last executing test programs:

4m34.000604018s ago: executing program 2 (id=682):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x17, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x8094)

4m32.635254062s ago: executing program 2 (id=685):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, <r3=>r1})
ioctl$DMA_BUF_SET_NAME_A(r3, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
unshare(0x600)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x7, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x7, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x20, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x6, 0x7, 0x5, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x6, 0x6, 0x0, 0x8, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x1007, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x40, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x200009, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x3ff, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x200, 0x1fd, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x7ff, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xfffc, 0xa620, 0x1, 0x5, 0x801, 0x2000002, 0x150, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x9, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x7ff, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) (fail_nth: 3)

2m55.102509143s ago: executing program 2 (id=688):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f00000000c0)=0xe85)
symlinkat(&(0x7f0000000380)='./file8/file0\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file6\x00')

2m55.091424339s ago: executing program 2 (id=692):
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
timerfd_create(0x7, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0x8, 0x7f}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xe, 0x4, 0x7, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffd}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xa, &(0x7f0000000280)=ANY=[@ANYBLOB="1808000000ed000000000000feffffff851000000600000018100000", @ANYRES32=r0, @ANYBLOB="00000000000000002408000001b000001800000066e90000000000000000000095000000000000009500"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x5}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001400070010000800130008000000080012"], 0x44}, 0x1, 0x0, 0x0, 0x3d633ef5b9448d59}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
gettid()
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x4, 0xfffefffe}, &(0x7f0000000100), &(0x7f0000000140))
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x38}}, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118)

2m55.087223086s ago: executing program 2 (id=698):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x402200, 0x0)
ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000400))
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYRES64], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0xfffffffffffffea9, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x18)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)=ANY=[@ANYBLOB="02ba0900000c00"/17], 0x10}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
r5 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r5, &(0x7f0000001600)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x86)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f0000000040)=[{&(0x7f0000019800)="480000001500190d09b6004beafd0000000084476080ffe00600000000590000a2bc5603ca00eb4809ff5bffff00c7e5ed5e00000000000000000000000000000000000100000000", 0x48}], 0x1)
setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000180)=ANY=[], 0x841, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000006c0)={0x2, &(0x7f0000000540)=[{0x800, 0x40, 0x3, 0xec}, {0xd8, 0x8, 0x3, 0x2}]})
lgetxattr(&(0x7f0000000240)='./file1\x00', &(0x7f0000000040)=@known='trusted.overlay.upper\x00', 0x0, 0xfb)

2m54.829706998s ago: executing program 2 (id=701):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2)
close(r0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000c40)='./file1\x00', &(0x7f00000000c0), 0x200000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xc, 0xffffffff, &(0x7f0000000280))
socket$kcm(0x10, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010028bd7000fcdbdf252100000008000300", @ANYRES32=r4, @ANYBLOB="14002c800b"], 0x30}, 0x1, 0x0, 0x0, 0x14001}, 0x9590f6cc3ea35512)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$packet(0x11, 0x2, 0x300)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010100060000000000002b00000008000300", @ANYRES32=r8, @ANYBLOB="040046000a0034000101010101010000080026006c0900000800270001000000300051"], 0x6c}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000400)={{0x1, 0x1, 0x18, <r9=>r5, {0x7}}, './file0\x00'})
getdents64(r9, &(0x7f0000000440)=""/39, 0x27)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r10=>0x0}, 0x0)
setresuid(r10, 0x0, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00@\x00', @ANYRES16=0x0, @ANYBLOB="020026bd7000fbdbdf250100000000000000014100000018001700000010000080017564703a73797a3000000000"], 0x34}, 0x1, 0x0, 0x0, 0x20008004}, 0x88c5)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x20001, &(0x7f0000000240)={[{@volatile}, {@verity_require}, {@volatile}, {@userxattr}, {@uuid_auto}, {@uuid_off}, {@default_permissions}], [{@measure}, {@uid_lt={'uid<', r10}}, {@subj_type}, {@dont_hash}, {@uid_lt={'uid<', 0xee01}}, {@hash}, {@measure}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@obj_type={'obj_type', 0x3d, ')d+{'}}]})
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
setsockopt$packet_int(r5, 0x107, 0x13, &(0x7f0000000080)=0x8, 0x4)
write(0xffffffffffffffff, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
socket$inet_tcp(0x2, 0x1, 0x0)
r11 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r11, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)

2m39.794558187s ago: executing program 32 (id=701):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2)
close(r0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000c40)='./file1\x00', &(0x7f00000000c0), 0x200000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xc, 0xffffffff, &(0x7f0000000280))
socket$kcm(0x10, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010028bd7000fcdbdf252100000008000300", @ANYRES32=r4, @ANYBLOB="14002c800b"], 0x30}, 0x1, 0x0, 0x0, 0x14001}, 0x9590f6cc3ea35512)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$packet(0x11, 0x2, 0x300)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010100060000000000002b00000008000300", @ANYRES32=r8, @ANYBLOB="040046000a0034000101010101010000080026006c0900000800270001000000300051"], 0x6c}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000400)={{0x1, 0x1, 0x18, <r9=>r5, {0x7}}, './file0\x00'})
getdents64(r9, &(0x7f0000000440)=""/39, 0x27)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r10=>0x0}, 0x0)
setresuid(r10, 0x0, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00@\x00', @ANYRES16=0x0, @ANYBLOB="020026bd7000fbdbdf250100000000000000014100000018001700000010000080017564703a73797a3000000000"], 0x34}, 0x1, 0x0, 0x0, 0x20008004}, 0x88c5)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x20001, &(0x7f0000000240)={[{@volatile}, {@verity_require}, {@volatile}, {@userxattr}, {@uuid_auto}, {@uuid_off}, {@default_permissions}], [{@measure}, {@uid_lt={'uid<', r10}}, {@subj_type}, {@dont_hash}, {@uid_lt={'uid<', 0xee01}}, {@hash}, {@measure}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@obj_type={'obj_type', 0x3d, ')d+{'}}]})
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
setsockopt$packet_int(r5, 0x107, 0x13, &(0x7f0000000080)=0x8, 0x4)
write(0xffffffffffffffff, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
socket$inet_tcp(0x2, 0x1, 0x0)
r11 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r11, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)

1m13.626572227s ago: executing program 0 (id=968):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00')
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000480)='R', 0x1}, {0x0}], 0x2)
read$FUSE(r0, 0x0, 0xfdd1)
preadv(r0, &(0x7f0000000b00)=[{&(0x7f0000000300)=""/30, 0x1e}], 0x1, 0x80000001, 0x3)

1m12.75061435s ago: executing program 0 (id=971):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
socket(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x800000000000000}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x60, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x30, 0x2, [@TCA_BASIC_EMATCHES={0x2c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_META={0x1c, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}, [@TCA_EM_META_LVALUE={0x4}, @TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x1}, {0x5, 0x40}}}]}}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket(0x1e, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)

1m10.587196978s ago: executing program 0 (id=977):
r0 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000300)={0x80000000, &(0x7f0000000340)=[{}, {<r1=>0x80000000}], &(0x7f0000000380)=[{{}, {<r2=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000280)={r2, 0x0, &(0x7f00000004c0)=[{{<r3=>0x80000000, <r4=>0x0}}]})
ioctl$MEDIA_IOC_SETUP_LINK(r0, 0xc0347c03, &(0x7f000000a300)={{r1, r4, 0x15, [0x24, 0x7]}, {r3, 0x0, 0x1, [0xc19, 0xfffffff9]}, 0x1, [0x1]})

1m9.648987685s ago: executing program 0 (id=978):
r0 = syz_clone(0x1940380, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ptrace(0x10, r0)
ptrace$getsig(0x4202, r0, 0x4, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000480), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
rmdir(&(0x7f0000001040)='./file1\x00')
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
llistxattr(&(0x7f0000001400)='./file0\x00', 0x0, 0x0)
linkat(r1, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0)
unlink(&(0x7f0000000280)='./file1\x00')

1m6.924827107s ago: executing program 0 (id=985):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x5)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
r1 = socket$l2tp(0x2, 0x2, 0x73)
syz_open_procfs(0x0, 0x0)
recvfrom(r1, &(0x7f0000000480)=""/84, 0x54, 0x1, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000000c0))
pread64(0xffffffffffffffff, &(0x7f0000000100)=""/78, 0x4e, 0x0)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000140)={0xbf48ce7, "1803c809800000000800000000000000000000000000d63175876b4c69a600", <r3=>0xffffffffffffffff})
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000180), 0x40, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000280)={0x16c, "fa02c90a3a1e30dd00a1cfc31f552aad3900", <r4=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r3, <r5=>0xffffffffffffffff})
r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000000)={0x6, "34e6498c25f58dad9987ffe93bbabd18cf504a2700", <r7=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f00000000c0)={"0e337b42cc00d331ff0007000000000000001a00", r7, <r8=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000200)={"130f2672af9ee0452321864922cd3bebd7f9cec5064e58445f1268334b4900", r8})
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r9 = io_uring_setup(0x201, &(0x7f0000000000)={0x0, 0x4566, 0x10, 0x1, 0x3a6})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r9, 0xb, &(0x7f0000001240)=[@ioring_restriction_sqe_flags_required={0x3, 0x2}], 0x1)
openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)

1m5.396725784s ago: executing program 0 (id=990):
r0 = socket$pptp(0x18, 0x1, 0x2)
set_mempolicy(0x2002, &(0x7f0000000000)=0x9, 0x9)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000080)={0xbc, 0x1000, 0x2, 0x0, 0x0, [{{r0}, 0x3}, {{r1}, 0x6}]})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x3a, 0x37, 0x5, 0x20, 0x781, 0x5, 0x5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe6, 0x2, 0x1, 0x5b, 0xbd, 0x97, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'syz_tun\x00'})
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x4044094)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x2, 0x2, &(0x7f0000000040)=@raw=[@call={0x85, 0x0, 0x0, 0xae}, @exit], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2a}, 0x94)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), 0xffffffffffffffff)
pread64(r1, &(0x7f0000002180)=""/4105, 0x137, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = syz_io_uring_setup(0xa4d, &(0x7f0000000480)={0x0, 0x0, 0x80, 0x1, 0x24f}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2c, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x42, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, {0x2}})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)

1m4.777593766s ago: executing program 33 (id=990):
r0 = socket$pptp(0x18, 0x1, 0x2)
set_mempolicy(0x2002, &(0x7f0000000000)=0x9, 0x9)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000080)={0xbc, 0x1000, 0x2, 0x0, 0x0, [{{r0}, 0x3}, {{r1}, 0x6}]})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x3a, 0x37, 0x5, 0x20, 0x781, 0x5, 0x5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe6, 0x2, 0x1, 0x5b, 0xbd, 0x97, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'syz_tun\x00'})
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x4044094)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x2, 0x2, &(0x7f0000000040)=@raw=[@call={0x85, 0x0, 0x0, 0xae}, @exit], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2a}, 0x94)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), 0xffffffffffffffff)
pread64(r1, &(0x7f0000002180)=""/4105, 0x137, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = syz_io_uring_setup(0xa4d, &(0x7f0000000480)={0x0, 0x0, 0x80, 0x1, 0x24f}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2c, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x42, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, {0x2}})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)

17.420473497s ago: executing program 3 (id=1219):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r3 = syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)={0x48, r3, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_DSTLEN={0x8}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x760}, @SEG6_ATTR_DST={0x14, 0x1, @rand_addr=' \x01\x00'}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x5fa]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000)
read$FUSE(r2, &(0x7f0000006380)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000100)={0x50, 0x0, r4, {0x7, 0x1f, 0x1000001, 0x5069f481, 0xfffe, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef10542a2201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42731b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c32768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e179100a0000000000000021e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90a14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9edb6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc83cccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x24c01, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r6=>0x0)
io_submit(r6, 0x20, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r5, &(0x7f00000000c0)='!', 0xb7f40, 0x407f0b00}])
dup3(r5, r2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xb, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e2}, 0x94)

11.17294271s ago: executing program 3 (id=1233):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match', 0x400, 0x20)
write$UHID_INPUT(r3, 0x0, 0x0)
openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01000b0000ff1f000000070000000c0001800500020001"], 0x20}}, 0x0)

11.102234227s ago: executing program 5 (id=1234):
syz_emit_ethernet(0x52, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd308", 0x1c, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x4}, @generic={0x2, 0x2}]}}}}}}}}, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
socket$kcm(0x21, 0x2, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={0x24, 0x1, 0x4, 0x5, 0x0, 0x0, {0x3}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_FLAGS={0x6}]}, 0x24}}, 0x80)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x20, 0x1, 0x4, 0x101, 0x0, 0x0, {}, [@NFULA_CFG_MODE={0xa}]}, 0x20}}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="050000015ec2154fae9865ce5aa5b488ff0846aefe20767e8cdcb45ce717cac09dc6593b5f3b7e52bd95b4fb465c7f9db432814eeb18311b272b2fc275a641e24be67063dcbb421937c72515fc7549fc71dc08c686f01940f62d2479e558db315750ff370c0f909855b9b2972767dc49ba142969a960bc10742d649c81f11039ee1c7db670b1b1d9bcf71838b21b81436184ff934aa3c33fe82bde7e4b9bdd84b19d06c062c9e9d26e0ba65866ecaf2a09a9f4af2f5e0c6d45e9f032fdf769b3140210226e8121f4a0f42f567f1f7668fa19fe346998a33e1787a4753d0fa0deee2943b7458b55e91a1043fdc0c957", @ANYRES16=r2, @ANYBLOB="010080000000000000006600000008000300", @ANYRES32=r4, @ANYBLOB="08002600940900000800b70099000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x2)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa300000000000007030000f1feffff720af0fff8ffffff71a4f0ff0000000071102800000000001d400500000000004704000001ed00000f030000000000006f44000000000000730a00fe000000007203000000000006b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f18564a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccc99069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad24b89b6a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c87852730a3bd7ac923fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca4856ff03b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec860cde7c79f7b4d4e24c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b450100000001000000393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00400000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd599c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb80610eb37bd2d40ebdfed687f0b093e68f10b72146a0b749ee2105e2da94a288146abbbaf7c0b24fe0000000000000000f1a4f4de6a8d12dc9e71a20cbd412898586843b534d36e21379a8a06133c1babde9e5bd5b6afc5f684aada43ee560e800f58cb33b8483f6518abde7c86bd5d389c1b3c40fdd4bebe4adf87b1025ff57eb50984cc5bad9ea1c15484ea627c3c1501d612ed65939266e7332966f03e0376076e7c5dfe25f367dda7f69db89829b360dd2f59cbaad10f13e269eca792725bbacb96aa0a5c426ca76f84322661"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffa3}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r6, 0x9201, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)

9.326879821s ago: executing program 5 (id=1239):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000048c0), 0x0, 0x20000001)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x400)
pipe(0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0xff, 0x0, 0x0, 0x41000, 0x63, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0x9}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
unshare(0x2c020400)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmmsg$sock(r0, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r0, 0x1)
sigaltstack(0x0, &(0x7f00000000c0)={0x0})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r7, 0x0, 0x40004)
socket(0x10, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()

9.258579237s ago: executing program 6 (id=1240):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000048c0), 0x0, 0x20000001)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x400)
pipe(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0xff, 0x0, 0x0, 0x41000, 0x63, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
unshare(0x2c020400)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmmsg$sock(r0, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)

8.078952188s ago: executing program 5 (id=1243):
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x40, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_x25_SIOCADDRT(r1, 0x890b, &(0x7f00000002c0)={@null, 0x3, 'macvtap0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@flushpolicy={0x10, 0x1d, 0x1, 0x0, 0x10000000}, 0x10}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
gettid()
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
r6 = socket(0xa, 0x4, 0x9)
setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x1}, 0x5c)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x1d, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000700000000000000fcffffff18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r2, @ANYRES8, @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000000000000850000008600000085b9f8ff00000000180000000f0000000000000008000000852000000500000018250000", @ANYRES32=r5, @ANYBLOB="0000000009000000bf91000000000000b70200000000000085000000c6000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x9, 0x5c, &(0x7f00000000c0)=""/92, 0x41000, 0x61, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x1, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x1, 0x6, 0x7, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[0x1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000040)='bcache_write\x00', r7, 0x0, 0x4f}, 0x18)

7.898690611s ago: executing program 6 (id=1244):
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r4}, 0x10)
r5 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000000)={0x2, @pix={0x0, 0x0, 0x59455247}})
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000100)={0x10001, 0x2, 0x2})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1c, 0x8, 0x40, 0x42, 0x1}, 0x50)
add_key(0x0, 0x0, &(0x7f00000001c0)="0000000000000004ff6943b80000000800003fecf20000000086070000", 0x1d, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000000)='.dead\x00', &(0x7f0000000080))
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2003041, 0x0)

6.754186949s ago: executing program 6 (id=1247):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair(0x23, 0x5, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x28001}, 0x8000002)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r7, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000400)=ANY=[@ANYRES16, @ANYBLOB="010000000000000000000800000018000180120002007379"], 0x3c}}, 0x0)
bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @multicast2}, 0x10)
setsockopt$inet_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000300)={@in={{0x2, 0x4e22, @multicast2}}, 0x0, 0x0, 0xb, 0x0, "f6a7346a1ca3caf66200f0e70b995efa20d5ddc09c0bc0c88e00bdea5e6998967d569964c8b68dae57dea91c0e3ef03a96483bcaaa5ab222d1993083e8e3619fbbff30da0288a8b78a3f921c40fdc06a"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000400)={@in={{0x2, 0x4e20, @multicast2}}, 0x0, 0x0, 0x0, 0x0, "698e86252c563a2eb894ac1de863c527984bfa5ff139aeeef086eed112e6f0ffba88c7d0888990f99dc2416c1cbccf99d18464a65c3587c97aee9217b992893cebfc606ada5e14e782e63da22a6fe97d"}, 0xd8)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x10)
setsockopt$IP_VS_SO_SET_DELDEST(r6, 0x0, 0x488, &(0x7f0000000100)={{0x6, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e20, 0x0, 'none\x00', 0x21, 0x7fffffff, 0x45}, {@empty, 0x4e22, 0x2, 0x2, 0x1, 0x7}}, 0x44)
close_range(r0, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r8 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r8, 0x1, &(0x7f0000000200)=0x7)

6.753814449s ago: executing program 3 (id=1248):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r2, 0x4068aea3, &(0x7f0000000140)={0xa3, 0x0, 0x0})
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000000340)={{0x7, 0x0, 0x80, {0x8080000, 0xffff1000}}, "a9cbc4b723986beb2541731c8831607b6ee747534f2610e68420ac50bde6dad58d04aad3777f18b4f168b3950653ce1d7740b6225b60f102dea41282032f21c3f19760a59ad876506e4e939e80e92248edfd8137e41621c1a490cf3cbb0502fa6deb4cb0efa6bc813cca06ed4828bafa15d1afd8ac82b71d1a7b410eeac6a6f31e4995b05d3f93bf80a053ae74958ed42c6c4b4d0bcaa08d3e6025a166ac6f19973f974613e0d7ca52d6a648ed23fcce9f475faa3e49d697324fa1b2cdfef7deb66a190e9185a90f5c54c88895af1a61f8c0722f0c0bf9835d8910449682cc5551ec995aec222238bb28f41ba7f99f93b785dd2d48cf389f27da125b9c3ec7f716d6b6b696a93e625f0e17b4ff3bac5eec8e2dd837254c16d8c9b2a773ac70b8dc7216980fcf1db0cd885a6f3379dfcca516b0b5771d3dfb2212fd569b8f6003dcf8478390e14a5bf73eb1a61a12ce20ea3f5fbd6d9a56a4adf6043190cc7d559e7773668d0498f6c7438917d204ed2ec53da03cc744619be3785cd8cddb678f8e90965f22242bb62fa3590dde45cacad3852a54154a90d7495cc4cfbd7baacc19604efd864cc76a7e867cd7403301f45a3ad20ed8edf412e4aae5f279eada88ee43a436dd3b1f37098b7d81759aff2d81e5593535d44035fdcbae0f45a7163c06b8ed7da27a03e266947d7f11d9e1600f1a88b99643a0b99abad360b8137415f7800f8a5a16ba306778733d5493cc73d0aacebe1cc4618847bd620034cb617c55e47ff8d8000f52c25a6b3e9272c297e6b30bed370dda4c2b56278893a4faefb28a87c40229d3f80814e128eedb7050465e1e00547a1b77ebaef78355d9867ce521138d63f147ec3de6cac38d9eeb1d167494466e00d97a32701117bbe0f95304970e632b9cf8ded044b3f1c01326095b422678d798a9c5f8ab05f4e6549639186723aa3d38927ed4ca94a9e6de3c4f5ce99d090389473455cb366c7dfcb43ebe60271a3693e80ae4948291753007f5032f518ffc832f3e819f3bdac1085a80cdd494cdcac4a874a14818b9dae534559c2c5a542a12949a22fddb9060e8a400f96512aa8eaaa6659932dc8852f5709a808604c2fda229c79933646e36255948baec6e0c2d4fbe056628157ba456603e5cb45761b5aa97c0daceb3e6d7a192d109847057cb4322c9c5e62403c921e9cebeca77d12c3ed05f5e131e3c00d9070618872ea8a1f05e4598c98739d3a9245e537ed992aa4eb8a571e4c7c0dc797f91e3258835f9db1b6501edaaf38c9fd4d718c743d30b6f1e480ce9408aa6b894055768738e3df843301d99b476ba8d30f6483022ad7fd50493e600700ef1b70c72f607feb0df9898b61a38f4f59d23779b7af4a5b5a0e7379877d8c875d1e47a9ddbac19208cd22e05f729a9175b9bf1c96618d63585204eb5ea29e0a0f17c12219fd51bc462dcff6d3ff73b64d2a5f7ebe6ebdefd841698e909cf1018a88afefc1802fc97c22a240f20ce6938ae6b2224f7ca311622695577f3e4cb8f7e87bcf5bcdcc5311815bab1499465f687903b4da5693c83cbe13ba3d94f413bbdf9886241fc1f0b9ea00e7b2d1c2fe29d8921c56919bbfa091d4542c590a18848256b7eca92114c5542356bb15e1cd59b28a5d5b86bb92c30e88ea6edc6efd3c685a7e9b840b61f445bb57d670d3dbba61da442fcdabd4c14b9dd6543aafca5bea6ca16c00bbdc0999cec79272dfd1de86bea7d830ec2deaa339c2fc57d6490ee7cf3bb4e6cb4b8dcaa4279bef0af601f96dc25a3cf926eb6c5eb9529a266e1a9d96fbb5e0ffeb472d40e3853f42d69e725d2dd570b531779a09a5f945a2dce4ddd898be60b9d38f3c305f942f8f8a3ee992de01a0d6b3db1a4174b770681d2470edd2319a9b9d04d3cadd67583a313c071f809c89134b2b714cb2d7247d4d6b5d794302e9408e946bf1cadc767a8ae918a6608f7d2dbb2d825e949c823ac6bda0c46dea864c83222f3c7f7ec020f3a6445f3762dfaae5a28c3857053b2548d11c9b9f4af5366b43012e35d14ba139085493e95ad24bcc92b835f3c72ff762fcbe3d04ee2051e959a9e680f51425d5eeeedd99767fccda20b44bbbac6989e1d6f70f030c2530b83923fbf27fbf24f62ff7a5619b39b338e165dcf66faf6092edd19216fdacfb8eb80bd7d8a7767f538c3021e20f498c8e456bc32af1157b5988950caf1c478047f132c01f53c12929f030e9d78c284e64a521350d72748ef214c05f4c8d2e47384c3cd29c99a2df1abb2e8ff5a363a488feb119e8ad5e3c39a4f24449d00b3772090b499e2c65b50a3e6ce7f1e2f2bac0ae5e58147d1d6887617ca38d12b1cc9a5e3ee47539f40179136698acd9b9e20a4f85335dcb19d4ba4a05bcd84b27a9f1897ab8f67abf78ba3ce4d87b37c129562d33bb0836c8fe830c068e7c8b6728ed585258c7d82b5c407d0532bf5ba60cfb0a6e6f3aa44bdf3bb7ac389023c3db4395c3875a3496d85640d423775d8ac0c4c3ab1831bdd785a5ca0ba2073bdf6970e4b63718944603ab32b83d7c73af090c3a941561a76f08e2235e1ea8a0b721cd6a73466664c411c33fd1a3e46e580c77034cb09ac38b6d1824f642d3354e827b6ddc0ca15c3bd7192882eaece388d428282c859fed7d280e5d81cd0252c149154e2038a3f2535781dc81d7221278c21ee819fb913fc8d97e96f3dbbf0b2cd63a0ceeadec43fca7a760f45aa53de97597b4afb3abf5921125e9f148da377556e6de1a62aab6055b10c1698649515e62c572d62d901ae7fcd417b627db64785fbdc21f0e978eb143d7abb2771de9a912466fb6e6f55a12f209e131732d45a8293f1a36ddddfad54f857016e3ab7fceb97ddfde1a8c8569dfa972ec636e7c93e603d5e1d0e98d6f109dfa6df50ce987abfc291aba0e488ba8f0596fbd1bacd58862b611250a85cd34e7d100f785286d815281b62ef2dfeea5e8ba4ee4a019af0ff59b0f4f3049f8718d0fca57de1cf88763d13ad26c50cccec4faba99d899ef079c3400052d065cc0a44e8f73dc5bef5f8681015b29c96dacd026d920f369a2b0c341b8295f5268e2d9bf80df2d9ea1017b5b41ec2060c2fecc67c040e7c37521b6d6174c4d4ed4accc5479f6fc4ddc0e45a7f8030ff8e23f000315a3565498d07bd0cc6459f5cff23b40ffb80ace2f48fe0c1a337bb4f748bb8c057089de5cd727b278b45d84a8f7df9f898b3cef2ec319b032f888c4953bfe141c8e4b67ab3f95fa133790ea17b27be21c9478da70641265045e81e28229a4dc15f59c2f18b1b9c082d1154bc9565508fc9419912b48f3b1271609006399a844f6ccedb6323ada63d3e0b340fd07cf9e3b98b1d193bd76796c2a185366b25468017d28371d8792eb42304961bc9c1f4ef4025d2814837dacc9f1d777bfeddb30eca1cacd9f5b6619c4000252ecdabf7107dff264046c111c6f5767e3486c37ec175f52bd3460a7ad49e35bb729ba76e2fa5e117c49b750000005e0abf56340740b81ea37c5df26b7c885cc5da412cf4e9932e2561aa7945945dcba0677786c9ea9b9aee47d73454df82048f021b30a817606c96415c22e1e908316f84aae52e050e31176408d35ef33091618df7d38d22bd2b626dc138f423c32362878c8f6538dcf0b96c4298668d4bb35773c952bbebd4778c964b0eae8eac9bef3469ea5da890377c500ea027180f5308585cd7941c7e3305c32d610de49b5c1acce6c285d88a99dcebb2b5972a276d416abf25b44c1712a43d3e30005a1535553e779c0f72ff519d2407214c02e7020ca479e93c3fb2b867ad73e69ba10e92f329cd54c4c80d227d0710cf384fd9a39d4c4053afce6d1e93b47137843d149e888bd868b1b2179c1fdd8291d15724db10a756300209ae4a2ed91788fe9f980af1bb00d05a8fe1a020fe4bba91fb487c8ea674a6739067a0a86b7f2a4fc141f6c864f065fc6e5effdb5a1f1d063c6888626e13ced52f3669677dad96da1cfff7d700e9f6f74131b8ac0f4fb6c8d5fd675b1ed6001bba7dd0e95567a6d06fe28e756609821312f4725c5909c6353ad385e57fb162e2f65b5e2a0100aaa356a19b9c5c183d195d0134adb8bc8d03415daafd95f3a5e44f201741e22dd905dc12469664040ce714a5d9042f58db392d6c6af1eaa4c82cd9b4996252b44334be627708463ffe52a80d8d1c8a5b1a23f9c68144c4a6c6387e542b3cb9de7765faf05fda086986d3c6a1f0906b2ea0eba741abb9514ccd57f2d8ea1d67145c5d71749b560f85093ecc265a24239078253fa0bd39bf67f8e1d78f07e167c05d808771c7b0146af368e8859273ef76f9feedf7fc69640b5e95a25076c477338e31cc9a7348b8a31a0f8d4dd9e6c46f18126279c5d1192ddee08a7057195689954b26a19dcfd2a59febb6556c18c18abc85527372919196b29a737f8bb3b97bebaf3e6c43099064e067f12772c2333be19dd4e803289430a660d68963a26ff1b1c8c664c0318a2558dec140d984837a936651906ab960b6bff8bc8b32704f3e0769e6c85c9f5bd50270bc1030ea71f2db5c43116bd0641ed31ab6db12514aec68febe59e04d2b872c9fc2173017ee6e75a18d6832c9992d1ed2ead9452dce9b2efa01dc97ea31ee5c3f5743760f2589615f45738140d0f8c148f1858d0897094a34727493e607132bc1eefa0d0ff236f9ac5a2a0f0bf06719c1d5061846e427fa36138c808741ccbd10ad3f6f54470804e656a8ab1a9ee9a523bed87cb2fd4d6db8aa6d6b80d1e9886dc12b915665101b9094a22f44437918005356fed797ebd97ec6493bd681f69321f9735ae6d3d6822818c7cfb21c5f3a0f9d5b8ef070c916fe9ccbbf04128a27e7928e3572f125b986c52ec0de078b40135b922a2feb294b0349df06d1c3e2c9d2ed2ee88b7a1673423c6baedb51beb8f8cb1b3b986d1b9632fedfaec8e9a237311beb89cb0dd7efaa5b68537641d06b7cbfda581344c87452b4d3fe96cea6143378c4dd7586a9d55c666cce828ef91a35f3f0a5c9c369bd20c1bc7cc77fcf316a567fa21863b12c43faf3b9588dce4caa151937c6ee699cf49dba041775773ae062c69783758513a178bf46d2d40e24afe8975dd768a466755af2ffbb9fa728724a18fc9f427672ad5867a72ae8caca60fcc90cf817c291a2025b5243ae36e200b5e5c9ee4e90eac775c3b29fe1df8c35716f37d11961084fc28b0f8855376ec85d7741535f88db7977629dd832f06bb258e9a88cfc8671df2763fd9383a777f768c7aaecb9a7af9e76bb719767767c3d5178e2a10765c6b2ae80753f403125a9203ede6ed44eb96a1a010842f88f020dbb7f8df8bcbea0b60f1b99dd9b9aae2dbc995edc8ed82ec5e21e8d5e4d8d9fd0bfab342db38d12bb24c20c2a579069d74624db16bb9ec501312d8de0e653e9e74668d0ed05ccb0eb99db410c0000000fc246302635630b295ccf849e45944a25baa7f4651fa37f147e0fa977c0304e7cf25fa78260ca03abe8dc32cfb461f019f7d82194a98daae521ec4eaf3e138bb95b09d8ff2f106febcc126743abc8f8b707cd2cae1548c6fe54f64bf46c9ff03975e0c37eda3d485ff76ea5ae71fa5a2ca0d9293ea0cd4186e6e2e26fc2ba5e2cdde9400d9c1717058157a8410c9cd7ca4e679f41d8932576e7b292f28dfb9775b0ac5eb5788a8ddf797e32919e7a41c305af2e4e37eb4d5600", "1acd2077949cf1f27e1e764566e4cffaa168dcad09bfe7c84a06d9db78a4e8f0504116608cffa736ae4427d04f27d39e5de80f8935f281bc483252d1c4e0dff576831d8505d3cf34ddc4f4760b53ec5182b54b352dea1b5975eea9b6bffd5b66524559c7c3e9981d7a0ff5ffe6814c923871db66426d98286aec1debc56864a4b29ee5cb46989af08546d6d1a5d9da45db7d8abea1d392d0c668cc040da5d129ddbbe6a95a7d9e51a13328ea3fbd9ac81f03914ed9d1d2b72c234093a351f7294556996ca5459d796cb4127a9aed8e0cca398d1b5af6eae257d02db91a61d49a5677ee9c8caf1855edd2c25b9b3a9a5174d2193108e5e87d781780d9506a890687c80c429f3a46028ed71364c4b8d3b2380b38d2cf7e447dee058f556dcae2627e49dfd316d169d382f2b6775233157f57c7be54b105e2493e140ad97ecf9c12df8f0db9a973d0ef9197ebbdebc5e822ee06852a408560c7f19c65ab8527edc9ec1d6378f2c748f7e84d1d6e98de8abab3e0e42a866e1ec5d00822b124a98d77e9c8dbb3ac6648afe409b21e1cf2f5458a0588cd11af6887f552f6c16a801abf2594eb9a80e704b8053573f661dd29706e71060b630272037144b33d684f66128950510d4138785418f726eb7c7f84c7dda646b3647d673122f95ef89c863c3d4adec4477664cfe911683f19862cc918451f70a6a359dbc66b3599c0af91858ebe13c253a6e9a96758955fdfd1be103777812339e3786484a25b18994ba69b4275f26a64afb9be5219061d94d7c472236f1a20a9217d70abab15182c5f04c6080d535e34045d6497c1c8a2ea53fc022eb159d0d1be59a21f277ce441f3c5cb03ef0e7e1ac63177dfe567e2cb9055228f32c9ca6d38d99093fdc129951380cedafcca40712a2da5cc0af8d872d8f848ea5ff95210a52d2390e236da76fffce86cc8a78a8ea0e1e4464ceac9021556d29d7470ca19849b417aa6aee032f3bd437cb5c839c9f5fb20ec1367449abfb5e19f8365b7947bda60e34136e2eb53e0243766c2718d4bfe6eec77f8ca04d177cc17bad59d651a08349651de6d4dbf5856a6d42cc8cb2441ab7dfa9420d87d4a5aa5914f619b2478a0d68a98280231c8e7558d11eec87e80f2d039b5d6b287d9b3667b020dc45b999b162247bf38f5ac5fc99b5eb6ac5939d35d7d6e71b366f9553ada2784671aecdbdcaf42a2f254dc0289f7be9c6f0c045b30f63ae1a8fac778030f27e04e980bae66e474bc4f9572b8a0d8119ce13ea2ad1285b3397bc929ff26a2ba1ef2760c77e3e114d15742740b27796cb2fc84761db427cdf3c63be71fd6734ed2cb1300a8d5e2b1964f2a0320bfbad8e9bce0cd9329c8c41d79107d77f65c99f3c03813c1f0f5351869434c2ccb685f1863fac38a44ecf354ffde4926ae3cee90833db386633e6dba3585ec36f1aca6701d4d1fc13ac1c5d4cf2ae8c8c418da372bce96451dc2add28828e45ce3f6e35da3d49dcdb8ceb084a581b68fc5fcd4c45246e6b215ca98ae7239c317fe45404984292a83ac7e62614665bec4a5e80b055a0635003e93172e2045ec88144d9d7a2b50c45333720e2273b165147a0b1af77fe87089fe8c0fd32c4e950aedf6798c9007575dc86c02089414089527baf9bbbe5eaf4d58289de0987f8f310d7900ef2350daa438ac83ff255344a2bc814a3e7055269544310b0fe78b07eb0ee5f16899fc8bdf8e3cc47d27a44c93528885452195706091eaf15930f9df5874c19d0a1deedde0cbe9cda7f0618c378bc4ba6fbe911d546c7bc76954fcc6b5ef56c77d306421f9d24e0770cf8b578aaa6276bff4b98e9968e9a1f8c78c6d647d8c52a42d27ee8359840747913e0983e049ad77d87e35800eeeb19cd786a5edf6886e610f51b4d2290d959c7fe906dad2d3e2a5648c5ec0d48becaf209fbb6599d1b0d6299cb2b2fad3b3efac6ba0911a63ae399fa3f19adecc9b10533c99bba28bf9e37600db41c2b463c25b0602fb86ef043ee72aa26e7f102c3afe4073d1318671a514f8320dcbc699514792d5c90c34fe6809102cb6537a4e76530256cd997a1dba4a75b1578c7f12b409af040afa35c54001a4abf1c402f91413995ced6b64256684c34283e644246d235af905fa2edf8f802a65c1c1e0ba24ea656cb3b1f876b6f335aed27c3a6e8da53b1b9c283d299390310df6dc84e5569ad3ac1744824b329fc24cb8612c061b09440464c1168012dc40e8df788f9c708bde6bd4eb3f6111729b08796d0243b07a21ac542ae418f19ec3d7171197c8ca216b20f786784400f2834d98819a5fbbd909677f7d7309dca5c0e2cf74a8a53c1791c78488fec0520d3c71a9698e5040920acc5eb7764f4c295cb2f00b5a62d5fc1e1d0040c639886712ad4fece171739fbc0519b93c8bccac49f871a0e2f5ba97331be916aaae29b8cd646028629cc227b916d1d8b4729da3baffb0e39b533e039eb9f10073c156485902745ec60b8d281b2f84a8651fe4c533119bab8424bcecb28c067ffb1e03e05bcf9d6d44dfe0782e072934fc36e70b1acbf30387495618ac2729811aa6c2901b109b33a0010cfbe666fe9fcac86cc81023dda253863714e89c78265e219d00ba20b3c846368dd21816f699a6af20a290f075f4346b98ad40d69caaf2614856c0bdaa661907975679f5cb5afd3738ba811db58123922647476de50ccf17360393433b547bf0377b2115a7cd357699d043bd80981a2a28c638f7c2e725d85f9edd2fdcfea1f7e2bf02f9f0d4236c9d14c6d382dad99192125b219eea6a13b5685efcf34454d2a12537c5354dc5e34ecda968422cc472f0fec174b95cd298e89e7efbc164465dae45059a40e104b1a980ebc781848b0109ce9cec600b190a34dcf741dd6145d56c4ec27c983a7d6328130c122217bbbb33e2cffba1a352b6805dbd715772153b53051db7215f475ba8673b0dd59e2db414a658d3d262c5304d300b930921c7c0a9910eed96a705eea2c8657be193836a20f23fcbc8ef105ca25551626caf63c511d3c9dcffd9d485f27a63b6992e4b6fa26b02903a4da52fd7fa06397fe2883f9b6a4cac2ffb8ce1f476ec72bccaf0ec7b16e6f601e72f46e835d9bc2a82dccaa449728d22a7ff17772276f54073c66b184de0fa7f681823dcb7603a20aa94b76a9b7adb9f11f447b8764b2d719bea91ea32edbb4d340d18f18b3f53d1d07d0405facb202c30ac1ec145516e071cc71c59cc6205db061a8c19bb2d3ab463f6fea1c6d3b5a69d96e5b67ed569e1c04cff6c9f69ab9343e9a71bf6776d3b84b47de2ecf9a0d45515ef5a3b5c6d55f2c6543ef2bf0eb795219da3026ab06c9ba9bbdc30d5dc7c3782a9f58141a63f8d4683ad5c1d156c92c508cefd9702e9267263e34ff96800c425f768bd204466f4f9badabdfaf35e1a8096150e8afeea3a30586b89d1002f041612f8e81de4dcd268bf538307c4d28d1d2ae1af979f3b02017ebe942cdc8fa7964fe978254eb15fed7478e4200e381409486d37e0205c597b5ec19243ab547da051dee03f18e079af60dcb2095fe86f292a4b4bba8682ed8b220c0b48958882aaa7e93448bfecebfba6ca3ef28e0752080cbc9f752d6da814a9dc5bc552d9fe73b8a1df8eb0158df58810fce8719f11b04c4e157ac8ae3692f825a4569ff859273775c45eb999fff7a47ca461b2fda6edfe8ed8371ed29c4f7499448cfff0bc47ca1d8fc9eb35f79db389781c36e89541b686edc21f088463b2d26fd9b650eaf5ed1cda0f00040000000000009b0c527ba655252f77b77c2f4cc0f7741c52a57629fe511c5f9c17ee44fec35da363f5356343037b2705a393115062719e6bd87bbff2472a7833be6d2270fe5ff4cc9f0439a53adb91fe1520ff4841c120e80c99fcc2d0ee794fa8c91dc9c4227ef9f9ac784ce41abefa69b84acb285e385b74501ea137be765172d90738f201497cb7c992dcc2f17341c9b6a0ef3dcb14350669802e3295b5a133142df7bc5645bbf222d2da033ee4cc4f225f248ad88782945869c29943eb6498c87c2b125fb2d4067118c2b417308a1703fd9f48c48ee2a9c5af44df473e3b99b8a941fc4967060b4960864bc97e4f2bf53e7a5c2ec3d47e7bf8345b56a4df5f84d0523c1b6cf9399110e393474b3ece22c4923f531ff12242d5e2b293846a7ed06e3e7f062cb173431a2b680188fb46d2cb74d4a0d9dae59e2be485aabbb54c26406e6e77de3031e049bd8a49139fa62151716a665fb9f1966cf6c57f4185f7cffbbc43341f3b69a3ae0a4dcfd9b37f0035a69ac552830f0ca56069c8f69162280bced2ec30c6789f32cd38d7f97953f0989b65cf90f01206b20b0111a3d22f3d2f85104b03283f4fd7b80e53f20f1c91d5bf3b67aac25c4300b3191c1f5d7bb0fe112deac0f6acbea3b57c20c5d8f0bad48873a7e7347ead5a4d0b73041c86bdcd3b91d6cbe0ebb5824fb90cb4e74f439505074f236679c4ea4015fbdf0c44b4063b62cdced485cbca0eae2404da7158a974b7dc14c5207107d5424de14a35739f68f3f151c6de20d0ad19d06521baf26ab2cb7ff7e8f83d60a9f554367f99fa5c44910b886e1c9c2418a7a4b33f19fff9af4724c7c8251ffc24cc4464b8804b6704bc0572b23498ec92263d37bdb54490f3316087c5b192a20027ad6cf1a2c3fef8043e2847b8734fa8dc91ce992474796e3f71580841379279f8b10ab8e6766196fb5a9b2ff44cabece6930fb9f32e867047313410c13b11a8a788a29ad93a5b9ae1b960a46fd48fe5cdd7168815c67b267065453547cb60db74f37238b2f7f3c78abc249ffe118a1d3e7eb5cdd326ad0a07a50bd24a6be4b5e56fade7fb7c3b515b4d0b16884c9eee7ef9c82f2ea4d89113e950622cee8e63519a899da3ee83bcd369b01b373934bbed73d8f94e3312e72d82d3fb8b8e65b0f5580cffda633467fc3285023159c3ac7273a46275d874b87254df07ea15d0806f4b8312c4e95235cab31e015a3603906c188233db45dea658dcf694f5097a9e26aba8b58e248210fa5e12fa08cbbe0a01afa9b2c36d38d298dd180ee6e358d45397471bc064e2e8e51da189e98bf41cc30b50b0d937e8cbfc5b138dc66143716b27190689efebcaa5676c9eb370465f77803b219b0ee1f65f343d70b01435f9adc46979b121944e13a02cbdd47a9898b26d6cc5294a9358971bad37a6b01d8b2ee251e50b02acbd560bcd4a212124f308d87eca79d13c77b90510675989ffb70a9d5643df2db6067bd4e0fd21d0a40b84177279587777f763bb9e2fc99186402ff1905eb61b6ea3bef862beb10ede1fbca93f5b426f683bb72099ffc61c99d8a7527fe9167b13d786402864d2b4237fa47426f46b6d5e0911de793f73610b46de4e62b8a67aaed298a9a2d5b5c5b7936f8bcc62a8f9d64d8ff1470a386974b35f382f42ad1fb2c9de214b35aa0afcff7806d7601ab9142a0dade5c7a9e6b0c16027c4d0fc413ba5d16f0d4826b3f469afa6e5ce4a19e21d2a2c2c1e3055706d0ce371dee59a06e534887cf5e300bd118b7c5e8eee2a8fd4bf6ca96df566f49049bd25533c8ae08eb2334ba183529c041f3d9b45139173f3ee8b1b8f8633c9cb7caa735805d56b1e3119a97f3ce86ecd8f21256c0a5a54266cc00927c881ac18fef64f25704b3f01b4885a9c4053aec5bfe5be638563267548cacbad2a95c3c48e6a913bd87ec0c489c236214b650a17d27081ae8def0d27c0d6a25553601875192d11c9e3ef2a3273c1f9b079"})

6.715036052s ago: executing program 1 (id=1249):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x820000, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000440)=""/254, 0xfe}], 0x2)
sendmmsg$inet6(r1, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfffffffc}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="aa", 0x1}], 0x1}}], 0x2, 0x2000c8c0)
syz_emit_ethernet(0x46, &(0x7f0000000040)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "82dc05", 0x10, 0x11, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @empty}, {[], {0x4e22, 0x5e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x2, 0x4, 0x100}}}}}}}}, 0x0)
sendmmsg$inet6(r1, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000140)="93503ddb3c8568f7252b980756003df3fcaae0af56041e0625fd9f19c9f6748188c92727ce44457fa133c41a2d87dfebd07504b4385fc804a26c20196fe3bb252e44ea42", 0x44}], 0x1}}], 0x1, 0x40)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

5.8538048s ago: executing program 3 (id=1251):
pselect6(0x0, 0x0, &(0x7f0000000000)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x42}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0x14)

5.021433317s ago: executing program 6 (id=1252):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
ioctl$FIONREAD(r0, 0x541b, 0x0)

4.756183417s ago: executing program 1 (id=1253):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = syz_io_uring_setup(0x88c, &(0x7f0000000300)={0x0, 0xaee2, 0x1000, 0x6, 0x2de}, &(0x7f00000000c0)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = io_uring_setup(0x27e0, &(0x7f0000000000)={0x0, 0x0, 0x1000, 0x0, 0x1a4})
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000200)={<r6=>r0, 0x2e, 0x3, 0x101})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r4, &(0x7f0000000400)={0xa0000018})
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="5000000010000304000300"/20, @ANYRES32=0x0, @ANYBLOB="00000000100001002800128009000100766c616e000000001800028006000100010000000c0002000f0000003500000008000500", @ANYRES32=r8, @ANYBLOB="bd8a788b301d918d28d4a45f15698fc8b8b7bd33cd66e1dc43a62861add1c2e98277d048dd3645b7d48add4f97881b8e4df2a2eae11f23ddcf4b02ad8e8f256fff66aa20d935a203dd6851abede5ac40d2040000001bef2d19939b48db75ec2453d84f4bb34fa66e4a1eb66fe3e9be09ded0b56dfe517f0d0466efa0719f2d33046a1e27deee4bbff9bb520d00000028a2b426d872fb48cea79cbf674d61406dcbcbc70df088cc5c127b7918a8e1a1ccadc7c2c9d19edef63d4bce2a04e07e3b8a286b3afa50869295a43f7d54"], 0x50}, 0x1, 0x0, 0x0, 0x1}, 0xc810)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
r10 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f00000006c0)={0x0, 0x947, 0xeac, 0x1a}, &(0x7f0000000740)=0x10)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000580))
sendto$inet6(r10, &(0x7f00000002c0)='E', 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0x1b, 0x20000009, r9)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0xc480}, 0x0, {0x0, r9}})
syz_open_dev$tty20(0xc, 0x4, 0x1)
io_uring_enter(r1, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
r11 = socket(0x840000000002, 0x3, 0xff)
sendmmsg$inet(r11, &(0x7f0000000a80)=[{{&(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)="a905000000007464000100000001000000e5c06417e436a106993e1e5ad8311dabcd25ca", 0x24}], 0x1}}, {{&(0x7f0000000280)={0x2, 0x3, @local}, 0x10, 0x0}}], 0x2, 0x24000004)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180), 0x0)

4.689593898s ago: executing program 4 (id=1254):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000048c0), 0x0, 0x20000001)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x400)
pipe(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0xff, 0x0, 0x0, 0x41000, 0x63, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
unshare(0x2c020400)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmmsg$sock(r0, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)

4.626415063s ago: executing program 6 (id=1255):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES64, @ANYRES8=0x0, @ANYRES64, @ANYRESOCT, @ANYRESDEC, @ANYRES64, @ANYRES32, @ANYRES64], 0x50)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0xf, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
socket$tipc(0x1e, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00'})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vxcan0\x00'})
sendmsg$nl_route(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0xd, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, {0xd, 0x6}, {0xffff}, {0x1, 0xfff1}}}, 0x24}}, 0x8000)
ioctl$USBDEVFS_CLAIMINTERFACE(r0, 0x8004550f, 0x0)

3.940813942s ago: executing program 3 (id=1256):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[], 0x50}}, 0x20004400)
syz_clone3(&(0x7f0000001740)={0x1000000, &(0x7f0000001500), &(0x7f0000001540), &(0x7f0000001580)=<r2=>0x0, {0x24}, &(0x7f00000015c0)=""/164, 0xa4, &(0x7f0000001680)=""/128, &(0x7f0000001700)}, 0x58)
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0bc5310, &(0x7f0000000380))
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001800)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000017c0)={&(0x7f0000002600)=ANY=[@ANYBLOB="641200001306050028bd7000ffdbdf250700000608000b00e0000002c6f57e61664894bd800442708cff5b9c4f80890f79f3d2de21db0be36ae5e55d62d511c9cd36281bfa68cbb30c523b5cccde50d231f98bdafb7c4fcdca8690647692d307a1679203e2d15f7e82636f91303cb0774cc066ab38499665dbc7b9c52bfcb3ab0aab6625d752822197e55a12e091583c8cd716ca756124555d4bb2c9710104c0a0bd7d4c63ff9832a34940b412ff2c19d3bdb0d71d0b5a7b9ed14e395bbe0bd6fe54a5515b24934a67cbc5fa539bc370614630eb332405e05cf5f21f10ba104e80040004803e9229eb691e57c3cc4cab3a464e53ca04c9b7d81f4621871db3707a80894a2b6ab68de36c2357ff39c805a4ec99974cc25ddf9c7c63a799c7ef634130398dc85b270335e8883ac99bc20fd5e2768676835fe90cc71bc17a5bd149cbeed0ab271e0c562b4282bfa17eaa730373ee1a6e1f884156bc5bd5b9ab7d1e1ca10d9ed93ea08b3acda9523219258854b9a9b75225f07da5f447c598f33fddeb2222f205a802fca5be54fccb15931bdde89aca4dbbcf18eca26791237b01b0ee2d4114ec62fab9a37fc3f752702f9fe104b241bfe9e7639048150b8101929da23cca0477e06c9be12b503fcd1828801686038b4ee04ff9df14a43c729a9ab66c97f1de3a9c832a802592b9a34c6e3e8d00c6cff7ea40100ad2cf66c8a572c555ec17401775f45821afd97bf14d1434e10a581faeded3680451dcfd5e3879e4c2e1dff6ac29c46b8d62354d26d0f3bd810b57cef94e9a4d85d9283280ffaea4649c894c99ccc8f49a0dd045d7d67fac3226f13ca3b06502bb55bcd269224b75849a93b6c12540d05be0d625fe7b71729d7e07563397bfa4ceaa5aa9aecf68a51263339d8a3046cc88895e2dabf65615eeb4f0581b20a26bc858caa63728e2726caf1a945528b74c68b96dee2287f29484f5cea9a7f045cc1922022767e3a16c4f585072a86b2131faf524dcc5472c8e504d46766a9cb7be1d03c3359adff8b9d95213daa21856b01d3572efee3b0b9cbb2d37af5c86ff82c3b2c8dcfa585f6e6aa7d48380cf084b6b8670a0b4020030d02bea6be669d018eb6b16a541eba1b0f7516b9e509a12f76de5aed2ef7e486b2aded384146bbed5a33adac567dd61f5bc71df530d8b7886b7a331ebffcdaae8ebb2ef54506283a013e02f57638a47f92cbb701ca75a3e496fdeacbb0c3128ef621d32df781e05dc4cbf876fedeedfb2a3d60bcfb15a9af58c57e4234471de3d8889e9a920e9195293a44bd8897d402204bf5f17772776cead4a176c25e29ce5e55aca89b3dd690e08c48e269aa0a60e359194a7e8477c7f99c37535408c6cf526f910a29798e9c72541bbbdcf052418b172404b1e6c985c7d71ff8e4b2dfbd6a2741d60967131425385c7956bf0ebfac9fc4124125740a30286aa1a4c2af740721de9936d673299948092f2a1469fa36c9b2f614c5204b1443caae3bd696cb836fbdcb97f9f93f20c1122206c8934b4031bbd0d2197953ffb36f47d12d61ceff58241d73d4d9c83588609fa90719200d502f207c945bba54fed5c20a578be290484db1ffb7ac3439b4bdb0bf38515ead14114df083c8a933f810dae40e0ac61bdfaa5051e4ca71fceb58a6522f242da11d58275e8deb36064ea22af09297248f5fb03c8dd2a32246a1d808f7157207f78108baff4adc5eedfe98da20b12438c3de7c73fa7ec4b2af46c2404a9327e5859969ad3de647150846f66b3261a13cca1ca5c6cc1d760b5481836b72da06785bc0872894dbe9afcc074ea1d5d8470f097a6e915572359c605ad12feee964798c38f91ff8f992c8eb85d5839ced4eff1b3119afe031121b4077145c3b623450b49d67ed2d550b1287e01115c7826efe13bcb1993211a58f1c312efd571448796c906c1a646980809c827bdfc91a2622bc06ed870995da71066939d0c4728b67a6f232cb90e713129491dcb893cf140c9a4c6294ac7122ece1947748ba1d568d29c4db29097d25ec300a08932cddb01f5ca6526e5f989f2948fbc4dadf703552eb912a25e07269911d12529b1b760b93eb25788aab4d1fa84764fd67b81beb51a970c9922d99c79a20f17b195e3e7ba074203b684ed31f8169c5df8e4f3481fd22cb94284e38f85abccb53e18531385c15045bc50f25bc65e8be70e8ac46bba01843f8e3091d7bd1c3b3bee9f6ae3bc41a966272ae856be6e4a752d5d5de6866232ff2f0796608e93b396bd73be8cc6b928aa6cf00417a337f0146d024872efec235fdd70d3c51ddf9cde5f19cdb1b7a4805d7429d9df2c889cbac8049c350efe5b22ba2b744ba1e3bb4a510778ff5eb15729a2cb4d007e424b6a8a55bef1f45c86b1e8c0df060d64c2975a4aa890caeb13738b002d1a2ae5ccfa31fac4cdb103e8d12e6ba09ed9e0f1b061c56b2007da0ad80e1d214bc1e5ecdc19afc7a232fb529160c43548107c91248fb627e27bb0bf9c2be5caf86a2e2c743aa4ab26c1cbdcc5799f63a0925c00be0c020d669115ce2f821fae15b3efc84d44af707493fed1dbf4b0feb749a6481889199d07f8f7e94c7e351ddd01b1895f3f97d1e93c15d74339058e5aa743deb128537871b3282d8f6bf1dff715d7abea4deb13251282c29b33baae9f1364abdb32ca86b86286920d7534932d8b228caedd4daf154a7a33125c03c2066ee5e5f4f497d98c26c20ff520bd3c9600a855000d072bbe0ba887d6fc771bfe28fd445dc6027baed32f279f4509db38f8d176b16ccb8f2f2794f2d51ad1983524f30c8af7c29c27f97171c142c7c947af3f738fbda9ee219b76fd36921c8e52740b02b86655a0086bd6c17bdb27d763162ac306b0308c90b518fd722dc2b828bc6bceb5a60780ac1b8c3002aa7229553521184e6c040563954a27718e8a4648268415f2fffc102ab245565a86a982f93cbff51e930ad752228f04836e58d2967f10c83bf4237e8bf07e198ec72637867143a0d7951c9c9744dfe16f134e8064a2e28cea03a1fe99e762c87eec261575fd9e4bb966f63641b9e7c6203e070b504ac65d7b4d48316c56f3e05b3c455a8175b85a1352517e5fee59c13ffdb71ecb29b43e1273cb94f1773353f3c6008ebf361912b15f0e746a9af68f041019cef81794afd5cb3a7d46d3a7f166fef4b1c5bec1add58f93f7ab2554942becb7136a2a6a89c49735a84dd3f2a0a001df1d0d95c0758d0d25479465f188a93cbb2de4c7d8c11d5058c1567bc98c89725bdde20e896500b06bd532af035e5f6e4a11023526d27a14d7250c3d9f23368eb0d5082d13612ea1c79e422505d6b61fbbf29275cde485d5bbed5303e12c2f6938513dc4ac8503dfa0494057cc44922e2ac7c9e37202add9a3832dac130f638fc26334546b30d19974169197b93ebd2febde5f1b45b7d4d303fe2e38a33345565be40d02d3269d131f316d812e371a60cba001c4536a8366cbc331871ce82c30dcae34a3d59e8cfe86f1a6743acf87ae75a0a223e1f4447ce6c6d7f12d040439a447591ba4438d227b4fc8c107ba4e6ac1fb1faba4b5a26c68201e6e354ab4e9284d13137f6b97ccc2f4b3f55ac89c171dde460ada1e3b8f89d31ac38c91ceb317f425b53d8a2ee9e088e8eb6e9ea75b0b9101d51a135cc24d93cea321c4a0273791c041a9b58f2303f9c0833bd5b5531d034a1330cbc88441cf0918e781b2def61f08bc38d494b6614ba26c01545af221610da893622c0a604d65cc88cfee055780fdebfbc16fb1de061877d4849eeed50a8ab9695d2fcda99ec9d6ee13c567b1e41a1f11644bdfab5620be3c26a29d28f1641dca0e1bc091ab21ec9bbcff4198521145652affa002620711698bfc7bb14050018000002efc1fd8093db8bbadc3ea9d416f9b5a3bb22780beb84e420b45f59120782091d554e7a6bba262f694c44270d805b708f3ebc80f782f75476b08f477c75292de6260b46ce7494e8f9da6dd145f1c8c7d4a03f46e115291a1e781100bba6513566867275c90dcd49c9b0cd150c283efa2f0baf9b823384db1573aa1bc2bcb6d4dc5cb50ccb223dbd795702a980b89bdd9edcbd534fba191be6d0bdae6e17e5624ec77b8c76bf88ac7b6cf046f960d931397e092fc692be73d381659b624bd75d546d6ea44b79a0b134ec3dd389d1b98fff66bebc4ceada53281594359e803973a06cdfe5902ea6c90daef65b510a2cdeebb09d202ee302deb2909623583481203a2232f0f1a21cd1abfdfe695bb47005917448eb79147fae7a68b2306e3f8436e5d39e06024f2fda49df052f764461633b106c169d4f3bcc3c134c607c442891ed3b71c502b615ca523193c974d65df9065540629a6b6d0fc043d4900f65361086310dbe69b1557ca452fdb2bb0fef236d1b82fe8634a2b3e5d962c7cf578255b0b10d967ee6eec36daa54db53c9662390fb97f45277bbff3f474b6357329c54c63c1e599c18c6f44d6623190246cac40057560a3350aa0e5d247d1da89aa6a55602aaf361e2ecb0e74cad79b5fda4d98d840976d808d505e31510ef16869e31c40c67504ac505f8328a0620092bc974d9c526f6b5a56455eb13cfc0e4872ced84f086f9f8abd1e3342aa064d3144b7c4e2a93ca7e49fbfbbf0ca69a0fe1976ce03b60d64a6a50c62988aa642184843231ab3599e9c4b949bcd8e5470c27361d6c45c27ae0491f2fe5c14460c6cee42292136be2eb9b65dd757646a53c70d080d8c852d0f665e727dc0efdb8a6f91ad9cba8b919a9ee95763103bc0fba4d090c78ab85eeb8bc641c003a0070482ac811947d320519663b6583ece1d1408ce75c59ac425678e750a5d9ad2881552ffa70f505730f7ec532d57c6e66decf537c215a72cd1f1800aa63cf2a497945e784d5a1059e3d36e6bdf234916860367cd271264280d4a905b64e6ce5bea197a2543d1e816fb70a53d0ecd8f0386437ee8e184c55419db64e51efb2eb6ab921bdb8566b9e105d8ca72fb574a9c602a0ba61afe9bcceef442efb20d7fcd0207bb96186d39ee7adc114bd88ebbdce48e46b0834af0190d5c8909db6f8a3343641290621de0975e16df327c1c07be49ca547ff2e54c5046d94f87d11db63ef9269ac8661f511b3dbf5761461808e3f6bf83b3000bd69bebb58c9c8ef45362322542ba0341ce4b2133de488a03f5c9a7cb470bcb55d164234bb2f309d9727b666a7ae75edb1aa0edcc1d5e710e9be3d27f69b3080a202b3dcb0c431e7386a1111eebe76d93ced715353bac4904d21e218c0d84d4586be9c1d1415ba2b9c996ccc29ac90736cbe46e34c5504f595a85915d434071a693ceafbdfc1582e42fc193abaf2b29e6f926f84fe504cbf143ff90353d8531e69168182406958170222138bf04583ff33f323a6e81934de45f8dbf6a709eb35934aff3272c71ce012e1edd764bdefd1f9c608468b3cf678dab86418cd7e168b1264f36e9d3fe65bfc60e0b7a0f0c43d58e88f82a780e42c1e820def840109669d65e7fe36464c3dfa3ae260e08c6d71abf3039880021385b82a7d2f499a490c89df6fa25c4d046e6173bd514ba8934ec8c8f92dc0210ca613edcce2d7883f4eb6047b0542a90dc31fe766d42101750c396b1c6dcb563a62eae469db6ee7baff74c2cc3a0fb7d6c4ca4da22a3398e9e1b2b8b3a5734f7b3e188e6aad4910f8fa1fbf14bfda9d0aee92be39be35dea4fc2fec3c59c102a6c49cb9dad88e27240d013cb1779598c40bd95db93efae8ae04140743c868fe5b9ca87a9259f8c2b6aa41c4c7ccac9e6791c4049a63a90b4709c6f301f99653b3e5e04b5615b5f2c62c374b63ce84dd1ca954356195d685d4822932b27005ccf55af5b263817212a0bdea17c7c3a192b1cc28fea27998f587ed058503a912e3df27fbb873d6cbe8b11c733cc8cc391dc90c28fc60ce584fbc1715ffc0cd95741ed4ea460062a93ad6e803dd269e264d42e819f380368f6dfa345069d0608b571a8e515f436f0f61022265e816753794357fa90e16bdf70f2bd7e436d60a2e8868061164ca569ae05e36f7f4fd6ed4a3ed1255cee5125bbf0eba941e9bd695c1bdf49ccfe0400c1000c001f000700000000000000e24b2b01467de1319f8261536cbf69936236898a80421b193fd4a2d1a7ea7a015a036a1fed1caee8206e1f9860118788135ce96c0522ec19c20e95d48c56e29943d98bab502e96de3f78d093e63d6f601e4a10dbebfecd660f7b4f4e55983842b1b27f4c786703fd3e219d98fe884abcabad28b7343f92f8693c49d053e4c7edade7", @ANYRES32=r2, @ANYBLOB="0400428014004400fe8000000000000000000000000000aa0000b3005300dc4bf1f23de8f9384dddc03a41721ce7298b22b4184434865c4d388893aa142047523b6ccafbd091f035edfe59a22f119e0ed665597b75951227690c27fdcff8345e28d5882a13ca026bb73db505d4cac358c72fbbfd471a31eb0bcd214384c859272800e55fae2cd657e928c33ae1c2db834ec731df134fa9c621f6337369da053a978da6b5e447834fc5f688e54ca9df21e29fe6dda2425b42d6fff45db5ad7f1f64649f82105d8eac92632dbb41000c00ed00ffffff7f000000000500ef00000000000000"], 0x1264}, 0x1, 0x0, 0x0, 0x40000}, 0x50)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000180)={0x80000014})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

3.4733404s ago: executing program 4 (id=1257):
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r4}, 0x10)
r5 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000000)={0x2, @pix={0x0, 0x0, 0x59455247}})
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000100)={0x10001, 0x2, 0x2})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1c, 0x8, 0x40, 0x42, 0x1}, 0x50)
add_key(0x0, 0x0, &(0x7f00000001c0)="0000000000000004ff6943b80000000800003fecf20000000086070000", 0x1d, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000000)='.dead\x00', &(0x7f0000000080))
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2003041, 0x0)

3.456901989s ago: executing program 6 (id=1258):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000200)={0x0, 0x40, 0xe})
r1 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x80)
ioctl$CEC_ADAP_G_CONNECTOR_INFO(r1, 0x8044610a, &(0x7f00000000c0)={0x0, @raw})
syz_open_dev$dri(&(0x7f0000000040), 0x2, 0xc1)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000180)={0x6, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}]})
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000600)={{0x7f}, 'port1\x00', 0xf3, 0x1b1c02, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xc})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
ptrace$ARCH_SHSTK_ENABLE(0x1e, 0x0, 0x0, 0x5001)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x22}, [@ldst={0x1, 0x0, 0x3, 0x1, 0x1, 0x14}]}, &(0x7f0000000100)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x21, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="0a00000007000000020000000400000000000000", @ANYRES32, @ANYBLOB="0000950b8c", @ANYRES32], 0x50)
r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x10004, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000001c0)={0x2, @raw_data="3ba64ef20e50eaf74e56343228a35f692073376e6e8bc64df6b2fdf24368fa0b5ca5da9b3b40ce034e4d726edecb8038508002d6dc31050bf092312cecc3e766a24bf3714949327f8e0379dacebe19e48c604788bd8b1bdc89e8c3c7fd5e68c8b32f43aa3b108968b10015c2ea5e42412355eaae0f5755b65af797317dfe3808f93c22105dc99e4043654b348631be6e3d7ceb3fc86c1244f4208a3eeee6adc5bffef7581d0b6f2e6a5332b9fe290bf91504ee974b1aa05e138386e55f5b1232d202642f573eb60e"})
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000340)={0x5, &(0x7f00000002c0)=[{0x1, 0x5, 0x10, 0x2}, {0x100, 0x2, 0x1, 0x9e}, {0xc74e, 0x6, 0xff, 0xa}, {0x1, 0x80, 0x0, 0x5}, {0x7, 0x5, 0xf8, 0x1}]}, 0x10)
write$tcp_congestion(0xffffffffffffffff, 0x0, 0x0)

3.377173982s ago: executing program 1 (id=1259):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x6, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xfffffffd}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000800), 0x62, 0x12141, 0x0)

2.443568035s ago: executing program 1 (id=1260):
syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r0, 0xfffffffffffffffe, 0x29)

2.4406962s ago: executing program 4 (id=1261):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r2, 0x4068aea3, &(0x7f0000000140)={0xa3, 0x0, 0x0})
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000000340)={{0x7, 0x0, 0x80, {0x8080000, 0xffff1000}}, "a9cbc4b723986beb2541731c8831607b6ee747534f2610e68420ac50bde6dad58d04aad3777f18b4f168b3950653ce1d7740b6225b60f102dea41282032f21c3f19760a59ad876506e4e939e80e92248edfd8137e41621c1a490cf3cbb0502fa6deb4cb0efa6bc813cca06ed4828bafa15d1afd8ac82b71d1a7b410eeac6a6f31e4995b05d3f93bf80a053ae74958ed42c6c4b4d0bcaa08d3e6025a166ac6f19973f974613e0d7ca52d6a648ed23fcce9f475faa3e49d697324fa1b2cdfef7deb66a190e9185a90f5c54c88895af1a61f8c0722f0c0bf9835d8910449682cc5551ec995aec222238bb28f41ba7f99f93b785dd2d48cf389f27da125b9c3ec7f716d6b6b696a93e625f0e17b4ff3bac5eec8e2dd837254c16d8c9b2a773ac70b8dc7216980fcf1db0cd885a6f3379dfcca516b0b5771d3dfb2212fd569b8f6003dcf8478390e14a5bf73eb1a61a12ce20ea3f5fbd6d9a56a4adf6043190cc7d559e7773668d0498f6c7438917d204ed2ec53da03cc744619be3785cd8cddb678f8e90965f22242bb62fa3590dde45cacad3852a54154a90d7495cc4cfbd7baacc19604efd864cc76a7e867cd7403301f45a3ad20ed8edf412e4aae5f279eada88ee43a436dd3b1f37098b7d81759aff2d81e5593535d44035fdcbae0f45a7163c06b8ed7da27a03e266947d7f11d9e1600f1a88b99643a0b99abad360b8137415f7800f8a5a16ba306778733d5493cc73d0aacebe1cc4618847bd620034cb617c55e47ff8d8000f52c25a6b3e9272c297e6b30bed370dda4c2b56278893a4faefb28a87c40229d3f80814e128eedb7050465e1e00547a1b77ebaef78355d9867ce521138d63f147ec3de6cac38d9eeb1d167494466e00d97a32701117bbe0f95304970e632b9cf8ded044b3f1c01326095b422678d798a9c5f8ab05f4e6549639186723aa3d38927ed4ca94a9e6de3c4f5ce99d090389473455cb366c7dfcb43ebe60271a3693e80ae4948291753007f5032f518ffc832f3e819f3bdac1085a80cdd494cdcac4a874a14818b9dae534559c2c5a542a12949a22fddb9060e8a400f96512aa8eaaa6659932dc8852f5709a808604c2fda229c79933646e36255948baec6e0c2d4fbe056628157ba456603e5cb45761b5aa97c0daceb3e6d7a192d109847057cb4322c9c5e62403c921e9cebeca77d12c3ed05f5e131e3c00d9070618872ea8a1f05e4598c98739d3a9245e537ed992aa4eb8a571e4c7c0dc797f91e3258835f9db1b6501edaaf38c9fd4d718c743d30b6f1e480ce9408aa6b894055768738e3df843301d99b476ba8d30f6483022ad7fd50493e600700ef1b70c72f607feb0df9898b61a38f4f59d23779b7af4a5b5a0e7379877d8c875d1e47a9ddbac19208cd22e05f729a9175b9bf1c96618d63585204eb5ea29e0a0f17c12219fd51bc462dcff6d3ff73b64d2a5f7ebe6ebdefd841698e909cf1018a88afefc1802fc97c22a240f20ce6938ae6b2224f7ca311622695577f3e4cb8f7e87bcf5bcdcc5311815bab1499465f687903b4da5693c83cbe13ba3d94f413bbdf9886241fc1f0b9ea00e7b2d1c2fe29d8921c56919bbfa091d4542c590a18848256b7eca92114c5542356bb15e1cd59b28a5d5b86bb92c30e88ea6edc6efd3c685a7e9b840b61f445bb57d670d3dbba61da442fcdabd4c14b9dd6543aafca5bea6ca16c00bbdc0999cec79272dfd1de86bea7d830ec2deaa339c2fc57d6490ee7cf3bb4e6cb4b8dcaa4279bef0af601f96dc25a3cf926eb6c5eb9529a266e1a9d96fbb5e0ffeb472d40e3853f42d69e725d2dd570b531779a09a5f945a2dce4ddd898be60b9d38f3c305f942f8f8a3ee992de01a0d6b3db1a4174b770681d2470edd2319a9b9d04d3cadd67583a313c071f809c89134b2b714cb2d7247d4d6b5d794302e9408e946bf1cadc767a8ae918a6608f7d2dbb2d825e949c823ac6bda0c46dea864c83222f3c7f7ec020f3a6445f3762dfaae5a28c3857053b2548d11c9b9f4af5366b43012e35d14ba139085493e95ad24bcc92b835f3c72ff762fcbe3d04ee2051e959a9e680f51425d5eeeedd99767fccda20b44bbbac6989e1d6f70f030c2530b83923fbf27fbf24f62ff7a5619b39b338e165dcf66faf6092edd19216fdacfb8eb80bd7d8a7767f538c3021e20f498c8e456bc32af1157b5988950caf1c478047f132c01f53c12929f030e9d78c284e64a521350d72748ef214c05f4c8d2e47384c3cd29c99a2df1abb2e8ff5a363a488feb119e8ad5e3c39a4f24449d00b3772090b499e2c65b50a3e6ce7f1e2f2bac0ae5e58147d1d6887617ca38d12b1cc9a5e3ee47539f40179136698acd9b9e20a4f85335dcb19d4ba4a05bcd84b27a9f1897ab8f67abf78ba3ce4d87b37c129562d33bb0836c8fe830c068e7c8b6728ed585258c7d82b5c407d0532bf5ba60cfb0a6e6f3aa44bdf3bb7ac389023c3db4395c3875a3496d85640d423775d8ac0c4c3ab1831bdd785a5ca0ba2073bdf6970e4b63718944603ab32b83d7c73af090c3a941561a76f08e2235e1ea8a0b721cd6a73466664c411c33fd1a3e46e580c77034cb09ac38b6d1824f642d3354e827b6ddc0ca15c3bd7192882eaece388d428282c859fed7d280e5d81cd0252c149154e2038a3f2535781dc81d7221278c21ee819fb913fc8d97e96f3dbbf0b2cd63a0ceeadec43fca7a760f45aa53de97597b4afb3abf5921125e9f148da377556e6de1a62aab6055b10c1698649515e62c572d62d901ae7fcd417b627db64785fbdc21f0e978eb143d7abb2771de9a912466fb6e6f55a12f209e131732d45a8293f1a36ddddfad54f857016e3ab7fceb97ddfde1a8c8569dfa972ec636e7c93e603d5e1d0e98d6f109dfa6df50ce987abfc291aba0e488ba8f0596fbd1bacd58862b611250a85cd34e7d100f785286d815281b62ef2dfeea5e8ba4ee4a019af0ff59b0f4f3049f8718d0fca57de1cf88763d13ad26c50cccec4faba99d899ef079c3400052d065cc0a44e8f73dc5bef5f8681015b29c96dacd026d920f369a2b0c341b8295f5268e2d9bf80df2d9ea1017b5b41ec2060c2fecc67c040e7c37521b6d6174c4d4ed4accc5479f6fc4ddc0e45a7f8030ff8e23f000315a3565498d07bd0cc6459f5cff23b40ffb80ace2f48fe0c1a337bb4f748bb8c057089de5cd727b278b45d84a8f7df9f898b3cef2ec319b032f888c4953bfe141c8e4b67ab3f95fa133790ea17b27be21c9478da70641265045e81e28229a4dc15f59c2f18b1b9c082d1154bc9565508fc9419912b48f3b1271609006399a844f6ccedb6323ada63d3e0b340fd07cf9e3b98b1d193bd76796c2a185366b25468017d28371d8792eb42304961bc9c1f4ef4025d2814837dacc9f1d777bfeddb30eca1cacd9f5b6619c4000252ecdabf7107dff264046c111c6f5767e3486c37ec175f52bd3460a7ad49e35bb729ba76e2fa5e117c49b750000005e0abf56340740b81ea37c5df26b7c885cc5da412cf4e9932e2561aa7945945dcba0677786c9ea9b9aee47d73454df82048f021b30a817606c96415c22e1e908316f84aae52e050e31176408d35ef33091618df7d38d22bd2b626dc138f423c32362878c8f6538dcf0b96c4298668d4bb35773c952bbebd4778c964b0eae8eac9bef3469ea5da890377c500ea027180f5308585cd7941c7e3305c32d610de49b5c1acce6c285d88a99dcebb2b5972a276d416abf25b44c1712a43d3e30005a1535553e779c0f72ff519d2407214c02e7020ca479e93c3fb2b867ad73e69ba10e92f329cd54c4c80d227d0710cf384fd9a39d4c4053afce6d1e93b47137843d149e888bd868b1b2179c1fdd8291d15724db10a756300209ae4a2ed91788fe9f980af1bb00d05a8fe1a020fe4bba91fb487c8ea674a6739067a0a86b7f2a4fc141f6c864f065fc6e5effdb5a1f1d063c6888626e13ced52f3669677dad96da1cfff7d700e9f6f74131b8ac0f4fb6c8d5fd675b1ed6001bba7dd0e95567a6d06fe28e756609821312f4725c5909c6353ad385e57fb162e2f65b5e2a0100aaa356a19b9c5c183d195d0134adb8bc8d03415daafd95f3a5e44f201741e22dd905dc12469664040ce714a5d9042f58db392d6c6af1eaa4c82cd9b4996252b44334be627708463ffe52a80d8d1c8a5b1a23f9c68144c4a6c6387e542b3cb9de7765faf05fda086986d3c6a1f0906b2ea0eba741abb9514ccd57f2d8ea1d67145c5d71749b560f85093ecc265a24239078253fa0bd39bf67f8e1d78f07e167c05d808771c7b0146af368e8859273ef76f9feedf7fc69640b5e95a25076c477338e31cc9a7348b8a31a0f8d4dd9e6c46f18126279c5d1192ddee08a7057195689954b26a19dcfd2a59febb6556c18c18abc85527372919196b29a737f8bb3b97bebaf3e6c43099064e067f12772c2333be19dd4e803289430a660d68963a26ff1b1c8c664c0318a2558dec140d984837a936651906ab960b6bff8bc8b32704f3e0769e6c85c9f5bd50270bc1030ea71f2db5c43116bd0641ed31ab6db12514aec68febe59e04d2b872c9fc2173017ee6e75a18d6832c9992d1ed2ead9452dce9b2efa01dc97ea31ee5c3f5743760f2589615f45738140d0f8c148f1858d0897094a34727493e607132bc1eefa0d0ff236f9ac5a2a0f0bf06719c1d5061846e427fa36138c808741ccbd10ad3f6f54470804e656a8ab1a9ee9a523bed87cb2fd4d6db8aa6d6b80d1e9886dc12b915665101b9094a22f44437918005356fed797ebd97ec6493bd681f69321f9735ae6d3d6822818c7cfb21c5f3a0f9d5b8ef070c916fe9ccbbf04128a27e7928e3572f125b986c52ec0de078b40135b922a2feb294b0349df06d1c3e2c9d2ed2ee88b7a1673423c6baedb51beb8f8cb1b3b986d1b9632fedfaec8e9a237311beb89cb0dd7efaa5b68537641d06b7cbfda581344c87452b4d3fe96cea6143378c4dd7586a9d55c666cce828ef91a35f3f0a5c9c369bd20c1bc7cc77fcf316a567fa21863b12c43faf3b9588dce4caa151937c6ee699cf49dba041775773ae062c69783758513a178bf46d2d40e24afe8975dd768a466755af2ffbb9fa728724a18fc9f427672ad5867a72ae8caca60fcc90cf817c291a2025b5243ae36e200b5e5c9ee4e90eac775c3b29fe1df8c35716f37d11961084fc28b0f8855376ec85d7741535f88db7977629dd832f06bb258e9a88cfc8671df2763fd9383a777f768c7aaecb9a7af9e76bb719767767c3d5178e2a10765c6b2ae80753f403125a9203ede6ed44eb96a1a010842f88f020dbb7f8df8bcbea0b60f1b99dd9b9aae2dbc995edc8ed82ec5e21e8d5e4d8d9fd0bfab342db38d12bb24c20c2a579069d74624db16bb9ec501312d8de0e653e9e74668d0ed05ccb0eb99db410c0000000fc246302635630b295ccf849e45944a25baa7f4651fa37f147e0fa977c0304e7cf25fa78260ca03abe8dc32cfb461f019f7d82194a98daae521ec4eaf3e138bb95b09d8ff2f106febcc126743abc8f8b707cd2cae1548c6fe54f64bf46c9ff03975e0c37eda3d485ff76ea5ae71fa5a2ca0d9293ea0cd4186e6e2e26fc2ba5e2cdde9400d9c1717058157a8410c9cd7ca4e679f41d8932576e7b292f28dfb9775b0ac5eb5788a8ddf797e32919e7a41c305af2e4e37eb4d5600", "1acd2077949cf1f27e1e764566e4cffaa168dcad09bfe7c84a06d9db78a4e8f0504116608cffa736ae4427d04f27d39e5de80f8935f281bc483252d1c4e0dff576831d8505d3cf34ddc4f4760b53ec5182b54b352dea1b5975eea9b6bffd5b66524559c7c3e9981d7a0ff5ffe6814c923871db66426d98286aec1debc56864a4b29ee5cb46989af08546d6d1a5d9da45db7d8abea1d392d0c668cc040da5d129ddbbe6a95a7d9e51a13328ea3fbd9ac81f03914ed9d1d2b72c234093a351f7294556996ca5459d796cb4127a9aed8e0cca398d1b5af6eae257d02db91a61d49a5677ee9c8caf1855edd2c25b9b3a9a5174d2193108e5e87d781780d9506a890687c80c429f3a46028ed71364c4b8d3b2380b38d2cf7e447dee058f556dcae2627e49dfd316d169d382f2b6775233157f57c7be54b105e2493e140ad97ecf9c12df8f0db9a973d0ef9197ebbdebc5e822ee06852a408560c7f19c65ab8527edc9ec1d6378f2c748f7e84d1d6e98de8abab3e0e42a866e1ec5d00822b124a98d77e9c8dbb3ac6648afe409b21e1cf2f5458a0588cd11af6887f552f6c16a801abf2594eb9a80e704b8053573f661dd29706e71060b630272037144b33d684f66128950510d4138785418f726eb7c7f84c7dda646b3647d673122f95ef89c863c3d4adec4477664cfe911683f19862cc918451f70a6a359dbc66b3599c0af91858ebe13c253a6e9a96758955fdfd1be103777812339e3786484a25b18994ba69b4275f26a64afb9be5219061d94d7c472236f1a20a9217d70abab15182c5f04c6080d535e34045d6497c1c8a2ea53fc022eb159d0d1be59a21f277ce441f3c5cb03ef0e7e1ac63177dfe567e2cb9055228f32c9ca6d38d99093fdc129951380cedafcca40712a2da5cc0af8d872d8f848ea5ff95210a52d2390e236da76fffce86cc8a78a8ea0e1e4464ceac9021556d29d7470ca19849b417aa6aee032f3bd437cb5c839c9f5fb20ec1367449abfb5e19f8365b7947bda60e34136e2eb53e0243766c2718d4bfe6eec77f8ca04d177cc17bad59d651a08349651de6d4dbf5856a6d42cc8cb2441ab7dfa9420d87d4a5aa5914f619b2478a0d68a98280231c8e7558d11eec87e80f2d039b5d6b287d9b3667b020dc45b999b162247bf38f5ac5fc99b5eb6ac5939d35d7d6e71b366f9553ada2784671aecdbdcaf42a2f254dc0289f7be9c6f0c045b30f63ae1a8fac778030f27e04e980bae66e474bc4f9572b8a0d8119ce13ea2ad1285b3397bc929ff26a2ba1ef2760c77e3e114d15742740b27796cb2fc84761db427cdf3c63be71fd6734ed2cb1300a8d5e2b1964f2a0320bfbad8e9bce0cd9329c8c41d79107d77f65c99f3c03813c1f0f5351869434c2ccb685f1863fac38a44ecf354ffde4926ae3cee90833db386633e6dba3585ec36f1aca6701d4d1fc13ac1c5d4cf2ae8c8c418da372bce96451dc2add28828e45ce3f6e35da3d49dcdb8ceb084a581b68fc5fcd4c45246e6b215ca98ae7239c317fe45404984292a83ac7e62614665bec4a5e80b055a0635003e93172e2045ec88144d9d7a2b50c45333720e2273b165147a0b1af77fe87089fe8c0fd32c4e950aedf6798c9007575dc86c02089414089527baf9bbbe5eaf4d58289de0987f8f310d7900ef2350daa438ac83ff255344a2bc814a3e7055269544310b0fe78b07eb0ee5f16899fc8bdf8e3cc47d27a44c93528885452195706091eaf15930f9df5874c19d0a1deedde0cbe9cda7f0618c378bc4ba6fbe911d546c7bc76954fcc6b5ef56c77d306421f9d24e0770cf8b578aaa6276bff4b98e9968e9a1f8c78c6d647d8c52a42d27ee8359840747913e0983e049ad77d87e35800eeeb19cd786a5edf6886e610f51b4d2290d959c7fe906dad2d3e2a5648c5ec0d48becaf209fbb6599d1b0d6299cb2b2fad3b3efac6ba0911a63ae399fa3f19adecc9b10533c99bba28bf9e37600db41c2b463c25b0602fb86ef043ee72aa26e7f102c3afe4073d1318671a514f8320dcbc699514792d5c90c34fe6809102cb6537a4e76530256cd997a1dba4a75b1578c7f12b409af040afa35c54001a4abf1c402f91413995ced6b64256684c34283e644246d235af905fa2edf8f802a65c1c1e0ba24ea656cb3b1f876b6f335aed27c3a6e8da53b1b9c283d299390310df6dc84e5569ad3ac1744824b329fc24cb8612c061b09440464c1168012dc40e8df788f9c708bde6bd4eb3f6111729b08796d0243b07a21ac542ae418f19ec3d7171197c8ca216b20f786784400f2834d98819a5fbbd909677f7d7309dca5c0e2cf74a8a53c1791c78488fec0520d3c71a9698e5040920acc5eb7764f4c295cb2f00b5a62d5fc1e1d0040c639886712ad4fece171739fbc0519b93c8bccac49f871a0e2f5ba97331be916aaae29b8cd646028629cc227b916d1d8b4729da3baffb0e39b533e039eb9f10073c156485902745ec60b8d281b2f84a8651fe4c533119bab8424bcecb28c067ffb1e03e05bcf9d6d44dfe0782e072934fc36e70b1acbf30387495618ac2729811aa6c2901b109b33a0010cfbe666fe9fcac86cc81023dda253863714e89c78265e219d00ba20b3c846368dd21816f699a6af20a290f075f4346b98ad40d69caaf2614856c0bdaa661907975679f5cb5afd3738ba811db58123922647476de50ccf17360393433b547bf0377b2115a7cd357699d043bd80981a2a28c638f7c2e725d85f9edd2fdcfea1f7e2bf02f9f0d4236c9d14c6d382dad99192125b219eea6a13b5685efcf34454d2a12537c5354dc5e34ecda968422cc472f0fec174b95cd298e89e7efbc164465dae45059a40e104b1a980ebc781848b0109ce9cec600b190a34dcf741dd6145d56c4ec27c983a7d6328130c122217bbbb33e2cffba1a352b6805dbd715772153b53051db7215f475ba8673b0dd59e2db414a658d3d262c5304d300b930921c7c0a9910eed96a705eea2c8657be193836a20f23fcbc8ef105ca25551626caf63c511d3c9dcffd9d485f27a63b6992e4b6fa26b02903a4da52fd7fa06397fe2883f9b6a4cac2ffb8ce1f476ec72bccaf0ec7b16e6f601e72f46e835d9bc2a82dccaa449728d22a7ff17772276f54073c66b184de0fa7f681823dcb7603a20aa94b76a9b7adb9f11f447b8764b2d719bea91ea32edbb4d340d18f18b3f53d1d07d0405facb202c30ac1ec145516e071cc71c59cc6205db061a8c19bb2d3ab463f6fea1c6d3b5a69d96e5b67ed569e1c04cff6c9f69ab9343e9a71bf6776d3b84b47de2ecf9a0d45515ef5a3b5c6d55f2c6543ef2bf0eb795219da3026ab06c9ba9bbdc30d5dc7c3782a9f58141a63f8d4683ad5c1d156c92c508cefd9702e9267263e34ff96800c425f768bd204466f4f9badabdfaf35e1a8096150e8afeea3a30586b89d1002f041612f8e81de4dcd268bf538307c4d28d1d2ae1af979f3b02017ebe942cdc8fa7964fe978254eb15fed7478e4200e381409486d37e0205c597b5ec19243ab547da051dee03f18e079af60dcb2095fe86f292a4b4bba8682ed8b220c0b48958882aaa7e93448bfecebfba6ca3ef28e0752080cbc9f752d6da814a9dc5bc552d9fe73b8a1df8eb0158df58810fce8719f11b04c4e157ac8ae3692f825a4569ff859273775c45eb999fff7a47ca461b2fda6edfe8ed8371ed29c4f7499448cfff0bc47ca1d8fc9eb35f79db389781c36e89541b686edc21f088463b2d26fd9b650eaf5ed1cda0f00040000000000009b0c527ba655252f77b77c2f4cc0f7741c52a57629fe511c5f9c17ee44fec35da363f5356343037b2705a393115062719e6bd87bbff2472a7833be6d2270fe5ff4cc9f0439a53adb91fe1520ff4841c120e80c99fcc2d0ee794fa8c91dc9c4227ef9f9ac784ce41abefa69b84acb285e385b74501ea137be765172d90738f201497cb7c992dcc2f17341c9b6a0ef3dcb14350669802e3295b5a133142df7bc5645bbf222d2da033ee4cc4f225f248ad88782945869c29943eb6498c87c2b125fb2d4067118c2b417308a1703fd9f48c48ee2a9c5af44df473e3b99b8a941fc4967060b4960864bc97e4f2bf53e7a5c2ec3d47e7bf8345b56a4df5f84d0523c1b6cf9399110e393474b3ece22c4923f531ff12242d5e2b293846a7ed06e3e7f062cb173431a2b680188fb46d2cb74d4a0d9dae59e2be485aabbb54c26406e6e77de3031e049bd8a49139fa62151716a665fb9f1966cf6c57f4185f7cffbbc43341f3b69a3ae0a4dcfd9b37f0035a69ac552830f0ca56069c8f69162280bced2ec30c6789f32cd38d7f97953f0989b65cf90f01206b20b0111a3d22f3d2f85104b03283f4fd7b80e53f20f1c91d5bf3b67aac25c4300b3191c1f5d7bb0fe112deac0f6acbea3b57c20c5d8f0bad48873a7e7347ead5a4d0b73041c86bdcd3b91d6cbe0ebb5824fb90cb4e74f439505074f236679c4ea4015fbdf0c44b4063b62cdced485cbca0eae2404da7158a974b7dc14c5207107d5424de14a35739f68f3f151c6de20d0ad19d06521baf26ab2cb7ff7e8f83d60a9f554367f99fa5c44910b886e1c9c2418a7a4b33f19fff9af4724c7c8251ffc24cc4464b8804b6704bc0572b23498ec92263d37bdb54490f3316087c5b192a20027ad6cf1a2c3fef8043e2847b8734fa8dc91ce992474796e3f71580841379279f8b10ab8e6766196fb5a9b2ff44cabece6930fb9f32e867047313410c13b11a8a788a29ad93a5b9ae1b960a46fd48fe5cdd7168815c67b267065453547cb60db74f37238b2f7f3c78abc249ffe118a1d3e7eb5cdd326ad0a07a50bd24a6be4b5e56fade7fb7c3b515b4d0b16884c9eee7ef9c82f2ea4d89113e950622cee8e63519a899da3ee83bcd369b01b373934bbed73d8f94e3312e72d82d3fb8b8e65b0f5580cffda633467fc3285023159c3ac7273a46275d874b87254df07ea15d0806f4b8312c4e95235cab31e015a3603906c188233db45dea658dcf694f5097a9e26aba8b58e248210fa5e12fa08cbbe0a01afa9b2c36d38d298dd180ee6e358d45397471bc064e2e8e51da189e98bf41cc30b50b0d937e8cbfc5b138dc66143716b27190689efebcaa5676c9eb370465f77803b219b0ee1f65f343d70b01435f9adc46979b121944e13a02cbdd47a9898b26d6cc5294a9358971bad37a6b01d8b2ee251e50b02acbd560bcd4a212124f308d87eca79d13c77b90510675989ffb70a9d5643df2db6067bd4e0fd21d0a40b84177279587777f763bb9e2fc99186402ff1905eb61b6ea3bef862beb10ede1fbca93f5b426f683bb72099ffc61c99d8a7527fe9167b13d786402864d2b4237fa47426f46b6d5e0911de793f73610b46de4e62b8a67aaed298a9a2d5b5c5b7936f8bcc62a8f9d64d8ff1470a386974b35f382f42ad1fb2c9de214b35aa0afcff7806d7601ab9142a0dade5c7a9e6b0c16027c4d0fc413ba5d16f0d4826b3f469afa6e5ce4a19e21d2a2c2c1e3055706d0ce371dee59a06e534887cf5e300bd118b7c5e8eee2a8fd4bf6ca96df566f49049bd25533c8ae08eb2334ba183529c041f3d9b45139173f3ee8b1b8f8633c9cb7caa735805d56b1e3119a97f3ce86ecd8f21256c0a5a54266cc00927c881ac18fef64f25704b3f01b4885a9c4053aec5bfe5be638563267548cacbad2a95c3c48e6a913bd87ec0c489c236214b650a17d27081ae8def0d27c0d6a25553601875192d11c9e3ef2a3273c1f9b079"})

2.164671615s ago: executing program 1 (id=1262):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000240)={0x73622a85, 0x1, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x22, 0x800000000004, @tid=r2}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = fcntl$dupfd(r3, 0x406, r5)
read$FUSE(r6, 0x0, 0x0)
write$sndseq(r6, &(0x7f0000000180)=[{0x80, 0x9, 0x7, 0x80, @time={0x5, 0xc36a}, {0x3, 0x9a}, {0x7, 0x7f}, @addr={0x9, 0x10}}], 0x1c)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r1, r0, 0x0)
r8 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r8, &(0x7f0000000000)={0x2, @long={0x3, 0x0, {0xaaaaaaaaaaaa0302}}}, 0x14)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r9, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x6, 0xc3072, 0xffffffffffffffff, 0x20523000)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r10, 0x0, 0x20, &(0x7f0000000c80)={@multicast2, @broadcast}, 0xc)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340), 0x0, 0x0, 0x0})
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b3a61c034904a62232779e9feb"], 0x0, 0x42, 0x0, 0x3, 0x0, 0x10000}, 0x28)
ptrace(0x10, r11)
ptrace$setregs(0xd, r11, 0x0, &(0x7f00000003c0)="06000000149d7b10b4024fbbdc08899b8f589df23cb5d7a8d1b36cfab675cb397697050000878c9cfa178cac130eb046eea92df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4080)
ptrace$getregset(0x4205, r11, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

1.947089829s ago: executing program 4 (id=1263):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
readv(r0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000440)=""/254, 0xfe}], 0x2)
sendmmsg$inet6(r1, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfffffffc}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="aa", 0x1}], 0x1}}], 0x2, 0x2000c8c0)
syz_emit_ethernet(0x46, &(0x7f0000000040)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "82dc05", 0x10, 0x11, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @empty}, {[], {0x4e22, 0x5e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x2, 0x4, 0x100}}}}}}}}, 0x0)
sendmmsg$inet6(r1, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000140)="93503ddb3c8568f7252b980756003df3fcaae0af56041e0625fd9f19c9f6748188c92727ce44457fa133c41a2d87dfebd07504b4385fc804a26c20196fe3bb252e44ea42", 0x44}], 0x1}}], 0x1, 0x40)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

1.608985926s ago: executing program 4 (id=1264):
syz_emit_ethernet(0x52, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd308", 0x1c, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x4}, @generic={0x2, 0x2}]}}}}}}}}, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
socket$kcm(0x21, 0x2, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={0x24, 0x1, 0x4, 0x5, 0x0, 0x0, {0x3}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_FLAGS={0x6}]}, 0x24}}, 0x80)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x20, 0x1, 0x4, 0x101, 0x0, 0x0, {}, [@NFULA_CFG_MODE={0xa}]}, 0x20}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa300000000000007030000f1feffff720af0fff8ffffff71a4f0ff0000000071102800000000001d400500000000004704000001ed00000f030000000000006f44000000000000730a00fe000000007203000000000006b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f18564a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccc99069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad24b89b6a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c87852730a3bd7ac923fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca4856ff03b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec860cde7c79f7b4d4e24c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b450100000001000000393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00400000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd599c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb80610eb37bd2d40ebdfed687f0b093e68f10b72146a0b749ee2105e2da94a288146abbbaf7c0b24fe0000000000000000f1a4f4de6a8d12dc9e71a20cbd412898586843b534d36e21379a8a06133c1babde9e5bd5b6afc5f684aada43ee560e800f58cb33b8483f6518abde7c86bd5d389c1b3c40fdd4bebe4adf87b1025ff57eb50984cc5bad9ea1c15484ea627c3c1501d612ed65939266e7332966f03e0376076e7c5dfe25f367dda7f69db89829b360dd2f59cbaad10f13e269eca792725bbacb96aa0a5c426ca76f84322661"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffa3}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r4, 0x9201, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)

1.489034386s ago: executing program 5 (id=1265):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="14f000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a300000000008000540000000104c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000200003801c00008018000180140001"], 0xd0}}, 0x0)

1.333650986s ago: executing program 4 (id=1266):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x111, &(0x7f00000000c0)={0x0, 0x10, 0x2000, 0x2, 0x80}, &(0x7f0000000080)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000002c0)='\xebDrquota\x85\x18L\xb6N\xc8\x90\x962*\x05\x19Z\xd9u\xea\xd6\xaa\xb1\xe7\xb9I|\x8c\vD\x92O\xb7\v \x11\xb3#<\x89]i\x97')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r4 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
gettid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x240000, 0x0)
ioctl$TIOCSETD(r5, 0x5423, 0x0)
ioctl$SIOCGETLINKNAME(0xffffffffffffffff, 0x89e0, &(0x7f0000000480)={0x2})
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f)
quotactl_fd$Q_GETINFO(0xffffffffffffffff, 0xffffffff80000501, 0x0, 0x0)
r7 = semget$private(0x0, 0x1, 0x40)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000400)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000380)=[r0], 0x1, 0x0, 0x1})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
semctl$IPC_RMID(r7, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r9 = openat$cgroup_devices(r8, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r9, &(0x7f0000000140)=ANY=[@ANYBLOB='c 1:'], 0xa)
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)

1.013650923s ago: executing program 5 (id=1267):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000048c0), 0x0, 0x20000001)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x400)
pipe(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
unshare(0x2c020400)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmmsg$sock(r0, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)

1.01314611s ago: executing program 3 (id=1268):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES64, @ANYRES8=0x0, @ANYRES64, @ANYRESOCT, @ANYRESDEC, @ANYRES64, @ANYRES32, @ANYRES64], 0x50)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0xf, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
socket$tipc(0x1e, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00'})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vxcan0\x00'})
sendmsg$nl_route(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0xd, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, {0xd, 0x6}, {0xffff}, {0x1, 0xfff1}}}, 0x24}}, 0x8000)
ioctl$USBDEVFS_CLAIMINTERFACE(r0, 0x8004550f, 0x0)

959.377774ms ago: executing program 1 (id=1269):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
socket(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x800000000000000}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x60, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x30, 0x2, [@TCA_BASIC_EMATCHES={0x2c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_META={0x1c, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}, [@TCA_EM_META_LVALUE={0x4}, @TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x1}, {0x5, 0x40}}}]}}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket(0x1e, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)

0s ago: executing program 5 (id=1270):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x6, &(0x7f0000000040), 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xfffffffd}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000800), 0x62, 0x12141, 0x0)

kernel console output (not intermixed with test programs):

ALL_64_after_hwframe+0x77/0x7f
[  329.075128][ T8051]  ? clear_bhb_loop+0x60/0xb0
[  329.075143][ T8051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.075162][ T8051] RIP: 0033:0x7f753138e9a9
[  329.075175][ T8051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  329.075185][ T8051] RSP: 002b:00007f753213c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  329.075200][ T8051] RAX: ffffffffffffffda RBX: 00007f75315b5fa0 RCX: 00007f753138e9a9
[  329.075209][ T8051] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000005
[  329.075216][ T8051] RBP: 00007f753213c090 R08: 0000000000000000 R09: 0000000000000000
[  329.075224][ T8051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  329.075231][ T8051] R13: 0000000000000000 R14: 00007f75315b5fa0 R15: 00007ffd3051f4a8
[  329.075249][ T8051]  </TASK>
[  329.075254][ T8051] tipc: Service creation failed, no memory
[  331.415441][ T8076] netlink: 32 bytes leftover after parsing attributes in process `syz.0.586'.
[  332.972917][ T8088] FAULT_INJECTION: forcing a failure.
[  332.972917][ T8088] name failslab, interval 1, probability 0, space 0, times 0
[  333.251241][ T8088] CPU: 0 UID: 0 PID: 8088 Comm: syz.1.590 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  333.251267][ T8088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  333.251274][ T8088] Call Trace:
[  333.251280][ T8088]  <TASK>
[  333.251286][ T8088]  dump_stack_lvl+0x189/0x250
[  333.251306][ T8088]  ? __pfx____ratelimit+0x10/0x10
[  333.251320][ T8088]  ? __pfx_dump_stack_lvl+0x10/0x10
[  333.251333][ T8088]  ? __pfx__printk+0x10/0x10
[  333.251352][ T8088]  ? __pfx___might_resched+0x10/0x10
[  333.251365][ T8088]  ? fs_reclaim_acquire+0x7d/0x100
[  333.251382][ T8088]  should_fail_ex+0x414/0x560
[  333.251399][ T8088]  should_failslab+0xa8/0x100
[  333.251416][ T8088]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  333.251429][ T8088]  ? __d_alloc+0x31/0x6f0
[  333.251447][ T8088]  __d_alloc+0x31/0x6f0
[  333.251466][ T8088]  d_alloc+0x4b/0x190
[  333.251479][ T8088]  ? lookup_one_qstr_excl_raw+0xb4/0x280
[  333.251497][ T8088]  lookup_one_qstr_excl_raw+0xc8/0x280
[  333.251515][ T8088]  do_unlinkat+0x1d6/0x560
[  333.251531][ T8088]  ? __pfx_do_unlinkat+0x10/0x10
[  333.251547][ T8088]  ? getname_flags+0x1e5/0x540
[  333.251563][ T8088]  __x64_sys_unlink+0x47/0x50
[  333.251575][ T8088]  do_syscall_64+0xfa/0x3b0
[  333.251587][ T8088]  ? lockdep_hardirqs_on+0x9c/0x150
[  333.251600][ T8088]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.251612][ T8088]  ? clear_bhb_loop+0x60/0xb0
[  333.251627][ T8088]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.251638][ T8088] RIP: 0033:0x7fcd2e98e9a9
[  333.251650][ T8088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.251661][ T8088] RSP: 002b:00007fcd2f713038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[  333.251675][ T8088] RAX: ffffffffffffffda RBX: 00007fcd2ebb5fa0 RCX: 00007fcd2e98e9a9
[  333.251684][ T8088] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100
[  333.251692][ T8088] RBP: 00007fcd2f713090 R08: 0000000000000000 R09: 0000000000000000
[  333.251699][ T8088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  333.251706][ T8088] R13: 0000000000000000 R14: 00007fcd2ebb5fa0 R15: 00007fff4779c568
[  333.251726][ T8088]  </TASK>
[  334.408612][ T8101] syz.0.594 (8101): /proc/8096/oom_adj is deprecated, please use /proc/8096/oom_score_adj instead.
[  335.336248][ T8105] FAULT_INJECTION: forcing a failure.
[  335.336248][ T8105] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  335.394559][ T8105] CPU: 0 UID: 0 PID: 8105 Comm: syz.0.595 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  335.394590][ T8105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  335.394602][ T8105] Call Trace:
[  335.394611][ T8105]  <TASK>
[  335.394620][ T8105]  dump_stack_lvl+0x189/0x250
[  335.394649][ T8105]  ? __pfx____ratelimit+0x10/0x10
[  335.394672][ T8105]  ? __pfx_dump_stack_lvl+0x10/0x10
[  335.394706][ T8105]  ? __pfx__printk+0x10/0x10
[  335.394732][ T8105]  ? __might_fault+0xb0/0x130
[  335.394772][ T8105]  should_fail_ex+0x414/0x560
[  335.394799][ T8105]  _copy_from_user+0x2d/0xb0
[  335.394829][ T8105]  vmci_host_unlocked_ioctl+0xe23/0x2650
[  335.394863][ T8105]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  335.394897][ T8105]  ? do_vfs_ioctl+0xf37/0x1990
[  335.394930][ T8105]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  335.394966][ T8105]  ? kasan_quarantine_put+0xdd/0x220
[  335.395009][ T8105]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  335.395032][ T8105]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  335.395054][ T8105]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  335.395074][ T8105]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  335.395096][ T8105]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  335.395150][ T8105]  ? __lock_acquire+0xab9/0xd20
[  335.395174][ T8105]  ? __asan_memset+0x22/0x50
[  335.395208][ T8105]  ? __pfx_smack_file_ioctl+0x10/0x10
[  335.395240][ T8105]  ? __fget_files+0x2a/0x420
[  335.395262][ T8105]  ? __fget_files+0x3a0/0x420
[  335.395290][ T8105]  ? __fget_files+0x2a/0x420
[  335.395316][ T8105]  ? bpf_lsm_file_ioctl+0x9/0x20
[  335.395340][ T8105]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  335.395364][ T8105]  __se_sys_ioctl+0xfc/0x170
[  335.395397][ T8105]  do_syscall_64+0xfa/0x3b0
[  335.395427][ T8105]  ? lockdep_hardirqs_on+0x9c/0x150
[  335.395449][ T8105]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.395470][ T8105]  ? clear_bhb_loop+0x60/0xb0
[  335.395495][ T8105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.395516][ T8105] RIP: 0033:0x7f753138e9a9
[  335.395535][ T8105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.395553][ T8105] RSP: 002b:00007f753213c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  335.395575][ T8105] RAX: ffffffffffffffda RBX: 00007f75315b5fa0 RCX: 00007f753138e9a9
[  335.395590][ T8105] RDX: 0000200000000080 RSI: 00000000000007a8 RDI: 0000000000000004
[  335.395604][ T8105] RBP: 00007f753213c090 R08: 0000000000000000 R09: 0000000000000000
[  335.395616][ T8105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  335.395629][ T8105] R13: 0000000000000000 R14: 00007f75315b5fa0 R15: 00007ffd3051f4a8
[  335.395662][ T8105]  </TASK>
[  337.173782][ T8112] FAULT_INJECTION: forcing a failure.
[  337.173782][ T8112] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  337.231022][ T8112] CPU: 1 UID: 0 PID: 8112 Comm: syz.3.598 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  337.231053][ T8112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  337.231064][ T8112] Call Trace:
[  337.231073][ T8112]  <TASK>
[  337.231109][ T8112]  dump_stack_lvl+0x189/0x250
[  337.231139][ T8112]  ? __pfx____ratelimit+0x10/0x10
[  337.231163][ T8112]  ? __pfx_dump_stack_lvl+0x10/0x10
[  337.231187][ T8112]  ? __pfx__printk+0x10/0x10
[  337.231215][ T8112]  ? fs_reclaim_acquire+0x7d/0x100
[  337.231251][ T8112]  should_fail_ex+0x414/0x560
[  337.231280][ T8112]  prepare_alloc_pages+0x213/0x610
[  337.231316][ T8112]  __alloc_frozen_pages_noprof+0x123/0x370
[  337.231347][ T8112]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  337.231386][ T8112]  ? policy_nodemask+0x27c/0x720
[  337.231404][ T8112]  ? __lock_acquire+0xab9/0xd20
[  337.231431][ T8112]  alloc_pages_mpol+0x232/0x4a0
[  337.231458][ T8112]  vma_alloc_folio_noprof+0xe4/0x200
[  337.231478][ T8112]  ? unwind_get_return_address+0x4d/0x90
[  337.231504][ T8112]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  337.231541][ T8112]  folio_prealloc+0x30/0x180
[  337.231565][ T8112]  __handle_mm_fault+0x2c88/0x5620
[  337.231620][ T8112]  ? __pfx___handle_mm_fault+0x10/0x10
[  337.231676][ T8112]  ? find_vma+0xe7/0x160
[  337.231692][ T8112]  ? __pfx_find_vma+0x10/0x10
[  337.231714][ T8112]  handle_mm_fault+0x2d5/0x7f0
[  337.231759][ T8112]  do_user_addr_fault+0x764/0x1390
[  337.231820][ T8112]  exc_page_fault+0x76/0xf0
[  337.231846][ T8112]  asm_exc_page_fault+0x26/0x30
[  337.231866][ T8112] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  337.231894][ T8112] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  337.231912][ T8112] RSP: 0018:ffffc9000e7b7898 EFLAGS: 00050202
[  337.231931][ T8112] RAX: ffffffff84b6e701 RBX: ffff88807bf0c000 RCX: 000000000000004b
[  337.231945][ T8112] RDX: 0000000000000000 RSI: ffff88807bf0c000 RDI: 00002000000034c0
[  337.231960][ T8112] RBP: ffffc9000e7b79f0 R08: ffff88807bf0c04a R09: 1ffff1100f7e1809
[  337.231974][ T8112] R10: dffffc0000000000 R11: ffffed100f7e180a R12: dffffc0000000000
[  337.231989][ T8112] R13: 0000000000000000 R14: 00007ffffffff000 R15: 000000000000004b
[  337.232014][ T8112]  ? _copy_to_iter+0x3e1/0x16f0
[  337.232048][ T8112]  _copy_to_iter+0x484/0x16f0
[  337.232099][ T8112]  ? __pfx__copy_to_iter+0x10/0x10
[  337.232133][ T8112]  ? seq_write+0xd8/0x140
[  337.232162][ T8112]  seq_read_iter+0xbeb/0xe10
[  337.232217][ T8112]  seq_read+0x2e2/0x3d0
[  337.232256][ T8112]  ? __pfx_seq_read+0x10/0x10
[  337.232285][ T8112]  ? __debugfs_file_get+0x5dd/0x710
[  337.232311][ T8112]  ? __pfx___debugfs_file_get+0x10/0x10
[  337.232347][ T8112]  full_proxy_read+0x153/0x220
[  337.232373][ T8112]  ? __pfx_full_proxy_read+0x10/0x10
[  337.232398][ T8112]  vfs_read+0x200/0x980
[  337.232437][ T8112]  ? __pfx___mutex_lock+0x10/0x10
[  337.232459][ T8112]  ? __pfx_vfs_read+0x10/0x10
[  337.232491][ T8112]  ? __fget_files+0x2a/0x420
[  337.232520][ T8112]  ? __fget_files+0x3a0/0x420
[  337.232542][ T8112]  ? __fget_files+0x2a/0x420
[  337.232575][ T8112]  ksys_read+0x145/0x250
[  337.232599][ T8112]  ? __pfx_ksys_read+0x10/0x10
[  337.232615][ T8112]  ? rcu_is_watching+0x15/0xb0
[  337.232643][ T8112]  ? do_syscall_64+0xbe/0x3b0
[  337.232671][ T8112]  do_syscall_64+0xfa/0x3b0
[  337.232692][ T8112]  ? lockdep_hardirqs_on+0x9c/0x150
[  337.232713][ T8112]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.232732][ T8112]  ? clear_bhb_loop+0x60/0xb0
[  337.232758][ T8112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.232778][ T8112] RIP: 0033:0x7efd4b98e9a9
[  337.232797][ T8112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  337.232813][ T8112] RSP: 002b:00007efd4c738038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  337.232833][ T8112] RAX: ffffffffffffffda RBX: 00007efd4bbb5fa0 RCX: 00007efd4b98e9a9
[  337.232846][ T8112] RDX: 0000000000002020 RSI: 00002000000034c0 RDI: 0000000000000005
[  337.232859][ T8112] RBP: 00007efd4c738090 R08: 0000000000000000 R09: 0000000000000000
[  337.232871][ T8112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  337.232883][ T8112] R13: 0000000000000000 R14: 00007efd4bbb5fa0 R15: 00007ffd39085378
[  337.232918][ T8112]  </TASK>
[  337.662094][    C1] vkms_vblank_simulate: vblank timer overrun
[  338.233462][ T8123] netlink: 32 bytes leftover after parsing attributes in process `syz.3.602'.
[  338.340002][ T8116] input: syz0 as /devices/virtual/input/input14
[  338.411291][ T7580] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  338.524481][   T30] audit: type=1326 audit(1753703938.180:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8125 comm="syz.3.603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  338.552398][ T8126] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  338.589577][   T30] audit: type=1326 audit(1753703938.180:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8125 comm="syz.3.603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  338.590959][ T7580] usb 2-1: Using ep0 maxpacket: 32
[  338.652544][   T30] audit: type=1326 audit(1753703938.180:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8125 comm="syz.3.603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  338.703491][ T7580] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  338.730211][   T30] audit: type=1326 audit(1753703938.180:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8125 comm="syz.3.603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  338.755356][ T7580] usb 2-1: New USB device found, idVendor=2040, idProduct=4902, bcdDevice=7b.12
[  338.766236][ T7580] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  338.777114][ T7580] usb 2-1: Product: syz
[  338.785777][   T30] audit: type=1326 audit(1753703938.180:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8125 comm="syz.3.603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  338.823365][   T30] audit: type=1326 audit(1753703938.180:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8125 comm="syz.3.603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  338.867842][   T30] audit: type=1326 audit(1753703938.180:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8125 comm="syz.3.603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  339.097957][   T30] audit: type=1326 audit(1753703938.180:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8125 comm="syz.3.603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  339.123599][   T30] audit: type=1326 audit(1753703938.180:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8125 comm="syz.3.603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  339.131646][ T7580] usb 2-1: Manufacturer: syz
[  339.146413][   T30] audit: type=1326 audit(1753703938.180:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8125 comm="syz.3.603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  339.171762][ T7580] usb 2-1: SerialNumber: syz
[  340.048498][ T7580] hdpvr 2-1:2.0: Could not find bulk-in endpoint
[  340.068957][ T7580] hdpvr 2-1:2.0: probe with driver hdpvr failed with error -12
[  340.317196][ T1615] usb 2-1: USB disconnect, device number 8
[  342.815922][ T8189] openvswitch: netlink: Message has 16 unknown bytes.
[  343.406937][ T8196] block device autoloading is deprecated and will be removed.
[  343.417428][ T8196] syz.4.621: attempt to access beyond end of device
[  343.417428][ T8196] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  344.118030][   T30] kauditd_printk_skb: 59 callbacks suppressed
[  344.118049][   T30] audit: type=1326 audit(1753703943.770:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8204 comm="syz.4.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f678e9a9 code=0x7ffc0000
[  344.253948][ T8207] FAULT_INJECTION: forcing a failure.
[  344.253948][ T8207] name failslab, interval 1, probability 0, space 0, times 0
[  344.268627][ T8207] CPU: 0 UID: 0 PID: 8207 Comm: syz.1.628 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  344.268656][ T8207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  344.268669][ T8207] Call Trace:
[  344.268677][ T8207]  <TASK>
[  344.268686][ T8207]  dump_stack_lvl+0x189/0x250
[  344.268715][ T8207]  ? __pfx____ratelimit+0x10/0x10
[  344.268739][ T8207]  ? __pfx_dump_stack_lvl+0x10/0x10
[  344.268762][ T8207]  ? __pfx__printk+0x10/0x10
[  344.268798][ T8207]  ? __pfx___might_resched+0x10/0x10
[  344.268821][ T8207]  ? fs_reclaim_acquire+0x7d/0x100
[  344.268853][ T8207]  should_fail_ex+0x414/0x560
[  344.268878][ T8207]  ? create_io_worker+0x27/0x5d0
[  344.268898][ T8207]  should_failslab+0xa8/0x100
[  344.268924][ T8207]  __kmalloc_cache_noprof+0x70/0x3d0
[  344.268944][ T8207]  ? create_io_worker+0xac/0x5d0
[  344.268964][ T8207]  ? create_io_worker+0x27/0x5d0
[  344.268984][ T8207]  create_io_worker+0xac/0x5d0
[  344.269008][ T8207]  io_wq_enqueue+0x62c/0x850
[  344.269037][ T8207]  ? __pfx_io_wq_work_match_item+0x10/0x10
[  344.269074][ T8207]  io_submit_sqes+0xe22/0x1c50
[  344.269141][ T8207]  __se_sys_io_uring_enter+0x2df/0x2b20
[  344.269187][ T8207]  ? ksys_write+0x1cb/0x250
[  344.269212][ T8207]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  344.269230][ T8207]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  344.269253][ T8207]  ? __pfx_vfs_write+0x10/0x10
[  344.269275][ T8207]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  344.269304][ T8207]  ? __fget_files+0x3a0/0x420
[  344.269337][ T8207]  ? fput+0xa0/0xd0
[  344.269372][ T8207]  ? ksys_write+0x22a/0x250
[  344.269395][ T8207]  ? __pfx_ksys_write+0x10/0x10
[  344.269411][ T8207]  ? rcu_is_watching+0x15/0xb0
[  344.269441][ T8207]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  344.269466][ T8207]  do_syscall_64+0xfa/0x3b0
[  344.269491][ T8207]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.269510][ T8207]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  344.269530][ T8207]  ? clear_bhb_loop+0x60/0xb0
[  344.269555][ T8207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.269575][ T8207] RIP: 0033:0x7fcd2e98e9a9
[  344.269594][ T8207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  344.269612][ T8207] RSP: 002b:00007fcd2c7f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  344.269634][ T8207] RAX: ffffffffffffffda RBX: 00007fcd2ebb6080 RCX: 00007fcd2e98e9a9
[  344.269650][ T8207] RDX: 0000000000000000 RSI: 000000000000221f RDI: 0000000000000006
[  344.269663][ T8207] RBP: 00007fcd2c7f6090 R08: 0000000000000000 R09: 0000000000000000
[  344.269677][ T8207] R10: 0000000000000023 R11: 0000000000000246 R12: 0000000000000001
[  344.269690][ T8207] R13: 0000000000000000 R14: 00007fcd2ebb6080 R15: 00007fff4779c568
[  344.269725][ T8207]  </TASK>
[  344.901262][   T30] audit: type=1326 audit(1753703943.800:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8204 comm="syz.4.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f678e9a9 code=0x7ffc0000
[  344.926280][   T30] audit: type=1326 audit(1753703943.810:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8204 comm="syz.4.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=120 compat=0 ip=0x7ff0f678e9a9 code=0x7ffc0000
[  345.315368][   T30] audit: type=1326 audit(1753703943.820:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8204 comm="syz.4.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f678e9a9 code=0x7ffc0000
[  345.341118][   T30] audit: type=1326 audit(1753703943.890:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8204 comm="syz.4.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f678e9a9 code=0x7ffc0000
[  345.364723][   T30] audit: type=1326 audit(1753703943.900:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8204 comm="syz.4.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff0f678e9a9 code=0x7ffc0000
[  345.409060][   T30] audit: type=1326 audit(1753703944.720:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8204 comm="syz.4.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f678e9a9 code=0x7ffc0000
[  345.505912][   T30] audit: type=1326 audit(1753703944.720:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8204 comm="syz.4.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f678e9a9 code=0x7ffc0000
[  345.569830][   T30] audit: type=1326 audit(1753703944.720:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8204 comm="syz.4.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff0f678e9a9 code=0x7ffc0000
[  345.592021][   T30] audit: type=1326 audit(1753703944.720:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8204 comm="syz.4.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f678e9a9 code=0x7ffc0000
[  345.983533][ T1615] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  346.144020][ T1615] usb 2-1: config 0 has an invalid interface number: 248 but max is 0
[  346.152568][ T1615] usb 2-1: config 0 has no interface number 0
[  346.172611][ T1615] usb 2-1: New USB device found, idVendor=1686, idProduct=00dd, bcdDevice=c4.ff
[  346.184154][ T1615] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.193218][ T1615] usb 2-1: Product: syz
[  346.198602][ T1615] usb 2-1: Manufacturer: syz
[  346.204289][ T1615] usb 2-1: SerialNumber: syz
[  346.219928][ T1615] usb 2-1: config 0 descriptor??
[  346.235498][ T1615] hub 2-1:0.248: bad descriptor, ignoring hub
[  346.243192][ T1615] hub 2-1:0.248: probe with driver hub failed with error -5
[  346.311029][ T7607] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  346.452221][ T8228] delete_channel: no stack
[  346.505604][ T8216] loop7: detected capacity change from 0 to 16384
[  346.571367][ T7607] usb 3-1: Using ep0 maxpacket: 32
[  346.584183][ T8216] netlink: 8 bytes leftover after parsing attributes in process `syz.1.629'.
[  346.593283][ T8216] netlink: 24 bytes leftover after parsing attributes in process `syz.1.629'.
[  346.633804][ T7607] usb 3-1: config 0 has an invalid interface number: 230 but max is 0
[  346.643566][ T7607] usb 3-1: config 0 has no interface number 0
[  346.649962][ T7607] usb 3-1: config 0 interface 230 has no altsetting 0
[  346.675664][ T7607] usb 3-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  346.689375][ T7607] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.797893][ T7607] usb 3-1: Product: syz
[  346.820521][ T7607] usb 3-1: Manufacturer: syz
[  346.839594][ T7607] usb 3-1: SerialNumber: syz
[  346.894544][ T7607] usb 3-1: config 0 descriptor??
[  346.939715][ T7607] ums-usbat 3-1:0.230: USB Mass Storage device detected
[  346.984606][ T7607] ums-usbat 3-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  347.399888][ T8236] @: renamed from vlan0 (while UP)
[  348.072103][ T1615] usb 2-1: USB disconnect, device number 9
[  348.174129][ T5851] udevd[5851]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.248/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  348.415491][ T7607] ums-usbat 3-1:0.230: probe with driver ums-usbat failed with error -5
[  348.443181][ T7607] usb 3-1: USB disconnect, device number 15
[  348.652690][ T8245] syz.4.637: attempt to access beyond end of device
[  348.652690][ T8245] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  349.445722][ T8253] FAULT_INJECTION: forcing a failure.
[  349.445722][ T8253] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  349.515718][ T8253] CPU: 1 UID: 0 PID: 8253 Comm: syz.0.641 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  349.515748][ T8253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  349.515759][ T8253] Call Trace:
[  349.515768][ T8253]  <TASK>
[  349.515777][ T8253]  dump_stack_lvl+0x189/0x250
[  349.515806][ T8253]  ? __pfx____ratelimit+0x10/0x10
[  349.515827][ T8253]  ? __pfx_dump_stack_lvl+0x10/0x10
[  349.515850][ T8253]  ? __pfx__printk+0x10/0x10
[  349.515890][ T8253]  should_fail_ex+0x414/0x560
[  349.515916][ T8253]  strncpy_from_user+0x36/0x290
[  349.515953][ T8253]  getname_flags+0xf3/0x540
[  349.515982][ T8253]  path_setxattrat+0x2ac/0x3a0
[  349.516021][ T8253]  ? __pfx_path_setxattrat+0x10/0x10
[  349.516058][ T8253]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  349.516111][ T8253]  ? ksys_write+0x22a/0x250
[  349.516135][ T8253]  ? __pfx_ksys_write+0x10/0x10
[  349.516161][ T8253]  __x64_sys_lsetxattr+0xbf/0xe0
[  349.516189][ T8253]  do_syscall_64+0xfa/0x3b0
[  349.516210][ T8253]  ? lockdep_hardirqs_on+0x9c/0x150
[  349.516231][ T8253]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.516250][ T8253]  ? clear_bhb_loop+0x60/0xb0
[  349.516274][ T8253]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.516292][ T8253] RIP: 0033:0x7f753138e9a9
[  349.516309][ T8253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  349.516327][ T8253] RSP: 002b:00007f753213c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  349.516350][ T8253] RAX: ffffffffffffffda RBX: 00007f75315b5fa0 RCX: 00007f753138e9a9
[  349.516365][ T8253] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000200000000280
[  349.516379][ T8253] RBP: 00007f753213c090 R08: 0000000000000001 R09: 0000000000000000
[  349.516391][ T8253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  349.516404][ T8253] R13: 0000000000000001 R14: 00007f75315b5fa0 R15: 00007ffd3051f4a8
[  349.516438][ T8253]  </TASK>
[  349.761939][ T5968] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  349.974351][ T5968] usb 2-1: config 0 has an invalid interface number: 248 but max is 0
[  349.988433][ T5968] usb 2-1: config 0 has no interface number 0
[  350.018149][ T5968] usb 2-1: New USB device found, idVendor=1686, idProduct=00dd, bcdDevice=c4.ff
[  350.083455][ T5968] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.168003][ T5968] usb 2-1: Product: syz
[  350.244542][ T5968] usb 2-1: Manufacturer: syz
[  350.280243][ T5968] usb 2-1: SerialNumber: syz
[  351.138737][ T5968] usb 2-1: config 0 descriptor??
[  351.168612][ T5968] hub 2-1:0.248: bad descriptor, ignoring hub
[  351.185741][ T5968] hub 2-1:0.248: probe with driver hub failed with error -5
[  351.430054][ T8247] loop7: detected capacity change from 0 to 16384
[  351.671440][ T8247] kvm: kvm [8246]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x85
[  351.832309][ T8247] netlink: 8 bytes leftover after parsing attributes in process `syz.1.639'.
[  351.887873][ T8247] netlink: 24 bytes leftover after parsing attributes in process `syz.1.639'.
[  352.697335][ T8292] syz.2.651: attempt to access beyond end of device
[  352.697335][ T8292] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  352.991273][ T1209] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  354.581911][ T1209] usb 5-1: Using ep0 maxpacket: 32
[  354.606271][ T1209] usb 5-1: config 0 has an invalid interface number: 230 but max is 0
[  354.623488][ T1209] usb 5-1: config 0 has no interface number 0
[  354.674879][ T1209] usb 5-1: config 0 interface 230 has no altsetting 0
[  354.708987][ T1209] usb 5-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  354.751819][ T1209] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.008811][ T1209] usb 5-1: Product: syz
[  355.027055][ T1209] usb 5-1: Manufacturer: syz
[  355.035297][ T1209] usb 5-1: SerialNumber: syz
[  355.751495][ T1209] usb 5-1: config 0 descriptor??
[  355.799095][ T8314] netlink: 68 bytes leftover after parsing attributes in process `syz.2.659'.
[  355.864374][ T1209] usb 5-1: can't set config #0, error -71
[  355.895506][ T1209] usb 5-1: USB disconnect, device number 9
[  356.633786][ T5968] usb 2-1: USB disconnect, device number 10
[  356.739973][ T5851] udevd[5851]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.248/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  358.251075][ T8339] syz.1.666: attempt to access beyond end of device
[  358.251075][ T8339] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  359.145336][ T8343] netlink: 68 bytes leftover after parsing attributes in process `syz.3.667'.
[  360.351057][ T5968] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  360.574247][ T8353] input: syz1 as /devices/virtual/input/input15
[  360.642551][ T8353] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  361.228265][ T8350] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  361.273247][ T5968] usb 5-1: Using ep0 maxpacket: 32
[  361.339838][ T5968] usb 5-1: config 0 has an invalid interface number: 230 but max is 0
[  361.369952][ T5968] usb 5-1: config 0 has no interface number 0
[  361.394179][ T5968] usb 5-1: config 0 interface 230 has no altsetting 0
[  361.414180][ T5968] usb 5-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  361.451070][ T5968] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.459140][ T5968] usb 5-1: Product: syz
[  361.540526][ T5968] usb 5-1: Manufacturer: syz
[  361.590924][ T5968] usb 5-1: SerialNumber: syz
[  361.635717][ T5968] usb 5-1: config 0 descriptor??
[  361.672091][ T5968] ums-usbat 5-1:0.230: USB Mass Storage device detected
[  361.716514][ T5968] ums-usbat 5-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  362.636512][ T8365] netlink: 100 bytes leftover after parsing attributes in process `syz.0.675'.
[  362.659291][ T8365] netlink: 24 bytes leftover after parsing attributes in process `syz.0.675'.
[  362.976303][ T5968] ums-usbat 5-1:0.230: probe with driver ums-usbat failed with error -5
[  363.014789][ T8370] comedi comedi2: multiq3: I/O port conflict (0x40,16)
[  363.027701][ T8370] netlink: 24 bytes leftover after parsing attributes in process `syz.3.676'.
[  363.230787][ T5968] usb 5-1: USB disconnect, device number 10
[  363.787031][ T5851] udevd[5851]: failed to send result of seq 13016 to main daemon: Connection refused
[  363.862745][ T8380] netlink: 68 bytes leftover after parsing attributes in process `syz.1.680'.
[  365.478561][   T30] kauditd_printk_skb: 62 callbacks suppressed
[  365.478581][   T30] audit: type=1800 audit(1753703965.120:146): pid=8394 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.684" name="file1" dev="overlay" ino=760 res=0 errno=0
[  365.522455][ T8395] FAULT_INJECTION: forcing a failure.
[  365.522455][ T8395] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  365.590630][ T8395] CPU: 1 UID: 0 PID: 8395 Comm: syz.2.685 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  365.590661][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  365.590673][ T8395] Call Trace:
[  365.590681][ T8395]  <TASK>
[  365.590690][ T8395]  dump_stack_lvl+0x189/0x250
[  365.590720][ T8395]  ? __pfx____ratelimit+0x10/0x10
[  365.590742][ T8395]  ? __pfx_dump_stack_lvl+0x10/0x10
[  365.590764][ T8395]  ? __pfx__printk+0x10/0x10
[  365.590791][ T8395]  ? __might_fault+0xb0/0x130
[  365.590829][ T8395]  should_fail_ex+0x414/0x560
[  365.590872][ T8395]  _copy_from_user+0x2d/0xb0
[  365.590900][ T8395]  do_sys_poll+0x242/0x1070
[  365.590951][ T8395]  ? __pfx_do_sys_poll+0x10/0x10
[  365.591056][ T8395]  ? rcu_read_lock_any_held+0xb3/0x120
[  365.591080][ T8395]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  365.591143][ T8395]  ? set_user_sigmask+0xc7/0x1b0
[  365.591165][ T8395]  ? __pfx_set_user_sigmask+0x10/0x10
[  365.591199][ T8395]  __se_sys_ppoll+0x1ff/0x260
[  365.591225][ T8395]  ? __pfx___se_sys_ppoll+0x10/0x10
[  365.591246][ T8395]  ? __pfx_ksys_write+0x10/0x10
[  365.591267][ T8395]  ? __secure_computing+0xe2/0x2a0
[  365.591292][ T8395]  ? __x64_sys_ppoll+0x20/0xc0
[  365.591316][ T8395]  do_syscall_64+0xfa/0x3b0
[  365.591340][ T8395]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.591358][ T8395]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  365.591377][ T8395]  ? clear_bhb_loop+0x60/0xb0
[  365.591403][ T8395]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.591422][ T8395] RIP: 0033:0x7f6186b8e9a9
[  365.591440][ T8395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.591458][ T8395] RSP: 002b:00007f6187a48038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  365.591481][ T8395] RAX: ffffffffffffffda RBX: 00007f6186db5fa0 RCX: 00007f6186b8e9a9
[  365.591496][ T8395] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  365.591509][ T8395] RBP: 00007f6187a48090 R08: 0000000000000000 R09: 0000000000000000
[  365.591521][ T8395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.591534][ T8395] R13: 0000000000000000 R14: 00007f6186db5fa0 R15: 00007ffc77155158
[  365.591567][ T8395]  </TASK>
[  365.810476][    C1] vkms_vblank_simulate: vblank timer overrun
[  367.430501][ T8416] kvm: user requested TSC rate below hardware speed
[  369.236206][ T8427] netlink: 20 bytes leftover after parsing attributes in process `syz.0.694'.
[  369.319289][ T8435] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[  378.704593][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  378.711109][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  440.145356][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  440.151900][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  462.922935][   T30] audit: type=1800 audit(1753704062.580:147): pid=8443 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.698" name="file1" dev="overlay" ino=713 res=0 errno=0
[  463.984940][ T1209] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  464.245729][ T8463] xt_bpf: check failed: parse error
[  464.310885][ T1209] usb 5-1: Using ep0 maxpacket: 32
[  464.319429][ T1209] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  464.328508][ T1209] usb 5-1: too many endpoints for config 0 interface 0 altsetting 5: 69, using maximum allowed: 30
[  464.339438][ T1209] usb 5-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 69
[  464.352667][ T1209] usb 5-1: config 0 interface 0 has no altsetting 1
[  464.438510][ T1209] usb 5-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00
[  464.456260][ T1209] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  464.490550][ T1209] usb 5-1: SerialNumber: syz
[  465.244107][ T1209] usb 5-1: config 0 descriptor??
[  465.257998][ T1209] usb-storage 5-1:0.0: USB Mass Storage device detected
[  465.282965][ T1209] usb-storage 5-1:0.0: Quirks match for vid 152d pid 0539: 4000000
[  465.686535][ T8444] 9pnet_fd: Insufficient options for proto=fd
[  467.607305][ T1615] usb 5-1: USB disconnect, device number 11
[  467.655865][ T8488] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  467.725214][ T8490] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  467.997744][   T30] audit: type=1800 audit(1753704067.650:148): pid=8495 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.711" name="file1" dev="overlay" ino=795 res=0 errno=0
[  468.020679][ T8490] 9pnet_fd: Insufficient options for proto=fd
[  468.556984][ T8506] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  468.558943][ T8507] netlink: 'syz.0.715': attribute type 21 has an invalid length.
[  468.581229][ T8507] netlink: 128 bytes leftover after parsing attributes in process `syz.0.715'.
[  468.617910][ T8506] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  468.639768][ T8507] netlink: 'syz.0.715': attribute type 5 has an invalid length.
[  468.647813][ T8507] netlink: 'syz.0.715': attribute type 6 has an invalid length.
[  468.656024][ T8507] netlink: 3 bytes leftover after parsing attributes in process `syz.0.715'.
[  468.741936][ T8509] netlink: 'syz.0.717': attribute type 83 has an invalid length.
[  468.752728][ T8510] netlink: 'syz.0.717': attribute type 83 has an invalid length.
[  469.773082][ T8519] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  470.304334][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout
[  471.429869][ T8535] lo speed is unknown, defaulting to 1000
[  471.436496][ T8535] lo speed is unknown, defaulting to 1000
[  471.450751][ T8535] lo speed is unknown, defaulting to 1000
[  471.483484][ T8535] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  471.573845][ T8535] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  471.596923][   T30] audit: type=1800 audit(1753704071.250:149): pid=8528 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.723" name="file1" dev="overlay" ino=875 res=0 errno=0
[  471.742070][ T8535] lo speed is unknown, defaulting to 1000
[  471.750442][ T8535] lo speed is unknown, defaulting to 1000
[  471.761153][ T8535] lo speed is unknown, defaulting to 1000
[  471.769234][ T8535] lo speed is unknown, defaulting to 1000
[  471.777263][ T8535] lo speed is unknown, defaulting to 1000
[  472.217547][ T8553] netlink: 8 bytes leftover after parsing attributes in process `syz.3.729'.
[  474.731141][ T5968] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  474.991802][ T5968] usb 4-1: Using ep0 maxpacket: 16
[  475.118816][ T5968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  475.330094][ T5968] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  475.389419][ T5968] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.397718][ T5968] usb 4-1: Product: syz
[  475.420867][ T5968] usb 4-1: Manufacturer: syz
[  475.440837][ T5968] usb 4-1: SerialNumber: syz
[  475.482017][ T5968] usb 4-1: config 0 descriptor??
[  475.562963][ T8547] warn_alloc: 1 callbacks suppressed
[  475.562985][ T8547] syz.4.728: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  475.651082][ T8547] CPU: 1 UID: 0 PID: 8547 Comm: syz.4.728 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  475.651113][ T8547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  475.651126][ T8547] Call Trace:
[  475.651134][ T8547]  <TASK>
[  475.651143][ T8547]  dump_stack_lvl+0x189/0x250
[  475.651177][ T8547]  ? __pfx_dump_stack_lvl+0x10/0x10
[  475.651202][ T8547]  ? __pfx__printk+0x10/0x10
[  475.651230][ T8547]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  475.651258][ T8547]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  475.651286][ T8547]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  475.651316][ T8547]  warn_alloc+0x214/0x310
[  475.651357][ T8547]  ? __pfx_warn_alloc+0x10/0x10
[  475.651393][ T8547]  ? __get_vm_area_node+0x28f/0x300
[  475.651417][ T8547]  ? translate_table+0x198/0x2000
[  475.651450][ T8547]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  475.651508][ T8547]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  475.651538][ T8547]  ? rcu_is_watching+0x15/0xb0
[  475.651563][ T8547]  ? translate_table+0x198/0x2000
[  475.651589][ T8547]  ? translate_table+0x198/0x2000
[  475.651613][ T8547]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  475.651636][ T8547]  ? translate_table+0x198/0x2000
[  475.651660][ T8547]  ? xt_alloc_table_info+0x3b/0xa0
[  475.651690][ T8547]  translate_table+0x198/0x2000
[  475.651735][ T8547]  ? __lock_acquire+0xab9/0xd20
[  475.651761][ T8547]  ? __pfx_translate_table+0x10/0x10
[  475.651789][ T8547]  ? __might_fault+0xb0/0x130
[  475.651830][ T8547]  ? _copy_from_user+0x94/0xb0
[  475.651866][ T8547]  do_ipt_set_ctl+0x967/0xcd0
[  475.651902][ T8547]  ? rcu_is_watching+0x15/0xb0
[  475.651923][ T8547]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  475.651973][ T8547]  ? __pfx___mutex_lock+0x10/0x10
[  475.652000][ T8547]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  475.652042][ T8547]  nf_setsockopt+0x26c/0x290
[  475.652073][ T8547]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  475.652100][ T8547]  do_sock_setsockopt+0x179/0x1b0
[  475.652132][ T8547]  __x64_sys_setsockopt+0x13f/0x1b0
[  475.652166][ T8547]  do_syscall_64+0xfa/0x3b0
[  475.652194][ T8547]  ? lockdep_hardirqs_on+0x9c/0x150
[  475.652215][ T8547]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.652235][ T8547]  ? clear_bhb_loop+0x60/0xb0
[  475.652260][ T8547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.652279][ T8547] RIP: 0033:0x7ff0f678e9a9
[  475.652298][ T8547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  475.652316][ T8547] RSP: 002b:00007ff0f7617038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  475.652338][ T8547] RAX: ffffffffffffffda RBX: 00007ff0f69b5fa0 RCX: 00007ff0f678e9a9
[  475.652362][ T8547] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000006
[  475.652375][ T8547] RBP: 00007ff0f6810d69 R08: 00000000000004c8 R09: 0000000000000000
[  475.652388][ T8547] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  475.652399][ T8547] R13: 0000000000000000 R14: 00007ff0f69b5fa0 R15: 00007ffc19841b38
[  475.652432][ T8547]  </TASK>
[  475.652840][ T8547] Mem-Info:
[  475.737311][ T8570] netlink: 'syz.3.734': attribute type 3 has an invalid length.
[  475.777999][ T8547] active_anon:257 inactive_anon:11726 isolated_anon:0
[  475.777999][ T8547]  active_file:14209 inactive_file:39396 isolated_file:0
[  475.777999][ T8547]  unevictable:768 dirty:120 writeback:0
[  475.777999][ T8547]  slab_reclaimable:10170 slab_unreclaimable:100923
[  475.777999][ T8547]  mapped:29706 shmem:8276 pagetables:996
[  475.777999][ T8547]  sec_pagetables:0 bounce:0
[  475.777999][ T8547]  kernel_misc_reclaimable:0
[  475.777999][ T8547]  free:1273405 free_pcp:32232 free_cma:0
[  475.780277][ T8576] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  475.793695][ T8547] Node 0 active_anon:1028kB inactive_anon:47004kB active_file:56636kB inactive_file:157584kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118824kB dirty:480kB writeback:0kB shmem:31568kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12240kB pagetables:3884kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  475.841612][ T8570] netlink: 'syz.3.734': attribute type 3 has an invalid length.
[  475.892257][ T8547] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:100kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  476.104809][ T8547] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  476.142493][ T8547] lowmem_reserve[]: 0 2500 2502 2502 2502
[  476.148439][ T8547] Node 0 DMA32 free:1173836kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1024kB inactive_anon:36176kB active_file:54864kB inactive_file:157516kB unevictable:1536kB writepending:516kB present:3129332kB managed:2560996kB mlocked:0kB bounce:0kB free_pcp:117524kB local_pcp:47380kB free_cma:0kB
[  476.295710][ T8547] lowmem_reserve[]: 0 0 1 1 1
[  476.336078][ T8547] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1772kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  476.441022][ T8547] lowmem_reserve[]: 0 0 0 0 0
[  476.469119][ T8547] Node 1 Normal free:3908816kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:13184kB local_pcp:5856kB free_cma:0kB
[  476.521335][ T8582] vti0: entered promiscuous mode
[  476.533189][ T8582] vti0: entered allmulticast mode
[  476.584909][ T8547] lowmem_reserve[]: 0 0 0 0 0
[  476.591958][ T8547] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  476.609916][ T8547] Node 0 DMA32: 751*4kB (UME) 311*8kB (UME) 614*16kB (UME) 322*32kB (UME) 262*64kB (UME) 52*128kB (UME) 19*256kB (UM) 11*512kB (UME) 7*1024kB (UME) 5*2048kB (UME) 271*4096kB (UM) = 1186964kB
[  476.677599][ T8547] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  476.704220][ T8547] Node 1 Normal: 186*4kB (UME) 43*8kB (UME) 35*16kB (UME) 139*32kB (UME) 50*64kB (UME) 7*128kB (UME) 3*256kB (ME) 5*512kB (UME) 4*1024kB (UME) 2*2048kB (UE) 949*4096kB (M) = 3908816kB
[  476.725706][ T8547] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  476.737017][ T8547] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  476.752907][ T8547] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  476.766142][ T8547] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  476.778158][ T8547] 54981 total pagecache pages
[  476.787708][ T8547] 0 pages in swap cache
[  476.793699][ T8547] Free swap  = 124996kB
[  476.798127][ T8547] Total swap = 124996kB
[  476.815550][ T8547] 2097051 pages RAM
[  476.819721][ T8547] 0 pages HighMem/MovableOnly
[  476.927699][ T7610] usb 4-1: USB disconnect, device number 7
[  476.931214][ T8589] netlink: 4 bytes leftover after parsing attributes in process `syz.1.738'.
[  476.992391][ T8547] 424695 pages reserved
[  477.001590][ T8547] 0 pages cma reserved
[  477.902714][   T30] audit: type=1800 audit(1753704077.560:150): pid=8592 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.739" name="file1" dev="overlay" ino=913 res=0 errno=0
[  479.030327][ T5849] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  479.039742][ T5849] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  479.049159][ T5849] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  479.065472][ T5849] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  479.073611][ T5849] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  479.082076][ T8603] tap0: tun_chr_ioctl cmd 2147767506
[  479.260063][ T8605] msdos: Unknown parameter 'd5�zu7e�xh�i�sVC�"D����<�&'�����>Yak�d�!�c��b��m��$��.[o����'
[  479.574817][ T8601] lo speed is unknown, defaulting to 1000
[  479.576373][   T30] audit: type=1326 audit(1753704079.230:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8606 comm="syz.3.744" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x0
[  479.951358][ T7580] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  479.987586][ T8601] chnl_net:caif_netlink_parms(): no params data found
[  480.123353][ T7580] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  480.211061][ T7580] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  480.233942][ T7580] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  481.020071][ T7580] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.075566][ T8609] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  481.085270][ T7580] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  481.151122][ T5849] Bluetooth: hci5: command tx timeout
[  481.729067][ T8609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.737680][ T8609] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  481.768011][ T8601] bridge0: port 1(bridge_slave_0) entered blocking state
[  481.781444][ T8601] bridge0: port 1(bridge_slave_0) entered disabled state
[  482.311074][ T8601] bridge_slave_0: entered allmulticast mode
[  482.355545][ T8601] bridge_slave_0: entered promiscuous mode
[  482.390701][ T8601] bridge0: port 2(bridge_slave_1) entered blocking state
[  482.423223][ T8601] bridge0: port 2(bridge_slave_1) entered disabled state
[  482.436678][ T8601] bridge_slave_1: entered allmulticast mode
[  482.462168][ T8601] bridge_slave_1: entered promiscuous mode
[  482.646113][ T8601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  483.191948][ T5849] Bluetooth: hci5: command tx timeout
[  483.466180][ T1209] usb 4-1: USB disconnect, device number 8
[  483.488896][ T8601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  483.594647][   T30] audit: type=1800 audit(1753704083.250:152): pid=8640 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.750" name="file1" dev="overlay" ino=853 res=0 errno=0
[  483.654827][ T8601] team0: Port device team_slave_0 added
[  483.977997][ T8642] veth2: entered promiscuous mode
[  483.994327][ T8642] veth2: entered allmulticast mode
[  484.228839][ T8601] team0: Port device team_slave_1 added
[  484.593313][ T8601] batman_adv: batadv0: Adding interface: batadv_slave_0
[  484.622544][ T8601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  484.664793][ T8601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  484.711316][ T8601] batman_adv: batadv0: Adding interface: batadv_slave_1
[  484.718832][ T8601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  484.761527][ T8601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  484.948424][ T8661] netlink: 4 bytes leftover after parsing attributes in process `syz.0.757'.
[  485.610940][ T5849] Bluetooth: hci5: command tx timeout
[  486.226093][ T8601] hsr_slave_0: entered promiscuous mode
[  486.243708][ T8601] hsr_slave_1: entered promiscuous mode
[  486.270968][ T8601] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  486.315872][ T8601] Cannot create hsr debugfs directory
[  486.838728][ T8678] netlink: 12 bytes leftover after parsing attributes in process `syz.3.765'.
[  487.661357][ T5849] Bluetooth: hci5: command tx timeout
[  487.875577][ T8601] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  487.974681][ T8601] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  488.652020][ T8601] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  488.708923][ T8601] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  489.193163][   T30] audit: type=1326 audit(1753704088.850:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8704 comm="syz.4.773" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff0f678e9a9 code=0x0
[  489.275751][ T8601] 8021q: adding VLAN 0 to HW filter on device bond0
[  489.524270][ T8601] 8021q: adding VLAN 0 to HW filter on device team0
[  489.784139][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state
[  489.791367][ T5943] bridge0: port 1(bridge_slave_0) entered forwarding state
[  490.008955][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  490.017062][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  491.383578][ T8601] 8021q: adding VLAN 0 to HW filter on device batadv0
[  494.408474][ T8601] veth0_vlan: entered promiscuous mode
[  494.455406][ T8601] veth1_vlan: entered promiscuous mode
[  494.501447][ T8758] netlink: 4 bytes leftover after parsing attributes in process `syz.3.783'.
[  494.582613][ T8601] veth0_macvtap: entered promiscuous mode
[  494.615760][ T8601] veth1_macvtap: entered promiscuous mode
[  494.724870][ T8601] batman_adv: batadv0: Interface activated: batadv_slave_0
[  495.753654][ T8601] batman_adv: batadv0: Interface activated: batadv_slave_1
[  495.775361][ T8601] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  495.826395][ T8601] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  495.836313][ T8601] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  495.845724][ T8601] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  495.878157][ T8764] netlink: 'syz.1.785': attribute type 22 has an invalid length.
[  495.952332][ T8766] FAULT_INJECTION: forcing a failure.
[  495.952332][ T8766] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  495.972394][ T8764] netlink: 4 bytes leftover after parsing attributes in process `syz.1.785'.
[  496.035286][ T8766] CPU: 1 UID: 0 PID: 8766 Comm: syz.4.786 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  496.035315][ T8766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  496.035327][ T8766] Call Trace:
[  496.035336][ T8766]  <TASK>
[  496.035345][ T8766]  dump_stack_lvl+0x189/0x250
[  496.035374][ T8766]  ? __pfx____ratelimit+0x10/0x10
[  496.035397][ T8766]  ? __pfx_dump_stack_lvl+0x10/0x10
[  496.035419][ T8766]  ? __pfx__printk+0x10/0x10
[  496.035445][ T8766]  ? __might_fault+0xb0/0x130
[  496.035478][ T8766]  should_fail_ex+0x414/0x560
[  496.035505][ T8766]  _copy_from_user+0x2d/0xb0
[  496.035534][ T8766]  ___sys_recvmsg+0x12e/0x510
[  496.035561][ T8766]  ? __pfx____sys_recvmsg+0x10/0x10
[  496.035609][ T8766]  ? __pfx_vfs_write+0x10/0x10
[  496.035639][ T8766]  __x64_sys_recvmsg+0x198/0x260
[  496.035661][ T8766]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  496.035692][ T8766]  ? __pfx_ksys_write+0x10/0x10
[  496.035708][ T8766]  ? rcu_is_watching+0x15/0xb0
[  496.035734][ T8766]  ? do_syscall_64+0xbe/0x3b0
[  496.035759][ T8766]  do_syscall_64+0xfa/0x3b0
[  496.035778][ T8766]  ? lockdep_hardirqs_on+0x9c/0x150
[  496.035799][ T8766]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.035819][ T8766]  ? clear_bhb_loop+0x60/0xb0
[  496.035845][ T8766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.035863][ T8766] RIP: 0033:0x7ff0f678e9a9
[  496.035891][ T8766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  496.035907][ T8766] RSP: 002b:00007ff0f7617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  496.035929][ T8766] RAX: ffffffffffffffda RBX: 00007ff0f69b5fa0 RCX: 00007ff0f678e9a9
[  496.035943][ T8766] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000003
[  496.035956][ T8766] RBP: 00007ff0f7617090 R08: 0000000000000000 R09: 0000000000000000
[  496.035969][ T8766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  496.035980][ T8766] R13: 0000000000000000 R14: 00007ff0f69b5fa0 R15: 00007ffc19841b38
[  496.036010][ T8766]  </TASK>
[  496.043852][ T8764] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  496.251302][ T8764] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  496.259551][ T8764] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  496.267747][ T8764] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  496.291283][ T8764] netlink: 'syz.1.785': attribute type 22 has an invalid length.
[  496.351579][ T5943] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  496.359464][ T5943] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  496.376954][ T8764] netlink: 4 bytes leftover after parsing attributes in process `syz.1.785'.
[  496.448976][ T5943] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  496.478753][ T5943] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  499.200939][ T7610] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  499.460970][ T7610] usb 6-1: Using ep0 maxpacket: 16
[  499.478193][ T7610] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  499.521313][ T7610] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  499.591926][ T7610] usb 6-1: config 0 interface 0 has no altsetting 0
[  499.636257][ T7610] usb 6-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  499.871000][ T7610] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.899236][ T7610] usb 6-1: config 0 descriptor??
[  501.145507][ T7610] hid (null): invalid report_size 26978
[  501.604908][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  501.611717][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  502.028849][ T7610] cougar 0003:060B:500A.0003: unexpected long global item
[  502.097976][ T7610] cougar 0003:060B:500A.0003: parse failed
[  502.114628][ T7610] cougar 0003:060B:500A.0003: probe with driver cougar failed with error -22
[  502.166320][ T7610] usb 6-1: USB disconnect, device number 2
[  502.401037][ T8806] netlink: 24 bytes leftover after parsing attributes in process `syz.4.797'.
[  502.421510][ T8806] bond0: invalid ARP target 0.0.0.0 specified for addition
[  502.441127][ T8806] bond0: option arp_ip_target: invalid value (0)
[  503.454663][ T8821] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  504.142457][ T8822] xt_hashlimit: size too large, truncated to 1048576
[  504.560922][ T7580] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  505.696598][ T7580] usb 2-1: Using ep0 maxpacket: 8
[  505.746883][ T7580] usb 2-1: unable to get BOS descriptor or descriptor too short
[  505.775256][ T7580] usb 2-1: config 4 has an invalid interface number: 147 but max is 0
[  505.801046][ T7580] usb 2-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[  505.824237][ T8833] overlayfs: missing 'lowerdir'
[  505.832474][ T7580] usb 2-1: config 4 has no interface number 0
[  506.039627][ T7580] usb 2-1: string descriptor 0 read error: -22
[  506.106402][ T7580] usb 2-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  506.281063][ T7580] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.296928][ T7580] usb 2-1: Found UVC 0.02 device <unnamed> (04f2:b746)
[  506.307163][ T7580] usb 2-1: No valid video chain found.
[  506.370258][ T7580] usb 2-1: USB disconnect, device number 11
[  506.990871][ T5968] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  507.509232][ T5968] usb 4-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  508.211918][ T5968] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  508.448731][ T5968] usb 4-1: Product: syz
[  508.460841][ T5968] usb 4-1: Manufacturer: syz
[  508.469852][ T5968] usb 4-1: SerialNumber: syz
[  508.671179][ T5968] usb 4-1: config 0 descriptor??
[  509.117080][ T8865] syz.0.812: attempt to access beyond end of device
[  509.117080][ T8865] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  509.766175][ T5968] cx82310_eth 4-1:0.0: probe with driver cx82310_eth failed with error -22
[  509.924515][ T5968] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19!
[  509.995735][ T5968] usb 4-1: USB disconnect, device number 9
[  510.361416][ T5968] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  510.534456][ T5968] usb 4-1: Using ep0 maxpacket: 16
[  510.555755][ T5968] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  510.681472][ T5968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  510.846700][ T5968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  510.943911][ T5968] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  511.146336][ T5968] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  511.199350][ T5968] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  511.209069][ T5968] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  511.257026][ T8888] netlink: 'syz.5.820': attribute type 4 has an invalid length.
[  511.264934][ T8888] netlink: 'syz.5.820': attribute type 4 has an invalid length.
[  511.272764][ T8888] netlink: 'syz.5.820': attribute type 5 has an invalid length.
[  511.348352][ T5968] usb 4-1: Manufacturer: syz
[  511.942602][ T5968] usb 4-1: config 0 descriptor??
[  513.017571][ T5968] rc_core: IR keymap rc-hauppauge not found
[  513.108709][ T5968] Registered IR keymap rc-empty
[  513.194773][ T5968] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  513.245270][ T5968] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  513.450512][ T5968] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  513.477100][ T5968] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input16
[  513.527631][ T5968] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  513.551309][ T5968] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  513.582393][ T5968] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  513.851658][ T8909] syz.4.825: attempt to access beyond end of device
[  513.851658][ T8909] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  514.686631][ T5968] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  514.817540][ T5968] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  514.888287][ T5968] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  514.930956][ T5968] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  514.932818][ T8911] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  514.973219][ T5968] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  514.991172][ T5968] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  515.075123][ T5968] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  515.123254][ T5968] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[  515.134543][ T5968] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  515.176971][ T5968] usb 4-1: USB disconnect, device number 10
[  516.030544][ T5968] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  517.350531][ T8922] macvlan2: entered allmulticast mode
[  517.450940][ T8922] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode
[  517.530601][ T8922] mac80211_hwsim hwsim9 wlan1: left allmulticast mode
[  519.206993][ T8941] random: crng reseeded on system resumption
[  520.168707][ T8954] netlink: 36 bytes leftover after parsing attributes in process `syz.1.837'.
[  520.179400][ T8954] FAULT_INJECTION: forcing a failure.
[  520.179400][ T8954] name failslab, interval 1, probability 0, space 0, times 0
[  520.192663][ T8954] CPU: 1 UID: 0 PID: 8954 Comm: syz.1.837 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  520.192691][ T8954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  520.192704][ T8954] Call Trace:
[  520.192713][ T8954]  <TASK>
[  520.192721][ T8954]  dump_stack_lvl+0x189/0x250
[  520.192751][ T8954]  ? __pfx____ratelimit+0x10/0x10
[  520.192775][ T8954]  ? __pfx_dump_stack_lvl+0x10/0x10
[  520.192799][ T8954]  ? __pfx__printk+0x10/0x10
[  520.192833][ T8954]  ? __pfx___might_resched+0x10/0x10
[  520.192855][ T8954]  ? fs_reclaim_acquire+0x7d/0x100
[  520.192886][ T8954]  should_fail_ex+0x414/0x560
[  520.192914][ T8954]  should_failslab+0xa8/0x100
[  520.192939][ T8954]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  520.192961][ T8954]  ? __alloc_skb+0x112/0x2d0
[  520.193005][ T8954]  __alloc_skb+0x112/0x2d0
[  520.193038][ T8954]  netlink_ack+0x146/0xa50
[  520.193074][ T8954]  ? __pfx___mutex_trylock_common+0x10/0x10
[  520.193122][ T8954]  netlink_rcv_skb+0x28c/0x470
[  520.193151][ T8954]  ? __pfx_crypto_user_rcv_msg+0x10/0x10
[  520.193178][ T8954]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  520.193222][ T8954]  ? netlink_deliver_tap+0x2e/0x1b0
[  520.193249][ T8954]  ? netlink_deliver_tap+0x2e/0x1b0
[  520.193282][ T8954]  crypto_netlink_rcv+0x2a/0x40
[  520.193303][ T8954]  netlink_unicast+0x75c/0x8e0
[  520.193343][ T8954]  netlink_sendmsg+0x805/0xb30
[  520.193383][ T8954]  ? __pfx_netlink_sendmsg+0x10/0x10
[  520.193414][ T8954]  ? trace_irq_disable+0x37/0x110
[  520.193447][ T8954]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  520.193468][ T8954]  ? __pfx_netlink_sendmsg+0x10/0x10
[  520.193498][ T8954]  __sock_sendmsg+0x21c/0x270
[  520.193527][ T8954]  ____sys_sendmsg+0x505/0x830
[  520.193565][ T8954]  ? __pfx_____sys_sendmsg+0x10/0x10
[  520.193608][ T8954]  ? import_iovec+0x74/0xa0
[  520.193641][ T8954]  ___sys_sendmsg+0x21f/0x2a0
[  520.193675][ T8954]  ? __pfx____sys_sendmsg+0x10/0x10
[  520.193749][ T8954]  ? __fget_files+0x2a/0x420
[  520.193772][ T8954]  ? __fget_files+0x3a0/0x420
[  520.193808][ T8954]  __x64_sys_sendmsg+0x19b/0x260
[  520.193842][ T8954]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  520.193896][ T8954]  ? do_syscall_64+0xbe/0x3b0
[  520.193923][ T8954]  do_syscall_64+0xfa/0x3b0
[  520.193947][ T8954]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.193975][ T8954]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  520.193994][ T8954]  ? clear_bhb_loop+0x60/0xb0
[  520.194020][ T8954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.194039][ T8954] RIP: 0033:0x7fcd2e98e9a9
[  520.194059][ T8954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  520.194077][ T8954] RSP: 002b:00007fcd2c7d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  520.194099][ T8954] RAX: ffffffffffffffda RBX: 00007fcd2ebb6160 RCX: 00007fcd2e98e9a9
[  520.194114][ T8954] RDX: 00000000200080c0 RSI: 00002000000001c0 RDI: 0000000000000005
[  520.194128][ T8954] RBP: 00007fcd2c7d5090 R08: 0000000000000000 R09: 0000000000000000
[  520.194140][ T8954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  520.194152][ T8954] R13: 0000000000000000 R14: 00007fcd2ebb6160 R15: 00007fff4779c568
[  520.194187][ T8954]  </TASK>
[  521.163432][ T8965] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf
[  521.958433][ T8976] overlayfs: missing 'lowerdir'
[  522.070914][ T7610] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  522.256635][ T7610] usb 6-1: Using ep0 maxpacket: 16
[  522.347922][ T7610] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 11
[  522.381410][ T7610] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  522.395856][ T7610] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  522.410907][ T7610] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  522.424535][ T7610] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  522.435240][ T7610] usb 6-1: config 1 interface 0 has no altsetting 0
[  522.442402][ T7610] usb 6-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  522.452591][ T7610] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  522.681471][ T5849] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  522.682337][   T51] Bluetooth: hci6: command 0x1003 tx timeout
[  522.729964][ T7610] ums-sddr09 6-1:1.0: USB Mass Storage device detected
[  523.030986][ T7610] scsi host1: usb-storage 6-1:1.0
[  523.324265][ T7610] usb 6-1: USB disconnect, device number 3
[  524.489764][ T9001] binder: 8999:9001 ioctl c00c6211 ffffffffffffffff returned -14
[  524.751388][ T5968] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  524.920984][ T5968] usb 6-1: Using ep0 maxpacket: 16
[  524.938868][ T5968] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[  524.967703][ T5968] usb 6-1: config 0 has no interface number 0
[  524.989307][ T5968] usb 6-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  525.034834][ T5968] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  525.073667][ T5968] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  525.123239][ T5968] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  525.141705][ T5968] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  525.162410][ T5968] usb 6-1: Product: syz
[  525.171838][ T9015] overlayfs: missing 'lowerdir'
[  525.177226][ T5968] usb 6-1: SerialNumber: syz
[  525.204885][ T5968] usb 6-1: config 0 descriptor??
[  525.238555][ T5968] cm109 6-1:0.8: invalid payload size 0, expected 4
[  525.291827][ T5968] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.8/input/input17
[  525.436811][ T9001] overlayfs: missing 'lowerdir'
[  525.579652][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  525.588921][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  525.596180][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  525.603665][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  525.610890][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  525.618047][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  525.625247][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  525.632523][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  525.639654][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  525.646857][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  525.655110][ T9022] netlink: 24 bytes leftover after parsing attributes in process `syz.3.858'.
[  525.696611][ T5968] usb 6-1: USB disconnect, device number 4
[  525.696685][    C0] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  525.894075][ T5968] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  528.320276][ T1615] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  529.046166][ T1615] usb 2-1: Using ep0 maxpacket: 16
[  529.063799][ T1615] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 11
[  529.100520][ T1615] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  529.139178][ T1615] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  529.170202][ T1615] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  529.216367][ T1615] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  529.243012][ T9050] can0: slcan on pty26.
[  529.251525][ T1615] usb 2-1: config 1 interface 0 has no altsetting 0
[  529.258428][ T1615] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  529.286594][ T1615] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.335362][ T1615] ums-sddr09 2-1:1.0: USB Mass Storage device detected
[  529.541635][ T1615] scsi host1: usb-storage 2-1:1.0
[  529.968520][ T9059] kvm: user requested TSC rate below hardware speed
[  530.992094][   T13] scsi 1:0:0:0: Direct-Access     Sandisk  ImageMate SDDR09 0177 PQ: 0 ANSI: 0
[  531.423789][ T9049] can0 (unregistered): slcan off pty26.
[  531.552660][ T9065] overlayfs: missing 'lowerdir'
[  531.561990][   T13] sd 1:0:0:0: Attached scsi generic sg1 type 0
[  531.862858][ T9069] FAULT_INJECTION: forcing a failure.
[  531.862858][ T9069] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  531.908970][ T9069] CPU: 0 UID: 0 PID: 9069 Comm: syz.4.871 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  531.909000][ T9069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  531.909012][ T9069] Call Trace:
[  531.909021][ T9069]  <TASK>
[  531.909031][ T9069]  dump_stack_lvl+0x189/0x250
[  531.909060][ T9069]  ? __pfx____ratelimit+0x10/0x10
[  531.909082][ T9069]  ? __pfx_dump_stack_lvl+0x10/0x10
[  531.909105][ T9069]  ? __pfx__printk+0x10/0x10
[  531.909136][ T9069]  ? get_sigframe+0x596/0x7d0
[  531.909174][ T9069]  should_fail_ex+0x414/0x560
[  531.909201][ T9069]  _copy_to_user+0x31/0xb0
[  531.909232][ T9069]  copy_siginfo_to_user+0x22/0xc0
[  531.909257][ T9069]  x64_setup_rt_frame+0x777/0xd40
[  531.909314][ T9069]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  531.909357][ T9069]  arch_do_signal_or_restart+0x3dc/0x750
[  531.909396][ T9069]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  531.909424][ T9069]  ? __se_sys_getdents64+0x24e/0x260
[  531.909474][ T9069]  ? exit_to_user_mode_loop+0x40/0x110
[  531.909499][ T9069]  exit_to_user_mode_loop+0x75/0x110
[  531.909521][ T9069]  do_syscall_64+0x2bd/0x3b0
[  531.909569][ T9069]  ? lockdep_hardirqs_on+0x9c/0x150
[  531.909590][ T9069]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.909610][ T9069]  ? clear_bhb_loop+0x60/0xb0
[  531.909635][ T9069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.909654][ T9069] RIP: 0033:0x7ff0f678e9a9
[  531.909674][ T9069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  531.909692][ T9069] RSP: 002b:00007ff0f7617038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  531.909714][ T9069] RAX: 0000000000000018 RBX: 00007ff0f69b5fa0 RCX: 00007ff0f678e9a9
[  531.909727][ T9069] RDX: 0000000000001007 RSI: 0000200000001f80 RDI: 0000000000000007
[  531.909740][ T9069] RBP: 00007ff0f7617090 R08: 0000000000000000 R09: 0000000000000000
[  531.909753][ T9069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  531.909766][ T9069] R13: 0000000000000000 R14: 00007ff0f69b5fa0 R15: 00007ffc19841b38
[  531.909800][ T9069]  </TASK>
[  532.379001][ T9078] IPVS: set_ctl: invalid protocol: 20551 116.1.0.0:29953
[  533.172711][ T5968] usb 2-1: USB disconnect, device number 12
[  533.217035][ T5943] sd 1:0:0:0: [sdb] Read Capacity(10) failed: Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK
[  533.237767][ T5943] sd 1:0:0:0: [sdb] Sense not available.
[  533.253848][ T5943] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[  533.290883][ T5943] sd 1:0:0:0: [sdb] 0-byte physical blocks
[  533.297706][ T5943] sd 1:0:0:0: [sdb] Write Protect is off
[  533.308077][ T5943] sd 1:0:0:0: [sdb] Asking for cache data failed
[  533.315864][ T5943] sd 1:0:0:0: [sdb] Assuming drive cache: write through
[  533.431076][ T5943] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[  535.245470][ T9102] overlayfs: missing 'lowerdir'
[  535.361013][ T1209] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  535.530855][ T1209] usb 4-1: Using ep0 maxpacket: 16
[  535.571145][ T1209] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11
[  535.601079][ T1209] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  535.640313][ T1209] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  535.659562][ T1209] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  535.675220][ T1209] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  535.692596][ T9109] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  535.710855][ T1209] usb 4-1: config 1 interface 0 has no altsetting 0
[  535.736926][ T1209] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  535.753100][ T1209] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.764614][ T9114] netlink: 'syz.0.884': attribute type 1 has an invalid length.
[  535.772770][ T9114] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  535.781060][ T1209] ums-sddr09 4-1:1.0: USB Mass Storage device detected
[  535.788878][ T9113] kvm: user requested TSC rate below hardware speed
[  536.039402][ T1209] scsi host1: usb-storage 4-1:1.0
[  537.216521][ T5943] scsi 1:0:0:0: Direct-Access     Sandisk  ImageMate SDDR09 0177 PQ: 0 ANSI: 0
[  537.273036][ T5943] sd 1:0:0:0: Attached scsi generic sg1 type 0
[  537.342910][ T7610] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  537.520264][ T7610] usb 1-1: config 0 has an invalid interface number: 248 but max is 0
[  537.530410][ T9135] kvm: kvm [9131]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc1) = 0xffdf0000df51
[  537.546793][ T7610] usb 1-1: config 0 has no interface number 0
[  537.557340][ T9133] "syz.5.889" (9133) uses obsolete ecb(arc4) skcipher
[  537.566954][ T7610] usb 1-1: New USB device found, idVendor=1686, idProduct=00dd, bcdDevice=c4.ff
[  537.577188][ T7607] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  537.585499][ T7610] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.590659][ T1209] usb 4-1: USB disconnect, device number 12
[  537.595396][ T7610] usb 1-1: Product: syz
[  537.604359][ T7610] usb 1-1: Manufacturer: syz
[  537.608999][ T7610] usb 1-1: SerialNumber: syz
[  537.638414][ T7610] usb 1-1: config 0 descriptor??
[  537.645930][ T7610] hub 1-1:0.248: bad descriptor, ignoring hub
[  537.652963][ T7610] hub 1-1:0.248: probe with driver hub failed with error -5
[  537.672566][   T13] sd 1:0:0:0: [sdb] Read Capacity(10) failed: Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK
[  537.705982][   T13] sd 1:0:0:0: [sdb] Sense not available.
[  537.713627][   T13] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[  537.722121][ T7607] usb 5-1: device descriptor read/64, error -71
[  537.723264][   T13] sd 1:0:0:0: [sdb] 0-byte physical blocks
[  537.744007][   T13] sd 1:0:0:0: [sdb] Write Protect is off
[  538.347896][   T13] sd 1:0:0:0: [sdb] Asking for cache data failed
[  538.355377][ T9122] loop7: detected capacity change from 0 to 16384
[  538.375752][   T13] sd 1:0:0:0: [sdb] Assuming drive cache: write through
[  538.402021][ T7607] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  538.498195][   T13] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[  538.540977][ T7607] usb 5-1: device descriptor read/64, error -71
[  538.572334][ T9122] kvm: kvm [9121]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x85
[  538.586130][ T9148] overlayfs: missing 'lowerdir'
[  538.649844][ T9122] netlink: 8 bytes leftover after parsing attributes in process `syz.0.887'.
[  538.671863][ T7607] usb usb5-port1: attempt power cycle
[  538.725443][ T9122] netlink: 24 bytes leftover after parsing attributes in process `syz.0.887'.
[  538.782928][ T9145] blk_print_req_error: 11 callbacks suppressed
[  538.782983][ T9145] I/O error, dev loop7, sector 1536 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2
[  538.855757][ T9145] I/O error, dev loop7, sector 1792 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2
[  539.132624][ T7607] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  539.170555][ T9145] I/O error, dev loop7, sector 1536 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  539.180869][ T9145] buffer_io_error: 10 callbacks suppressed
[  539.180888][ T9145] Buffer I/O error on dev loop7, logical block 192, async page read
[  539.229889][ T9145] I/O error, dev loop7, sector 1544 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  539.269932][ T7607] usb 5-1: device descriptor read/8, error -71
[  539.355698][ T9145] Buffer I/O error on dev loop7, logical block 193, async page read
[  539.395943][ T9145] I/O error, dev loop7, sector 1552 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  539.464742][ T9145] Buffer I/O error on dev loop7, logical block 194, async page read
[  539.498269][ T9145] I/O error, dev loop7, sector 1560 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  539.517240][ T9145] Buffer I/O error on dev loop7, logical block 195, async page read
[  539.539691][ T9145] I/O error, dev loop7, sector 1568 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  539.601125][ T7607] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  539.633854][ T7607] usb 5-1: device descriptor read/8, error -71
[  539.647745][ T9145] Buffer I/O error on dev loop7, logical block 196, async page read
[  539.704570][ T9145] I/O error, dev loop7, sector 1576 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  539.721101][ T1209] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  539.734022][ T9145] Buffer I/O error on dev loop7, logical block 197, async page read
[  539.742988][ T7607] usb usb5-port1: unable to enumerate USB device
[  539.743960][ T9145] I/O error, dev loop7, sector 1584 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  539.760314][ T9145] Buffer I/O error on dev loop7, logical block 198, async page read
[  539.769689][ T9145] I/O error, dev loop7, sector 1592 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  539.807596][ T9145] Buffer I/O error on dev loop7, logical block 199, async page read
[  539.822034][ T9145] Buffer I/O error on dev loop7, logical block 200, async page read
[  539.830388][ T9145] Buffer I/O error on dev loop7, logical block 201, async page read
[  539.930866][ T1209] usb 2-1: Using ep0 maxpacket: 32
[  539.946611][ T1209] usb 2-1: config 168 has an invalid descriptor of length 147, skipping remainder of the config
[  539.983316][ T1209] usb 2-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  539.995321][ T1209] usb 2-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice=b0.c6
[  540.011083][ T1209] usb 2-1: New USB device strings: Mfr=0, Product=34, SerialNumber=0
[  540.020030][ T1209] usb 2-1: Product: syz
[  540.124782][ T7610] usb 1-1: USB disconnect, device number 10
[  540.182829][ T9164] sp0: Synchronizing with TNC
[  540.558407][ T9172] veth3: entered promiscuous mode
[  541.587269][ T5849] Bluetooth: hci5: link tx timeout
[  541.593952][ T5849] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  542.102936][ T7607] usb 2-1: USB disconnect, device number 13
[  542.153436][ T9188] overlayfs: missing 'workdir'
[  543.742937][   T51] Bluetooth: hci5: command 0x0406 tx timeout
[  543.907249][ T9209] netlink: 276 bytes leftover after parsing attributes in process `syz.1.909'.
[  544.119783][ T9221] FAULT_INJECTION: forcing a failure.
[  544.119783][ T9221] name failslab, interval 1, probability 0, space 0, times 0
[  544.132955][ T9221] CPU: 0 UID: 0 PID: 9221 Comm: syz.5.913 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  544.132983][ T9221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  544.132995][ T9221] Call Trace:
[  544.133004][ T9221]  <TASK>
[  544.133013][ T9221]  dump_stack_lvl+0x189/0x250
[  544.133041][ T9221]  ? __pfx____ratelimit+0x10/0x10
[  544.133064][ T9221]  ? __pfx_dump_stack_lvl+0x10/0x10
[  544.133088][ T9221]  ? __pfx__printk+0x10/0x10
[  544.133120][ T9221]  ? __lock_acquire+0xab9/0xd20
[  544.133150][ T9221]  should_fail_ex+0x414/0x560
[  544.133180][ T9221]  should_failslab+0xa8/0x100
[  544.133205][ T9221]  kmem_cache_alloc_noprof+0x73/0x3c0
[  544.133226][ T9221]  ? skb_clone+0x212/0x3a0
[  544.133245][ T9221]  ? __pfx_skb_network_protocol+0x10/0x10
[  544.133270][ T9221]  skb_clone+0x212/0x3a0
[  544.133288][ T9221]  ? dev_queue_xmit_nit+0x25a/0xcc0
[  544.133321][ T9221]  dev_queue_xmit_nit+0x416/0xcc0
[  544.133350][ T9221]  ? dev_queue_xmit_nit+0x2d/0xcc0
[  544.133394][ T9221]  dev_hard_start_xmit+0x1be/0x830
[  544.133437][ T9221]  __dev_queue_xmit+0x1adf/0x3a70
[  544.133460][ T9221]  ? kasan_save_track+0x3e/0x80
[  544.133492][ T9221]  ? __netlink_deliver_tap+0x404/0x850
[  544.133525][ T9221]  ? __dev_queue_xmit+0x27e/0x3a70
[  544.133547][ T9221]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.133585][ T9221]  ? __pfx___dev_queue_xmit+0x10/0x10
[  544.133624][ T9221]  ? __copy_skb_header+0xa7/0x550
[  544.133647][ T9221]  ? __asan_memcpy+0x40/0x70
[  544.133675][ T9221]  ? __skb_clone+0x63/0x7a0
[  544.133710][ T9221]  ? __skb_clone+0x483/0x7a0
[  544.133738][ T9221]  ? skb_clone+0x246/0x3a0
[  544.133763][ T9221]  __netlink_deliver_tap+0x5ad/0x850
[  544.133807][ T9221]  ? netlink_deliver_tap+0x2e/0x1b0
[  544.133837][ T9221]  netlink_deliver_tap+0x19c/0x1b0
[  544.133868][ T9221]  netlink_sendskb+0x68/0x140
[  544.133897][ T9221]  netlink_rcv_skb+0x28c/0x470
[  544.133927][ T9221]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  544.133957][ T9221]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  544.134002][ T9221]  ? netlink_deliver_tap+0x2e/0x1b0
[  544.134029][ T9221]  ? netlink_deliver_tap+0x2e/0x1b0
[  544.134064][ T9221]  netlink_unicast+0x75c/0x8e0
[  544.134104][ T9221]  netlink_sendmsg+0x805/0xb30
[  544.134145][ T9221]  ? __pfx_netlink_sendmsg+0x10/0x10
[  544.134185][ T9221]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  544.134205][ T9221]  ? __pfx_netlink_sendmsg+0x10/0x10
[  544.134234][ T9221]  __sock_sendmsg+0x21c/0x270
[  544.134263][ T9221]  ____sys_sendmsg+0x505/0x830
[  544.134301][ T9221]  ? __pfx_____sys_sendmsg+0x10/0x10
[  544.134343][ T9221]  ? import_iovec+0x74/0xa0
[  544.134376][ T9221]  ___sys_sendmsg+0x21f/0x2a0
[  544.134411][ T9221]  ? __pfx____sys_sendmsg+0x10/0x10
[  544.134485][ T9221]  ? __fget_files+0x2a/0x420
[  544.134509][ T9221]  ? __fget_files+0x3a0/0x420
[  544.134545][ T9221]  __x64_sys_sendmsg+0x19b/0x260
[  544.134581][ T9221]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  544.134624][ T9221]  ? __pfx_ksys_write+0x10/0x10
[  544.134642][ T9221]  ? rcu_is_watching+0x15/0xb0
[  544.134671][ T9221]  ? do_syscall_64+0xbe/0x3b0
[  544.134708][ T9221]  do_syscall_64+0xfa/0x3b0
[  544.134729][ T9221]  ? lockdep_hardirqs_on+0x9c/0x150
[  544.134750][ T9221]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.134770][ T9221]  ? clear_bhb_loop+0x60/0xb0
[  544.134796][ T9221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.134816][ T9221] RIP: 0033:0x7fa3b678e9a9
[  544.134836][ T9221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  544.134854][ T9221] RSP: 002b:00007fa3b752b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  544.134876][ T9221] RAX: ffffffffffffffda RBX: 00007fa3b69b5fa0 RCX: 00007fa3b678e9a9
[  544.134891][ T9221] RDX: 0000000000004000 RSI: 0000200000000000 RDI: 0000000000000007
[  544.134904][ T9221] RBP: 00007fa3b752b090 R08: 0000000000000000 R09: 0000000000000000
[  544.134917][ T9221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  544.134929][ T9221] R13: 0000000000000000 R14: 00007fa3b69b5fa0 R15: 00007ffceea51d78
[  544.134964][ T9221]  </TASK>
[  545.227422][ T9232] syz.0.915: attempt to access beyond end of device
[  545.227422][ T9232] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  545.887621][ T9240] overlayfs: missing 'workdir'
[  546.753793][ T9248] futex_wake_op: syz.5.919 tries to shift op by -1; fix this program
[  546.838057][ T9247] xt_connbytes: Forcing CT accounting to be enabled
[  546.882277][ T9247] Cannot find add_set index 0 as target
[  547.123665][ T9255] binder: 9254:9255 ioctl c0306201 200000000540 returned -22
[  547.459325][ T9263] FAULT_INJECTION: forcing a failure.
[  547.459325][ T9263] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  547.476906][ T9263] CPU: 1 UID: 0 PID: 9263 Comm: syz.1.925 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  547.476936][ T9263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  547.476948][ T9263] Call Trace:
[  547.476957][ T9263]  <TASK>
[  547.476965][ T9263]  dump_stack_lvl+0x189/0x250
[  547.476995][ T9263]  ? __pfx____ratelimit+0x10/0x10
[  547.477018][ T9263]  ? __pfx_dump_stack_lvl+0x10/0x10
[  547.477041][ T9263]  ? __pfx__printk+0x10/0x10
[  547.477068][ T9263]  ? __might_fault+0xb0/0x130
[  547.477103][ T9263]  should_fail_ex+0x414/0x560
[  547.477132][ T9263]  _copy_from_user+0x2d/0xb0
[  547.477161][ T9263]  ___sys_sendmsg+0x158/0x2a0
[  547.477197][ T9263]  ? __pfx____sys_sendmsg+0x10/0x10
[  547.477272][ T9263]  ? __fget_files+0x2a/0x420
[  547.477294][ T9263]  ? __fget_files+0x3a0/0x420
[  547.477330][ T9263]  __x64_sys_sendmsg+0x19b/0x260
[  547.477365][ T9263]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  547.477412][ T9263]  ? rcu_is_watching+0x15/0xb0
[  547.477435][ T9263]  ? trace_sys_enter+0x25/0x120
[  547.477468][ T9263]  do_syscall_64+0xfa/0x3b0
[  547.477490][ T9263]  ? lockdep_hardirqs_on+0x9c/0x150
[  547.477511][ T9263]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.477531][ T9263]  ? clear_bhb_loop+0x60/0xb0
[  547.477557][ T9263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.477576][ T9263] RIP: 0033:0x7fcd2e98e9a9
[  547.477595][ T9263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  547.477613][ T9263] RSP: 002b:00007fcd2f713038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  547.477636][ T9263] RAX: ffffffffffffffda RBX: 00007fcd2ebb5fa0 RCX: 00007fcd2e98e9a9
[  547.477651][ T9263] RDX: 0000000028000010 RSI: 0000200000000400 RDI: 0000000000000003
[  547.477665][ T9263] RBP: 00007fcd2f713090 R08: 0000000000000000 R09: 0000000000000000
[  547.477678][ T9263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  547.477689][ T9263] R13: 0000000000000000 R14: 00007fcd2ebb5fa0 R15: 00007fff4779c568
[  547.477723][ T9263]  </TASK>
[  547.681211][    C1] vkms_vblank_simulate: vblank timer overrun
[  547.717039][ T9265] fuse: Bad value for 'fd'
[  547.967211][ T9270] overlayfs: missing 'workdir'
[  548.952206][ T9279] vivid-004: disconnect
[  549.137032][ T9267] vivid-004: reconnect
[  554.070769][ T7610] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  554.074849][ T9323] overlayfs: missing 'lowerdir'
[  554.235990][ T7610] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  554.266851][ T7610] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  554.299416][ T9329] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf
[  554.329950][ T7610] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  554.389882][ T7610] usb 6-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  554.416201][ T7610] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.465378][ T7610] usb 6-1: Product: syz
[  554.483207][ T7610] usb 6-1: Manufacturer: syz
[  554.500093][ T7610] usb 6-1: SerialNumber: syz
[  554.540129][ T7610] usb 6-1: config 0 descriptor??
[  554.587689][ T7610] usb 6-1: Found UVC 34.00 device syz (8086:0b5b)
[  554.623852][ T7610] usb 6-1: No valid video chain found.
[  557.047343][ T9315] netlink: 52 bytes leftover after parsing attributes in process `syz.5.940'.
[  557.082575][ T1209] usb 6-1: USB disconnect, device number 5
[  557.089497][ T9345] netlink: 16 bytes leftover after parsing attributes in process `syz.0.947'.
[  559.980938][ T7607] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  560.331458][ T7607] usb 4-1: Using ep0 maxpacket: 8
[  560.345660][ T7607] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  560.367374][ T7607] usb 4-1: config 0 has no interfaces?
[  560.382447][ T7607] usb 4-1: New USB device found, idVendor=0a5c, idProduct=2033, bcdDevice=72.01
[  560.395485][ T7607] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.404816][ T7607] usb 4-1: Product: syz
[  560.413548][ T7607] usb 4-1: Manufacturer: syz
[  560.422210][ T7607] usb 4-1: SerialNumber: syz
[  560.430645][ T7607] usb 4-1: config 0 descriptor??
[  560.613947][ T9374] overlayfs: missing 'lowerdir'
[  560.859031][ T9360] ISOFS: Unable to identify CD-ROM format.
[  560.891006][ T7607] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  561.524444][ T9380] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf
[  563.341084][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  563.347479][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  563.359653][ T7607] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  563.378705][ T7607] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  563.397503][ T7607] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  563.407756][ T7607] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.417142][ T5968] usb 4-1: USB disconnect, device number 13
[  563.420261][ T7607] usb 2-1: config 0 descriptor??
[  563.625855][ T9387] FAULT_INJECTION: forcing a failure.
[  563.625855][ T9387] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  563.639412][ T9387] CPU: 0 UID: 0 PID: 9387 Comm: syz.4.960 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  563.639440][ T9387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  563.639453][ T9387] Call Trace:
[  563.639462][ T9387]  <TASK>
[  563.639471][ T9387]  dump_stack_lvl+0x189/0x250
[  563.639502][ T9387]  ? __pfx____ratelimit+0x10/0x10
[  563.639525][ T9387]  ? __pfx_dump_stack_lvl+0x10/0x10
[  563.639548][ T9387]  ? __pfx__printk+0x10/0x10
[  563.639587][ T9387]  should_fail_ex+0x414/0x560
[  563.639615][ T9387]  _copy_to_user+0x31/0xb0
[  563.639647][ T9387]  simple_read_from_buffer+0xe1/0x170
[  563.639675][ T9387]  proc_fail_nth_read+0x1df/0x250
[  563.639703][ T9387]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  563.639732][ T9387]  ? rw_verify_area+0x258/0x650
[  563.639763][ T9387]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  563.639790][ T9387]  vfs_read+0x200/0x980
[  563.639827][ T9387]  ? __pfx___mutex_lock+0x10/0x10
[  563.639852][ T9387]  ? __pfx_vfs_read+0x10/0x10
[  563.639885][ T9387]  ? __fget_files+0x2a/0x420
[  563.639914][ T9387]  ? __fget_files+0x3a0/0x420
[  563.639935][ T9387]  ? __fget_files+0x2a/0x420
[  563.639969][ T9387]  ksys_read+0x145/0x250
[  563.639991][ T9387]  ? __pfx_ksys_read+0x10/0x10
[  563.640018][ T9387]  ? do_syscall_64+0xbe/0x3b0
[  563.640045][ T9387]  do_syscall_64+0xfa/0x3b0
[  563.640070][ T9387]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.640088][ T9387]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  563.640108][ T9387]  ? clear_bhb_loop+0x60/0xb0
[  563.640133][ T9387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.640153][ T9387] RIP: 0033:0x7ff0f678d3bc
[  563.640172][ T9387] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  563.640190][ T9387] RSP: 002b:00007ff0f75f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  563.640212][ T9387] RAX: ffffffffffffffda RBX: 00007ff0f69b6080 RCX: 00007ff0f678d3bc
[  563.640227][ T9387] RDX: 000000000000000f RSI: 00007ff0f75f60a0 RDI: 0000000000000006
[  563.640240][ T9387] RBP: 00007ff0f75f6090 R08: 0000000000000000 R09: 0000000000000000
[  563.640253][ T9387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  563.640265][ T9387] R13: 0000000000000000 R14: 00007ff0f69b6080 R15: 00007ffc19841b38
[  563.640300][ T9387]  </TASK>
[  563.932909][ T7607] usbhid 2-1:0.0: can't add hid device: -71
[  563.938976][ T7607] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  563.952196][ T7607] usb 2-1: USB disconnect, device number 14
[  565.431840][ T9421] pim6reg: entered allmulticast mode
[  565.467948][ T9421] pim6reg: left allmulticast mode
[  565.534836][ T1209] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  566.721717][ T1209] usb 4-1: Using ep0 maxpacket: 32
[  566.770847][ T7580] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  566.780872][ T1209] usb 4-1: config 0 has an invalid interface number: 230 but max is 0
[  566.789098][ T1209] usb 4-1: config 0 has no interface number 0
[  566.801024][ T1209] usb 4-1: config 0 interface 230 has no altsetting 0
[  566.832280][ T1209] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  566.861080][ T1209] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.869146][ T1209] usb 4-1: Product: syz
[  567.120109][ T7580] usb 5-1: device descriptor read/64, error -71
[  567.635764][ T5968] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  568.857666][ T1209] usb 4-1: Manufacturer: syz
[  569.394193][ T1209] usb 4-1: SerialNumber: syz
[  569.405683][ T1209] usb 4-1: config 0 descriptor??
[  569.413040][ T1209] usb 4-1: can't set config #0, error -71
[  569.423026][ T1209] usb 4-1: USB disconnect, device number 14
[  569.447120][   T30] audit: type=1326 audit(1753704169.100:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9441 comm="syz.0.978" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f753138e9a9 code=0x0
[  569.522709][ T9447] netlink: 'syz.3.980': attribute type 12 has an invalid length.
[  569.530715][ T9447] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.980'.
[  569.753095][ T9447] netlink: 1 bytes leftover after parsing attributes in process `syz.3.980'.
[  570.235395][ T9459] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input18
[  572.221408][   T30] audit: type=1326 audit(1753704171.870:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9462 comm="syz.5.984" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3b678e9a9 code=0x0
[  572.787664][ T9487] lo speed is unknown, defaulting to 1000
[  573.347549][   T49] bridge_slave_1: left allmulticast mode
[  573.381349][   T49] bridge_slave_1: left promiscuous mode
[  573.388735][ T9499] use of bytesused == 0 is deprecated and will be removed in the future,
[  573.433223][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  573.470397][ T9499] use the actual size instead.
[  573.559095][   T49] bridge_slave_0: left allmulticast mode
[  573.569079][   T49] bridge_slave_0: left promiscuous mode
[  573.576617][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.877653][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  576.888351][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  576.899289][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  576.926367][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  576.950524][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  577.926242][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  577.946412][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  577.962020][   T49] bond0 (unregistering): Released all slaves
[  577.982920][   T49] bond1 (unregistering): Released all slaves
[  578.057032][ T9550] syz.1.1005: attempt to access beyond end of device
[  578.057032][ T9550] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  578.969663][ T9531] lo speed is unknown, defaulting to 1000
[  579.100927][   T51] Bluetooth: hci0: command tx timeout
[  579.166222][ T9565] loop2: detected capacity change from 0 to 7
[  579.259701][   T49] IPVS: stopping backup sync thread 8435 ...
[  579.272370][    C1] blk_print_req_error: 26 callbacks suppressed
[  579.272392][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  579.287986][    C1] buffer_io_error: 214 callbacks suppressed
[  579.287997][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  579.304948][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  579.314177][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  579.342327][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  579.351667][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  579.369304][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  579.378519][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  579.402382][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  579.411633][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  579.420344][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  579.429666][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  579.451018][ T9565] ldm_validate_partition_table(): Disk read failed.
[  579.452577][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  579.466922][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  579.480817][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  579.490022][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  579.498443][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  579.507662][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  579.516925][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  579.526148][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  579.534409][ T9565] Dev loop2: unable to read RDB block 0
[  579.554137][ T9565]  loop2: unable to read partition table
[  579.576564][ T9565] loop2: partition table beyond EOD, truncated
[  579.771300][ T9565] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  581.180895][   T51] Bluetooth: hci0: command tx timeout
[  581.339348][ T9589] FAULT_INJECTION: forcing a failure.
[  581.339348][ T9589] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  581.352787][ T9589] CPU: 0 UID: 0 PID: 9589 Comm: syz.3.1017 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  581.352814][ T9589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  581.352826][ T9589] Call Trace:
[  581.352835][ T9589]  <TASK>
[  581.352844][ T9589]  dump_stack_lvl+0x189/0x250
[  581.352873][ T9589]  ? __pfx____ratelimit+0x10/0x10
[  581.352896][ T9589]  ? __pfx_dump_stack_lvl+0x10/0x10
[  581.352919][ T9589]  ? __pfx__printk+0x10/0x10
[  581.352945][ T9589]  ? __might_fault+0xb0/0x130
[  581.352979][ T9589]  should_fail_ex+0x414/0x560
[  581.353007][ T9589]  _copy_from_iter+0x1db/0x16f0
[  581.353037][ T9589]  ? rcu_is_watching+0x15/0xb0
[  581.353062][ T9589]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  581.353085][ T9589]  ? __pfx__copy_from_iter+0x10/0x10
[  581.353112][ T9589]  ? __build_skb_around+0x257/0x3e0
[  581.353146][ T9589]  ? netlink_sendmsg+0x642/0xb30
[  581.353171][ T9589]  ? skb_put+0x11b/0x210
[  581.353203][ T9589]  netlink_sendmsg+0x6b2/0xb30
[  581.353243][ T9589]  ? __pfx_netlink_sendmsg+0x10/0x10
[  581.353280][ T9589]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  581.353301][ T9589]  ? __pfx_netlink_sendmsg+0x10/0x10
[  581.353331][ T9589]  __sock_sendmsg+0x21c/0x270
[  581.353359][ T9589]  ____sys_sendmsg+0x505/0x830
[  581.353398][ T9589]  ? __pfx_____sys_sendmsg+0x10/0x10
[  581.353449][ T9589]  ? import_iovec+0x74/0xa0
[  581.353480][ T9589]  ___sys_sendmsg+0x21f/0x2a0
[  581.353513][ T9589]  ? __pfx____sys_sendmsg+0x10/0x10
[  581.353584][ T9589]  ? __fget_files+0x2a/0x420
[  581.353608][ T9589]  ? __fget_files+0x3a0/0x420
[  581.353643][ T9589]  __x64_sys_sendmsg+0x19b/0x260
[  581.353677][ T9589]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  581.353721][ T9589]  ? __pfx_ksys_write+0x10/0x10
[  581.353738][ T9589]  ? rcu_is_watching+0x15/0xb0
[  581.353767][ T9589]  ? do_syscall_64+0xbe/0x3b0
[  581.353795][ T9589]  do_syscall_64+0xfa/0x3b0
[  581.353816][ T9589]  ? lockdep_hardirqs_on+0x9c/0x150
[  581.353837][ T9589]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.353857][ T9589]  ? clear_bhb_loop+0x60/0xb0
[  581.353882][ T9589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.353901][ T9589] RIP: 0033:0x7efd4b98e9a9
[  581.353921][ T9589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  581.353939][ T9589] RSP: 002b:00007efd4c738038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  581.353961][ T9589] RAX: ffffffffffffffda RBX: 00007efd4bbb5fa0 RCX: 00007efd4b98e9a9
[  581.353976][ T9589] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  581.353989][ T9589] RBP: 00007efd4c738090 R08: 0000000000000000 R09: 0000000000000000
[  581.354002][ T9589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  581.354014][ T9589] R13: 0000000000000000 R14: 00007efd4bbb5fa0 R15: 00007ffd39085378
[  581.354048][ T9589]  </TASK>
[  581.705952][ T9593] syz.1.1016: attempt to access beyond end of device
[  581.705952][ T9593] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  581.945675][ T9531] chnl_net:caif_netlink_parms(): no params data found
[  582.282386][ T7580] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  583.132198][ T7580] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  583.155705][ T7580] usb 5-1: config 0 interface 0 has no altsetting 0
[  583.163754][ T7580] usb 5-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[  583.177366][ T7580] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.220467][ T7580] usb 5-1: config 0 descriptor??
[  583.265026][   T51] Bluetooth: hci0: command tx timeout
[  583.512321][ T7580] lenovo 0003:17EF:6067.0004: item fetching failed at offset 0/2
[  583.530529][ T7580] lenovo 0003:17EF:6067.0004: hid_parse failed
[  583.664931][ T7580] lenovo 0003:17EF:6067.0004: probe with driver lenovo failed with error -22
[  583.674806][   T49] hsr_slave_0: left promiscuous mode
[  583.708259][   T49] hsr_slave_1: left promiscuous mode
[  583.709758][ T7580] usb 5-1: USB disconnect, device number 18
[  584.566173][ T5968] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  584.708318][ T5968] usb 4-1: device descriptor read/64, error -71
[  584.889270][   T49] team0 (unregistering): Port device team_slave_1 removed
[  584.947116][   T49] team0 (unregistering): Port device team_slave_0 removed
[  584.965033][ T5968] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  585.117446][ T5968] usb 4-1: device descriptor read/64, error -71
[  585.236370][ T5968] usb usb4-port1: attempt power cycle
[  585.347294][   T51] Bluetooth: hci0: command tx timeout
[  585.722479][ T5968] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  585.816928][ T5968] usb 4-1: device descriptor read/8, error -71
[  586.230945][ T5968] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  586.260179][ T9635] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  586.276565][ T5968] usb 4-1: device descriptor read/8, error -71
[  586.276730][ T9636] syzkaller0: entered promiscuous mode
[  586.289960][ T9636] syzkaller0: entered allmulticast mode
[  586.392963][ T5968] usb usb4-port1: unable to enumerate USB device
[  586.408665][ T9648] tipc: Resetting bearer <eth:syzkaller0>
[  586.477924][ T9648] tipc: Disabling bearer <eth:syzkaller0>
[  586.499590][ T9531] bridge0: port 1(bridge_slave_0) entered blocking state
[  586.514065][ T9531] bridge0: port 1(bridge_slave_0) entered disabled state
[  586.523604][ T9531] bridge_slave_0: entered allmulticast mode
[  586.548341][ T9531] bridge_slave_0: entered promiscuous mode
[  586.563193][ T9531] bridge0: port 2(bridge_slave_1) entered blocking state
[  586.570462][ T9531] bridge0: port 2(bridge_slave_1) entered disabled state
[  586.579789][ T9531] bridge_slave_1: entered allmulticast mode
[  586.588857][ T9531] bridge_slave_1: entered promiscuous mode
[  586.706842][ T9531] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  586.915292][ T9531] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  587.289134][ T5968] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  587.389857][ T9531] team0: Port device team_slave_0 added
[  587.520967][ T5968] usb 5-1: Using ep0 maxpacket: 16
[  587.533110][ T5968] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11
[  588.301157][ T5968] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  588.381137][ T5968] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  588.390917][ T5968] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  588.410924][ T5968] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  588.455820][ T5968] usb 5-1: config 1 interface 0 has no altsetting 0
[  588.478238][ T5968] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  588.484537][ T9531] team0: Port device team_slave_1 added
[  588.496005][ T5968] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.577879][ T5968] ums-sddr09 5-1:1.0: USB Mass Storage device detected
[  589.355738][ T5902] kworker/1:3 (5902) used greatest stack depth: 19808 bytes left
[  589.903620][ T9531] batman_adv: batadv0: Adding interface: batadv_slave_0
[  589.910650][ T9531] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  589.950134][ T5968] ums-sddr09 5-1:1.0: probe with driver ums-sddr09 failed with error -22
[  589.958315][ T9531] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  589.979455][ T5968] usb 5-1: USB disconnect, device number 19
[  590.128039][ T9531] batman_adv: batadv0: Adding interface: batadv_slave_1
[  590.150431][ T9531] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  590.193256][ T9531] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  591.054901][ T9696] sysfs: Unknown parameter 'lowerdir'
[  591.064725][ T9696] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  591.132924][ T9531] hsr_slave_0: entered promiscuous mode
[  591.139909][ T9531] hsr_slave_1: entered promiscuous mode
[  591.161824][ T9531] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  591.169466][ T9531] Cannot create hsr debugfs directory
[  591.276670][ T9701] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1039'.
[  591.288617][ T9701] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1039'.
[  591.885385][ T9695] can0: slcan on ttyS3.
[  592.102556][ T9693] can0 (unregistered): slcan off ttyS3.
[  592.204127][ T9531] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  592.262721][ T9531] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  592.337336][ T9531] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  592.365910][ T9531] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  592.720127][ T9531] 8021q: adding VLAN 0 to HW filter on device bond0
[  593.800651][ T9531] 8021q: adding VLAN 0 to HW filter on device team0
[  593.823377][ T1150] bridge0: port 1(bridge_slave_0) entered blocking state
[  593.830934][ T1150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  593.868049][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state
[  593.875308][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  593.942895][ T9531] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  594.174768][ T9734] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1048'.
[  594.324097][ T9737] mkiss: ax0: crc mode is auto.
[  596.090351][ T9531] 8021q: adding VLAN 0 to HW filter on device batadv0
[  598.148663][ T9746] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1051'.
[  598.907053][   T30] audit: type=1326 audit(1753704198.560:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9761 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  599.005492][   T30] audit: type=1326 audit(1753704198.580:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9761 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  599.035581][ T9766] FAULT_INJECTION: forcing a failure.
[  599.035581][ T9766] name failslab, interval 1, probability 0, space 0, times 0
[  599.096815][   T30] audit: type=1326 audit(1753704198.580:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9761 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  599.140680][ T9766] CPU: 1 UID: 0 PID: 9766 Comm: syz.5.1056 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  599.140717][ T9766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  599.140730][ T9766] Call Trace:
[  599.140738][ T9766]  <TASK>
[  599.140747][ T9766]  dump_stack_lvl+0x189/0x250
[  599.140774][ T9766]  ? __pfx____ratelimit+0x10/0x10
[  599.140797][ T9766]  ? __pfx_dump_stack_lvl+0x10/0x10
[  599.140819][ T9766]  ? __pfx__printk+0x10/0x10
[  599.140848][ T9766]  ? __pfx___might_resched+0x10/0x10
[  599.140871][ T9766]  ? fs_reclaim_acquire+0x7d/0x100
[  599.140901][ T9766]  should_fail_ex+0x414/0x560
[  599.140930][ T9766]  should_failslab+0xa8/0x100
[  599.140954][ T9766]  __kmalloc_noprof+0xcb/0x4f0
[  599.140973][ T9766]  ? tomoyo_encode+0x28b/0x550
[  599.141005][ T9766]  tomoyo_encode+0x28b/0x550
[  599.141038][ T9766]  tomoyo_realpath_from_path+0x58d/0x5d0
[  599.141075][ T9766]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  599.141097][ T9766]  tomoyo_path_number_perm+0x1e8/0x5a0
[  599.141121][ T9766]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  599.141164][ T9766]  ? __lock_acquire+0xab9/0xd20
[  599.141208][ T9766]  ? __fget_files+0x2a/0x420
[  599.141235][ T9766]  ? __fget_files+0x2a/0x420
[  599.141256][ T9766]  ? __fget_files+0x3a0/0x420
[  599.141277][ T9766]  ? __fget_files+0x2a/0x420
[  599.141314][ T9766]  security_file_ioctl+0xcb/0x2d0
[  599.141339][ T9766]  __se_sys_ioctl+0x47/0x170
[  599.141368][ T9766]  do_syscall_64+0xfa/0x3b0
[  599.141389][ T9766]  ? lockdep_hardirqs_on+0x9c/0x150
[  599.141412][ T9766]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  599.141433][ T9766]  ? clear_bhb_loop+0x60/0xb0
[  599.141460][ T9766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  599.141479][ T9766] RIP: 0033:0x7fa3b678e9a9
[  599.141498][ T9766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  599.141513][ T9766] RSP: 002b:00007fa3b752b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  599.141533][ T9766] RAX: ffffffffffffffda RBX: 00007fa3b69b5fa0 RCX: 00007fa3b678e9a9
[  599.141547][ T9766] RDX: 0000200000000040 RSI: 00000000401054d5 RDI: 0000000000000003
[  599.141559][ T9766] RBP: 00007fa3b752b090 R08: 0000000000000000 R09: 0000000000000000
[  599.141570][ T9766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  599.141581][ T9766] R13: 0000000000000000 R14: 00007fa3b69b5fa0 R15: 00007ffceea51d78
[  599.141613][ T9766]  </TASK>
[  599.410871][   T30] audit: type=1326 audit(1753704198.590:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9761 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  599.432420][   T30] audit: type=1326 audit(1753704198.590:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9761 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  599.454062][   T30] audit: type=1326 audit(1753704198.590:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9761 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  599.481322][   T30] audit: type=1326 audit(1753704198.590:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9761 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  599.503735][   T30] audit: type=1326 audit(1753704198.590:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9761 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  599.525291][   T30] audit: type=1326 audit(1753704198.590:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9761 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  599.546906][   T30] audit: type=1326 audit(1753704198.590:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9761 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efd4b98e9a9 code=0x7ffc0000
[  599.583938][ T9766] ERROR: Out of memory at tomoyo_realpath_from_path.
[  599.838022][ T9531] veth0_vlan: entered promiscuous mode
[  599.890368][ T9531] veth1_vlan: entered promiscuous mode
[  600.217754][ T9531] veth0_macvtap: entered promiscuous mode
[  600.239680][ T9531] veth1_macvtap: entered promiscuous mode
[  600.343715][ T9531] batman_adv: batadv0: Interface activated: batadv_slave_0
[  600.392051][ T9531] batman_adv: batadv0: Interface activated: batadv_slave_1
[  600.410999][ T9531] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  600.432944][ T9531] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  600.461394][ T9531] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  600.485492][ T9531] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  600.660319][ T9787] FAULT_INJECTION: forcing a failure.
[  600.660319][ T9787] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  600.674628][ T9787] CPU: 1 UID: 0 PID: 9787 Comm: syz.4.1061 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  600.674657][ T9787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  600.674670][ T9787] Call Trace:
[  600.674679][ T9787]  <TASK>
[  600.674688][ T9787]  dump_stack_lvl+0x189/0x250
[  600.674718][ T9787]  ? __pfx____ratelimit+0x10/0x10
[  600.674742][ T9787]  ? __pfx_dump_stack_lvl+0x10/0x10
[  600.674765][ T9787]  ? __pfx__printk+0x10/0x10
[  600.674808][ T9787]  should_fail_ex+0x414/0x560
[  600.674837][ T9787]  _copy_to_user+0x31/0xb0
[  600.674875][ T9787]  simple_read_from_buffer+0xe1/0x170
[  600.674903][ T9787]  proc_fail_nth_read+0x1df/0x250
[  600.674934][ T9787]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  600.674963][ T9787]  ? rw_verify_area+0x258/0x650
[  600.674994][ T9787]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  600.675022][ T9787]  vfs_read+0x200/0x980
[  600.675060][ T9787]  ? __pfx___mutex_lock+0x10/0x10
[  600.675096][ T9787]  ? __pfx_vfs_read+0x10/0x10
[  600.675130][ T9787]  ? __fget_files+0x2a/0x420
[  600.675159][ T9787]  ? __fget_files+0x3a0/0x420
[  600.675181][ T9787]  ? __fget_files+0x2a/0x420
[  600.675215][ T9787]  ksys_read+0x145/0x250
[  600.675238][ T9787]  ? __pfx_ksys_read+0x10/0x10
[  600.675255][ T9787]  ? rcu_is_watching+0x15/0xb0
[  600.675285][ T9787]  ? do_syscall_64+0xbe/0x3b0
[  600.675313][ T9787]  do_syscall_64+0xfa/0x3b0
[  600.675333][ T9787]  ? lockdep_hardirqs_on+0x9c/0x150
[  600.675355][ T9787]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.675375][ T9787]  ? clear_bhb_loop+0x60/0xb0
[  600.675402][ T9787]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.675422][ T9787] RIP: 0033:0x7ff0f678d3bc
[  600.675441][ T9787] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  600.675458][ T9787] RSP: 002b:00007ff0f7617030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  600.675482][ T9787] RAX: ffffffffffffffda RBX: 00007ff0f69b5fa0 RCX: 00007ff0f678d3bc
[  600.675496][ T9787] RDX: 000000000000000f RSI: 00007ff0f76170a0 RDI: 0000000000000006
[  600.675509][ T9787] RBP: 00007ff0f7617090 R08: 0000000000000000 R09: 0000000000000000
[  600.675522][ T9787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  600.675534][ T9787] R13: 0000000000000000 R14: 00007ff0f69b5fa0 R15: 00007ffc19841b38
[  600.675570][ T9787]  </TASK>
[  600.966410][  T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  600.974310][  T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  600.982040][  T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  600.989940][  T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  602.778279][ T9800] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf
[  604.500822][ T7605] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  604.663126][ T9823] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  604.706589][ T7605] usb 7-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[  604.717168][ T7605] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.745809][ T7605] usb 7-1: Product: syz
[  604.750008][ T7605] usb 7-1: Manufacturer: syz
[  604.757854][ T7605] usb 7-1: SerialNumber: syz
[  604.770228][ T7605] usb 7-1: config 0 descriptor??
[  604.784409][ T7605] gspca_main: sq905c-2.14.0 probing 2770:9052
[  605.021521][ T9831] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3547360404 (14189441616 ns) > initial count (770613436 ns). Using initial count to start timer.
[  605.311180][ T7605] gspca_sq905c: sq905c_command: usb_control_msg failed (-110)
[  605.318771][ T7605] sq905c 7-1:0.0: Get version command failed
[  605.351056][ T7605] sq905c 7-1:0.0: probe with driver sq905c failed with error -110
[  607.237956][ T5967] usb 7-1: USB disconnect, device number 2
[  608.849862][T10002] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3176969119 (406652047232 ns) > initial count (321993810432 ns). Using initial count to start timer.
[  608.968715][T10002] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  608.990212][T10002] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  610.789771][T10105] kvm: user requested TSC rate below hardware speed
[  612.866965][T10114] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1197'.
[  613.212976][T10123] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1198'.
[  613.501025][ T5967] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  613.517195][T10128] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf
[  613.709522][ T5967] usb 7-1: config 0 has an invalid interface number: 248 but max is 0
[  613.825812][T10134] syz.4.1201: attempt to access beyond end of device
[  613.825812][T10134] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  613.925068][ T5967] usb 7-1: config 0 has no interface number 0
[  614.148863][ T5967] usb 7-1: New USB device found, idVendor=1686, idProduct=00dd, bcdDevice=c4.ff
[  614.719323][ T5967] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.741663][ T5967] usb 7-1: Product: syz
[  614.756058][ T5967] usb 7-1: Manufacturer: syz
[  614.762359][ T5967] usb 7-1: SerialNumber: syz
[  614.803491][ T5967] usb 7-1: config 0 descriptor??
[  614.822289][ T5967] hub 7-1:0.248: bad descriptor, ignoring hub
[  614.828551][ T5967] hub 7-1:0.248: probe with driver hub failed with error -5
[  614.896750][T10145] random: crng reseeded on system resumption
[  615.050186][T10122] kvm: kvm [10121]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x85
[  615.059707][ T5968] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  615.111054][ T7610] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  615.272933][ T5968] usb 5-1: Using ep0 maxpacket: 32
[  615.284085][ T5968] usb 5-1: unable to get BOS descriptor or descriptor too short
[  615.292841][ T5967] usb 7-1: USB disconnect, device number 3
[  615.300422][ T5968] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  615.318052][ T5968] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  615.345577][ T5968] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  615.364728][ T5968] usb 5-1: string descriptor 0 read error: -22
[  615.375751][ T5968] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  615.388539][ T7610] usb 2-1: config 0 has an invalid interface number: 248 but max is 0
[  615.397082][ T7610] usb 2-1: config 0 has no interface number 0
[  615.411562][ T5968] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  615.438270][ T5968] usb 5-1: 0:2 : does not exist
[  615.454407][ T7610] usb 2-1: New USB device found, idVendor=1686, idProduct=00dd, bcdDevice=c4.ff
[  615.472364][ T7610] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  615.484146][ T7610] usb 2-1: Product: syz
[  615.492267][ T7610] usb 2-1: Manufacturer: syz
[  615.504786][ T7610] usb 2-1: SerialNumber: syz
[  615.515464][ T7610] usb 2-1: config 0 descriptor??
[  615.527851][ T7610] hub 2-1:0.248: bad descriptor, ignoring hub
[  615.548528][ T7610] hub 2-1:0.248: probe with driver hub failed with error -5
[  615.769499][T10143] kvm: kvm [10142]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x85
[  616.891776][ T7610] usb 2-1: USB disconnect, device number 16
[  619.627186][T10174] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1212'.
[  620.331365][T10178] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf
[  621.826926][T10196] fuse: Bad value for 'fd'
[  623.088467][ T1209] usb 5-1: USB disconnect, device number 20
[  624.356916][T10210] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1225'.
[  624.485409][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  624.498876][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  627.806364][T10233] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3176969119 (406652047232 ns) > initial count (321993810432 ns). Using initial count to start timer.
[  627.910382][T10233] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  628.101411][T10236] bridge0: port 1(bridge_slave_0) entered disabled state
[  629.056175][   T51] Bluetooth: hci0: link tx timeout
[  629.064371][   T51] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  629.095212][T10249] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1238'.
[  629.500905][   T51] Bluetooth: hci0: link tx timeout
[  629.506086][   T51] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  629.702474][T10236] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  629.744066][T10236] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  630.020636][T10236] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  630.054437][T10236] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  630.112285][T10236] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  630.122871][T10236] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  631.100854][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  633.367357][T10301] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1255'.
[  636.559477][T10336] tmpfs: Unknown parameter '�Drquota�L�NȐ�2*Z�u�֪��I|�D�O� �#<�]i�'
[  639.065464][   T31] INFO: task syz.2.701:8458 blocked for more than 165 seconds.
[  639.067295][T10348] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1268'.
[  639.080891][   T31]       Not tainted 6.16.0-syzkaller #0
[  639.139816][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  639.590824][   T31] task:syz.2.701       state:D stack:25944 pid:8458  tgid:8452  ppid:5833   task_flags:0x400740 flags:0x00004004
[  639.640808][   T31] Call Trace:
[  639.644242][   T31]  <TASK>
[  639.647230][   T31]  __schedule+0x16aa/0x4c90
[  639.660889][   T31]  ? finish_task_switch+0x18b/0x950
[  639.666188][   T31]  ? schedule+0x165/0x360
[  639.670552][   T31]  ? __lock_acquire+0xab9/0xd20
[  639.690778][   T31]  ? __pfx___schedule+0x10/0x10
[  639.695709][   T31]  ? schedule+0x91/0x360
[  639.699961][   T31]  schedule+0x165/0x360
[  639.704195][   T31]  schedule_timeout+0x9a/0x270
[  639.709006][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  639.714481][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  639.719717][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  639.725011][   T31]  __wait_for_common+0x3da/0x710
[  639.730016][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  639.735500][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  639.745445][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  639.752304][   T31]  wait_for_completion_state+0x1c/0x40
[  639.757809][   T31]  do_coredump+0x831/0x3440
[  639.762817][   T31]  ? kernel_text_address+0xa5/0xe0
[  639.767970][   T31]  ? __pfx_do_coredump+0x10/0x10
[  639.773261][   T31]  ? arch_stack_walk+0xfc/0x150
[  639.778181][   T31]  ? stack_trace_save+0x9c/0xe0
[  639.783261][   T31]  ? kasan_save_track+0x4f/0x80
[  639.788146][   T31]  ? kasan_save_track+0x3e/0x80
[  639.793303][   T31]  ? kasan_save_free_info+0x46/0x50
[  639.798533][   T31]  ? __kasan_slab_free+0x62/0x70
[  639.803573][   T31]  ? kmem_cache_free+0x18f/0x400
[  639.808545][   T31]  ? get_signal+0xa2b/0x1310
[  639.813206][   T31]  ? arch_do_signal_or_restart+0x9a/0x750
[  639.818954][   T31]  ? exit_to_user_mode_loop+0x75/0x110
[  639.840791][   T31]  ? do_syscall_64+0x2bd/0x3b0
[  639.845615][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.870809][   T31]  ? proc_coredump_connector+0x172/0x4b0
[  639.876522][   T31]  ? __pfx_proc_coredump_connector+0x10/0x10
[  639.890751][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  639.895993][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  639.910752][   T31]  get_signal+0x10d9/0x1310
[  639.915310][   T31]  arch_do_signal_or_restart+0x9a/0x750
[  639.930745][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  639.936982][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  639.960745][   T31]  exit_to_user_mode_loop+0x75/0x110
[  639.966082][   T31]  do_syscall_64+0x2bd/0x3b0
[  639.970683][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  639.985972][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.000737][   T31]  ? clear_bhb_loop+0x60/0xb0
[  640.005546][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.020736][   T31] RIP: 0033:0x7f6186b8e9a9
[  640.025360][   T31] RSP: 002b:00007f6187a27038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  640.050737][   T31] RAX: ffffffffffffffda RBX: 00007f6186db6080 RCX: 00007f6186b8e9a9
[  640.059561][   T31] RDX: 0000200000000040 RSI: 0000200000000000 RDI: 0000000000000000
[  640.080875][   T31] RBP: 00007f6186c10d69 R08: 0000200000000240 R09: 0000000000000000
[  640.088893][   T31] R10: 0000000000020001 R11: 0000000000000246 R12: 0000000000000000
[  640.103541][   T31] R13: 0000000000000000 R14: 00007f6186db6080 R15: 00007ffc77155158
[  640.114635][   T31]  </TASK>
[  640.117902][   T31] 
[  640.117902][   T31] Showing all locks held in the system:
[  640.129254][   T31] 1 lock held by khungtaskd/31:
[  640.149773][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  640.160264][   T31] 3 locks held by kworker/1:2/1615:
[  640.166737][   T31] 2 locks held by getty/5599:
[  640.171881][   T31]  #0: ffff88814c3130a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  640.182297][   T31]  #1: ffffc900036cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  640.192965][   T31] 3 locks held by kworker/u8:8/6002:
[  640.198365][   T31]  #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  640.211162][   T31]  #1: ffffc90004d4fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  640.223844][   T31]  #2: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  640.233408][   T31] 2 locks held by syz.1.1269/10343:
[  640.238726][   T31]  #0: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  640.248381][   T31]  #1: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[  640.259770][   T31] 2 locks held by syz.3.1268/10345:
[  640.266050][   T31]  #0: ffff88805964e208 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  640.276768][   T31]  #1: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: raw_release+0x1bb/0x960
[  640.286046][   T31] 1 lock held by syz.3.1268/10348:
[  640.291584][   T31]  #0: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dellink+0x331/0x710
[  640.316568][   T31] 
[  640.318961][   T31] =============================================
[  640.318961][   T31] 
[  640.328126][   T31] NMI backtrace for cpu 0
[  640.328142][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  640.328165][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  640.328177][   T31] Call Trace:
[  640.328185][   T31]  <TASK>
[  640.328194][   T31]  dump_stack_lvl+0x189/0x250
[  640.328220][   T31]  ? __wake_up_klogd+0xd9/0x110
[  640.328250][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  640.328272][   T31]  ? __pfx__printk+0x10/0x10
[  640.328312][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  640.328345][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  640.328372][   T31]  ? _printk+0xcf/0x120
[  640.328401][   T31]  ? __pfx__printk+0x10/0x10
[  640.328429][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  640.328462][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  640.328495][   T31]  watchdog+0xfee/0x1030
[  640.328527][   T31]  ? watchdog+0x1de/0x1030
[  640.328565][   T31]  kthread+0x70e/0x8a0
[  640.328596][   T31]  ? __pfx_watchdog+0x10/0x10
[  640.328622][   T31]  ? __pfx_kthread+0x10/0x10
[  640.328651][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  640.328688][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  640.328707][   T31]  ? __pfx_kthread+0x10/0x10
[  640.328734][   T31]  ret_from_fork+0x3fc/0x770
[  640.328757][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  640.328792][   T31]  ? __switch_to_asm+0x39/0x70
[  640.328815][   T31]  ? __switch_to_asm+0x33/0x70
[  640.328838][   T31]  ? __pfx_kthread+0x10/0x10
[  640.328865][   T31]  ret_from_fork_asm+0x1a/0x30
[  640.328907][   T31]  </TASK>
[  640.328914][   T31] Sending NMI from CPU 0 to CPUs 1:
[  640.487581][    C1] NMI backtrace for cpu 1
[  640.487599][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  640.487618][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  640.487628][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  640.487651][    C1] Code: 53 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 ad 21 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  640.487665][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c2
[  640.487681][    C1] RAX: 1463f976d9a15600 RBX: ffffffff81976918 RCX: 1463f976d9a15600
[  640.487693][    C1] RDX: 0000000000000001 RSI: ffffffff8d982fba RDI: ffffffff8be1ba40
[  640.487704][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb
[  640.487715][    C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa0b3f0
[  640.487727][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110039dab40
[  640.487738][    C1] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  640.487751][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  640.487762][    C1] CR2: 00007efd4bb802d8 CR3: 00000000330a8000 CR4: 00000000003526f0
[  640.487779][    C1] Call Trace:
[  640.487786][    C1]  <TASK>
[  640.487793][    C1]  default_idle+0x13/0x20
[  640.487811][    C1]  default_idle_call+0x74/0xb0
[  640.487831][    C1]  do_idle+0x1e8/0x510
[  640.487851][    C1]  ? __pfx_do_idle+0x10/0x10
[  640.487877][    C1]  cpu_startup_entry+0x44/0x60
[  640.487893][    C1]  start_secondary+0x101/0x110
[  640.487915][    C1]  common_startup_64+0x13e/0x147
[  640.487950][    C1]  </TASK>
[  640.488830][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  640.656248][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  640.665964][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  640.676025][   T31] Call Trace:
[  640.679304][   T31]  <TASK>
[  640.682330][   T31]  dump_stack_lvl+0x99/0x250
[  640.686958][   T31]  ? __asan_memcpy+0x40/0x70
[  640.691671][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  640.696868][   T31]  ? __pfx__printk+0x10/0x10
[  640.701464][   T31]  panic+0x2db/0x790
[  640.705356][   T31]  ? __pfx_panic+0x10/0x10
[  640.709766][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  640.715572][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  640.720945][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  640.727101][   T31]  watchdog+0x102d/0x1030
[  640.731445][   T31]  ? watchdog+0x1de/0x1030
[  640.735862][   T31]  kthread+0x70e/0x8a0
[  640.739948][   T31]  ? __pfx_watchdog+0x10/0x10
[  640.744622][   T31]  ? __pfx_kthread+0x10/0x10
[  640.749224][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  640.754414][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  640.759603][   T31]  ? __pfx_kthread+0x10/0x10
[  640.764190][   T31]  ret_from_fork+0x3fc/0x770
[  640.768774][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  640.773883][   T31]  ? __switch_to_asm+0x39/0x70
[  640.778650][   T31]  ? __switch_to_asm+0x33/0x70
[  640.783412][   T31]  ? __pfx_kthread+0x10/0x10
[  640.788000][   T31]  ret_from_fork_asm+0x1a/0x30
[  640.792811][   T31]  </TASK>
[  640.796006][   T31] Kernel Offset: disabled
[  640.800332][   T31] Rebooting in 86400 seconds..