last executing test programs:

3m23.792842442s ago: executing program 0 (id=897):
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6(0xa, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x0)
socket(0x2c, 0x803, 0x0)
socket$tipc(0x1e, 0x4, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
socket(0x2c, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="6400000010000304000000000000000000002100", @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0)

3m23.259625351s ago: executing program 0 (id=901):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='debugfs\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x1c5)
lseek(r1, 0x0, 0x1)
syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3m19.301411226s ago: executing program 0 (id=909):
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44080)
sendto$inet_nvme_pdu(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f00000500000000000000", @ANYRES32, @ANYBLOB="01000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00'}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
setsockopt$WPAN_WANTLQI(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r3, 0x0, 0x0)
shmctl$IPC_RMID(0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r1, 0x0, &(0x7f0000000000)=""/31}, 0x20)

3m18.276537159s ago: executing program 0 (id=911):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x99)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
umount2(&(0x7f0000000480)='./file0\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0x9361, 0x0)

3m18.120094303s ago: executing program 0 (id=913):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3000000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="078201000000000027001280080001"], 0x30}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r1, 0x40085112, &(0x7f0000000040)=@v={0x93, 0xe, 0x10, 0x4, @generic=0x2, 0x7, 0x50})
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f00000003c0)={'nat\x00', 0x0, 0x0, 0x0, [0x8, 0x7fff, 0xd, 0x79, 0xa0d, 0x100], 0x2, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x0, [{}, {}]}, 0x98)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000200)={'team0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@gettfilter={0x3c, 0x2e, 0x1, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0xfff3, 0x2}, {0x6, 0xd}, {0x5, 0xe}}, [{0x8, 0xb, 0x4}, {0x8, 0xb, 0x2}, {0x8, 0xb, 0xde03}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24008054}, 0x40084)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x4000000)

3m17.261127274s ago: executing program 0 (id=916):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000200)={'#! ', './file0', [{0x20, '/dev/zero\x00'}, {0x20, '\\[[&]n@\x81'}, {0x20, '\''}, {0x20, ')&)&[,,'}, {}, {0x20, '!'}, {0x20, '/dev/zero\x00'}]}, 0x37)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r0, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
r1 = socket(0x2, 0x2, 0x1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = openat$audio(0xffffffffffffff9c, 0x0, 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000040)=0xfffffffd)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000000c0)=0x2)
writev(r3, 0x0, 0x0)
connect$unix(r1, &(0x7f0000000340)=@file={0x1, './file1\x00'}, 0x6e)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$unix(r1, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000007040)={{0x14, 0x10, 0x1, 0x0, 0xf5ffffff}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x94}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x17}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)

3m16.790525641s ago: executing program 32 (id=916):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000200)={'#! ', './file0', [{0x20, '/dev/zero\x00'}, {0x20, '\\[[&]n@\x81'}, {0x20, '\''}, {0x20, ')&)&[,,'}, {}, {0x20, '!'}, {0x20, '/dev/zero\x00'}]}, 0x37)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r0, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
r1 = socket(0x2, 0x2, 0x1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = openat$audio(0xffffffffffffff9c, 0x0, 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000040)=0xfffffffd)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000000c0)=0x2)
writev(r3, 0x0, 0x0)
connect$unix(r1, &(0x7f0000000340)=@file={0x1, './file1\x00'}, 0x6e)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$unix(r1, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000007040)={{0x14, 0x10, 0x1, 0x0, 0xf5ffffff}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x94}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x17}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)

2m34.464598705s ago: executing program 4 (id=1022):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='pstore\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x1b260ab, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x1, 0xd, 0x7902f2364505de9f}, 0x28)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
syz_io_uring_setup(0x10c, &(0x7f0000000140)={0x0, 0xfec9, 0x10000, 0x0, 0xa}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000280))
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/tty/drivers\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0bc5310, &(0x7f0000001100))
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$sock_attach_bpf(r4, 0x1, 0x3e, &(0x7f0000000100), 0x4)
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000011c0)='\x00', 0x1}], 0x1, 0x0, 0x0, 0x10000000}, 0x0)
read$hiddev(r3, &(0x7f00000000c0)=""/4092, 0xffc)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000001200)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00', 0x1ff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r2, @ANYRESDEC=r6, @ANYRESDEC=0x0], &(0x7f0000000180)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)

2m33.079648648s ago: executing program 4 (id=1025):
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
write$cgroup_int(r0, &(0x7f00000008c0)=0xfffffffffffffff7, 0x12)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'team_slave_1\x00'})
sendto$inet_nvme_pdu(r0, &(0x7f0000000180)=@rsp={{0x5, 0x0, 0x18, 0xb0, 0x2}, {@u16=0xfff, 0x9, 0xf, 0x56, 0x1}}, 0x80, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f00000500000000000000", @ANYRES32, @ANYBLOB="01000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000de99d91500"/24, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x9, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r4}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
r6 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
shmctl$IPC_RMID(r6, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r2, 0x0, &(0x7f0000000000)=""/31}, 0x20)

2m32.188388326s ago: executing program 4 (id=1029):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r5, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r5, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)

2m31.031526061s ago: executing program 4 (id=1031):
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10c}, 0x1, 0xf000}, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x3, 0x0, @remote, 0x5}, 0x1c)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x952c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)

2m30.618675211s ago: executing program 4 (id=1034):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_FILTER(r0, 0x65, 0x9, 0x0, &(0x7f0000000040))
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x48, 0x0, 0x8)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt(0xffffffffffffffff, 0x0, 0x12, &(0x7f0000000000)=""/3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0xb, &(0x7f0000000700)=ANY=[@ANYRESOCT=r1, @ANYRES32, @ANYBLOB="54303af293c2d4384688", @ANYRES8=r2], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='alarmtimer_suspend\x00', r3, 0x0, 0x5}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0xffffffffffffffff, 0x1, &(0x7f0000000000)=0x6)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='fdinfo\x00')
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x480a80, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000380), 0x9, 0x386083)
writev(r5, &(0x7f00000002c0)=[{&(0x7f0000000740)="158b3a28744db2b0224d6f018a7325bf749cbc382f401784f64ce2d52cd5c567e2dfcb1c30f0c6b6ad46373bc76834eec46a9fa192b236cd75daeada02b0a5c2d568287d74e82b3a804cda437c8395bbe0fceed4df721a118747493b3e55ec0b", 0x60}], 0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @remote}}, 0x0, 0x3, 0x401, 0x0, 0x32, 0x84e, 0xb7}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e20, @loopback}}, 0x4000000, 0x1ff, 0x2, 0x0, 0x8a}, 0x9c)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f00000004c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)=""/62, &(0x7f0000000400)=0x3e)
shutdown(r6, 0x2)
r7 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$binfmt_script(r7, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'aT\xe8\x9b^\xfb^$\r\'uij\r\xd9\xef\xd2Et^Q\v\x9fOFL\x95`Z\xae\xc3a\xfe%\x94\x1a\xebt\xc6\x06\x8fD,\xf7\xae#\x80\x80\xdf\xa3\xcaO\xc6\x8a\x91\x90\xadR\aW\xe1\xf3n\xca\xa3\x8f\xd6F\x03\x0e\x9b\xe5yb\xfc\xa19wUs\x83\xf1{&\n\x1d\x8e\x82y\x1a.B\x0e\xea\x17\xc7\xe7H\xa9\xd4\x8e\xe7 gD\x89*\xb5c<d\x1f\\\x10$o\x93\x02\x9c@\x9ddt\x8c\x875\xf7@\x9aM\xa3j\xfa\x1f\xe5\x81\xc9u<\xf0?w8P>\xc5\x8a\xe6R\xe5YGq\xf5\xb6\x95\xbc\x112\x9bno\xc8\x06\xb6\b\xcc\x03{Sn\x94G\x01\xb4\xffJQ8t\x99vY\xaaf\xc7,\x9f\xbb\x15G\x1cr\x19\xef\xab\n\xa8\xbc\xbd\xa2E\x16\x1cm\xbd=\x98\x7fU\xcbg\x15%\x95\xb11\x017\x83*\x14\xcbt\xc2\xcb\x04\x1e~?\xb9j\x18\x96\x84EA\xeaB\a\x83\xba\xdco<\x00'/256}]}, 0x10c)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000080)={0x9, <r8=>r4, 0x2})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r8}, 0x8)
openat$mice(0xffffffffffffff9c, &(0x7f0000000540), 0x2800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYRES16=r3], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)

2m29.761405947s ago: executing program 4 (id=1038):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="280000002400f00306000000000000000100000000000000fe8000000000000000000000000000aa"], 0x28}, 0x1, 0x0, 0x0, 0x8891}, 0x840)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x9c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x74, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x3c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8, 0x1, "6eee7e00"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x110}}, 0x0)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
pipe(&(0x7f0000000300)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB='\x00\x00'])
ioprio_set$uid(0x3, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000013c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f00000018c0)={r1, 0x0, 0x2, 0x1})
bpf$PROG_LOAD(0x5, &(0x7f0000001900)={0x8, 0x24, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0xa, 0x0, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x9, 0xfff8}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r7}, {0x6, 0x0, 0xb, 0x9, 0x0, 0x3}, {0x46, 0x8, 0xfff0, 0x76}}, @printk={@i, {0x3, 0x3, 0x3, 0x4, 0x9}}], {{0x7, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r9, 0x6, 0xd, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r10, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r10, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "e4a18560d99f00", 0x800000})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='mpol=bind:', @ANYRESDEC])
write$sndseq(r10, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
setsockopt$inet6_tcp_int(r9, 0x6, 0x6, &(0x7f0000000100)=0x4, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x7e, &(0x7f00000000c0))
shmctl$IPC_SET(0x0, 0x1, &(0x7f00000020c0)={{0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0xe}, 0x9, 0x5, 0x2, 0x1, 0x0, 0x0, 0x3ff})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x3, 0x8, 0xff})
r11 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x2000)
ioctl$SG_GET_VERSION_NUM(r11, 0x2284, 0x0)
splice(r5, 0x0, r4, 0x0, 0xffffffffffff8000, 0x0)

2m14.610714043s ago: executing program 33 (id=1038):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="280000002400f00306000000000000000100000000000000fe8000000000000000000000000000aa"], 0x28}, 0x1, 0x0, 0x0, 0x8891}, 0x840)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x9c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x74, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x3c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8, 0x1, "6eee7e00"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x110}}, 0x0)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
pipe(&(0x7f0000000300)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB='\x00\x00'])
ioprio_set$uid(0x3, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000013c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f00000018c0)={r1, 0x0, 0x2, 0x1})
bpf$PROG_LOAD(0x5, &(0x7f0000001900)={0x8, 0x24, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0xa, 0x0, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x9, 0xfff8}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r7}, {0x6, 0x0, 0xb, 0x9, 0x0, 0x3}, {0x46, 0x8, 0xfff0, 0x76}}, @printk={@i, {0x3, 0x3, 0x3, 0x4, 0x9}}], {{0x7, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r9, 0x6, 0xd, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r10, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r10, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "e4a18560d99f00", 0x800000})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='mpol=bind:', @ANYRESDEC])
write$sndseq(r10, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
setsockopt$inet6_tcp_int(r9, 0x6, 0x6, &(0x7f0000000100)=0x4, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x7e, &(0x7f00000000c0))
shmctl$IPC_SET(0x0, 0x1, &(0x7f00000020c0)={{0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0xe}, 0x9, 0x5, 0x2, 0x1, 0x0, 0x0, 0x3ff})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x3, 0x8, 0xff})
r11 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x2000)
ioctl$SG_GET_VERSION_NUM(r11, 0x2284, 0x0)
splice(r5, 0x0, r4, 0x0, 0xffffffffffff8000, 0x0)

18.523939876s ago: executing program 6 (id=1358):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x28, 0x3e, 0x107, 0xffffffff, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x4, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
syz_usb_ep_write(0xffffffffffffffff, 0x0, 0xfffffffffffffc53, &(0x7f00000002c0)="b9425b446512d23236973599b76c470539")
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000014c80020850000000400000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r2 = syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
getsockopt$inet_opts(r3, 0x0, 0x4, 0xfffffffffffffffe, &(0x7f0000000200))
ioctl$HIDIOCGRDESC(r2, 0x40305829, &(0x7f00000002c0))

17.612600145s ago: executing program 3 (id=1360):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r1, 0x1, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mount$overlay(0x0, &(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0xffffffd8, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r4 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)

16.273496336s ago: executing program 6 (id=1364):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="500000000201010400000000000000000a050001300002802c00018014000300fc02000000000000000000000000000114000400fe8000000000000000000000000000210c0019800800020006000000135b688d68f784170334019b9180e960741cecb2586300395c8341b97c16245947ef7e50d7"], 0x50}, 0x1, 0x0, 0x0, 0x8800}, 0x80)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shmat(0x0, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_wakeup_irq', 0x0, 0xb)
msgget$private(0x0, 0x101)
r5 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
lsetxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000100), 0x24, 0x0)
getxattr(&(0x7f0000000140)='./bus\x00', 0x0, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000140)={r4, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil)
r6 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r8 = fsopen(&(0x7f0000000000)='overlay\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r8}})
ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000400)={0x9d0000, 0x2a6, 0x1, r7, 0x0, &(0x7f00000003c0)={0x990af8, 0x1ff, '\x00', @p_u32=&(0x7f0000000340)}})
shmdt(0x0)

12.455432545s ago: executing program 6 (id=1369):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x47, 0x1, 0x3, 0x6}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f0000000180)={'ip6tnl0\x00', r2, 0x4, 0x8, 0x8, 0x3, 0x40, @private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7800, 0x40, 0x8}})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000980)='sys_exit\x00', r3}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r7=>0x0})
bind$packet(r6, &(0x7f0000000300)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14)
r8 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bind$packet(r8, &(0x7f0000000000)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @link_local}, 0x14)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'lo\x00', {0x2, 0x0, @broadcast}})
syz_emit_ethernet(0xfdef, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c200000ee43f6642531e080045"], 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000400)={0xf0f02a, 0x2})
recvmsg(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)}, 0x1f00)

11.550098739s ago: executing program 3 (id=1371):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioctl$KDGKBSENT(0xffffffffffffffff, 0x5602, &(0x7f0000000000)={0x0, "96d3e9659db3f50cb3c4e683f4fae026a3b284dd56630882be4bc0f34042227a71f06b95d73e34c8ecf3325e43f75f16f13d8905d3bdce627dc6ae0b14840f4c8bebc40872293c61ddd293631a22c6d5c8c9b16b987f4326874ddc5e2610c5505cea115e51bf6feb3e93cf89b8f44394fa2ac7f6cf757a9416c7545c5e5caa34450f0397d179f2225b57f644ce8ad31b15547b9364daef8e784f2036a75c3c5cfd124cdd424a558ea90d054d36c0d1d0db92e5e7f668dadcbfaed92c7cf3204be0c4904d308feba3447d7f41a58bc2fd4682e306a592696e4de9427d87c008d3e172cf162cc35f00915fe9fc9ea84e28838940e4bb2fda4c55a34abdf6db63d547c91a17211a1ce43a2933f8227e8b6767ab70bc9223e62a2d3ad9b13f74e2000961e62eaea005088d6d74a19eb0c56ce314323143fcfe27e410e10bd21a2140783385bdb1a7d33038427e336829ccfb63c04e537ca51ddae5fdf29505fca04fc4b2a13d6dad7db2eace60e9589712719a49a2d2d44587465037851b1fe93a0ed46822294671098fd53e79fe428bf6ae3846299ab1d238ad07be6cc01b5fcaacfce829c209e67d5548a38b637f3b44905b8be24dfba30e1b6d074b43e53fcded14a4190a585949baa43fef6c70ce7b1612299d734c07feed23252886a1317358cf5ecaf0186d2dbdb3eab8a9c3c21d4828ef8a9dd89207f2884a57679fcd495a"})
r1 = getpid()
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x12, 0x0, {0x0, 0x10}, {0xffff, 0xffff}, {0x2, 0xf}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfc, 0x0, 0x1, 0x0, 0x7], 0x0, [0x8, 0x4, 0x2, 0x80, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}}]}}]}, 0x8c}}, 0x0)
select(0x0, 0x0, &(0x7f00000000c0)={0x4}, 0x0, &(0x7f0000000100)={0x7fffffffffffffff})
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x3f01)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x18, &(0x7f00000000c0), 0x31}, 0x0)
timer_settime(r4, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
readv(r2, &(0x7f0000000300)=[{&(0x7f0000000340)=""/113, 0x71}], 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f00000004c0)={&(0x7f0000000480)=[0x0, 0x0, 0x0], 0x3})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\b'], 0x20}}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
shmget$private(0x0, 0x1000, 0x78000a42, &(0x7f0000ff2000/0x1000)=nil)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

11.243987192s ago: executing program 5 (id=1375):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000001a000100000000000000000002000000ef0000000000020008000100e000000108000300", @ANYRES32=r0], 0x34}, 0x1, 0x0, 0x0, 0x20004814}, 0x400c810)

10.528379209s ago: executing program 6 (id=1376):
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac010902", @ANYRES16], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r5, 0x0, 0x53, 0x2400000c, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x1d}}, 0x1c)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@gettaction={0x48, 0x32, 0x400, 0x70bd2a, 0x25cfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x28, 0x1, [{0xc, 0x85, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81f7}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4008000}, 0x4040090)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bond0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000304fffffff30000000000000400", @ANYRES32=r7, @ANYBLOB="60bc010004a701003c00128009000100626f6e6400"], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x4000044)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r8, 0x0, 0x81, 0x0, 0x0)

10.424398419s ago: executing program 3 (id=1377):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050026bf7000000004fa0e00000008000300", @ANYRES32=r4], 0x7c}}, 0x20000014)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xff, 0x6, 0xfffa}, 0x1b, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4a, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x2003, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x5, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0xb6ec, 0xe, 0x0, 0x80008071, 0x7, 0x1b, 0x1, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x0, 0x100004, 0x8, 0x400, 0x80, 0x0, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x42], [0x10000007, 0x26, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0x20000d, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x44, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x2e6, 0x8004, 0x5, 0xfffffffe, 0x300, 0x8d2, 0x9, 0x0, 0x7ffd, 0x0, 0x5, 0xb, 0x4, 0xddbb, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x6, 0x1c, 0x120000, 0x738, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0xfffffff7, 0x6, 0xa, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0xfffffffb, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x87, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0xd, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x207, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x20000d7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2)
syz_open_dev$vim2m(&(0x7f0000000040), 0x40005, 0x2)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
accept4(0xffffffffffffffff, &(0x7f0000000000)=@pptp={0x18, 0x2, {0x0, @empty}}, &(0x7f0000000080)=0x80, 0x80800)
socket$inet_sctp(0x2, 0x5, 0x84)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r7, 0x400, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r9}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r6}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
r10 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, &(0x7f0000000000)=0x8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0xffffffea}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

10.360005307s ago: executing program 2 (id=1378):
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000006c0), 0x0, &(0x7f0000000900)={[{@workdir}]})
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
r1 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000040)=@name, &(0x7f0000000080)=0x10, 0x400)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f00000000c0)={'wg1\x00'})
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
io_setup(0x3, &(0x7f00000000c0)=<r3=>0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
pipe2$9p(&(0x7f0000001900)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB="d146158ee0ed33d2af8ac1e8f80b12a0d08648e8cfda86562ae7fa96412fefb4fee63fcdaad5a4c1b384b63b2ce7782a49a83c7850633b7f1581209acbc3641681ac8817ae8a10e3aea323793f34", @ANYRESHEX=r7, @ANYBLOB=',k'])
truncate(&(0x7f0000000240)='./file0\x00', 0x206b12)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001ec0), 0xffffffffffffffff)
sendmsg$TIPC_NL_PUBL_GET(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x44, r9, 0xf03, 0x0, 0x0, {}, [@TIPC_NLA_SOCK={0x30, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0xfffffffffffffff6}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_FLAG, @TIPC_NLA_CON_FLAG={0x8}]}]}]}, 0x44}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
io_submit(r3, 0x1, &(0x7f0000000200)=[&(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000700)='9', 0x1}])
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0xc6, 0x1e, 0x40, 0x7c9, 0x12, 0xc2f4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xcb, 0x8e, 0x2f}}]}}]}}, 0x0)
ioctl$SOUND_MIXER_WRITE_VOLUME(r7, 0xc0044d0b, &(0x7f0000000180)=0x35)

10.322150805s ago: executing program 5 (id=1379):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000026c0)={0x0, 0x0, &(0x7f0000002680)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r0], 0x54}}, 0x20000000)
r1 = landlock_create_ruleset(&(0x7f00000001c0)={0x8010, 0x2, 0x2}, 0x18, 0x2)
landlock_restrict_self(r1, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = getpgrp(0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18)
r6 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r7 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
io_setup(0x7d, &(0x7f0000000600)=<r8=>0x0)
io_submit(r8, 0x2, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xfdfe, r7, &(0x7f0000000000)="96", 0xfffffe10, 0x0, 0x0, 0x0, r7}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r6, 0x0, 0x0, 0xffffffffffffffff}])
r9 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r9, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setownex(r3, 0xf, &(0x7f0000000100)={0x2, r4})
sendmsg$unix(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="b5", 0x1}], 0x1}, 0x240408c1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x204020, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)

10.168534926s ago: executing program 1 (id=1380):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="500000000201010400000000000000000a050001300002802c00018014000300fc02000000000000000000000000000114000400fe8000000000000000000000000000210c0019800800020006000000135b688d68f784170334019b9180e960741cecb2586300395c8341b97c16245947ef7e50d7"], 0x50}, 0x1, 0x0, 0x0, 0x8800}, 0x80)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shmat(0x0, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_wakeup_irq', 0x0, 0xb)
msgget$private(0x0, 0x101)
r5 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
lsetxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000100), 0x24, 0x0)
getxattr(&(0x7f0000000140)='./bus\x00', 0x0, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000140)={r4, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil)
r6 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r8 = fsopen(&(0x7f0000000000)='overlay\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r8}})
ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000400)={0x9d0000, 0x2a6, 0x1, r7, 0x0, &(0x7f00000003c0)={0x990af8, 0x1ff, '\x00', @p_u32=&(0x7f0000000340)}})
shmdt(0x0)

7.673998355s ago: executing program 1 (id=1381):
open(&(0x7f0000000180)='./bus\x00', 0xc8a7e, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40081271, &(0x7f0000000980)=0x4000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000010000000400000002"], 0x50)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r1, &(0x7f00000004c0)}, 0x20)
cachestat(r1, &(0x7f0000000040)={0x7, 0xbae}, &(0x7f00000000c0), 0x0)
mount(&(0x7f00000003c0)=@nullb, &(0x7f0000000080)='./bus\x00', &(0x7f0000000000)='cramfs\x00', 0x1c002, 0x0)

7.465267355s ago: executing program 1 (id=1382):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r5, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r5, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)

7.336527272s ago: executing program 5 (id=1383):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYRES64], 0x60}, 0x1, 0x0, 0x0, 0x24005841}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='attr/keycreate\x00')
write$UHID_DESTROY(r1, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000240)={0x0, &(0x7f00000000c0)})
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1800)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0xc, &(0x7f0000000040)=0xff, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
syz_fuse_handle_req(r5, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x90, 0x0, 0x2f56d653, {0x4, 0x3, 0x201, 0x800000000400000, 0x81, 0x0, {0x1, 0xfffffffffffffffd, 0x7ffffffffff, 0x4, 0x400000000000, 0x6, 0x0, 0xfffffffd, 0x1, 0x1000, 0x4000000, 0x0, 0x0, 0x0, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000002100), &(0x7f0000002180)=0x60)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000440)={0xa, @raw_data="973076fb000aa0a246d3b1e78acee14b6eb6a7b3d1274cfabe1c5053c4d07026a9dd4d5325aa9ac9ed49669c3407b44a72a264c7032d8aa9a22860f688652857720fc13df937837e598bd6126163d2076b4b40f5e6a93ff8a5fec60c516cc10010780488cfd6e408d891ec6d429d93a536b5e99d8b8e1d9a5b89d8580fd0ebb0b9693974a005d7a6927ecafb7dc8dbee0b48017c184658f2d6f6e3120c207faa666fd5451137e8bfea0a08b62ca9247d511e91f8e652e4c94dec33d33748fe85adec6064af2ccb10"})
r6 = syz_open_procfs(0x0, 0x0)
read$FUSE(r6, &(0x7f0000002140)={0x2020, 0x0, 0x0, 0x0, <r7=>0x0}, 0x2020)
setgid(r7)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)

7.285750072s ago: executing program 2 (id=1384):
prlimit64(0x0, 0xe, &(0x7f0000000440)={0x6, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x20, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019380)=""/102392, 0x18ff8)
openat$uinput(0xffffffffffffff9c, &(0x7f0000009640), 0x802, 0x0)
r1 = accept4$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000000300), 0x80000)
bind$phonet(r1, &(0x7f00000003c0)={0x23, 0x7, 0xff, 0x7}, 0x10)
mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, 0x0)
close(0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_RW(r2, 0x118, 0x0, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r3 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r5, r4, &(0x7f00000000c0)=0x58, 0x5)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000000000000711231000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
r7 = socket$kcm(0x1e, 0x7, 0x0)
sendmsg$kcm(r7, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x0, 0x3, 0x4}}, 0x80, 0x0}, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x40010, r0, 0xcee56000)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x11, r8, 0xfffff000)

7.259786599s ago: executing program 6 (id=1385):
syz_io_uring_setup(0x40a2, &(0x7f0000000080)={0x0, 0x1872, 0x0, 0x3, 0x6}, &(0x7f0000000000), &(0x7f0000000100)) (async)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba"], 0x0)

5.977334888s ago: executing program 1 (id=1386):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x47, 0x1, 0x3, 0x6}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f0000000180)={'ip6tnl0\x00', r2, 0x4, 0x8, 0x8, 0x3, 0x40, @private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7800, 0x40, 0x8}})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000980)='sys_exit\x00', r3}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r7=>0x0})
bind$packet(r6, &(0x7f0000000300)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14)
r8 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bind$packet(r8, &(0x7f0000000000)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @link_local}, 0x14)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'lo\x00', {0x2, 0x0, @broadcast}})
syz_emit_ethernet(0xfdef, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c200000ee43f6642531e080045"], 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000400)={0xf0f02a, 0x2})
recvmsg(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)}, 0x1f00)

5.539825608s ago: executing program 5 (id=1387):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = dup(r3)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000240)={0xc})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10)
r6 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r6, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000200), 0x4)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000002010500fffffffd000000000200000834774e"], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)

3.702403401s ago: executing program 5 (id=1388):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x28, 0x3e, 0x107, 0xffffffff, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x4, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
syz_usb_ep_write(0xffffffffffffffff, 0x0, 0xfffffffffffffc53, &(0x7f00000002c0)="b9425b446512d23236973599b76c470539")
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000014c80020850000000400000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r2 = syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
getsockopt$inet_opts(r3, 0x0, 0x4, 0xfffffffffffffffe, &(0x7f0000000200))
ioctl$HIDIOCGRDESC(r2, 0x40305829, &(0x7f00000002c0))

3.628120166s ago: executing program 2 (id=1389):
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000140)=[@uexit={0x0, 0x18, 0x80000000}, @cpuid={0x2, 0x18, {0x4, 0x4}}, @uexit={0x0, 0x18, 0xc10c}, @cpuid={0x2, 0x18, {0x4, 0x3}}, @code={0x1, 0x55, {"460f784145440f20c03503000000440f22c0b8010000000f01c1c4c1f85f530c660f38817f00f3420fc736470f217f460f01c366b8cb008ee80f20d835200000000f22d8"}}, @uexit={0x0, 0x18, 0xf687}, @code={0x1, 0x64, {"66baf80cb8b0a84584ef66bafc0cb800200000ef0f01df67430fd46b23450f30670f2297660f08f3400fa7c8c74424000c000000c7442402e108f2dfc7442406000000000f011c24400f01f866b8a2000f00d0"}}, @code={0x1, 0x59, {"440f20c0350d000000440f22c0420f0d751066baf80cb84aae8484ef66bafc0c66ed410f07c423bd6ae6006536400f0766b879000f00d0470f830000fffff347aff36666460f0019"}}, @cpuid={0x2, 0x18, {0x6, 0x7fffffff}}], 0x1a2})
ioctl$KVM_SET_CPUID2(r0, 0x4008ae90, &(0x7f0000000300)={0x6, 0x0, [{0x80000007, 0x8, 0x7, 0x4, 0x80, 0xdb, 0x9b}, {0x2, 0x7c7f, 0x5, 0x0, 0xcd3e, 0x7, 0xe}, {0xb, 0xd9, 0x5, 0x9, 0x401, 0x7, 0x7}, {0xd, 0x0, 0x6, 0x6, 0x8, 0x9, 0x9}, {0x7, 0x3e, 0x4, 0x4, 0x8, 0x6, 0x80}, {0x80000000, 0x8000, 0x0, 0x0, 0xfffffffc, 0x9939, 0x100}]})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x9801}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r3}]}}}]}, 0x38}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000ac0)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @gre={{0x8}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x34}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="34000000100001f8ffffff00000000000000000077448b5aeb4dd850f191adfc076cac7dea6a5d40ff711bbbd295b27ec4527ca5067a1e794a8326e32eae6d39873b0f218c0ecb51f3722de133740a9d281bd84f713f051cdd", @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32, @ANYBLOB="08001b"], 0x34}, 0x1, 0x0, 0x0, 0x4004000}, 0x40)

3.376633529s ago: executing program 3 (id=1390):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x47, 0x1, 0x3, 0x6}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f0000000180)={'ip6tnl0\x00', <r4=>r3, 0x4, 0x8, 0x8, 0x3, 0x40, @private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7800, 0x40, 0x8}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000980)='sys_exit\x00', r5}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
r7 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ALL_SLAVES_ACTIVE={0x5}, @IFLA_BOND_MIN_LINKS={0x8}]}}}]}, 0x44}}, 0x0)
r9 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r10=>0x0})
bind$packet(r9, &(0x7f0000000300)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @remote}, 0x14)
r11 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bind$packet(r11, &(0x7f0000000000)={0x11, 0x0, r12, 0x1, 0x0, 0x6, @link_local}, 0x14)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'lo\x00', {0x2, 0x0, @broadcast}})
syz_emit_ethernet(0xfdef, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c200000ee43f6642531e080045"], 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000400)={0xf0f02a, 0x2})
recvmsg(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xf8}], 0x1}, 0x1f00)

3.209713387s ago: executing program 2 (id=1391):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="500000000201010400000000000000000a050001300002802c00018014000300fc02000000000000000000000000000114000400fe8000000000000000000000000000210c0019800800020006000000135b688d68f784170334019b9180e960741cecb2586300395c8341b97c16245947ef7e50d7"], 0x50}, 0x1, 0x0, 0x0, 0x8800}, 0x80)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shmat(0x0, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_wakeup_irq', 0x0, 0xb)
msgget$private(0x0, 0x101)
r5 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
lsetxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000100), 0x24, 0x0)
getxattr(&(0x7f0000000140)='./bus\x00', 0x0, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000140)={r4, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil)
r6 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r8 = fsopen(&(0x7f0000000000)='overlay\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r8}})
ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000400)={0x9d0000, 0x2a6, 0x1, r7, 0x0, &(0x7f00000003c0)={0x990af8, 0x1ff, '\x00', @p_u32=&(0x7f0000000340)}})
shmdt(0x0)

2.360212558s ago: executing program 5 (id=1392):
r0 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x41, &(0x7f00000004c0)={0x4b5a9da54893e123, 0x3, 0x2, 0x2}, 0x8, 0x0, 0x8, 0x0, 0x0, 0x6, 0x0})
r1 = syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x4080, 0x3, 0x800179}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000000400)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r1, 0x4d10, 0x2, 0x2, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x78, 0x30, 0xb, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x7}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @dev={0xfe, 0x80, '\x00', 0x31}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
r8 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x20000, 0x0, 0x2cf}, &(0x7f0000000040)=<r9=>0x0, &(0x7f0000000600)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r11 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r11, 0x80, &(0x7f0000000100)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1b}, 0x3}, 0x0, 0x0, 0x1})
io_uring_enter(r8, 0x47ba, 0x0, 0x0, 0x0, 0x0)
getsockopt$SO_J1939_PROMISC(r7, 0x6b, 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x14000, 0x0)
r12 = eventfd(0xc)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x1, r12})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, &(0x7f0000000480)=""/74})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)

2.221139489s ago: executing program 1 (id=1393):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x1, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x3, {@ip4=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000080)={@broadcast, @multicast, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "fec000", 0x30, 0x3a, 0x0, @private0, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "18b088", 0x0, 0x0, 0x0, @local, @local}}}}}}}, 0x0)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f00000000c0)={0x0, 0x2, 0x6, @random="5788a3a2cad7"}, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f2}, 0x0)

2.019395133s ago: executing program 2 (id=1394):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000069000010010200004000050018010000696c6c2500000000002020207b1af8ff00000000bfa1000000000000070100fef7ffffffb702000008000000b703000064000000850000001000000095"], &(0x7f0000000040)='syzkaller\x00', 0x5, 0xfcc, &(0x7f0000001e00)=""/4044, 0x100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xbd}, 0x94)

2.018009128s ago: executing program 6 (id=1395):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0xa0380, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d440fe0000000000002900000004000000", 0xfe60) (async)
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) (async)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) (async, rerun: 64)
r3 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r4, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000000)={0x4c, r5, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVKEY={0x2c, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x14, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}]}, 0x4c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000002100016b2abd7000fddbdf2502808001080000080200000008000200ac1514bb47"], 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x20004040) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001c00)=ANY=[@ANYRES8=r3], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
ioctl$TUNSETFILTEREBPF(r1, 0x800454e1, &(0x7f00000001c0)=r6) (async)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r7, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd)

1.868624172s ago: executing program 3 (id=1396):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r5, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r5, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)

1.742148708s ago: executing program 2 (id=1397):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket(0x11, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
shutdown(0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8)
add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
add_key$fscrypt_provisioning(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x7)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0x7, 0x200)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000880}, 0x4000891)
getsockname$packet(r4, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r5=>0x0})
bind$packet(r0, &(0x7f0000000180)={0x11, 0x11, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x4e6f, 0x4)
sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f000314600000320600ac141430e0000003808a8972bd0b72e4108296a3d206163944f8afc1bf505602da9168d6f9ce320068ff1f7e345a170d1423c2e18c8ed410c8aab9a20b514d2b583b90a86da4483488c0fdc6c2"], 0xdd12}], 0x1, 0x0, 0x0, 0x4000}, 0x1)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f00000001c0)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r6}, 0x18)

1.579790635s ago: executing program 1 (id=1398):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x2c, r2, 0x8, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x1, 0x59}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "8841f3453b"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x777246f5503d14ae}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, 0x0, 0x4800)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendmsg$alg(r7, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
read$alg(r7, &(0x7f0000000000)=""/35, 0x23)
sendmsg$SOCK_DIAG_BY_FAMILY(r7, 0x0, 0x10)
sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x44, 0xb, 0x6, 0x801, 0x0, 0x0, {0x6, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x44}}, 0x48804)

0s ago: executing program 3 (id=1399):
openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d810009050f1f05e13f000009058303", @ANYRESDEC], 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x3b, &(0x7f0000000140)=ANY=[@ANYBLOB="9a"])
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="2e660f3acfda2466baa10066ed66baf80cb8e2dad18cef66bafc0c66b8f2ff66eff40f7860c066b801010f00d80f4d736c0f0966b855008ed066baf80cb814ef5089ef66bafc0cb000ee"}], 0x1, 0x2b, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, @efer={0x2, 0x2000}], 0x1000000000000045)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff)
r3 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000240)={0x0, 0x0, 0xfffffffa, 0x3b2, 0x0, [0x0, 0x0, <r4=>0x0], [0x5, 0x9, 0x4, 0x400], [0x7f, 0x8001, 0xfffffffc, 0x1], [0x42, 0x0, 0x5, 0x8]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r3, 0xc06864b8, &(0x7f0000000580)={0x0, 0x8c1, 0x80, 0x20203143, 0x0, [0x2, r4], [0x810003, 0x0, 0x0, 0x906], [0x1, 0x0, 0xffffffff, 0x46], [0x2]})
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000c000000200001801400020073797a5f74756e000000000000000000080003000300000014000380100003800c220001800800013a0000000005"], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x0)

kernel console output (not intermixed with test programs):

epages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  403.010917][ T8800] Bluetooth: MGMT ver 1.23
[  403.037185][ T8763] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  403.066919][ T8763] 57572 total pagecache pages
[  403.073424][ T8763] 1 pages in swap cache
[  403.078509][ T8763] Free swap  = 124996kB
[  403.084646][ T8763] Total swap = 124996kB
[  403.089184][ T8763] 2097051 pages RAM
[  403.098478][ T8763] 0 pages HighMem/MovableOnly
[  403.104693][    T9] usb 5-1: Using ep0 maxpacket: 16
[  403.117018][    T9] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  403.131543][    T9] usb 5-1: config 0 has no interface number 0
[  403.145563][ T8763] 424582 pages reserved
[  403.155154][    T9] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  403.172762][ T8763] 0 pages cma reserved
[  403.198640][    T9] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  403.210645][    T9] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  403.236611][    T9] usb 5-1: Product: syz
[  403.246532][    T9] usb 5-1: SerialNumber: syz
[  403.283441][    T9] usb 5-1: config 0 descriptor??
[  403.310091][    T9] usbhid 5-1:0.8: couldn't find an input interrupt endpoint
[  403.725224][ T5890] usb 5-1: USB disconnect, device number 14
[  404.879843][ T8824] netlink: 16 bytes leftover after parsing attributes in process `syz.1.815'.
[  404.939175][ T8824] netlink: 172 bytes leftover after parsing attributes in process `syz.1.815'.
[  404.949526][ T8824] netlink: 16 bytes leftover after parsing attributes in process `syz.1.815'.
[  406.860488][ T8844] program syz.1.818 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  406.871091][ T8844] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  410.894395][ T8878] netlink: 16 bytes leftover after parsing attributes in process `syz.3.828'.
[  411.123401][ T8878] netlink: 172 bytes leftover after parsing attributes in process `syz.3.828'.
[  411.277271][ T8887] loop9: detected capacity change from 0 to 7
[  411.293079][ T8887] buffer_io_error: 9 callbacks suppressed
[  411.299220][ T8887] Buffer I/O error on dev loop9, logical block 0, async page read
[  411.309632][ T8887] Buffer I/O error on dev loop9, logical block 0, async page read
[  411.319644][ T8887] Buffer I/O error on dev loop9, logical block 0, async page read
[  411.330626][ T8887] Buffer I/O error on dev loop9, logical block 0, async page read
[  411.341765][ T8887] Buffer I/O error on dev loop9, logical block 0, async page read
[  411.354772][ T8887] Buffer I/O error on dev loop9, logical block 0, async page read
[  411.431605][ T8887] Buffer I/O error on dev loop9, logical block 0, async page read
[  411.443089][ T8887] ldm_validate_partition_table(): Disk read failed.
[  411.451727][ T8887] Buffer I/O error on dev loop9, logical block 0, async page read
[  411.463010][ T8887] Buffer I/O error on dev loop9, logical block 0, async page read
[  411.474031][ T8887] Buffer I/O error on dev loop9, logical block 0, async page read
[  411.487615][ T8887] Dev loop9: unable to read RDB block 0
[  411.500887][ T8887]  loop9: unable to read partition table
[  411.511334][ T8887] loop9: partition table beyond EOD, truncated
[  411.517951][ T8887] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  411.517951][ T8887] 
) failed (rc=-5)
[  411.729616][ T8887] 9pnet_fd: Insufficient options for proto=fd
[  412.427773][ T8878] netlink: 16 bytes leftover after parsing attributes in process `syz.3.828'.
[  412.520878][ T8886] netlink: 36 bytes leftover after parsing attributes in process `syz.4.830'.
[  412.543095][ T8886] netlink: 16 bytes leftover after parsing attributes in process `syz.4.830'.
[  412.570102][ T8886] netlink: 36 bytes leftover after parsing attributes in process `syz.4.830'.
[  413.406430][ T8886] netlink: 36 bytes leftover after parsing attributes in process `syz.4.830'.
[  413.847234][ T8902] loop9: detected capacity change from 0 to 7
[  413.894789][ T8902] ldm_validate_partition_table(): Disk read failed.
[  413.904806][ T8902] Dev loop9: unable to read RDB block 0
[  413.914117][ T8902]  loop9: unable to read partition table
[  413.922127][ T8902] loop9: partition table beyond EOD, truncated
[  413.928880][ T8902] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  413.928880][ T8902] 
) failed (rc=-5)
[  413.969757][ T8902] 9pnet_fd: Insufficient options for proto=fd
[  415.759136][    T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  416.963461][ T8916] netlink: 40 bytes leftover after parsing attributes in process `syz.3.840'.
[  418.148526][ T8944] FAULT_INJECTION: forcing a failure.
[  418.148526][ T8944] name failslab, interval 1, probability 0, space 0, times 0
[  418.162533][ T8944] CPU: 1 UID: 0 PID: 8944 Comm: syz.4.848 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  418.162563][ T8944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  418.162582][ T8944] Call Trace:
[  418.162590][ T8944]  <TASK>
[  418.162599][ T8944]  dump_stack_lvl+0x189/0x250
[  418.162632][ T8944]  ? __pfx____ratelimit+0x10/0x10
[  418.162660][ T8944]  ? __pfx_dump_stack_lvl+0x10/0x10
[  418.162688][ T8944]  ? __pfx__printk+0x10/0x10
[  418.162709][ T8944]  ? __pfx___might_resched+0x10/0x10
[  418.162736][ T8944]  ? fs_reclaim_acquire+0x7d/0x100
[  418.162768][ T8944]  should_fail_ex+0x414/0x560
[  418.162798][ T8944]  should_failslab+0xa8/0x100
[  418.162823][ T8944]  __kmalloc_noprof+0xcb/0x4f0
[  418.162845][ T8944]  ? tomoyo_encode+0x28b/0x550
[  418.162877][ T8944]  tomoyo_encode+0x28b/0x550
[  418.162909][ T8944]  tomoyo_realpath_from_path+0x58d/0x5d0
[  418.162946][ T8944]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  418.162970][ T8944]  tomoyo_path_number_perm+0x1e8/0x5a0
[  418.162997][ T8944]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  418.163041][ T8944]  ? __lock_acquire+0xab9/0xd20
[  418.163090][ T8944]  ? __fget_files+0x2a/0x420
[  418.163119][ T8944]  ? __fget_files+0x2a/0x420
[  418.163142][ T8944]  ? __fget_files+0x3a0/0x420
[  418.163165][ T8944]  ? __fget_files+0x2a/0x420
[  418.163194][ T8944]  security_file_ioctl+0xcb/0x2d0
[  418.163222][ T8944]  __se_sys_ioctl+0x47/0x170
[  418.163246][ T8944]  do_syscall_64+0xfa/0x3b0
[  418.163270][ T8944]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.163297][ T8944]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.163316][ T8944]  ? clear_bhb_loop+0x60/0xb0
[  418.163351][ T8944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.163370][ T8944] RIP: 0033:0x7f47c538e929
[  418.163388][ T8944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  418.163405][ T8944] RSP: 002b:00007f47c614a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  418.163428][ T8944] RAX: ffffffffffffffda RBX: 00007f47c55b5fa0 RCX: 00007f47c538e929
[  418.163443][ T8944] RDX: 0000200000000080 RSI: 00000000c0285628 RDI: 0000000000000003
[  418.163455][ T8944] RBP: 00007f47c614a090 R08: 0000000000000000 R09: 0000000000000000
[  418.163468][ T8944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  418.163479][ T8944] R13: 0000000000000000 R14: 00007f47c55b5fa0 R15: 00007ffd9f3fd638
[  418.163513][ T8944]  </TASK>
[  418.163610][ T8944] ERROR: Out of memory at tomoyo_realpath_from_path.
[  419.845541][ T8957] netlink: 8 bytes leftover after parsing attributes in process `syz.0.850'.
[  420.061391][ T5861] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  420.209261][ T8967] loop9: detected capacity change from 0 to 7
[  420.227615][ T8967] buffer_io_error: 23 callbacks suppressed
[  420.233840][ T8967] Buffer I/O error on dev loop9, logical block 0, async page read
[  420.244508][ T8967] Buffer I/O error on dev loop9, logical block 0, async page read
[  420.255623][ T8967] Buffer I/O error on dev loop9, logical block 0, async page read
[  420.267871][ T8967] Buffer I/O error on dev loop9, logical block 0, async page read
[  420.279908][ T8967] Buffer I/O error on dev loop9, logical block 0, async page read
[  420.355760][ T8967] Buffer I/O error on dev loop9, logical block 0, async page read
[  420.367395][ T8967] Buffer I/O error on dev loop9, logical block 0, async page read
[  420.376130][ T8967] ldm_validate_partition_table(): Disk read failed.
[  420.384584][ T8967] Buffer I/O error on dev loop9, logical block 0, async page read
[  420.394652][ T8967] Buffer I/O error on dev loop9, logical block 0, async page read
[  420.406196][ T8967] Buffer I/O error on dev loop9, logical block 0, async page read
[  420.417968][ T8967] Dev loop9: unable to read RDB block 0
[  420.429696][ T8967]  loop9: unable to read partition table
[  420.438613][ T8967] loop9: partition table beyond EOD, truncated
[  420.445787][ T8967] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  420.445787][ T8967] 
) failed (rc=-5)
[  420.531312][ T8967] 9pnet_fd: Insufficient options for proto=fd
[  421.263944][ T8969] netlink: 20 bytes leftover after parsing attributes in process `syz.3.852'.
[  422.631188][ T8983] batadv0: entered promiscuous mode
[  423.046119][ T8986] 8021q: adding VLAN 0 to HW filter on device batadv0
[  423.054815][   T51] Bluetooth: hci0: unexpected event for opcode 0x1405
[  423.590732][ T8989] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  424.376773][ T8997] netlink: 'syz.3.864': attribute type 10 has an invalid length.
[  424.391361][ T8997] netlink: 40 bytes leftover after parsing attributes in process `syz.3.864'.
[  424.489444][ T8997] team0: Port device geneve0 added
[  424.734846][    T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  424.843005][ T9013] netlink: 20 bytes leftover after parsing attributes in process `syz.0.867'.
[  424.945452][    T9] usb 2-1: config 0 has an invalid interface number: 84 but max is 0
[  424.978062][    T9] usb 2-1: config 0 has an invalid interface number: 66 but max is 0
[  425.000710][    T9] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  425.032966][    T9] usb 2-1: config 0 has no interface number 0
[  425.051512][    T9] usb 2-1: config 0 has no interface number 1
[  425.065322][    T9] usb 2-1: config 0 interface 84 altsetting 0 endpoint 0x4 has invalid maxpacket 1560, setting to 64
[  425.251554][    T9] usb 2-1: config 0 interface 84 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  425.265226][    T9] usb 2-1: too many endpoints for config 0 interface 66 altsetting 153: 216, using maximum allowed: 30
[  425.279131][    T9] usb 2-1: config 0 interface 66 altsetting 153 bulk endpoint 0x5 has invalid maxpacket 32
[  425.289744][    T9] usb 2-1: config 0 interface 66 altsetting 153 has an endpoint descriptor with address 0x12, changing to 0x2
[  425.310214][    T9] usb 2-1: config 0 interface 66 altsetting 153 has an endpoint descriptor with address 0xE6, changing to 0x86
[  425.323116][    T9] usb 2-1: config 0 interface 66 altsetting 153 endpoint 0x86 has invalid maxpacket 34869, setting to 1024
[  425.336252][    T9] usb 2-1: config 0 interface 66 altsetting 153 bulk endpoint 0x86 has invalid maxpacket 1024
[  425.348237][    T9] usb 2-1: config 0 interface 66 altsetting 153 has 3 endpoint descriptors, different from the interface descriptor's value: 216
[  425.361549][ T5890] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  425.362743][    T9] usb 2-1: config 0 interface 66 has no altsetting 0
[  426.192265][    T9] usb 2-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3
[  426.285984][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.320313][    T9] usb 2-1: Product: syz
[  426.326739][    T9] usb 2-1: Manufacturer: syz
[  426.343369][    T9] usb 2-1: SerialNumber: syz
[  426.369170][ T5890] usb 4-1: device descriptor read/64, error -71
[  426.384800][    T9] usb 2-1: config 0 descriptor??
[  426.408586][    T9] ljca 2-1:0.84: bulk endpoints not found
[  426.778330][ T5890] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  426.795688][   T10] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  426.818978][    T9] ljca 2-1:0.66: probe with driver ljca failed with error -71
[  426.836425][    T9] usb 2-1: USB disconnect, device number 11
[  426.920455][ T5890] usb 4-1: device descriptor read/64, error -71
[  427.631758][   T10] usb 5-1: Using ep0 maxpacket: 16
[  427.663652][   T10] usb 5-1: config 0 has an invalid interface number: 35 but max is 0
[  427.682075][   T10] usb 5-1: config 0 has no interface number 0
[  427.699562][   T10] usb 5-1: config 0 interface 35 altsetting 0 endpoint 0xE has an invalid bInterval 0, changing to 7
[  427.711616][ T5890] usb usb4-port1: attempt power cycle
[  427.731811][   T10] usb 5-1: config 0 interface 35 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  427.767013][   T10] usb 5-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=ec.5c
[  427.786782][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  427.797263][   T10] usb 5-1: Product: syz
[  427.805502][   T10] usb 5-1: Manufacturer: syz
[  427.811718][   T10] usb 5-1: SerialNumber: syz
[  427.827674][   T10] usb 5-1: config 0 descriptor??
[  427.844067][   T10] cypress_m8 5-1:0.35: Nokia CA-42 V2 Adapter converter detected
[  427.997159][ T9048] XFS (nbd0): no-recovery mounts must be read-only.
[  428.061725][ T5890] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  428.076561][   T10] usb 5-1: Nokia CA-42 V2 Adapter converter now attached to ttyUSB0
[  428.102949][ T5890] usb 4-1: device descriptor read/8, error -71
[  428.401796][ T9050] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.573201][ T9050] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  429.840003][ T5919] usb 5-1: USB disconnect, device number 15
[  429.913605][ T5919] nokiaca42v2 ttyUSB0: Nokia CA-42 V2 Adapter converter now disconnected from ttyUSB0
[  429.950057][ T5919] cypress_m8 5-1:0.35: device disconnected
[  430.859337][ T9086] binder: 9085:9086 ioctl c0045005 200000000000 returned -22
[  431.254157][ T9095] netlink: 64 bytes leftover after parsing attributes in process `syz.1.892'.
[  431.321877][ T5890] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  431.374661][ T9099] netlink: 12 bytes leftover after parsing attributes in process `syz.3.893'.
[  431.440627][ T9102] bridge1: port 1(veth0_to_bond) entered blocking state
[  431.474341][ T9102] bridge1: port 1(veth0_to_bond) entered disabled state
[  431.489289][ T9102] veth0_to_bond: entered allmulticast mode
[  431.499793][ T5890] usb 5-1: config index 0 descriptor too short (expected 65535, got 27)
[  431.519053][ T9102] veth0_to_bond: entered promiscuous mode
[  431.530856][ T5890] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  431.545490][ T5890] usb 5-1: config 0 has no interfaces?
[  431.557777][ T5890] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  431.570964][ T5890] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  431.596451][ T5890] usb 5-1: Product: syz
[  431.607543][ T5890] usb 5-1: Manufacturer: syz
[  431.626983][ T5890] usb 5-1: SerialNumber: syz
[  431.697429][ T5890] usb 5-1: config 0 descriptor??
[  431.971581][ T9108] vivid-001: =================  START STATUS  =================
[  431.980876][ T9108] vivid-001: Radio HW Seek Mode: Bounded
[  431.987430][ T9108] vivid-001: Radio Programmable HW Seek: false
[  431.994061][ T9108] vivid-001: RDS Rx I/O Mode: Block I/O
[  431.999871][ T9108] vivid-001: Generate RBDS Instead of RDS: false
[  432.006817][ T9108] vivid-001: RDS Reception: true
[  432.012123][ T9108] vivid-001: RDS Program Type: 0 inactive
[  432.018387][ T9108] vivid-001: RDS PS Name:  inactive
[  432.949428][ T9108] vivid-001: RDS Radio Text:  inactive
[  432.958452][ T9108] vivid-001: RDS Traffic Announcement: false inactive
[  432.966287][ T9108] vivid-001: RDS Traffic Program: false inactive
[  432.973393][ T9108] vivid-001: RDS Music: false inactive
[  432.979376][ T9108] vivid-001: ==================  END STATUS  ==================
[  433.066838][ T9114] netlink: 20 bytes leftover after parsing attributes in process `syz.4.890'.
[  434.572009][ T9118] sock: sock_timestamping_bind_phc: sock not bind to device
[  434.629224][ T9120] batadv0: entered promiscuous mode
[  434.642727][   T30] kauditd_printk_skb: 1494 callbacks suppressed
[  434.642748][   T30] audit: type=1326 audit(1751139874.755:4008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9117 comm="syz.2.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  434.645153][ T9120] vlan3: entered promiscuous mode
[  434.654438][   T30] audit: type=1326 audit(1751139874.755:4009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9117 comm="syz.2.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  434.708994][   T30] audit: type=1326 audit(1751139874.755:4010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9117 comm="syz.2.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  434.741418][   T30] audit: type=1326 audit(1751139874.785:4011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9117 comm="syz.2.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  434.764629][   T30] audit: type=1326 audit(1751139874.785:4012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9117 comm="syz.2.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  434.790761][   T30] audit: type=1326 audit(1751139874.785:4013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9117 comm="syz.2.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  434.816666][   T30] audit: type=1326 audit(1751139874.785:4014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9117 comm="syz.2.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  434.888491][   T30] audit: type=1326 audit(1751139874.785:4015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9117 comm="syz.2.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  434.913836][   T30] audit: type=1326 audit(1751139874.815:4016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9117 comm="syz.2.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  434.945744][   T30] audit: type=1326 audit(1751139874.825:4017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9117 comm="syz.2.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  435.427650][ T9131] netlink: 20 bytes leftover after parsing attributes in process `syz.2.902'.
[  435.604916][ T5919] usb 5-1: USB disconnect, device number 16
[  435.671402][ T5970] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  435.941414][ T5890] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  436.024387][ T5970] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  436.096453][ T5970] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  436.151629][ T5890] usb 3-1: Using ep0 maxpacket: 8
[  436.205725][ T5890] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  436.340554][ T5890] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  436.367500][ T5970] usb 1-1: config 0 descriptor??
[  436.468513][ T5890] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  436.569475][ T5970] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  436.592088][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  436.703496][ T5890] usb 3-1: config 0 descriptor??
[  437.855823][ T5970] gp8psk: usb in 128 operation failed.
[  437.893383][ T5970] gp8psk: usb in 137 operation failed.
[  437.899657][ T5970] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  438.302811][ T5970] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  438.345009][ T9149] netlink: 36 bytes leftover after parsing attributes in process `syz.4.907'.
[  438.354024][ T5970] usb 1-1: USB disconnect, device number 17
[  438.374986][ T9149] lo speed is unknown, defaulting to 1000
[  438.387106][ T9149] lo speed is unknown, defaulting to 1000
[  438.411438][ T5890] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  438.422840][ T9149] lo speed is unknown, defaulting to 1000
[  438.661370][ T5890] usb 2-1: Using ep0 maxpacket: 16
[  438.669026][ T5890] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  438.804193][ T9149] infiniband syz2: set active
[  438.809962][ T9149] infiniband syz2: added lo
[  438.823258][ T5970] lo speed is unknown, defaulting to 1000
[  438.864836][ T9149] RDS/IB: syz2: added
[  438.869704][ T9149] smc: adding ib device syz2 with port count 1
[  438.893840][ T9149] smc:    ib device syz2 port 1 has pnetid 
[  438.921192][ T5904] lo speed is unknown, defaulting to 1000
[  438.929860][ T5890] usb 2-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25
[  438.947988][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.957808][ T9149] lo speed is unknown, defaulting to 1000
[  438.969361][ T5890] usb 2-1: Product: syz
[  438.973916][ T5890] usb 2-1: Manufacturer: syz
[  438.992940][ T5890] usb 2-1: SerialNumber: syz
[  439.016420][ T5890] usb 2-1: config 0 descriptor??
[  439.033283][ T5890] hub 2-1:0.0: bad descriptor, ignoring hub
[  439.045041][ T5890] hub 2-1:0.0: probe with driver hub failed with error -5
[  439.675243][   T10] usb 3-1: USB disconnect, device number 9
[  440.439456][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  440.445973][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  440.501926][   T10] usb 2-1: USB disconnect, device number 12
[  440.782810][ T9171] netlink: 'syz.3.915': attribute type 4 has an invalid length.
[  440.791147][ T9171] netlink: 152 bytes leftover after parsing attributes in process `syz.3.915'.
[  440.880985][ T9171] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  441.058297][ T9149] lo speed is unknown, defaulting to 1000
[  441.738796][ T9149] lo speed is unknown, defaulting to 1000
[  441.901358][ T9177] FAULT_INJECTION: forcing a failure.
[  441.901358][ T9177] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  441.915450][ T9177] CPU: 1 UID: 0 PID: 9177 Comm: syz.2.919 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  441.915469][ T9177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  441.915477][ T9177] Call Trace:
[  441.915483][ T9177]  <TASK>
[  441.915488][ T9177]  dump_stack_lvl+0x189/0x250
[  441.915512][ T9177]  ? __pfx____ratelimit+0x10/0x10
[  441.915529][ T9177]  ? __pfx_dump_stack_lvl+0x10/0x10
[  441.915545][ T9177]  ? __pfx__printk+0x10/0x10
[  441.915564][ T9177]  ? __might_fault+0xb0/0x130
[  441.915585][ T9177]  should_fail_ex+0x414/0x560
[  441.915602][ T9177]  _copy_from_iter+0x1db/0x16f0
[  441.915622][ T9177]  ? rcu_is_watching+0x15/0xb0
[  441.915639][ T9177]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  441.915654][ T9177]  ? __pfx__copy_from_iter+0x10/0x10
[  441.915671][ T9177]  ? __build_skb_around+0x257/0x3e0
[  441.915685][ T9177]  ? netlink_sendmsg+0x642/0xb30
[  441.915697][ T9177]  ? skb_put+0x11b/0x210
[  441.915711][ T9177]  netlink_sendmsg+0x6b2/0xb30
[  441.915729][ T9177]  ? __pfx_netlink_sendmsg+0x10/0x10
[  441.915747][ T9177]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  441.915761][ T9177]  ? __pfx_netlink_sendmsg+0x10/0x10
[  441.915774][ T9177]  __sock_sendmsg+0x21c/0x270
[  441.915792][ T9177]  sock_write_iter+0x258/0x330
[  441.915809][ T9177]  ? __pfx_sock_write_iter+0x10/0x10
[  441.915839][ T9177]  do_iter_readv_writev+0x56e/0x7f0
[  441.915855][ T9177]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  441.915868][ T9177]  ? __irq_work_queue_local+0x1d7/0x550
[  441.915885][ T9177]  ? __pfx___irq_work_queue_local+0x10/0x10
[  441.915900][ T9177]  ? bpf_lsm_file_permission+0x9/0x20
[  441.915914][ T9177]  ? security_file_permission+0x75/0x290
[  441.915929][ T9177]  ? rw_verify_area+0x258/0x650
[  441.915945][ T9177]  vfs_writev+0x31a/0x960
[  441.915963][ T9177]  ? __lock_acquire+0xab9/0xd20
[  441.915980][ T9177]  ? __pfx_vfs_writev+0x10/0x10
[  441.916005][ T9177]  ? __fget_files+0x2a/0x420
[  441.916023][ T9177]  ? __fget_files+0x3a0/0x420
[  441.916037][ T9177]  ? __fget_files+0x2a/0x420
[  441.916125][ T9177]  do_writev+0x14d/0x2d0
[  441.916143][ T9177]  ? __pfx_do_writev+0x10/0x10
[  441.916159][ T9177]  ? rcu_is_watching+0x15/0xb0
[  441.916175][ T9177]  ? trace_sys_enter+0x25/0x120
[  441.916193][ T9177]  do_syscall_64+0xfa/0x3b0
[  441.916211][ T9177]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.916222][ T9177]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  441.916244][ T9177]  ? clear_bhb_loop+0x60/0xb0
[  441.916258][ T9177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.916270][ T9177] RIP: 0033:0x7fcf05d8e929
[  441.916281][ T9177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  441.916292][ T9177] RSP: 002b:00007fcf06b1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  441.916307][ T9177] RAX: ffffffffffffffda RBX: 00007fcf05fb5fa0 RCX: 00007fcf05d8e929
[  441.916319][ T9177] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000009
[  441.916327][ T9177] RBP: 00007fcf06b1f090 R08: 0000000000000000 R09: 0000000000000000
[  441.916334][ T9177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  441.916341][ T9177] R13: 0000000000000000 R14: 00007fcf05fb5fa0 R15: 00007ffc5f77d908
[  441.916360][ T9177]  </TASK>
[  443.800891][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  443.815736][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  443.826111][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  443.839033][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  443.849066][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  445.759947][ T9169] lo speed is unknown, defaulting to 1000
[  445.943668][ T5890] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  445.993125][   T51] Bluetooth: hci4: command tx timeout
[  446.201382][ T5890] usb 2-1: not running at top speed; connect to a high speed hub
[  446.224852][ T5890] usb 2-1: config 1 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  446.241460][ T5890] usb 2-1: config 1 interface 0 altsetting 2 endpoint 0x2 has an invalid bInterval 0, changing to 10
[  446.254526][ T5890] usb 2-1: config 1 interface 0 has no altsetting 0
[  446.264599][ T5890] usb 2-1: New USB device found, idVendor=18d1, idProduct=502d, bcdDevice= 0.40
[  446.276019][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.285093][ T5890] usb 2-1: Manufacturer: 
[  446.289823][ T5890] usb 2-1: SerialNumber: 械
[  446.307645][ T9200] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  446.627580][ T9190] lo speed is unknown, defaulting to 1000
[  446.743607][ T5890] usbhid 2-1:1.0: can't add hid device: -71
[  446.749897][ T5890] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  446.786644][ T5890] usb 2-1: USB disconnect, device number 13
[  447.110050][ T9149] lo speed is unknown, defaulting to 1000
[  447.121382][ T5904] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  447.306383][ T5904] usb 4-1: too many configurations: 255, using maximum allowed: 8
[  447.352974][ T5904] usb 4-1: unable to read config index 0 descriptor/start: -61
[  447.381439][ T5904] usb 4-1: can't read configurations, error -61
[  447.546097][ T5904] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  447.597050][ T9149] lo speed is unknown, defaulting to 1000
[  447.639202][ T9190] chnl_net:caif_netlink_parms(): no params data found
[  447.712355][ T5904] usb 4-1: too many configurations: 255, using maximum allowed: 8
[  447.732934][ T5904] usb 4-1: unable to read config index 0 descriptor/start: -61
[  447.751356][ T5904] usb 4-1: can't read configurations, error -61
[  447.758376][ T5904] usb usb4-port1: attempt power cycle
[  447.849642][ T9190] bridge0: port 1(bridge_slave_0) entered blocking state
[  447.857441][ T9190] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.865598][ T9190] bridge_slave_0: entered allmulticast mode
[  447.875423][ T9190] bridge_slave_0: entered promiscuous mode
[  447.886725][ T9190] bridge0: port 2(bridge_slave_1) entered blocking state
[  447.896642][ T9190] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.907102][ T9190] bridge_slave_1: entered allmulticast mode
[  447.916853][ T9190] bridge_slave_1: entered promiscuous mode
[  447.977224][ T9190] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  448.003395][ T9190] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  448.031711][   T51] Bluetooth: hci4: command tx timeout
[  448.121915][ T5904] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  448.158136][ T5904] usb 4-1: too many configurations: 255, using maximum allowed: 8
[  448.170123][ T5904] usb 4-1: unable to read config index 0 descriptor/start: -61
[  448.179856][ T5904] usb 4-1: can't read configurations, error -61
[  448.246679][ T9228] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  448.307059][ T9190] team0: Port device team_slave_0 added
[  448.331724][ T5904] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  448.358910][ T9190] team0: Port device team_slave_1 added
[  448.403390][ T5904] usb 4-1: too many configurations: 255, using maximum allowed: 8
[  448.414544][ T5904] usb 4-1: unable to read config index 0 descriptor/start: -61
[  448.433708][ T5904] usb 4-1: can't read configurations, error -61
[  448.441171][ T5904] usb usb4-port1: unable to enumerate USB device
[  449.116963][ T9190] batman_adv: batadv0: Adding interface: batadv_slave_0
[  449.128038][ T9190] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  449.198779][ T9190] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  449.233255][ T9190] batman_adv: batadv0: Adding interface: batadv_slave_1
[  449.262456][ T9190] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  449.330270][ T9190] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  449.621748][ T5912] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  449.863618][ T5912] usb 2-1: Using ep0 maxpacket: 8
[  449.994390][ T5912] usb 2-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice= 0.6d
[  450.060821][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.111492][   T51] Bluetooth: hci4: command tx timeout
[  450.117592][ T5912] usb 2-1: Product: syz
[  450.148457][ T5912] usb 2-1: Manufacturer: syz
[  450.186733][ T5912] usb 2-1: SerialNumber: syz
[  450.319277][ T5912] usb 2-1: config 0 descriptor??
[  450.374684][ T5912] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  450.657824][ T9250] loop9: detected capacity change from 0 to 7
[  450.666805][ T9250] buffer_io_error: 9 callbacks suppressed
[  450.666861][ T9250] Buffer I/O error on dev loop9, logical block 0, async page read
[  450.683750][ T9250] Buffer I/O error on dev loop9, logical block 0, async page read
[  450.692622][ T9250] Buffer I/O error on dev loop9, logical block 0, async page read
[  450.701787][ T9250] Buffer I/O error on dev loop9, logical block 0, async page read
[  450.710538][ T9250] Buffer I/O error on dev loop9, logical block 0, async page read
[  450.719583][ T9250] Buffer I/O error on dev loop9, logical block 0, async page read
[  450.728300][ T9250] Buffer I/O error on dev loop9, logical block 0, async page read
[  450.738429][ T9250] ldm_validate_partition_table(): Disk read failed.
[  450.762411][ T9250] Buffer I/O error on dev loop9, logical block 0, async page read
[  450.772376][ T9250] Buffer I/O error on dev loop9, logical block 0, async page read
[  450.783795][ T9250] Buffer I/O error on dev loop9, logical block 0, async page read
[  450.793139][ T9250] Dev loop9: unable to read RDB block 0
[  450.800060][ T9250]  loop9: unable to read partition table
[  450.806857][ T9250] loop9: partition table beyond EOD, truncated
[  450.813674][ T9250] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  450.813674][ T9250] 
) failed (rc=-5)
[  450.870802][ T9250] 9pnet_fd: Insufficient options for proto=fd
[  451.550886][ T5912] gspca_sonixj: reg_w1 err -110
[  451.566236][ T5912] sonixj 2-1:0.0: probe with driver sonixj failed with error -110
[  452.581721][   T51] Bluetooth: hci4: command tx timeout
[  453.354901][ T5919] usb 2-1: USB disconnect, device number 14
[  453.547500][ T9190] hsr_slave_0: entered promiscuous mode
[  453.576397][ T9190] hsr_slave_1: entered promiscuous mode
[  453.911854][ T9270] smk_cipso_doi:679 remove rc = -2
[  454.026525][ T9271] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  456.365485][ T9190] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  456.396445][ T9190] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  457.192089][ T9190] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  457.241075][ T9190] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  457.727933][ T9190] 8021q: adding VLAN 0 to HW filter on device bond0
[  457.949617][ T9190] 8021q: adding VLAN 0 to HW filter on device team0
[  458.086111][ T9311] netlink: 'syz.3.953': attribute type 6 has an invalid length.
[  458.688478][ T6438] bridge0: port 1(bridge_slave_0) entered blocking state
[  458.695789][ T6438] bridge0: port 1(bridge_slave_0) entered forwarding state
[  458.781056][ T6054] bridge0: port 2(bridge_slave_1) entered blocking state
[  458.788541][ T6054] bridge0: port 2(bridge_slave_1) entered forwarding state
[  459.068655][ T9317] netlink: 'syz.4.957': attribute type 27 has an invalid length.
[  459.089503][ T9190] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  460.621610][ T9330] Driver unsupported XDP return value 0 on prog  (id 190) dev N/A, expect packet loss!
[  460.769827][ T9340] smk_cipso_doi:692 cipso add rc = -22
[  460.842595][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  460.842615][   T30] audit: type=1326 audit(1751139901.934:4027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9341 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb72658e929 code=0x7ffc0000
[  461.504415][   T30] audit: type=1326 audit(1751139901.934:4028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9341 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb72658e929 code=0x7ffc0000
[  461.544316][   T30] audit: type=1326 audit(1751139901.934:4029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9341 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fb72658e929 code=0x7ffc0000
[  461.565982][    C1] vkms_vblank_simulate: vblank timer overrun
[  461.578175][   T30] audit: type=1326 audit(1751139901.934:4030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9341 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb72658e929 code=0x7ffc0000
[  461.600307][    C1] vkms_vblank_simulate: vblank timer overrun
[  461.607618][   T30] audit: type=1326 audit(1751139901.934:4031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9341 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb72658e929 code=0x7ffc0000
[  461.630855][   T30] audit: type=1326 audit(1751139901.934:4032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9341 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fb72658e929 code=0x7ffc0000
[  461.652780][    C1] vkms_vblank_simulate: vblank timer overrun
[  461.664757][   T30] audit: type=1326 audit(1751139901.944:4033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9341 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb72652ab19 code=0x7ffc0000
[  461.687316][    C1] vkms_vblank_simulate: vblank timer overrun
[  461.707343][   T30] audit: type=1326 audit(1751139901.944:4034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9341 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb72652ab19 code=0x7ffc0000
[  461.770838][   T30] audit: type=1326 audit(1751139901.944:4035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9341 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb72652ab19 code=0x7ffc0000
[  461.798730][   T30] audit: type=1326 audit(1751139901.944:4036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9341 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb72658e929 code=0x7ffc0000
[  461.820400][    C1] vkms_vblank_simulate: vblank timer overrun
[  461.851560][ T9353] XFS (nbd4): no-recovery mounts must be read-only.
[  462.928733][ T9190] 8021q: adding VLAN 0 to HW filter on device batadv0
[  462.984653][ T9343] netlink: 24 bytes leftover after parsing attributes in process `syz.1.965'.
[  463.499448][ T9367] loop9: detected capacity change from 0 to 8
[  464.104514][ T9367]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  464.110156][ T9367] loop9: partition table partially beyond EOD, truncated
[  464.118193][ T9367] loop9: p1 size 81768186 extends beyond EOD, truncated
[  464.367106][ T8801] udevd[8801]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory
[  464.733303][ T9384] autofs: Bad value for 'fd'
[  464.852448][ T9385] virtio-fs: tag </dev/md0> not found
[  464.971743][ T5919] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  465.541995][ T5919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  465.564756][ T5919] usb 2-1: New USB device found, idVendor=0403, idProduct=97c1, bcdDevice= 0.00
[  465.575937][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.883220][ T5919] usb 2-1: config 0 descriptor??
[  465.902377][ T9383] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  465.953607][ T9394] netlink: 4 bytes leftover after parsing attributes in process `syz.3.978'.
[  466.731082][ T9190] veth0_vlan: entered promiscuous mode
[  466.754396][   T30] kauditd_printk_skb: 324 callbacks suppressed
[  466.754417][   T30] audit: type=1326 audit(1751139907.854:4361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9392 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  466.834432][   T30] audit: type=1326 audit(1751139907.854:4362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9392 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  466.859794][   T30] audit: type=1326 audit(1751139907.854:4363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9392 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  466.884564][   T30] audit: type=1326 audit(1751139907.854:4364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9392 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  466.886019][ T9190] veth1_vlan: entered promiscuous mode
[  466.981493][   T30] audit: type=1326 audit(1751139907.854:4365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9392 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  467.047186][ T9398] wg2: entered promiscuous mode
[  467.052570][ T9398] wg2: entered allmulticast mode
[  467.777952][   T30] audit: type=1326 audit(1751139907.854:4366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9392 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fcf05d8e929 code=0x7ffc0000
[  467.887776][   T30] audit: type=1326 audit(1751139907.854:4367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9392 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf05d2ab19 code=0x7ffc0000
[  467.978118][ T9190] veth0_macvtap: entered promiscuous mode
[  467.992662][   T30] audit: type=1326 audit(1751139907.854:4368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9392 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf05d2ab19 code=0x7ffc0000
[  468.015518][ T9190] veth1_macvtap: entered promiscuous mode
[  468.081605][ T5919] usbhid 2-1:0.0: can't add hid device: -71
[  468.092043][ T5919] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  468.108953][ T9190] batman_adv: batadv0: Interface activated: batadv_slave_0
[  468.280089][   T30] audit: type=1326 audit(1751139907.854:4369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9392 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf05d2ab19 code=0x7ffc0000
[  468.287708][ T9190] batman_adv: batadv0: Interface activated: batadv_slave_1
[  468.367016][ T9190] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  469.010884][ T9405] loop9: detected capacity change from 0 to 8
[  469.012618][ T5919] usb 2-1: USB disconnect, device number 15
[  469.040647][   T30] audit: type=1326 audit(1751139907.854:4370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9392 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf05d2ab19 code=0x7ffc0000
[  469.063108][    C1] vkms_vblank_simulate: vblank timer overrun
[  469.138161][ T9190] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  469.147503][ T9190] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  469.158225][ T9190] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  470.753071][ T9422] FAULT_INJECTION: forcing a failure.
[  470.753071][ T9422] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  470.845750][ T4945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  470.883387][ T4945] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  470.895144][ T9422] CPU: 0 UID: 0 PID: 9422 Comm: syz.2.988 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  470.895175][ T9422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  470.895187][ T9422] Call Trace:
[  470.895195][ T9422]  <TASK>
[  470.895204][ T9422]  dump_stack_lvl+0x189/0x250
[  470.895240][ T9422]  ? __pfx____ratelimit+0x10/0x10
[  470.895268][ T9422]  ? __pfx_dump_stack_lvl+0x10/0x10
[  470.895297][ T9422]  ? __pfx__printk+0x10/0x10
[  470.895333][ T9422]  should_fail_ex+0x414/0x560
[  470.895363][ T9422]  _copy_to_user+0x31/0xb0
[  470.895396][ T9422]  simple_read_from_buffer+0xe1/0x170
[  470.895428][ T9422]  proc_fail_nth_read+0x1df/0x250
[  470.895459][ T9422]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  470.895490][ T9422]  ? rw_verify_area+0x258/0x650
[  470.895512][ T9422]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  470.895541][ T9422]  vfs_read+0x1fd/0x980
[  470.895569][ T9422]  ? __pfx___mutex_lock+0x10/0x10
[  470.895599][ T9422]  ? __pfx_vfs_read+0x10/0x10
[  470.895623][ T9422]  ? __fget_files+0x2a/0x420
[  470.895655][ T9422]  ? __fget_files+0x3a0/0x420
[  470.895678][ T9422]  ? __fget_files+0x2a/0x420
[  470.895713][ T9422]  ksys_read+0x145/0x250
[  470.895738][ T9422]  ? __pfx_ksys_read+0x10/0x10
[  470.895757][ T9422]  ? rcu_is_watching+0x15/0xb0
[  470.895791][ T9422]  ? do_syscall_64+0xbe/0x3b0
[  470.895836][ T9422]  do_syscall_64+0xfa/0x3b0
[  470.895862][ T9422]  ? lockdep_hardirqs_on+0x9c/0x150
[  470.895887][ T9422]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.895907][ T9422]  ? clear_bhb_loop+0x60/0xb0
[  470.895932][ T9422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.895951][ T9422] RIP: 0033:0x7fcf05d8d33c
[  470.895969][ T9422] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  470.895986][ T9422] RSP: 002b:00007fcf06b1f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  470.896009][ T9422] RAX: ffffffffffffffda RBX: 00007fcf05fb5fa0 RCX: 00007fcf05d8d33c
[  470.896023][ T9422] RDX: 000000000000000f RSI: 00007fcf06b1f0a0 RDI: 0000000000000004
[  470.896035][ T9422] RBP: 00007fcf06b1f090 R08: 0000000000000000 R09: 0000000000000000
[  470.896046][ T9422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  470.896058][ T9422] R13: 0000000000000000 R14: 00007fcf05fb5fa0 R15: 00007ffc5f77d908
[  470.896091][ T9422]  </TASK>
[  471.159208][ T6444] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  471.167990][ T6444] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  472.025603][ T9430] netlink: 20 bytes leftover after parsing attributes in process `syz.3.989'.
[  472.082372][ T9434] netlink: 24 bytes leftover after parsing attributes in process `syz.2.992'.
[  472.097090][ T9434] netlink: 1284 bytes leftover after parsing attributes in process `syz.2.992'.
[  472.343950][ T9439] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.918'.
[  472.722421][ T9445] loop9: detected capacity change from 0 to 7
[  472.732292][ T9445] buffer_io_error: 4 callbacks suppressed
[  472.732367][ T9445] Buffer I/O error on dev loop9, logical block 0, async page read
[  472.747422][ T9445] Buffer I/O error on dev loop9, logical block 0, async page read
[  472.756527][ T9445] Buffer I/O error on dev loop9, logical block 0, async page read
[  472.765347][ T9445] Buffer I/O error on dev loop9, logical block 0, async page read
[  472.774298][ T9445] Buffer I/O error on dev loop9, logical block 0, async page read
[  472.784046][ T9445] Buffer I/O error on dev loop9, logical block 0, async page read
[  472.795069][ T9445] Buffer I/O error on dev loop9, logical block 0, async page read
[  472.833992][ T9445] ldm_validate_partition_table(): Disk read failed.
[  472.841156][ T9445] Buffer I/O error on dev loop9, logical block 0, async page read
[  472.850113][ T9445] Buffer I/O error on dev loop9, logical block 0, async page read
[  472.858761][ T9445] Buffer I/O error on dev loop9, logical block 0, async page read
[  472.867961][ T9445] Dev loop9: unable to read RDB block 0
[  472.875210][ T9445]  loop9: unable to read partition table
[  472.882345][ T9445] loop9: partition table beyond EOD, truncated
[  472.889012][ T9445] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  472.889012][ T9445] 
) failed (rc=-5)
[  472.979287][ T9445] 9pnet_fd: Insufficient options for proto=fd
[  475.266818][ T9452] netlink: 'syz.3.997': attribute type 10 has an invalid length.
[  475.392986][ T9452] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  475.579861][ T9469] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1003'.
[  475.948727][ T9475] netlink: 'syz.1.1003': attribute type 10 has an invalid length.
[  476.788211][ T9478] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1004'.
[  476.867508][ T9475] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  476.875082][ T9475] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  477.503026][ T9475] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  477.509241][ T9475] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  477.527922][ T9475] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  477.534376][ T9475] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  477.562414][ T9475] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  477.568515][ T9475] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  477.593890][ T9475] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  477.600032][ T9475] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  477.613732][ T9475] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  479.017365][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  479.300319][ T9501] loop9: detected capacity change from 0 to 8
[  479.641412][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  479.647534][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  479.671463][ T5830] Bluetooth: hci4: command 0x0c1a tx timeout
[  479.677671][ T5830] Bluetooth: hci2: command 0x0406 tx timeout
[  480.025573][ T9501]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  480.031352][ T9501] loop9: partition table partially beyond EOD, truncated
[  480.038773][ T9501] loop9: p1 size 81768186 extends beyond EOD, truncated
[  480.535789][ T8801] udevd[8801]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory
[  480.761848][ T9513] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1014'.
[  481.277045][    T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  481.297814][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  481.316169][ T9513] bridge0: port 1(bridge_slave_0) entered disabled state
[  481.858892][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[  481.881443][ T5830] Bluetooth: hci3: command 0x0406 tx timeout
[  481.977631][ T5830] Bluetooth: hci1: command 0x0406 tx timeout
[  481.988203][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  482.164455][    T9] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  482.185158][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.225731][ T9513] bridge_slave_0 (unregistering): left allmulticast mode
[  482.241542][ T9513] bridge_slave_0 (unregistering): left promiscuous mode
[  482.249130][    T9] usb 3-1: config 0 descriptor??
[  482.287505][ T9513] bridge0: port 1(bridge_slave_0) entered disabled state
[  483.349208][ T9526] lo speed is unknown, defaulting to 1000
[  484.031525][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout
[  484.990331][ T9509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  485.044346][ T9509] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  485.101455][    T9] usb 3-1: Cannot set autoneg
[  485.161721][    T9] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  485.234180][    T9] usb 3-1: USB disconnect, device number 10
[  486.971098][ T9572] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1028'.
[  487.730158][ T9583] loop2: detected capacity change from 0 to 6
[  487.767547][ T9583] Dev loop2: unable to read RDB block 6
[  487.790188][ T9583]  loop2: unable to read partition table
[  487.810546][ T9583] loop2: partition table beyond EOD, truncated
[  487.827802][ T9583] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  490.372306][ T9609] XFS (nbd2): no-recovery mounts must be read-only.
[  491.405294][ T9620] FAULT_INJECTION: forcing a failure.
[  491.405294][ T9620] name failslab, interval 1, probability 0, space 0, times 0
[  491.449960][ T9620] CPU: 1 UID: 0 PID: 9620 Comm: syz.5.1045 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  491.449991][ T9620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  491.450003][ T9620] Call Trace:
[  491.450012][ T9620]  <TASK>
[  491.450021][ T9620]  dump_stack_lvl+0x189/0x250
[  491.450054][ T9620]  ? __pfx____ratelimit+0x10/0x10
[  491.450082][ T9620]  ? __pfx_dump_stack_lvl+0x10/0x10
[  491.450111][ T9620]  ? __pfx__printk+0x10/0x10
[  491.450137][ T9620]  ? __pfx___might_resched+0x10/0x10
[  491.450162][ T9620]  ? fs_reclaim_acquire+0x7d/0x100
[  491.450194][ T9620]  should_fail_ex+0x414/0x560
[  491.450224][ T9620]  should_failslab+0xa8/0x100
[  491.450251][ T9620]  __kmalloc_noprof+0xcb/0x4f0
[  491.450271][ T9620]  ? kfree+0x4d/0x440
[  491.450288][ T9620]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  491.450321][ T9620]  tomoyo_realpath_from_path+0xe3/0x5d0
[  491.450349][ T9620]  ? tomoyo_domain+0xda/0x130
[  491.450382][ T9620]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  491.450406][ T9620]  tomoyo_path_number_perm+0x1e8/0x5a0
[  491.450432][ T9620]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  491.450471][ T9620]  ? __lock_acquire+0xab9/0xd20
[  491.450518][ T9620]  ? __fget_files+0x2a/0x420
[  491.450554][ T9620]  ? __fget_files+0x2a/0x420
[  491.450575][ T9620]  ? __fget_files+0x3a0/0x420
[  491.450597][ T9620]  ? __fget_files+0x2a/0x420
[  491.450626][ T9620]  security_file_ioctl+0xcb/0x2d0
[  491.450652][ T9620]  __se_sys_ioctl+0x47/0x170
[  491.450676][ T9620]  do_syscall_64+0xfa/0x3b0
[  491.450701][ T9620]  ? lockdep_hardirqs_on+0x9c/0x150
[  491.450727][ T9620]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.450756][ T9620]  ? clear_bhb_loop+0x60/0xb0
[  491.450780][ T9620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.450800][ T9620] RIP: 0033:0x7f7c7298e929
[  491.450820][ T9620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  491.450838][ T9620] RSP: 002b:00007f7c7372a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  491.450861][ T9620] RAX: ffffffffffffffda RBX: 00007f7c72bb5fa0 RCX: 00007f7c7298e929
[  491.450874][ T9620] RDX: 0000200000000180 RSI: 0000000000000707 RDI: 0000000000000003
[  491.450886][ T9620] RBP: 00007f7c7372a090 R08: 0000000000000000 R09: 0000000000000000
[  491.450897][ T9620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  491.450908][ T9620] R13: 0000000000000000 R14: 00007f7c72bb5fa0 R15: 00007fffd085af78
[  491.450940][ T9620]  </TASK>
[  491.710144][ T9620] ERROR: Out of memory at tomoyo_realpath_from_path.
[  491.861637][ T5970] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  492.202139][ T5970] usb 4-1: Using ep0 maxpacket: 32
[  492.240387][ T5970] usb 4-1: config index 0 descriptor too short (expected 9, got 0)
[  492.357168][ T5970] usb 4-1: can't read configurations, error -22
[  492.531449][ T5970] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  492.893021][ T5970] usb 4-1: Using ep0 maxpacket: 32
[  492.956740][ T5919] IPVS: starting estimator thread 0...
[  493.525722][ T5970] usb 4-1: config index 0 descriptor too short (expected 9, got 0)
[  493.565050][ T5970] usb 4-1: can't read configurations, error -22
[  493.598857][ T5970] usb usb4-port1: attempt power cycle
[  493.611977][ T9633] IPVS: using max 28 ests per chain, 67200 per kthread
[  493.981665][ T5970] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  494.097435][ T5970] usb 4-1: Using ep0 maxpacket: 32
[  494.271480][ T5970] usb 4-1: config index 0 descriptor too short (expected 9, got 0)
[  494.279727][ T5970] usb 4-1: can't read configurations, error -22
[  494.730940][ T9648] XFS (nbd2): no-recovery mounts must be read-only.
[  494.813896][ T9651] syz.3.1056: attempt to access beyond end of device
[  494.813896][ T9651] loop3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  495.122383][ T9651] EXT4-fs (loop3): unable to read superblock
[  497.230674][ T9679] XFS (nbd5): no-recovery mounts must be read-only.
[  498.711975][ T9688] veth0_to_team: entered promiscuous mode
[  498.717946][ T9688] veth0_to_team: entered allmulticast mode
[  498.949584][ T9693] netlink: 'syz.5.1067': attribute type 10 has an invalid length.
[  499.029595][ T9693] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1067'.
[  499.086402][ T9697] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1068'.
[  499.781044][ T9702] FAULT_INJECTION: forcing a failure.
[  499.781044][ T9702] name failslab, interval 1, probability 0, space 0, times 0
[  499.877983][ T9702] CPU: 0 UID: 0 PID: 9702 Comm: syz.5.1070 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  499.878015][ T9702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  499.878027][ T9702] Call Trace:
[  499.878036][ T9702]  <TASK>
[  499.878045][ T9702]  dump_stack_lvl+0x189/0x250
[  499.878077][ T9702]  ? __pfx____ratelimit+0x10/0x10
[  499.878101][ T9702]  ? __pfx_dump_stack_lvl+0x10/0x10
[  499.878127][ T9702]  ? __pfx__printk+0x10/0x10
[  499.878151][ T9702]  ? __pfx___might_resched+0x10/0x10
[  499.878175][ T9702]  ? fs_reclaim_acquire+0x7d/0x100
[  499.878203][ T9702]  should_fail_ex+0x414/0x560
[  499.878230][ T9702]  should_failslab+0xa8/0x100
[  499.878255][ T9702]  kmem_cache_alloc_noprof+0x73/0x3c0
[  499.878275][ T9702]  ? alloc_empty_file+0x55/0x1d0
[  499.878307][ T9702]  alloc_empty_file+0x55/0x1d0
[  499.878335][ T9702]  path_openat+0x107/0x3830
[  499.878352][ T9702]  ? arch_stack_walk+0xfc/0x150
[  499.878404][ T9702]  ? __lock_acquire+0xab9/0xd20
[  499.878433][ T9702]  ? kasan_save_track+0x4f/0x80
[  499.878451][ T9702]  ? kasan_save_track+0x3e/0x80
[  499.878468][ T9702]  ? __kasan_slab_alloc+0x6c/0x80
[  499.878499][ T9702]  ? getname_flags+0xb8/0x540
[  499.878523][ T9702]  ? __pfx_path_openat+0x10/0x10
[  499.878540][ T9702]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.878583][ T9702]  do_filp_open+0x1fa/0x410
[  499.878601][ T9702]  ? __lock_acquire+0xab9/0xd20
[  499.878626][ T9702]  ? __pfx_do_filp_open+0x10/0x10
[  499.878672][ T9702]  ? _raw_spin_unlock+0x28/0x50
[  499.878694][ T9702]  ? alloc_fd+0x64c/0x6c0
[  499.878732][ T9702]  do_sys_openat2+0x121/0x1c0
[  499.878764][ T9702]  ? __pfx_do_sys_openat2+0x10/0x10
[  499.878808][ T9702]  __x64_sys_openat+0x138/0x170
[  499.878843][ T9702]  do_syscall_64+0xfa/0x3b0
[  499.878870][ T9702]  ? lockdep_hardirqs_on+0x9c/0x150
[  499.878896][ T9702]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.878915][ T9702]  ? clear_bhb_loop+0x60/0xb0
[  499.878940][ T9702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.878959][ T9702] RIP: 0033:0x7f7c7298d290
[  499.878977][ T9702] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  499.878995][ T9702] RSP: 002b:00007f7c73729b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  499.879023][ T9702] RAX: ffffffffffffffda RBX: 0000000000004001 RCX: 00007f7c7298d290
[  499.879037][ T9702] RDX: 0000000000004001 RSI: 00007f7c73729c10 RDI: 00000000ffffff9c
[  499.879050][ T9702] RBP: 00007f7c73729c10 R08: 0000000000000000 R09: 0000000000000000
[  499.879064][ T9702] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[  499.879077][ T9702] R13: 0000000000000000 R14: 00007f7c72bb5fa0 R15: 00007fffd085af78
[  499.879111][ T9702]  </TASK>
[  501.244085][ T9712] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1073'.
[  501.258882][ T9712] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1073'.
[  501.354989][ T9714] loop9: detected capacity change from 0 to 7
[  501.374704][ T9714] buffer_io_error: 4 callbacks suppressed
[  501.380985][ T9714] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.391105][ T9714] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.401444][ T9714] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.412161][ T9714] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.423155][ T9714] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.434228][ T9714] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.446325][ T9714] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.518613][ T9714] ldm_validate_partition_table(): Disk read failed.
[  501.527252][ T9714] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.539071][ T9714] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.551142][ T9714] Buffer I/O error on dev loop9, logical block 0, async page read
[  501.561721][ T9714] Dev loop9: unable to read RDB block 0
[  501.572922][ T9714]  loop9: unable to read partition table
[  501.582168][ T9714] loop9: partition table beyond EOD, truncated
[  501.588934][ T9714] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  501.588934][ T9714] 
) failed (rc=-5)
[  501.673047][ T9714] 9pnet_fd: Insufficient options for proto=fd
[  502.122711][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  502.181986][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  502.851336][ T5919] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  503.187300][ T5919] usb 2-1: config index 0 descriptor too short (expected 65535, got 27)
[  503.495557][ T5919] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  503.566865][ T5919] usb 2-1: config 0 has no interfaces?
[  503.588333][ T9731] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1081'.
[  503.593919][ T5919] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  503.664256][ T5919] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  503.684738][ T5919] usb 2-1: Product: syz
[  503.689164][ T5919] usb 2-1: Manufacturer: syz
[  503.727428][ T5919] usb 2-1: SerialNumber: syz
[  503.746703][ T5919] usb 2-1: config 0 descriptor??
[  504.683830][ T9742] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  504.762649][ T9743] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1077'.
[  508.052631][ T5919] usb 2-1: USB disconnect, device number 16
[  511.055702][   T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  511.411604][   T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  511.423978][   T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  511.443683][   T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  511.457209][   T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  512.324652][ T9759] lo speed is unknown, defaulting to 1000
[  512.596660][ T9780] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1090'.
[  514.175157][ T9792] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1095'.
[  514.185111][ T9792] unsupported nlmsg_type 40
[  514.194249][   T51] Bluetooth: hci5: command tx timeout
[  514.214422][ T9792] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1095'.
[  514.408503][ T9799] XFS (nbd1): no-recovery mounts must be read-only.
[  515.801437][   T30] kauditd_printk_skb: 56 callbacks suppressed
[  515.801495][   T30] audit: type=1326 audit(1751139956.904:4427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9804 comm="syz.5.1098" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c7298e929 code=0x0
[  516.271737][   T51] Bluetooth: hci5: command tx timeout
[  517.402824][ T9814] 9pnet: Could not find request transport: fd0x000000000000000b00000000000000000000011
[  518.351638][   T51] Bluetooth: hci5: command tx timeout
[  519.259171][ T9759] chnl_net:caif_netlink_parms(): no params data found
[  519.326419][ T9834] FAULT_INJECTION: forcing a failure.
[  519.326419][ T9834] name failslab, interval 1, probability 0, space 0, times 0
[  519.375940][ T9834] CPU: 1 UID: 0 PID: 9834 Comm: syz.1.1107 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  519.375978][ T9834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  519.375990][ T9834] Call Trace:
[  519.375999][ T9834]  <TASK>
[  519.376008][ T9834]  dump_stack_lvl+0x189/0x250
[  519.376043][ T9834]  ? __pfx____ratelimit+0x10/0x10
[  519.376071][ T9834]  ? __pfx_dump_stack_lvl+0x10/0x10
[  519.376100][ T9834]  ? __pfx__printk+0x10/0x10
[  519.376128][ T9834]  ? __pfx___might_resched+0x10/0x10
[  519.376156][ T9834]  ? fs_reclaim_acquire+0x7d/0x100
[  519.376189][ T9834]  should_fail_ex+0x414/0x560
[  519.376220][ T9834]  should_failslab+0xa8/0x100
[  519.376248][ T9834]  __kmalloc_noprof+0xcb/0x4f0
[  519.376278][ T9834]  ? kfree+0x4d/0x440
[  519.376296][ T9834]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  519.376332][ T9834]  tomoyo_realpath_from_path+0xe3/0x5d0
[  519.376362][ T9834]  ? tomoyo_domain+0xda/0x130
[  519.376396][ T9834]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  519.376420][ T9834]  tomoyo_path_number_perm+0x1e8/0x5a0
[  519.376448][ T9834]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  519.376492][ T9834]  ? __lock_acquire+0xab9/0xd20
[  519.376540][ T9834]  ? __fget_files+0x2a/0x420
[  519.376570][ T9834]  ? __fget_files+0x2a/0x420
[  519.376593][ T9834]  ? __fget_files+0x3a0/0x420
[  519.376617][ T9834]  ? __fget_files+0x2a/0x420
[  519.376648][ T9834]  security_file_ioctl+0xcb/0x2d0
[  519.376676][ T9834]  __se_sys_ioctl+0x47/0x170
[  519.376701][ T9834]  do_syscall_64+0xfa/0x3b0
[  519.376727][ T9834]  ? lockdep_hardirqs_on+0x9c/0x150
[  519.376754][ T9834]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.376774][ T9834]  ? clear_bhb_loop+0x60/0xb0
[  519.376798][ T9834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.376817][ T9834] RIP: 0033:0x7fb72658e929
[  519.376835][ T9834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  519.376852][ T9834] RSP: 002b:00007fb727333038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  519.376875][ T9834] RAX: ffffffffffffffda RBX: 00007fb7267b5fa0 RCX: 00007fb72658e929
[  519.376889][ T9834] RDX: 0000200000000000 RSI: 000000008038550a RDI: 0000000000000004
[  519.376902][ T9834] RBP: 00007fb727333090 R08: 0000000000000000 R09: 0000000000000000
[  519.376915][ T9834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  519.376926][ T9834] R13: 0000000000000000 R14: 00007fb7267b5fa0 R15: 00007ffe63ef4a38
[  519.376961][ T9834]  </TASK>
[  519.722159][ T9834] ERROR: Out of memory at tomoyo_realpath_from_path.
[  519.972417][ T9840] FAULT_INJECTION: forcing a failure.
[  519.972417][ T9840] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  519.988186][ T9840] CPU: 1 UID: 0 PID: 9840 Comm: syz.5.1108 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  519.988214][ T9840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  519.988227][ T9840] Call Trace:
[  519.988236][ T9840]  <TASK>
[  519.988246][ T9840]  dump_stack_lvl+0x189/0x250
[  519.988289][ T9840]  ? __pfx____ratelimit+0x10/0x10
[  519.988317][ T9840]  ? __pfx_dump_stack_lvl+0x10/0x10
[  519.988346][ T9840]  ? __pfx__printk+0x10/0x10
[  519.988381][ T9840]  should_fail_ex+0x414/0x560
[  519.988411][ T9840]  _copy_from_user+0x2d/0xb0
[  519.988442][ T9840]  get_user_ifreq+0x6c/0x180
[  519.988471][ T9840]  sock_ioctl+0x6dd/0x790
[  519.988500][ T9840]  ? __pfx_sock_ioctl+0x10/0x10
[  519.988544][ T9840]  ? bpf_lsm_file_ioctl+0x9/0x20
[  519.988570][ T9840]  ? __pfx_sock_ioctl+0x10/0x10
[  519.988595][ T9840]  __se_sys_ioctl+0xf9/0x170
[  519.988620][ T9840]  do_syscall_64+0xfa/0x3b0
[  519.988650][ T9840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.988667][ T9840]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  519.988687][ T9840]  ? clear_bhb_loop+0x60/0xb0
[  519.988710][ T9840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.988729][ T9840] RIP: 0033:0x7f7c7298e929
[  519.988748][ T9840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  519.988766][ T9840] RSP: 002b:00007f7c7372a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  519.988788][ T9840] RAX: ffffffffffffffda RBX: 00007f7c72bb5fa0 RCX: 00007f7c7298e929
[  519.988802][ T9840] RDX: 0000200000000080 RSI: 00000000000089f1 RDI: 0000000000000004
[  519.988815][ T9840] RBP: 00007f7c7372a090 R08: 0000000000000000 R09: 0000000000000000
[  519.988827][ T9840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  519.988840][ T9840] R13: 0000000000000000 R14: 00007f7c72bb5fa0 R15: 00007fffd085af78
[  519.988873][ T9840]  </TASK>
[  520.342214][ T9759] bridge0: port 1(bridge_slave_0) entered blocking state
[  520.407971][ T9759] bridge0: port 1(bridge_slave_0) entered disabled state
[  520.416390][ T9759] bridge_slave_0: entered allmulticast mode
[  520.427449][ T9759] bridge_slave_0: entered promiscuous mode
[  520.433412][   T51] Bluetooth: hci5: command tx timeout
[  520.445493][ T9759] bridge0: port 2(bridge_slave_1) entered blocking state
[  520.464187][ T9759] bridge0: port 2(bridge_slave_1) entered disabled state
[  520.501969][ T9759] bridge_slave_1: entered allmulticast mode
[  520.549953][ T9759] bridge_slave_1: entered promiscuous mode
[  520.550776][ T9852] netlink: 14 bytes leftover after parsing attributes in process `syz.5.1111'.
[  520.915818][ T9759] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  521.761735][ T9759] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  522.082470][ T9759] team0: Port device team_slave_0 added
[  522.131623][ T9868] kvm: pic: non byte read
[  522.141955][ T9868] kvm: pic: level sensitive irq not supported
[  522.142104][ T9868] kvm: pic: non byte read
[  522.144126][ T9759] team0: Port device team_slave_1 added
[  522.174824][ T9868] kvm: pic: level sensitive irq not supported
[  522.174889][ T9868] kvm: pic: non byte read
[  523.528047][ T9759] batman_adv: batadv0: Adding interface: batadv_slave_0
[  523.591641][ T9759] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  523.639147][ T9759] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  523.653345][ T9759] batman_adv: batadv0: Adding interface: batadv_slave_1
[  523.660417][ T9759] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  523.689757][ T9759] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  525.591000][ T9759] hsr_slave_0: entered promiscuous mode
[  525.666105][ T9759] hsr_slave_1: entered promiscuous mode
[  526.518684][ T9759] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  526.528371][ T9759] Cannot create hsr debugfs directory
[  526.960974][ T9905] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1126'.
[  527.714786][ T9915] xt_connbytes: Forcing CT accounting to be enabled
[  527.721898][ T9915] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  527.733919][ T9915] xt_bpf: check failed: parse error
[  529.333345][ T9759] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  529.370664][ T9759] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  529.449807][ T9759] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  529.554197][ T9759] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  529.573381][   T30] audit: type=1326 audit(1751139970.674:4428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.5.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7298e929 code=0x7ffc0000
[  529.624878][   T30] audit: type=1326 audit(1751139970.674:4429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.5.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7298e929 code=0x7ffc0000
[  529.653883][   T30] audit: type=1326 audit(1751139970.674:4430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.5.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f7c7298e929 code=0x7ffc0000
[  529.752209][    T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  529.838308][   T30] audit: type=1326 audit(1751139970.674:4431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.5.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7298e929 code=0x7ffc0000
[  529.926473][   T30] audit: type=1326 audit(1751139970.674:4432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.5.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7298e929 code=0x7ffc0000
[  529.961494][    T9] usb 4-1: Using ep0 maxpacket: 32
[  529.982345][    T9] usb 4-1: config 0 has an invalid interface number: 151 but max is 0
[  530.021588][    T9] usb 4-1: config 0 has no interface number 0
[  530.122747][ T9949] netlink: 'syz.1.1138': attribute type 14 has an invalid length.
[  530.266491][    T9] usb 4-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  530.291508][    T9] usb 4-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  530.300815][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.312214][   T30] audit: type=1326 audit(1751139970.704:4433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.5.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f7c7298e929 code=0x7ffc0000
[  530.356842][    T9] usb 4-1: Product: syz
[  530.361940][    T9] usb 4-1: Manufacturer: syz
[  530.367520][    T9] usb 4-1: SerialNumber: syz
[  530.688461][   T30] audit: type=1326 audit(1751139970.704:4434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.5.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7c7292ab19 code=0x7ffc0000
[  530.746146][    T9] usb 4-1: config 0 descriptor??
[  530.765435][ T9759] 8021q: adding VLAN 0 to HW filter on device bond0
[  530.869458][   T30] audit: type=1326 audit(1751139970.704:4435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.5.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7298e929 code=0x7ffc0000
[  530.923360][ T9759] 8021q: adding VLAN 0 to HW filter on device team0
[  530.948092][   T30] audit: type=1326 audit(1751139970.704:4436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.5.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7c7292ab19 code=0x7ffc0000
[  530.989430][ T5966] bridge0: port 1(bridge_slave_0) entered blocking state
[  530.997064][ T5966] bridge0: port 1(bridge_slave_0) entered forwarding state
[  531.185710][   T30] audit: type=1326 audit(1751139970.704:4437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.5.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7c7292ab19 code=0x7ffc0000
[  531.635301][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  531.642964][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  532.234524][    T9] usb 4-1: USB disconnect, device number 25
[  532.255347][ T9957] trusted_key: syz.1.1140 sent an empty control message without MSG_MORE.
[  532.456694][ T8801] udevd[8801]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  532.570875][ T9934] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1135'.
[  534.563218][ T9759] 8021q: adding VLAN 0 to HW filter on device batadv0
[  535.216552][ T9994] loop9: detected capacity change from 0 to 7
[  535.238831][ T9994] buffer_io_error: 9 callbacks suppressed
[  535.245664][ T9994] Buffer I/O error on dev loop9, logical block 0, async page read
[  535.260531][ T9994] Buffer I/O error on dev loop9, logical block 0, async page read
[  535.276444][ T9994] Buffer I/O error on dev loop9, logical block 0, async page read
[  535.292533][ T9994] Buffer I/O error on dev loop9, logical block 0, async page read
[  535.374376][ T9994] Buffer I/O error on dev loop9, logical block 0, async page read
[  535.387556][ T9994] Buffer I/O error on dev loop9, logical block 0, async page read
[  535.401271][ T9994] Buffer I/O error on dev loop9, logical block 0, async page read
[  535.411536][ T9994] ldm_validate_partition_table(): Disk read failed.
[  535.421561][ T9994] Buffer I/O error on dev loop9, logical block 0, async page read
[  535.433524][ T9994] Buffer I/O error on dev loop9, logical block 0, async page read
[  535.445532][ T9994] Buffer I/O error on dev loop9, logical block 0, async page read
[  535.462998][ T9994] Dev loop9: unable to read RDB block 0
[  535.519126][ T9994]  loop9: unable to read partition table
[  535.531324][ T9994] loop9: partition table beyond EOD, truncated
[  535.538996][ T9994] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  535.538996][ T9994] 
) failed (rc=-5)
[  535.689360][ T9994] 9pnet_fd: Insufficient options for proto=fd
[  536.844624][T10000] ref_ctr_offset mismatch. inode: 0x52a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4
[  538.566666][ T9759] veth0_vlan: entered promiscuous mode
[  538.999114][ T9759] veth1_vlan: entered promiscuous mode
[  539.061937][ T9759] veth0_macvtap: entered promiscuous mode
[  539.150324][ T9759] veth1_macvtap: entered promiscuous mode
[  539.213979][ T9759] batman_adv: batadv0: Interface activated: batadv_slave_0
[  539.248702][T10028] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1159'.
[  539.255476][ T9759] batman_adv: batadv0: Interface activated: batadv_slave_1
[  539.287685][T10028] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1159'.
[  539.314438][T10028] netlink: 63 bytes leftover after parsing attributes in process `syz.1.1159'.
[  539.329465][ T9759] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  539.347023][ T9759] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  539.361448][ T9759] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  539.370670][ T9759] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  539.780078][T10033] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1161'.
[  540.227700][ T6432] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  540.256616][ T6432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  540.417917][ T4945] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  540.465686][ T4945] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  540.678397][T10041] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  541.318634][T10044] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1165'.
[  541.360962][T10044] vlan4: entered promiscuous mode
[  542.160412][T10053] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1167'.
[  542.169664][T10053] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1167'.
[  542.502344][T10053] bridge0: entered promiscuous mode
[  542.510221][T10053] macsec1: entered allmulticast mode
[  542.516089][T10053] bridge0: entered allmulticast mode
[  543.192767][    T9] usb 4-1: new low-speed USB device number 26 using dummy_hcd
[  543.222402][T10058] ref_ctr_offset mismatch. inode: 0x552 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4
[  543.381818][    T9] usb 4-1: device descriptor read/64, error -71
[  544.051560][    T9] usb 4-1: new low-speed USB device number 27 using dummy_hcd
[  544.158844][T10068] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1172'.
[  544.192489][    T9] usb 4-1: device descriptor read/64, error -71
[  544.317463][    T9] usb usb4-port1: attempt power cycle
[  545.923019][ T5904] IPVS: starting estimator thread 0...
[  546.061686][T10083] IPVS: using max 21 ests per chain, 50400 per kthread
[  546.525720][T10087] loop2: detected capacity change from 0 to 6
[  546.572065][T10087] Dev loop2: unable to read RDB block 6
[  546.578054][T10087]  loop2: unable to read partition table
[  546.584620][T10087] loop2: partition table beyond EOD, truncated
[  546.591473][T10087] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  546.743708][T10089] cgroup: noprefix used incorrectly
[  549.274600][T10114] ref_ctr_offset mismatch. inode: 0x22 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4
[  550.041854][ T5861] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  550.241376][ T5861] usb 2-1: Using ep0 maxpacket: 32
[  550.273539][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  550.311499][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  550.345441][ T5861] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  550.364232][ T5861] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  550.891411][ T5861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.915300][ T5861] usb 2-1: config 0 descriptor??
[  555.549675][ T5861] usbhid 2-1:0.0: can't add hid device: -71
[  555.576425][ T5861] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  555.865044][ T5861] usb 2-1: USB disconnect, device number 17
[  559.612271][T10171] vlan4: entered promiscuous mode
[  562.990156][T10193] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1208'.
[  563.293771][T10199] loop9: detected capacity change from 0 to 7
[  563.301956][T10199] buffer_io_error: 9 callbacks suppressed
[  563.301974][T10199] Buffer I/O error on dev loop9, logical block 0, async page read
[  563.327034][T10199] Buffer I/O error on dev loop9, logical block 0, async page read
[  563.338338][T10199] Buffer I/O error on dev loop9, logical block 0, async page read
[  563.347318][T10199] Buffer I/O error on dev loop9, logical block 0, async page read
[  563.356591][T10199] Buffer I/O error on dev loop9, logical block 0, async page read
[  563.365319][T10199] Buffer I/O error on dev loop9, logical block 0, async page read
[  563.374027][T10199] Buffer I/O error on dev loop9, logical block 0, async page read
[  563.382463][T10199] ldm_validate_partition_table(): Disk read failed.
[  563.389710][T10199] Buffer I/O error on dev loop9, logical block 0, async page read
[  563.427680][T10199] Buffer I/O error on dev loop9, logical block 0, async page read
[  563.437032][T10199] Buffer I/O error on dev loop9, logical block 0, async page read
[  563.446895][T10199] Dev loop9: unable to read RDB block 0
[  563.454714][T10199]  loop9: unable to read partition table
[  563.461932][T10199] loop9: partition table beyond EOD, truncated
[  563.468504][T10199] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  563.468504][T10199] 
) failed (rc=-5)
[  563.499906][T10199] 9pnet_fd: Insufficient options for proto=fd
[  563.592576][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  563.599328][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  567.704310][T10226] netlink: 'syz.2.1217': attribute type 6 has an invalid length.
[  568.391584][ T5970] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  568.887986][ T5970] usb 7-1: Using ep0 maxpacket: 16
[  569.251347][ T5970] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  569.281913][ T5970] usb 7-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25
[  569.300909][ T5970] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.309381][ T5970] usb 7-1: Product: syz
[  569.314046][ T5970] usb 7-1: Manufacturer: syz
[  569.319016][ T5970] usb 7-1: SerialNumber: syz
[  569.327432][ T5970] usb 7-1: config 0 descriptor??
[  569.335561][ T5970] hub 7-1:0.0: bad descriptor, ignoring hub
[  569.342098][ T5970] hub 7-1:0.0: probe with driver hub failed with error -5
[  569.982891][T10237] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1221'.
[  570.153133][ T5970] usb 7-1: USB disconnect, device number 2
[  570.280147][T10243] loop9: detected capacity change from 0 to 7
[  570.288902][T10243] buffer_io_error: 9 callbacks suppressed
[  570.295230][T10243] Buffer I/O error on dev loop9, logical block 0, async page read
[  570.305070][T10243] Buffer I/O error on dev loop9, logical block 0, async page read
[  570.314005][T10243] Buffer I/O error on dev loop9, logical block 0, async page read
[  570.323187][T10243] Buffer I/O error on dev loop9, logical block 0, async page read
[  570.334279][T10243] Buffer I/O error on dev loop9, logical block 0, async page read
[  570.345260][T10243] Buffer I/O error on dev loop9, logical block 0, async page read
[  570.370746][T10243] Buffer I/O error on dev loop9, logical block 0, async page read
[  570.435275][T10243] ldm_validate_partition_table(): Disk read failed.
[  570.443648][T10243] Buffer I/O error on dev loop9, logical block 0, async page read
[  570.453404][T10243] Buffer I/O error on dev loop9, logical block 0, async page read
[  570.465351][T10243] Buffer I/O error on dev loop9, logical block 0, async page read
[  570.476684][T10243] Dev loop9: unable to read RDB block 0
[  570.484714][T10243]  loop9: unable to read partition table
[  570.490905][T10243] loop9: partition table beyond EOD, truncated
[  570.497788][T10243] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  570.497788][T10243] 
) failed (rc=-5)
[  570.519152][T10243] 9pnet_fd: Insufficient options for proto=fd
[  572.067464][T10255] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  572.372199][    T9] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  572.748801][    T9] usb 3-1: Using ep0 maxpacket: 16
[  572.777835][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  572.856899][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[  573.465943][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.519936][    T9] usb 3-1: config 0 descriptor??
[  574.047760][T10254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  574.272039][T10254] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  574.343671][    T9] logitech 0003:046D:C24F.0008: ignoring exceeding usage max
[  574.389841][    T9] logitech 0003:046D:C24F.0008: item fetching failed at offset 5/7
[  574.488496][    T9] logitech 0003:046D:C24F.0008: parse failed
[  574.626676][    T9] logitech 0003:046D:C24F.0008: probe with driver logitech failed with error -22
[  574.721120][    T9] usb 3-1: USB disconnect, device number 11
[  574.854673][T10279] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1232'.
[  576.267881][T10289] lo speed is unknown, defaulting to 1000
[  576.476304][T10245] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  577.502639][T10245] usb 3-1: Using ep0 maxpacket: 16
[  578.027617][T10245] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  578.226389][T10245] usb 3-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25
[  578.334286][T10245] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.379557][T10306] ref_ctr_offset mismatch. inode: 0x11b offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4
[  578.424699][ T5861] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  578.427865][T10245] usb 3-1: Product: syz
[  578.500504][T10245] usb 3-1: Manufacturer: syz
[  578.523242][T10245] usb 3-1: SerialNumber: syz
[  578.564380][T10245] usb 3-1: config 0 descriptor??
[  578.611980][T10245] hub 3-1:0.0: bad descriptor, ignoring hub
[  578.618157][T10245] hub 3-1:0.0: probe with driver hub failed with error -5
[  578.683234][ T5861] usb 7-1: unable to get BOS descriptor or descriptor too short
[  578.731397][ T5861] usb 7-1: not running at top speed; connect to a high speed hub
[  578.752908][ T5861] usb 7-1: config 219 has 1 interface, different from the descriptor's value: 2
[  578.772029][ T5861] usb 7-1: config 219 interface 0 has no altsetting 0
[  578.832093][ T5861] usb 7-1: config 219 interface 0 has no altsetting 1
[  578.856981][ T5861] usb 7-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e
[  578.888090][ T5861] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.918195][ T5861] usb 7-1: Product: syz
[  578.931354][ T5861] usb 7-1: Manufacturer: syz
[  578.950310][ T5861] usb 7-1: SerialNumber: syz
[  578.961926][   T10] usb 3-1: USB disconnect, device number 12
[  579.267617][ T5861] usb 7-1: selecting invalid altsetting 0
[  579.393638][ T5861] usb 7-1: selecting invalid altsetting 0
[  579.589143][ T5861] usb 7-1: USB disconnect, device number 3
[  579.654052][T10318] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1239'.
[  579.664781][T10315] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  579.784392][ T8790] udevd[8790]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:219.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  580.277109][T10323] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  580.916710][T10325] vlan2: entered promiscuous mode
[  580.938099][T10325] bridge0: entered promiscuous mode
[  581.331424][   T10] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  581.354953][T10338] XFS (nbd1): no-recovery mounts must be read-only.
[  581.527371][   T10] usb 7-1: config 0 has an invalid descriptor of length 200, skipping remainder of the config
[  581.555126][   T10] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 17
[  581.581326][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  581.618633][   T10] usb 7-1: New USB device found, idVendor=05ac, idProduct=0232, bcdDevice=5c.00
[  581.634424][   T10] usb 7-1: New USB device strings: Mfr=200, Product=4, SerialNumber=146
[  582.450047][   T10] usb 7-1: Product: syz
[  582.471412][   T10] usb 7-1: Manufacturer: syz
[  582.506479][   T10] usb 7-1: SerialNumber: syz
[  582.583075][   T10] usb 7-1: config 0 descriptor??
[  582.634032][   T10] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  582.790422][T10345] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1249'.
[  583.981303][   T10] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  584.026106][    T9] libceph: connect (1)[c::]:6789 error -13
[  584.040234][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  584.116319][T10354] ceph: No mds server is up or the cluster is laggy
[  584.173830][    T9] libceph: connect (1)[c::]:6789 error -13
[  584.180033][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  584.191347][   T10] usb 4-1: Using ep0 maxpacket: 16
[  584.201853][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  584.223233][   T10] usb 4-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25
[  584.241611][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.250851][   T10] usb 4-1: Product: syz
[  584.257483][   T10] usb 4-1: Manufacturer: syz
[  584.263260][   T10] usb 4-1: SerialNumber: syz
[  584.304087][   T10] usb 4-1: config 0 descriptor??
[  584.339547][   T10] hub 4-1:0.0: bad descriptor, ignoring hub
[  584.346945][   T10] hub 4-1:0.0: probe with driver hub failed with error -5
[  584.651821][T10245] usb 4-1: USB disconnect, device number 29
[  584.801646][T10245] usb 7-1: USB disconnect, device number 4
[  585.369142][T10368] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1253'.
[  586.789143][T10382] loop9: detected capacity change from 0 to 7
[  586.798274][T10382] buffer_io_error: 9 callbacks suppressed
[  586.798295][T10382] Buffer I/O error on dev loop9, logical block 0, async page read
[  586.813336][T10382] Buffer I/O error on dev loop9, logical block 0, async page read
[  586.822686][T10382] Buffer I/O error on dev loop9, logical block 0, async page read
[  586.831510][T10382] Buffer I/O error on dev loop9, logical block 0, async page read
[  586.842142][T10382] Buffer I/O error on dev loop9, logical block 0, async page read
[  586.852245][T10382] Buffer I/O error on dev loop9, logical block 0, async page read
[  586.865120][T10382] Buffer I/O error on dev loop9, logical block 0, async page read
[  586.915632][T10382] ldm_validate_partition_table(): Disk read failed.
[  586.925159][T10382] Buffer I/O error on dev loop9, logical block 0, async page read
[  586.935995][T10382] Buffer I/O error on dev loop9, logical block 0, async page read
[  586.946682][T10382] Buffer I/O error on dev loop9, logical block 0, async page read
[  586.957455][T10382] Dev loop9: unable to read RDB block 0
[  586.968009][T10382]  loop9: unable to read partition table
[  586.975873][T10382] loop9: partition table beyond EOD, truncated
[  586.982568][T10382] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  586.982568][T10382] 
) failed (rc=-5)
[  587.048109][T10382] 9pnet_fd: Insufficient options for proto=fd
[  591.241910][T10406] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1266'.
[  591.827260][T10424] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  594.838221][T10446] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1277'.
[  595.089553][T10453] ntfs3(nullb0): Primary boot signature is not NTFS.
[  595.115041][T10453] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  596.026966][T10461] FAULT_INJECTION: forcing a failure.
[  596.026966][T10461] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  596.115099][T10461] CPU: 0 UID: 0 PID: 10461 Comm: syz.3.1283 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  596.115131][T10461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  596.115144][T10461] Call Trace:
[  596.115153][T10461]  <TASK>
[  596.115162][T10461]  dump_stack_lvl+0x189/0x250
[  596.115199][T10461]  ? __pfx____ratelimit+0x10/0x10
[  596.115229][T10461]  ? __pfx_dump_stack_lvl+0x10/0x10
[  596.115259][T10461]  ? __pfx__printk+0x10/0x10
[  596.115281][T10461]  ? __might_fault+0xb0/0x130
[  596.115320][T10461]  should_fail_ex+0x414/0x560
[  596.115351][T10461]  _copy_from_user+0x2d/0xb0
[  596.115383][T10461]  video_usercopy+0xafc/0x14f0
[  596.115417][T10461]  ? __pfx___video_do_ioctl+0x10/0x10
[  596.115436][T10461]  ? __pfx_video_usercopy+0x10/0x10
[  596.115454][T10461]  ? smack_file_ioctl+0x2a9/0x340
[  596.115495][T10461]  ? __fget_files+0x2a/0x420
[  596.115521][T10461]  ? __fget_files+0x3a0/0x420
[  596.115552][T10461]  v4l2_ioctl+0x18a/0x1e0
[  596.115583][T10461]  ? __pfx_v4l2_ioctl+0x10/0x10
[  596.115612][T10461]  __se_sys_ioctl+0xf9/0x170
[  596.115637][T10461]  do_syscall_64+0xfa/0x3b0
[  596.115671][T10461]  ? lockdep_hardirqs_on+0x9c/0x150
[  596.115700][T10461]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.115720][T10461]  ? clear_bhb_loop+0x60/0xb0
[  596.115746][T10461]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.115766][T10461] RIP: 0033:0x7fd9a118e929
[  596.115785][T10461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  596.115803][T10461] RSP: 002b:00007fd9a2081038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  596.115827][T10461] RAX: ffffffffffffffda RBX: 00007fd9a13b5fa0 RCX: 00007fd9a118e929
[  596.115842][T10461] RDX: 0000200000000080 RSI: 00000000c0285628 RDI: 0000000000000003
[  596.115856][T10461] RBP: 00007fd9a2081090 R08: 0000000000000000 R09: 0000000000000000
[  596.115869][T10461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  596.115882][T10461] R13: 0000000000000000 R14: 00007fd9a13b5fa0 R15: 00007ffe8e4b9dc8
[  596.115916][T10461]  </TASK>
[  596.332312][    C0] vkms_vblank_simulate: vblank timer overrun
[  596.511277][ T5861] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  596.667754][ T5861] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  596.700268][ T5861] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  596.780734][ T5861] usb 7-1: New USB device found, idVendor=4b05, idProduct=1837, bcdDevice= 0.00
[  596.891297][ T5883] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  596.960480][ T5861] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.051851][ T5883] usb 3-1: Using ep0 maxpacket: 32
[  597.153129][ T5883] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  597.176790][ T5883] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.430726][ T5883] usb 3-1: config 0 descriptor??
[  597.432143][ T5861] usb 7-1: config 0 descriptor??
[  597.482128][T10459] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  597.892580][ T5883] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  597.966016][ T5883] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  597.992388][ T5883] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  597.999928][ T5883] usb 3-1: media controller created
[  598.082736][T10483] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1292'.
[  598.125085][ T5861] hid-generic 0003:4B05:1837.0009: item fetching failed at offset 3/5
[  598.151985][ T5861] hid-generic 0003:4B05:1837.0009: probe with driver hid-generic failed with error -22
[  598.287855][ T5883] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  598.369320][T10486] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1291'.
[  598.618785][ T5861] usb 7-1: USB disconnect, device number 5
[  599.490318][T10490] ref_ctr_offset mismatch. inode: 0x4eb offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4
[  599.792858][ T5883] az6027: usb out operation failed. (-71)
[  599.822399][ T5883] az6027: usb out operation failed. (-71)
[  599.828400][ T5883] stb0899_attach: Driver disabled by Kconfig
[  599.871702][ T5883] az6027: no front-end attached
[  599.871702][ T5883] 
[  599.914683][ T5883] az6027: usb out operation failed. (-71)
[  599.932230][ T5883] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  599.950975][T10503] netlink: 'syz.5.1298': attribute type 4 has an invalid length.
[  599.971506][T10503] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.1298'.
[  599.993895][T10509] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1300'.
[  600.205804][ T5883] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input13
[  600.232053][ T5883] dvb-usb: schedule remote query interval to 400 msecs.
[  600.266902][ T5883] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  600.857872][ T5883] usb 3-1: USB disconnect, device number 13
[  601.091363][ T5861] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  601.429695][ T5883] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  601.484288][ T5861] usb 7-1: Using ep0 maxpacket: 8
[  601.497404][ T5861] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  601.514183][ T5861] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  601.523551][ T5861] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.538997][ T5861] usb 7-1: config 0 descriptor??
[  601.629105][T10529] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 10529 comm: syz.1.1305)
[  601.758305][   T30] kauditd_printk_skb: 3251 callbacks suppressed
[  601.758378][   T30] audit: type=1800 audit(1751140042.754:7689): pid=10529 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.1305" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=27395 res=0 errno=0
[  602.296630][ T5861] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  602.932107][ T5861] usb 7-1: USB disconnect, device number 6
[  603.069714][T10536] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1310'.
[  603.321596][ T5883] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  603.374345][T10544] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1312'.
[  604.176993][T10547] ref_ctr_offset mismatch. inode: 0x5f8 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4
[  604.251313][ T5883] usb 6-1: Using ep0 maxpacket: 16
[  604.281539][ T5883] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  604.361541][ T5883] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  604.458545][ T5883] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  604.501374][ T5883] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  604.520781][ T5883] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.534769][T10558] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1316'.
[  604.547717][ T5883] usb 6-1: config 0 descriptor??
[  604.561428][T10558] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1316'.
[  604.696103][   T10] usb 4-1: new full-speed USB device number 30 using dummy_hcd
[  604.952960][   T10] usb 4-1: not running at top speed; connect to a high speed hub
[  605.112494][   T10] usb 4-1: unable to read config index 0 descriptor/start: -61
[  605.229477][   T10] usb 4-1: can't read configurations, error -61
[  605.413841][ T5883] microsoft 0003:045E:07DA.000A: ignoring exceeding usage max
[  605.464934][ T5883] HID 045e:07da: Invalid code 65791 type 1
[  605.471742][ T5883] HID 045e:07da: Invalid code 768 type 1
[  605.477633][ T5883] HID 045e:07da: Invalid code 769 type 1
[  605.571429][ T5883] HID 045e:07da: Invalid code 770 type 1
[  605.577865][ T5883] HID 045e:07da: Invalid code 771 type 1
[  605.598374][ T5883] HID 045e:07da: Invalid code 772 type 1
[  605.611395][ T5883] HID 045e:07da: Invalid code 773 type 1
[  605.617998][ T5883] HID 045e:07da: Invalid code 774 type 1
[  605.631543][   T10] usb 4-1: new full-speed USB device number 31 using dummy_hcd
[  605.655375][ T5883] HID 045e:07da: Invalid code 775 type 1
[  605.675808][ T5883] HID 045e:07da: Invalid code 776 type 1
[  605.715425][T10564] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1318'.
[  605.775908][ T5883] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.000A/input/input14
[  605.817174][   T10] usb 4-1: not running at top speed; connect to a high speed hub
[  605.982917][ T5883] microsoft 0003:045E:07DA.000A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  606.000329][   T10] usb 4-1: unable to read config index 0 descriptor/start: -61
[  606.001511][T10245] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  606.030360][   T10] usb 4-1: can't read configurations, error -61
[  606.124039][   T10] usb usb4-port1: attempt power cycle
[  606.481786][ T5883] usb 6-1: USB disconnect, device number 2
[  606.547649][T10574] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  606.555442][T10245] usb 7-1: Using ep0 maxpacket: 16
[  606.578413][T10245] usb 7-1: config 0 has an invalid interface number: 105 but max is 0
[  606.675403][T10245] usb 7-1: config 0 descriptor has 1 excess byte, ignoring
[  606.702184][T10245] usb 7-1: config 0 has no interface number 0
[  606.720390][T10245] usb 7-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  606.756636][T10577] fido_id[10577]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  606.767834][T10245] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.772712][   T10] usb 4-1: new full-speed USB device number 32 using dummy_hcd
[  606.802442][ T5904] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  606.827191][T10245] usb 7-1: Product: syz
[  606.871944][T10245] usb 7-1: Manufacturer: syz
[  606.883839][T10245] usb 7-1: SerialNumber: syz
[  606.885011][   T10] usb 4-1: not running at top speed; connect to a high speed hub
[  606.910365][T10245] usb 7-1: config 0 descriptor??
[  606.949979][   T10] usb 4-1: unable to read config index 0 descriptor/start: -61
[  606.951568][T10245] usb 7-1: Found UVC 0.00 device syz (046d:08f3)
[  606.998261][   T10] usb 4-1: can't read configurations, error -61
[  607.010842][T10245] usb 7-1: No valid video chain found.
[  607.597835][   T10] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[  607.637575][T10572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  607.866375][T10572] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  608.361226][   T10] usb 4-1: device descriptor read/8, error -71
[  608.405638][ T5912] usb 7-1: USB disconnect, device number 7
[  608.544238][   T10] usb usb4-port1: unable to enumerate USB device
[  608.556111][T10601] netlink: 'syz.2.1328': attribute type 1 has an invalid length.
[  608.706247][T10608] FAULT_INJECTION: forcing a failure.
[  608.706247][T10608] name failslab, interval 1, probability 0, space 0, times 0
[  608.719692][T10608] CPU: 1 UID: 0 PID: 10608 Comm: syz.3.1329 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  608.719721][T10608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  608.719733][T10608] Call Trace:
[  608.719744][T10608]  <TASK>
[  608.719754][T10608]  dump_stack_lvl+0x189/0x250
[  608.719788][T10608]  ? __pfx____ratelimit+0x10/0x10
[  608.719817][T10608]  ? __pfx_dump_stack_lvl+0x10/0x10
[  608.719846][T10608]  ? __pfx__printk+0x10/0x10
[  608.719873][T10608]  ? __pfx___might_resched+0x10/0x10
[  608.719907][T10608]  should_fail_ex+0x414/0x560
[  608.719936][T10608]  should_failslab+0xa8/0x100
[  608.719965][T10608]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  608.719990][T10608]  ? __alloc_skb+0x112/0x2d0
[  608.720016][T10608]  __alloc_skb+0x112/0x2d0
[  608.720042][T10608]  netlink_sendmsg+0x5c6/0xb30
[  608.720062][T10608]  ? finish_task_switch+0x18b/0x950
[  608.720095][T10608]  ? __pfx_netlink_sendmsg+0x10/0x10
[  608.720120][T10608]  ? __lock_acquire+0xab9/0xd20
[  608.720149][T10608]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  608.720172][T10608]  ? __pfx_netlink_sendmsg+0x10/0x10
[  608.720196][T10608]  __sock_sendmsg+0x21c/0x270
[  608.720227][T10608]  ____sys_sendmsg+0x505/0x830
[  608.720258][T10608]  ? __pfx_____sys_sendmsg+0x10/0x10
[  608.720290][T10608]  ? import_iovec+0x74/0xa0
[  608.720325][T10608]  ___sys_sendmsg+0x21f/0x2a0
[  608.720350][T10608]  ? __pfx____sys_sendmsg+0x10/0x10
[  608.720422][T10608]  ? __x64_sys_sendmsg+0x180/0x260
[  608.720459][T10608]  __x64_sys_sendmsg+0x19b/0x260
[  608.720485][T10608]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  608.720533][T10608]  ? __pfx_ksys_write+0x10/0x10
[  608.720554][T10608]  ? rcu_is_watching+0x15/0xb0
[  608.720589][T10608]  ? do_syscall_64+0xbe/0x3b0
[  608.720622][T10608]  do_syscall_64+0xfa/0x3b0
[  608.720651][T10608]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.720670][T10608]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  608.720689][T10608]  ? clear_bhb_loop+0x60/0xb0
[  608.720714][T10608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.720734][T10608] RIP: 0033:0x7fd9a118e929
[  608.720753][T10608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  608.720771][T10608] RSP: 002b:00007fd9a2060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  608.720793][T10608] RAX: ffffffffffffffda RBX: 00007fd9a13b6080 RCX: 00007fd9a118e929
[  608.720807][T10608] RDX: 0000000000000800 RSI: 00002000000002c0 RDI: 0000000000000004
[  608.720820][T10608] RBP: 00007fd9a2060090 R08: 0000000000000000 R09: 0000000000000000
[  608.720833][T10608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  608.720844][T10608] R13: 0000000000000000 R14: 00007fd9a13b6080 R15: 00007ffe8e4b9dc8
[  608.720877][T10608]  </TASK>
[  609.545164][T10601] 8021q: adding VLAN 0 to HW filter on device bond2
[  609.616950][T10612] FAULT_INJECTION: forcing a failure.
[  609.616950][T10612] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  609.650251][T10612] CPU: 0 UID: 0 PID: 10612 Comm: syz.5.1330 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  609.650281][T10612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  609.650293][T10612] Call Trace:
[  609.650301][T10612]  <TASK>
[  609.650309][T10612]  dump_stack_lvl+0x189/0x250
[  609.650344][T10612]  ? __pfx____ratelimit+0x10/0x10
[  609.650371][T10612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  609.650399][T10612]  ? __pfx__printk+0x10/0x10
[  609.650419][T10612]  ? __might_fault+0xb0/0x130
[  609.650462][T10612]  should_fail_ex+0x414/0x560
[  609.650490][T10612]  _copy_from_user+0x2d/0xb0
[  609.650520][T10612]  ___sys_recvmsg+0x12e/0x510
[  609.650551][T10612]  ? __pfx____sys_recvmsg+0x10/0x10
[  609.650602][T10612]  ? __fget_files+0x3a0/0x420
[  609.650639][T10612]  do_recvmmsg+0x307/0x770
[  609.650671][T10612]  ? __pfx_do_recvmmsg+0x10/0x10
[  609.650709][T10612]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  609.650756][T10612]  __x64_sys_recvmmsg+0x190/0x240
[  609.650784][T10612]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  609.650806][T10612]  ? rcu_is_watching+0x15/0xb0
[  609.650840][T10612]  ? do_syscall_64+0xbe/0x3b0
[  609.650869][T10612]  do_syscall_64+0xfa/0x3b0
[  609.650895][T10612]  ? lockdep_hardirqs_on+0x9c/0x150
[  609.650920][T10612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  609.650940][T10612]  ? clear_bhb_loop+0x60/0xb0
[  609.650964][T10612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  609.650982][T10612] RIP: 0033:0x7f7c7298e929
[  609.651000][T10612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  609.651018][T10612] RSP: 002b:00007f7c7372a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  609.651041][T10612] RAX: ffffffffffffffda RBX: 00007f7c72bb5fa0 RCX: 00007f7c7298e929
[  609.651055][T10612] RDX: 0000000000000003 RSI: 0000200000001c00 RDI: 0000000000000004
[  609.651067][T10612] RBP: 00007f7c7372a090 R08: 0000000000000000 R09: 0000000000000000
[  609.651079][T10612] R10: 000000000000002b R11: 0000000000000246 R12: 0000000000000001
[  609.651091][T10612] R13: 0000000000000000 R14: 00007f7c72bb5fa0 R15: 00007fffd085af78
[  609.651127][T10612]  </TASK>
[  610.000819][T10607] bond2: (slave veth3): Enslaving as an active interface with a down link
[  610.022615][T10610] bond2: (slave veth0_to_bond): making interface the new active one
[  610.033311][T10610] veth0_to_bond: entered promiscuous mode
[  610.040750][T10610] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  610.112222][T10601] vlan2: entered allmulticast mode
[  610.118171][T10601] veth1: entered allmulticast mode
[  610.130302][T10601] veth1: entered promiscuous mode
[  610.225227][T10601] veth1: left promiscuous mode
[  610.422771][T10601] bond2: (slave vlan2): Enslaving as an active interface with an up link
[  611.311728][T10245] usb 2-1: new low-speed USB device number 19 using dummy_hcd
[  611.473856][T10245] usb 2-1: unable to get BOS descriptor or descriptor too short
[  611.495290][T10245] usb 2-1: config 1 has an invalid descriptor of length 207, skipping remainder of the config
[  611.518309][T10649] overlayfs: overlapping lowerdir path
[  611.527503][T10245] usb 2-1: config 1 interface 0 altsetting 248 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  611.551928][T10648] FAULT_INJECTION: forcing a failure.
[  611.551928][T10648] name failslab, interval 1, probability 0, space 0, times 0
[  611.605399][T10245] usb 2-1: config 1 interface 0 has no altsetting 0
[  611.613580][T10648] CPU: 0 UID: 0 PID: 10648 Comm: syz.2.1342 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  611.613609][T10648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  611.613622][T10648] Call Trace:
[  611.613629][T10648]  <TASK>
[  611.613638][T10648]  dump_stack_lvl+0x189/0x250
[  611.613674][T10648]  ? __pfx____ratelimit+0x10/0x10
[  611.613702][T10648]  ? __pfx_dump_stack_lvl+0x10/0x10
[  611.613731][T10648]  ? __pfx__printk+0x10/0x10
[  611.613760][T10648]  ? __pfx___might_resched+0x10/0x10
[  611.613795][T10648]  should_fail_ex+0x414/0x560
[  611.613824][T10648]  ? traverse+0xd9/0x570
[  611.613842][T10648]  should_failslab+0xa8/0x100
[  611.613871][T10648]  __kvmalloc_node_noprof+0x161/0x5f0
[  611.613897][T10648]  ? traverse+0xd9/0x570
[  611.613922][T10648]  traverse+0xd9/0x570
[  611.613951][T10648]  ? __lock_acquire+0xab9/0xd20
[  611.613981][T10648]  seq_read_iter+0xcfe/0xe10
[  611.614015][T10648]  ? __asan_memset+0x22/0x50
[  611.614042][T10648]  seq_read+0x2e2/0x3d0
[  611.614060][T10648]  ? __lock_acquire+0xab9/0xd20
[  611.614095][T10648]  ? __pfx_seq_read+0x10/0x10
[  611.614123][T10648]  ? __import_iovec+0x5d4/0x7f0
[  611.614164][T10648]  ? __pfx_seq_read+0x10/0x10
[  611.614181][T10648]  proc_reg_read+0x1e6/0x2e0
[  611.614203][T10648]  vfs_readv+0x5aa/0x850
[  611.614230][T10648]  ? __pfx_proc_reg_read+0x10/0x10
[  611.614253][T10648]  ? __pfx_vfs_readv+0x10/0x10
[  611.614298][T10648]  ? __fget_files+0x2a/0x420
[  611.614330][T10648]  ? __fget_files+0x3a0/0x420
[  611.614354][T10648]  ? __fget_files+0x2a/0x420
[  611.614390][T10648]  __x64_sys_preadv+0x197/0x2a0
[  611.614419][T10648]  ? __pfx___x64_sys_preadv+0x10/0x10
[  611.614460][T10648]  ? rcu_is_watching+0x15/0xb0
[  611.614494][T10648]  ? do_syscall_64+0xbe/0x3b0
[  611.614527][T10648]  do_syscall_64+0xfa/0x3b0
[  611.614553][T10648]  ? lockdep_hardirqs_on+0x9c/0x150
[  611.614580][T10648]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.614599][T10648]  ? clear_bhb_loop+0x60/0xb0
[  611.614623][T10648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.614643][T10648] RIP: 0033:0x7fcf05d8e929
[  611.614662][T10648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  611.614680][T10648] RSP: 002b:00007fcf06b1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  611.614703][T10648] RAX: ffffffffffffffda RBX: 00007fcf05fb5fa0 RCX: 00007fcf05d8e929
[  611.614718][T10648] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003
[  611.614731][T10648] RBP: 00007fcf06b1f090 R08: 0000000000003b16 R09: 0000000000000000
[  611.614744][T10648] R10: 000000000000008f R11: 0000000000000246 R12: 0000000000000001
[  611.614757][T10648] R13: 0000000000000000 R14: 00007fcf05fb5fa0 R15: 00007ffc5f77d908
[  611.614790][T10648]  </TASK>
[  611.625584][T10245] usb 2-1: string descriptor 0 read error: -22
[  612.035909][T10245] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  612.049914][T10245] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.086259][T10245] usb 2-1: bad CDC descriptors
[  612.224161][T10656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1344'.
[  612.367109][   T10] usb 2-1: USB disconnect, device number 19
[  618.203724][T10678] autofs: Unknown parameter './file1'
[  619.309333][T10693] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1356'.
[  619.351873][T10696] FAULT_INJECTION: forcing a failure.
[  619.351873][T10696] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  619.386541][T10696] CPU: 1 UID: 0 PID: 10696 Comm: syz.3.1355 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  619.386571][T10696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  619.386582][T10696] Call Trace:
[  619.386590][T10696]  <TASK>
[  619.386599][T10696]  dump_stack_lvl+0x189/0x250
[  619.386631][T10696]  ? __pfx____ratelimit+0x10/0x10
[  619.386658][T10696]  ? __pfx_dump_stack_lvl+0x10/0x10
[  619.386685][T10696]  ? __pfx__printk+0x10/0x10
[  619.386704][T10696]  ? __might_fault+0xb0/0x130
[  619.386739][T10696]  should_fail_ex+0x414/0x560
[  619.386766][T10696]  _copy_from_iter+0x1db/0x16f0
[  619.386793][T10696]  ? __lock_acquire+0xab9/0xd20
[  619.386828][T10696]  ? __pfx__copy_from_iter+0x10/0x10
[  619.386871][T10696]  tun_get_user+0x20f/0x3ce0
[  619.386901][T10696]  ? __lock_acquire+0xab9/0xd20
[  619.386935][T10696]  ? __might_fault+0xb0/0x130
[  619.386959][T10696]  ? __pfx_tun_get_user+0x10/0x10
[  619.386993][T10696]  ? __lock_acquire+0xab9/0xd20
[  619.387023][T10696]  ? ref_tracker_alloc+0x318/0x460
[  619.387044][T10696]  ? __lock_acquire+0xab9/0xd20
[  619.387069][T10696]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  619.387097][T10696]  ? tun_get+0x1c/0x2f0
[  619.387129][T10696]  ? tun_get+0x1c/0x2f0
[  619.387152][T10696]  ? tun_get+0x1c/0x2f0
[  619.387182][T10696]  tun_chr_write_iter+0x113/0x200
[  619.387210][T10696]  vfs_write+0x54b/0xa90
[  619.387238][T10696]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  619.387264][T10696]  ? __pfx_vfs_write+0x10/0x10
[  619.387296][T10696]  ? __fget_files+0x2a/0x420
[  619.387331][T10696]  ksys_write+0x145/0x250
[  619.387366][T10696]  ? __pfx_ksys_write+0x10/0x10
[  619.387393][T10696]  ? do_syscall_64+0xbe/0x3b0
[  619.387424][T10696]  do_syscall_64+0xfa/0x3b0
[  619.387454][T10696]  ? lockdep_hardirqs_on+0x9c/0x150
[  619.387479][T10696]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  619.387498][T10696]  ? clear_bhb_loop+0x60/0xb0
[  619.387521][T10696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  619.387539][T10696] RIP: 0033:0x7fd9a118e929
[  619.387557][T10696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  619.387574][T10696] RSP: 002b:00007fd9a2060038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  619.387595][T10696] RAX: ffffffffffffffda RBX: 00007fd9a13b6080 RCX: 00007fd9a118e929
[  619.387609][T10696] RDX: 0000000000000072 RSI: 0000200000000100 RDI: 0000000000000004
[  619.387621][T10696] RBP: 00007fd9a2060090 R08: 0000000000000000 R09: 0000000000000000
[  619.387633][T10696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  619.387644][T10696] R13: 0000000000000001 R14: 00007fd9a13b6080 R15: 00007ffe8e4b9dc8
[  619.387674][T10696]  </TASK>
[  619.412022][T10695] netlink: 'syz.1.1357': attribute type 39 has an invalid length.
[  620.599094][   T10] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  620.703771][   T10] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  620.861284][ T5919] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  622.469957][T10712] fido_id[10712]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  622.924074][T10725] loop9: detected capacity change from 0 to 7
[  622.933835][T10725] buffer_io_error: 9 callbacks suppressed
[  622.939911][T10725] Buffer I/O error on dev loop9, logical block 0, async page read
[  622.949375][T10725] Buffer I/O error on dev loop9, logical block 0, async page read
[  622.971335][T10725] Buffer I/O error on dev loop9, logical block 0, async page read
[  622.991323][T10725] Buffer I/O error on dev loop9, logical block 0, async page read
[  623.980448][T10727] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  623.989738][T10725] Buffer I/O error on dev loop9, logical block 0, async page read
[  624.000135][T10726] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1365'.
[  624.011517][T10725] Buffer I/O error on dev loop9, logical block 0, async page read
[  624.021364][T10725] Buffer I/O error on dev loop9, logical block 0, async page read
[  624.030136][T10725] ldm_validate_partition_table(): Disk read failed.
[  624.045182][T10725] Buffer I/O error on dev loop9, logical block 0, async page read
[  624.054606][T10725] Buffer I/O error on dev loop9, logical block 0, async page read
[  624.065737][T10725] Buffer I/O error on dev loop9, logical block 0, async page read
[  624.123682][T10725] Dev loop9: unable to read RDB block 0
[  624.129932][T10725]  loop9: unable to read partition table
[  624.137442][T10725] loop9: partition table beyond EOD, truncated
[  624.143843][T10725] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  624.143843][T10725] 
) failed (rc=-5)
[  624.176419][T10725] 9pnet_fd: Insufficient options for proto=fd
[  625.086508][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  625.097608][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  626.528148][T10742] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  627.761791][T10763] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1375'.
[  627.980000][T10771] random: crng reseeded on system resumption
[  627.986377][T10773] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1377'.
[  628.082741][T10771] overlay: Bad value for 'workdir'
[  628.094366][   T10] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  628.120145][T10771] 9pnet_fd: Insufficient options for proto=fd
[  628.132473][T10771] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1378'.
[  628.466207][   T10] usb 7-1: config index 0 descriptor too short (expected 65535, got 27)
[  628.504683][T10780] loop9: detected capacity change from 0 to 7
[  628.523482][T10780] buffer_io_error: 9 callbacks suppressed
[  628.529741][T10780] Buffer I/O error on dev loop9, logical block 0, async page read
[  628.539545][T10780] Buffer I/O error on dev loop9, logical block 0, async page read
[  628.553055][T10780] Buffer I/O error on dev loop9, logical block 0, async page read
[  628.563292][T10780] Buffer I/O error on dev loop9, logical block 0, async page read
[  628.573689][T10780] Buffer I/O error on dev loop9, logical block 0, async page read
[  628.654786][T10780] Buffer I/O error on dev loop9, logical block 0, async page read
[  628.665433][T10780] Buffer I/O error on dev loop9, logical block 0, async page read
[  628.675355][T10780] ldm_validate_partition_table(): Disk read failed.
[  628.683482][T10780] Buffer I/O error on dev loop9, logical block 0, async page read
[  628.693409][T10780] Buffer I/O error on dev loop9, logical block 0, async page read
[  628.703503][T10780] Buffer I/O error on dev loop9, logical block 0, async page read
[  628.716464][T10780] Dev loop9: unable to read RDB block 0
[  628.728663][T10780]  loop9: unable to read partition table
[  628.737616][T10780] loop9: partition table beyond EOD, truncated
[  628.745463][T10780] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  628.745463][T10780] 
) failed (rc=-5)
[  628.830365][T10780] 9pnet_fd: Insufficient options for proto=fd
[  628.845096][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  628.875424][   T10] usb 7-1: config 0 has no interfaces?
[  630.476664][   T10] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  630.611466][   T10] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  630.681629][   T10] usb 7-1: Product: syz
[  630.686025][   T10] usb 7-1: Manufacturer: syz
[  630.744967][   T10] usb 7-1: SerialNumber: syz
[  630.799509][   T10] usb 7-1: config 0 descriptor??
[  630.962674][   T10] usb 7-1: can't set config #0, error -71
[  630.998866][   T10] usb 7-1: USB disconnect, device number 8
[  633.540864][ T5912] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[  634.493869][ T5912] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  634.591605][ T5912] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  634.612371][T10802] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  634.625578][ T5912] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  634.693785][ T5912] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  634.735984][ T5912] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.756386][ T5912] usb 7-1: Product: syz
[  634.760723][ T5912] usb 7-1: Manufacturer: syz
[  634.798085][ T5912] usb 7-1: SerialNumber: syz
[  634.819682][ T5912] usb 7-1: config 0 descriptor??
[  634.821969][T10814] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1389'.
[  634.827789][T10799] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  634.894218][ T5912] usb 7-1: ucan: probing device on interface #0
[  634.900722][ T5912] usb 7-1: ucan: invalid endpoint configuration
[  634.907618][ T6444] veth0_to_bond: left promiscuous mode
[  634.965246][ T5912] usb 7-1: ucan: probe failed; try to update the device firmware
[  635.038368][T10817] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  635.094537][   T10] usb 7-1: USB disconnect, device number 9
[  635.541443][T10825] loop9: detected capacity change from 0 to 7
[  635.555379][T10825] buffer_io_error: 9 callbacks suppressed
[  635.561745][T10825] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.571612][T10825] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.582221][T10825] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.594283][T10825] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.605150][T10825] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.617439][T10825] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.627970][T10825] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.712026][T10825] ldm_validate_partition_table(): Disk read failed.
[  635.718749][T10825] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.727375][T10825] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.735867][T10825] Buffer I/O error on dev loop9, logical block 0, async page read
[  635.744560][T10825] Dev loop9: unable to read RDB block 0
[  635.750532][T10825]  loop9: unable to read partition table
[  635.756627][T10825] loop9: partition table beyond EOD, truncated
[  635.762937][T10825] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  635.762937][T10825] 
) failed (rc=-5)
[  635.787238][T10821] 9pnet_fd: Insufficient options for proto=fd
[  636.262560][T10828] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  636.270343][T10828] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  636.452512][T10836] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1393'.
[  636.592786][T10835] syzkaller0: entered promiscuous mode
[  636.630941][T10835] syzkaller0: entered allmulticast mode
[  637.091536][   T51] Bluetooth: hci5: command 0x0406 tx timeout
[  638.191496][   T31] INFO: task syz.4.1038:9596 blocked for more than 145 seconds.
[  638.200194][   T31]       Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0
[  638.208900][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  638.218995][   T31] task:syz.4.1038      state:D stack:26920 pid:9596  tgid:9594  ppid:5819   task_flags:0x400740 flags:0x00004004
[  638.245868][   T31] Call Trace:
[  638.249982][   T31]  <TASK>
[  638.260377][   T31]  __schedule+0x16a2/0x4cb0
[  638.286835][   T31]  ? schedule+0x165/0x360
[  638.304208][   T31]  ? __pfx___schedule+0x10/0x10
[  638.309188][   T31]  ? schedule+0x91/0x360
[  638.329983][   T31]  schedule+0x165/0x360
[  638.335510][   T31]  schedule_timeout+0x9a/0x270
[  638.340552][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  638.384945][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  638.399876][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  638.579535][   T31]  __wait_for_common+0x3da/0x710
[  638.588392][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  638.597378][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  638.607910][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  638.613975][   T31]  wait_for_completion_state+0x1c/0x40
[  638.620914][   T31]  do_coredump+0x831/0x3440
[  638.628843][   T31]  ? __pfx_do_coredump+0x10/0x10
[  638.634097][   T10] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  638.645930][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  638.654047][   T31]  ? kasan_save_track+0x4f/0x80
[  638.659443][   T31]  ? kasan_save_track+0x3e/0x80
[  638.668783][   T31]  ? kasan_save_free_info+0x46/0x50
[  638.886218][   T10] usb 4-1: Using ep0 maxpacket: 8
[  639.263063][   T31]  ? __kasan_slab_free+0x62/0x70
[  639.268303][   T31]  ? kmem_cache_free+0x18f/0x400
[  639.273729][   T31]  ? get_signal+0xa2b/0x1310
[  639.278542][   T31]  ? arch_do_signal_or_restart+0x9a/0x750
[  639.372137][   T31]  ? exit_to_user_mode_loop+0x75/0x110
[  639.380830][   T10] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  639.399483][   T31]  ? do_syscall_64+0x2bd/0x3b0
[  639.404460][   T10] usb 4-1: config 179 has no interface number 0
[  639.411274][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.418093][   T10] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  639.430531][   T31]  ? proc_coredump_connector+0x172/0x4b0
[  639.436665][   T31]  ? __pfx_proc_coredump_connector+0x10/0x10
[  639.443190][   T10] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  639.460523][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  639.486820][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  639.492703][   T10] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  639.515164][   T31]  get_signal+0x10d9/0x1310
[  639.521636][   T31]  arch_do_signal_or_restart+0x9a/0x750
[  639.527370][   T10] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  639.546141][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  639.561363][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  639.570542][   T10] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  639.585522][   T31]  exit_to_user_mode_loop+0x75/0x110
[  639.602241][   T31]  do_syscall_64+0x2bd/0x3b0
[  639.609736][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.619986][   T10] usb 4-1: config 179 interface 65 has no altsetting 0
[  639.631415][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  639.643490][   T10] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  639.655349][   T31]  ? clear_bhb_loop+0x60/0xb0
[  639.662422][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.668769][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.681267][   T31] RIP: 0033:0x7f47c538e929
[  639.687009][   T31] RSP: 002b:00007f47c61290e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  639.739000][   T31] RAX: ffffffffffffffda RBX: 00007f47c55b6088 RCX: 00007f47c538e929
[  639.769972][   T10] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input15
[  639.810051][   T31] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f47c55b608c
[  639.838258][   T31] RBP: 00007f47c55b6080 R08: 7fffffffffffffff R09: 0000000000000000
[  639.876577][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c55b608c
[  639.894816][   T31] R13: 0000000000000000 R14: 00007ffd9f3fd550 R15: 00007ffd9f3fd638
[  639.916519][ T5173] input input15: unable to receive magic message: -110
[  639.937141][   T31]  </TASK>
[  639.940422][   T31] 
[  639.940422][   T31] Showing all locks held in the system:
[  639.956209][   T31] 1 lock held by khungtaskd/31:
[  640.020733][   T31]  #0: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  640.032393][   T31] 1 lock held by acpid/5173:
[  640.037588][   T31]  #0: ffffffff8e144978 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  640.051404][   T31] 2 locks held by getty/5582:
[  640.057634][   T31]  #0: ffff88814c5e40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  640.070180][   T31]  #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  640.103568][   T31] 3 locks held by kworker/u8:24/6438:
[  640.142911][   T31]  #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  640.186500][   T31]  #1: ffffc9001ae3fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  640.240668][   T31]  #2: ffffffff8f4fd9c8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  640.309730][   T31] 3 locks held by kworker/1:0/10245:
[  640.337504][   T31] 2 locks held by syz.1.1368/10749:
[  640.360509][   T31] 1 lock held by syz.5.1392/10838:
[  640.377823][   T31] 2 locks held by syz.6.1395/10835:
[  640.396090][   T31]  #0: ffffffff8f4fd9c8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  640.431895][   T31]  #1: ffffffff8e144978 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  640.475255][   T31] 1 lock held by dhcpcd/10850:
[  640.480164][   T31]  #0: ffff88806522a008 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  640.492001][   T31] 1 lock held by dhcpcd/10852:
[  640.496900][   T31]  #0: ffff8880591e2608 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  640.510614][   T31] 2 locks held by syz.3.1399/10856:
[  640.517280][   T31]  #0: ffffffff8f563b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  640.533743][   T31]  #1: ffffffff8f4fd9c8 (rtnl_mutex){+.+.}-{4:4}, at: ethnl_set_features+0x20e/0xc50
[  640.551234][   T31] 1 lock held by dhcpcd/10860:
[  640.556356][   T31]  #0: ffff888039438258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  640.579353][   T31] 1 lock held by dhcpcd/10861:
[  640.606347][   T31]  #0: ffff888028284258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  640.663879][   T31] 
[  640.678792][   T31] =============================================
[  640.678792][   T31] 
[  640.756785][   T31] NMI backtrace for cpu 0
[  640.756810][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  640.756844][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  640.756856][   T31] Call Trace:
[  640.756866][   T31]  <TASK>
[  640.756875][   T31]  dump_stack_lvl+0x189/0x250
[  640.756912][   T31]  ? __wake_up_klogd+0xd9/0x110
[  640.756937][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  640.756966][   T31]  ? __pfx__printk+0x10/0x10
[  640.757000][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  640.757028][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  640.757055][   T31]  ? _printk+0xcf/0x120
[  640.757079][   T31]  ? __pfx__printk+0x10/0x10
[  640.757102][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  640.757130][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  640.757156][   T31]  watchdog+0xfee/0x1030
[  640.757184][   T31]  ? watchdog+0x1de/0x1030
[  640.757231][   T31]  kthread+0x70e/0x8a0
[  640.757257][   T31]  ? __pfx_watchdog+0x10/0x10
[  640.757280][   T31]  ? __pfx_kthread+0x10/0x10
[  640.757303][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  640.757329][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  640.757350][   T31]  ? __pfx_kthread+0x10/0x10
[  640.757371][   T31]  ret_from_fork+0x3fc/0x770
[  640.757398][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  640.757429][   T31]  ? __switch_to_asm+0x39/0x70
[  640.757446][   T31]  ? __switch_to_asm+0x33/0x70
[  640.757462][   T31]  ? __pfx_kthread+0x10/0x10
[  640.757483][   T31]  ret_from_fork_asm+0x1a/0x30
[  640.757517][   T31]  </TASK>
[  640.757566][   T31] Sending NMI from CPU 0 to CPUs 1:
[  640.842389][ T5173] input input15: unable to receive magic message: -32
[  640.848528][    C1] NMI backtrace for cpu 1
[  640.848549][    C1] CPU: 1 UID: 0 PID: 5173 Comm: acpid Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  640.848570][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  640.848579][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x5d/0x70
[  640.848603][    C1] Code: 18 16 00 00 83 fa 02 75 21 48 8b 91 20 16 00 00 48 8b 32 48 8d 7e 01 8b 89 1c 16 00 00 48 39 cf 73 08 48 89 3a 48 89 44 f2 08 <e9> 8e 74 a2 09 cc 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90
[  640.848617][    C1] RSP: 0018:ffffc90000a08a78 EFLAGS: 00000006
[  640.848635][    C1] RAX: ffffffff81aeba45 RBX: ffff888032444e78 RCX: ffff88807f701e00
[  640.848649][    C1] RDX: 0000000000010000 RSI: 0000000000000018 RDI: 0000000000000040
[  640.848659][    C1] RBP: ffffc90000a08b30 R08: 0000000000000000 R09: ffffffff81aeb942
[  640.848671][    C1] R10: dffffc0000000000 R11: ffffffff81679410 R12: 000000000001e834
[  640.848682][    C1] R13: ffffffffffffffff R14: 0039c29bd2aaf88e R15: 0000000000000018
[  640.848694][    C1] FS:  00007f673a5c9740(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000
[  640.848707][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  640.848717][    C1] CR2: 000055c7f60a8168 CR3: 00000000341f0000 CR4: 00000000003526f0
[  640.848733][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  640.848743][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  640.848753][    C1] Call Trace:
[  640.848761][    C1]  <IRQ>
[  640.848767][    C1]  ktime_get_ts64+0x1a5/0x3d0
[  640.848790][    C1]  ? __pfx_ktime_get_ts64+0x10/0x10
[  640.848810][    C1]  snd_seq_timer_interrupt+0x31b/0x430
[  640.848830][    C1]  ? __pfx_snd_seq_timer_interrupt+0x10/0x10
[  640.848847][    C1]  snd_timer_process_callbacks+0x225/0x2f0
[  640.848872][    C1]  snd_timer_interrupt+0xed9/0x1090
[  640.848899][    C1]  snd_hrtimer_callback+0x222/0x380
[  640.848935][    C1]  ? __pfx_snd_hrtimer_callback+0x10/0x10
[  640.848956][    C1]  __hrtimer_run_queues+0x529/0xc60
[  640.848985][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  640.849004][    C1]  ? read_tsc+0x9/0x20
[  640.849026][    C1]  hrtimer_interrupt+0x45b/0xaa0
[  640.849058][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  640.849083][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  640.849104][    C1]  </IRQ>
[  640.849110][    C1]  <TASK>
[  640.849116][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  640.849133][    C1] RIP: 0010:vprintk_emit+0x58f/0x7a0
[  640.849154][    C1] Code: 85 32 01 00 00 e8 e1 63 1f 00 41 89 df 4d 85 f6 48 8b 1c 24 75 07 e8 d0 63 1f 00 eb 06 e8 c9 63 1f 00 fb 48 c7 c7 e0 30 13 8e <31> f6 ba 01 00 00 00 31 c9 41 b8 01 00 00 00 45 31 c9 53 e8 b9 36
[  640.849167][    C1] RSP: 0018:ffffc90002ed71c0 EFLAGS: 00000293
[  640.849181][    C1] RAX: ffffffff81a0e9a7 RBX: ffffffff81a0e864 RCX: ffff88807f701e00
[  640.849192][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e1330e0
[  640.849202][    C1] RBP: ffffc90002ed72d0 R08: ffffffff8f9fdff7 R09: 1ffffffff1f3fbfe
[  640.849215][    C1] R10: dffffc0000000000 R11: fffffbfff1f3fbff R12: dffffc0000000000
[  640.849226][    C1] R13: 1ffff920005dae3c R14: 0000000000000200 R15: 0000000000000033
[  640.849239][    C1]  ? vprintk_emit+0x444/0x7a0
[  640.849261][    C1]  ? vprintk_emit+0x587/0x7a0
[  640.849285][    C1]  ? vprintk_emit+0x444/0x7a0
[  640.849308][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  640.849331][    C1]  ? __pfx_snprintf+0x10/0x10
[  640.849356][    C1]  dev_vprintk_emit+0x337/0x3f0
[  640.849381][    C1]  ? __pfx_dev_vprintk_emit+0x10/0x10
[  640.849401][    C1]  ? kfree+0x18e/0x440
[  640.849419][    C1]  ? do_filp_open+0x1fa/0x410
[  640.849433][    C1]  ? do_sys_openat2+0x121/0x1c0
[  640.849453][    C1]  ? __x64_sys_openat+0x138/0x170
[  640.849473][    C1]  ? do_syscall_64+0xfa/0x3b0
[  640.849499][    C1]  dev_printk_emit+0xe0/0x130
[  640.849525][    C1]  ? __pfx_dev_printk_emit+0x10/0x10
[  640.849550][    C1]  ? __dev_printk+0x131/0x190
[  640.849568][    C1]  _dev_warn+0x10a/0x160
[  640.849584][    C1]  ? __pfx__dev_warn+0x10/0x10
[  640.849600][    C1]  ? usb_control_msg_recv+0x132/0x170
[  640.849623][    C1]  xpad_start_input+0x29d/0x2f0
[  640.849648][    C1]  ? __pfx_xpad_start_input+0x10/0x10
[  640.849680][    C1]  ? do_raw_spin_lock+0x121/0x290
[  640.849700][    C1]  input_open_device+0x1c2/0x360
[  640.849724][    C1]  evdev_open+0x4ac/0x5a0
[  640.849743][    C1]  chrdev_open+0x4cc/0x5e0
[  640.849764][    C1]  ? __pfx_chrdev_open+0x10/0x10
[  640.849789][    C1]  ? __pfx_chrdev_open+0x10/0x10
[  640.849807][    C1]  do_dentry_open+0xdf3/0x1970
[  640.849835][    C1]  vfs_open+0x3b/0x340
[  640.849854][    C1]  ? path_openat+0x2ecd/0x3830
[  640.849870][    C1]  path_openat+0x2ee5/0x3830
[  640.849884][    C1]  ? arch_stack_walk+0xfc/0x150
[  640.849983][    C1]  ? __pfx_path_openat+0x10/0x10
[  640.849997][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.850020][    C1]  do_filp_open+0x1fa/0x410
[  640.850035][    C1]  ? __lock_acquire+0xab9/0xd20
[  640.850055][    C1]  ? __pfx_do_filp_open+0x10/0x10
[  640.850081][    C1]  ? _raw_spin_unlock+0x28/0x50
[  640.850099][    C1]  ? alloc_fd+0x64c/0x6c0
[  640.850122][    C1]  do_sys_openat2+0x121/0x1c0
[  640.850144][    C1]  ? __pfx_do_sys_openat2+0x10/0x10
[  640.850168][    C1]  ? rcu_is_watching+0x15/0xb0
[  640.850191][    C1]  __x64_sys_openat+0x138/0x170
[  640.850217][    C1]  do_syscall_64+0xfa/0x3b0
[  640.850238][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.850252][    C1]  ? asm_sysvec_call_function_single+0x1a/0x20
[  640.850267][    C1]  ? clear_bhb_loop+0x60/0xb0
[  640.850284][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.850299][    C1] RIP: 0033:0x7f673a653407
[  640.850313][    C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  640.850325][    C1] RSP: 002b:00007fffa47d1170 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  640.850341][    C1] RAX: ffffffffffffffda RBX: 00007f673a5c9740 RCX: 00007f673a653407
[  640.850354][    C1] RDX: 0000000000080800 RSI: 00007fffa47d1380 RDI: ffffffffffffff9c
[  640.850364][    C1] RBP: 00007fffa47d1380 R08: 0000000000000000 R09: 0000000000000000
[  640.850373][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000080
[  640.850383][    C1] R13: 00007fffa47d1480 R14: 00005558b6d697fe R15: 00007fffa47d14c0
[  640.850401][    C1]  </TASK>
[  641.494932][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  641.494955][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  641.494979][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  641.494990][   T31] Call Trace:
[  641.495001][   T31]  <TASK>
[  641.495010][   T31]  dump_stack_lvl+0x99/0x250
[  641.495047][   T31]  ? __asan_memcpy+0x40/0x70
[  641.495067][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  641.495093][   T31]  ? __pfx__printk+0x10/0x10
[  641.495125][   T31]  panic+0x2db/0x790
[  641.495155][   T31]  ? __pfx_panic+0x10/0x10
[  641.495178][   T31]  ? __pfx_delay_tsc+0x10/0x10
[  641.495197][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  641.495227][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  641.495249][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  641.495278][   T31]  watchdog+0x102d/0x1030
[  641.495304][   T31]  ? watchdog+0x1de/0x1030
[  641.495346][   T31]  kthread+0x70e/0x8a0
[  641.495369][   T31]  ? __pfx_watchdog+0x10/0x10
[  641.495390][   T31]  ? __pfx_kthread+0x10/0x10
[  641.495411][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  641.495434][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  641.495457][   T31]  ? __pfx_kthread+0x10/0x10
[  641.495477][   T31]  ret_from_fork+0x3fc/0x770
[  641.495503][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  641.495532][   T31]  ? __switch_to_asm+0x39/0x70
[  641.495548][   T31]  ? __switch_to_asm+0x33/0x70
[  641.495564][   T31]  ? __pfx_kthread+0x10/0x10
[  641.495584][   T31]  ret_from_fork_asm+0x1a/0x30
[  641.495617][   T31]  </TASK>
[  641.500726][   T31] Kernel Offset: disabled