last executing test programs:

11m21.753042105s ago: executing program 3 (id=4):
r0 = io_uring_setup(0x30df, &(0x7f00000000c0)={0x0, 0x54cd, 0x800, 0x0, 0x1d})
syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x12400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETCHAIN(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[], 0x74}, 0x1, 0x0, 0x0, 0x20000010}, 0xc40)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f00000001c0)={0x48})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r4, 0x3ba0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x5, 0x6, 0x8, 0xad, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0d00000002000000040000000240000005000000", @ANYRES32=r5, @ANYBLOB="00a5b5703256794d32dfcf290000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fdffffff0000000800"/28], 0x50)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

11m17.238144982s ago: executing program 3 (id=18):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)={0x1a4, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x158, 0x8, 0x0, 0x1, [{0x9c, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x50, 0x9, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x1}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "eff93d58460ea431f2cb4a6894ddb2834088d7445bf5afdd0619ce173f1db717"}]}, {0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "491bc0be1dc1f88092e741a88b64f6dd9218ad21b44b472e44f1d0807ee6675c"}]}, {0x6c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x9, 0x7, @empty, 0x3}}, @WGPEER_A_ALLOWEDIPS={0x24, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}]}, {0x4}]}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)

11m16.740880649s ago: executing program 3 (id=23):
socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000400)={0x1d})
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x5c}}, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000300)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x4e24, @multicast1}, @in={0x2, 0x4e23, @remote}], 0x30)

11m14.579732324s ago: executing program 3 (id=28):
r0 = io_uring_setup(0x30df, &(0x7f00000000c0)={0x0, 0x54cd, 0x800, 0x0, 0x1d})
syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x12400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETCHAIN(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[], 0x74}, 0x1, 0x0, 0x0, 0x20000010}, 0xc40)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f00000001c0)={0x48})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r4, 0x3ba0, 0x0)
r5 = bpf$MAP_CREATE(0x3f, &(0x7f0000000480)=@base={0x5, 0x6, 0x8, 0xad, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xd, 0x2, 0x4, 0x4002, 0x5, r5, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffd, 0x8000000}, 0x50)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

11m10.46387837s ago: executing program 3 (id=38):
socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000400)={0x1d})
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000740)=ANY=[], 0x5c}}, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000300)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x4e24, @multicast1}, @in={0x2, 0x4e23, @remote}], 0x30)

11m8.015278437s ago: executing program 3 (id=43):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
chmod(&(0x7f0000000180)='./file0\x00', 0x1d0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000380)="bc", 0xfdef}], 0x1, 0x8, 0x8000, 0x4)

10m52.245710788s ago: executing program 32 (id=43):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
chmod(&(0x7f0000000180)='./file0\x00', 0x1d0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000380)="bc", 0xfdef}], 0x1, 0x8, 0x8000, 0x4)

2m43.739427354s ago: executing program 0 (id=1276):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r1 = syz_clone(0x20080000, &(0x7f00000009c0)="0a1efbb5bf96fcaea10a7c39018ade7715203e1e0808a3f218cfedee21e702503c7ae8e7e4a4587133de35a1513f4d73db567317eee1f745d58fff3bc2641226f446d61b8c0bb69406c70d0024b3299c26f0f40fe72558e902f44d38a6f69dc9270f09eaff76885a7c9a15e21bf950582568b621980258f1d242a9304f7522e5368fa292b1b6ae152137a75cc735583b60ba68a402638e5c8b74a42f1de2382a6cc1c970960bf520c6b29234a87bebf8d5398e04cc11fe977e74231bd594e6a8cb6516c3b3bfdecf38c82226d777d853a75fac276f9035b9b67b2804aa16106e43a5899607eea30905", 0xe9, &(0x7f0000000140), &(0x7f00000002c0), &(0x7f0000000640)="363db495a87213009ac147dcb43d5b0525b755434eab350ad77e2db1ae8c007e41847851169ba8c660ce3240c6a15f8b2b0c804798c5bf7691aabfcdcdf39976125043f24b73158cd74947854a1f85780e97cc20de970263f7fa7cc370eee8e1375df4fc9c317c15557599ac2d496f279f445de64ecc493767c621a43198fd273286a71e6e51889ba2310dd1c2caf3d17ed6ad1f2ad55e4e7a05084fe4c9eb14c34cf055e7f67c7a99d4c93e1957de09a27f7bcd358ed8714792d367e05e17fbfe4c9c5f1d49daa8c983c14434f05064a323c542767649")
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000400)={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}, {0x300, @random="ba886622a908"}, 0x0, {0x2, 0x4e20, @rand_addr=0x64010100}, 'team0\x00'})
sched_setattr(r1, &(0x7f0000000340)={0x38, 0x0, 0x28, 0xa, 0x8, 0x0, 0x4, 0x8, 0xffffffff, 0x6}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="50000000100003eeffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="0001000020010000300012800b0001006d61637365630000200002800c0004000400000100c28000050003000e"], 0x50}}, 0x0)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r3)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000980)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000540)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r4, @ANYRESOCT=r1], 0x4c}}, 0x4000000)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r5=>0x0}, 0x2020)
modify_ldt$write2(0x11, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40)
getdents64(r6, 0x0, 0x0)
write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="2a000000060000000000000000000000010000f7000000000000000000200000010000000233cbcfcac2"], 0x2a)
r7 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
writev(r7, &(0x7f0000000300)=[{&(0x7f0000000740)="c606ba2c32d5eb72023bb7a98270b17dbc73078cea52400ab83a731f861f0e34d6e49856386d40faa340b0f76b4510cb4a88769eec4c30724adddfe405ae78d672e59bbd1108864f69d006265803bccc1ca1be2a9ec096a010233a7496bef29b15c46f2634da1f51dd3ede49d36c5df47ce6ab2c97e1106f80de63a331e4a4f05fefc27bb5a3f82865b3e8697071", 0x8e}, {&(0x7f00000003c0)='\v\x00\x00\x00', 0x4}], 0x2)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="7b1713b4c6f02da7493fb6859f0143c68a58166f472c5078104b859bc37f9a49a8f85c9101df3b2736ff9bebcb1a3c2f570b28279b8ff7afdef7451b3d10b4578c2e81784b6e4f410800d997f0689546cee0852e9e9c64c1f95df7b136243cf7aee1b8e7a4e1d6e6fc01337370f0dfc098d975e9a6f90a08f5b845054d1e1fc81adadbf2836ff758bade0484377855b05b3556a91827599638458ad30baea03240b302638b88423ecaba6da1e40f6f1b24d60dde1652f2d5f818af43d49dd55c4eadea945e9b6aa744dca07ec2e00320bef5b045414836941469129670c4cdb953ed61efeeae2ced1b7cb3e7fa4c93cce5623a9e33c69d068b801fd1369aba759e2829c67c705853262fef6669aab956f0f733619dd361be5e1414c7e7ff6218e330156d609fa9f3244a0a4fb678a58e70b86f6dabc3331f755b786c42b4198149941a7a58c83f1f2811209025269c5ffcbe0c34ac98cc091cec2c993bca0aa8400ff9e39cc9fba8dda886f95357957bbad8bb850ab92f7aa9bebcdb0ef188749a1742e5597d199f3ccdc2d807bf757da45acc93e3e9645a1036cb041b3c38dafef367b8dae802bbbc03bacb905d40e1da78591687b416ee380103a670aa8f722c76e13f7f0e3effbb37f15a821b8315fe541e3ffc09289d96db1dfa8861e5da41c812b54ee20ca8b3180f2f46db56954791465cb572de0cce16d789d6fff216ca46977ed724dc0cc8cef7b295ebb2998a5c4662e32ae1001e59f3bfefcd72543bfe1aa6688d65c547089ec0fe1f1d9610095a5a4008b14f46775c368417376ee143856031947db71c455dc40eeeda210fbf258452781ce46e51f6df683a7918770f73d324d9401648d271cb9a7e919401567e400fec420cf363444a78eea03e73176abd6546e1657945aa88f64a21e07fc23edd74512cf89781e8ffe9bb1601ab25d31801332a6c5be9cebb6cb08207bb832106553ea9fc19b4b4f1f0cd55efc2925ffef75e9b12f06b5a7496506a274ca25f88398a1734b7013c3f78a2e49ef0d946a1aff362e37c9b5f5473de11401097722adda87944ee3eeb1bdde60e97484af4d2e5f8b0a9c63bb8bb99461b16edd824add1caf9d5247811cc4f6b48004774f1a4fe4dd125ddbfd8b69ff3ee314aeb445bee9f217a2f5a9e0e84ccd8718471f949086df6cdcbf95e568317e31dd01be1b826cf9a09373b16935fc864794a3886a2f4aacc42135db85f8921916a10aa7111a686979e2a5c9959cafc9774c416c4dfe0b9e06657feb2fbc31e7c11f6e2841680986557c1f2b1ec3c0fcc6a749a3c97a5b370550ab7110e25851b13c0b75a7fb0cd3c4659878209867659c216b467bdcf51e786a59fad084886490fc77e186ab827d844d0ac4682651fc4043f8e87b905532a53017ada44feee1f89f9bc6d2a8b144e721a479f7b90acb91033774f4c12df633548a9097c791ec7e80fa2607c86fce6e9abcae1296528b8488ccf18a4bb0fc9b50c15d294e8d380465465b4eeae26eb6800faba611785cd2ff95ca1923dfa47d5923f89e4eadb612002caceaebbe779c4e3a3833455752eae63689ab8dc03db63d82feeab7f1162eed5909b69ccd5abeb9c071da82cfc76cc692a51d99e0c4bdfa6c81c9878e893a77e1e7105e7910827ddb3353612fa8d5e547b43b5abfe50829c1eb7bfda1731db2a9a1e8f0fc298dfa7009679489f9d9323338b7e59f1e48419ca531d88170a5a1995f576aa125edae9e9ea26f6e9c4bc26323b7db0998c528a7b343ccd87ff44c77e6cfc0a324cc1d4ea79c30015f0caaeccd46e5db580aa5ce8030c2b13b37494557da58abbdc7ce9fc9afa49ce0e8a7a6fa058db210ed654203e7879cf5004ebec57522ed34481b749554b36cd7171209b0763e110096704604f2d3f28c5ddc66c877e3ab63f36137d5a67cbf872aa6af79cb3a66c9040009b5e1c7b718c1b8788156b82d6d800dbe9fc3d16c812a963c73599b79efb89aa74bdbd9b1a2dc0b8ad853f79c0867a3a45d7a1645059171877687a72dd5ed4213c0ab84ef6185e7935346a84450887bdb2b216883e907b13b03c133adc04ab3c5f60209bd90aad3d94443105f08f0ee1b2231e1a1f8cce71de74d5308b78b5d99ce4ad4573faba9fab48bc1615f14d453c67714b99f274de041512b07b885679e6f89f481c28b082084b853c9afcda31def2898284d6ca28fb124df67142821c9705e28093ded60992d9587fb466df839aa2a4973dd48f9372a55da6592646fc918e533955566a2d8dc59277308223aea4dbe0daf839f95516b8995e9eec87df1df9d38693e0824dca7423b08d553b0ae1c5c44533b918eaa02dd17b4c8ce515ae7de410970f670e17b5e3c0a207fb8464d5d442694a271d593fc23ac19619bac32ac17cc6705ce2e6262361eba24277a471602e7ca57cc614ee116e60a9e0b6ac5e3228ea2c650baf1a09e9e5c7a1b25a078d1d11a673d88f6ee33e50d036d7fe4b9c06adc70aede2e35c6738b255690ed3f7a8d2d14e36e360f3bb66978d6cfcfc41887c751c0efc9325d4485a2f561060413fe6af4ce40d87a476201f15a584fc7ba18ddfef5f1d729d5f544c2c6b06befccb444f0408451089f20b06f05ab7d6702b97819b0eff6fb090f21afb3076558e692920053702fc2348f8dade0cb2b007f38d6dcd4ed3bb42553b1bd684791743a1941e5bf2ed234f44be64a95b485a3e949538a40542f25ca4bfce44e291037ab282082f02157a96f4ca0a0c5cd39215fd07461093a4d87a7979f7aa97142bf5b9ef71db537f9acc90f22ca2ded5c1ecd1ba972d05db7f71e8466085c9b3e975fa3a948f2c4049d1a8e46f71157017a3a74ad25e215dcfe7a4c5cb0a7baea0b0ec60c5df82555c553ac60dd39174c721edc0304b836a4de539c3ee55401e13848018f889cc4a0fcd01d9f4978eb730fb1b4a94ede0283f8c95062f01c8c8a3169b2d5c50cdd4f3a248d80a26c950b4036fc6ffefaf5101269fe3594c2cc128220a1d0b5f9f23121f2b184894e129159eaa92d9a30e878839be44d20cbdff3c338cc95795c86121b2b498bd376e895c98d67f6a27eecb46a203aa9de744feedf27b6825cc17aaa098b5ca05cad6bdbe320908ed36bdc8a8f2c777eeb9b037b36c0e36019c264b3e36196501d6cc90e7b1899a72bea5c8a24a5ae62e3684a39a06208bd382cd32acfabd742c76334797fa0c09a2a2a7e1240974afe0f3d6eb44590cf171efb7602009a93bde85cea6701c765dbca7c6a879be41dd08847802d4f59e933df65f727cbb45e3a4a5019f503b6fad7e0338e653f8b2c87aa7f196444e0dc1be6d7c4f0c7ddd663d06ff1365a9c362384a33b0315adbfb2d73359c485cd5410d36d21044bd8d3771c5492803b19f7f3a1a5c3248e66786479fa4416a55855adebeb09528ff5add597790b97bddc16bb9b7b33a1f800701c4293e2c8428dc2684726cfe5539ae0a9bf89e1b6f1989fd0433cc865b308bd0c636402b4b285c290e2439b9ecf0eba156fb6b613ea7f97b04506fe28e9471343c854fdfd48945a7f564acc817e609be8f8a7fdee12e9b592fd8c5c08f51ba8cb95be12cfa497d1539a4b8217818d47ebb3cc669014261530205948fdb9983a0e5759afa9b290ce838102661750ab06d7fe65a39efa6af36c042d2dee36402a6686d58eb144b76033cab4482b8fbdd213a90170939ec98df1fdfca4b37b143a971b9b59fc351098942bba090056c20e8cfbfe8fcbe361d068c98a020f67e807b8db2e45cad83c9970907646c0049c05c1ed657d53d859f1a47bfe6f022be0689de224034d0160b1dbc878ba6dd685911288d7af22ff5eedc1634c36e25f51d0757c7b9c73d7937955da356dea68749d464a75f56c9f6ba36cc1ca8c2f3aa34beae14fba894ca705111cdb19094432c2f6caa0eac78ab09b0cee330f36b1b91a6a5d4896cd15d96c12547826559441cbf578f189f5f04526a4cf76d60144090c2386b747ad50f7962ef2950d2c6f4ff8477ad0681ab24c47ea7ded8c9accff0dfa30489f43f0f3182b88e757fd9a1d82e1c9bb4efe5215518a6e48c688b2dabbd15107c5c6245de0acfd740ea54e0ec212f405f25bc3aafc63009631a4e4749296d47c2bcf25cc95afceb0a1ddb3c6124208f5134981c30489b42eeb864b3123b03106c9b234a465d87c30ef36e00244390de36a5dd93794467ef37bd01b86387855d2ac24e05370212e845082bb22c8fcda0f0bc78ddf971b0b9d69fc50e0d907408e9c9ac4e5099f47db2d0c14d888e363ece768555362a08c408d0119c45f158aad695d455d28e223be2862c19262c9f43eff8855b5a9af4f2cede95e415e2f597bb64c8bb2d608f86b15950ffe2e6bea3cdb221cf8b7eb35e0bdf6638283b09c68cda0bf1ccb9e353a7f0afb58d806923e36b22db68615a7e4e04d0932d928afdc8af3963378ebd5e05058160ac67fadb7a7d9ec498e00f63671b84d880d196c93afb4fc823e7d6576ad824ffb4c90fc780b163a292899ccfcaed81dee2c992787a66800e206df3dfc4a6b441d54ccb1a19a587402a663d510e45a5b1aa96fc467efaf7e71cbbff087f3d2922a133466d5ae9f86b0bc39bb3093b87ac2db941b1fd9e40427402781425d6e8856a2c66cbdd274f4c689758db6dd58ec7d766b177739e8c9173f2b1946be5396aad6d7ed29d058ac231e8c2e6a9077b4a217df4580a2d72bcf0b73e4bd07465deb8798a55ee855b82f1fa7d3748a40485bd90fab94b617d92219c4b65efa022936895e51873058615a19b9d1347120c405c3254f290b4c8b99c8ea9dde3a749ec538421a29d27b48ccd83852abe1a461123e4d36e56508d1827880960362d10835df77f9d4be51f1447cac5ae2017a814de58cd99bcc0c194254b17114ea48f5a0cfe6547686088d527c65180474fd460ffea5d48767ceb65c6fa3d7d3c632591d2d9d65c6c3a35a6ae4dc56322cd84734b0e7a092a4c46c1c607afa6d0e477e8d04e4993e595ba708a0f4466cd8a89fbc06d3cd366007296a9f05b66cfdcd5b30b6745e71d513205d5dbe1e8516d9e9cf133caa994ec0ac2c543d107efd4b9a7d9ee1ee415830a6c2ea17114ea9683726f2c82741f9ad4ac1be6772f0809f18c13f4cfc82fd1b7b3bd29615336003c6784c03fbcae475a58a3c4d68099732c326dfb7643eb150f2354918077bb798b5ecf491cdd0765e3e1ed5d0a37840f1a28f7e188a021781f1896dae7153f9d6639bf66be0c7857d7eccd2a1e6c9fd0cc3594477bb005df9b29f680c966161e37bcec97fc2ef7a2c3bf64e4df5785c9b080c7f9c6d7c515408445d55da499c03ba66369a31157bb03588e84a5303c46cd393c5bd6fbbb8deed94b62d67a9351c259b263c6c4fa65a4dbdd7eee080d82cc5e478c885678edbc9cfce74169ab748d7f4a08aec3e114394fc1d5e361267b8f3fcf38a024928d58158560f7da427680e7611a9f1b8255c67e6ea6b597ebd31bed9fd6f85f9b6ee63d4374c1e50597d1c9f3c56b4266bc632ba66ebecc396f6bead40392dcc138098b4166ab7f8714bd4db0615480705dd200da92dc51ec215844d7599e0a6262e8d5dc6a9452db8994d8b8f19ad4029e0b41b5e13fd6b56230cecea57f3111fe6c78876b3e657fab112968e83a0b64ce9837b89f5dad0d5f0b8b410e3a9a56ab2e9143e90fe371a944989ee206eef777cf4a235333c647e45aab910af492bc7c2213246374251e23accf5818aa2f24823bcba12efe3658e1e2cb49a5d4ffd26453829739647eccd106605921641afe16bbe79c8739062eabeeda4d4a42cb70d84e1e1d3506c7bfba5f5135aaae85b03dc6518eb30d832175cedc5bdca95e600e04902d9eda90c1da4bdd3138ac889398c239068857103ad70b5d1d9fac27c8ccfbcfcf126d9a5441bc963bce4669047ac901a14ca7c7e76f94c77159cdbda5360e04bb539a9d5ccd16a8cc88bacaa5b952c86b163575d7f1cab58f0d612d796b570f3c5debd7d9abde7e24de2c252173f1edc93817192699bddad45eeb41ff398c1bee4d2194f38bf4d2b4ed3a8895476bc441f464753139e204ff5dee7f45ce639d7541c0d396141aeff30cbbfa7157a61993eec98a4356df98665546a1d1e8429fb0c78684000862aac50f7d9a1413e89958f4defd3f087769cafc32bcd6016e496b41b7754cfbe42b352346fd585fb19a80f4af9a19811311b5fc6ea8eb5519a3cf7dbc1a06eed41668e332224c1daa01776e0886044f5a95e5dffc8d9ccce7840eeae97e8cc916db95bdc33fb420e28030c6edb011d5281db1dbeac9bfcaf938a757e3939b025d339e69b9692c8c7352787d399f342e96096e37ca208609e5f93629e36ee442db9fb822ea236683f79875e7dc73ec97f98fe0795f9d83f473cc80a589043a7edd953473684ea4e80f698683a0fc1d8863adc44fc13c27a08921a681ca1ad76207b1a97f8fff7db247ea09b3a6407ea83d82d82d171fc80a8f5fb9f19cd7e94fe121a6a0ef9c4cff7a8689c0abf750dadcc7442c2ca5ed437af5e88e89b0a783a1164cd1eb2a33a64c919d9f08fe5aa7a775352ab6027a7b73d6fef51acebec5516c2a5f2b932b2621bbd2cdb415fce9ba1dbc3de205869fa0423adcedd5570ab0b4b64afafaa458b3840b48f018297aa46426d7893418033f00b5378eac6a70275ec860609b07851b88ecb5da05086adfb80f47c71a77301ca0f1520dfb7a800bc8421abf5eb94942ec818e3a1d45f09ff93e6549b3ef6152c6abe38231b4a82e355e27e363184df51418286d7073cf464eee02310e84b3eccabd2120fcca333130357e1967f67a69f437dcf6a20ca21797230aad086bd4c28348f58b80ec5d27626004533993b9f85897d00bc271a62ab67f92e2eed6d900000000549e8344ad90b47fb5c1ed5908bce94d03bbe98a87a1733b5031f89644c2d35d729e1375969a82f0252859219407c5c87f5d249d5eb8c17001fc7c6dc5d1825851b41e5e937f2c39d7f7196f38f83619da2cddce747bb0e906d0fc13a11fc6c2be3d140ea6da886cd5e194ca9dbff565d2a82e7e82dc5a36084bf02029ea05a9cfe1f3dc80489b426a14372232940ffad8124bd515f0a73fa85c2aa0cd51d76a0cc6e75ccc35b702a4fed4d2e2828d98939406ddc6df1048f0a22611859d6bfcbb0873d102e4b8a86b5d9af8056447f6c1552a603d9f67009fa070db73a01e1b4adbe4e841d0b9a92d148b626c386b25687817e5ec07dbbfa1d62d078578fe21d546414e3c5e29e8e086d7e542a2eb74a67127e7f171e076bbdd62767aae3db467db1df13b3121023bcee33f814d767a9ef14651f76ec89910ed33e9804df8619f69ad06bf0559b00d4efbf6f44e922d50a18ffa25d8ac58dec53a93642186c0ca81b07fe5c14c9c13397649a53ebfcec118e5bb84db053e6e505d07a09bb50f33906e7febac3c85ca337111dbfcb7b9becccaaefa3d857d48f0b3d8646d70fdcf2f1dfb89cc3ba1394cb5de24d999c88235418bc0f20d4036bd0113d298b91c44fe042d3b8e4070e3f828499972524601c4725389122c7fc3e38eb799f7b755f23bd5362880b9275e58eab2c8f42e583890cb84e17f35025d1d76dd28171bee561d21451b4b2ebf23b923221c9ea06b924815889d2b605af66539c3b0ffc30c7170a5581727f0faddb257cb6ab28b3456737d3588fa3bce0ba6a2a5c3c94301fa8a4e6db358731bd3a4a62b42181e04241010d7bc3e973b9fe428175ec8f8e6cbd4e53c8bd957621acb1e42504e6f8a7bb30c382058fc9dcd0cd0ba0b789c316cd58d7b5606cc2a66c872f10e6663346d572ecc37ad1c3d8146a137e35e54096ddc2a5e2d26765d75615fecd09b864b29adfe92763ab54272365f56feeb9b57059744e765485ee322cb879fd3c8fd8bc4727d860995c548bcd41852349f1b2227f5a1f39b24549693fb05c04ba8f190673d11eb27d0bf628489f9b8049f5f3a1e1fed97ba9881da0031ef5960b6b0af825cfae8252b931f6151cba9bf889a5c74051a176c56d3cbb8915d3f28f8f684629bd1e3f87f27909b4e8eca6b88cdd60f3b5bbe0641a469e396080fdd2feeac7a11703b758f1815f100ab2ca4403af34a655f4c35e62778c276c96bb94a3d9f58f3bbd7ae6c4f133f7c4199f18d02d66598a54769415b376bb04b520881f23b22b32685ea1ea0dc179ab2f33f07c7039d1a5eedd1905d2a8c7d3c9686758ba5aafdd74f36da7f5522aff5c40e565b50cdd92ce353c3d6c97ce87f0495bdb95d70ea52c8c26b87cd337fd2283b88d7301c32f26833451b8f7c2ee5f44eec58d9eef2a39b3021a29c8747d36a2dbca6c0c085399bb720000000000000009d67e17060abad89c7d8b8970244c2f11ad2f4ae878a3676659b77178a9b651b12cf9c21e658a32999d596af4648f636df4de8c037d1fa63b1a685e8850156bf99e00666dbc03d3e3b44018659743127f91d44c99b578b86a44f3bcf1523c8cb45accc3c5fedfd7796411eddfc3a7a6b7c57ae10fd4bd3fe9f662dc59747ac4b7cc2584ae3ce2e42a41066dd0d560f1b4c83edc57121dade5e397380bec5f40b5d0beb14aef21b2c68ccfd0eb4959b5e7f5b5779903963298e3c9a2141f145137de1d604d9124c3c4f60a4d54da38a7c32ef2632fe66a8ce8e95ee95a570e18e9fbd44884afe291550839dd61e65c952a3f5c6b61850d1c2a77e18fde734a305b407cf6dbf17afd66da6e42f0e8f66092df46c79b44711f6e8aafa831fa1188beea696672b0e94cc3cae584b30dccf053634f792c2d9f4c87e306991b407949f2870b525d123f9ca23142a0ee13d05f51ed4ff2653727ad5bf16453276b2d5e7d7a8a0a1c4847cb61ac4b08d9abee25165a120d156775a534a62f9af3a3b62726101b94ae1e14352262f017c5361b3341952d194a6a2d470e60df3fde61d343e0af8fdff36ad976af6732b732ceb69344550555174fa280153e08f74d81f4ee69c1eb44a3468e8cf78bf7c1663dae3d31553466faa207b8e9887cb54209fac0b6f6d12d9588351c76e6bad884799afe856a25b5fe737d0ba737a0f1a12b4eb3ede48a0c38e6787ab42fca1c7f2ab42fa6104d5a99aa36b73ac3622ccae122524c28a6557cb7d0a7c7eb5de795647dca0621fc2c9599441dae7cc2a8631252abb5e0f22e9355e0a156a1ab7b1641e345045e8303b5f6dda5c3c1cc2637700cea25c004460d101fc42ad78ae477739a4efbacc57272cfafae15292dc3b2800d9f42002c2062af9a1f329e11140f8317242c04ac1f11cdb45f5f9ab18877daa214c151fb9ac54e3e010b5e7944d7217442d5c4fc29956c1333cb932424096f5b6afe1128db53f7171be4372be8bae538bcb3e4a2eb29608678735a667135e0f2660956e9e2a3ed862209efe65d9ab2fbbf88e5d3384fb3362af00e1ec6b4d3ca40df442b70951026438877189c4b0ae136a9a35c131fdf19115e8dc1ee2b938bfbfdb3808aebbe7dfbbd3510c7070388f5813e8bc63be744b99116c4b84ea37d57c5da7a80cc883aa915d84a249ebfa78ceb124c63b3a0720b19483189ee50824e8581556f0520e434803204cd0f3dd09fc97c979f9a7e3f8e5eca8fccde98fc4939551338235c0c6378faade0d18f7050f29189485e01ec120239373c5478cd19ab27570921415a6680924baf9c5829f3f2115460d1fceb8a026fa1a0a0047fe1cd6fcf1861dd3784e006abfddfe79461c5001e4e32d99c5bc203c21f8c711c5ecccf8941093d95a8db73722bb7511443fb2670244cc1249492e92fc4bf7e06ec6f08c5c6931929d58232b551957b771ea5e4a932b037904b81916e662e3fe95af894e80f699e5c00ab664f381bd9c0bd41322a8b3cf367577429fa52c0f1c44ffc626c215e7103cba05bff4931d9a202c1eb9068f44983d1e0c6d9fb5fed738561651e854a3c1b362ae354a0b4a270386ed2dbef093bd82f07f25edfae31901cb86fd214576b25f769bcb215214c63026b2581a8d17779aae03ba310f3243b3631f4b01c9e3eb342c3bdb44d8e47cdc1683e3b1cfffef72e385cc8831f99425fc406575170e1c106618d5429144a436b9e92d241d8118b5cbe0dca5e8ddd86e671e13080eddcf8dee9e317d192a3a5386378de9b1ecd8cf5439cfbe9f65965e5a5f6c145627ac23fe30c2e06e623b0eca15b225b32b65ce568b656cec0e0d6752fdebffd39c7538472ad7a195b56fcad3fab80016ff006df6b01d785191e4fca143b14ce68b32571476a779515ccb14d35cf9aabd4849c03c9bf12a42cfc2a7146ed6c25892a9d1c48f95314f641142d38cd882e54534d69b3fcc18044309e6debef6dc79d7737956418b955d33737115b44360e0bac14b71e2e64f0c8aea428dce5b65e210c108f832a6041c0aab116488e5863cd1039dc8af537908be3541352bdad303de43387503d19d7c0f0390bdc5b95f1dfb0701fd0e14a22c210837cc0a1cb059de474f4476bfe9bddfe3e7977fb299e82d9eefb18111f7c4a5fbd406fca720fec69340d978f4c9832204d67f6fa5793325e04d4af84acde0b56158e4c606394286a4b3cfc04a426a665529b753e1ce2d6c613159844bd069a67b5b96cb8ec993f05a8e252ed3d8ed63d524af0845f519f9d47b85a773f37031cb91055fb963db50e6a1e368f10a82fa40ac055e0201c6d29661eadb76f8154ef9c1cc210ccf1ccb063e8c00324ed6a14fdefa0167a9abb04debbbf5e7b8a57a7772373c765947f0f67b5130d77a6ca6ab166147d4eba97b4ddf1465d25b02f4430227b5713a29fd84664bfdfa5fc450e48f5263eaca67c16033b79bf1cb819511cf16bae6ffd5d05a7d9cc93067b6f2512fea2424a9c7d178f653ffa7ce1c00924707e3817c7cd461cb2a8cc5eadc40821258eaad7720ee3976c5a60025c317480016e5e5bd884f3646651f3bdc1185ec1a4112eb24ba5b3b6f94ac66322042d4bc48cb5befabfcf950cf8a0165fba3fa019324b53fb56bbfaec7f4ec733e84c22f841c1c9c1dc51dd3ac4887e155ac4095a6b8846c8f401f3c2d48d4de18906193a9f05ed59e3b0add8bc27c0bad8418ccbb842123ce1d39fdeeaa7984dfba9ef121ab4d4d35de076262636f3815708e4bcf31e634a290b13317425b1a4a2e4ebf8537092c7e524c126faa9622bf1337168e003857805dd420a51816fea3cd37c34e483f64a2da3ab67442314ffff40727835a1bc7b9971ccb5f83183cf1a135defd468907b988d97028f904c4d9c712f7d0ed6abe4d80712a7b7e06efcbe6a5b83e32beb1556326af7a97437c35c6a706c6cf4403b98f5134547ac167fd1abcb9245ec3450202ab80e553952412032a6c3cfa64441d4aecabd1e182c50bf67801fd3b44b40648ac9926bbbd7095425a429f2a9550c2fd1267cbf6156897b705255cadf1c7f233f4effd788b3f446dba19e68bbf8b42ff6caf984a4eb51328ab5e2bc28366e8b4df4df967a166470a00", 0x2000, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="b000000000"], 0x0, 0x0, 0x0})

2m41.189890322s ago: executing program 0 (id=1283):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), r0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x34, r1, 0x1, 0x0, 0x0, {{}, {}, {0x18, 0x17, {0x21, 0x0, @l2={'eth', 0x3a, 'ip6gre0\x00'}}}}}, 0x34}}, 0x0) (fail_nth: 4)

2m39.321020276s ago: executing program 0 (id=1286):
r0 = socket$packet(0x11, 0x3, 0x300)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xdc}}, 0x0)
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mount$overlay(0x0, 0x0, 0x0, 0x1a80005, 0x0)
r4 = syz_socket_connect_nvme_tcp()
recvmsg$inet_nvme(r4, &(0x7f0000000040)={&(0x7f0000000180)=@rc={0x1f, @fixed}, 0x80, 0x0}, 0x101)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x64, 0x0, 0x9, 0x801, 0x0, 0x0, {}, [@NFCTH_PRIV_DATA_LEN={0x8}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @private1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x64}}, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
read$FUSE(r6, &(0x7f00000034c0)={0x2020}, 0x2020)
r7 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103b02, 0x0)
ioctl$TCSETSF(r7, 0x5404, &(0x7f0000000040)={0xf, 0x9, 0x9, 0x7, 0xc, "d40cb92ef56f20000000000000000000f900"})
write(r7, &(0x7f0000000080)="c29a210bc720ca488cfad2bb7ba4bcb037336991887da20990e698334e74b7c924859c74787902b6e889c16870d2d523f0451f8c19961d3627b1a206571d3f099095ce2680518d1b143d11cf4abfcdb282f7c795ab30adf3ce26db82d93654be0b76e4bef0b889be7856a4597801e4f12ef4d63eaee4b068803cdf9eb71e43dd3c04a8d5b25ea63318b274aec4ba484828c8d1f6b67c47c0ba77902e00a171d783df3048544570229a741f1492be8ac891713037e02794860afe9a1e3819707031a98d3a89b767da5c17e81a411d4eec4ca627d65f472e5f1510bd604f3b3ffed7fe40b0ee0d", 0xe6)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x34, r8, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_WME={0xc, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x2}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x45}, 0x0) (fail_nth: 1)
sendmsg$NL80211_CMD_FLUSH_PMKSA(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x14, r8, 0x613, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000044}, 0x4004005)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62)
syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)

2m36.712525725s ago: executing program 0 (id=1287):
r0 = socket(0x10, 0x6, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x80, 0xeef9}, 0x10)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x8, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001600010000000000fbdbdf250a08"], 0x20}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@deltaction={0x11c, 0x31, 0x2, 0x70bd2a, 0x25dfdbfc, {}, [@TCA_ACT_TAB={0x34, 0x1, [{0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}]}, @TCA_ACT_TAB={0x74, 0x1, [{0x10, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xd}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x10, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0x10, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}, @TCA_ACT_TAB={0x60, 0x1, [{0x10, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xae49}}, {0xc, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfffffffd}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}]}]}, 0x11c}}, 0x0)

2m36.259759576s ago: executing program 0 (id=1291):
r0 = syz_open_dev$vbi(0x0, 0x1, 0x2)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000280)={0x5, @pix={0x7, 0x8, 0x34363248, 0x7, 0x9, 0xffffffff, 0x3, 0x2, 0x1, 0x1, 0x0, 0x4}})

2m35.274101745s ago: executing program 0 (id=1293):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000200)=0x8000000)
socket(0x22, 0x2, 0x24)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xc, 0x762, 0x5, 0xc, 0x9}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4040}, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000180)={0x5, 0x8, 0x2, 0x1}, 0x0)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x5, 0x0, 0x200000, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
sync()
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$netlink(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000000bc0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x7, [@enum64={0x4, 0x5, 0x0, 0x13, 0x1, 0x1, [{0x1, 0x9}, {0x7, 0xd2, 0x3}, {0xe, 0x1, 0xe7}, {0x2, 0x7fff, 0xffff3c36}, {0x5, 0x7, 0x9}]}]}, {0x0, [0x61, 0x2e, 0x5f, 0x61, 0x4f]}}, &(0x7f0000000c40)=""/3, 0x67, 0x3, 0x1, 0x1}, 0x28)

2m20.03641424s ago: executing program 33 (id=1293):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000200)=0x8000000)
socket(0x22, 0x2, 0x24)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xc, 0x762, 0x5, 0xc, 0x9}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4040}, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000180)={0x5, 0x8, 0x2, 0x1}, 0x0)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x5, 0x0, 0x200000, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
sync()
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$netlink(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000000bc0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x7, [@enum64={0x4, 0x5, 0x0, 0x13, 0x1, 0x1, [{0x1, 0x9}, {0x7, 0xd2, 0x3}, {0xe, 0x1, 0xe7}, {0x2, 0x7fff, 0xffff3c36}, {0x5, 0x7, 0x9}]}]}, {0x0, [0x61, 0x2e, 0x5f, 0x61, 0x4f]}}, &(0x7f0000000c40)=""/3, 0x67, 0x3, 0x1, 0x1}, 0x28)

2m2.940029419s ago: executing program 4 (id=1374):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f00000000c0)={0x1, 0x2}, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_MARK={0x8}]}, {0xfffffffffffffe4b}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f000069c000/0x4000)=nil, 0x4000, 0x2, 0x2010, r2, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r4, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@volatile}]})
chdir(&(0x7f00000001c0)='./bus\x00')

2m1.840285617s ago: executing program 4 (id=1376):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15)
kexec_load(0x97, 0x1, &(0x7f00000001c0)=[{0x0, 0x0, 0x3ff, 0xdf}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="020509020e0000000000000000e2000005000600000000000a004e230000709f60aa10ed20010000000000000000000000000000cd0b00000000000002000100ffffff7db000080000000000050005fbff0000000a00000000000000fc020000f3ffffffffffffff0000000000000000"], 0x70}}, 0x84)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='adfs\x00', 0x8, 0x0)
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f00000000c0))
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x7000000)
r4 = openat(r2, &(0x7f0000004280)='./file0\x00', 0x10d000, 0x190)
getdents(r4, &(0x7f0000000480)=""/4096, 0x1000)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) (async)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) (async)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) (async)
kexec_load(0x97, 0x1, &(0x7f00000001c0)=[{0x0, 0x0, 0x3ff, 0xdf}], 0x1) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
socket$key(0xf, 0x3, 0x2) (async)
sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="020509020e0000000000000000e2000005000600000000000a004e230000709f60aa10ed20010000000000000000000000000000cd0b00000000000002000100ffffff7db000080000000000050005fbff0000000a00000000000000fc020000f3ffffffffffffff0000000000000000"], 0x70}}, 0x84) (async)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='adfs\x00', 0x8, 0x0) (async)
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f00000000c0)) (async)
pipe(&(0x7f0000000000)) (async)
fcntl$setpipe(r3, 0x407, 0x7000000) (async)
openat(r2, &(0x7f0000004280)='./file0\x00', 0x10d000, 0x190) (async)
getdents(r4, &(0x7f0000000480)=""/4096, 0x1000) (async)

2m1.55978063s ago: executing program 4 (id=1377):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r3}]}, 0x20}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {0xa, 0x0, 0x10}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}]}, 0x24}}, 0x80c0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
getdents(r4, 0xffffffffffffffff, 0x5a)
recvmsg$can_j1939(r4, &(0x7f0000000440)={&(0x7f0000000340)=@qipcrtr, 0x80, &(0x7f0000000400)=[{&(0x7f0000000280)=""/27, 0x1b}], 0x1}, 0x2)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x192}}, 0x20}}, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000180)={0x80000001, <r5=>0xffffffffffffffff, 'id0\x00'})
ioctl$SCSI_IOCTL_DOORUNLOCK(r5, 0x5381)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x33, 0x2, @tid=0xffffffffffffffff})
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@var={0x8, 0x0, 0x0, 0xe, 0x4}, @decl_tag={0xc, 0x0, 0x0, 0x11, 0x3, 0x3}, @ptr={0x5, 0x0, 0x0, 0x2, 0x5}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}]}}, 0x0, 0x52, 0x0, 0x0, 0xfffffffb}, 0x28)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x0, '\x00', 0x0, r6, 0x1, 0x3}, 0x50)
socket$igmp(0x2, 0x3, 0x2)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000580)={{r5, <r7=>0xffffffffffffffff}, &(0x7f0000000480), &(0x7f0000000540)='%pi6   \x00'}, 0x20)
newfstatat(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000640), 0x0)
fcntl$dupfd(r4, 0x406, r7)
r8 = openat$adsp1(0xffffff9c, &(0x7f0000000040), 0x101a00, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r8, 0x80044dfe, &(0x7f0000000080))
mount$9p_tcp(&(0x7f00000002c0), &(0x7f0000000300)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000004c0), 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="7472616e733d74637411a8fb72743d30783030303030"])

2m1.132168863s ago: executing program 4 (id=1380):
syz_usb_connect(0x2, 0x24, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0xda, 0x7d, 0x3f, 0x10, 0x6cd, 0x109, 0x2504, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1e, 0x0, 0x0, 0x9, 0x65, 0x1e}}]}}]}}, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x103501)
fchmod(r0, 0x5)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = io_uring_setup(0xaae, &(0x7f0000000080)={0x0, 0xffffeffa, 0x800, 0x7, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f00000004c0)='4', 0x1}], 0x1)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000e295f120460d7800d2820102030109021b00010200000009042d000145efe400090501", @ANYRES16], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x60, &(0x7f00000004c0)={&(0x7f0000000180)=@gettfilter={0x24, 0x2e, 0x301, 0x0, 0x1000000, {0x0, 0x0, 0x0, r5, {0xfff2}}}, 0x24}}, 0x0)
ioctl$VIDIOC_G_ENC_INDEX(0xffffffffffffffff, 0x8818564c, &(0x7f0000000500))
openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x30100, 0x0, 0x2}, 0x18)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r6, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_128={{0x303}, "cbbf09c473ef3ee5", "d62cb2759e70ad75c3b50ef30b007511", "0894cb4c", "2a6f9fea1f1bb653"}, 0x28)
sendmsg$sock(r6, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=[@txtime={{0x18, 0x11a, 0x3d, 0x4}}], 0x18}, 0x8000)
close_range(r4, r3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x13, 0x0, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', r5, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000}, 0x94)

1m57.032428948s ago: executing program 4 (id=1396):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x4b, 0x41, 0x46, 0x8, 0x1660, 0x932, 0x80ea, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x5, 0x10, 0xf}}]}}]}}, 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000040)={&(0x7f00000000c0)=[{0x63, 0x5010, 0x0, 0x0}], 0x1})
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f00002b5000/0x1000)=nil, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x2, 0x48, 0x71, 0x33})
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0x2}, 0x6)
io_setup(0x80000000, &(0x7f0000000100))
write$bt_hci(r3, &(0x7f0000000040)=ANY=[@ANYRES16=r3], 0x6)
r4 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mknodat(r4, &(0x7f0000000240)='./file0\x00', 0x200, 0x48)
syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r6, 0x1)
flock(r5, 0x1)
r7 = open(&(0x7f0000000180)='.\x00', 0x10000, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f0000000780)=[{&(0x7f0000000600)=""/158, 0x9e}, {&(0x7f00000006c0)=""/110, 0x6e}, {&(0x7f0000000740)=""/31, 0x1f}], 0x3)
flock(r7, 0x1)
r8 = add_key$user(&(0x7f0000002f00), &(0x7f0000002f40)={'syz', 0x2}, &(0x7f0000003280)='#', 0x1, 0xfffffffffffffffd)
r9 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)="7f552b84e40eb0d1e0c60392d34009a8d15935f66db347340898c2e0f212f85cad7ac3f784dfae9e2c53707f5981b94efba342bf6ea89c2fe35ff39a38881be90a1e482e8d0fdf58964318951543a417277a0e3a0adb9989076d5c1b9941a2b8f139cca669b9fc683015ab1adb8a060778a9f41e527ecff8fcc5afee883d0c918620145dcdc9103a900628b4581ba106c5d4d7e42f07e2b7a352feab745e52fea48d92fab11fa01ac963d54a1d2152def9dd63ff551d815e8cdb5b15ee48d92293869402490261b96b0184533372867504187bad69376189fff04e78214d6788cbf381cc22912f3dcb50141b917127550140786f6587d4f6e1604fd92f9e767a4b440664c128eb73a4c8d2e06571928e40273db48a1af4641df08b4a1df13107e425a547b8fc5d241190c6f6b56984e6b221555db6a026ae58217f39ebe553c9dcc690df8b81b2186ad894e71d8b691b085bc6c12547a46a0ef9b16f9a10f4d916f00b25a993150e93b16a547a676d0a9967af1618be257a264d31328127bf06a68d661356a3f6ac8b3f01a5e83918f9d3a8e14b335f43e44ff21ea467c358ac3038d67d6b18a31a4cf7f9b7e074f34d7e1fd47ffa44a54ff6774ae657a341757ece6520b5bcae3147d71d77e84ad148e4578b6702135fdf25457817cb0e8c90bcd10799bad5c24658681194eced5fee431ad0558b0b33a85f3c73f5c169c39686bc43dec5c412db48b0d538a343feebbe1614238c66f65f932342a408e07f432ba0c72a86976d9afd5de7d86b1129df642bb0bc03133d3bf8f0b4efa765e6f30d0e2803100e2d78fe9ee1235410c9d7612f7ee396b5f745868867143d79c0e97133dfaacfd6188431128b85afa4b8c6334ce678d9f1c81ea656915c6773c31a855d5e34f5c75c51ce97cd8bb43b76baaae94cd4bbf3d2da0c7ed9392e042323181cd66e5a13b7da28688834e80bda80263e73e15805a2ab88a81292f8822ce5864ac53d38f7add565a19225705dabba1f73edb89e84b4abf6f6c5a5b4f5dc5769f8b45831124defe64ef9d0336d15516494b637a09c8c6698561485f33fec037cd61482742b26fc0b358690161448bd73e9bb98fb46229eb6a4c5c3817c65927153195d25ee1f6161177676168f56835ba74d3061e7206d8a4cd50925d399f4d3e5f7d34e3250098b0d0c4660cfbbe833857e8d8ae5040fd84e7710c2ca8b151c6793400b81289b0e5968cd86cf070110aee86ac5c33b3674bd5ca977e1ac9debd8939f743715d9ae6c4c47c5ec59753cdaba14d51b75b5734dd1b970070553813ac8d8566d0b3cb2a066f7c598202b7ededdfcb5ff7ec5d4dad72344dce5f17031641d756e14365cf2fd8df9668cc64c3660defc5d71d32396d4144d2f6452478586445b95313feaf79caedecdefaf004a44e8b875f79de205f261948b1a458a3b11224f44b7d95d910ef4fae78c6a2351560fc6197a1c74551bde34588ac68cd90a7155aa776975d41bad0d52c549e9fdbb1b7085ce45a7d92f4285a21f125562410706242e79d69ce1c2f785c2dd0ea43a82de81dbb045fe02ceb0236641a4776444519cc04dbfad871a54c0b5492b308a20a602e1bcbe50fe71ad051233a2d8d96e01335e38945c96c8baa0c110c89b9597b2b2720eca635bf4adacdf668464decb2303947453547125c93adf6682001e5f8e4db392c51ab5a3718681915f5d89add2ce83afd75f5f87c8fda2193d57aa3d0e3e8cba8cee4f6400bd811224ab6b56a558ae406bf022884fc3ea0e3c935942372d6f3dbec431cbb302f007ccd7b89ffb70501f056b39da6d6f0c4084fd1d6927f1ef40817024067626cd13b5e88e8e0674efdfbd067b8b3ce012a93a", 0x531, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000001080)={r8, r9, r8}, &(0x7f00000010c0)=""/48, 0x30, &(0x7f0000001180)={&(0x7f0000001100)={'streebog256\x00'}, &(0x7f00000005c0)="63a5ff66", 0x4})
mkdir(&(0x7f0000000580)='./bus\x00', 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
lstat(&(0x7f0000000140)='./bus\x00', &(0x7f00000001c0))

1m54.811950523s ago: executing program 4 (id=1404):
syz_usbip_server_init(0x7b5319c8cd108904)
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000000)={0x0, 0x0, 0x0})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="1801000200000000ef85004000500000009500000000000000000000000000000032571d0226206d1e51d68935cc14fee43e0b52325d034d69a4d0df4ad13723fe4d029e9659ad12384b7f4366b24bcd641c7d8eb9c78651fa74359b2feda5daae3dec3dca8fab96d679961b22a2a323019a8d7d4fa93f53a1e84abf78bf887b018fe1baa6d619651dab275f089b920817e4ae19c21ac7b1c80678d973b4f6353e51ae64c81edd805f9e0ce7195a725d323d2841e2e705f5d6877fdb20c6ff894bb4de2e8b417d13b6df688782c4e69906a416683221606649aaa4b8bb1e6d26bc5d383941ca3e968baf8a3b085b7cab3cd8e3839da820a752cb835d952781ea78fd511a068806374405f96f6581011143e409b0e3ba23acd3bcd839c6544dcac4a31b9710ed9ddf65903939ef4cdd19c1a7125edac7c8e051681893d088bcdb", @ANYRES16], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
sync()
io_submit(0x0, 0x0, 0x0)

1m39.157328993s ago: executing program 34 (id=1404):
syz_usbip_server_init(0x7b5319c8cd108904)
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000000)={0x0, 0x0, 0x0})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="1801000200000000ef85004000500000009500000000000000000000000000000032571d0226206d1e51d68935cc14fee43e0b52325d034d69a4d0df4ad13723fe4d029e9659ad12384b7f4366b24bcd641c7d8eb9c78651fa74359b2feda5daae3dec3dca8fab96d679961b22a2a323019a8d7d4fa93f53a1e84abf78bf887b018fe1baa6d619651dab275f089b920817e4ae19c21ac7b1c80678d973b4f6353e51ae64c81edd805f9e0ce7195a725d323d2841e2e705f5d6877fdb20c6ff894bb4de2e8b417d13b6df688782c4e69906a416683221606649aaa4b8bb1e6d26bc5d383941ca3e968baf8a3b085b7cab3cd8e3839da820a752cb835d952781ea78fd511a068806374405f96f6581011143e409b0e3ba23acd3bcd839c6544dcac4a31b9710ed9ddf65903939ef4cdd19c1a7125edac7c8e051681893d088bcdb", @ANYRES16], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
sync()
io_submit(0x0, 0x0, 0x0)

7.167911986s ago: executing program 6 (id=1680):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="18020000fcffffff00000000000000008500000041000000850000007d00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2111, 0x300, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

6.940472481s ago: executing program 6 (id=1684):
socket$rxrpc(0x21, 0x2, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004080)={{r0}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000000)=0x2)
ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000140)={0x1, &(0x7f0000000080)=[{0x48, 0x0, 0x38, 0x4}]})

6.579808416s ago: executing program 6 (id=1689):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r1}, 0x10)
flock(r0, 0x5)
r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r2, 0x2)
dup3(r2, r0, 0x0)

6.339881278s ago: executing program 6 (id=1690):
socket(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_mcast\x00')
preadv(r0, &(0x7f0000000540)=[{&(0x7f0000000080)=""/155, 0x9b}], 0x1, 0x536, 0xffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
lseek(r0, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x240008c4)

6.098590389s ago: executing program 6 (id=1693):
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0xfffffff8, <r0=>0x0}, 0x8)
r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r0, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1aedae8c}, 0x94)
r3 = syz_open_dev$sg(0x0, 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r3, 0x227b, &(0x7f00000001c0)=0x2001)
r4 = fcntl$dupfd(r3, 0x0, r3)
r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000000)={{0x1, 0x1, 0xfffffe00}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r5, 0x80585414, 0x0)
write$sndseq(r4, &(0x7f0000000280)=[{0x5, 0x5, 0x40, 0x0, @time={0x8, 0x7}, {0xf7, 0xf}, {0x3, 0x9}, @queue={0x0, {0x17, 0x9}}}, {0x5, 0x9, 0x3, 0x2, @time={0xffffffff, 0x7}, {0xff, 0xb}, {0x6, 0xfc}, @queue={0xe, {0x1, 0x7}}}], 0x38)
readv(r3, &(0x7f0000000200)=[{&(0x7f0000000040)=""/59, 0x3b}], 0x1)
openat(0xffffffffffffff9c, 0x0, 0x8541, 0x104)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000001801000020756c2500000000002020207b1af8ff00000000bfa1000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
readv(r6, &(0x7f00000002c0)=[{&(0x7f0000000480)=""/253, 0xfd}], 0x1)
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r2}, 0x18)
r8 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x82000)
fcntl$dupfd(r8, 0x0, r8)
pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0xaf1f, 0x80, 0x44, 0x1a8}, &(0x7f0000000100), &(0x7f00000000c0))
r9 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x1000, 0xfffffffe, 0x25}, &(0x7f00000003c0)=<r10=>0x0, &(0x7f0000000040)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1fc, 0x0, 0x1})
io_uring_enter(r9, 0x47fa, 0x0, 0x0, 0x0, 0x0)

4.36955795s ago: executing program 1 (id=1703):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000603000/0x3000)=nil, 0x3000, 0x0, 0x4, 0x1c0000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x20000, 0x2)

4.171913645s ago: executing program 1 (id=1705):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000940)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000240)='kmem_cache_free\x00', r0}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x1a, 0x5, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffc, 0x0, 0x19, '\x00', 0x0, 0x38}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000000)

3.996878848s ago: executing program 7 (id=1707):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="450a000000ff03ffc311a400100100001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xbb)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x37, 0x0, "4a8553ada03d7382480334deea90815d9df4fdd0840b387404d9b33a2e0b7cff541f02cc6a1482ebbd6d2732b0ed21c9ccedb3c51f9dc3d402810abe40b42c7c0352df734a8d3ea44b42da86129ca4f2"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f00000005c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}, 0x0, 0x0, 0x35, 0x0, "317f83735b4bb1eadc74dde27798c831eec04c24eeec7ff3d3137a508003d2d5c89ab0220cefebd4687636457b9822766c1bfea4e01ff23c6a4caeaf049a572a9774d3b882eb3b4a66c5ec48c29f065d"}, 0xd8)
setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback, 0x7fff}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(0xffffffffffffffff, 0x1)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)

3.251608357s ago: executing program 6 (id=1715):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x130)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12)

3.169806983s ago: executing program 1 (id=1716):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001ec0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x2000)
ioctl$SG_GET_VERSION_NUM(r1, 0x2284, &(0x7f0000000080))

3.066099949s ago: executing program 7 (id=1717):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x5, 0x0, 0x0, 0x286ca06bbee933dc, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7030000ec"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4c, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r4}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000008000000"], 0x48)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15)
remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400d00, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x1, 0x20}, 0xc)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

2.779720502s ago: executing program 2 (id=1718):
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000008c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
getresuid(0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unshare(0x40000000)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c)

2.61504439s ago: executing program 1 (id=1719):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000500)="10030600e0fc020004004788aa96a13bb1000011000a7389f252ae0dba4c807fca1a0022afc0d5071a204bd31870", 0x2e, 0x40800, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)

2.332379152s ago: executing program 1 (id=1720):
pipe(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0xd0fb1000)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = epoll_create1(0x0)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000000)={0x90000001})

2.215949834s ago: executing program 5 (id=1721):
syz_emit_ethernet(0x7a, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd60ff040000442f00fc000000000000000000000000000000fe8000000000000000000000000000aa"], 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16, @ANYBLOB="010000000000000000000c00000018000180140002006261746164765f736c6176655f310000600003805c000380"], 0x8c}}, 0x0)

1.974736382s ago: executing program 5 (id=1722):
socket$inet6_sctp(0xa, 0x801, 0x84)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r2, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x10, &(0x7f0000002e00), 0x0, 0x0, 0xa0, 0x8, 0x0, 0x0}}, 0x10)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r2, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

1.752579309s ago: executing program 2 (id=1723):
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000001fee)='R\x10rust\xe3cusg\x91\xdedH\xe5+\xf0', 0xffffffffffffffff)

1.595922708s ago: executing program 5 (id=1724):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000007000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

1.491948123s ago: executing program 2 (id=1725):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009c0000000b"], 0x50)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='sys_enter\x00', r1}, 0x18)
syz_pidfd_open(0x0, 0x0)
timer_create(0x2, 0x0, &(0x7f0000000600)=<r2=>0x0)
timer_gettime(r2, &(0x7f0000000340))

1.342245537s ago: executing program 5 (id=1726):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

777.063789ms ago: executing program 7 (id=1727):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x6, &(0x7f0000000300)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x0, r0, 0x0, 0x0, 0x80000000}])
io_getevents(r1, 0x2, 0x2, &(0x7f0000001340)=[{}, {}], 0x0)
io_destroy(r1)

700.020889ms ago: executing program 2 (id=1728):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x18)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

443.880422ms ago: executing program 5 (id=1729):
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb8af}, 0xa5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000600)='kfree\x00', r0}, 0x18)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)

443.651867ms ago: executing program 7 (id=1730):
r0 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)
sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f0000000140)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
shutdown(r1, 0x1)
recvfrom(r1, &(0x7f0000000000)=""/116, 0xffffffdd, 0x734, 0x0, 0x0)
getpgrp(0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1a, 0x3, 0x0, &(0x7f0000000240)='GPL\x00', 0x4, 0x100d, &(0x7f0000002500)=""/4109, 0x0, 0xc}, 0x94)
keyctl$chown(0x4, 0x0, 0xee00, 0x0)
getdents(r2, 0xffffffffffffffff, 0x5a)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
fchdir(0xffffffffffffffff)

398.640675ms ago: executing program 2 (id=1731):
creat(&(0x7f00000000c0)='./file0\x00', 0xce)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2004000, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x6b}})

242.092364ms ago: executing program 1 (id=1732):
syz_emit_ethernet(0x7a, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd60ff040000442f00fc000000000000000000000000000000fe8000000000000000000000000000aa"], 0x0)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r0, @ANYBLOB="010000000000000000000c00000018000180140002006261746164765f736c6176655f310000600003805c000380"], 0x8c}}, 0x0)

241.774792ms ago: executing program 7 (id=1733):
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x20000, 0x2)

131.590926ms ago: executing program 5 (id=1734):
r0 = socket$inet(0x2, 0x80001, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000140)=[@in={0x2, 0x4e28, @initdev={0xac, 0x1e, 0x4, 0x0}}]}, &(0x7f0000000540)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000240)=@assoc_value={<r2=>0x0}, &(0x7f0000000300)=0x8)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x74, &(0x7f0000000200)={r2, 0xfffe, 0x20}, &(0x7f00000001c0)=0x18)

75.761511ms ago: executing program 7 (id=1735):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0xba)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000440), r2)
socket$inet6(0xa, 0x80002, 0x88)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x7}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r6=>0x0)
preadv(r1, &(0x7f0000000040)=[{&(0x7f0000000580)=""/109, 0x6d}, {0x0}], 0x2, 0xa, 0xfffffff9)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r6], 0x1c}}, 0x44)

0s ago: executing program 2 (id=1736):
socket$packet(0x11, 0xa, 0x300)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e20, @multicast2}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c"], &(0x7f0000000100)='GPL\x00'}, 0x94)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r4=>0x0})
bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @remote}, 0x14)
syz_emit_ethernet(0x102, &(0x7f0000000840)=ANY=[], 0x0)

kernel console output (not intermixed with test programs):

88] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  629.702182][   T24] usb 6-1: config 0 has no interfaces?
[  629.716166][   T24] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  629.730357][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.739828][   T24] usb 6-1: Product: syz
[  629.744065][   T24] usb 6-1: Manufacturer: syz
[  629.749055][   T24] usb 6-1: SerialNumber: syz
[  629.811173][T10256] usb 5-1: USB disconnect, device number 24
[  629.828004][   T24] usb 6-1: config 0 descriptor??
[  630.528137][   T24] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  630.765302][T10259] usb 6-1: USB disconnect, device number 22
[  630.885383][   T24] usb 3-1: Using ep0 maxpacket: 8
[  630.913340][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  630.947976][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  631.046202][   T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  631.380239][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  631.455425][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  631.488947][   T24] usb 3-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=14.a8
[  631.519346][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  631.538027][   T24] usb 3-1: Product: syz
[  631.546626][   T24] usb 3-1: Manufacturer: syz
[  631.591146][   T24] usb 3-1: SerialNumber: syz
[  631.621140][   T24] usb 3-1: config 0 descriptor??
[  631.689800][   T24] redrat3 3-1:0.0: Couldn't find all endpoints
[  631.829149][T10846] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[  631.911581][T10846] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1319'.
[  633.029014][ T9138] usb 3-1: USB disconnect, device number 29
[  633.441624][T10859] 9pnet: Could not find request transport: tct��rt=0x00000
[  634.599669][T10880] FAULT_INJECTION: forcing a failure.
[  634.599669][T10880] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  634.614845][T10878] dummy0 speed is unknown, defaulting to 1000
[  634.626924][T10880] CPU: 1 UID: 0 PID: 10880 Comm: syz.4.1328 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  634.626954][T10880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  634.626964][T10880] Call Trace:
[  634.626971][T10880]  <TASK>
[  634.626980][T10880]  dump_stack_lvl+0x189/0x250
[  634.627017][T10880]  ? __pfx____ratelimit+0x10/0x10
[  634.627042][T10880]  ? __pfx_dump_stack_lvl+0x10/0x10
[  634.627062][T10880]  ? __pfx__printk+0x10/0x10
[  634.627091][T10880]  should_fail_ex+0x414/0x560
[  634.627115][T10880]  strncpy_from_user+0x36/0x290
[  634.627136][T10880]  getname_flags+0xf3/0x540
[  634.627162][T10880]  __x64_sys_renameat2+0xba/0xe0
[  634.627186][T10880]  do_syscall_64+0xfa/0x3b0
[  634.627207][T10880]  ? lockdep_hardirqs_on+0x9c/0x150
[  634.627230][T10880]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.627246][T10880]  ? clear_bhb_loop+0x60/0xb0
[  634.627266][T10880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.627298][T10880] RIP: 0033:0x7f38e5b8e929
[  634.627315][T10880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  634.627329][T10880] RSP: 002b:00007f38e69a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  634.627351][T10880] RAX: ffffffffffffffda RBX: 00007f38e5db5fa0 RCX: 00007f38e5b8e929
[  634.627364][T10880] RDX: 0000000000000003 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  634.627375][T10880] RBP: 00007f38e69a5090 R08: 0000000000000001 R09: 0000000000000000
[  634.627386][T10880] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  634.627397][T10880] R13: 0000000000000000 R14: 00007f38e5db5fa0 R15: 00007ffe3ced18f8
[  634.627422][T10880]  </TASK>
[  634.796203][T10217] usb 3-1: new low-speed USB device number 30 using dummy_hcd
[  634.945261][ T9138] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  634.963594][T10217] usb 3-1: config 0 has no interfaces?
[  634.986545][T10217] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  635.024360][T10217] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  635.054274][T10217] usb 3-1: config 0 descriptor??
[  635.169722][ T9138] usb 6-1: config 0 has no interfaces?
[  635.178195][ T9138] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  635.187249][ T9138] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.197046][ T9138] usb 6-1: Product: syz
[  635.202055][ T9138] usb 6-1: Manufacturer: syz
[  635.209273][ T9138] usb 6-1: SerialNumber: syz
[  635.220771][T10885] netlink: 260 bytes leftover after parsing attributes in process `syz.4.1329'.
[  635.246695][ T9138] usb 6-1: config 0 descriptor??
[  635.302111][T10875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  635.314744][T10875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  635.500077][   T24] usb 3-1: USB disconnect, device number 30
[  635.756632][ T9138] usb 6-1: USB disconnect, device number 23
[  636.836303][T10904] 9pnet: Could not find request transport: tct��rt=0x00000
[  637.401548][T10910] overlayfs: missing 'lowerdir'
[  638.397150][ T5830] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  638.408188][ T5830] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  638.424099][ T5830] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  638.437947][ T5830] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  638.450776][ T5830] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  638.849049][T10919] dummy0 speed is unknown, defaulting to 1000
[  638.958249][ T5910] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  639.783660][ T5910] usb 3-1: Using ep0 maxpacket: 8
[  640.171237][T10936] dummy0 speed is unknown, defaulting to 1000
[  640.322031][T10919] chnl_net:caif_netlink_parms(): no params data found
[  640.328482][ T9138] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  640.347914][T10217] usb 5-1: new low-speed USB device number 25 using dummy_hcd
[  640.388560][ T5910] usb 3-1: device descriptor read/all, error -71
[  640.508617][ T5830] Bluetooth: hci6: command tx timeout
[  640.527956][T10217] usb 5-1: config 0 has no interfaces?
[  640.536600][T10217] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  640.555799][ T9138] usb 2-1: config 0 has no interfaces?
[  640.564917][T10217] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.576166][ T9138] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  640.588950][T10217] usb 5-1: config 0 descriptor??
[  640.597108][ T9138] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  640.605637][ T9138] usb 2-1: Product: syz
[  640.612228][ T9138] usb 2-1: Manufacturer: syz
[  640.618468][ T9138] usb 2-1: SerialNumber: syz
[  640.627239][ T9138] usb 2-1: config 0 descriptor??
[  640.819180][T10940] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  640.835506][T10940] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  640.945799][T10952] FAULT_INJECTION: forcing a failure.
[  640.945799][T10952] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  641.006342][T10952] CPU: 0 UID: 0 PID: 10952 Comm: syz.2.1344 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  641.006383][T10952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  641.006394][T10952] Call Trace:
[  641.006405][T10952]  <TASK>
[  641.006414][T10952]  dump_stack_lvl+0x189/0x250
[  641.006451][T10952]  ? __pfx____ratelimit+0x10/0x10
[  641.006476][T10952]  ? __pfx_dump_stack_lvl+0x10/0x10
[  641.006495][T10952]  ? __pfx__printk+0x10/0x10
[  641.006521][T10952]  should_fail_ex+0x414/0x560
[  641.006548][T10952]  _copy_to_user+0x31/0xb0
[  641.006574][T10952]  video_usercopy+0xeb2/0x14f0
[  641.006603][T10952]  ? __pfx_subdev_do_ioctl_lock+0x10/0x10
[  641.006622][T10952]  ? __pfx_video_usercopy+0x10/0x10
[  641.006637][T10952]  ? smack_file_ioctl+0x2a9/0x340
[  641.006670][T10952]  ? __fget_files+0x2a/0x420
[  641.006689][T10952]  ? __fget_files+0x3a0/0x420
[  641.006709][T10952]  v4l2_ioctl+0x18a/0x1e0
[  641.006733][T10952]  ? __pfx_v4l2_ioctl+0x10/0x10
[  641.006754][T10952]  __se_sys_ioctl+0xf9/0x170
[  641.006772][T10952]  do_syscall_64+0xfa/0x3b0
[  641.006792][T10952]  ? lockdep_hardirqs_on+0x9c/0x150
[  641.006812][T10952]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  641.006827][T10952]  ? clear_bhb_loop+0x60/0xb0
[  641.006845][T10952]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  641.006859][T10952] RIP: 0033:0x7fd92bf8e929
[  641.006901][T10952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  641.006917][T10952] RSP: 002b:00007fd92cd65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  641.006938][T10952] RAX: ffffffffffffffda RBX: 00007fd92c1b5fa0 RCX: 00007fd92bf8e929
[  641.006949][T10952] RDX: 0000200000000000 RSI: 00000000c008561c RDI: 0000000000000003
[  641.006959][T10952] RBP: 00007fd92cd65090 R08: 0000000000000000 R09: 0000000000000000
[  641.006968][T10952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  641.006977][T10952] R13: 0000000000000000 R14: 00007fd92c1b5fa0 R15: 00007ffefa32b2e8
[  641.007003][T10952]  </TASK>
[  641.028017][T10259] usb 5-1: USB disconnect, device number 25
[  641.102542][T10919] bridge0: port 1(bridge_slave_0) entered blocking state
[  641.235700][T10919] bridge0: port 1(bridge_slave_0) entered disabled state
[  641.243921][T10919] bridge_slave_0: entered allmulticast mode
[  641.253111][T10919] bridge_slave_0: entered promiscuous mode
[  641.265508][T10919] bridge0: port 2(bridge_slave_1) entered blocking state
[  641.277499][T10919] bridge0: port 2(bridge_slave_1) entered disabled state
[  641.288101][T10919] bridge_slave_1: entered allmulticast mode
[  641.296519][T10919] bridge_slave_1: entered promiscuous mode
[  641.455478][T10919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  641.457685][T10956] 9pnet: Could not find request transport: tct��rt=0x00000
[  641.506020][T10919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  641.655096][T10256] usb 2-1: USB disconnect, device number 43
[  641.831599][T10963] netlink: 'syz.4.1346': attribute type 1 has an invalid length.
[  641.839932][T10963] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1346'.
[  641.960850][T10965] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1346'.
[  642.598672][ T5830] Bluetooth: hci6: command tx timeout
[  643.154583][T10919] team0: Port device team_slave_0 added
[  644.163843][T10919] team0: Port device team_slave_1 added
[  644.669842][   T51] Bluetooth: hci6: command tx timeout
[  645.125772][T10919] batman_adv: batadv0: Adding interface: batadv_slave_0
[  645.147588][T10919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  645.218372][T10919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  645.281015][T10919] batman_adv: batadv0: Adding interface: batadv_slave_1
[  645.305692][T10919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  645.355551][T10994] 9pnet: Could not find request transport: tct��rt=0x00000
[  645.413895][T10919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  645.638081][T10214] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  645.705250][T10919] hsr_slave_0: entered promiscuous mode
[  645.830292][T10214] usb 3-1: Using ep0 maxpacket: 8
[  645.855729][T11002] FAULT_INJECTION: forcing a failure.
[  645.855729][T11002] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  645.870940][T11002] CPU: 0 UID: 0 PID: 11002 Comm: syz.4.1358 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  645.870973][T11002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  645.870983][T11002] Call Trace:
[  645.870993][T11002]  <TASK>
[  645.871002][T11002]  dump_stack_lvl+0x189/0x250
[  645.871040][T11002]  ? irqentry_exit+0x74/0x90
[  645.871065][T11002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  645.871103][T11002]  should_fail_ex+0x414/0x560
[  645.871126][T11002]  _copy_from_user+0x2d/0xb0
[  645.871151][T11002]  memdup_user+0x5e/0xd0
[  645.871177][T11002]  sctp_getsockopt_connectx3+0x1cc/0x440
[  645.871204][T11002]  ? lockdep_hardirqs_on+0x9c/0x150
[  645.871223][T11002]  ? __pfx_sctp_getsockopt_connectx3+0x10/0x10
[  645.871255][T11002]  ? sctp_getsockopt+0x979/0xb60
[  645.871278][T11002]  sctp_getsockopt+0x98a/0xb60
[  645.871300][T11002]  do_sock_getsockopt+0x360/0x650
[  645.871324][T11002]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  645.871353][T11002]  __x64_sys_getsockopt+0x1a5/0x250
[  645.871378][T11002]  do_syscall_64+0xfa/0x3b0
[  645.871400][T11002]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.871417][T11002]  ? asm_sysvec_call_function_single+0x1a/0x20
[  645.871426][T10919] hsr_slave_1: entered promiscuous mode
[  645.871433][T11002]  ? clear_bhb_loop+0x60/0xb0
[  645.871470][T11002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.871484][T11002] RIP: 0033:0x7f38e5b8e929
[  645.871500][T11002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  645.871514][T11002] RSP: 002b:00007f38e6984038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  645.871535][T11002] RAX: ffffffffffffffda RBX: 00007f38e5db6080 RCX: 00007f38e5b8e929
[  645.871550][T11002] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000006
[  645.871562][T11002] RBP: 00007f38e6984090 R08: 0000200000000140 R09: 0000000000000000
[  645.871573][T11002] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  645.871585][T11002] R13: 0000000000000000 R14: 00007f38e5db6080 R15: 00007ffe3ced18f8
[  645.871614][T11002]  </TASK>
[  645.905497][T10214] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  646.179149][T10214] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  646.191656][T10214] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  646.203869][T10214] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  646.214286][T10214] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  646.218240][T10259] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  646.482417][T10919] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  646.490979][T10214] usb 3-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=14.a8
[  646.556761][T10919] Cannot create hsr debugfs directory
[  646.567837][T10214] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.575974][T10214] usb 3-1: Product: syz
[  646.586168][T10214] usb 3-1: Manufacturer: syz
[  646.596366][T10214] usb 3-1: SerialNumber: syz
[  646.648912][T10214] usb 3-1: config 0 descriptor??
[  646.699306][T10259] usb 6-1: config 0 has no interfaces?
[  646.725226][T10259] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  646.736461][T10214] redrat3 3-1:0.0: Couldn't find all endpoints
[  646.748169][   T51] Bluetooth: hci6: command tx timeout
[  646.756093][T10259] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.781797][T10259] usb 6-1: Product: syz
[  646.786071][T10259] usb 6-1: Manufacturer: syz
[  646.791475][T10259] usb 6-1: SerialNumber: syz
[  646.803732][T10259] usb 6-1: config 0 descriptor??
[  647.662632][T11001] dummy0 speed is unknown, defaulting to 1000
[  647.851710][T11012] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1361'.
[  647.919201][T11012] 8021q: adding VLAN 0 to HW filter on device team1
[  647.933917][T11010] dummy0 speed is unknown, defaulting to 1000
[  647.995183][T10259] usb 3-1: USB disconnect, device number 33
[  648.440230][T10919] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  648.473162][T10919] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  648.503191][T10919] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  648.584552][T10919] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  648.636021][T10214] usb 6-1: USB disconnect, device number 24
[  649.133359][   T30] kauditd_printk_skb: 39 callbacks suppressed
[  649.133394][   T30] audit: type=1400 audit(1751048636.571:689): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="]-{" object="_" requested=w pid=11025 comm="syz.4.1365" daddr=fe80::aa dest=20002
[  649.262336][T11035] 9pnet: Could not find request transport: tct��rt=0x00000
[  650.623289][T11051] FAULT_INJECTION: forcing a failure.
[  650.623289][T11051] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  650.915868][T11051] CPU: 0 UID: 0 PID: 11051 Comm: syz.2.1370 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  650.915905][T11051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  650.915918][T11051] Call Trace:
[  650.915928][T11051]  <TASK>
[  650.915939][T11051]  dump_stack_lvl+0x189/0x250
[  650.915972][T11051]  ? __pfx____ratelimit+0x10/0x10
[  650.915997][T11051]  ? __pfx_dump_stack_lvl+0x10/0x10
[  650.916020][T11051]  ? __pfx__printk+0x10/0x10
[  650.916053][T11051]  should_fail_ex+0x414/0x560
[  650.916081][T11051]  __kvm_read_guest_page+0x18d/0x240
[  650.916113][T11051]  kvm_fetch_guest_virt+0x12b/0x170
[  650.916146][T11051]  ? __pfx_kvm_fetch_guest_virt+0x10/0x10
[  650.916166][T11051]  __do_insn_fetch_bytes+0x2f9/0x6d0
[  650.916197][T11051]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  650.916221][T11051]  ? x86_decode_insn+0x41c1/0x5310
[  650.916258][T11051]  x86_decode_insn+0x33c/0x5310
[  650.916301][T11051]  ? __pfx_x86_decode_insn+0x10/0x10
[  650.916334][T11051]  ? __pfx_x86_decode_insn+0x10/0x10
[  650.916370][T11051]  ? __asan_memset+0x22/0x50
[  650.916390][T11051]  ? init_decode_cache+0x78/0x90
[  650.916413][T11051]  ? init_emulate_ctxt+0x4d6/0x660
[  650.916440][T11051]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  650.916460][T11051]  ? x86_emulate_instruction+0xa9b/0x1ef0
[  650.916494][T11051]  x86_emulate_instruction+0x60a/0x1ef0
[  650.916519][T11051]  ? vcpu_match_mmio_gen+0xe2/0x200
[  650.916545][T11051]  ? handle_mmio_page_fault+0x124/0xe60
[  650.916567][T11051]  ? vmx_vcpu_run+0xd8b/0x25d0
[  650.916594][T11051]  ? __pfx_x86_emulate_instruction+0x10/0x10
[  650.916617][T11051]  ? __pfx_handle_mmio_page_fault+0x10/0x10
[  650.916636][T11051]  ? vmx_vcpu_run+0x162e/0x25d0
[  650.916677][T11051]  kvm_mmu_page_fault+0x91a/0xb70
[  650.916708][T11051]  vmx_handle_exit+0x10be/0x18a0
[  650.916735][T11051]  ? vcpu_run+0x361c/0x6f70
[  650.916766][T11051]  vcpu_run+0x432e/0x6f70
[  650.916804][T11051]  ? vcpu_run+0x361c/0x6f70
[  650.916872][T11051]  ? __pfx_vcpu_run+0x10/0x10
[  650.916889][T11051]  ? __pfx_x86_emulate_instruction+0x10/0x10
[  650.916912][T11051]  ? complete_emulated_mmio+0x18e/0x7a0
[  650.916936][T11051]  ? __asan_memcpy+0x40/0x70
[  650.916955][T11051]  ? complete_emulated_mmio+0x4d2/0x7a0
[  650.916988][T11051]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  650.917019][T11051]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  650.917036][T11051]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  650.917059][T11051]  ? rcu_is_watching+0x15/0xb0
[  650.917083][T11051]  ? trace_contention_end+0x39/0x120
[  650.917101][T11051]  ? __mutex_lock+0x330/0xe80
[  650.917135][T11051]  ? kasan_quarantine_put+0xdd/0x220
[  650.917159][T11051]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  650.917179][T11051]  ? __pfx___mutex_lock+0x10/0x10
[  650.917202][T11051]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  650.917226][T11051]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  650.917246][T11051]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  650.917275][T11051]  kvm_vcpu_ioctl+0x95c/0xe90
[  650.917299][T11051]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  650.917320][T11051]  ? __lock_acquire+0xab9/0xd20
[  650.917347][T11051]  ? __asan_memset+0x22/0x50
[  650.917363][T11051]  ? smack_file_ioctl+0x302/0x340
[  650.917384][T11051]  ? __pfx_smack_file_ioctl+0x10/0x10
[  650.917414][T11051]  ? __fget_files+0x2a/0x420
[  650.917435][T11051]  ? __fget_files+0x3a0/0x420
[  650.917455][T11051]  ? __fget_files+0x2a/0x420
[  650.917480][T11051]  ? bpf_lsm_file_ioctl+0x9/0x20
[  650.917504][T11051]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  650.917528][T11051]  __se_sys_ioctl+0xf9/0x170
[  650.917550][T11051]  do_syscall_64+0xfa/0x3b0
[  650.917573][T11051]  ? lockdep_hardirqs_on+0x9c/0x150
[  650.917595][T11051]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.917612][T11051]  ? clear_bhb_loop+0x60/0xb0
[  650.917633][T11051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.917651][T11051] RIP: 0033:0x7fd92bf8e929
[  650.917668][T11051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  650.917683][T11051] RSP: 002b:00007fd92cd65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  650.917704][T11051] RAX: ffffffffffffffda RBX: 00007fd92c1b5fa0 RCX: 00007fd92bf8e929
[  650.917717][T11051] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  650.917728][T11051] RBP: 00007fd92cd65090 R08: 0000000000000000 R09: 0000000000000000
[  650.917739][T11051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  650.917750][T11051] R13: 0000000000000000 R14: 00007fd92c1b5fa0 R15: 00007ffefa32b2e8
[  650.917774][T11051]  </TASK>
[  651.402802][T10919] 8021q: adding VLAN 0 to HW filter on device bond0
[  651.429549][T10919] 8021q: adding VLAN 0 to HW filter on device team0
[  651.505062][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state
[  651.512493][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  651.623919][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state
[  651.631227][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  651.794282][T10919] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  651.805616][T10919] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  651.845809][T11057] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1371'.
[  653.364997][T11064] dummy0 speed is unknown, defaulting to 1000
[  653.372019][T10214] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  653.442799][T11071] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1374'.
[  653.492232][T11071] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1374'.
[  653.787965][T10214] usb 3-1: config 0 has no interfaces?
[  653.804674][T10214] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  653.823705][T10214] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  653.841371][T10214] usb 3-1: Product: syz
[  653.845902][T10214] usb 3-1: Manufacturer: syz
[  653.860231][T10214] usb 3-1: SerialNumber: syz
[  653.924680][T10214] usb 3-1: config 0 descriptor??
[  654.022898][T10919] 8021q: adding VLAN 0 to HW filter on device batadv0
[  654.663317][T11092] 9pnet: Could not find request transport: tct��rt=0x00000
[  654.696355][T10919] veth0_vlan: entered promiscuous mode
[  654.726120][T10919] veth1_vlan: entered promiscuous mode
[  654.776836][T10260] usb 3-1: USB disconnect, device number 34
[  655.129399][T11101] FAULT_INJECTION: forcing a failure.
[  655.129399][T11101] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  655.144148][T11101] CPU: 0 UID: 0 PID: 11101 Comm: syz.5.1381 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  655.144180][T11101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  655.144192][T11101] Call Trace:
[  655.144200][T11101]  <TASK>
[  655.144208][T11101]  dump_stack_lvl+0x189/0x250
[  655.144246][T11101]  ? __pfx____ratelimit+0x10/0x10
[  655.144277][T11101]  ? __pfx_dump_stack_lvl+0x10/0x10
[  655.144299][T11101]  ? __pfx__printk+0x10/0x10
[  655.144317][T11101]  ? __might_fault+0xb0/0x130
[  655.144349][T11101]  should_fail_ex+0x414/0x560
[  655.144376][T11101]  _copy_from_iter+0x1db/0x16f0
[  655.144403][T11101]  ? rcu_is_watching+0x15/0xb0
[  655.144429][T11101]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  655.144451][T11101]  ? __pfx__copy_from_iter+0x10/0x10
[  655.144475][T11101]  ? __build_skb_around+0x257/0x3e0
[  655.144496][T11101]  ? netlink_sendmsg+0x642/0xb30
[  655.144513][T11101]  ? skb_put+0x11b/0x210
[  655.144533][T11101]  netlink_sendmsg+0x6b2/0xb30
[  655.144561][T11101]  ? __pfx_netlink_sendmsg+0x10/0x10
[  655.144586][T11101]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  655.144605][T11101]  ? __pfx_netlink_sendmsg+0x10/0x10
[  655.144624][T11101]  __sock_sendmsg+0x21c/0x270
[  655.144650][T11101]  ____sys_sendmsg+0x505/0x830
[  655.144677][T11101]  ? __pfx_____sys_sendmsg+0x10/0x10
[  655.144706][T11101]  ? import_iovec+0x74/0xa0
[  655.144733][T11101]  ___sys_sendmsg+0x21f/0x2a0
[  655.144755][T11101]  ? __pfx____sys_sendmsg+0x10/0x10
[  655.144801][T11101]  ? rcu_read_lock_any_held+0xb3/0x120
[  655.144837][T11101]  ? sb_end_write+0xe9/0x1c0
[  655.144871][T11101]  ? __pfx_vfs_write+0x10/0x10
[  655.144895][T11101]  __x64_sys_sendmsg+0x19b/0x260
[  655.144916][T11101]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  655.144943][T11101]  ? __pfx_ksys_write+0x10/0x10
[  655.144959][T11101]  ? rcu_is_watching+0x15/0xb0
[  655.144986][T11101]  ? do_syscall_64+0xbe/0x3b0
[  655.145012][T11101]  do_syscall_64+0xfa/0x3b0
[  655.145033][T11101]  ? lockdep_hardirqs_on+0x9c/0x150
[  655.145056][T11101]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.145072][T11101]  ? clear_bhb_loop+0x60/0xb0
[  655.145094][T11101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.145111][T11101] RIP: 0033:0x7f558fd8e929
[  655.145130][T11101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  655.145146][T11101] RSP: 002b:00007f5590c0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  655.145168][T11101] RAX: ffffffffffffffda RBX: 00007f558ffb5fa0 RCX: 00007f558fd8e929
[  655.145182][T11101] RDX: 0000000000000004 RSI: 0000200000001540 RDI: 0000000000000004
[  655.145193][T11101] RBP: 00007f5590c0e090 R08: 0000000000000000 R09: 0000000000000000
[  655.145204][T11101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  655.145215][T11101] R13: 0000000000000000 R14: 00007f558ffb5fa0 R15: 00007fffe566a0d8
[  655.145243][T11101]  </TASK>
[  655.431759][T10256] usb 5-1: new full-speed USB device number 26 using dummy_hcd
[  655.552758][T11097] tipc: Started in network mode
[  655.565586][T11097] tipc: Node identity 2, cluster identity 3142
[  655.597288][T11097] tipc: Node number set to 2
[  655.603848][T10256] usb 5-1: config 0 has an invalid interface number: 30 but max is 0
[  655.618088][T10256] usb 5-1: config 0 has no interface number 0
[  655.690143][T10256] usb 5-1: New USB device found, idVendor=06cd, idProduct=0109, bcdDevice=25.04
[  655.724254][T10919] veth0_macvtap: entered promiscuous mode
[  655.754605][T10256] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.813896][T10256] usb 5-1: Product: syz
[  655.827723][T10919] veth1_macvtap: entered promiscuous mode
[  655.828044][T10256] usb 5-1: Manufacturer: syz
[  655.849158][T10256] usb 5-1: SerialNumber: syz
[  655.886700][T10256] usb 5-1: config 0 descriptor??
[  655.892672][T10919] batman_adv: batadv0: Interface activated: batadv_slave_0
[  655.910495][T11103] FAULT_INJECTION: forcing a failure.
[  655.910495][T11103] name failslab, interval 1, probability 0, space 0, times 0
[  655.935513][T10256] hub 5-1:0.30: bad descriptor, ignoring hub
[  655.948154][T11103] CPU: 1 UID: 0 PID: 11103 Comm: syz.5.1382 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  655.948185][T11103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  655.948195][T11103] Call Trace:
[  655.948202][T11103]  <TASK>
[  655.948209][T11103]  dump_stack_lvl+0x189/0x250
[  655.948241][T11103]  ? __pfx____ratelimit+0x10/0x10
[  655.948261][T11103]  ? __pfx_dump_stack_lvl+0x10/0x10
[  655.948279][T11103]  ? __pfx__printk+0x10/0x10
[  655.948294][T11103]  ? __pfx___might_resched+0x10/0x10
[  655.948314][T11103]  ? fs_reclaim_acquire+0x7d/0x100
[  655.948339][T11103]  should_fail_ex+0x414/0x560
[  655.948362][T11103]  should_failslab+0xa8/0x100
[  655.948385][T11103]  kmem_cache_alloc_noprof+0x73/0x3c0
[  655.948405][T11103]  ? security_file_alloc+0x34/0x330
[  655.948426][T11103]  security_file_alloc+0x34/0x330
[  655.948442][T11103]  init_file+0x93/0x2f0
[  655.948471][T11103]  alloc_empty_file+0x6e/0x1d0
[  655.948490][T11103]  path_openat+0x107/0x3830
[  655.948504][T11103]  ? arch_stack_walk+0xfc/0x150
[  655.948545][T11103]  ? kasan_save_track+0x4f/0x80
[  655.948562][T11103]  ? kasan_save_track+0x3e/0x80
[  655.948576][T11103]  ? __kasan_slab_alloc+0x6c/0x80
[  655.948591][T11103]  ? getname_flags+0xb8/0x540
[  655.948611][T11103]  ? __pfx_path_openat+0x10/0x10
[  655.948623][T11103]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.948655][T11103]  do_filp_open+0x1fa/0x410
[  655.948667][T11103]  ? __lock_acquire+0xab9/0xd20
[  655.948687][T11103]  ? __pfx_do_filp_open+0x10/0x10
[  655.948714][T11103]  ? _raw_spin_unlock+0x28/0x50
[  655.948730][T11103]  ? alloc_fd+0x64c/0x6c0
[  655.948776][T11103]  do_sys_openat2+0x121/0x1c0
[  655.948801][T11103]  ? __pfx_do_sys_openat2+0x10/0x10
[  655.948823][T11103]  ? ksys_write+0x22a/0x250
[  655.948842][T11103]  ? __pfx_ksys_write+0x10/0x10
[  655.948858][T11103]  ? rcu_is_watching+0x15/0xb0
[  655.948882][T11103]  __x64_sys_openat+0x138/0x170
[  655.948908][T11103]  do_syscall_64+0xfa/0x3b0
[  655.948932][T11103]  ? lockdep_hardirqs_on+0x9c/0x150
[  655.948954][T11103]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.948971][T11103]  ? clear_bhb_loop+0x60/0xb0
[  655.948992][T11103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.949009][T11103] RIP: 0033:0x7f558fd8e929
[  655.949028][T11103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  655.949043][T11103] RSP: 002b:00007f5590c0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  655.949066][T11103] RAX: ffffffffffffffda RBX: 00007f558ffb5fa0 RCX: 00007f558fd8e929
[  655.949079][T11103] RDX: 0000000000105042 RSI: 0000200000000180 RDI: ffffffffffffff9c
[  655.949092][T11103] RBP: 00007f5590c0e090 R08: 0000000000000000 R09: 0000000000000000
[  655.949103][T11103] R10: 0000000000000189 R11: 0000000000000246 R12: 0000000000000001
[  655.949114][T11103] R13: 0000000000000000 R14: 00007f558ffb5fa0 R15: 00007fffe566a0d8
[  655.949143][T11103]  </TASK>
[  655.949461][T10256] hub 5-1:0.30: probe with driver hub failed with error -5
[  656.259133][T10919] batman_adv: batadv0: Interface activated: batadv_slave_1
[  656.289497][T10919] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  656.309933][T10919] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  656.347026][T10256] keyspan 5-1:0.30: Keyspan - (without firmware) converter detected
[  656.359275][T10919] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  656.372990][T10919] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  657.048544][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  657.057092][T11120] FAULT_INJECTION: forcing a failure.
[  657.057092][T11120] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  657.272802][T11120] CPU: 1 UID: 0 PID: 11120 Comm: syz.5.1387 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  657.272849][T11120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  657.272861][T11120] Call Trace:
[  657.272870][T11120]  <TASK>
[  657.272887][T11120]  dump_stack_lvl+0x189/0x250
[  657.272922][T11120]  ? __pfx____ratelimit+0x10/0x10
[  657.272947][T11120]  ? __pfx_dump_stack_lvl+0x10/0x10
[  657.272970][T11120]  ? __pfx__printk+0x10/0x10
[  657.272988][T11120]  ? __might_fault+0xb0/0x130
[  657.273019][T11120]  should_fail_ex+0x414/0x560
[  657.273046][T11120]  _copy_from_user+0x2d/0xb0
[  657.273072][T11120]  ___sys_recvmsg+0x12e/0x510
[  657.273100][T11120]  ? __pfx____sys_recvmsg+0x10/0x10
[  657.273152][T11120]  ? __might_fault+0xb0/0x130
[  657.273175][T11120]  do_recvmmsg+0x307/0x770
[  657.273203][T11120]  ? __pfx_do_recvmmsg+0x10/0x10
[  657.273236][T11120]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  657.273280][T11120]  __x64_sys_recvmmsg+0x190/0x240
[  657.273303][T11120]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  657.273329][T11120]  ? do_syscall_64+0xbe/0x3b0
[  657.273356][T11120]  do_syscall_64+0xfa/0x3b0
[  657.273378][T11120]  ? lockdep_hardirqs_on+0x9c/0x150
[  657.273399][T11120]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.273416][T11120]  ? clear_bhb_loop+0x60/0xb0
[  657.273439][T11120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.273456][T11120] RIP: 0033:0x7f558fd8e929
[  657.273472][T11120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  657.273488][T11120] RSP: 002b:00007f5590bed038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  657.273511][T11120] RAX: ffffffffffffffda RBX: 00007f558ffb6080 RCX: 00007f558fd8e929
[  657.273525][T11120] RDX: 0000000000000002 RSI: 0000200000000400 RDI: 0000000000000003
[  657.273536][T11120] RBP: 00007f5590bed090 R08: 0000000000000000 R09: 0000000000000000
[  657.273548][T11120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  657.273558][T11120] R13: 0000000000000001 R14: 00007f558ffb6080 R15: 00007fffe566a0d8
[  657.273587][T11120]  </TASK>
[  657.461097][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  657.568514][T11110] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  657.588431][T11110] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  657.627563][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  657.658162][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  657.929628][T10256] usb 5-1: USB disconnect, device number 26
[  657.940458][T10256] keyspan 5-1:0.30: device disconnected
[  658.122321][T11131] smk_cipso_doi:679 remove rc = -2
[  658.127631][T11131] smk_cipso_doi:692 cipso add rc = -17
[  658.995295][T11139] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1395'.
[  659.418141][T10256] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  659.618216][T10256] usb 5-1: Using ep0 maxpacket: 8
[  659.705708][T10256] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  659.787454][T10256] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.893212][T10256] usb 5-1: Product: syz
[  659.911952][T10256] usb 5-1: Manufacturer: syz
[  659.922045][T10256] usb 5-1: SerialNumber: syz
[  659.943773][T10256] usb 5-1: config 0 descriptor??
[  659.960022][T10256] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  659.973794][T10256] usb 5-1: setting power ON
[  659.985201][T10256] dvb-usb: bulk message failed: -22 (2/0)
[  659.998239][T10216] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  660.030159][T10256] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  660.074793][T10256] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  660.085463][T10256] usb 5-1: media controller created
[  660.177930][T10216] usb 7-1: Using ep0 maxpacket: 8
[  660.186909][T10256] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  660.209246][   T30] audit: type=1326 audit(1751048647.651:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11140 comm="syz.4.1396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e5b8e929 code=0x7ffc0000
[  660.273542][T10216] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  660.421810][T10216] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  660.435140][   T30] audit: type=1326 audit(1751048647.651:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11140 comm="syz.4.1396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f38e5b8e929 code=0x7ffc0000
[  660.458135][T10216] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  660.507224][T10256] usb 5-1: selecting invalid altsetting 6
[  660.511049][T10216] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  660.572239][   T30] audit: type=1326 audit(1751048647.651:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11140 comm="syz.4.1396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e5b8e929 code=0x7ffc0000
[  660.576539][T10256] usb 5-1: digital interface selection failed (-22)
[  660.595519][T10216] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  660.812572][T10216] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.821064][   T30] audit: type=1326 audit(1751048647.661:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11140 comm="syz.4.1396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e5b8e929 code=0x7ffc0000
[  660.826097][T10256] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  660.863109][T11155] 9pnet: Could not find request transport: tct��rt=0x00000
[  660.931932][T10256] usb 5-1: setting power OFF
[  660.940314][T10256] dvb-usb: bulk message failed: -22 (2/0)
[  660.954365][T10256] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  661.141386][T10256] (NULL device *): no alternate interface
[  661.166642][T11147] xt_hashlimit: size too large, truncated to 1048576
[  661.183747][T10216] usb 7-1: usb_control_msg returned -32
[  661.201754][T10216] usbtmc 7-1:16.0: can't read capabilities
[  661.320332][T10256] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  661.414938][T10256] usb 5-1: USB disconnect, device number 27
[  663.171636][T11177] smk_cipso_doi:679 remove rc = -2
[  663.177079][T11177] smk_cipso_doi:692 cipso add rc = -17
[  665.417598][T10256] usb 7-1: USB disconnect, device number 2
[  665.588539][T11186] netlink: 'syz.1.1410': attribute type 1 has an invalid length.
[  665.596526][T11186] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1410'.
[  665.703254][T11188] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1410'.
[  666.043349][T11189] netlink: 'syz.2.1409': attribute type 1 has an invalid length.
[  666.051889][T11189] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1409'.
[  666.274303][T11189] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1409'.
[  667.315740][T11205] erofs (device nullb0): cannot find valid erofs superblock
[  668.114235][T11204] 9pnet: Could not find request transport: tct��rt=0x00000
[  668.588058][T11216] kAFS: unable to lookup cell '.,'
[  670.374239][T11242] syz.6.1424: attempt to access beyond end of device
[  670.374239][T11242] loop6: rw=0, sector=16, nr_sectors = 2 limit=0
[  670.396086][T10259] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  670.890259][T11243] netlink: 'syz.2.1425': attribute type 1 has an invalid length.
[  670.898876][T11243] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1425'.
[  670.969772][T11243] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1425'.
[  671.589711][T10259] usb 6-1: device descriptor read/64, error -71
[  671.848235][T10259] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  671.998116][T10259] usb 6-1: device descriptor read/64, error -71
[  672.213546][T11250] netlink: 'syz.2.1427': attribute type 1 has an invalid length.
[  672.221965][T11250] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1427'.
[  672.303783][T11250] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1427'.
[  672.778552][T10259] usb usb6-port1: attempt power cycle
[  672.807360][T11254] kAFS: unable to lookup cell '.,'
[  672.960907][T11262] dummy0 speed is unknown, defaulting to 1000
[  672.996536][   T30] audit: type=1326 audit(1751048660.441:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11259 comm="syz.2.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  673.072851][   T30] audit: type=1326 audit(1751048660.441:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11259 comm="syz.2.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  673.120641][   T30] audit: type=1326 audit(1751048660.441:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11259 comm="syz.2.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  673.180882][   T30] audit: type=1326 audit(1751048660.441:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11259 comm="syz.2.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  673.300365][   T30] audit: type=1326 audit(1751048660.451:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11259 comm="syz.2.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  673.344040][   T30] audit: type=1326 audit(1751048660.451:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11259 comm="syz.2.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  673.429633][T10259] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  673.429759][   T30] audit: type=1326 audit(1751048660.451:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11259 comm="syz.2.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd92bf8d290 code=0x7ffc0000
[  673.504317][T10259] usb 6-1: config 0 has no interfaces?
[  673.510486][   T30] audit: type=1326 audit(1751048660.471:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11259 comm="syz.2.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  673.514724][T10259] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  673.542847][   T30] audit: type=1326 audit(1751048660.471:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11259 comm="syz.2.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  673.592329][T10259] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.627923][T10259] usb 6-1: Product: syz
[  673.632584][T10259] usb 6-1: Manufacturer: syz
[  673.642131][T10259] usb 6-1: SerialNumber: syz
[  673.901111][T10259] usb 6-1: config 0 descriptor??
[  673.931786][   T30] audit: type=1326 audit(1751048660.471:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11259 comm="syz.2.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  674.349239][T11282] netlink: 'syz.2.1437': attribute type 1 has an invalid length.
[  674.357712][T11282] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1437'.
[  674.472791][T11284] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1437'.
[  675.635341][T11290] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  675.684833][T10259] usb 6-1: USB disconnect, device number 27
[  675.733595][T11283] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1438'.
[  675.767446][T11283] tipc: Started in network mode
[  675.785410][T11283] tipc: Node identity aaaaaaaaaaaa, cluster identity 4711
[  675.821198][T11283] tipc: Enabled bearer <eth:syz_tun>, priority 10
[  675.868487][ T6026] Bluetooth: hci7: Frame reassembly failed (-84)
[  676.859254][T11298] FAULT_INJECTION: forcing a failure.
[  676.859254][T11298] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  676.895188][T11298] CPU: 1 UID: 0 PID: 11298 Comm: syz.5.1441 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  676.895224][T11298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  676.895232][T11298] Call Trace:
[  676.895238][T11298]  <TASK>
[  676.895244][T11298]  dump_stack_lvl+0x189/0x250
[  676.895269][T11298]  ? __pfx____ratelimit+0x10/0x10
[  676.895290][T11298]  ? __pfx_dump_stack_lvl+0x10/0x10
[  676.895310][T11298]  ? __pfx__printk+0x10/0x10
[  676.895327][T11298]  ? __might_fault+0xb0/0x130
[  676.895355][T11298]  should_fail_ex+0x414/0x560
[  676.895379][T11298]  _copy_from_iter+0x1db/0x16f0
[  676.895405][T11298]  ? rcu_is_watching+0x15/0xb0
[  676.895427][T11298]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  676.895447][T11298]  ? __pfx__copy_from_iter+0x10/0x10
[  676.895469][T11298]  ? __build_skb_around+0x257/0x3e0
[  676.895488][T11298]  ? netlink_sendmsg+0x642/0xb30
[  676.895503][T11298]  ? skb_put+0x11b/0x210
[  676.895522][T11298]  netlink_sendmsg+0x6b2/0xb30
[  676.895549][T11298]  ? __pfx_netlink_sendmsg+0x10/0x10
[  676.895574][T11298]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  676.895593][T11298]  ? __pfx_netlink_sendmsg+0x10/0x10
[  676.895612][T11298]  __sock_sendmsg+0x21c/0x270
[  676.895638][T11298]  ____sys_sendmsg+0x505/0x830
[  676.895663][T11298]  ? __pfx_____sys_sendmsg+0x10/0x10
[  676.895691][T11298]  ? import_iovec+0x74/0xa0
[  676.895718][T11298]  ___sys_sendmsg+0x21f/0x2a0
[  676.895740][T11298]  ? __pfx____sys_sendmsg+0x10/0x10
[  676.895795][T11298]  ? __fget_files+0x2a/0x420
[  676.895815][T11298]  ? __fget_files+0x3a0/0x420
[  676.895846][T11298]  __x64_sys_sendmsg+0x19b/0x260
[  676.895867][T11298]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  676.895894][T11298]  ? __pfx_ksys_write+0x10/0x10
[  676.895911][T11298]  ? rcu_is_watching+0x15/0xb0
[  676.895938][T11298]  ? do_syscall_64+0xbe/0x3b0
[  676.895961][T11298]  do_syscall_64+0xfa/0x3b0
[  676.895981][T11298]  ? lockdep_hardirqs_on+0x9c/0x150
[  676.896002][T11298]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.896018][T11298]  ? clear_bhb_loop+0x60/0xb0
[  676.896039][T11298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.896054][T11298] RIP: 0033:0x7f558fd8e929
[  676.896070][T11298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  676.896084][T11298] RSP: 002b:00007f5590c0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  676.896103][T11298] RAX: ffffffffffffffda RBX: 00007f558ffb5fa0 RCX: 00007f558fd8e929
[  676.896116][T11298] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000011
[  676.896128][T11298] RBP: 00007f5590c0e090 R08: 0000000000000000 R09: 0000000000000000
[  676.896138][T11298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  676.896149][T11298] R13: 0000000000000000 R14: 00007f558ffb5fa0 R15: 00007fffe566a0d8
[  676.896177][T11298]  </TASK>
[  677.197578][T10217] tipc: Node number set to 43690
[  677.883486][   T51] Bluetooth: hci7: Opcode 0x1003 failed: -110
[  679.081587][ T5830] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  679.107515][ T5830] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  679.130588][ T5830] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  679.148936][ T5830] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  679.156885][ T5830] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  679.492267][T11313] dummy0 speed is unknown, defaulting to 1000
[  680.135434][T11326] FAULT_INJECTION: forcing a failure.
[  680.135434][T11326] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  680.168497][T11326] CPU: 1 UID: 0 PID: 11326 Comm: syz.2.1451 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  680.168529][T11326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  680.168541][T11326] Call Trace:
[  680.168548][T11326]  <TASK>
[  680.168557][T11326]  dump_stack_lvl+0x189/0x250
[  680.168588][T11326]  ? __pfx____ratelimit+0x10/0x10
[  680.168614][T11326]  ? __pfx_dump_stack_lvl+0x10/0x10
[  680.168637][T11326]  ? __pfx__printk+0x10/0x10
[  680.168654][T11326]  ? __might_fault+0xb0/0x130
[  680.168687][T11326]  should_fail_ex+0x414/0x560
[  680.168712][T11326]  _copy_from_user+0x2d/0xb0
[  680.168738][T11326]  memdup_user+0x5e/0xd0
[  680.168764][T11326]  strndup_user+0x68/0xd0
[  680.168787][T11326]  __se_sys_mount+0x9c/0x410
[  680.168819][T11326]  ? ksys_write+0x22a/0x250
[  680.168841][T11326]  ? __pfx___se_sys_mount+0x10/0x10
[  680.168860][T11326]  ? rcu_is_watching+0x15/0xb0
[  680.168890][T11326]  ? do_syscall_64+0xbe/0x3b0
[  680.168912][T11326]  ? __x64_sys_mount+0x20/0xc0
[  680.168935][T11326]  do_syscall_64+0xfa/0x3b0
[  680.168956][T11326]  ? lockdep_hardirqs_on+0x9c/0x150
[  680.168980][T11326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.168997][T11326]  ? clear_bhb_loop+0x60/0xb0
[  680.169019][T11326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.169036][T11326] RIP: 0033:0x7fd92bf8e929
[  680.169053][T11326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.169068][T11326] RSP: 002b:00007fd92cd65038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  680.169089][T11326] RAX: ffffffffffffffda RBX: 00007fd92c1b5fa0 RCX: 00007fd92bf8e929
[  680.169101][T11326] RDX: 0000200000000040 RSI: 0000200000000380 RDI: 0000000000000000
[  680.169114][T11326] RBP: 00007fd92cd65090 R08: 0000200000000600 R09: 0000000000000000
[  680.169126][T11326] R10: 0000000000800048 R11: 0000000000000246 R12: 0000000000000001
[  680.169138][T11326] R13: 0000000000000000 R14: 00007fd92c1b5fa0 R15: 00007ffefa32b2e8
[  680.169167][T11326]  </TASK>
[  680.566498][T11313] chnl_net:caif_netlink_parms(): no params data found
[  681.266768][ T5830] Bluetooth: hci7: command tx timeout
[  681.467693][T11342] Device name cannot be null; rc = [-22]
[  681.766672][T11344] erofs (device nullb0): cannot find valid erofs superblock
[  681.886882][T11313] bridge0: port 1(bridge_slave_0) entered blocking state
[  681.928216][T11313] bridge0: port 1(bridge_slave_0) entered disabled state
[  682.124286][T11313] bridge_slave_0: entered allmulticast mode
[  682.133535][T11313] bridge_slave_0: entered promiscuous mode
[  682.143972][T11313] bridge0: port 2(bridge_slave_1) entered blocking state
[  682.151394][T11313] bridge0: port 2(bridge_slave_1) entered disabled state
[  682.160267][T11313] bridge_slave_1: entered allmulticast mode
[  682.169104][T11313] bridge_slave_1: entered promiscuous mode
[  683.314523][ T5830] Bluetooth: hci7: command tx timeout
[  683.422610][T11313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  683.456908][T11313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  683.611471][T11366] FAULT_INJECTION: forcing a failure.
[  683.611471][T11366] name failslab, interval 1, probability 0, space 0, times 0
[  683.693434][T11366] CPU: 0 UID: 0 PID: 11366 Comm: syz.5.1462 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  683.693474][T11366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  683.693486][T11366] Call Trace:
[  683.693497][T11366]  <TASK>
[  683.693508][T11366]  dump_stack_lvl+0x189/0x250
[  683.693550][T11366]  ? __pfx____ratelimit+0x10/0x10
[  683.693579][T11366]  ? __pfx_dump_stack_lvl+0x10/0x10
[  683.693603][T11366]  ? __pfx__printk+0x10/0x10
[  683.693627][T11366]  ? __pfx___might_resched+0x10/0x10
[  683.693657][T11366]  should_fail_ex+0x414/0x560
[  683.693686][T11366]  should_failslab+0xa8/0x100
[  683.693712][T11366]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  683.693737][T11366]  ? __alloc_skb+0x112/0x2d0
[  683.693761][T11366]  __alloc_skb+0x112/0x2d0
[  683.693783][T11366]  netlink_sendmsg+0x5c6/0xb30
[  683.693814][T11366]  ? __pfx_netlink_sendmsg+0x10/0x10
[  683.693841][T11366]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  683.693863][T11366]  ? __pfx_netlink_sendmsg+0x10/0x10
[  683.693883][T11366]  __sock_sendmsg+0x21c/0x270
[  683.693913][T11366]  ____sys_sendmsg+0x505/0x830
[  683.693939][T11366]  ? __pfx_____sys_sendmsg+0x10/0x10
[  683.693976][T11366]  ? import_iovec+0x74/0xa0
[  683.694007][T11366]  ___sys_sendmsg+0x21f/0x2a0
[  683.694029][T11366]  ? __pfx____sys_sendmsg+0x10/0x10
[  683.694085][T11366]  ? __fget_files+0x2a/0x420
[  683.694108][T11366]  ? __fget_files+0x3a0/0x420
[  683.694141][T11366]  __x64_sys_sendmsg+0x19b/0x260
[  683.694164][T11366]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  683.694195][T11366]  ? __pfx_ksys_write+0x10/0x10
[  683.694214][T11366]  ? rcu_is_watching+0x15/0xb0
[  683.694245][T11366]  ? do_syscall_64+0xbe/0x3b0
[  683.694273][T11366]  do_syscall_64+0xfa/0x3b0
[  683.694295][T11366]  ? lockdep_hardirqs_on+0x9c/0x150
[  683.694320][T11366]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.694339][T11366]  ? clear_bhb_loop+0x60/0xb0
[  683.694361][T11366]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.694379][T11366] RIP: 0033:0x7f558fd8e929
[  683.694400][T11366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  683.694418][T11366] RSP: 002b:00007f5590c0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  683.694444][T11366] RAX: ffffffffffffffda RBX: 00007f558ffb5fa0 RCX: 00007f558fd8e929
[  683.694458][T11366] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000004
[  683.694471][T11366] RBP: 00007f5590c0e090 R08: 0000000000000000 R09: 0000000000000000
[  683.694483][T11366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  683.694495][T11366] R13: 0000000000000000 R14: 00007f558ffb5fa0 R15: 00007fffe566a0d8
[  683.694524][T11366]  </TASK>
[  684.394298][T11373] hub 8-0:1.0: USB hub found
[  684.400859][T11373] hub 8-0:1.0: 1 port detected
[  685.387952][ T5830] Bluetooth: hci7: command tx timeout
[  685.696252][T11313] team0: Port device team_slave_0 added
[  685.817645][T11313] team0: Port device team_slave_1 added
[  686.000740][T11313] batman_adv: batadv0: Adding interface: batadv_slave_0
[  686.017083][T11313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  686.362405][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  686.456466][T11313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  686.568984][T11313] batman_adv: batadv0: Adding interface: batadv_slave_1
[  686.577196][T11313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  686.666586][T11313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  686.934456][T11395] 9pnet: Could not find request transport: tct��rt=0x00000
[  687.444728][T11313] hsr_slave_0: entered promiscuous mode
[  687.472601][ T5830] Bluetooth: hci7: command tx timeout
[  687.489565][T11313] hsr_slave_1: entered promiscuous mode
[  687.496380][T11313] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  687.724389][T11313] Cannot create hsr debugfs directory
[  688.458705][T11412] Bluetooth: MGMT ver 1.23
[  688.538324][T11404] vlan0: entered promiscuous mode
[  688.697319][T11416] FAULT_INJECTION: forcing a failure.
[  688.697319][T11416] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  688.710910][T11416] CPU: 0 UID: 0 PID: 11416 Comm: syz.2.1474 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  688.710940][T11416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  688.710948][T11416] Call Trace:
[  688.710958][T11416]  <TASK>
[  688.710967][T11416]  dump_stack_lvl+0x189/0x250
[  688.710991][T11416]  ? __pfx____ratelimit+0x10/0x10
[  688.711008][T11416]  ? __pfx_dump_stack_lvl+0x10/0x10
[  688.711021][T11416]  ? __pfx__printk+0x10/0x10
[  688.711031][T11416]  ? __might_fault+0xb0/0x130
[  688.711052][T11416]  should_fail_ex+0x414/0x560
[  688.711069][T11416]  _copy_from_iter+0x1db/0x16f0
[  688.711085][T11416]  ? rcu_is_watching+0x15/0xb0
[  688.711101][T11416]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  688.711115][T11416]  ? __pfx__copy_from_iter+0x10/0x10
[  688.711129][T11416]  ? __build_skb_around+0x257/0x3e0
[  688.711141][T11416]  ? netlink_sendmsg+0x642/0xb30
[  688.711152][T11416]  ? skb_put+0x11b/0x210
[  688.711165][T11416]  netlink_sendmsg+0x6b2/0xb30
[  688.711174][T11416]  ? lockdep_hardirqs_on+0x9c/0x150
[  688.711193][T11416]  ? __pfx_netlink_sendmsg+0x10/0x10
[  688.711205][T11416]  ? __pfx_bpf_lsm_socket_sendmsg+0x10/0x10
[  688.711219][T11416]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  688.711230][T11416]  ? __pfx_netlink_sendmsg+0x10/0x10
[  688.711241][T11416]  __sock_sendmsg+0x21c/0x270
[  688.711257][T11416]  ____sys_sendmsg+0x505/0x830
[  688.711273][T11416]  ? __pfx_____sys_sendmsg+0x10/0x10
[  688.711289][T11416]  ? import_iovec+0x74/0xa0
[  688.711304][T11416]  ___sys_sendmsg+0x21f/0x2a0
[  688.711316][T11416]  ? __pfx____sys_sendmsg+0x10/0x10
[  688.711354][T11416]  ? __fget_files+0x2a/0x420
[  688.711367][T11416]  ? __fget_files+0x3a0/0x420
[  688.711384][T11416]  __x64_sys_sendmsg+0x19b/0x260
[  688.711394][T11416]  ? schedule+0x165/0x360
[  688.711407][T11416]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  688.711428][T11416]  ? do_syscall_64+0xbe/0x3b0
[  688.711444][T11416]  do_syscall_64+0xfa/0x3b0
[  688.711458][T11416]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.711468][T11416]  ? asm_sysvec_call_function_single+0x1a/0x20
[  688.711478][T11416]  ? clear_bhb_loop+0x60/0xb0
[  688.711489][T11416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.711500][T11416] RIP: 0033:0x7fd92bf8e929
[  688.711511][T11416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  688.711521][T11416] RSP: 002b:00007fd92cd23038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  688.711534][T11416] RAX: ffffffffffffffda RBX: 00007fd92c1b6160 RCX: 00007fd92bf8e929
[  688.711541][T11416] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  688.711548][T11416] RBP: 00007fd92cd23090 R08: 0000000000000000 R09: 0000000000000000
[  688.711555][T11416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  688.711561][T11416] R13: 0000000000000000 R14: 00007fd92c1b6160 R15: 00007ffefa32b2e8
[  688.711577][T11416]  </TASK>
[  689.602784][T11418] erofs (device nullb0): cannot find valid erofs superblock
[  690.328058][T10214] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  690.478899][T10214] usb 2-1: Using ep0 maxpacket: 32
[  690.507715][T10214] usb 2-1: config 0 has an invalid interface number: 126 but max is 0
[  690.517079][T10214] usb 2-1: config 0 has no interface number 0
[  690.540365][T10214] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  690.560016][T10214] usb 2-1: config 0 interface 126 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  690.647969][T10214] usb 2-1: config 0 interface 126 has no altsetting 0
[  690.696925][T10214] usb 2-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  690.727148][T10214] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.739226][T10214] usb 2-1: Product: syz
[  690.743500][T10214] usb 2-1: Manufacturer: syz
[  690.749213][T10214] usb 2-1: SerialNumber: syz
[  690.769868][T10214] usb 2-1: config 0 descriptor??
[  690.780063][T11421] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  690.803910][T11313] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  690.832532][T11313] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  693.254912][T11313] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  693.323393][T11432] binder: 11431:11432 ioctl c018620c 200000000000 returned -1
[  693.388700][T11313] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  693.424577][T10214] ir_usb 2-1:0.126: required endpoints missing
[  693.482531][T10214] usb 2-1: USB disconnect, device number 44
[  693.583562][T11447] FAULT_INJECTION: forcing a failure.
[  693.583562][T11447] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  693.624494][T11447] CPU: 0 UID: 0 PID: 11447 Comm: syz.5.1481 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  693.624536][T11447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  693.624550][T11447] Call Trace:
[  693.624560][T11447]  <TASK>
[  693.624573][T11447]  dump_stack_lvl+0x189/0x250
[  693.624628][T11447]  ? __pfx____ratelimit+0x10/0x10
[  693.624659][T11447]  ? __pfx_dump_stack_lvl+0x10/0x10
[  693.624678][T11447]  ? __pfx__printk+0x10/0x10
[  693.624697][T11447]  ? __might_fault+0xb0/0x130
[  693.624729][T11447]  should_fail_ex+0x414/0x560
[  693.624752][T11447]  _copy_from_iter+0x1db/0x16f0
[  693.624777][T11447]  ? rcu_is_watching+0x15/0xb0
[  693.624805][T11447]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  693.624830][T11447]  ? __pfx__copy_from_iter+0x10/0x10
[  693.624855][T11447]  ? __build_skb_around+0x257/0x3e0
[  693.624881][T11447]  ? netlink_sendmsg+0x642/0xb30
[  693.624901][T11447]  ? skb_put+0x11b/0x210
[  693.624922][T11447]  netlink_sendmsg+0x6b2/0xb30
[  693.624949][T11447]  ? __pfx_netlink_sendmsg+0x10/0x10
[  693.624975][T11447]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  693.624998][T11447]  ? __pfx_netlink_sendmsg+0x10/0x10
[  693.625017][T11447]  __sock_sendmsg+0x21c/0x270
[  693.625058][T11447]  ____sys_sendmsg+0x505/0x830
[  693.625085][T11447]  ? __pfx_____sys_sendmsg+0x10/0x10
[  693.625114][T11447]  ? import_iovec+0x74/0xa0
[  693.625143][T11447]  ___sys_sendmsg+0x21f/0x2a0
[  693.625165][T11447]  ? __pfx____sys_sendmsg+0x10/0x10
[  693.625218][T11447]  ? __fget_files+0x2a/0x420
[  693.625238][T11447]  ? __fget_files+0x3a0/0x420
[  693.625270][T11447]  __x64_sys_sendmsg+0x19b/0x260
[  693.625292][T11447]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  693.625321][T11447]  ? __pfx_ksys_write+0x10/0x10
[  693.625339][T11447]  ? rcu_is_watching+0x15/0xb0
[  693.625367][T11447]  ? do_syscall_64+0xbe/0x3b0
[  693.625391][T11447]  do_syscall_64+0xfa/0x3b0
[  693.625414][T11447]  ? lockdep_hardirqs_on+0x9c/0x150
[  693.625438][T11447]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.625455][T11447]  ? clear_bhb_loop+0x60/0xb0
[  693.625477][T11447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.625495][T11447] RIP: 0033:0x7f558fd8e929
[  693.625513][T11447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  693.625529][T11447] RSP: 002b:00007f5590c0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  693.625551][T11447] RAX: ffffffffffffffda RBX: 00007f558ffb5fa0 RCX: 00007f558fd8e929
[  693.625565][T11447] RDX: 0000000000000840 RSI: 00002000000002c0 RDI: 0000000000000003
[  693.625577][T11447] RBP: 00007f5590c0e090 R08: 0000000000000000 R09: 0000000000000000
[  693.625587][T11447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  693.625597][T11447] R13: 0000000000000000 R14: 00007f558ffb5fa0 R15: 00007fffe566a0d8
[  693.625621][T11447]  </TASK>
[  693.721956][T11313] 8021q: adding VLAN 0 to HW filter on device bond0
[  694.107546][T11313] 8021q: adding VLAN 0 to HW filter on device team0
[  694.442875][ T7478] bridge0: port 1(bridge_slave_0) entered blocking state
[  694.450091][ T7478] bridge0: port 1(bridge_slave_0) entered forwarding state
[  694.510913][ T7478] bridge0: port 2(bridge_slave_1) entered blocking state
[  694.518128][ T7478] bridge0: port 2(bridge_slave_1) entered forwarding state
[  694.573634][T11457] 9pnet: Could not find request transport: tct��rt=0x00000
[  694.705740][T11462] vlan2: entered promiscuous mode
[  694.712402][T11462] vlan2: entered allmulticast mode
[  694.780495][T11462] hsr_slave_1: entered allmulticast mode
[  695.075927][T11466] FAULT_INJECTION: forcing a failure.
[  695.075927][T11466] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  695.138636][T11466] CPU: 1 UID: 0 PID: 11466 Comm: syz.6.1485 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  695.138672][T11466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  695.138684][T11466] Call Trace:
[  695.138692][T11466]  <TASK>
[  695.138700][T11466]  dump_stack_lvl+0x189/0x250
[  695.138738][T11466]  ? irqentry_exit+0x74/0x90
[  695.138763][T11466]  ? __pfx_dump_stack_lvl+0x10/0x10
[  695.138796][T11466]  should_fail_ex+0x414/0x560
[  695.138819][T11466]  _copy_from_iter+0x1db/0x16f0
[  695.138844][T11466]  ? rcu_is_watching+0x15/0xb0
[  695.138869][T11466]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  695.138903][T11466]  ? __pfx__copy_from_iter+0x10/0x10
[  695.138925][T11466]  ? __build_skb_around+0x257/0x3e0
[  695.138944][T11466]  ? netlink_sendmsg+0x642/0xb30
[  695.138960][T11466]  ? skb_put+0x11b/0x210
[  695.138978][T11466]  netlink_sendmsg+0x6b2/0xb30
[  695.139003][T11466]  ? __pfx_netlink_sendmsg+0x10/0x10
[  695.139027][T11466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  695.139047][T11466]  ? __pfx_netlink_sendmsg+0x10/0x10
[  695.139067][T11466]  __sock_sendmsg+0x21c/0x270
[  695.139093][T11466]  ____sys_sendmsg+0x505/0x830
[  695.139119][T11466]  ? __pfx_____sys_sendmsg+0x10/0x10
[  695.139143][T11466]  ? import_iovec+0x74/0xa0
[  695.139168][T11466]  ___sys_sendmsg+0x21f/0x2a0
[  695.139186][T11466]  ? __pfx____sys_sendmsg+0x10/0x10
[  695.139238][T11466]  ? __fget_files+0x2a/0x420
[  695.139259][T11466]  ? __fget_files+0x3a0/0x420
[  695.139291][T11466]  __x64_sys_sendmsg+0x19b/0x260
[  695.139314][T11466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  695.139343][T11466]  ? __pfx_ksys_write+0x10/0x10
[  695.139361][T11466]  ? rcu_is_watching+0x15/0xb0
[  695.139388][T11466]  ? do_syscall_64+0xbe/0x3b0
[  695.139417][T11466]  do_syscall_64+0xfa/0x3b0
[  695.139439][T11466]  ? lockdep_hardirqs_on+0x9c/0x150
[  695.139461][T11466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  695.139479][T11466]  ? clear_bhb_loop+0x60/0xb0
[  695.139501][T11466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  695.139519][T11466] RIP: 0033:0x7f40ce18e929
[  695.139537][T11466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  695.139553][T11466] RSP: 002b:00007f40cf080038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  695.139574][T11466] RAX: ffffffffffffffda RBX: 00007f40ce3b6160 RCX: 00007f40ce18e929
[  695.139588][T11466] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004
[  695.139599][T11466] RBP: 00007f40cf080090 R08: 0000000000000000 R09: 0000000000000000
[  695.139611][T11466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  695.139623][T11466] R13: 0000000000000000 R14: 00007f40ce3b6160 R15: 00007ffdc6893578
[  695.139651][T11466]  </TASK>
[  696.018518][ T5910] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  696.225934][ T5910] usb 6-1: config 0 has too many interfaces: 202, using maximum allowed: 32
[  696.256000][ T5910] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  696.513042][ T5910] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 202
[  697.402111][T11482] syz.2.1488: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  697.420617][T11482] CPU: 1 UID: 0 PID: 11482 Comm: syz.2.1488 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  697.420641][T11482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  697.420649][T11482] Call Trace:
[  697.420656][T11482]  <TASK>
[  697.420663][T11482]  dump_stack_lvl+0x189/0x250
[  697.420696][T11482]  ? __pfx_dump_stack_lvl+0x10/0x10
[  697.420710][T11482]  ? __pfx__printk+0x10/0x10
[  697.420722][T11482]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  697.420741][T11482]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  697.420757][T11482]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  697.420774][T11482]  warn_alloc+0x214/0x310
[  697.420793][T11482]  ? __pfx_warn_alloc+0x10/0x10
[  697.420811][T11482]  ? __get_vm_area_node+0x28f/0x300
[  697.420826][T11482]  ? translate_table+0x19b/0x2040
[  697.420841][T11482]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  697.420869][T11482]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  697.420885][T11482]  ? rcu_is_watching+0x15/0xb0
[  697.420903][T11482]  ? translate_table+0x19b/0x2040
[  697.420914][T11482]  ? translate_table+0x19b/0x2040
[  697.420924][T11482]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  697.420937][T11482]  ? translate_table+0x19b/0x2040
[  697.420947][T11482]  ? xt_alloc_table_info+0x3b/0xa0
[  697.420965][T11482]  translate_table+0x19b/0x2040
[  697.420978][T11482]  ? rcu_is_watching+0x15/0xb0
[  697.420997][T11482]  ? __lock_acquire+0xab9/0xd20
[  697.421014][T11482]  ? __pfx_translate_table+0x10/0x10
[  697.421027][T11482]  ? __might_fault+0xb0/0x130
[  697.421049][T11482]  ? _copy_from_user+0x94/0xb0
[  697.421072][T11482]  do_ip6t_set_ctl+0x970/0xce0
[  697.421089][T11482]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  697.421113][T11482]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  697.421140][T11482]  nf_setsockopt+0x26f/0x290
[  697.421154][T11482]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  697.421171][T11482]  do_sock_setsockopt+0x25a/0x3e0
[  697.421187][T11482]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  697.421200][T11482]  ? __fget_files+0x2a/0x420
[  697.421219][T11482]  __x64_sys_setsockopt+0x18b/0x220
[  697.421233][T11482]  do_syscall_64+0xfa/0x3b0
[  697.421252][T11482]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.421263][T11482]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  697.421273][T11482]  ? clear_bhb_loop+0x60/0xb0
[  697.421285][T11482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.421296][T11482] RIP: 0033:0x7fd92bf8e929
[  697.421315][T11482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  697.421325][T11482] RSP: 002b:00007fd92cd23038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  697.421339][T11482] RAX: ffffffffffffffda RBX: 00007fd92c1b6160 RCX: 00007fd92bf8e929
[  697.421347][T11482] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000009
[  697.421353][T11482] RBP: 00007fd92c010b39 R08: 0000000000000458 R09: 0000000000000000
[  697.421360][T11482] R10: 0000200000001b00 R11: 0000000000000246 R12: 0000000000000000
[  697.421367][T11482] R13: 0000000000000000 R14: 00007fd92c1b6160 R15: 00007ffefa32b2e8
[  697.421383][T11482]  </TASK>
[  697.421408][T11482] Mem-Info:
[  697.734670][ T5910] usb 6-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  697.753871][ T5910] usb 6-1: New USB device strings: Mfr=33, Product=2, SerialNumber=3
[  697.762603][ T5910] usb 6-1: Product: syz
[  697.766830][ T5910] usb 6-1: Manufacturer: syz
[  697.771668][ T5910] usb 6-1: SerialNumber: syz
[  697.779169][ T5910] usb 6-1: config 0 descriptor??
[  697.784228][T11482] active_anon:265 inactive_anon:19001 isolated_anon:0
[  697.784228][T11482]  active_file:14337 inactive_file:41924 isolated_file:0
[  697.784228][T11482]  unevictable:768 dirty:63 writeback:8
[  697.784228][T11482]  slab_reclaimable:10660 slab_unreclaimable:108913
[  697.784228][T11482]  mapped:49153 shmem:13965 pagetables:1458
[  697.784228][T11482]  sec_pagetables:0 bounce:0
[  697.784228][T11482]  kernel_misc_reclaimable:0
[  697.784228][T11482]  free:1238034 free_pcp:10405 free_cma:0
[  697.830337][T11482] Node 0 active_anon:1060kB inactive_anon:76004kB active_file:57148kB inactive_file:167696kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:196612kB dirty:252kB writeback:32kB shmem:54324kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13936kB pagetables:5692kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  697.864672][T11482] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  697.896452][T11482] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  697.926010][T11482] lowmem_reserve[]: 0 2501 2503 2503 2503
[  697.931857][T11482] Node 0 DMA32 free:1020788kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1056kB inactive_anon:75964kB active_file:55384kB inactive_file:167628kB unevictable:1536kB writepending:284kB present:3129332kB managed:2561452kB mlocked:0kB bounce:0kB free_pcp:32380kB local_pcp:12284kB free_cma:0kB
[  697.964638][T11482] lowmem_reserve[]: 0 0 1 1 1
[  697.969404][T11482] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1764kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  697.998513][T11482] lowmem_reserve[]: 0 0 0 0 0
[  698.003207][T11482] Node 1 Normal free:3915968kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:9216kB local_pcp:0kB free_cma:0kB
[  698.034446][T11482] lowmem_reserve[]: 0 0 0 0 0
[  698.039477][T11482] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  698.052181][T11482] Node 0 DMA32: 1*4kB (U) 0*8kB 1*16kB (E) 169*32kB (M) 79*64kB (UME) 9*128kB (UM) 36*256kB (ME) 25*512kB (ME) 6*1024kB (UME) 9*2048kB (ME) 235*4096kB (M) = 1020788kB
[  698.069011][T11482] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  698.081370][T11482] Node 1 Normal: 170*4kB (UME) 45*8kB (UME) 37*16kB (UME) 233*32kB (UME) 77*64kB (UME) 18*128kB (UME) 3*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 0*2048kB 951*4096kB (M) = 3915968kB
[  698.099134][T11482] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  698.108765][T11482] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  698.118483][T11482] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  698.128100][T11482] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  698.137371][T11482] 70222 total pagecache pages
[  698.142337][T11482] 0 pages in swap cache
[  698.146489][T11482] Free swap  = 124996kB
[  698.150667][T11482] Total swap = 124996kB
[  698.154818][T11482] 2097051 pages RAM
[  698.158669][T11482] 0 pages HighMem/MovableOnly
[  698.163333][T11482] 424581 pages reserved
[  698.167493][T11482] 0 pages cma reserved
[  699.159197][T10217] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  699.341288][ T5910] usb 6-1: can't set config #0, error -71
[  699.383203][ T5910] usb 6-1: USB disconnect, device number 28
[  699.458017][T10217] usb 7-1: Using ep0 maxpacket: 32
[  699.488798][T10217] usb 7-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  699.538024][T10217] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.546652][T10217] usb 7-1: Product: syz
[  699.573568][T10217] usb 7-1: Manufacturer: syz
[  699.583718][T10217] usb 7-1: SerialNumber: syz
[  699.656488][T10217] usb 7-1: config 0 descriptor??
[  699.669103][T11490] mkiss: ax0: crc mode is auto.
[  699.886470][T11498] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1495'.
[  699.928716][T11496] vlan3: entered promiscuous mode
[  699.936975][T11496] vlan3: entered allmulticast mode
[  699.982051][T11496] hsr_slave_1: entered allmulticast mode
[  700.634405][T10217] peak_usb 7-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels)
[  700.668137][T10217] peak_usb 7-1:0.0 can0: sending command failure: -22
[  700.675679][T10217] peak_usb 7-1:0.0 can0: sending command failure: -22
[  700.716088][T11504] 9pnet: Could not find request transport: tct��rt=0x00000
[  701.773848][T11313] 8021q: adding VLAN 0 to HW filter on device batadv0
[  701.788952][T10217] peak_usb 7-1:0.0: probe with driver peak_usb failed with error -22
[  701.896703][T10217] usb 7-1: USB disconnect, device number 3
[  703.150844][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  703.150873][   T30] audit: type=1400 audit(1751048690.629:737): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=11530 comm="syz.6.1503" daddr=::ffff:172.20.20.18 dest=11
[  703.871487][T10217] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  704.215118][T10217] usb 3-1: Using ep0 maxpacket: 16
[  704.330828][T10217] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  704.428108][T10217] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  704.440057][   T30] audit: type=1326 audit(1751048691.929:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.6.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40ce18e929 code=0x7ffc0000
[  704.494268][T10217] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  704.528168][   T30] audit: type=1326 audit(1751048691.929:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.6.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40ce18e929 code=0x7ffc0000
[  704.555750][T10217] usb 3-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  704.569000][T10259] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  704.575696][T10217] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  704.606026][   T30] audit: type=1326 audit(1751048691.969:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.6.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f40ce18e929 code=0x7ffc0000
[  704.630157][T10217] usb 3-1: Product: syz
[  704.634417][T10217] usb 3-1: Manufacturer: syz
[  704.665469][T10217] usb 3-1: SerialNumber: syz
[  704.686311][T10217] usb 3-1: config 0 descriptor??
[  704.703085][   T30] audit: type=1326 audit(1751048691.969:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.6.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40ce18e929 code=0x7ffc0000
[  704.753576][T10217] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  704.769291][T10259] usb 6-1: Using ep0 maxpacket: 8
[  704.777011][T10217] gspca_stv06xx: st6422 sensor detected
[  704.790705][T10259] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  704.800005][   T30] audit: type=1326 audit(1751048691.979:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.6.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f40ce18e929 code=0x7ffc0000
[  704.828706][T10259] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  704.842970][   T30] audit: type=1326 audit(1751048691.979:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.6.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40ce18e929 code=0x7ffc0000
[  704.859048][T10259] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  704.890672][   T30] audit: type=1326 audit(1751048691.979:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.6.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f40ce18d290 code=0x7ffc0000
[  704.896950][T10259] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  704.972703][   T30] audit: type=1326 audit(1751048691.979:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.6.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40ce18e929 code=0x7ffc0000
[  705.200420][T10259] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  705.232777][T10259] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  705.255199][T10259] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  705.963071][   T30] audit: type=1326 audit(1751048691.979:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.6.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40ce18e929 code=0x7ffc0000
[  706.061036][T11313] veth0_vlan: entered promiscuous mode
[  706.102993][T11313] veth1_vlan: entered promiscuous mode
[  706.251595][T10217] STV06xx 3-1:0.0: probe with driver STV06xx failed with error -71
[  706.251680][T10260] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  706.273362][T10217] usb 3-1: USB disconnect, device number 35
[  706.457103][T11555] input: syz0 as /devices/virtual/input/input17
[  706.528367][T10259] usb 6-1: usb_control_msg returned -71
[  706.606034][T10259] usbtmc 6-1:16.0: can't read capabilities
[  706.640545][T10260] usb 2-1: Using ep0 maxpacket: 32
[  706.670077][T11313] veth0_macvtap: entered promiscuous mode
[  706.676454][T10260] usb 2-1: config 0 interface 0 has no altsetting 0
[  706.699721][T10260] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  706.722250][T11313] veth1_macvtap: entered promiscuous mode
[  706.765504][T10260] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  706.804765][T10259] usb 6-1: USB disconnect, device number 29
[  706.885641][T10260] usb 2-1: Product: syz
[  706.969978][T10260] usb 2-1: Manufacturer: syz
[  706.989011][T10260] usb 2-1: SerialNumber: syz
[  707.432991][T11313] batman_adv: batadv0: Interface activated: batadv_slave_0
[  707.446973][T10260] usb 2-1: config 0 descriptor??
[  707.499431][T11313] batman_adv: batadv0: Interface activated: batadv_slave_1
[  707.555913][T11562] 9pnet: Could not find request transport: tct��rt=0x00000
[  707.596115][T11313] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  707.616068][T11313] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  707.625531][T10260] usb 2-1: can't set config #0, error -71
[  707.650896][T10260] usb 2-1: USB disconnect, device number 45
[  707.657214][T11313] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  707.672669][T11313] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  707.942836][ T7475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  707.996933][ T7475] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  708.018050][T11567] capability: warning: `syz.6.1512' uses deprecated v2 capabilities in a way that may be insecure
[  708.087200][ T7476] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  708.111750][ T7476] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  708.334941][T11570] dummy0 speed is unknown, defaulting to 1000
[  709.072437][   T24] hid (null): report_id 3448920274 is invalid
[  709.151232][   T24] hid-generic 0001:0004:00A0.000A: report_id 3448920274 is invalid
[  709.228291][   T24] hid-generic 0001:0004:00A0.000A: item 0 4 1 8 parsing failed
[  709.262615][   T24] hid-generic 0001:0004:00A0.000A: probe with driver hid-generic failed with error -22
[  709.407531][T11582] netlink: 'syz.1.1516': attribute type 11 has an invalid length.
[  709.547854][T10217] usb 7-1: new low-speed USB device number 4 using dummy_hcd
[  709.618690][T11586] syz.7.1442: attempt to access beyond end of device
[  709.618690][T11586] loop7: rw=0, sector=16, nr_sectors = 2 limit=0
[  710.608942][T10217] usb 7-1: config 0 has no interfaces?
[  710.614645][T10217] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  710.644532][T10217] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  710.676359][T10217] usb 7-1: config 0 descriptor??
[  711.072368][T11578] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  711.227018][T11578] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  711.729655][   T24] usb 7-1: USB disconnect, device number 4
[  711.738861][T11598] trusted_key: syz.2.1519 sent an empty control message without MSG_MORE.
[  711.973242][T10217] usb 2-1: new full-speed USB device number 46 using dummy_hcd
[  712.233365][T10217] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  712.433810][T10217] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  712.468845][T10217] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  712.518181][T10217] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  712.567574][T10217] usb 2-1: config 0 descriptor??
[  712.606802][T10217] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  712.631277][T10217] dvb-usb: bulk message failed: -22 (3/0)
[  712.692552][T10217] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  712.732042][T10217] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  712.739681][T10217] usb 2-1: media controller created
[  712.745141][T11608] 9pnet: Could not find request transport: tct��rt=0x00000
[  712.766304][T10217] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  712.818541][T10217] dvb-usb: bulk message failed: -22 (6/0)
[  712.824440][T10217] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  712.949670][T10217] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input18
[  713.079005][T11613] dummy0 speed is unknown, defaulting to 1000
[  713.223201][T10217] dvb-usb: schedule remote query interval to 150 msecs.
[  713.265148][T10217] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  713.396309][T10217] usb 2-1: USB disconnect, device number 46
[  713.579144][T10217] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  713.638031][ T5910] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  713.772459][T11627] syz.2.1528: attempt to access beyond end of device
[  713.772459][T11627] loop2: rw=0, sector=16, nr_sectors = 2 limit=0
[  714.301181][ T5910] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  714.318084][ T5910] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  714.498437][ T5910] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  714.557667][ T5910] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  714.608046][ T5910] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  714.646894][ T5910] usb 7-1: SerialNumber: syz
[  714.750059][T11636] smk_cipso_doi:679 remove rc = -2
[  714.755557][T11636] smk_cipso_doi:692 cipso add rc = -17
[  715.029750][T11637] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1526'.
[  715.039274][T11637] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1526'.
[  721.521451][ T5910] usbtest 7-1:1.0: Linux user mode ISO test driver
[  721.568147][ T5910] usbtest 7-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  721.695930][ T5910] usb 7-1: USB disconnect, device number 5
[  722.913575][T11653] 9pnet: Could not find request transport: tct��rt=0x00000
[  722.928124][T10217] usb 8-1: new low-speed USB device number 2 using dummy_hcd
[  722.999512][T11658] FAULT_INJECTION: forcing a failure.
[  722.999512][T11658] name failslab, interval 1, probability 0, space 0, times 0
[  723.092550][T11658] CPU: 1 UID: 0 PID: 11658 Comm: syz.6.1538 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  723.092594][T11658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  723.092607][T11658] Call Trace:
[  723.092619][T11658]  <TASK>
[  723.092631][T11658]  dump_stack_lvl+0x189/0x250
[  723.092683][T11658]  ? __pfx____ratelimit+0x10/0x10
[  723.092709][T11658]  ? __pfx_dump_stack_lvl+0x10/0x10
[  723.092731][T11658]  ? __pfx__printk+0x10/0x10
[  723.092758][T11658]  ? __pfx___might_resched+0x10/0x10
[  723.092784][T11658]  ? fs_reclaim_acquire+0x7d/0x100
[  723.092814][T11658]  should_fail_ex+0x414/0x560
[  723.092839][T11658]  should_failslab+0xa8/0x100
[  723.092880][T11658]  __kmalloc_noprof+0xcb/0x4f0
[  723.092903][T11658]  ? tomoyo_encode+0x28b/0x550
[  723.092931][T11658]  tomoyo_encode+0x28b/0x550
[  723.092959][T11658]  tomoyo_realpath_from_path+0x58d/0x5d0
[  723.092985][T11658]  ? tomoyo_domain+0xda/0x130
[  723.093012][T11658]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  723.093031][T11658]  tomoyo_path_number_perm+0x1e8/0x5a0
[  723.093053][T11658]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  723.093116][T11658]  ? chmod_common+0x161/0x400
[  723.093142][T11658]  ? down_write_killable+0x178/0x230
[  723.093164][T11658]  ? __pfx_down_write_killable+0x10/0x10
[  723.093180][T11658]  ? mnt_get_write_access+0x223/0x2a0
[  723.093209][T11658]  security_path_chmod+0x136/0x350
[  723.093230][T11658]  chmod_common+0x182/0x400
[  723.093256][T11658]  ? __pfx_chmod_common+0x10/0x10
[  723.093276][T11658]  ? kasan_quarantine_put+0xdd/0x220
[  723.093302][T11658]  ? user_path_at+0x44/0x60
[  723.093317][T11658]  ? kmem_cache_free+0x18f/0x400
[  723.093342][T11658]  do_fchmodat+0x12d/0x200
[  723.093362][T11658]  ? __pfx_do_fchmodat+0x10/0x10
[  723.093378][T11658]  ? __pfx_ksys_write+0x10/0x10
[  723.093393][T11658]  ? rcu_is_watching+0x15/0xb0
[  723.093429][T11658]  __x64_sys_chmod+0x62/0x70
[  723.093450][T11658]  do_syscall_64+0xfa/0x3b0
[  723.093473][T11658]  ? lockdep_hardirqs_on+0x9c/0x150
[  723.093497][T11658]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.093513][T11658]  ? clear_bhb_loop+0x60/0xb0
[  723.093538][T11658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.093554][T11658] RIP: 0033:0x7f40ce18e929
[  723.093573][T11658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  723.093590][T11658] RSP: 002b:00007f40cf0a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000005a
[  723.093625][T11658] RAX: ffffffffffffffda RBX: 00007f40ce3b6080 RCX: 00007f40ce18e929
[  723.093638][T11658] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000080
[  723.093651][T11658] RBP: 00007f40cf0a1090 R08: 0000000000000000 R09: 0000000000000000
[  723.093663][T11658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  723.093674][T11658] R13: 0000000000000000 R14: 00007f40ce3b6080 R15: 00007ffdc6893578
[  723.093702][T11658]  </TASK>
[  723.097420][T11658] ERROR: Out of memory at tomoyo_realpath_from_path.
[  723.102843][T11662] input: syz0 as /devices/virtual/input/input19
[  723.415185][T10217] usb 8-1: device descriptor read/64, error -71
[  723.470870][T11669] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1541'.
[  723.528210][T11669] netlink: 372 bytes leftover after parsing attributes in process `syz.1.1541'.
[  723.563795][T11669] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1541'.
[  723.584769][T11669] netlink: 'syz.1.1541': attribute type 6 has an invalid length.
[  723.614114][T11669] netlink: 'syz.1.1541': attribute type 5 has an invalid length.
[  723.631157][T11669] netlink: 'syz.1.1541': attribute type 4 has an invalid length.
[  723.688588][T10217] usb 8-1: new low-speed USB device number 3 using dummy_hcd
[  723.828052][T10217] usb 8-1: device descriptor read/64, error -71
[  724.068818][T10217] usb usb8-port1: attempt power cycle
[  724.559197][T11682] vivid-002: disconnect
[  724.618178][T10217] usb 8-1: new low-speed USB device number 4 using dummy_hcd
[  724.636370][T11680] vivid-002: reconnect
[  724.683867][T10217] usb 8-1: device descriptor read/8, error -71
[  725.109743][T11692] FAULT_INJECTION: forcing a failure.
[  725.109743][T11692] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  725.123301][T11692] CPU: 1 UID: 0 PID: 11692 Comm: syz.5.1546 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  725.123338][T11692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  725.123350][T11692] Call Trace:
[  725.123359][T11692]  <TASK>
[  725.123367][T11692]  dump_stack_lvl+0x189/0x250
[  725.123405][T11692]  ? __pfx____ratelimit+0x10/0x10
[  725.123430][T11692]  ? __pfx_dump_stack_lvl+0x10/0x10
[  725.123454][T11692]  ? __pfx__printk+0x10/0x10
[  725.123478][T11692]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  725.123499][T11692]  ? __might_fault+0xb0/0x130
[  725.123528][T11692]  should_fail_ex+0x414/0x560
[  725.123555][T11692]  _copy_from_user+0x2d/0xb0
[  725.123582][T11692]  memdup_user+0x5e/0xd0
[  725.123608][T11692]  strndup_user+0x68/0xd0
[  725.123632][T11692]  __keyctl_dh_compute+0x410/0xca0
[  725.123660][T11692]  ? __pfx___keyctl_dh_compute+0x10/0x10
[  725.123679][T11692]  ? __lock_acquire+0xab9/0xd20
[  725.123711][T11692]  ? __might_fault+0xb0/0x130
[  725.123754][T11692]  keyctl_dh_compute+0x109/0x160
[  725.123776][T11692]  ? __pfx_keyctl_dh_compute+0x10/0x10
[  725.123812][T11692]  __se_sys_keyctl+0x423/0x910
[  725.123837][T11692]  ? __pfx___se_sys_keyctl+0x10/0x10
[  725.123862][T11692]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  725.123891][T11692]  ? __fget_files+0x3a0/0x420
[  725.123934][T11692]  ? fput+0xa0/0xd0
[  725.123958][T11692]  ? ksys_write+0x22a/0x250
[  725.123981][T11692]  ? __pfx_ksys_write+0x10/0x10
[  725.124006][T11692]  ? do_syscall_64+0xbe/0x3b0
[  725.124028][T11692]  ? __x64_sys_keyctl+0x20/0xc0
[  725.124053][T11692]  do_syscall_64+0xfa/0x3b0
[  725.124076][T11692]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.124095][T11692]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  725.124113][T11692]  ? clear_bhb_loop+0x60/0xb0
[  725.124135][T11692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.124152][T11692] RIP: 0033:0x7f558fd8e929
[  725.124171][T11692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  725.124188][T11692] RSP: 002b:00007f5590bcc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  725.124211][T11692] RAX: ffffffffffffffda RBX: 00007f558ffb6160 RCX: 00007f558fd8e929
[  725.124225][T11692] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000017
[  725.124238][T11692] RBP: 00007f5590bcc090 R08: 0000200000000280 R09: 0000000000000000
[  725.124250][T11692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  725.124262][T11692] R13: 0000000000000000 R14: 00007f558ffb6160 R15: 00007fffe566a0d8
[  725.124292][T11692]  </TASK>
[  725.375971][T10217] usb 8-1: new low-speed USB device number 5 using dummy_hcd
[  726.290102][T10217] usb 8-1: device not accepting address 5, error -71
[  726.326279][T10217] usb usb8-port1: unable to enumerate USB device
[  727.805669][T11712] bridge0: port 3(team0) entered blocking state
[  727.812547][T11712] bridge0: port 3(team0) entered disabled state
[  727.819292][T11712] team0: entered allmulticast mode
[  727.824477][T11712] team_slave_0: entered allmulticast mode
[  727.830280][T11712] team_slave_1: entered allmulticast mode
[  727.838178][T11712] team0: entered promiscuous mode
[  727.843330][T11712] team_slave_0: entered promiscuous mode
[  727.849340][T11712] team_slave_1: entered promiscuous mode
[  727.855715][T11712] bridge0: port 3(team0) entered blocking state
[  727.862268][T11712] bridge0: port 3(team0) entered forwarding state
[  728.083853][T11702] 9pnet: Could not find request transport: tct��rt=0x00000
[  729.007929][ T5910] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  729.628041][   T51] Bluetooth: hci7: command 0x0405 tx timeout
[  729.805657][T11730] loop4: detected capacity change from 0 to 524255232
[  729.946369][ T5910] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  729.980728][ T5910] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  730.007284][ T5910] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  730.037093][ T5910] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  730.256248][ T5910] usb 2-1: config 0 descriptor??
[  730.627247][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[  730.691456][ T5910] usbhid 2-1:0.0: can't add hid device: -71
[  730.863647][ T5910] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  730.964989][T11744] FAULT_INJECTION: forcing a failure.
[  730.964989][T11744] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  730.979042][ T5910] usb 2-1: USB disconnect, device number 47
[  731.144521][T11744] CPU: 0 UID: 0 PID: 11744 Comm: syz.5.1564 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  731.144549][T11744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  731.144562][T11744] Call Trace:
[  731.144570][T11744]  <TASK>
[  731.144580][T11744]  dump_stack_lvl+0x189/0x250
[  731.144609][T11744]  ? __pfx____ratelimit+0x10/0x10
[  731.144631][T11744]  ? __pfx_dump_stack_lvl+0x10/0x10
[  731.144653][T11744]  ? __pfx__printk+0x10/0x10
[  731.144671][T11744]  ? __might_fault+0xb0/0x130
[  731.144700][T11744]  should_fail_ex+0x414/0x560
[  731.144724][T11744]  _copy_from_iter+0x1db/0x16f0
[  731.144750][T11744]  ? rcu_is_watching+0x15/0xb0
[  731.144775][T11744]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  731.144798][T11744]  ? __pfx__copy_from_iter+0x10/0x10
[  731.144820][T11744]  ? __build_skb_around+0x257/0x3e0
[  731.144841][T11744]  ? netlink_sendmsg+0x642/0xb30
[  731.144858][T11744]  ? skb_put+0x11b/0x210
[  731.144880][T11744]  netlink_sendmsg+0x6b2/0xb30
[  731.144907][T11744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  731.144935][T11744]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  731.144954][T11744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  731.144974][T11744]  __sock_sendmsg+0x21c/0x270
[  731.145000][T11744]  ____sys_sendmsg+0x505/0x830
[  731.145025][T11744]  ? __pfx_____sys_sendmsg+0x10/0x10
[  731.145052][T11744]  ? import_iovec+0x74/0xa0
[  731.145080][T11744]  ___sys_sendmsg+0x21f/0x2a0
[  731.145103][T11744]  ? __pfx____sys_sendmsg+0x10/0x10
[  731.145158][T11744]  ? __fget_files+0x2a/0x420
[  731.145179][T11744]  ? __fget_files+0x3a0/0x420
[  731.145210][T11744]  __x64_sys_sendmsg+0x19b/0x260
[  731.145233][T11744]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  731.145251][T11744]  ? native_tss_update_io_bitmap+0x3ec/0x620
[  731.145291][T11744]  ? __pfx_ksys_write+0x10/0x10
[  731.145308][T11744]  ? rcu_is_watching+0x15/0xb0
[  731.145336][T11744]  ? do_syscall_64+0xbe/0x3b0
[  731.145361][T11744]  do_syscall_64+0xfa/0x3b0
[  731.145382][T11744]  ? lockdep_hardirqs_on+0x9c/0x150
[  731.145404][T11744]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  731.145422][T11744]  ? clear_bhb_loop+0x60/0xb0
[  731.145443][T11744]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  731.145458][T11744] RIP: 0033:0x7f558fd8e929
[  731.145474][T11744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  731.145488][T11744] RSP: 002b:00007f5590c0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  731.145507][T11744] RAX: ffffffffffffffda RBX: 00007f558ffb5fa0 RCX: 00007f558fd8e929
[  731.145519][T11744] RDX: 0000000000000010 RSI: 0000200000000580 RDI: 0000000000000006
[  731.145530][T11744] RBP: 00007f5590c0e090 R08: 0000000000000000 R09: 0000000000000000
[  731.145541][T11744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  731.145552][T11744] R13: 0000000000000000 R14: 00007f558ffb5fa0 R15: 00007fffe566a0d8
[  731.145579][T11744]  </TASK>
[  732.010031][ T5910] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  732.349399][T11757] 9pnet: Could not find request transport: tct��rt=0x00000
[  732.732905][T11768] FAULT_INJECTION: forcing a failure.
[  732.732905][T11768] name failslab, interval 1, probability 0, space 0, times 0
[  732.932839][T11768] CPU: 1 UID: 0 PID: 11768 Comm: syz.6.1570 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  732.932878][T11768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  732.932891][T11768] Call Trace:
[  732.932899][T11768]  <TASK>
[  732.932910][T11768]  dump_stack_lvl+0x189/0x250
[  732.932943][T11768]  ? __pfx____ratelimit+0x10/0x10
[  732.932970][T11768]  ? __pfx_dump_stack_lvl+0x10/0x10
[  732.932994][T11768]  ? __pfx__printk+0x10/0x10
[  732.933018][T11768]  ? __pfx___might_resched+0x10/0x10
[  732.933047][T11768]  should_fail_ex+0x414/0x560
[  732.933074][T11768]  should_failslab+0xa8/0x100
[  732.933106][T11768]  __kmalloc_noprof+0xcb/0x4f0
[  732.933126][T11768]  ? sk_prot_alloc+0xe7/0x220
[  732.933152][T11768]  sk_prot_alloc+0xe7/0x220
[  732.933169][T11768]  ? sk_alloc+0x24/0x370
[  732.933190][T11768]  sk_alloc+0x3a/0x370
[  732.933207][T11768]  ? bpf_ctx_init+0x167/0x1d0
[  732.933230][T11768]  bpf_prog_test_run_skb+0x2ed/0x1560
[  732.933248][T11768]  ? __fget_files+0x2a/0x420
[  732.933281][T11768]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  732.933296][T11768]  bpf_prog_test_run+0x2c7/0x340
[  732.933322][T11768]  __sys_bpf+0x4a4/0x860
[  732.933343][T11768]  ? __pfx___sys_bpf+0x10/0x10
[  732.933375][T11768]  ? ksys_write+0x22a/0x250
[  732.933399][T11768]  ? __pfx_ksys_write+0x10/0x10
[  732.933415][T11768]  ? rcu_is_watching+0x15/0xb0
[  732.933447][T11768]  __x64_sys_bpf+0x7c/0x90
[  732.933467][T11768]  do_syscall_64+0xfa/0x3b0
[  732.933488][T11768]  ? lockdep_hardirqs_on+0x9c/0x150
[  732.933514][T11768]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.933532][T11768]  ? clear_bhb_loop+0x60/0xb0
[  732.933555][T11768]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.933571][T11768] RIP: 0033:0x7f40ce18e929
[  732.933590][T11768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  732.933606][T11768] RSP: 002b:00007f40cf0c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  732.933629][T11768] RAX: ffffffffffffffda RBX: 00007f40ce3b5fa0 RCX: 00007f40ce18e929
[  732.933642][T11768] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[  732.933655][T11768] RBP: 00007f40cf0c2090 R08: 0000000000000000 R09: 0000000000000000
[  732.933667][T11768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  732.933679][T11768] R13: 0000000000000000 R14: 00007f40ce3b5fa0 R15: 00007ffdc6893578
[  732.933707][T11768]  </TASK>
[  732.942020][T11774] input: syz0 as /devices/virtual/input/input21
[  732.974783][T11775] FAULT_INJECTION: forcing a failure.
[  732.974783][T11775] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  733.405621][T11775] CPU: 0 UID: 0 PID: 11775 Comm: syz.2.1571 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  733.405654][T11775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  733.405662][T11775] Call Trace:
[  733.405668][T11775]  <TASK>
[  733.405675][T11775]  dump_stack_lvl+0x189/0x250
[  733.405700][T11775]  ? __pfx____ratelimit+0x10/0x10
[  733.405718][T11775]  ? __pfx_dump_stack_lvl+0x10/0x10
[  733.405731][T11775]  ? __pfx__printk+0x10/0x10
[  733.405742][T11775]  ? __might_fault+0xb0/0x130
[  733.405760][T11775]  should_fail_ex+0x414/0x560
[  733.405776][T11775]  _copy_from_iter+0x1db/0x16f0
[  733.405794][T11775]  ? rcu_is_watching+0x15/0xb0
[  733.405812][T11775]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  733.405826][T11775]  ? __pfx__copy_from_iter+0x10/0x10
[  733.405839][T11775]  ? __build_skb_around+0x257/0x3e0
[  733.405853][T11775]  ? netlink_sendmsg+0x642/0xb30
[  733.405863][T11775]  ? skb_put+0x11b/0x210
[  733.405875][T11775]  netlink_sendmsg+0x6b2/0xb30
[  733.405890][T11775]  ? __pfx_netlink_sendmsg+0x10/0x10
[  733.405905][T11775]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  733.405919][T11775]  ? __pfx_netlink_sendmsg+0x10/0x10
[  733.405929][T11775]  __sock_sendmsg+0x21c/0x270
[  733.405947][T11775]  ____sys_sendmsg+0x505/0x830
[  733.405961][T11775]  ? __pfx_____sys_sendmsg+0x10/0x10
[  733.405977][T11775]  ? import_iovec+0x74/0xa0
[  733.405995][T11775]  ___sys_sendmsg+0x21f/0x2a0
[  733.406008][T11775]  ? __pfx____sys_sendmsg+0x10/0x10
[  733.406037][T11775]  ? __fget_files+0x2a/0x420
[  733.406049][T11775]  ? __fget_files+0x3a0/0x420
[  733.406067][T11775]  __x64_sys_sendmsg+0x19b/0x260
[  733.406080][T11775]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  733.406096][T11775]  ? __pfx_ksys_write+0x10/0x10
[  733.406110][T11775]  ? do_syscall_64+0xbe/0x3b0
[  733.406126][T11775]  do_syscall_64+0xfa/0x3b0
[  733.406138][T11775]  ? lockdep_hardirqs_on+0x9c/0x150
[  733.406151][T11775]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.406161][T11775]  ? clear_bhb_loop+0x60/0xb0
[  733.406173][T11775]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.406183][T11775] RIP: 0033:0x7fd92bf8e929
[  733.406195][T11775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  733.406204][T11775] RSP: 002b:00007fd92cd44038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  733.406217][T11775] RAX: ffffffffffffffda RBX: 00007fd92c1b6080 RCX: 00007fd92bf8e929
[  733.406225][T11775] RDX: 000000002000c0c0 RSI: 0000200000000e40 RDI: 0000000000000004
[  733.406231][T11775] RBP: 00007fd92cd44090 R08: 0000000000000000 R09: 0000000000000000
[  733.406238][T11775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  733.406244][T11775] R13: 0000000000000001 R14: 00007fd92c1b6080 R15: 00007ffefa32b2e8
[  733.406259][T11775]  </TASK>
[  736.384519][T11805] 9pnet: Could not find request transport: tct��rt=0x00000
[  736.474863][T11810] input: syz0 as /devices/virtual/input/input22
[  736.497916][ T9138] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  736.704473][T11811] erofs (device nullb0): cannot find valid erofs superblock
[  736.777832][ T9138] usb 2-1: Using ep0 maxpacket: 16
[  736.869099][ T9138] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  736.918541][T11817] input: syz0 as /devices/virtual/input/input23
[  737.311040][ T9138] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  737.412710][ T9138] usb 2-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00
[  737.481426][ T9138] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.617701][T11821] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1584'.
[  738.618088][ T9138] usb 2-1: config 0 descriptor??
[  739.682480][T11827] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  739.746092][T11827] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  739.770420][ T9138] usb 2-1: USB disconnect, device number 49
[  740.426854][T11843] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1589'.
[  740.437831][T11843] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1589'.
[  741.773406][T11852] kAFS: unable to lookup cell '.,'
[  741.845792][T11850] 9pnet: Could not find request transport: tct��rt=0x00000
[  741.881354][T11858] trusted_key: encrypted_key: master key parameter 'use' is invalid
[  741.924368][T11858] fuse: Bad value for 'fd'
[  741.967200][T10260] Process accounting resumed
[  742.467887][T11868] syz.7.1596: attempt to access beyond end of device
[  742.467887][T11868] loop7: rw=0, sector=16, nr_sectors = 2 limit=0
[  743.295463][T11870] FAULT_INJECTION: forcing a failure.
[  743.295463][T11870] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  743.337201][T11870] CPU: 1 UID: 0 PID: 11870 Comm: syz.1.1597 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  743.337228][T11870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  743.337236][T11870] Call Trace:
[  743.337241][T11870]  <TASK>
[  743.337247][T11870]  dump_stack_lvl+0x189/0x250
[  743.337271][T11870]  ? __pfx____ratelimit+0x10/0x10
[  743.337287][T11870]  ? __pfx_dump_stack_lvl+0x10/0x10
[  743.337306][T11870]  ? __pfx__printk+0x10/0x10
[  743.337317][T11870]  ? __might_fault+0xb0/0x130
[  743.337337][T11870]  should_fail_ex+0x414/0x560
[  743.337353][T11870]  _copy_from_iter+0x1db/0x16f0
[  743.337382][T11870]  ? __pfx__copy_from_iter+0x10/0x10
[  743.337395][T11870]  ? __pfx_woken_wake_function+0x10/0x10
[  743.337409][T11870]  ? file_tty_write+0x2e8/0x990
[  743.337425][T11870]  ? rcu_is_watching+0x15/0xb0
[  743.337441][T11870]  ? kfree+0x4d/0x440
[  743.337456][T11870]  file_tty_write+0x486/0x990
[  743.337474][T11870]  vfs_write+0x54b/0xa90
[  743.337489][T11870]  ? __pfx_tty_write+0x10/0x10
[  743.337502][T11870]  ? __pfx_vfs_write+0x10/0x10
[  743.337519][T11870]  ? __fget_files+0x2a/0x420
[  743.337537][T11870]  ksys_write+0x145/0x250
[  743.337550][T11870]  ? __pfx_ksys_write+0x10/0x10
[  743.337560][T11870]  ? rcu_is_watching+0x15/0xb0
[  743.337575][T11870]  ? do_syscall_64+0xbe/0x3b0
[  743.337593][T11870]  do_syscall_64+0xfa/0x3b0
[  743.337607][T11870]  ? lockdep_hardirqs_on+0x9c/0x150
[  743.337623][T11870]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.337633][T11870]  ? clear_bhb_loop+0x60/0xb0
[  743.337646][T11870]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.337657][T11870] RIP: 0033:0x7f8cdb78e929
[  743.337672][T11870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  743.337682][T11870] RSP: 002b:00007f8cdc6ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  743.337698][T11870] RAX: ffffffffffffffda RBX: 00007f8cdb9b5fa0 RCX: 00007f8cdb78e929
[  743.337706][T11870] RDX: 0000000000001006 RSI: 0000200000002580 RDI: 0000000000000004
[  743.337713][T11870] RBP: 00007f8cdc6ba090 R08: 0000000000000000 R09: 0000000000000000
[  743.337722][T11870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  743.337731][T11870] R13: 0000000000000000 R14: 00007f8cdb9b5fa0 R15: 00007ffc14cd0d48
[  743.337755][T11870]  </TASK>
[  743.586967][T11858] Process accounting resumed
[  746.914258][T11894] dummy0 speed is unknown, defaulting to 1000
[  747.068453][T10260] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  747.101791][T11899] 9pnet: Could not find request transport: tct��rt=0x00000
[  747.250929][T10260] usb 3-1: config 0 has no interfaces?
[  747.262526][T10260] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  747.282483][T10260] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  747.302469][T10260] usb 3-1: Product: syz
[  747.306743][T10260] usb 3-1: Manufacturer: syz
[  747.324038][T10260] usb 3-1: SerialNumber: syz
[  747.353267][T10260] usb 3-1: config 0 descriptor??
[  747.560704][T11918] erofs (device nullb0): cannot find valid erofs superblock
[  747.791993][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  748.226259][T11894] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1606'.
[  749.263215][T11933] smk_cipso_doi:679 remove rc = -2
[  749.269341][T11933] smk_cipso_doi:692 cipso add rc = -17
[  749.724802][T10214] usb 3-1: USB disconnect, device number 36
[  753.259527][T11949] smk_cipso_doi:679 remove rc = -2
[  753.265009][T11949] smk_cipso_doi:692 cipso add rc = -17
[  753.411848][T11950] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1618'.
[  754.818145][T11955] dummy0 speed is unknown, defaulting to 1000
[  754.981060][T10256] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  755.113554][T11957] 9pnet: Could not find request transport: tct��rt=0x00000
[  755.350785][T10256] usb 3-1: config 0 has no interfaces?
[  755.383938][T10256] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  755.395946][T10256] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  755.404727][T10256] usb 3-1: Product: syz
[  755.410272][T10256] usb 3-1: Manufacturer: syz
[  755.415222][T10256] usb 3-1: SerialNumber: syz
[  755.472352][T10256] usb 3-1: config 0 descriptor??
[  756.736655][T11955] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1621'.
[  756.807815][ T9138] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  756.815865][T11977] dummy0 speed is unknown, defaulting to 1000
[  757.290784][T10216] usb 3-1: USB disconnect, device number 37
[  757.861594][   T30] kauditd_printk_skb: 40 callbacks suppressed
[  757.861625][   T30] audit: type=1400 audit(1751048745.431:787): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=11991 comm="syz.5.1629" dest=20003
[  758.014654][ T9138] usb 8-1: config 0 has no interfaces?
[  758.026860][ T9138] usb 8-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  758.049328][ T9138] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  758.065062][ T9138] usb 8-1: Product: syz
[  758.073857][ T9138] usb 8-1: Manufacturer: syz
[  758.089325][ T9138] usb 8-1: SerialNumber: syz
[  758.288537][ T9138] usb 8-1: config 0 descriptor??
[  759.937993][T10216] usb 3-1: new low-speed USB device number 38 using dummy_hcd
[  760.088207][ T9138] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  760.140206][T10216] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  760.160653][T10216] usb 3-1: config 1 interface 0 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  760.184793][T10216] usb 3-1: config 1 interface 0 has no altsetting 0
[  760.221617][T10216] usb 3-1: string descriptor 0 read error: -22
[  760.238013][T10216] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  760.318047][T10216] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  760.350713][ T9138] usb 6-1: Using ep0 maxpacket: 32
[  760.374670][ T9138] usb 6-1: config 0 interface 0 has no altsetting 0
[  760.392476][T10216] usb 3-1: bad CDC descriptors
[  760.408461][ T9138] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  760.457668][ T9138] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  760.466135][ T9138] usb 6-1: Product: syz
[  760.479314][ T9138] usb 6-1: Manufacturer: syz
[  760.484652][ T9138] usb 6-1: SerialNumber: syz
[  760.501832][T10256] usb 8-1: USB disconnect, device number 6
[  760.506570][ T9138] usb 6-1: config 0 descriptor??
[  760.609054][T12021] erofs (device nullb0): cannot find valid erofs superblock
[  760.685673][T12006] ubi31: attaching mtd0
[  760.694598][T12006] ubi31 error: ubi_attach_mtd_dev: bad VID header (16) or data offsets (80)
[  760.748617][T12015] sg_write: data in/out 2013/126 bytes for SCSI command 0x0-- guessing data in;
[  760.748617][T12015]    program syz.5.1634 not setting count and/or reply_len properly
[  760.925762][T12022] 9pnet: Could not find request transport: tct��rt=0x00000
[  761.057675][ T9138] gs_usb 6-1:0.0: Configuring for 1 interfaces
[  761.858043][T12036] syz.6.1639: attempt to access beyond end of device
[  761.858043][T12036] loop6: rw=0, sector=16, nr_sectors = 2 limit=0
[  762.488064][ T9138] gs_usb 6-1:0.0: Couldn't get bit timing const for channel 0 (-ETIMEDOUT)
[  762.530223][ T9138] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -110
[  763.508800][ T9138] usb 6-1: USB disconnect, device number 30
[  763.563650][T10219] usb 3-1: USB disconnect, device number 38
[  763.958259][ T9138] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  764.149267][ T9138] usb 6-1: Using ep0 maxpacket: 32
[  764.173593][ T9138] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  764.217489][ T9138] usb 6-1: config 0 has no interface number 0
[  764.246578][ T9138] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  764.280190][ T9138] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  764.310128][ T9138] usb 6-1: Product: syz
[  764.314431][ T9138] usb 6-1: Manufacturer: syz
[  764.357494][ T9138] usb 6-1: SerialNumber: syz
[  764.408686][ T9138] usb 6-1: config 0 descriptor??
[  764.444926][ T9138] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  764.484589][ T9138] usb 6-1: selecting invalid altsetting 1
[  764.497021][ T9138] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  764.517237][ T9138] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  764.568291][ T9138] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  764.605364][ T9138] usb 6-1: media controller created
[  764.792831][ T9138] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  765.325196][   T51] Bluetooth: hci6: command 0x0406 tx timeout
[  766.586210][T12100] 9p: Unknown access argument �: -22
[  766.638820][ T9138] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  766.647392][ T9138] zl10353_read_register: readreg error (reg=127, ret==-110)
[  766.897419][ T9138] usb 6-1: USB disconnect, device number 31
[  767.044179][T12107] netlink: 'syz.7.1663': attribute type 4 has an invalid length.
[  767.207637][T12110] openvswitch: netlink: Message has 8 unknown bytes.
[  767.532454][   T30] audit: type=1326 audit(1751048755.091:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12117 comm="syz.2.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  767.628056][   T30] audit: type=1326 audit(1751048755.101:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12117 comm="syz.2.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  767.772037][   T30] audit: type=1326 audit(1751048755.101:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12117 comm="syz.2.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  767.870654][   T30] audit: type=1326 audit(1751048755.101:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12117 comm="syz.2.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  767.926788][   T30] audit: type=1326 audit(1751048755.101:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12117 comm="syz.2.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  768.001691][   T30] audit: type=1326 audit(1751048755.101:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12117 comm="syz.2.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  768.095258][   T30] audit: type=1326 audit(1751048755.101:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12117 comm="syz.2.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000
[  768.166281][   T30] audit: type=1326 audit(1751048755.101:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12117 comm="syz.2.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  768.265125][   T30] audit: type=1326 audit(1751048755.101:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12117 comm="syz.2.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  768.375528][   T30] audit: type=1326 audit(1751048755.101:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12117 comm="syz.2.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd92bf8e929 code=0x7ffc0000
[  768.480649][T12139] vlan2: entered allmulticast mode
[  768.485943][T12139] dummy0: entered allmulticast mode
[  769.530996][T12172] 9pnet: p9_errstr2errno: server reported unknown error �@0x0000000000000004
[  770.242367][T12184] lo speed is unknown, defaulting to 1000
[  770.249631][T12184] lo speed is unknown, defaulting to 1000
[  770.267931][T12184] lo speed is unknown, defaulting to 1000
[  770.404645][T12184] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  770.604612][T12184] lo speed is unknown, defaulting to 1000
[  770.626195][T12184] lo speed is unknown, defaulting to 1000
[  770.647107][T12184] lo speed is unknown, defaulting to 1000
[  770.660416][T12184] lo speed is unknown, defaulting to 1000
[  770.670292][T12184] lo speed is unknown, defaulting to 1000
[  770.678770][T12184] lo speed is unknown, defaulting to 1000
[  770.687495][T12184] lo speed is unknown, defaulting to 1000
[  770.695584][T12184] lo speed is unknown, defaulting to 1000
[  771.785491][T12216] serio: Serial port ptm0
[  771.966196][T12221] netlink: 'syz.5.1706': attribute type 21 has an invalid length.
[  772.176002][T12223] bridge_slave_0: left allmulticast mode
[  772.196362][T12223] bridge_slave_0: left promiscuous mode
[  772.212858][T12223] bridge0: port 1(bridge_slave_0) entered disabled state
[  772.278451][T12223] bridge_slave_1: left allmulticast mode
[  772.290996][T12223] bridge_slave_1: left promiscuous mode
[  772.303939][T12223] bridge0: port 2(bridge_slave_1) entered disabled state
[  772.386623][T12223] bond0: (slave bond_slave_0): Releasing backup interface
[  772.448865][T12223] bond0: (slave bond_slave_1): Releasing backup interface
[  772.502135][T12223] team0: Port device team_slave_0 removed
[  772.534081][T12223] team0: Port device team_slave_1 removed
[  772.560486][T12223] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  772.579417][T12223] batman_adv: batadv0: Removing interface: batadv_slave_0
[  772.620267][T12223] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  772.652735][T12223] batman_adv: batadv0: Removing interface: batadv_slave_1
[  772.814105][T12238] loop9: detected capacity change from 0 to 7
[  772.842187][T12238] buffer_io_error: 58 callbacks suppressed
[  772.842214][T12238] Buffer I/O error on dev loop9, logical block 0, async page read
[  772.921957][T12238] Buffer I/O error on dev loop9, logical block 0, async page read
[  772.972876][T12238] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.034876][T12238] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.054115][T12238] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.063308][T12238] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.093256][   T30] kauditd_printk_skb: 62 callbacks suppressed
[  773.093276][   T30] audit: type=1326 audit(1751048760.661:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12241 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cdb78e929 code=0x7ffc0000
[  773.097237][T12238] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.100918][T12243] sd 0:0:1:0: device reset
[  773.150895][   T30] audit: type=1326 audit(1751048760.661:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12241 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8cdb78d290 code=0x7ffc0000
[  773.196189][T12238] ldm_validate_partition_table(): Disk read failed.
[  773.216371][   T30] audit: type=1326 audit(1751048760.661:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12241 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cdb78e929 code=0x7ffc0000
[  773.251004][T12238] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.325721][   T30] audit: type=1326 audit(1751048760.671:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12241 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8cdb78e929 code=0x7ffc0000
[  773.328214][T12238] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.396969][   T30] audit: type=1326 audit(1751048760.751:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12241 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cdb78e929 code=0x7ffc0000
[  773.438304][T12238] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.446553][T12238] Dev loop9: unable to read RDB block 0
[  773.490154][T12238]  loop9: unable to read partition table
[  773.504788][T12249] dummy0 speed is unknown, defaulting to 1000
[  773.516728][T12238] loop9: partition table beyond EOD, truncated
[  773.534230][   T30] audit: type=1326 audit(1751048760.751:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12241 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cdb78e929 code=0x7ffc0000
[  773.568036][T12249] lo speed is unknown, defaulting to 1000
[  773.568409][T12238] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  773.568409][T12238] 
) failed (rc=-5)
[  773.602289][   T30] audit: type=1326 audit(1751048760.941:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12247 comm="syz.2.1718" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd92bf8e929 code=0x0
[  774.508687][T12266] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  775.309252][T12271] hub 8-0:1.0: USB hub found
[  775.357990][T12271] hub 8-0:1.0: 1 port detected
[  775.948800][   T31] INFO: task syz.0.1293:10721 blocked for more than 143 seconds.
[  775.956691][   T31]       Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0
[  776.001778][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  776.050554][   T31] task:syz.0.1293      state:D stack:24520 pid:10721 tgid:10720 ppid:5825   task_flags:0x400140 flags:0x00004006
[  776.076541][   T31] Call Trace:
[  776.084191][   T31]  <TASK>
[  776.090923][   T31]  __schedule+0x16a2/0x4cb0
[  776.110739][   T31]  ? schedule+0x165/0x360
[  776.137872][   T31]  ? __pfx___schedule+0x10/0x10
[  776.146928][   T31]  ? schedule+0x91/0x360
[  776.159834][T12293] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  776.177964][   T31]  schedule+0x165/0x360
[  776.183206][   T31]  io_schedule+0x81/0xe0
[  776.187580][   T31]  folio_wait_bit_common+0x6b0/0xb90
[  776.207794][   T31]  ? __pfx_folio_wait_bit_common+0x10/0x10
[  776.213750][   T31]  ? __pfx_wake_page_function+0x10/0x10
[  776.220920][   T31]  ? __pfx_filemap_get_folios_tag+0x10/0x10
[  776.226936][   T31]  ? rcu_is_watching+0x15/0xb0
[  776.232335][   T31]  folio_wait_writeback+0xb0/0x100
[  776.237564][   T31]  __filemap_fdatawait_range+0x147/0x230
[  776.254769][   T31]  ? __pfx___filemap_fdatawait_range+0x10/0x10
[  776.264105][   T31]  filemap_fdatawait_keep_errors+0x31/0xd0
[  776.281654][   T31]  ? sync_inodes_sb+0x261/0xa10
[  776.295132][   T31]  sync_inodes_sb+0x7a9/0xa10
[  776.305514][   T31]  ? down_read+0x1ad/0x2e0
[  776.322992][   T31]  ? sync_inodes_sb+0x261/0xa10
[  776.336262][   T31]  ? __pfx_sync_inodes_sb+0x10/0x10
[  776.346687][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  776.364780][   T31]  __iterate_supers+0x13d/0x250
[  776.377228][   T31]  ? __pfx_sync_inodes_one_sb+0x10/0x10
[  776.391861][   T31]  ksys_sync+0x94/0x150
[  776.403195][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  776.414833][   T31]  ? rcu_is_watching+0x15/0xb0
[  776.422714][   T31]  ? do_syscall_64+0xbe/0x3b0
[  776.427599][   T31]  __ia32_sys_sync+0xe/0x20
[  776.438370][   T31]  do_syscall_64+0xfa/0x3b0
[  776.448779][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  776.458042][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  776.464346][   T31]  ? clear_bhb_loop+0x60/0xb0
[  776.482277][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  776.492909][   T31] RIP: 0033:0x7f87a7f8e929
[  776.497524][   T31] RSP: 002b:00007f87a8da6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  776.517279][   T31] RAX: ffffffffffffffda RBX: 00007f87a81b5fa0 RCX: 00007f87a7f8e929
[  776.526402][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  776.536169][   T31] RBP: 00007f87a81b5fa0 R08: 0000000000000000 R09: 0000000000000000
[  776.544587][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  776.553754][   T31] R13: 0000000000000000 R14: 00007f87a81b5fa0 R15: 00007ffdd065c5e8
[  776.562215][   T31]  </TASK>
[  776.565556][   T31] 
[  776.565556][   T31] Showing all locks held in the system:
[  776.574819][   T31] 1 lock held by khungtaskd/31:
[  776.586937][   T31]  #0: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  776.617585][   T31] 2 locks held by getty/5585:
[  776.622634][   T31]  #0: ffff8880353920a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  776.642550][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  776.653899][   T31] 3 locks held by kworker/1:5/5910:
[  776.659874][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  776.671117][   T31]  #1: ffffc900050ffbc0 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  776.683201][   T31]  #2: ffffffff8e144840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  776.697610][   T31] 3 locks held by syz.3.43/6101:
[  776.712170][   T31]  #0: ffff888027c6c428 (sb_writers#14){.+.+}-{0:0}, at: vfs_writev+0x288/0x960
[  776.725576][   T31]  #1: ffff888057a00148 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: netfs_start_io_write+0xd8/0x100
[  776.745151][   T31]  #2: ffff888057a00500 (&ctx->wb_lock){+.+.}-{4:4}, at: netfs_begin_writethrough+0x65/0x140
[  776.766871][   T31] 2 locks held by syz.0.1293/10721:
[  776.772479][   T31]  #0: ffff888027c6c0e0 (&type->s_umount_key#57){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
[  776.790685][   T31]  #1: ffff888027c6c950 (&s->s_sync_lock){+.+.}-{4:4}, at: sync_inodes_sb+0x255/0xa10
[  776.814515][   T31] 2 locks held by syz.4.1404/11167:
[  776.822116][   T31]  #0: ffff888027c6c0e0 (&type->s_umount_key#57){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
[  776.837925][   T31]  #1: ffff888027c6c950 (&s->s_sync_lock){+.+.}-{4:4}, at: sync_inodes_sb+0x255/0xa10
[  776.855861][   T31] 4 locks held by syz.1.1720/12259:
[  776.862083][   T31] 4 locks held by syz.7.1735/12298:
[  776.867508][   T31]  #0: ffffffff8f563b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  776.883884][   T31]  #1: ffffffff8f563988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  776.894282][   T31]  #2: ffff888027c67100 (&dev->mutex){....}-{4:4}, at: nfc_dev_up+0x3f/0x320
[  776.904293][   T31]  #3: ffff888053cf4350 (&ndev->req_lock){+.+.}-{4:4}, at: nci_dev_up+0xa3/0xd50
[  776.921461][   T31] 2 locks held by syz.2.1736/12292:
[  776.926753][   T31]  #0: ffffffff8e194028 (tracepoints_mutex){+.+.}-{4:4}, at: tracepoint_probe_unregister+0x30/0x9b0
[  776.940108][   T31]  #1: ffffffff8e144978 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  776.951700][   T31] 1 lock held by dhcpcd/12299:
[  776.956522][   T31]  #0: ffff88807ef57408 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  777.046345][   T31] 
[  777.050112][   T31] =============================================
[  777.050112][   T31] 
[  777.062951][   T31] NMI backtrace for cpu 0
[  777.062974][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  777.062996][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  777.063008][   T31] Call Trace:
[  777.063016][   T31]  <TASK>
[  777.063024][   T31]  dump_stack_lvl+0x189/0x250
[  777.063053][   T31]  ? __wake_up_klogd+0xd9/0x110
[  777.063075][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  777.063097][   T31]  ? __pfx__printk+0x10/0x10
[  777.063124][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  777.063146][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  777.063161][   T31]  ? _printk+0xcf/0x120
[  777.063180][   T31]  ? __pfx__printk+0x10/0x10
[  777.063196][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  777.063219][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  777.063241][   T31]  watchdog+0xfee/0x1030
[  777.063264][   T31]  ? watchdog+0x1de/0x1030
[  777.063288][   T31]  kthread+0x70e/0x8a0
[  777.063309][   T31]  ? __pfx_watchdog+0x10/0x10
[  777.063328][   T31]  ? __pfx_kthread+0x10/0x10
[  777.063344][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  777.063365][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  777.063385][   T31]  ? __pfx_kthread+0x10/0x10
[  777.063403][   T31]  ret_from_fork+0x3fc/0x770
[  777.063428][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  777.063455][   T31]  ? __switch_to_asm+0x39/0x70
[  777.063470][   T31]  ? __switch_to_asm+0x33/0x70
[  777.063483][   T31]  ? __pfx_kthread+0x10/0x10
[  777.063501][   T31]  ret_from_fork_asm+0x1a/0x30
[  777.063528][   T31]  </TASK>
[  777.063535][   T31] Sending NMI from CPU 0 to CPUs 1:
[  777.230453][    C1] NMI backtrace for cpu 1
[  777.230482][    C1] CPU: 1 UID: 0 PID: 3 Comm: pool_workqueue_ Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  777.230503][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  777.230514][    C1] RIP: 0010:lockdep_hardirqs_off+0xab/0x110
[  777.230548][    C1] Code: 9e 98 0a 00 00 41 8b 86 88 0a 00 00 ff c0 41 89 86 88 0a 00 00 41 89 86 a4 0a 00 00 eb 17 48 c7 c7 00 f3 9b 8d e8 d5 17 00 00 <65> 8b 05 0e 25 3a 07 85 c0 74 80 65 48 8b 05 e2 e4 39 07 48 3b 44
[  777.230562][    C1] RSP: 0018:ffffc90000a088a8 EFLAGS: 00000082
[  777.230579][    C1] RAX: 0000000000000001 RBX: ffffffff8b626252 RCX: 90081dc4b4fd1500
[  777.230591][    C1] RDX: 0000000000000000 RSI: ffffffff8d9bf300 RDI: ffffffff8be1bb80
[  777.230602][    C1] RBP: ffffc90000a08968 R08: ffffc90000a0899f R09: 0000000000000000
[  777.230614][    C1] R10: ffffc90000a08990 R11: fffff52000141134 R12: dffffc0000000000
[  777.230626][    C1] R13: 000000010000d555 R14: 0000000000000a02 R15: 1ffff9200014111c
[  777.230638][    C1] FS:  0000000000000000(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000
[  777.230652][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  777.230664][    C1] CR2: 00007fd92c181178 CR3: 0000000039e1c000 CR4: 00000000003526f0
[  777.230680][    C1] Call Trace:
[  777.230687][    C1]  <IRQ>
[  777.230696][    C1]  ? _raw_spin_lock_irqsave+0x82/0xf0
[  777.230718][    C1]  trace_hardirqs_off+0x12/0x40
[  777.230752][    C1]  _raw_spin_lock_irqsave+0x82/0xf0
[  777.230770][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  777.230788][    C1]  ? get_random_u32+0x155/0x940
[  777.230805][    C1]  ? get_random_u32+0x4df/0x940
[  777.230822][    C1]  debug_object_assert_init+0xb4/0x380
[  777.230840][    C1]  ? __lock_acquire+0xab9/0xd20
[  777.230865][    C1]  __mod_timer+0x4a/0xf30
[  777.230880][    C1]  ? do_raw_write_lock+0x11d/0x260
[  777.230897][    C1]  ? __pfx_do_raw_write_lock+0x10/0x10
[  777.230916][    C1]  addrconf_mod_rs_timer+0x51/0xe0
[  777.230934][    C1]  addrconf_rs_timer+0x45e/0x670
[  777.230955][    C1]  ? __pfx_addrconf_rs_timer+0x10/0x10
[  777.230977][    C1]  call_timer_fn+0x17b/0x5f0
[  777.230995][    C1]  ? __pfx_addrconf_rs_timer+0x10/0x10
[  777.231011][    C1]  ? call_timer_fn+0xbe/0x5f0
[  777.231027][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  777.231049][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  777.231067][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  777.231084][    C1]  ? __pfx_addrconf_rs_timer+0x10/0x10
[  777.231102][    C1]  __run_timer_base+0x61a/0x860
[  777.231118][    C1]  ? ktime_get+0x3e/0x1f0
[  777.231138][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  777.231153][    C1]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  777.231181][    C1]  run_timer_softirq+0xb7/0x180
[  777.231197][    C1]  handle_softirqs+0x286/0x870
[  777.231220][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  777.231240][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  777.231264][    C1]  __irq_exit_rcu+0xca/0x1f0
[  777.231282][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  777.231304][    C1]  irq_exit_rcu+0x9/0x30
[  777.231321][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  777.231338][    C1]  </IRQ>
[  777.231344][    C1]  <TASK>
[  777.231351][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  777.231367][    C1] RIP: 0010:lockdep_unregister_key+0x2c5/0x310
[  777.231386][    C1] Code: 65 48 8b 05 fd 79 fb 10 48 3b 44 24 10 0f 84 26 fe ff ff e8 6d 91 c1 09 e8 98 92 c1 09 41 f7 c7 00 02 00 00 74 bd fb 40 84 ed <75> bc eb cd 90 0f 0b 90 e9 19 ff ff ff 90 0f 0b 90 e9 2a ff ff ff
[  777.231398][    C1] RSP: 0018:ffffc90000087c00 EFLAGS: 00000246
[  777.231411][    C1] RAX: 90081dc4b4fd1500 RBX: ffff888024b59138 RCX: 90081dc4b4fd1500
[  777.231422][    C1] RDX: ffffffff935d7358 RSI: ffffffff8d98231d RDI: ffffffff8be1bb80
[  777.231434][    C1] RBP: ffff888024b59100 R08: 0000000000000000 R09: ffffffff81ab3048
[  777.231445][    C1] R10: dffffc0000000000 R11: fffffbfff1f3fbff R12: 0000000000000000
[  777.231455][    C1] R13: 0000000000001000 R14: 0000000000000000 R15: 0000000000000207
[  777.231468][    C1]  ? __is_module_percpu_address+0x28/0x3f0
[  777.231497][    C1]  pwq_release_workfn+0x6d5/0x870
[  777.231521][    C1]  kthread_worker_fn+0x507/0xb60
[  777.231539][    C1]  ? kthread_worker_fn+0xe4/0xb60
[  777.231554][    C1]  ? __pfx_pwq_release_workfn+0x10/0x10
[  777.231575][    C1]  kthread+0x70e/0x8a0
[  777.231592][    C1]  ? __pfx_kthread_worker_fn+0x10/0x10
[  777.231606][    C1]  ? __pfx_kthread+0x10/0x10
[  777.231621][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  777.231638][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  777.231655][    C1]  ? __pfx_kthread+0x10/0x10
[  777.231669][    C1]  ret_from_fork+0x3fc/0x770
[  777.231690][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  777.231710][    C1]  ? __switch_to_asm+0x39/0x70
[  777.231726][    C1]  ? __switch_to_asm+0x33/0x70
[  777.231739][    C1]  ? __pfx_kthread+0x10/0x10
[  777.231754][    C1]  ret_from_fork_asm+0x1a/0x30
[  777.231776][    C1]  </TASK>
[  777.232949][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  777.703897][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  777.715708][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  777.725764][   T31] Call Trace:
[  777.729040][   T31]  <TASK>
[  777.731970][   T31]  dump_stack_lvl+0x99/0x250
[  777.736567][   T31]  ? __asan_memcpy+0x40/0x70
[  777.741149][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  777.746345][   T31]  ? __pfx__printk+0x10/0x10
[  777.750938][   T31]  panic+0x2db/0x790
[  777.754834][   T31]  ? __pfx_panic+0x10/0x10
[  777.759248][   T31]  ? __pfx_delay_tsc+0x10/0x10
[  777.764007][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  777.769820][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  777.775191][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  777.781345][   T31]  watchdog+0x102d/0x1030
[  777.785720][   T31]  ? watchdog+0x1de/0x1030
[  777.790170][   T31]  kthread+0x70e/0x8a0
[  777.794263][   T31]  ? __pfx_watchdog+0x10/0x10
[  777.798949][   T31]  ? __pfx_kthread+0x10/0x10
[  777.803564][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  777.808854][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  777.814076][   T31]  ? __pfx_kthread+0x10/0x10
[  777.818673][   T31]  ret_from_fork+0x3fc/0x770
[  777.823263][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  777.828377][   T31]  ? __switch_to_asm+0x39/0x70
[  777.833136][   T31]  ? __switch_to_asm+0x33/0x70
[  777.837894][   T31]  ? __pfx_kthread+0x10/0x10
[  777.842482][   T31]  ret_from_fork_asm+0x1a/0x30
[  777.847253][   T31]  </TASK>
[  777.850619][   T31] Kernel Offset: disabled
[  777.855159][   T31] Rebooting in 86400 seconds..