c7a0da3be77056a01f126e5"}, @ra={0x5, 0x2, 0x9}, @ra={0x5, 0x2, 0x2}, @calipso={0x7, 0x10, {0x0, 0x2, 0xaf, 0xb, [0x1]}}, @pad1, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0x6, 0x8, '\x00', [@ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x3}, @calipso={0x7, 0x38, {0x2, 0xc, 0x6, 0x2, [0x1f, 0xffffffffffffffff, 0xfffffffffffffff6, 0xbe, 0x34, 0x7ff]}}]}, @dstopts={0x0, 0x6, '\x00', [@hao={0xc9, 0x10, @mcast2}, @jumbo={0xc2, 0x4, 0x81}, @calipso={0x7, 0x10, {0x3, 0x2, 0xf, 0x0, [0x3ff]}}, @ra={0x5, 0x2, 0x8}, @enc_lim={0x4, 0x1, 0x9}]}], "c805c4c1f939630bd61363feddec153c1ce9aedfa612daddcf47eeefdaa04805237a7b"}}}}}, 0x0)
r7 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'bond0\x00', <r8=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r8, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0xc, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x12}]}}]}, 0x3c}}, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10b})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})

5.121372289s ago: executing program 3 (id=268):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000900)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x4, r1, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
getpriority(0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x4008)
syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000200)={'vlan1\x00', &(0x7f0000000480)=@ethtool_eee={0x17, 0x0, 0xfffffffe, 0x0, 0x0, 0xd}})
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r5 = accept$alg(r3, 0x0, 0x0)
sendmsg$alg(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
r6 = syz_open_pts(0xffffffffffffffff, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000140)=0x4)
write$binfmt_script(r5, &(0x7f0000000600), 0xfec8)
recvmmsg(r5, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000300)=""/225, 0xe1}, {0x0}, {0x0}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x4, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, &(0x7f0000008000)={0x0, 0x989680})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000100)=0xfffffffc, 0x0, 0x4)
r7 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000010d804dd00000000000001090224000100000000090400000103000000092105000001220500090581030002000007f13d2475aa0b4d26b904a26934740887fa6e564510bd23d68208ec59c69c6f18250527013af248"], 0x0)
syz_usb_control_io(r7, 0x0, 0x0)
syz_usb_control_io(r7, &(0x7f00000000c0)={0x2c, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r7, 0x81, 0x2, &(0x7f0000000280)="935a")

4.093563209s ago: executing program 4 (id=269):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000640)="f483", 0x2}], 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r4 = socket$kcm(0xa, 0x3, 0x3a)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)

4.008899326s ago: executing program 1 (id=270):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

3.897998585s ago: executing program 1 (id=271):
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x20)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x781001, 0x1a)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount(&(0x7f0000000340)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000001c0)='./cgroup\x00', &(0x7f0000000040)='udf\x00', 0x208000, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000580)={'vcan0\x00'})
getsockname$packet(0xffffffffffffffff, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000600)=0x14)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000005b00)={'vcan0\x00'})
getsockopt$inet6_mreq(r5, 0x29, 0xdacff70d9a690b82, &(0x7f0000006780)={@remote}, &(0x7f00000067c0)=0x14)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
mmap(&(0x7f0000661000/0x1000)=nil, 0x1000, 0x1000000, 0x2010, r0, 0x76abf000)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)

3.631574514s ago: executing program 0 (id=272):
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x111, 0x2}}, 0x20)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x82, 0x2)
name_to_handle_at(r1, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@FILEID_BTRFS_WITH_PARENT_ROOT={0x28, 0x4e, {0x7fff, 0xffffffffffffffff, 0x62, 0xcc9, 0x8, 0x1}}, &(0x7f00000001c0), 0x1000)
mount$bind(0x0, 0x0, 0x0, 0x887008, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x4c, &(0x7f00000001c0)={[{@size={'size', 0x3d, [0x25]}}]})
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r3, 0x1, 0x3f, 0x0, 0x0)
bind$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
read$FUSE(r2, &(0x7f0000004100)={0x2020}, 0x2020)
ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f00000000c0)=0x1)
r4 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz2\x00', 0x2, 0x0)
write$binfmt_format(r4, &(0x7f0000000040)='1\x00', 0x2)

3.132559343s ago: executing program 4 (id=273):
r0 = socket$phonet(0x23, 0x2, 0x1)
mount(0x0, 0x0, &(0x7f00000000c0)='dax\x00', 0x90003, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x10, &(0x7f0000000600)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYBLOB], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9b, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0xfffff000, 0xe, 0x0, &(0x7f0000001700)="61df7100c80400d5721ff59fe864", 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000640)='fsi_master_aspeed_cfam_reset\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x400000000000000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x5)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0x1c0, 0x43, 0xa0, 0x0, 0x98, 0x360, 0x178, 0x178, 0x360, 0x178, 0x49, 0x0, {[{{@ip={@empty=0x5107, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1a0, 0x1c0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@connbytes={{0x38}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x168, 0x1a0, 0x0, {}, [@common=@unspec=@connbytes={{0x38}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@multicast1, [], @ipv6=@loopback, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, [], @ipv4=@multicast1}}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x468)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x10)
sendmmsg(r0, &(0x7f0000000b80)=[{{&(0x7f0000000000)=@ax25={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x8}, [@default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000080)="151432d90a565f3151836513011ea6b41bbfadd5079b5e9a509e944bf4d984d994ab61709a45fe02ddbe", 0x2a}, {&(0x7f0000000100)="2397eb5610f7abcb0bd9dad9d88f63db2d752e3d4f2880b445c40f92f3a568a3029d0a3286298fe95f7dec85b8cf108777e22021cdbfc96cc2660ff38195b33b3fc139ea6b867c5e5fd6add779cf64e8258ab3e447f0141b6bea7135828cf347a2383e5e106c509683077850daf425e6112dff4c97c1f3901b8673b90e13684c47a3d8ef6f5f6f2bf7353f9c86160219302a078eeb04a5c8d9273cd0ed24f2697d78e1593772ddee09b000123070821014a6770b12ccdf77216c118f2abb42f60d6dedc665b3f31d4abc3ccf4c2a12e48ac9eacce7ed403e477ad3", 0xdb}, {&(0x7f0000000200)="484d3acd3179e1ea069d64c7c262737c7099285d88683cd079e910d98d5305e8ed092ac5695636ac5dd6bdefbbc1b1d8dc28691df1fa9fd5fe6e8600a2b695fcc2889bea2eb354d7554ab77aa5146f2be21683008791db0da3c735aa471d832c5e58f91561f4c141d51a233220abf53224c1e6282bca60870965ac8e6e5057395e1cfb4d5351596c88a8562f3e4e02089c3573eda771282f30e1335721682bb94c2e22405f1c3dd9b4", 0xa9}], 0x3, &(0x7f0000000580)}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000ac0)=[{&(0x7f0000000680)="8a98641e8a87550efbb1a40896dc482b1c45734639e439759593c5c98ced61117ad1cdf8600000240638dc9259102da257220e574bf647b9d33d027ef7f6954eab", 0x41}, {&(0x7f0000000700)}, {&(0x7f0000000840)}, {&(0x7f0000000900)=')\fyl', 0x4}, {&(0x7f0000000a40)="04459742063a00ff862b9e1400f1990a05935471239f1bf57a4351c61ed44c3c79fcab98f2e901b95b47a53af5ef59f09376e3bb36ef05fd7e8e59e60f3fc9be", 0x40}], 0x5}}], 0x2, 0x800)
recvmmsg(r0, &(0x7f0000003600), 0x0, 0x30143, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)

3.045717474s ago: executing program 0 (id=274):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x400000f1, 0x0, 0x9}]})
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r6 = gettid()
r7 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR2(r7, 0xc02464bb, &(0x7f0000000040)={0x2, r8, 0x5, 0x5, 0x7, 0x5, 0x3, 0x7, 0xe})
rt_sigqueueinfo(r6, 0x21, &(0x7f0000001500))
syz_open_dev$sndpcmc(0x0, 0x1, 0x101000)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000007c0)=ANY=[@ANYBLOB="280300002d00090027bd70000000000004"], 0x328}}, 0x84)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYRES8=r0, @ANYRES32=0x0, @ANYBLOB="21000000000000002000128008000100687372001400028008000100", @ANYRES32=r10, @ANYBLOB='W3\x00\x00', @ANYRES32=r10, @ANYBLOB], 0x40}}, 0x0)

2.816345256s ago: executing program 1 (id=275):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000040)={0x0, 0x8000, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

2.056192952s ago: executing program 1 (id=276):
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[])
write$FUSE_INIT(r0, 0x0, 0x0)
syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
write$FUSE_WRITE(r1, &(0x7f0000000340)={0x18, 0xfffffffffffffffe}, 0x18)
io_uring_setup(0xf08, &(0x7f000000c480)={0x0, 0xd1ec, 0x400, 0x3, 0x5})
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000004600), 0xffffffffffffffff)
socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
userfaultfd(0x80001)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r4=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.920190303s ago: executing program 0 (id=277):
write$tun(0xffffffffffffffff, 0x0, 0x0)
unshare(0x6a070880)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
stat(0x0, 0x0)

1.916435596s ago: executing program 4 (id=278):
r0 = syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x56a, 0x94, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x7, 0x3, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x7}}}}}]}}]}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES8=r0], 0x50)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f0000000000)={0x46}, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

1.830067918s ago: executing program 2 (id=279):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002640)=@newtaction={0xe0, 0x30, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [{0xcc, 0x1, [@m_tunnel_key={0xc8, 0x1c, 0x0, 0x0, {{0xf}, {0x4}, {0x97, 0x6, "ebb7905fe91e9be4677d59a9642fd119d19ac5e190bf4b0f9f2859657921b9c6fce506e2b627b610552adbd25f19af61b6f9b1603735a6e3d97188050bf1e9e04f7b370bf4a6645e82f7d27fe7ecb451e477ceac7c3e03294761182420c71011ec9e6197a94d09c8348554283a8308b47f98b0290d3149d466fd232ac06f2714af49e9c6aab9f06632e3c3c186c30993075db9"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}]}]}, 0xe0}}, 0x0)
socket(0x10, 0x803, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x0, 0x0})
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2})
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r1, 0xc1004111, &(0x7f0000000300)={0x0, [0xfcef, 0x3800, 0x3], [{0xffffffff, 0x9, 0x1, 0x0, 0x0, 0x1}, {0xfffffffc, 0x3, 0x1, 0x0, 0x0, 0x1}, {0xffffffff, 0x1, 0x0, 0x1, 0x1, 0x1}, {0x2, 0x6, 0x1, 0x1}, {0xfe3, 0x3, 0x0, 0x0, 0x1, 0x1}, {0x9, 0x10, 0x1, 0x1}, {0x30, 0xe369, 0x1, 0x1, 0x1}, {0x100, 0x4, 0x0, 0x0, 0x0, 0x1}, {0x7fffffff, 0x8, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0xfffffffe, 0x0, 0x0, 0x1, 0x1}], 0x200})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r3, 0x1)
connect$bt_rfcomm(r3, &(0x7f0000000200)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)
close(r3)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xfffffffffffffcef, 0x0, 0x0})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), 0x0}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, &(0x7f0000000300)='GPL\x00', 0x5, 0xffd, &(0x7f0000002840)=""/4093, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = dup3(r2, r0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xfc}}, 0x80)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r6, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x2e9, &(0x7f0000000b00)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv6={0x86dd, @generic={0xe, 0x6, "c19ddd", 0x2b3, 0x2e, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00', {[@fragment={0x87, 0x0, 0x0, 0x1, 0x0, 0x6, 0x64}, @routing={0x16, 0x2, 0x2, 0xb, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}, @routing={0x89, 0x8, 0x0, 0x9, 0x0, [@remote, @private1={0xfc, 0x1, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x2c}, @dev={0xfe, 0x80, '\x00', 0x13}]}, @srh={0x3c, 0xe, 0x4, 0x7, 0xff, 0x48, 0xfffc, [@loopback, @private1, @remote, @local, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local]}, @hopopts={0x1d, 0x1, '\x00', [@jumbo={0xc2, 0x4, 0x4}, @enc_lim={0x4, 0x1, 0xb}]}, @fragment={0x9, 0x0, 0x2, 0x0, 0x0, 0x1d, 0xfff}, @dstopts={0x88, 0x1e, '\x00', [@generic={0x2, 0xcf, "a8ed909f90c9addc555f8c0f8259bb813be49bbd26f975dfc0bc9c01b6d79f2069e32031060a421e0b66d244b8e15f544c7baa289a2b42c9e7f216e018caeec6dd1b6844b2330601e8300515633500c043b2fd36e697c5f27b5420f6795b64917e91518cf199b591f8f1ac92d64daf7e0b6f59888e3b2dcdcad322b0aadda008fcbe6bb0af17e2541e66473313b9d44bbe9603694357cee5d6190322840855d7524b5f8a88fc09d57e5187bb1642519e794a75a94c220599423dcae9512206fe821a5b8c7a0da3be77056a01f126e5"}, @ra={0x5, 0x2, 0x9}, @ra={0x5, 0x2, 0x2}, @calipso={0x7, 0x10, {0x0, 0x2, 0xaf, 0xb, [0x1]}}, @pad1, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0x6, 0x8, '\x00', [@ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x3}, @calipso={0x7, 0x38, {0x2, 0xc, 0x6, 0x2, [0x1f, 0xffffffffffffffff, 0xfffffffffffffff6, 0xbe, 0x34, 0x7ff]}}]}, @dstopts={0x0, 0x6, '\x00', [@hao={0xc9, 0x10, @mcast2}, @jumbo={0xc2, 0x4, 0x81}, @calipso={0x7, 0x10, {0x3, 0x2, 0xf, 0x0, [0x3ff]}}, @ra={0x5, 0x2, 0x8}, @enc_lim={0x4, 0x1, 0x9}]}], "c805c4c1f939630bd61363feddec153c1ce9aedfa612daddcf47eeefdaa04805237a7b"}}}}}, 0x0)
r7 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'bond0\x00', <r8=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r8, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0xc, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x12}]}}]}, 0x3c}}, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10b})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})

1.196065608s ago: executing program 0 (id=280):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x500, 0x0, 0x25, 0x148, 0x0, 0x60, 0x468, 0x2a8, 0x2a8, 0x468, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x320, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0xa214}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x11, 0x20, 0x20]}}}, @common=@unspec=@statistic={{0x38}, {0x0, 0x0, 0x0, 0x0, 0x0, {0xfffffffffffffffc}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x560)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f00000003c0)=@multiplanar_mmap={0x80, 0x2, 0x4, 0x71413, 0x80000000, {0x0, 0xea60}, {0x2, 0x2, 0x3e, 0x2, 0x90, 0x81, "32c1c594"}, 0xd634, 0x1, {&(0x7f0000000340)=[{0x7, 0x101, {0x7}, 0x5}, {0x0, 0x2, {0x1}, 0x7}]}, 0x1})
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r3 = socket$kcm(0x29, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x803, 0x6)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6}]}, 0x10)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r4, r2})
sendmmsg$inet(r3, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000440)='{', 0x1}], 0x1}}], 0x1, 0x0)
lgetxattr(&(0x7f0000000d00)='./file0\x00', &(0x7f0000000180)=@known='system.sockprotoname\x00', 0x0, 0x0)

1.188662145s ago: executing program 1 (id=281):
getpid()
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getdents64(0xffffffffffffffff, &(0x7f0000000200)=""/171, 0xab)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x20000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_emit_ethernet(0x2a, 0x0, 0x0)
r3 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r3, 0xc0405665, &(0x7f0000000280)={0x7, 0x2})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a09040000000000000000020000000900010073797a300000e8000900020073797a32000000003c000480380001800b00010064796e7365740000280002800900010073797a3200000000080009400000000308000340000000010800044000000000140000001100010000000000000000000000000a"], 0x90}, 0x1, 0x0, 0x0, 0x20040815}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket(0x11, 0xa, 0x0)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r6=>0x0})
sendmsg$can_bcm(r5, &(0x7f0000000040)={&(0x7f0000000000)={0x1d, r6}, 0x10, &(0x7f0000000080)={0x0}, 0x8}, 0x10000)
socket$alg(0x26, 0x5, 0x0)

1.135804334s ago: executing program 3 (id=282):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000100)='H', 0x0}, 0x20)
syz_open_dev$vcsu(&(0x7f0000000080), 0xfffffffffffffff7, 0x52000)
syz_usb_connect(0x5, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12015002d2cfa00863110001badc0102e1160902240001050590010904d70302ff03040409050f83000209b30509250f871093a0ddac200585031000"], &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0})
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffff, 0x1}, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="03000000000000002000128008000100677265001400028008000600ac14144008000700e000000108000a00", @ANYRES32], 0x48}}, 0x0)

1.045194223s ago: executing program 2 (id=283):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000640)="f483", 0x2}], 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r4 = socket$kcm(0xa, 0x3, 0x3a)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)

1.005166458s ago: executing program 0 (id=284):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433306a1000"/72, 0x48}], 0x1049, &(0x7f00000002c0)=[@assoc={0x18, 0x117, 0x4, 0xeffffffa}, @assoc={0x18, 0x117, 0x4, 0x7}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x7c70}], 0x60, 0x40005}], 0x1, 0x40800)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'dummy0\x00', 0x4000})
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
ioctl(r0, 0x8b1b, &(0x7f0000000040))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='xdp_bulk_tx\x00'}, 0x18)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb23, 0x0, 0x5, 0x6], 0xeeee0000, 0x8340})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
socket$kcm(0x15, 0x5, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8901, &(0x7f00000000c0)={'bond_slave_0\x00', @random="0131218010ff"})
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4400000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800080088a80000060027"], 0x44}, 0x1, 0x0, 0x0, 0x24048004}, 0x4000)

783.930846ms ago: executing program 0 (id=285):
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x9200000000000000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x84}]})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan0\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x808)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40004)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$NL80211_CMD_RELOAD_REGDB(r1, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r2, 0x101, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
getrlimit(0x9, &(0x7f0000000300))
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}})

264.004856ms ago: executing program 4 (id=286):
pipe2(&(0x7f0000001cc0), 0x800)
socket(0x1d, 0x2, 0x6)
socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1, 0x0, 0x1, 0xb}, 0x20)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f00000000c0)={0x1, 0x8c, 0xff, 0x6, 0xcf, "0982aa400000000000e6ffffab5b00", 0x5, 0x3})
r2 = syz_io_uring_setup(0xe3f, &(0x7f0000000140)={0x0, 0x202119, 0x80}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x40102, 0x0, 0x2c}, 0x0, 0x18})
io_submit(0x0, 0xfffffffffffffeca, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r5, 0x800448f0, &(0x7f0000000140)={0x2, 0x3, "b604fb", 0x1, 0xfe})
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
r6 = userfaultfd(0x1)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000fcffffff000000000010000095e59f4572000000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r8, 0xc004500a, &(0x7f0000000000)=0x694)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_WRITEPROTECT(r6, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2})
r9 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r9, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000013000100000000000000000007000000", @ANYRES32, @ANYBLOB="00000000001700001c001a80180005801400048008000200c7000000080001"], 0x3c}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r9, 0x89f2, &(0x7f0000000340)={'ip6gre0\x00', &(0x7f00000001c0)={'syztnl1\x00', 0x0, 0x0, 0x17, 0x7, 0x6, 0x1, @dev={0xfe, 0x80, '\x00', 0x38}, @mcast2, 0x7, 0x1, 0x12, 0x7}})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0xff)
syz_usb_connect$uac1(0x3, 0xa4, &(0x7f0000000040)=ANY=[@ANYRES32=r3, @ANYRES8=r0, @ANYBLOB="05"], 0x0)

128.620812ms ago: executing program 1 (id=287):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000040)={0x0, 0x8000, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

0s ago: executing program 2 (id=288):
mq_timedsend(0xffffffffffffffff, 0x0, 0x2f, 0x80000001, 0x0)

kernel console output (not intermixed with test programs):

am0: Port device team_slave_1 added
[   88.845721][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.852711][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.878798][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.907745][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.914922][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.941263][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.955577][ T5819] team0: Port device team_slave_0 added
[   88.962995][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.970342][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.996551][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.021431][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.028740][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.055102][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.069072][ T5819] team0: Port device team_slave_1 added
[   89.158037][ T5820] hsr_slave_0: entered promiscuous mode
[   89.167548][ T5820] hsr_slave_1: entered promiscuous mode
[   89.206920][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.213987][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.240260][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.297568][ T5815] hsr_slave_0: entered promiscuous mode
[   89.306625][ T5815] hsr_slave_1: entered promiscuous mode
[   89.312739][ T5815] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.321401][ T5815] Cannot create hsr debugfs directory
[   89.343003][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.350365][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.376576][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.400642][ T5817] hsr_slave_0: entered promiscuous mode
[   89.407662][ T5817] hsr_slave_1: entered promiscuous mode
[   89.414121][ T5817] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.421716][ T5817] Cannot create hsr debugfs directory
[   89.433864][ T5816] hsr_slave_0: entered promiscuous mode
[   89.440309][ T5816] hsr_slave_1: entered promiscuous mode
[   89.447212][ T5816] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.454951][ T5816] Cannot create hsr debugfs directory
[   89.701179][ T5819] hsr_slave_0: entered promiscuous mode
[   89.707942][ T5819] hsr_slave_1: entered promiscuous mode
[   89.714747][ T5819] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.722333][ T5819] Cannot create hsr debugfs directory
[   90.106162][ T5815] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   90.147640][ T5815] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   90.181022][ T5815] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   90.194267][ T5815] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   90.279736][ T5820] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   90.294024][ T5820] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   90.310455][ T5820] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   90.330058][ T5820] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   90.425399][ T5817] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.445101][ T5817] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.454478][ T5834] Bluetooth: hci3: command tx timeout
[   90.460026][ T5832] Bluetooth: hci4: command tx timeout
[   90.486048][ T5817] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.500235][ T5817] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.533514][ T5832] Bluetooth: hci1: command tx timeout
[   90.538991][ T5832] Bluetooth: hci0: command tx timeout
[   90.545488][ T5834] Bluetooth: hci2: command tx timeout
[   90.594237][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.603727][ T5816] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   90.616103][ T5816] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   90.627675][ T5816] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   90.640321][ T5816] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   90.731608][ T5815] 8021q: adding VLAN 0 to HW filter on device team0
[   90.771539][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.778900][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.837217][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.844452][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.866660][ T5819] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   90.900120][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.916115][ T5819] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   90.929106][ T5819] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   90.941649][ T5819] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   90.983074][ T5820] 8021q: adding VLAN 0 to HW filter on device team0
[   91.024846][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.032013][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.080996][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.088224][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.224636][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.256089][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.329426][ T5817] 8021q: adding VLAN 0 to HW filter on device team0
[   91.376967][ T5816] 8021q: adding VLAN 0 to HW filter on device team0
[   91.388148][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.395408][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.418903][ T3444] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.426091][ T3444] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.464882][ T3444] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.472029][ T3444] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.482681][ T3444] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.489950][ T3444] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.532788][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.558990][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.635115][ T5819] 8021q: adding VLAN 0 to HW filter on device team0
[   91.678452][ T1287] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.685740][ T1287] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.730216][ T1287] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.737458][ T1287] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.836617][ T5815] veth0_vlan: entered promiscuous mode
[   91.907979][ T5815] veth1_vlan: entered promiscuous mode
[   91.985945][ T1205] cfg80211: failed to load regulatory.db
[   92.012476][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.061470][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.081223][ T5815] veth0_macvtap: entered promiscuous mode
[   92.157204][ T5815] veth1_macvtap: entered promiscuous mode
[   92.219814][ T5817] veth0_vlan: entered promiscuous mode
[   92.262830][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.281784][ T5817] veth1_vlan: entered promiscuous mode
[   92.305289][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.321085][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.348149][ T5815] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.358745][ T5815] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.370456][ T5815] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.380997][ T5815] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.404746][ T5820] veth0_vlan: entered promiscuous mode
[   92.487458][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.534229][ T5832] Bluetooth: hci4: command tx timeout
[   92.539719][ T5832] Bluetooth: hci3: command tx timeout
[   92.550389][ T5817] veth0_macvtap: entered promiscuous mode
[   92.559349][ T5820] veth1_vlan: entered promiscuous mode
[   92.590606][ T5817] veth1_macvtap: entered promiscuous mode
[   92.615277][ T5834] Bluetooth: hci0: command tx timeout
[   92.615307][ T5822] Bluetooth: hci2: command tx timeout
[   92.620785][ T5832] Bluetooth: hci1: command tx timeout
[   92.710436][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.711998][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.730341][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.736527][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.743683][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.796185][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.807017][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.818816][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.850646][ T5817] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.862497][ T5817] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.872651][ T5817] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.881630][ T5817] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.901087][ T5820] veth0_macvtap: entered promiscuous mode
[   92.924066][ T5820] veth1_macvtap: entered promiscuous mode
[   92.935872][ T1287] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.949904][ T1287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.972378][ T5819] veth0_vlan: entered promiscuous mode
[   93.001313][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.016995][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.027616][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.038411][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.050005][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.087132][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.106787][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.117195][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.127916][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.140458][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.157943][ T5819] veth1_vlan: entered promiscuous mode
[   93.178861][ T5816] veth0_vlan: entered promiscuous mode
[   93.179819][ T5815] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   93.249952][ T5820] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.262057][ T5820] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.280779][ T5820] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.292309][ T5820] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.337773][ T5816] veth1_vlan: entered promiscuous mode
[   93.351262][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.379007][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.384744][ T5906] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   93.472644][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.491656][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.508294][ T5819] veth0_macvtap: entered promiscuous mode
[   93.621520][ T5819] veth1_macvtap: entered promiscuous mode
[   93.634493][ T5816] veth0_macvtap: entered promiscuous mode
[   93.688268][ T5816] veth1_macvtap: entered promiscuous mode
[   93.710664][ T3461] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.732510][ T3461] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.750124][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.770582][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.780822][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.806699][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.820539][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.832529][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.845659][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.861605][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.873013][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.883581][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.899661][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.910150][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.921088][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.932974][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.971387][ T3461] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.977376][ T5819] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.000497][ T3461] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.003347][ T5819] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.020491][ T5819] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.032255][ T5819] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.108213][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.121528][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.132603][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.156535][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.170959][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.181978][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.197912][ T5916] netlink: 72 bytes leftover after parsing attributes in process `syz.2.7'.
[   94.198349][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.219242][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.231013][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.279627][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.314730][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.343248][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.374388][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.385320][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.396022][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.408823][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.422122][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.434551][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.495251][ T5816] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.525601][ T5816] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.546156][ T5816] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.570891][ T5816] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.617174][ T5832] Bluetooth: hci3: command tx timeout
[   94.619953][ T5822] Bluetooth: hci4: command tx timeout
[   94.694358][ T5822] Bluetooth: hci1: command tx timeout
[   94.694391][ T5834] Bluetooth: hci2: command tx timeout
[   94.708219][ T5832] Bluetooth: hci0: command tx timeout
[   94.809317][ T5929] netlink: 20 bytes leftover after parsing attributes in process `syz.0.10'.
[   94.922306][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.943076][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.122996][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.630626][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.650315][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.674162][ T5942] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   95.686214][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.694055][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.807293][ T3519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.880740][ T3519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.903875][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.942549][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   96.047158][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   96.049419][ T5946] syz.0.13: attempt to access beyond end of device
[   96.049419][ T5946] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0
[   96.056379][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   96.069830][ T5946] syz.0.13: attempt to access beyond end of device
[   96.069830][ T5946] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0
[   96.091460][ T5946] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[   96.107137][ T5946] syz.0.13: attempt to access beyond end of device
[   96.107137][ T5946] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0
[   96.120770][ T5946] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[   96.149718][ T5946] syz.0.13: attempt to access beyond end of device
[   96.149718][ T5946] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0
[   96.167783][ T5946] syz.0.13: attempt to access beyond end of device
[   96.167783][ T5946] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0
[   96.182868][ T5946] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[   96.195820][ T5946] syz.0.13: attempt to access beyond end of device
[   96.195820][ T5946] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0
[   96.210746][ T5946] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[   96.239061][ T5946] syz.0.13: attempt to access beyond end of device
[   96.239061][ T5946] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0
[   96.260216][ T5946] syz.0.13: attempt to access beyond end of device
[   96.260216][ T5946] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0
[   96.275559][ T5946] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[   96.287934][ T5946] syz.0.13: attempt to access beyond end of device
[   96.287934][ T5946] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0
[   96.308659][ T5946] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[   96.326592][ T5946] syz.0.13: attempt to access beyond end of device
[   96.326592][ T5946] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[   96.343368][ T5946] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[   96.360569][ T5946] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[   96.370522][ T5946] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[   96.454715][    T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!!
[   96.794794][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.803483][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.871270][ T5948] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[   96.913760][ T5948] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[   96.993607][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   97.076942][ T5948] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[   97.168760][ T5948] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[   97.256310][ T5956] FAULT_INJECTION: forcing a failure.
[   97.256310][ T5956] name failslab, interval 1, probability 0, space 0, times 0
[   97.277011][ T5948] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[   97.323834][ T5956] CPU: 0 UID: 0 PID: 5956 Comm: syz.4.5 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[   97.323862][ T5956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[   97.323882][ T5956] Call Trace:
[   97.323890][ T5956]  <TASK>
[   97.323902][ T5956]  dump_stack_lvl+0x189/0x250
[   97.323945][ T5956]  ? __pfx_dump_stack_lvl+0x10/0x10
[   97.323972][ T5956]  ? __pfx__printk+0x10/0x10
[   97.324004][ T5956]  ? __pfx___might_resched+0x10/0x10
[   97.324032][ T5956]  ? fs_reclaim_acquire+0x7d/0x100
[   97.324057][ T5956]  should_fail_ex+0x414/0x560
[   97.324093][ T5956]  should_failslab+0xa8/0x100
[   97.324132][ T5956]  __kmalloc_noprof+0xcb/0x4f0
[   97.324160][ T5956]  ? iovec_from_user+0x87/0x250
[   97.324189][ T5956]  iovec_from_user+0x87/0x250
[   97.324219][ T5956]  __import_iovec+0x163/0x7f0
[   97.324256][ T5956]  import_iovec+0x74/0xa0
[   97.324285][ T5956]  ___sys_recvmsg+0x43a/0x510
[   97.324318][ T5956]  ? __pfx____sys_recvmsg+0x10/0x10
[   97.324369][ T5956]  ? __fget_files+0x3a0/0x420
[   97.324411][ T5956]  do_recvmmsg+0x307/0x760
[   97.324446][ T5956]  ? __pfx_do_recvmmsg+0x10/0x10
[   97.324485][ T5956]  ? _copy_from_user+0x94/0xb0
[   97.324527][ T5956]  __x64_sys_recvmmsg+0x1af/0x240
[   97.324552][ T5956]  ? rcu_is_watching+0x15/0xb0
[   97.324581][ T5956]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[   97.324612][ T5956]  ? do_syscall_64+0xba/0x210
[   97.324639][ T5956]  do_syscall_64+0xf6/0x210
[   97.324663][ T5956]  ? clear_bhb_loop+0x45/0xa0
[   97.324687][ T5956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.324706][ T5956] RIP: 0033:0x7ff2b258e969
[   97.324728][ T5956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.324745][ T5956] RSP: 002b:00007ff2b341b038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   97.324765][ T5956] RAX: ffffffffffffffda RBX: 00007ff2b27b5fa0 RCX: 00007ff2b258e969
[   97.324784][ T5956] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[   97.324797][ T5956] RBP: 00007ff2b341b090 R08: 0000200000003700 R09: 0000000000000000
[   97.324810][ T5956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   97.324821][ T5956] R13: 0000000000000000 R14: 00007ff2b27b5fa0 R15: 00007ffc8248c888
[   97.324852][ T5956]  </TASK>
[   97.341786][ T5948] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[   97.593755][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   97.599562][ T5948] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[   97.613538][ T5948] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[   98.121861][ T5948] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[   98.432149][ T5971] vxfs: WRONG superblock magic 00000000 at 1
[   98.461534][ T5971] vxfs: WRONG superblock magic 00000000 at 8
[   98.524914][ T5971] vxfs: can't find superblock.
[   98.651791][ T5976] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   99.048283][ T5982] Cannot find add_set index 0 as target
[   99.559108][ T5904] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[   99.566945][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   99.728981][    T9] usb 1-1: Using ep0 maxpacket: 8
[   99.744071][ T5904] usb 5-1: config 0 has an invalid interface number: 214 but max is 0
[   99.765353][ T5904] usb 5-1: config 0 has no interface number 0
[   99.774489][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[   99.794106][ T5904] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 12336, setting to 64
[   99.807828][    T9] usb 1-1: config 4 has an invalid interface number: 147 but max is 0
[   99.816970][    T9] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[   99.829147][    T9] usb 1-1: config 4 has no interface number 0
[   99.837543][ T5904] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[   99.847185][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.855610][ T5904] usb 5-1: Product: syz
[   99.861233][ T5904] usb 5-1: Manufacturer: syz
[   99.866924][    T9] usb 1-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[   99.876430][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.898175][ T5904] usb 5-1: SerialNumber: syz
[   99.913133][    T9] usb 1-1: Product: syz
[   99.915094][ T5988] syzkaller0: entered promiscuous mode
[   99.918696][    T9] usb 1-1: Manufacturer: syz
[   99.930021][ T5904] usb 5-1: config 0 descriptor??
[   99.951156][    T9] usb 1-1: SerialNumber: syz
[   99.952442][ T5988] syzkaller0: entered allmulticast mode
[  100.171029][ T5995] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27'.
[  100.207824][    T9] usb 1-1: Found UVC 0.02 device syz (04f2:b746)
[  100.218319][    T9] usb 1-1: No valid video chain found.
[  100.240341][    T9] usb 1-1: USB disconnect, device number 2
[  100.545659][ T5904] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.214/input/input5
[  100.625217][ T6000] binder: 5999:6000 ioctl c0306201 200000000080 returned -14
[  101.007707][   T47] usb 5-1: USB disconnect, device number 2
[  101.358898][ T6005] FAULT_INJECTION: forcing a failure.
[  101.358898][ T6005] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  101.387186][ T6005] CPU: 0 UID: 0 PID: 6005 Comm: syz.0.31 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  101.387215][ T6005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  101.387227][ T6005] Call Trace:
[  101.387234][ T6005]  <TASK>
[  101.387243][ T6005]  dump_stack_lvl+0x189/0x250
[  101.387273][ T6005]  ? __lock_acquire+0xaac/0xd20
[  101.387300][ T6005]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.387325][ T6005]  ? __pfx__printk+0x10/0x10
[  101.387355][ T6005]  ? __might_fault+0xb0/0x130
[  101.387396][ T6005]  should_fail_ex+0x414/0x560
[  101.387432][ T6005]  _copy_from_user+0x2d/0xb0
[  101.387459][ T6005]  ___sys_sendmsg+0x158/0x2a0
[  101.387487][ T6005]  ? __pfx____sys_sendmsg+0x10/0x10
[  101.387549][ T6005]  ? __fget_files+0x2a/0x420
[  101.387578][ T6005]  ? __fget_files+0x3a0/0x420
[  101.387618][ T6005]  __x64_sys_sendmsg+0x19b/0x260
[  101.387646][ T6005]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  101.387689][ T6005]  ? do_syscall_64+0xba/0x210
[  101.387717][ T6005]  do_syscall_64+0xf6/0x210
[  101.387739][ T6005]  ? clear_bhb_loop+0x45/0xa0
[  101.387772][ T6005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.387791][ T6005] RIP: 0033:0x7fccd818e969
[  101.387808][ T6005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.387824][ T6005] RSP: 002b:00007fccd900d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  101.387844][ T6005] RAX: ffffffffffffffda RBX: 00007fccd83b5fa0 RCX: 00007fccd818e969
[  101.387858][ T6005] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  101.387871][ T6005] RBP: 00007fccd900d090 R08: 0000000000000000 R09: 0000000000000000
[  101.387882][ T6005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  101.387893][ T6005] R13: 0000000000000000 R14: 00007fccd83b5fa0 R15: 00007ffed48e7ec8
[  101.387922][ T6005]  </TASK>
[  102.203924][ T6018] bio_check_eod: 14 callbacks suppressed
[  102.203939][ T6018] syz.1.32: attempt to access beyond end of device
[  102.203939][ T6018] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[  102.534830][ T6018] syz.1.32: attempt to access beyond end of device
[  102.534830][ T6018] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[  102.644069][ T6018] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  102.686852][ T6018] syz.1.32: attempt to access beyond end of device
[  102.686852][ T6018] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[  102.724873][ T6018] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  102.740247][ T6018] syz.1.32: attempt to access beyond end of device
[  102.740247][ T6018] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[  102.759334][ T6018] syz.1.32: attempt to access beyond end of device
[  102.759334][ T6018] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[  102.783102][ T6018] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  102.797887][ T6018] syz.1.32: attempt to access beyond end of device
[  102.797887][ T6018] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[  102.817160][ T6018] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  102.828824][ T6018] syz.1.32: attempt to access beyond end of device
[  102.828824][ T6018] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[  102.849947][ T6018] syz.1.32: attempt to access beyond end of device
[  102.849947][ T6018] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[  102.885495][ T6018] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  102.897130][ T6018] syz.1.32: attempt to access beyond end of device
[  102.897130][ T6018] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[  102.912132][ T6018] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  102.932635][ T6018] syz.1.32: attempt to access beyond end of device
[  102.932635][ T6018] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  102.945901][ T6018] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  102.959510][ T6018] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  102.969598][ T6018] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  104.253413][ T1205] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  104.312944][ T6041] netlink: 56 bytes leftover after parsing attributes in process `syz.2.41'.
[  104.326298][ T6041] gretap0: entered promiscuous mode
[  104.379159][ T6041] netlink: 8 bytes leftover after parsing attributes in process `syz.2.41'.
[  104.397251][ T1205] usb 1-1: device descriptor read/64, error -71
[  104.584492][ T5876] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[  104.806503][ T1205] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  104.870318][ T5876] usb 4-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  104.879552][ T5876] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  104.894927][ T5876] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  104.932668][ T5876] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0104, bcdDevice=f1.04
[  104.961333][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.980399][ T5876] usb 4-1: Product: syz
[  104.998399][ T5876] usb 4-1: Manufacturer: syz
[  105.003312][ T5876] usb 4-1: SerialNumber: syz
[  105.016109][ T1205] usb 1-1: device descriptor read/64, error -71
[  105.029633][ T5876] usb 4-1: config 0 descriptor??
[  105.092608][ T6048] Cannot find set identified by id 0 to match
[  105.123683][ T1205] usb usb1-port1: attempt power cycle
[  105.291146][ T5876] usb 4-1: USB disconnect, device number 2
[  105.556693][ T1205] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  105.584084][ T1205] usb 1-1: device descriptor read/8, error -71
[  105.823472][ T1205] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  105.866789][ T1205] usb 1-1: device descriptor read/8, error -71
[  106.009638][ T1205] usb usb1-port1: unable to enumerate USB device
[  106.742963][ T6066] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  106.754401][ T6066] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  106.770907][ T6066] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  106.781876][ T6066] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  106.815253][ T6066] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  106.826046][ T6066] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  106.840634][ T6066] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  106.851443][ T6066] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  106.861162][ T6066] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[  108.023550][ T1205] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  108.692354][ T1205] usb 5-1: Using ep0 maxpacket: 32
[  108.724338][ T1205] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  108.793277][ T1205] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  108.821362][ T1205] usb 5-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  108.858299][ T6082] netlink: 56 bytes leftover after parsing attributes in process `syz.3.52'.
[  108.870067][ T1205] usb 5-1: config 0 interface 0 has no altsetting 1
[  108.883789][ T6082] gretap0: entered promiscuous mode
[  108.895920][ T1205] usb 5-1: New USB device found, idVendor=0582, idProduct=0016, bcdDevice=8e.57
[  108.949089][ T1205] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.973669][ T1205] usb 5-1: Product: syz
[  108.980612][ T6082] netlink: 8 bytes leftover after parsing attributes in process `syz.3.52'.
[  108.990704][ T1205] usb 5-1: Manufacturer: syz
[  109.000734][ T1205] usb 5-1: SerialNumber: syz
[  109.031988][ T1205] usb 5-1: config 0 descriptor??
[  109.548647][ T6090] Cannot find add_set index 0 as target
[  109.646156][ T5834] Bluetooth: hci1: command tx timeout
[  110.740967][ T1205] usb 5-1: USB disconnect, device number 3
[  110.763952][ T6103] Cannot find set identified by id 0 to match
[  110.786145][ T6102] Zero length message leads to an empty skb
[  110.823825][ T5869] udevd[5869]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  110.864074][ T6099] syz.0.57 uses obsolete (PF_INET,SOCK_PACKET)
[  111.867299][ T6119] FAULT_INJECTION: forcing a failure.
[  111.867299][ T6119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  111.868055][ T6110] trusted_key: syz.3.60 sent an empty control message without MSG_MORE.
[  111.880801][ T6119] CPU: 0 UID: 0 PID: 6119 Comm: syz.4.62 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  111.880832][ T6119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  111.880846][ T6119] Call Trace:
[  111.880855][ T6119]  <TASK>
[  111.880864][ T6119]  dump_stack_lvl+0x189/0x250
[  111.880904][ T6119]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.880933][ T6119]  ? __pfx__printk+0x10/0x10
[  111.880980][ T6119]  should_fail_ex+0x414/0x560
[  111.881019][ T6119]  _copy_to_user+0x31/0xb0
[  111.881050][ T6119]  simple_read_from_buffer+0xe1/0x170
[  111.881086][ T6119]  proc_fail_nth_read+0x1df/0x250
[  111.881112][ T6119]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  111.881136][ T6119]  ? rw_verify_area+0x258/0x650
[  111.881171][ T6119]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  111.881194][ T6119]  vfs_read+0x1fd/0x980
[  111.881227][ T6119]  ? __pfx___mutex_lock+0x10/0x10
[  111.881254][ T6119]  ? __pfx_vfs_read+0x10/0x10
[  111.881282][ T6119]  ? __fget_files+0x2a/0x420
[  111.881319][ T6119]  ? __fget_files+0x3a0/0x420
[  111.881349][ T6119]  ? __fget_files+0x2a/0x420
[  111.881390][ T6119]  ksys_read+0x145/0x250
[  111.881420][ T6119]  ? __pfx_ksys_read+0x10/0x10
[  111.881452][ T6119]  ? do_syscall_64+0xba/0x210
[  111.881481][ T6119]  do_syscall_64+0xf6/0x210
[  111.881506][ T6119]  ? clear_bhb_loop+0x45/0xa0
[  111.881532][ T6119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.881553][ T6119] RIP: 0033:0x7ff2b258d37c
[  111.881572][ T6119] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  111.881588][ T6119] RSP: 002b:00007ff2b341b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  111.881611][ T6119] RAX: ffffffffffffffda RBX: 00007ff2b27b5fa0 RCX: 00007ff2b258d37c
[  111.881626][ T6119] RDX: 000000000000000f RSI: 00007ff2b341b0a0 RDI: 0000000000000003
[  111.881639][ T6119] RBP: 00007ff2b341b090 R08: 0000000000000000 R09: 0000000000000000
[  111.881651][ T6119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  111.881664][ T6119] R13: 0000000000000001 R14: 00007ff2b27b5fa0 R15: 00007ffc8248c888
[  111.881697][ T6119]  </TASK>
[  112.112187][ T6125] IPv6: addrconf: prefix option has invalid lifetime
[  112.160534][ T6126] netlink: 56 bytes leftover after parsing attributes in process `syz.4.65'.
[  112.258658][ T6126] gretap0: entered promiscuous mode
[  112.289600][ T6126] netlink: 8 bytes leftover after parsing attributes in process `syz.4.65'.
[  113.367074][ T6140] Cannot find add_set index 0 as target
[  113.395958][ T6141] Bluetooth: MGMT ver 1.23
[  114.163808][ T6153] Cannot find set identified by id 0 to match
[  114.177141][ T6152] binder: 6150:6152 ioctl c0306201 200000000080 returned -14
[  114.177778][   T47] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  114.188852][ T6152] binder: BINDER_SET_CONTEXT_MGR already set
[  114.199794][ T6152] binder: 6150:6152 ioctl 4018620d 200000000040 returned -16
[  114.336754][ T6156] kvm: kvm [6155]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000
[  114.349311][   T47] usb 4-1: config 0 has an invalid interface number: 214 but max is 0
[  114.364402][   T47] usb 4-1: config 0 has no interface number 0
[  114.385009][   T47] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 12336, setting to 64
[  114.407626][   T47] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  114.424538][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.432796][   T47] usb 4-1: Product: syz
[  114.438666][   T47] usb 4-1: Manufacturer: syz
[  114.461393][   T47] usb 4-1: SerialNumber: syz
[  114.485456][   T47] usb 4-1: config 0 descriptor??
[  114.666152][ T6162] FAULT_INJECTION: forcing a failure.
[  114.666152][ T6162] name failslab, interval 1, probability 0, space 0, times 0
[  114.679067][ T6162] CPU: 0 UID: 0 PID: 6162 Comm: syz.4.76 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  114.679095][ T6162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  114.679108][ T6162] Call Trace:
[  114.679116][ T6162]  <TASK>
[  114.679126][ T6162]  dump_stack_lvl+0x189/0x250
[  114.679163][ T6162]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.679192][ T6162]  ? __pfx__printk+0x10/0x10
[  114.679229][ T6162]  ? __pfx___might_resched+0x10/0x10
[  114.679263][ T6162]  should_fail_ex+0x414/0x560
[  114.679301][ T6162]  should_failslab+0xa8/0x100
[  114.679333][ T6162]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  114.679364][ T6162]  ? __alloc_skb+0x112/0x2d0
[  114.679391][ T6162]  __alloc_skb+0x112/0x2d0
[  114.679418][ T6162]  netlink_sendmsg+0x5c6/0xb30
[  114.679438][ T6162]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.679469][ T6162]  ? __pfx_netlink_sendmsg+0x10/0x10
[  114.679500][ T6162]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  114.679521][ T6162]  ? __pfx_netlink_sendmsg+0x10/0x10
[  114.679543][ T6162]  __sock_sendmsg+0x219/0x270
[  114.679577][ T6162]  ____sys_sendmsg+0x505/0x830
[  114.679609][ T6162]  ? __pfx_____sys_sendmsg+0x10/0x10
[  114.679645][ T6162]  ? import_iovec+0x74/0xa0
[  114.679675][ T6162]  ___sys_sendmsg+0x21f/0x2a0
[  114.679703][ T6162]  ? __pfx____sys_sendmsg+0x10/0x10
[  114.679768][ T6162]  ? __fget_files+0x2a/0x420
[  114.679797][ T6162]  ? __fget_files+0x3a0/0x420
[  114.679838][ T6162]  __x64_sys_sendmsg+0x19b/0x260
[  114.679874][ T6162]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  114.679918][ T6162]  ? do_syscall_64+0xba/0x210
[  114.679946][ T6162]  do_syscall_64+0xf6/0x210
[  114.679969][ T6162]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  114.679989][ T6162]  ? clear_bhb_loop+0x45/0xa0
[  114.680013][ T6162]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.680033][ T6162] RIP: 0033:0x7ff2b258e969
[  114.680052][ T6162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.680068][ T6162] RSP: 002b:00007ff2b33d9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  114.680088][ T6162] RAX: ffffffffffffffda RBX: 00007ff2b27b6160 RCX: 00007ff2b258e969
[  114.680103][ T6162] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000008
[  114.680115][ T6162] RBP: 00007ff2b33d9090 R08: 0000000000000000 R09: 0000000000000000
[  114.680127][ T6162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  114.680139][ T6162] R13: 0000000000000000 R14: 00007ff2b27b6160 R15: 00007ffc8248c888
[  114.680170][ T6162]  </TASK>
[  115.063593][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  115.363494][    T9] usb 3-1: Using ep0 maxpacket: 32
[  115.371599][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  115.842890][ T5834] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  116.363662][ T5832] Bluetooth: hci0: command 0x0401 tx timeout
[  116.388376][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  116.833663][   T47] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.214/input/input6
[  116.909714][ T6172] netlink: 40 bytes leftover after parsing attributes in process `syz.4.79'.
[  117.106988][    T9] usb 3-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[  117.116175][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.137337][    T9] usb 3-1: config 0 descriptor??
[  117.400064][    T9] usbhid 3-1:0.0: can't add hid device: -71
[  117.430951][    T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  117.520599][    T9] usb 3-1: USB disconnect, device number 2
[  118.163960][  T119] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  118.328150][    T9] usb 4-1: USB disconnect, device number 3
[  118.363358][  T119] usb 5-1: Using ep0 maxpacket: 16
[  118.381546][  T119] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  118.401898][  T119] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  118.429024][  T119] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  118.486739][ T6195] Cannot find add_set index 0 as target
[  118.530816][  T119] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  118.731654][  T119] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.747778][  T119] usb 5-1: config 0 descriptor??
[  118.761721][ T6199] binder: 6197:6199 ioctl c0306201 200000000080 returned -14
[  119.539867][  T119] microsoft 0003:045E:07DA.0001: item 0 4 0 8 parsing failed
[  119.553872][  T119] microsoft 0003:045E:07DA.0001: parse failed
[  119.569464][  T119] microsoft 0003:045E:07DA.0001: probe with driver microsoft failed with error -22
[  119.606864][ T6212] Cannot find set identified by id 0 to match
[  119.681991][ T6213] bio_check_eod: 14 callbacks suppressed
[  119.682027][ T6213] syz.2.87: attempt to access beyond end of device
[  119.682027][ T6213] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0
[  119.719054][ T6213] syz.2.87: attempt to access beyond end of device
[  119.719054][ T6213] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0
[  119.757206][ T6213] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  119.788728][ T6184] Illegal XDP return value 4294967283 on prog  (id 30) dev N/A, expect packet loss!
[  119.882839][ T6218] syz.1.89: attempt to access beyond end of device
[  119.882839][ T6218] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[  119.899520][ T6218] syz.1.89: attempt to access beyond end of device
[  119.899520][ T6218] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[  119.933573][ T6218] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  119.975049][ T6218] syz.1.89: attempt to access beyond end of device
[  119.975049][ T6218] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[  119.981076][ T6213] syz.2.87: attempt to access beyond end of device
[  119.981076][ T6213] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0
[  119.994826][ T6219] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.027326][ T6213] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  120.046832][ T6219] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.080552][ T6218] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  120.082930][ T6213] syz.2.87: attempt to access beyond end of device
[  120.082930][ T6213] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0
[  120.346501][ T6213] syz.2.87: attempt to access beyond end of device
[  120.346501][ T6213] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0
[  120.361187][ T1205] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  120.381675][   T47] usb 5-1: USB disconnect, device number 4
[  120.411326][ T6218] syz.1.89: attempt to access beyond end of device
[  120.411326][ T6218] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[  120.509160][ T6213] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  120.526694][ T6213] syz.2.87: attempt to access beyond end of device
[  120.526694][ T6213] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0
[  120.537790][ T6218] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  120.543100][ T6213] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  120.551686][ T6218] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  120.579016][ T6218] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  120.581958][ T6213] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  120.613384][ T6213] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  120.614820][ T1205] usb 1-1: Using ep0 maxpacket: 8
[  120.632981][ T6213] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  120.640783][ T6218] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  120.653232][ T6213] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  120.662868][ T6213] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[  120.696296][ T6218] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  120.708190][ T6217] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.720734][ T6218] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  120.732498][ T6217] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.736458][ T6218] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  120.870260][ T1205] usb 1-1: unable to get BOS descriptor or descriptor too short
[  120.883420][ T1205] usb 1-1: too many configurations: 22, using maximum allowed: 8
[  120.897430][ T1205] usb 1-1: unable to read config index 0 descriptor/start: -71
[  120.906737][ T1205] usb 1-1: can't read configurations, error -71
[  120.945905][ T6224] netlink: 40 bytes leftover after parsing attributes in process `syz.1.92'.
[  121.565458][ T6235] netlink: 56 bytes leftover after parsing attributes in process `syz.4.95'.
[  121.574402][ T6235] erspan0: entered allmulticast mode
[  121.694625][ T6241] binder: 6240:6241 ioctl c0306201 200000000080 returned -14
[  121.767965][ T6235] netlink: 8 bytes leftover after parsing attributes in process `syz.4.95'.
[  122.388824][ T6244] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  122.737354][ T6255] mmap: syz.0.99 (6255) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  122.765196][ T6258] Cannot find set identified by id 0 to match
[  122.868886][ T6262] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  122.880850][ T6262] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  122.891827][ T6262] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  122.901905][ T6262] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  122.912298][ T6262] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  122.922010][ T6262] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  122.932032][ T6262] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  122.941691][ T6262] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  122.951233][ T6262] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  123.016098][ T6265] FAULT_INJECTION: forcing a failure.
[  123.016098][ T6265] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  123.029378][ T6265] CPU: 0 UID: 0 PID: 6265 Comm: syz.1.100 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  123.029406][ T6265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  123.029423][ T6265] Call Trace:
[  123.029431][ T6265]  <TASK>
[  123.029439][ T6265]  dump_stack_lvl+0x189/0x250
[  123.029480][ T6265]  ? __lock_acquire+0xaac/0xd20
[  123.029509][ T6265]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.029536][ T6265]  ? __pfx__printk+0x10/0x10
[  123.029567][ T6265]  ? __might_fault+0xb0/0x130
[  123.029609][ T6265]  should_fail_ex+0x414/0x560
[  123.029645][ T6265]  _copy_from_user+0x2d/0xb0
[  123.029673][ T6265]  do_ipt_set_ctl+0x696/0xcd0
[  123.029702][ T6265]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  123.029744][ T6265]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  123.029788][ T6265]  nf_setsockopt+0x26c/0x290
[  123.029812][ T6265]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  123.029836][ T6265]  do_sock_setsockopt+0x257/0x3e0
[  123.029862][ T6265]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  123.029884][ T6265]  ? __fget_files+0x2a/0x420
[  123.029919][ T6265]  ? __fget_files+0x3a0/0x420
[  123.029947][ T6265]  ? __fget_files+0x2a/0x420
[  123.029985][ T6265]  __x64_sys_setsockopt+0x18b/0x220
[  123.030015][ T6265]  do_syscall_64+0xf6/0x210
[  123.030039][ T6265]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  123.030059][ T6265]  ? clear_bhb_loop+0x45/0xa0
[  123.030083][ T6265]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.030102][ T6265] RIP: 0033:0x7fdbf1b8e969
[  123.030132][ T6265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.030148][ T6265] RSP: 002b:00007fdbef9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  123.030174][ T6265] RAX: ffffffffffffffda RBX: 00007fdbf1db6160 RCX: 00007fdbf1b8e969
[  123.030188][ T6265] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006
[  123.030200][ T6265] RBP: 00007fdbef9f6090 R08: 0000000000000468 R09: 0000000000000000
[  123.030212][ T6265] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[  123.030225][ T6265] R13: 0000000000000000 R14: 00007fdbf1db6160 R15: 00007ffea6cd6c18
[  123.030256][ T6265]  </TASK>
[  124.265279][ T6279] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  124.283253][ T6279] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  124.932499][ T6275] FAULT_INJECTION: forcing a failure.
[  124.932499][ T6275] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  124.967249][ T6275] CPU: 1 UID: 0 PID: 6275 Comm: syz.1.106 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  124.967279][ T6275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  124.967291][ T6275] Call Trace:
[  124.967299][ T6275]  <TASK>
[  124.967307][ T6275]  dump_stack_lvl+0x189/0x250
[  124.967338][ T6275]  ? __lock_acquire+0xaac/0xd20
[  124.967365][ T6275]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.967390][ T6275]  ? __pfx__printk+0x10/0x10
[  124.967420][ T6275]  ? __might_fault+0xb0/0x130
[  124.967457][ T6275]  should_fail_ex+0x414/0x560
[  124.967492][ T6275]  _copy_from_user+0x2d/0xb0
[  124.967519][ T6275]  ___sys_recvmsg+0x12e/0x510
[  124.967551][ T6275]  ? __pfx____sys_recvmsg+0x10/0x10
[  124.967611][ T6275]  ? __might_fault+0xb0/0x130
[  124.967644][ T6275]  do_recvmmsg+0x307/0x760
[  124.967680][ T6275]  ? __pfx_do_recvmmsg+0x10/0x10
[  124.967727][ T6275]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  124.967770][ T6275]  __x64_sys_recvmmsg+0x190/0x240
[  124.967795][ T6275]  ? rcu_is_watching+0x15/0xb0
[  124.967824][ T6275]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  124.967855][ T6275]  ? do_syscall_64+0xba/0x210
[  124.967882][ T6275]  do_syscall_64+0xf6/0x210
[  124.967906][ T6275]  ? clear_bhb_loop+0x45/0xa0
[  124.967930][ T6275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.967949][ T6275] RIP: 0033:0x7fdbf1b8e969
[  124.967966][ T6275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  124.967982][ T6275] RSP: 002b:00007fdbf2945038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  124.968003][ T6275] RAX: ffffffffffffffda RBX: 00007fdbf1db5fa0 RCX: 00007fdbf1b8e969
[  124.968017][ T6275] RDX: 03ffffffffffff67 RSI: 0000200000002440 RDI: 0000000000000005
[  124.968030][ T6275] RBP: 00007fdbf2945090 R08: 0000000000000000 R09: 0000000000000000
[  124.968042][ T6275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  124.968053][ T6275] R13: 0000000000000000 R14: 00007fdbf1db5fa0 R15: 00007ffea6cd6c18
[  124.968084][ T6275]  </TASK>
[  125.176725][    C1] vkms_vblank_simulate: vblank timer overrun
[  125.383265][   T47] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  125.533419][   T47] usb 4-1: device descriptor read/64, error -71
[  127.643399][   T47] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  127.904373][ T6303] Cannot find set identified by id 0 to match
[  127.963845][   T47] usb 4-1: device descriptor read/64, error -71
[  128.763847][   T47] usb usb4-port1: attempt power cycle
[  128.862954][ T6314] bio_check_eod: 26 callbacks suppressed
[  128.862976][ T6314] syz.3.116: attempt to access beyond end of device
[  128.862976][ T6314] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[  128.905947][ T6313] FAULT_INJECTION: forcing a failure.
[  128.905947][ T6313] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  128.921877][ T6313] CPU: 0 UID: 0 PID: 6313 Comm: syz.1.115 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  128.921902][ T6313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  128.921914][ T6313] Call Trace:
[  128.921921][ T6313]  <TASK>
[  128.921929][ T6313]  dump_stack_lvl+0x189/0x250
[  128.921963][ T6313]  ? __pfx_dump_stack_lvl+0x10/0x10
[  128.921990][ T6313]  ? __pfx__printk+0x10/0x10
[  128.922024][ T6313]  ? get_sigframe+0x596/0x7d0
[  128.922060][ T6313]  should_fail_ex+0x414/0x560
[  128.922095][ T6313]  _copy_to_user+0x31/0xb0
[  128.922122][ T6313]  copy_siginfo_to_user+0x22/0xc0
[  128.922153][ T6313]  x64_setup_rt_frame+0x777/0xd40
[  128.922207][ T6313]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  128.922248][ T6313]  arch_do_signal_or_restart+0x3e5/0x780
[  128.922282][ T6313]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  128.922326][ T6313]  ? local_irq_enable_exit_to_user+0x5/0x10
[  128.922357][ T6313]  syscall_exit_to_user_mode+0x8b/0x120
[  128.922382][ T6313]  do_syscall_64+0x103/0x210
[  128.922405][ T6313]  ? asm_sysvec_call_function_single+0x1a/0x20
[  128.922425][ T6313]  ? clear_bhb_loop+0x45/0xa0
[  128.922449][ T6313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.922468][ T6313] RIP: 0033:0x7fdbf1b8e967
[  128.922486][ T6313] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  128.922502][ T6313] RSP: 002b:00007fdbf2924038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  128.922523][ T6313] RAX: 0000000000000013 RBX: 00007fdbf1db6080 RCX: 00007fdbf1b8e969
[  128.922536][ T6313] RDX: 0000000000000001 RSI: 00002000000018c0 RDI: 0000000000000007
[  128.922548][ T6313] RBP: 00007fdbf2924090 R08: 0000000000000000 R09: 0000000000000000
[  128.922559][ T6313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  128.922570][ T6313] R13: 0000000000000000 R14: 00007fdbf1db6080 R15: 00007ffea6cd6c18
[  128.922600][ T6313]  </TASK>
[  129.254931][ T6314] syz.3.116: attempt to access beyond end of device
[  129.254931][ T6314] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[  129.270625][ T6314] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  129.288053][ T6314] syz.3.116: attempt to access beyond end of device
[  129.288053][ T6314] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[  129.307651][ T6314] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  129.327870][ T6314] syz.3.116: attempt to access beyond end of device
[  129.327870][ T6314] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[  129.344685][ T6314] syz.3.116: attempt to access beyond end of device
[  129.344685][ T6314] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[  129.363647][ T6314] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  129.381871][ T6314] syz.3.116: attempt to access beyond end of device
[  129.381871][ T6314] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[  129.417011][ T6314] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  129.429603][ T6314] syz.3.116: attempt to access beyond end of device
[  129.429603][ T6314] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[  129.461307][ T6314] syz.3.116: attempt to access beyond end of device
[  129.461307][ T6314] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[  129.525834][ T6314] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  129.633551][ T6314] syz.3.116: attempt to access beyond end of device
[  129.633551][ T6314] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[  129.657025][ T6314] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  129.670882][ T6314] syz.3.116: attempt to access beyond end of device
[  129.670882][ T6314] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  129.687399][ T6314] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  129.697336][ T6314] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  129.707059][ T6314] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  130.946434][ T6324] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  130.965688][ T6324] team0: Device ipvlan2 is already an upper device of the team interface
[  131.041853][ T6328] netlink: 40 bytes leftover after parsing attributes in process `syz.2.119'.
[  131.171016][  T119] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  131.333256][  T119] usb 4-1: Using ep0 maxpacket: 8
[  131.346933][  T119] usb 4-1: unable to get BOS descriptor or descriptor too short
[  131.373700][  T119] usb 4-1: too many configurations: 22, using maximum allowed: 8
[  131.400161][  T119] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  131.424248][  T119] usb 4-1: config 5 has no interface number 0
[  131.456300][  T119] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  131.523774][  T119] usb 4-1: config 5 interface 215 has no altsetting 0
[  131.546934][  T119] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  131.593270][  T119] usb 4-1: config 5 has no interface number 0
[  131.610162][  T119] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  131.663306][  T119] usb 4-1: config 5 interface 215 has no altsetting 0
[  131.687543][  T119] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  131.727014][  T119] usb 4-1: config 5 has no interface number 0
[  131.747542][  T119] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  131.814792][  T119] usb 4-1: config 5 interface 215 has no altsetting 0
[  131.844596][  T119] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  131.863548][  T119] usb 4-1: config 5 has no interface number 0
[  131.873736][  T119] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  131.897508][  T119] usb 4-1: config 5 interface 215 has no altsetting 0
[  131.915199][  T119] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  131.938120][  T119] usb 4-1: config 5 has no interface number 0
[  131.950967][  T119] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  131.983442][  T119] usb 4-1: config 5 interface 215 has no altsetting 0
[  131.999214][  T119] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  132.014736][  T119] usb 4-1: config 5 has no interface number 0
[  132.031180][  T119] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  132.054574][  T119] usb 4-1: config 5 interface 215 has no altsetting 0
[  132.069443][  T119] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  132.080970][ T6347] FAULT_INJECTION: forcing a failure.
[  132.080970][ T6347] name failslab, interval 1, probability 0, space 0, times 0
[  132.098981][ T6346] ieee802154 phy0 wpan0: encryption failed: -22
[  132.107967][  T119] usb 4-1: config 5 has no interface number 0
[  132.127323][ T6343] mkiss: ax0: crc mode is auto.
[  132.147226][  T119] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  132.212664][  T119] usb 4-1: config 5 interface 215 has no altsetting 0
[  132.222799][ T6347] CPU: 0 UID: 0 PID: 6347 Comm: syz.4.126 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  132.222827][ T6347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  132.222840][ T6347] Call Trace:
[  132.222848][ T6347]  <TASK>
[  132.222856][ T6347]  dump_stack_lvl+0x189/0x250
[  132.222893][ T6347]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.222941][ T6347]  ? __pfx__printk+0x10/0x10
[  132.222977][ T6347]  ? __pfx___might_resched+0x10/0x10
[  132.223011][ T6347]  should_fail_ex+0x414/0x560
[  132.223055][ T6347]  should_failslab+0xa8/0x100
[  132.223087][ T6347]  kmem_cache_alloc_noprof+0x73/0x3c0
[  132.223116][ T6347]  ? taskstats_exit+0x14a/0xa30
[  132.223141][ T6347]  taskstats_exit+0x14a/0xa30
[  132.223169][ T6347]  ? seccomp_filter_release+0xe3/0x120
[  132.223197][ T6347]  do_exit+0x854/0x2550
[  132.223218][ T6347]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  132.223253][ T6347]  ? __pfx_do_exit+0x10/0x10
[  132.223274][ T6347]  ? fput+0xa0/0xd0
[  132.223294][ T6347]  ? ksys_write+0x1f0/0x250
[  132.223335][ T6347]  __x64_sys_exit+0x40/0x40
[  132.223356][ T6347]  x64_sys_call+0x21a3/0x21c0
[  132.223385][ T6347]  do_syscall_64+0xf6/0x210
[  132.223410][ T6347]  ? clear_bhb_loop+0x45/0xa0
[  132.223434][ T6347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.223453][ T6347] RIP: 0033:0x7ff2b258e969
[  132.223471][ T6347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.223487][ T6347] RSP: 002b:00007ff2b341b038 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[  132.223507][ T6347] RAX: ffffffffffffffda RBX: 00007ff2b27b5fa0 RCX: 00007ff2b258e969
[  132.223522][ T6347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  132.223533][ T6347] RBP: 00007ff2b341b090 R08: 0000000000000000 R09: 0000000000000000
[  132.223545][ T6347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  132.223556][ T6347] R13: 0000000000000001 R14: 00007ff2b27b5fa0 R15: 00007ffc8248c888
[  132.223586][ T6347]  </TASK>
[  132.506501][  T119] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  132.515029][  T119] usb 4-1: config 5 has no interface number 0
[  132.521176][  T119] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  132.534248][  T119] usb 4-1: config 5 interface 215 has no altsetting 0
[  132.567027][  T119] usb 4-1: New USB device found, idVendor=1163, idProduct=0100, bcdDevice=dc.ba
[  132.576406][  T119] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=225
[  132.584727][  T119] usb 4-1: Product: syz
[  132.588966][  T119] usb 4-1: Manufacturer: syz
[  132.593667][  T119] usb 4-1: SerialNumber: syz
[  132.758292][ T6354] FAULT_INJECTION: forcing a failure.
[  132.758292][ T6354] name failslab, interval 1, probability 0, space 0, times 0
[  132.780888][ T6354] CPU: 1 UID: 0 PID: 6354 Comm: syz.1.128 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  132.780918][ T6354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  132.780931][ T6354] Call Trace:
[  132.780939][ T6354]  <TASK>
[  132.780949][ T6354]  dump_stack_lvl+0x189/0x250
[  132.780994][ T6354]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.781022][ T6354]  ? __pfx__printk+0x10/0x10
[  132.781063][ T6354]  ? __pfx___might_resched+0x10/0x10
[  132.781091][ T6354]  ? fs_reclaim_acquire+0x7d/0x100
[  132.781118][ T6354]  should_fail_ex+0x414/0x560
[  132.781156][ T6354]  should_failslab+0xa8/0x100
[  132.781188][ T6354]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  132.781218][ T6354]  ? alloc_vmap_area+0x251/0x24d0
[  132.781253][ T6354]  alloc_vmap_area+0x251/0x24d0
[  132.781307][ T6354]  ? __pfx_alloc_vmap_area+0x10/0x10
[  132.781337][ T6354]  ? __kasan_kmalloc+0x93/0xb0
[  132.781366][ T6354]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  132.781397][ T6354]  ? __get_vm_area_node+0x131/0x2d0
[  132.781431][ T6354]  __get_vm_area_node+0x1c5/0x2d0
[  132.781468][ T6354]  __vmalloc_node_range_noprof+0x2f1/0x12c0
[  132.781489][ T6354]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  132.781544][ T6354]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  132.781565][ T6354]  ? _parse_integer_limit+0x1ae/0x1f0
[  132.781588][ T6354]  ? rcu_is_watching+0x15/0xb0
[  132.781618][ T6354]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  132.781642][ T6354]  __vmalloc_noprof+0x7a/0x90
[  132.781660][ T6354]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  132.781685][ T6354]  bpf_prog_alloc_no_stats+0x4a/0x4e0
[  132.781715][ T6354]  bpf_prog_alloc+0x3c/0x1a0
[  132.781742][ T6354]  bpf_prog_load+0x735/0x1930
[  132.781774][ T6354]  ? __lock_acquire+0xaac/0xd20
[  132.781802][ T6354]  ? __pfx_bpf_prog_load+0x10/0x10
[  132.781850][ T6354]  ? bpf_lsm_bpf+0x9/0x20
[  132.781873][ T6354]  ? security_bpf+0x7e/0x300
[  132.781899][ T6354]  __sys_bpf+0x5f1/0x860
[  132.781924][ T6354]  ? __pfx___sys_bpf+0x10/0x10
[  132.781960][ T6354]  ? ksys_write+0x1f0/0x250
[  132.781994][ T6354]  ? rcu_is_watching+0x15/0xb0
[  132.782034][ T6354]  __x64_sys_bpf+0x7c/0x90
[  132.782056][ T6354]  do_syscall_64+0xf6/0x210
[  132.782081][ T6354]  ? clear_bhb_loop+0x45/0xa0
[  132.782107][ T6354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.782127][ T6354] RIP: 0033:0x7fdbf1b8e969
[  132.782145][ T6354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.782161][ T6354] RSP: 002b:00007fdbf2945038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  132.782183][ T6354] RAX: ffffffffffffffda RBX: 00007fdbf1db5fa0 RCX: 00007fdbf1b8e969
[  132.782198][ T6354] RDX: 0000000000000094 RSI: 0000200000000100 RDI: 0000000000000005
[  132.782210][ T6354] RBP: 00007fdbf2945090 R08: 0000000000000000 R09: 0000000000000000
[  132.782222][ T6354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  132.782234][ T6354] R13: 0000000000000001 R14: 00007fdbf1db5fa0 R15: 00007ffea6cd6c18
[  132.782265][ T6354]  </TASK>
[  132.782695][ T6354] syz.1.128: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null)
[  132.850030][ T6356] Cannot find set identified by id 0 to match
[  132.913048][ T6327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  132.923382][ T6354] ,cpuset=
[  132.954601][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  132.983991][ T6327] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  132.993438][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  133.043699][ T6354] /
[  133.173960][ T6359] FAULT_INJECTION: forcing a failure.
[  133.173960][ T6359] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  133.203378][ T6354] ,mems_allowed=0-1
[  133.210374][ T6354] CPU: 0 UID: 0 PID: 6354 Comm: syz.1.128 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  133.210399][ T6354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  133.210414][ T6354] Call Trace:
[  133.210422][ T6354]  <TASK>
[  133.210431][ T6354]  dump_stack_lvl+0x189/0x250
[  133.210463][ T6354]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  133.210488][ T6354]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.210514][ T6354]  ? __pfx__printk+0x10/0x10
[  133.210544][ T6354]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  133.210574][ T6354]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  133.210612][ T6354]  warn_alloc+0x214/0x310
[  133.210632][ T6354]  ? kasan_quarantine_put+0xdd/0x220
[  133.210662][ T6354]  ? __pfx_warn_alloc+0x10/0x10
[  133.210684][ T6354]  ? kfree+0x193/0x440
[  133.210715][ T6354]  ? __get_vm_area_node+0x1de/0x2d0
[  133.210752][ T6354]  __vmalloc_node_range_noprof+0x316/0x12c0
[  133.210806][ T6354]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  133.210826][ T6354]  ? _parse_integer_limit+0x1ae/0x1f0
[  133.210845][ T6354]  ? rcu_is_watching+0x15/0xb0
[  133.210870][ T6354]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  133.210888][ T6354]  __vmalloc_noprof+0x7a/0x90
[  133.210904][ T6354]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  133.210923][ T6354]  bpf_prog_alloc_no_stats+0x4a/0x4e0
[  133.210947][ T6354]  bpf_prog_alloc+0x3c/0x1a0
[  133.210972][ T6354]  bpf_prog_load+0x735/0x1930
[  133.210998][ T6354]  ? __lock_acquire+0xaac/0xd20
[  133.211020][ T6354]  ? __pfx_bpf_prog_load+0x10/0x10
[  133.211060][ T6354]  ? bpf_lsm_bpf+0x9/0x20
[  133.211078][ T6354]  ? security_bpf+0x7e/0x300
[  133.211098][ T6354]  __sys_bpf+0x5f1/0x860
[  133.211118][ T6354]  ? __pfx___sys_bpf+0x10/0x10
[  133.211148][ T6354]  ? ksys_write+0x1f0/0x250
[  133.211167][ T6354]  ? rcu_is_watching+0x15/0xb0
[  133.211209][ T6354]  __x64_sys_bpf+0x7c/0x90
[  133.211226][ T6354]  do_syscall_64+0xf6/0x210
[  133.211247][ T6354]  ? clear_bhb_loop+0x45/0xa0
[  133.211267][ T6354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.211282][ T6354] RIP: 0033:0x7fdbf1b8e969
[  133.211298][ T6354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.211311][ T6354] RSP: 002b:00007fdbf2945038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  133.211328][ T6354] RAX: ffffffffffffffda RBX: 00007fdbf1db5fa0 RCX: 00007fdbf1b8e969
[  133.211340][ T6354] RDX: 0000000000000094 RSI: 0000200000000100 RDI: 0000000000000005
[  133.211349][ T6354] RBP: 00007fdbf2945090 R08: 0000000000000000 R09: 0000000000000000
[  133.211359][ T6354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.211368][ T6354] R13: 0000000000000001 R14: 00007fdbf1db5fa0 R15: 00007ffea6cd6c18
[  133.211393][ T6354]  </TASK>
[  133.212636][ T6354] Mem-Info:
[  133.221663][ T6359] CPU: 1 UID: 0 PID: 6359 Comm: syz.4.130 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  133.221696][ T6359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  133.221709][ T6359] Call Trace:
[  133.221719][ T6359]  <TASK>
[  133.221729][ T6359]  dump_stack_lvl+0x189/0x250
[  133.221767][ T6359]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.221796][ T6359]  ? __pfx__printk+0x10/0x10
[  133.221844][ T6359]  should_fail_ex+0x414/0x560
[  133.221884][ T6359]  _copy_from_user+0x2d/0xb0
[  133.221912][ T6359]  bpf_test_init+0xf8/0x170
[  133.221939][ T6359]  bpf_prog_test_run_skb+0x1e9/0x1560
[  133.221967][ T6359]  ? __fget_files+0x2a/0x420
[  133.222003][ T6359]  ? __fget_files+0x2a/0x420
[  133.222043][ T6359]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  133.222065][ T6359]  bpf_prog_test_run+0x2a9/0x340
[  133.222096][ T6359]  __sys_bpf+0x4a4/0x860
[  133.222124][ T6359]  ? __pfx___sys_bpf+0x10/0x10
[  133.222162][ T6359]  ? ksys_write+0x1f0/0x250
[  133.222188][ T6359]  ? rcu_is_watching+0x15/0xb0
[  133.222230][ T6359]  __x64_sys_bpf+0x7c/0x90
[  133.222253][ T6359]  do_syscall_64+0xf6/0x210
[  133.222279][ T6359]  ? clear_bhb_loop+0x45/0xa0
[  133.222306][ T6359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.222326][ T6359] RIP: 0033:0x7ff2b258e969
[  133.222345][ T6359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.222362][ T6359] RSP: 002b:00007ff2b341b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  133.222385][ T6359] RAX: ffffffffffffffda RBX: 00007ff2b27b5fa0 RCX: 00007ff2b258e969
[  133.222400][ T6359] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[  133.222414][ T6359] RBP: 00007ff2b341b090 R08: 0000000000000000 R09: 0000000000000000
[  133.222426][ T6359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.222438][ T6359] R13: 0000000000000000 R14: 00007ff2b27b5fa0 R15: 00007ffc8248c888
[  133.222471][ T6359]  </TASK>
[  133.700494][ T6354] active_anon:3154 inactive_anon:4774 isolated_anon:0
[  133.700494][ T6354]  active_file:4429 inactive_file:35793 isolated_file:0
[  133.700494][ T6354]  unevictable:768 dirty:409 writeback:0
[  133.700494][ T6354]  slab_reclaimable:9990 slab_unreclaimable:98349
[  133.700494][ T6354]  mapped:29575 shmem:4267 pagetables:905
[  133.700494][ T6354]  sec_pagetables:0 bounce:0
[  133.700494][ T6354]  kernel_misc_reclaimable:0
[  133.700494][ T6354]  free:1346224 free_pcp:443 free_cma:0
[  133.763381][ T6354] Node 0 active_anon:12616kB inactive_anon:19096kB active_file:17640kB inactive_file:143172kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118300kB dirty:1636kB writeback:0kB shmem:15532kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10968kB pagetables:3620kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  133.805870][ T6354] Node 1 active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  133.889753][ T6354] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  133.918027][ T6354] lowmem_reserve[]: 0 2504 2504 2504 2504
[  133.925172][ T6354] Node 0 DMA32 free:1472464kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:1312kB inactive_anon:18892kB active_file:17548kB inactive_file:143260kB unevictable:1536kB writepending:1736kB present:3129332kB managed:2564600kB mlocked:0kB bounce:0kB free_pcp:740kB local_pcp:64kB free_cma:0kB
[  133.930445][  T119] cypress_m8 4-1:5.215: DeLorme Earthmate USB converter detected
[  133.958924][ T6354] lowmem_reserve[]: 0 0 0 0 0
[  133.969263][ T6354] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:4kB active_file:92kB inactive_file:12kB unevictable:0kB writepending:0kB present:1048580kB managed:112kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  134.020416][ T6354] lowmem_reserve[]: 0 0 0 0 0
[  134.032248][ T6354] Node 1 Normal free:3910992kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  134.067361][  T119] earthmate ttyUSB0: required endpoint is missing
[  134.415712][ T6354] lowmem_reserve[]: 0 0 0 0 0
[  134.514924][  T119] usb 4-1: USB disconnect, device number 7
[  134.570467][ T6354] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  134.618090][  T119] cypress_m8 4-1:5.215: device disconnected
[  134.627305][ T6354] Node 0 DMA32: 27*4kB (UM) 547*8kB (UM) 392*16kB (UME) 83*32kB (UME) 84*64kB (UME) 47*128kB (UME) 19*256kB (UME) 14*512kB (UME) 4*1024kB (UME) 6*2048kB (UME) 346*4096kB (UM) = 1470436kB
[  134.684504][ T6354] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  134.735124][ T6354] Node 1 Normal: 240*4kB (U) 52*8kB (UME) 45*16kB (UME) 219*32kB (UME) 83*64kB (UME) 32*128kB (UM) 19*256kB (UME) 9*512kB (UM) 4*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3910992kB
[  134.769883][ T6354] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  134.827480][ T6354] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  134.839790][ T6354] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  134.901832][ T6354] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  134.928441][ T6354] 41669 total pagecache pages
[  134.953752][ T6354] 0 pages in swap cache
[  134.970289][ T6354] Free swap  = 124996kB
[  134.979933][ T6375] tipc: Started in network mode
[  134.984008][ T6354] Total swap = 124996kB
[  134.996774][ T6354] 2097051 pages RAM
[  134.997704][ T6375] tipc: Node identity 0a7b45724e9d, cluster identity 4711
[  135.006947][ T6354] 0 pages HighMem/MovableOnly
[  135.020797][ T6354] 424242 pages reserved
[  135.088389][ T6375] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  135.099226][ T6354] 0 pages cma reserved
[  135.640945][ T6371] tipc: Resetting bearer <eth:syzkaller0>
[  136.114266][  T119] tipc: Node number set to 1155941746
[  137.166329][ T6400] netlink: 56 bytes leftover after parsing attributes in process `syz.3.142'.
[  137.303022][ T6403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.142'.
[  140.317718][ T6371] tipc: Disabling bearer <eth:syzkaller0>
[  140.342317][ T6400] erspan0: entered allmulticast mode
[  141.839655][ T5823] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  142.071052][ T5823] usb 5-1: Using ep0 maxpacket: 8
[  142.174152][ T5823] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  142.182743][ T5823] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  142.385003][ T5823] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  142.598641][ T5823] usb 5-1: config 250 has no interface number 0
[  142.613577][ T5823] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  142.682620][ T6448] bio_check_eod: 2 callbacks suppressed
[  142.682659][ T6448] syz.0.155: attempt to access beyond end of device
[  142.682659][ T6448] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0
[  142.703034][ T6448] syz.0.155: attempt to access beyond end of device
[  142.703034][ T6448] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0
[  142.716300][ T6448] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  142.741128][ T6448] syz.0.155: attempt to access beyond end of device
[  142.741128][ T6448] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0
[  142.754580][ T6448] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  142.769977][ T6448] syz.0.155: attempt to access beyond end of device
[  142.769977][ T6448] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0
[  142.783444][ T6448] syz.0.155: attempt to access beyond end of device
[  142.783444][ T6448] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0
[  142.796777][ T6448] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  142.807591][ T6448] syz.0.155: attempt to access beyond end of device
[  142.807591][ T6448] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0
[  142.821056][ T6448] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  142.834800][ T6448] syz.0.155: attempt to access beyond end of device
[  142.834800][ T6448] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0
[  142.850923][ T6448] syz.0.155: attempt to access beyond end of device
[  142.850923][ T6448] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0
[  142.864395][ T6448] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  142.874942][ T6448] syz.0.155: attempt to access beyond end of device
[  142.874942][ T6448] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0
[  142.888385][ T6448] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  142.900946][ T6448] syz.0.155: attempt to access beyond end of device
[  142.900946][ T6448] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  142.915314][ T6448] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  142.926135][ T6448] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  142.936269][ T6448] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  143.066403][ T5823] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  143.119066][ T5823] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  143.158114][ T5823] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  143.212609][ T5823] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  143.226312][ T6452] netlink: 28 bytes leftover after parsing attributes in process `syz.2.157'.
[  143.361745][ T5823] usb 5-1: config 250 interface 228 has no altsetting 0
[  143.372248][ T5823] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  143.391147][ T5823] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  143.399683][ T5823] usb 5-1: Product: syz
[  143.426492][ T5823] usb 5-1: SerialNumber: syz
[  143.460735][   T30] audit: type=1326 audit(143.412:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6456 comm="syz.1.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbf1b8e969 code=0x7ffc0000
[  143.536747][   T30] audit: type=1326 audit(143.432:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6456 comm="syz.1.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbf1b8e969 code=0x7ffc0000
[  143.716537][ T5823] usb 5-1: can't set config #250, error -71
[  143.735174][ T6459] FAULT_INJECTION: forcing a failure.
[  143.735174][ T6459] name failslab, interval 1, probability 0, space 0, times 0
[  143.796365][ T5823] usb 5-1: USB disconnect, device number 5
[  143.838983][   T30] audit: type=1326 audit(143.442:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6456 comm="syz.1.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdbf1b8d2d0 code=0x7ffc0000
[  143.910862][ T6459] CPU: 1 UID: 0 PID: 6459 Comm: syz.0.159 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  143.910906][ T6459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  143.910919][ T6459] Call Trace:
[  143.910927][ T6459]  <TASK>
[  143.910935][ T6459]  dump_stack_lvl+0x189/0x250
[  143.910973][ T6459]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.911001][ T6459]  ? __pfx__printk+0x10/0x10
[  143.911038][ T6459]  ? __pfx___might_resched+0x10/0x10
[  143.911067][ T6459]  ? fs_reclaim_acquire+0x7d/0x100
[  143.911093][ T6459]  should_fail_ex+0x414/0x560
[  143.911129][ T6459]  should_failslab+0xa8/0x100
[  143.911160][ T6459]  kmem_cache_alloc_noprof+0x73/0x3c0
[  143.911188][ T6459]  ? audit_log_start+0x126/0x870
[  143.911221][ T6459]  audit_log_start+0x126/0x870
[  143.911256][ T6459]  ? __pfx_audit_log_start+0x10/0x10
[  143.911297][ T6459]  ? migrate_enable+0x29c/0x3c0
[  143.911322][ T6459]  ? __pfx_migrate_enable+0x10/0x10
[  143.911347][ T6459]  audit_seccomp+0x64/0x190
[  143.911381][ T6459]  __seccomp_filter+0x9aa/0x1a40
[  143.911418][ T6459]  ? ksys_write+0x1cb/0x250
[  143.911445][ T6459]  ? __pfx___seccomp_filter+0x10/0x10
[  143.911479][ T6459]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  143.911504][ T6459]  ? __pfx_vfs_write+0x10/0x10
[  143.911532][ T6459]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  143.911560][ T6459]  ? __fget_files+0x3a0/0x420
[  143.911603][ T6459]  ? rcu_is_watching+0x15/0xb0
[  143.911636][ T6459]  ? __secure_computing+0xe2/0x2a0
[  143.911666][ T6459]  syscall_trace_enter+0xaa/0x160
[  143.911694][ T6459]  do_syscall_64+0xcf/0x210
[  143.911718][ T6459]  ? clear_bhb_loop+0x45/0xa0
[  143.911743][ T6459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.911762][ T6459] RIP: 0033:0x7fccd818e969
[  143.911781][ T6459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.911798][ T6459] RSP: 002b:00007fccd900d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  143.911819][ T6459] RAX: ffffffffffffffda RBX: 00007fccd83b5fa0 RCX: 00007fccd818e969
[  143.911833][ T6459] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[  143.911845][ T6459] RBP: 00007fccd900d090 R08: 0000000000000000 R09: 0000000000000000
[  143.911857][ T6459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.911868][ T6459] R13: 0000000000000000 R14: 00007fccd83b5fa0 R15: 00007ffed48e7ec8
[  143.911899][ T6459]  </TASK>
[  144.433598][ T6459] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  144.461395][   T30] audit: type=1326 audit(143.442:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6456 comm="syz.1.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fdbf1b90197 code=0x7ffc0000
[  144.544150][ T6459] audit: out of memory in audit_log_start
[  145.483332][   T30] audit: type=1326 audit(143.442:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6456 comm="syz.1.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdbf1b8e969 code=0x7ffc0000
[  145.713537][   T30] audit: type=1326 audit(143.442:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6456 comm="syz.1.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fdbf1b90197 code=0x7ffc0000
[  146.619001][   T30] audit: type=1326 audit(143.442:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6456 comm="syz.1.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fdbf1b8d5ca code=0x7ffc0000
[  146.724202][ T6481] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.163'.
[  146.753568][   T30] audit: type=1326 audit(143.442:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6456 comm="syz.1.160" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbf1b8e969 code=0x7ffc0000
[  147.198645][ T5832] Bluetooth: hci3: link tx timeout
[  147.204655][ T5832] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  147.227448][ T6499] binder: 6497:6499 ioctl c0306201 200000000080 returned -14
[  148.502346][ T6518] bio_check_eod: 2 callbacks suppressed
[  148.502387][ T6518] syz.3.173: attempt to access beyond end of device
[  148.502387][ T6518] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[  148.524418][ T6518] syz.3.173: attempt to access beyond end of device
[  148.524418][ T6518] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[  148.538129][ T6518] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  148.558594][ T6518] syz.3.173: attempt to access beyond end of device
[  148.558594][ T6518] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[  148.572426][ T6518] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  148.595034][ T6518] syz.3.173: attempt to access beyond end of device
[  148.595034][ T6518] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[  148.610224][ T6518] syz.3.173: attempt to access beyond end of device
[  148.610224][ T6518] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[  148.623804][ T6518] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  148.634483][ T6518] syz.3.173: attempt to access beyond end of device
[  148.634483][ T6518] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[  148.648365][ T6518] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  148.664689][ T6518] syz.3.173: attempt to access beyond end of device
[  148.664689][ T6518] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[  148.680312][ T6518] syz.3.173: attempt to access beyond end of device
[  148.680312][ T6518] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[  148.694713][ T6518] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  148.705623][ T6518] syz.3.173: attempt to access beyond end of device
[  148.705623][ T6518] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[  148.719373][ T6518] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  148.733401][ T6518] syz.3.173: attempt to access beyond end of device
[  148.733401][ T6518] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  148.747870][ T6518] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  148.759527][ T6518] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  148.769249][ T6518] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  149.262024][ T5832] Bluetooth: hci3: command 0x0406 tx timeout
[  150.712707][ T6531] netlink: 96 bytes leftover after parsing attributes in process `syz.3.175'.
[  154.561902][ T6585] FAULT_INJECTION: forcing a failure.
[  154.561902][ T6585] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.619218][ T6585] CPU: 0 UID: 0 PID: 6585 Comm: syz.2.187 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  154.619247][ T6585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  154.619259][ T6585] Call Trace:
[  154.619267][ T6585]  <TASK>
[  154.619275][ T6585]  dump_stack_lvl+0x189/0x250
[  154.619309][ T6585]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.619334][ T6585]  ? __pfx__printk+0x10/0x10
[  154.619381][ T6585]  should_fail_ex+0x414/0x560
[  154.619416][ T6585]  _copy_to_user+0x31/0xb0
[  154.619442][ T6585]  simple_read_from_buffer+0xe1/0x170
[  154.619473][ T6585]  proc_fail_nth_read+0x1df/0x250
[  154.619495][ T6585]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  154.619516][ T6585]  ? rw_verify_area+0x258/0x650
[  154.619539][ T6585]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  154.619558][ T6585]  vfs_read+0x1fd/0x980
[  154.619587][ T6585]  ? __pfx___mutex_lock+0x10/0x10
[  154.619610][ T6585]  ? __pfx_vfs_read+0x10/0x10
[  154.619635][ T6585]  ? __fget_files+0x2a/0x420
[  154.619666][ T6585]  ? __fget_files+0x3a0/0x420
[  154.619691][ T6585]  ? __fget_files+0x2a/0x420
[  154.619728][ T6585]  ksys_read+0x145/0x250
[  154.619755][ T6585]  ? __pfx_ksys_read+0x10/0x10
[  154.619784][ T6585]  ? do_syscall_64+0xba/0x210
[  154.619810][ T6585]  do_syscall_64+0xf6/0x210
[  154.619832][ T6585]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  154.619850][ T6585]  ? clear_bhb_loop+0x45/0xa0
[  154.619873][ T6585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.619891][ T6585] RIP: 0033:0x7f7fa718d37c
[  154.619909][ T6585] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  154.619924][ T6585] RSP: 002b:00007f7fa7f5c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  154.619945][ T6585] RAX: ffffffffffffffda RBX: 00007f7fa73b5fa0 RCX: 00007f7fa718d37c
[  154.619958][ T6585] RDX: 000000000000000f RSI: 00007f7fa7f5c0a0 RDI: 0000000000000005
[  154.619970][ T6585] RBP: 00007f7fa7f5c090 R08: 0000000000000000 R09: 0000000000000000
[  154.619981][ T6585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.619992][ T6585] R13: 0000000000000000 R14: 00007f7fa73b5fa0 R15: 00007ffc12108e98
[  154.620024][ T6585]  </TASK>
[  154.885730][ T6588] netlink: 8 bytes leftover after parsing attributes in process `syz.4.189'.
[  154.903871][ T6588] netlink: 8 bytes leftover after parsing attributes in process `syz.4.189'.
[  155.143296][  T119] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  155.579265][ T6603] FAULT_INJECTION: forcing a failure.
[  155.579265][ T6603] name failslab, interval 1, probability 0, space 0, times 0
[  155.581520][  T119] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  155.622869][ T6603] CPU: 1 UID: 0 PID: 6603 Comm: syz.3.192 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  155.622904][ T6603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  155.622916][ T6603] Call Trace:
[  155.622925][ T6603]  <TASK>
[  155.622934][ T6603]  dump_stack_lvl+0x189/0x250
[  155.622970][ T6603]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.622997][ T6603]  ? __pfx__printk+0x10/0x10
[  155.623034][ T6603]  ? __pfx___might_resched+0x10/0x10
[  155.623075][ T6603]  should_fail_ex+0x414/0x560
[  155.623111][ T6603]  should_failslab+0xa8/0x100
[  155.623143][ T6603]  __kmalloc_node_noprof+0xd1/0x4e0
[  155.623170][ T6603]  ? alloc_slab_obj_exts+0x39/0xa0
[  155.623201][ T6603]  alloc_slab_obj_exts+0x39/0xa0
[  155.623228][ T6603]  __memcg_slab_post_alloc_hook+0x332/0x820
[  155.623270][ T6603]  kmem_cache_alloc_node_noprof+0x2bd/0x3c0
[  155.623299][ T6603]  ? psi_task_change+0xe5/0x250
[  155.623327][ T6603]  ? __alloc_skb+0x112/0x2d0
[  155.623353][ T6603]  __alloc_skb+0x112/0x2d0
[  155.623379][ T6603]  alloc_skb_with_frags+0xca/0x890
[  155.623407][ T6603]  ? psi_group_change+0xbc7/0x1210
[  155.623436][ T6603]  ? rcu_read_lock_sched_held+0x89/0x100
[  155.623472][ T6603]  sock_alloc_send_pskb+0x857/0x990
[  155.623499][ T6603]  ? psi_task_change+0xe5/0x250
[  155.623546][ T6603]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  155.623580][ T6603]  ? smack_socket_getpeersec_dgram+0x320/0x430
[  155.623614][ T6603]  unix_dgram_sendmsg+0x5c2/0x17c0
[  155.623641][ T6603]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  155.623675][ T6603]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  155.623699][ T6603]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  155.623732][ T6603]  ? unix_seqpacket_sendmsg+0x111/0x1e0
[  155.623755][ T6603]  ? __pfx_unix_seqpacket_sendmsg+0x10/0x10
[  155.623780][ T6603]  __sock_sendmsg+0x219/0x270
[  155.623814][ T6603]  ____sys_sendmsg+0x505/0x830
[  155.623845][ T6603]  ? __pfx_____sys_sendmsg+0x10/0x10
[  155.623880][ T6603]  ? import_iovec+0x74/0xa0
[  155.623911][ T6603]  ___sys_sendmsg+0x21f/0x2a0
[  155.623938][ T6603]  ? __pfx____sys_sendmsg+0x10/0x10
[  155.624002][ T6603]  ? __fget_files+0x2a/0x420
[  155.624031][ T6603]  ? __fget_files+0x3a0/0x420
[  155.624079][ T6603]  __x64_sys_sendmsg+0x19b/0x260
[  155.624107][ T6603]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  155.624151][ T6603]  ? do_syscall_64+0xba/0x210
[  155.624179][ T6603]  do_syscall_64+0xf6/0x210
[  155.624202][ T6603]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  155.624223][ T6603]  ? clear_bhb_loop+0x45/0xa0
[  155.624247][ T6603]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.624266][ T6603] RIP: 0033:0x7f0c6c38e969
[  155.624284][ T6603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.624300][ T6603] RSP: 002b:00007f0c6d1b9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  155.624321][ T6603] RAX: ffffffffffffffda RBX: 00007f0c6c5b5fa0 RCX: 00007f0c6c38e969
[  155.624335][ T6603] RDX: 0000000000000010 RSI: 0000200000000300 RDI: 0000000000000004
[  155.624348][ T6603] RBP: 00007f0c6d1b9090 R08: 0000000000000000 R09: 0000000000000000
[  155.624360][ T6603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.624371][ T6603] R13: 0000000000000000 R14: 00007f0c6c5b5fa0 R15: 00007fffa4671ac8
[  155.624402][ T6603]  </TASK>
[  155.631387][  T119] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  155.966200][  T119] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  155.992099][  T119] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.034562][ T6613] netlink: 60 bytes leftover after parsing attributes in process `syz.4.194'.
[  156.065890][ T6590] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  156.079312][  T119] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  156.104024][ T5876] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  156.119103][ T6611] netlink: 60 bytes leftover after parsing attributes in process `syz.4.194'.
[  156.143697][ T6616] netlink: 60 bytes leftover after parsing attributes in process `syz.4.194'.
[  156.283447][ T5876] usb 2-1: Using ep0 maxpacket: 16
[  156.734915][ T5876] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  156.768334][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.806662][ T5876] usb 2-1: Product: syz
[  156.833533][ T5876] usb 2-1: Manufacturer: syz
[  156.839269][  T119] usb 1-1: USB disconnect, device number 9
[  156.863621][ T5876] usb 2-1: SerialNumber: syz
[  156.930204][ T5876] r8152-cfgselector 2-1: Unknown version 0x0000
[  156.947031][ T5876] r8152-cfgselector 2-1: config 0 descriptor??
[  157.824568][ T6637] FAULT_INJECTION: forcing a failure.
[  157.824568][ T6637] name failslab, interval 1, probability 0, space 0, times 0
[  157.840428][ T6631] fuse: Bad value for 'user_id'
[  157.847191][ T5876] r8152-cfgselector 2-1: USB disconnect, device number 2
[  157.849793][ T6631] fuse: Bad value for 'user_id'
[  157.863530][ T6637] CPU: 1 UID: 0 PID: 6637 Comm: syz.0.198 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  157.863559][ T6637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  157.863571][ T6637] Call Trace:
[  157.863579][ T6637]  <TASK>
[  157.863588][ T6637]  dump_stack_lvl+0x189/0x250
[  157.863624][ T6637]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.863650][ T6637]  ? __pfx__printk+0x10/0x10
[  157.863687][ T6637]  ? __pfx___might_resched+0x10/0x10
[  157.863714][ T6637]  ? fs_reclaim_acquire+0x7d/0x100
[  157.863740][ T6637]  should_fail_ex+0x414/0x560
[  157.863776][ T6637]  should_failslab+0xa8/0x100
[  157.863808][ T6637]  kmem_cache_alloc_noprof+0x73/0x3c0
[  157.863843][ T6637]  ? getname_flags+0xb8/0x540
[  157.863867][ T6637]  getname_flags+0xb8/0x540
[  157.863891][ T6637]  __x64_sys_rename+0x5d/0x90
[  157.863920][ T6637]  do_syscall_64+0xf6/0x210
[  157.863945][ T6637]  ? clear_bhb_loop+0x45/0xa0
[  157.863970][ T6637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.863990][ T6637] RIP: 0033:0x7fccd818e969
[  157.864007][ T6637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.864023][ T6637] RSP: 002b:00007fccd900d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  157.864043][ T6637] RAX: ffffffffffffffda RBX: 00007fccd83b5fa0 RCX: 00007fccd818e969
[  157.864058][ T6637] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000200000000580
[  157.864071][ T6637] RBP: 00007fccd900d090 R08: 0000000000000000 R09: 0000000000000000
[  157.864083][ T6637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.864094][ T6637] R13: 0000000000000000 R14: 00007fccd83b5fa0 R15: 00007ffed48e7ec8
[  157.864125][ T6637]  </TASK>
[  158.407329][ T6649] Cannot find add_set index 0 as target
[  159.073738][  T119] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  159.253367][  T119] usb 1-1: Using ep0 maxpacket: 8
[  159.278038][  T119] usb 1-1: config 0 has an invalid interface number: 52 but max is 0
[  159.501684][  T119] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  159.511801][ T6665] netlink: 8 bytes leftover after parsing attributes in process `syz.2.206'.
[  159.522144][  T119] usb 1-1: config 0 has no interface number 0
[  159.528401][  T119] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  159.540772][  T119] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  159.576997][  T119] usb 1-1: config 0 interface 52 has no altsetting 0
[  159.602164][  T119] usb 1-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00
[  159.672890][  T119] usb 1-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35
[  159.717736][  T119] usb 1-1: Product: syz
[  159.732002][  T119] usb 1-1: SerialNumber: syz
[  159.790866][  T119] usb 1-1: config 0 descriptor??
[  159.818524][ T6674] netlink: 'syz.3.208': attribute type 2 has an invalid length.
[  159.851245][ T6674] netlink: 'syz.3.208': attribute type 1 has an invalid length.
[  159.881290][ T6674] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.208'.
[  159.953687][ T6674] nbd: illegal input index -404748436
[  160.111777][ T6684] o2cb: This node has not been configured.
[  160.123359][ T6684] o2cb: Cluster check failed. Fix errors before retrying.
[  160.130727][ T6684] (syz.0.200,6684,1):user_dlm_register:674 ERROR: status = -22
[  160.167802][ T6684] (syz.0.200,6684,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1"
[  160.333837][  T119] usb 1-1: Can not set alternate setting to 1, error: -71
[  160.359207][  T119] synaptics_usb 1-1:0.52: probe with driver synaptics_usb failed with error -71
[  160.443674][  T119] usb 1-1: USB disconnect, device number 10
[  160.496850][ T6693] netlink: 'syz.3.211': attribute type 2 has an invalid length.
[  160.522040][ T6693] netlink: 143072 bytes leftover after parsing attributes in process `syz.3.211'.
[  160.545004][ T6693] nbd: must specify at least one socket
[  160.823283][   T10] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  161.303941][   T10] usb 3-1: Using ep0 maxpacket: 16
[  161.483790][   T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  161.500782][   T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  161.543357][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  161.570010][   T10] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0
[  161.613520][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  161.651195][   T10] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  161.670935][   T10] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  161.703436][   T10] usb 3-1: Manufacturer: syz
[  161.716032][   T10] usb 3-1: config 0 descriptor??
[  161.805600][ T6712] Cannot find add_set index 0 as target
[  162.398867][ T6710] netlink: 132 bytes leftover after parsing attributes in process `syz.3.217'.
[  162.429989][ T6715] netlink: 40 bytes leftover after parsing attributes in process `syz.0.218'.
[  163.335759][   T10] usb 3-1: USB disconnect, device number 3
[  163.358440][ T6722] FAULT_INJECTION: forcing a failure.
[  163.358440][ T6722] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  163.419277][ T6722] CPU: 0 UID: 0 PID: 6722 Comm: syz.0.220 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  163.419307][ T6722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  163.419319][ T6722] Call Trace:
[  163.419327][ T6722]  <TASK>
[  163.419335][ T6722]  dump_stack_lvl+0x189/0x250
[  163.419367][ T6722]  ? __lock_acquire+0xaac/0xd20
[  163.419396][ T6722]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.419423][ T6722]  ? __pfx__printk+0x10/0x10
[  163.419453][ T6722]  ? __might_fault+0xb0/0x130
[  163.419495][ T6722]  should_fail_ex+0x414/0x560
[  163.419548][ T6722]  _copy_from_user+0x2d/0xb0
[  163.419576][ T6722]  raw_ioctl+0xc80/0x3c90
[  163.419616][ T6722]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  163.419638][ T6722]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  163.419658][ T6722]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  163.419677][ T6722]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  163.419698][ T6722]  ? __pfx_raw_ioctl+0x10/0x10
[  163.419720][ T6722]  ? smack_log+0xef/0x3f0
[  163.419749][ T6722]  ? __pfx_smack_log+0x10/0x10
[  163.419775][ T6722]  ? smk_access+0x14c/0x4e0
[  163.419808][ T6722]  ? smk_tskacc+0x2fc/0x370
[  163.419840][ T6722]  ? smack_file_ioctl+0x2a9/0x340
[  163.419873][ T6722]  ? __pfx_smack_file_ioctl+0x10/0x10
[  163.419914][ T6722]  ? __fget_files+0x3a0/0x420
[  163.419942][ T6722]  ? __fget_files+0x2a/0x420
[  163.419975][ T6722]  ? bpf_lsm_file_ioctl+0x9/0x20
[  163.419998][ T6722]  ? __pfx_raw_ioctl+0x10/0x10
[  163.420022][ T6722]  __se_sys_ioctl+0xf9/0x170
[  163.420050][ T6722]  do_syscall_64+0xf6/0x210
[  163.420074][ T6722]  ? clear_bhb_loop+0x45/0xa0
[  163.420098][ T6722]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.420117][ T6722] RIP: 0033:0x7fccd818e969
[  163.420135][ T6722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.420167][ T6722] RSP: 002b:00007fccd8fec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  163.420192][ T6722] RAX: ffffffffffffffda RBX: 00007fccd83b6080 RCX: 00007fccd818e969
[  163.420206][ T6722] RDX: 00002000000002c0 RSI: 00000000c0085504 RDI: 0000000000000003
[  163.420219][ T6722] RBP: 00007fccd8fec090 R08: 0000000000000000 R09: 0000000000000000
[  163.420231][ T6722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.420242][ T6722] R13: 0000000000000000 R14: 00007fccd83b6080 R15: 00007ffed48e7ec8
[  163.420273][ T6722]  </TASK>
[  163.658445][    C0] vkms_vblank_simulate: vblank timer overrun
[  163.721426][ T6725] netlink: 20 bytes leftover after parsing attributes in process `syz.1.221'.
[  164.063582][ T6726] can: request_module (can-proto-0) failed.
[  164.176219][ T6735] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2
[  164.185580][ T6735] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0
[  164.565140][ T6738] bio_check_eod: 2 callbacks suppressed
[  164.565180][ T6738] syz.1.225: attempt to access beyond end of device
[  164.565180][ T6738] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[  164.585459][ T6738] syz.1.225: attempt to access beyond end of device
[  164.585459][ T6738] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[  164.598796][ T6738] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  164.619623][ T6738] syz.1.225: attempt to access beyond end of device
[  164.619623][ T6738] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[  164.633219][ T6738] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  164.648516][ T6738] syz.1.225: attempt to access beyond end of device
[  164.648516][ T6738] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[  164.664240][ T6738] syz.1.225: attempt to access beyond end of device
[  164.664240][ T6738] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[  164.677663][ T6738] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  164.688518][ T6738] syz.1.225: attempt to access beyond end of device
[  164.688518][ T6738] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[  164.701931][ T6738] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  164.715311][ T6738] syz.1.225: attempt to access beyond end of device
[  164.715311][ T6738] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[  164.729584][ T6738] syz.1.225: attempt to access beyond end of device
[  164.729584][ T6738] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[  164.743013][ T6738] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  164.753457][ T6738] syz.1.225: attempt to access beyond end of device
[  164.753457][ T6738] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[  164.767552][ T6738] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  164.780936][ T6738] syz.1.225: attempt to access beyond end of device
[  164.780936][ T6738] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  164.795274][ T6738] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  164.806017][ T6738] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  164.815723][ T6738] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  167.755956][ T6760] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  167.766167][ T6760] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  168.004610][ T6765] binder: 6764:6765 ioctl c0306201 200000000080 returned -14
[  168.736528][ T6781] netlink: 64 bytes leftover after parsing attributes in process `syz.3.238'.
[  169.533564][    T9] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  170.105310][    T9] usb 2-1: config 0 has an invalid interface number: 214 but max is 0
[  170.114593][    T9] usb 2-1: config 0 has no interface number 0
[  170.121559][    T9] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 12336, setting to 64
[  170.193438][    T9] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  170.218042][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.240010][    T9] usb 2-1: Product: syz
[  170.243494][ T6798] binder: 6796:6798 ioctl c0306201 200000000080 returned -14
[  170.256529][    T9] usb 2-1: Manufacturer: syz
[  170.273733][    T9] usb 2-1: SerialNumber: syz
[  170.300657][    T9] usb 2-1: config 0 descriptor??
[  170.385317][ T6800] netlink: 68 bytes leftover after parsing attributes in process `syz.4.245'.
[  170.404246][ T6800] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  170.682291][ T6806] netlink: 'syz.4.248': attribute type 1 has an invalid length.
[  170.691049][ T6806] netlink: 'syz.4.248': attribute type 2 has an invalid length.
[  170.976739][    T9] usbtouchscreen 2-1:0.214: probe with driver usbtouchscreen failed with error -71
[  171.033677][    T9] usb 2-1: USB disconnect, device number 3
[  172.716423][ T6828] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  172.726261][ T6828] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  173.189887][ T6831] binder: 6830:6831 ioctl c0306201 200000000080 returned -14
[  173.249844][ T6833] FAULT_INJECTION: forcing a failure.
[  173.249844][ T6833] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  173.270757][ T6833] CPU: 1 UID: 0 PID: 6833 Comm: syz.3.256 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  173.270787][ T6833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  173.270799][ T6833] Call Trace:
[  173.270808][ T6833]  <TASK>
[  173.270816][ T6833]  dump_stack_lvl+0x189/0x250
[  173.270844][ T6833]  ? __lock_acquire+0xaac/0xd20
[  173.270872][ T6833]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.270898][ T6833]  ? __pfx__printk+0x10/0x10
[  173.270927][ T6833]  ? __might_fault+0xb0/0x130
[  173.270967][ T6833]  should_fail_ex+0x414/0x560
[  173.271004][ T6833]  _copy_from_user+0x2d/0xb0
[  173.271031][ T6833]  vmci_host_unlocked_ioctl+0xe36/0x2650
[  173.271068][ T6833]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  173.271121][ T6833]  ? kasan_quarantine_put+0xdd/0x220
[  173.271159][ T6833]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  173.271180][ T6833]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  173.271201][ T6833]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  173.271219][ T6833]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  173.271240][ T6833]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  173.271278][ T6833]  ? __lock_acquire+0xaac/0xd20
[  173.271311][ T6833]  ? smack_file_ioctl+0x24a/0x340
[  173.271344][ T6833]  ? __pfx_smack_file_ioctl+0x10/0x10
[  173.271386][ T6833]  ? __fget_files+0x3a0/0x420
[  173.271415][ T6833]  ? __fget_files+0x2a/0x420
[  173.271447][ T6833]  ? bpf_lsm_file_ioctl+0x9/0x20
[  173.271471][ T6833]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  173.271509][ T6833]  __se_sys_ioctl+0xf9/0x170
[  173.271537][ T6833]  do_syscall_64+0xf6/0x210
[  173.271562][ T6833]  ? clear_bhb_loop+0x45/0xa0
[  173.271586][ T6833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.271605][ T6833] RIP: 0033:0x7f0c6c38e969
[  173.271624][ T6833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.271640][ T6833] RSP: 002b:00007f0c6d1b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  173.271661][ T6833] RAX: ffffffffffffffda RBX: 00007f0c6c5b5fa0 RCX: 00007f0c6c38e969
[  173.271680][ T6833] RDX: 0000200000000040 RSI: 00000000000007a8 RDI: 0000000000000003
[  173.271691][ T6833] RBP: 00007f0c6d1b9090 R08: 0000000000000000 R09: 0000000000000000
[  173.271703][ T6833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.271714][ T6833] R13: 0000000000000000 R14: 00007f0c6c5b5fa0 R15: 00007fffa4671ac8
[  173.271745][ T6833]  </TASK>
[  176.723749][    T9] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[  177.184296][    T9] usb 3-1: config 0 has an invalid interface number: 214 but max is 0
[  177.197355][    T9] usb 3-1: config 0 has no interface number 0
[  177.199385][ T6872] binder: 6868:6872 ioctl c0306201 200000000080 returned -14
[  177.318936][    T9] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 12336, setting to 64
[  177.594297][    T9] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  177.603921][   T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  177.643413][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.659167][    T9] usb 3-1: Product: syz
[  177.675188][    T9] usb 3-1: Manufacturer: syz
[  177.679886][    T9] usb 3-1: SerialNumber: syz
[  177.717099][    T9] usb 3-1: config 0 descriptor??
[  177.783337][   T10] usb 4-1: Using ep0 maxpacket: 16
[  177.796379][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  177.817820][   T10] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  177.843274][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.856682][   T10] usb 4-1: config 0 descriptor??
[  178.175883][ T6883] =======================================================
[  178.175883][ T6883] WARNING: The mand mount option has been deprecated and
[  178.175883][ T6883]          and is ignored by this kernel. Remove the mand
[  178.175883][ T6883]          option from the mount to silence this warning.
[  178.175883][ T6883] =======================================================
[  178.281305][ T6887] bio_check_eod: 2 callbacks suppressed
[  178.281369][ T6887] syz.1.271: attempt to access beyond end of device
[  178.281369][ T6887] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[  178.302163][ T6887] syz.1.271: attempt to access beyond end of device
[  178.302163][ T6887] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[  178.315839][ T6887] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  178.338182][ T6887] syz.1.271: attempt to access beyond end of device
[  178.338182][ T6887] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[  178.351732][ T6887] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  178.368514][ T6887] syz.1.271: attempt to access beyond end of device
[  178.368514][ T6887] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[  178.384142][ T6887] syz.1.271: attempt to access beyond end of device
[  178.384142][ T6887] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[  178.397672][ T6887] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  178.408711][ T6887] syz.1.271: attempt to access beyond end of device
[  178.408711][ T6887] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[  178.422212][ T6887] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  178.437009][ T6887] syz.1.271: attempt to access beyond end of device
[  178.437009][ T6887] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[  178.451798][ T6887] syz.1.271: attempt to access beyond end of device
[  178.451798][ T6887] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[  178.465403][ T6887] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  178.476985][ T6887] syz.1.271: attempt to access beyond end of device
[  178.476985][ T6887] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[  178.491175][ T6887] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  178.504808][ T6887] syz.1.271: attempt to access beyond end of device
[  178.504808][ T6887] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  178.519479][ T6887] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  178.530571][ T6887] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  178.540383][ T6887] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  178.622751][    T9] usbtouchscreen 3-1:0.214: probe with driver usbtouchscreen failed with error -71
[  178.659421][    T9] usb 3-1: USB disconnect, device number 4
[  179.250894][ T6896] xt_connbytes: Forcing CT accounting to be enabled
[  179.258781][ T6896] Cannot find add_set index 0 as target
[  179.689426][   T10] usbhid 4-1:0.0: can't add hid device: -71
[  179.823234][   T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  179.834231][   T10] usb 4-1: USB disconnect, device number 8
[  180.570175][ T6907] binder: 6906:6907 ioctl c0306201 200000000080 returned -14
[  180.686830][ T6912] Cannot find set identified by id 0 to match
[  180.826163][ T6917] warning: `syz.0.284' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  180.857441][ T6917] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  180.867450][ T6917] netlink: 'syz.0.284': attribute type 8 has an invalid length.
[  180.923533][   T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  181.073463][   T10] usb 4-1: Using ep0 maxpacket: 8
[  181.138308][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[  181.152775][   T10] usb 4-1: too many configurations: 22, using maximum allowed: 8
[  181.249706][   T10] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  181.260151][   T10] usb 4-1: config 5 has no interface number 0
[  181.296535][   T10] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  181.469173][   T10] usb 4-1: config 5 interface 215 has no altsetting 0
[  181.507836][   T10] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  181.526789][   T10] usb 4-1: config 5 has no interface number 0
[  181.540017][   T10] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  181.588440][ T6923] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  181.601901][ T6923] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  181.662238][   T10] usb 4-1: config 5 interface 215 has no altsetting 0
[  181.792305][   T10] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  181.792335][   T10] usb 4-1: config 5 has no interface number 0
[  181.792379][   T10] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  181.792409][   T10] usb 4-1: config 5 interface 215 has no altsetting 0
[  181.793704][   T10] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  181.793732][   T10] usb 4-1: config 5 has no interface number 0
[  181.793776][   T10] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  181.793804][   T10] usb 4-1: config 5 interface 215 has no altsetting 0
[  181.794906][   T10] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  181.794934][   T10] usb 4-1: config 5 has no interface number 0
[  181.794976][   T10] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  181.795006][   T10] usb 4-1: config 5 interface 215 has no altsetting 0
[  181.802184][   T10] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  181.802213][   T10] usb 4-1: config 5 has no interface number 0
[  181.802252][   T10] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  181.802281][   T10] usb 4-1: config 5 interface 215 has no altsetting 0
[  181.815539][   T10] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  181.815570][   T10] usb 4-1: config 5 has no interface number 0
[  181.815616][   T10] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  181.815645][   T10] usb 4-1: config 5 interface 215 has no altsetting 0
[  181.816600][   T10] usb 4-1: config 5 has an invalid interface number: 215 but max is 0
[  181.816625][   T10] usb 4-1: config 5 has no interface number 0
[  181.816710][   T10] usb 4-1: config 5 interface 215 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  181.816741][   T10] usb 4-1: config 5 interface 215 has no altsetting 0
[  181.836564][   T10] usb 4-1: New USB device found, idVendor=1163, idProduct=0100, bcdDevice=dc.ba
[  181.836594][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=225
[  181.836616][   T10] usb 4-1: Product: syz
[  181.836631][   T10] usb 4-1: Manufacturer: syz
[  181.836647][   T10] usb 4-1: SerialNumber: syz
[  181.905976][ T6924] ------------[ cut here ]------------
[  181.906056][ T6924] WARNING: CPU: 1 PID: 6924 at drivers/gpu/drm/vkms/vkms_crtc.c:97 vkms_get_vblank_timestamp+0x137/0x160
[  181.906099][ T6924] Modules linked in:
[  181.906146][ T6924] CPU: 1 UID: 0 PID: 6924 Comm: syz.0.285 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  181.906173][ T6924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  181.906190][ T6924] RIP: 0010:vkms_get_vblank_timestamp+0x137/0x160
[  181.906218][ T6924] Code: 42 80 3c 28 00 74 08 48 89 df e8 24 29 42 fc 4c 89 33 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 ea 58 e2 fb 90 <0f> 0b 90 eb e3 44 89 e1 80 e1 07 38 c1 0f 8c ff fe ff ff 4c 89 e7
[  181.906239][ T6924] RSP: 0018:ffffc90003c774c8 EFLAGS: 00010283
[  181.906262][ T6924] RAX: ffffffff85dd6676 RBX: ffffc90003c77640 RCX: 0000000000080000
[  181.906280][ T6924] RDX: ffffc9000ef59000 RSI: 00000000000020df RDI: 00000000000020e0
[  181.906297][ T6924] RBP: 1ffff9200078eec8 R08: ffffc90003359000 R09: 0000000000000000
[  181.906314][ T6924] R10: ffffc90003359000 R11: ffffffff85dd6540 R12: 0000002a578304e1
[  181.906331][ T6924] R13: dffffc0000000000 R14: ffff888147abc028 R15: 0000002a578304e1
[  181.906349][ T6924] FS:  00007fccd8fcb6c0(0000) GS:ffff8881261ff000(0000) knlGS:0000000000000000
[  181.906369][ T6924] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  181.906385][ T6924] CR2: 0000200000004000 CR3: 000000007f120000 CR4: 00000000003526f0
[  181.906407][ T6924] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  181.906422][ T6924] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  181.906437][ T6924] Call Trace:
[  181.906447][ T6924]  <TASK>
[  181.906457][ T6924]  ? __pfx_vkms_get_vblank_timestamp+0x10/0x10
[  181.906489][ T6924]  drm_crtc_next_vblank_start+0x223/0x470
[  181.906522][ T6924]  ? __pfx_drm_crtc_next_vblank_start+0x10/0x10
[  181.906550][ T6924]  ? drm_gem_fb_vmap+0x230/0x8d0
[  181.906583][ T6924]  drm_atomic_helper_wait_for_fences+0x265/0x8c0
[  181.906618][ T6924]  ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10
[  181.906641][ T6924]  ? drm_atomic_helper_prepare_planes+0x670/0xb60
[  181.906681][ T6924]  drm_atomic_helper_commit+0x5c7/0xb10
[  181.906714][ T6924]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  181.906738][ T6924]  drm_atomic_commit+0x25f/0x2c0
[  181.906766][ T6924]  ? __pfx_drm_atomic_commit+0x10/0x10
[  181.906788][ T6924]  ? __pfx___drm_printfn_info+0x10/0x10
[  181.906839][ T6924]  drm_client_modeset_commit_atomic+0x620/0x760
[  181.906887][ T6924]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  181.906929][ T6924]  ? trace_contention_end+0x39/0x120
[  181.906990][ T6924]  drm_client_modeset_commit_locked+0xcb/0x4d0
[  181.907028][ T6924]  drm_client_modeset_commit+0x4a/0x70
[  181.907058][ T6924]  drm_fb_helper_lastclose+0xa4/0x1c0
[  181.907086][ T6924]  drm_fbdev_client_restore+0x34/0x40
[  181.907120][ T6924]  drm_client_dev_restore+0x139/0x270
[  181.907157][ T6924]  drm_release+0x318/0x3f0
[  181.907191][ T6924]  ? __pfx_drm_release+0x10/0x10
[  181.907222][ T6924]  __fput+0x449/0xa70
[  181.907261][ T6924]  task_work_run+0x1d1/0x260
[  181.907292][ T6924]  ? __pfx_task_work_run+0x10/0x10
[  181.907333][ T6924]  get_signal+0x11c5/0x1310
[  181.907380][ T6924]  ? kasan_quarantine_put+0xdd/0x220
[  181.907418][ T6924]  arch_do_signal_or_restart+0x95/0x780
[  181.907453][ T6924]  ? kfree+0x193/0x440
[  181.907485][ T6924]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  181.907535][ T6924]  ? local_irq_enable_exit_to_user+0x5/0x10
[  181.907570][ T6924]  syscall_exit_to_user_mode+0x8b/0x120
[  181.907597][ T6924]  do_syscall_64+0x103/0x210
[  181.907624][ T6924]  ? clear_bhb_loop+0x45/0xa0
[  181.907650][ T6924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.907673][ T6924] RIP: 0033:0x7fccd818e969
[  181.907695][ T6924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.907715][ T6924] RSP: 002b:00007fccd8fcb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  181.907741][ T6924] RAX: fffffffffffffe00 RBX: 00007fccd83b6160 RCX: 00007fccd818e969
[  181.907759][ T6924] RDX: 0000200000000040 RSI: 0000200000000100 RDI: 0000000000000000
[  181.907776][ T6924] RBP: 00007fccd8210ab1 R08: 0000200000000140 R09: 0000000000000000
[  181.907792][ T6924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  181.907807][ T6924] R13: 0000000000000000 R14: 00007fccd83b6160 R15: 00007ffed48e7ec8
[  181.907842][ T6924]  </TASK>
[  181.907862][ T6924] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  181.907877][ T6924] CPU: 1 UID: 0 PID: 6924 Comm: syz.0.285 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  181.907908][ T6924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  181.907922][ T6924] Call Trace:
[  181.907931][ T6924]  <TASK>
[  181.907941][ T6924]  dump_stack_lvl+0x99/0x250
[  181.907973][ T6924]  ? __asan_memcpy+0x40/0x70
[  181.908001][ T6924]  ? __pfx_dump_stack_lvl+0x10/0x10
[  181.908030][ T6924]  ? __pfx__printk+0x10/0x10
[  181.908076][ T6924]  panic+0x2db/0x790
[  181.908112][ T6924]  ? __pfx_panic+0x10/0x10
[  181.908137][ T6924]  ? show_trace_log_lvl+0x4fb/0x550
[  181.908186][ T6924]  __warn+0x31b/0x4b0
[  181.908209][ T6924]  ? vkms_get_vblank_timestamp+0x137/0x160
[  181.908235][ T6924]  ? vkms_get_vblank_timestamp+0x137/0x160
[  181.908259][ T6924]  report_bug+0x2be/0x4f0
[  181.908282][ T6924]  ? vkms_get_vblank_timestamp+0x137/0x160
[  181.908306][ T6924]  ? vkms_get_vblank_timestamp+0x137/0x160
[  181.908330][ T6924]  ? vkms_get_vblank_timestamp+0x139/0x160
[  181.908351][ T6924]  handle_bug+0x84/0x160
[  181.908371][ T6924]  exc_invalid_op+0x1a/0x50
[  181.908392][ T6924]  asm_exc_invalid_op+0x1a/0x20
[  181.908415][ T6924] RIP: 0010:vkms_get_vblank_timestamp+0x137/0x160
[  181.908441][ T6924] Code: 42 80 3c 28 00 74 08 48 89 df e8 24 29 42 fc 4c 89 33 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 ea 58 e2 fb 90 <0f> 0b 90 eb e3 44 89 e1 80 e1 07 38 c1 0f 8c ff fe ff ff 4c 89 e7
[  181.908458][ T6924] RSP: 0018:ffffc90003c774c8 EFLAGS: 00010283
[  181.908477][ T6924] RAX: ffffffff85dd6676 RBX: ffffc90003c77640 RCX: 0000000000080000
[  181.908494][ T6924] RDX: ffffc9000ef59000 RSI: 00000000000020df RDI: 00000000000020e0
[  181.908505][ T6924] RBP: 1ffff9200078eec8 R08: ffffc90003359000 R09: 0000000000000000
[  181.908515][ T6924] R10: ffffc90003359000 R11: ffffffff85dd6540 R12: 0000002a578304e1
[  181.908527][ T6924] R13: dffffc0000000000 R14: ffff888147abc028 R15: 0000002a578304e1
[  181.908543][ T6924]  ? __pfx_vkms_get_vblank_timestamp+0x10/0x10
[  181.908572][ T6924]  ? vkms_get_vblank_timestamp+0x136/0x160
[  181.908605][ T6924]  ? vkms_get_vblank_timestamp+0x136/0x160
[  181.908627][ T6924]  ? __pfx_vkms_get_vblank_timestamp+0x10/0x10
[  181.908654][ T6924]  drm_crtc_next_vblank_start+0x223/0x470
[  181.908678][ T6924]  ? __pfx_drm_crtc_next_vblank_start+0x10/0x10
[  181.908696][ T6924]  ? drm_gem_fb_vmap+0x230/0x8d0
[  181.908730][ T6924]  drm_atomic_helper_wait_for_fences+0x265/0x8c0
[  181.908763][ T6924]  ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10
[  181.908785][ T6924]  ? drm_atomic_helper_prepare_planes+0x670/0xb60
[  181.908816][ T6924]  drm_atomic_helper_commit+0x5c7/0xb10
[  181.908837][ T6924]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  181.908858][ T6924]  drm_atomic_commit+0x25f/0x2c0
[  181.908885][ T6924]  ? __pfx_drm_atomic_commit+0x10/0x10
[  181.908913][ T6924]  ? __pfx___drm_printfn_info+0x10/0x10
[  181.908957][ T6924]  drm_client_modeset_commit_atomic+0x620/0x760
[  181.908991][ T6924]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  181.909017][ T6924]  ? trace_contention_end+0x39/0x120
[  181.909076][ T6924]  drm_client_modeset_commit_locked+0xcb/0x4d0
[  181.909111][ T6924]  drm_client_modeset_commit+0x4a/0x70
[  181.909132][ T6924]  drm_fb_helper_lastclose+0xa4/0x1c0
[  181.909152][ T6924]  drm_fbdev_client_restore+0x34/0x40
[  181.909185][ T6924]  drm_client_dev_restore+0x139/0x270
[  181.909220][ T6924]  drm_release+0x318/0x3f0
[  181.909253][ T6924]  ? __pfx_drm_release+0x10/0x10
[  181.909274][ T6924]  __fput+0x449/0xa70
[  181.909300][ T6924]  task_work_run+0x1d1/0x260
[  181.909328][ T6924]  ? __pfx_task_work_run+0x10/0x10
[  181.909369][ T6924]  get_signal+0x11c5/0x1310
[  181.909412][ T6924]  ? kasan_quarantine_put+0xdd/0x220
[  181.909438][ T6924]  arch_do_signal_or_restart+0x95/0x780
[  181.909462][ T6924]  ? kfree+0x193/0x440
[  181.909495][ T6924]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  181.909544][ T6924]  ? local_irq_enable_exit_to_user+0x5/0x10
[  181.909573][ T6924]  syscall_exit_to_user_mode+0x8b/0x120
[  181.909592][ T6924]  do_syscall_64+0x103/0x210
[  181.909611][ T6924]  ? clear_bhb_loop+0x45/0xa0
[  181.909640][ T6924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.909661][ T6924] RIP: 0033:0x7fccd818e969
[  181.909679][ T6924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.909697][ T6924] RSP: 002b:00007fccd8fcb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  181.909719][ T6924] RAX: fffffffffffffe00 RBX: 00007fccd83b6160 RCX: 00007fccd818e969
[  181.909730][ T6924] RDX: 0000200000000040 RSI: 0000200000000100 RDI: 0000000000000000
[  181.909741][ T6924] RBP: 00007fccd8210ab1 R08: 0000200000000140 R09: 0000000000000000
[  181.909752][ T6924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  181.909761][ T6924] R13: 0000000000000000 R14: 00007fccd83b6160 R15: 00007ffed48e7ec8
[  181.909797][ T6924]  </TASK>
[  181.910069][ T6924] Kernel Offset: disabled