last executing test programs: 10m35.713190558s ago: executing program 1 (id=1223): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000016000000b70300000000fff48500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r7 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) r8 = fcntl$dupfd(r6, 0x406, r6) ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, 0x0) ioctl$MON_IOCQ_URB_LEN(r7, 0x9201) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) socket$tipc(0x1e, 0x5, 0x0) gettid() sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x0, 0x3, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb010018"], &(0x7f00000001c0)=""/257, 0x2a, 0x101, 0x6}, 0x28) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) bind$rose(r0, &(0x7f0000000040)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, 0x40) 10m34.134879735s ago: executing program 1 (id=1225): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) read$FUSE(0xffffffffffffffff, &(0x7f0000001080)={0x2020}, 0x2020) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x288, 0x98, 0x8, 0xfa04, 0x98, 0x6c02, 0x1f0, 0x194, 0x194, 0x1f0, 0x194, 0x3, 0x0, {[{{@ip={@multicast1, @dev={0xac, 0x14, 0x14, 0x16}, 0x0, 0x0, 'veth0_to_hsr\x00', 'dvmrp1\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'vlan0\x00', {}, {}, 0x0, 0x1, 0x44}, 0x0, 0xf0, 0x158, 0x0, {}, [@common=@set={{0x40}, {{0x3, [0x4, 0x5, 0x3, 0x1, 0x2, 0x4], 0x4}}}, @common=@unspec=@connlimit={{0x40}, {[0x0, 0x0, 0x0, 0xffffffff], 0x0, 0x0, {0x800}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1b, 0x5, 0x1, 0x9, 'syz0\x00', 'syz1\x00', {0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8) mkdir(0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="9feb010018000000000000001000000010000000020000000000000000000001"], 0x0, 0x2a}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = syz_open_dev$sg(0x0, 0x0, 0x8002) ioctl$SG_SET_FORCE_PACK_ID(r5, 0x227b, &(0x7f00000001c0)=0x2001) r6 = fcntl$dupfd(r5, 0x0, r5) write$sndseq(r6, 0x0, 0x0) 10m33.108009205s ago: executing program 1 (id=1227): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000016000000b70300000000fff48500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r7 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) r8 = fcntl$dupfd(r6, 0x406, r6) ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, 0x0) ioctl$MON_IOCQ_URB_LEN(r7, 0x9201) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) socket$tipc(0x1e, 0x5, 0x0) gettid() sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x0, 0x3, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb010018"], &(0x7f00000001c0)=""/257, 0x2a, 0x101, 0x6}, 0x28) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) bind$rose(r0, &(0x7f0000000040)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, 0x40) 10m32.192410991s ago: executing program 1 (id=1229): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r3 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) bind$can_j1939(r3, 0x0, 0x0) r4 = epoll_create(0x2) setfsgid(0xee00) r5 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r5) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='syscall\x00') pread64(r6, &(0x7f0000000500)=""/31, 0x1f, 0x40000000009) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000080)={0x3000200a}) sendmsg$nl_xfrm(r3, 0x0, 0x1) socket$nl_route(0x10, 0x3, 0x0) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) syz_io_uring_setup(0x110, 0x0, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) accept4$nfc_llcp(r3, &(0x7f0000000380), 0x0, 0x80000) fstat(r2, 0x0) 10m30.714771333s ago: executing program 1 (id=1234): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000016000000b70300000000fff48500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) r7 = fcntl$dupfd(r6, 0x406, r6) ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) socket$tipc(0x1e, 0x5, 0x0) gettid() sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x0, 0x3, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r8, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb010018"], &(0x7f00000001c0)=""/257, 0x2a, 0x101, 0x6}, 0x28) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) bind$rose(r0, &(0x7f0000000040)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, 0x40) 10m29.750219569s ago: executing program 1 (id=1236): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000002c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x81b}}, './file0\x00'}) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r4}, 0x10) r5 = fsmount(0xffffffffffffffff, 0x0, 0x0) symlinkat(0x0, r5, &(0x7f0000000140)='./file0\x00') readlinkat(r5, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/204, 0xcc) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0) sendfile(r3, r3, &(0x7f0000000080), 0x7f03) 10m14.427081658s ago: executing program 32 (id=1236): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000002c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x81b}}, './file0\x00'}) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r4}, 0x10) r5 = fsmount(0xffffffffffffffff, 0x0, 0x0) symlinkat(0x0, r5, &(0x7f0000000140)='./file0\x00') readlinkat(r5, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/204, 0xcc) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0) sendfile(r3, r3, &(0x7f0000000080), 0x7f03) 8.392035716s ago: executing program 4 (id=2585): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, 0x0, 0x0) connect$phonet_pipe(r0, &(0x7f0000000000), 0x10) r1 = socket$packet(0x11, 0x2, 0x300) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00') memfd_create(0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5) setsockopt$inet_tcp_int(r3, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r3, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28) socket$kcm(0x10, 0x2, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x48, 0x83, 0x0, 0x80000001}, {0x6, 0x5, 0x0, 0xfffffc}]}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000018c0)={&(0x7f0000001900)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26, 0x0, 0x1, 0xfffffa16}, 0x28) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r4, &(0x7f00000001c0)=ANY=[], 0xff2e) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r5 = syz_open_pts(r4, 0x0) dup3(r5, r4, 0x0) 6.168484998s ago: executing program 4 (id=2589): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2, 0x0) bpf$PROG_BIND_MAP(0x23, 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) fanotify_mark(0xffffffffffffffff, 0x90, 0x40100000, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0, 0x0, 0x2663}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r3}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r4, 0x0, 0xc8, 0x0, 0x0) setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000540)={0x11, 0x1, 0xc, 0x8001, @vifc_lcl_ifindex, @local}, 0x10) setsockopt$MRT_DONE(r4, 0x0, 0xc9, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000200)=0x0) ptrace(0x11, r5) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x0, 0x0) 4.704027847s ago: executing program 3 (id=2592): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r3 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) bind$can_j1939(r3, 0x0, 0x0) r4 = epoll_create(0x2) setfsgid(0xee00) r5 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r5) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='syscall\x00') pread64(r6, &(0x7f0000000500)=""/31, 0x1f, 0x40000000009) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000080)={0x3000200a}) sendto$inet6(r1, &(0x7f00000004c0)="4747135f6fc2e0d41231cb53d9200128da8c2299af14b35b05219d463b6bc7b36d9626a6ff517591f014fb5fee2cd82055aa05a8cf03ef2635ba467a92ac0cbf3dafaffff6008ae6dd78da314d7ec7c3f89a91afc0dd4abfeb5270f4198e5d310ccdae130cccd7314b0065121c375d81ccc78032a86ff9514531e98fbe151254d48a85e2fc5703d1a3bd7328d1bb4a17ef1177a31518c1229a1077cb96f3df95e27f5fc4882b5fb39ad7b9c1201b08513d02dede7eed54511ed663faba48a329490854d2a4ec9db6b96c4e5c7afb9d8236b4a7eb91d3f28b6cdf348c5e344b2076bedc8f3685ede7e260d96fb4", 0xed, 0x408a1, 0x0, 0x0) sendmsg$nl_xfrm(r3, 0x0, 0x1) socket$nl_route(0x10, 0x3, 0x0) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) syz_io_uring_setup(0x110, 0x0, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) accept4$nfc_llcp(r3, &(0x7f0000000380), 0x0, 0x80000) fstat(r2, 0x0) 4.310326819s ago: executing program 4 (id=2594): syz_io_uring_setup(0x49c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x72, 0xa, 0x0, 0xffc4, 0x1, 0x71, 0x10, 0x97}}, &(0x7f0000000480)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0) timer_create(0x0, 0x0, &(0x7f0000000000)) r2 = socket(0xa, 0x3, 0x3a) r3 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) r4 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r4, &(0x7f0000000140)={0xa, 0xe64, 0xb, @empty, 0x1}, 0x1c) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x4, @empty, 0x101}, 0x1c) setsockopt$MRT6_INIT(r2, 0x29, 0xc8, &(0x7f0000000340), 0x4) setsockopt$MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, {0xa, 0x0, 0x0, @empty, 0x40}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4]}}, 0x5c) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000000)=0x10fc4c16dadd9937, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x15031, 0xffffffffffffffff, 0x0) sendfile(r1, r1, 0x0, 0x40008) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYRES64=r1], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r5}, 0x10) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) io_setup(0x7be, &(0x7f0000001380)) 2.97508476s ago: executing program 3 (id=2597): syz_io_uring_setup(0x49c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x72, 0xa, 0x0, 0xffc4, 0x1, 0x71, 0x10, 0x97}}, &(0x7f0000000480)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0) timer_create(0x0, 0x0, &(0x7f0000000000)) r2 = socket(0xa, 0x3, 0x3a) r3 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) r4 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bind$inet6(r4, &(0x7f0000000140)={0xa, 0xe64, 0xb, @empty, 0x1}, 0x1c) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x4, @empty, 0x101}, 0x1c) setsockopt$MRT6_INIT(r2, 0x29, 0xc8, &(0x7f0000000340), 0x4) setsockopt$MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, {0xa, 0x0, 0x0, @empty, 0x40}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4]}}, 0x5c) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000000)=0x10fc4c16dadd9937, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x15031, 0xffffffffffffffff, 0x0) sendfile(r1, r1, 0x0, 0x40008) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYRES64=r1], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r5}, 0x10) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) io_setup(0x7be, &(0x7f0000001380)) 2.942277556s ago: executing program 4 (id=2598): syz_io_uring_setup(0x49c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x72, 0xa, 0x0, 0xffc4, 0x1, 0x71, 0x10, 0x97}}, &(0x7f0000000480)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0) timer_create(0x0, 0x0, &(0x7f0000000000)) r2 = socket(0xa, 0x3, 0x3a) r3 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) r4 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bind$inet6(r4, &(0x7f0000000140)={0xa, 0xe64, 0xb, @empty, 0x1}, 0x1c) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x4, @empty, 0x101}, 0x1c) setsockopt$MRT6_INIT(r2, 0x29, 0xc8, &(0x7f0000000340), 0x4) setsockopt$MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, {0xa, 0x0, 0x0, @empty, 0x40}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4]}}, 0x5c) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000000)=0x10fc4c16dadd9937, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x15031, 0xffffffffffffffff, 0x0) sendfile(r1, r1, 0x0, 0x40008) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYRES64=r1], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r5}, 0x10) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) io_setup(0x7be, &(0x7f0000001380)) 2.217700223s ago: executing program 2 (id=2600): truncate(&(0x7f0000000000)='.\x00', 0x900) 2.093652632s ago: executing program 2 (id=2601): syz_emit_ethernet(0x7e, &(0x7f0000000080)={@link_local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x48, 0x11, 0x0, @remote, @local, {[], {0x0, 0x4e22, 0x48, 0x0, @wg=@cookie={0x3, 0x1, "05d37ddfbce9a8d7aab2130987be55161919de0155dded37", "564e5086f8e2fa5044578394f9ac9ce8b5afa3487cbc5b68d4761eb69203e174"}}}}}}}, 0x0) 2.064772996s ago: executing program 2 (id=2602): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x10, '\x00', 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1f, 0x11, &(0x7f00000015c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb3}}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc) 1.830764716s ago: executing program 2 (id=2604): r0 = creat(&(0x7f0000000540)='./file0\x00', 0x104) open$dir(0x0, 0x0, 0x0) syz_kvm_setup_syzos_vm$x86(r0, &(0x7f0000bff000/0x400000)=nil) 1.775656376s ago: executing program 4 (id=2607): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESOCT=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000041c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, r1, {0x7, 0x27, 0x1, 0x801001a, 0x66d, 0x0, 0x0, 0x400, 0x0, 0x0, 0x40, 0x9}}, 0x50) rename(&(0x7f0000000280)='./file0/../file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00') syz_fuse_handle_req(r0, &(0x7f000000a280)="1695367704d10dd832678e4e2d01860484a69eaac410e2d6cf3b3d3925f9a3cb602592377170dffdc4de86f163e390e21d07459b0f058cfc248c4bcbe896f3c68006f3c2cbe07c55b87170871c1d364d740faeb750c8c8acb76aca18bc0c018ed341b55b0ef80cefe95b85756aac978a0e0b5ce59cae6657643e7ada0c1336bab310888351664553c2faa6dd39054e19e23cc7c4b4d33546407f880194aa0761f2a9360c4ba26de342328b92db81ae84fc9c1e9eefb4b7ec3f58a6d5d23b907327b14480a37f3c84305729a91c28807f8809b997235bfa2d4b6f45ee9568bb4a416df34f4140c5e272bfc068ea61a48b365490ccb02772a906dad457f5d2dd1a57cc1209e8897c8115049d7e4e3c756a7f5ad0c004ef66c8bf91f600910e73b4aa5f516bab5cd62ad93642960ab32b7fdaeacb1a9587a389a529c231f8a47a65fb6d27ba6a0eeb46660cd75dbf47df89e9f578eafa6992a12d9d7de56d69fd0e30b15caabd13c28d63921597466292f8c4e87f23d53d52e6e8f1c9295af0743c8c671a49273074ba44dbce9e9b1136a93dbc19d2b8e60cda5f50eba2d814822a68a0fd4ff5e6a25dd5346f96b26b5e1563ebb97829a76fd8c2aa467499fdced91b05b193b68316494f11f5ce97ed8e13d474b03c6f6eda4eff54b0ec362fda53003e6e2a3868a5d57e2426aed5adccdac8e162c6cc20361dd4709889b79b2810ba42f531fdd3746562a00da65b4211fb7d8f482a3610748d3b80d2942d8432471f98c6e9036cb57f3913b31dd8baddd6d85b44e8463b838fcfb6979628c5fa3dbd30688e10b9ede257ebc7b96d4092f38d11b9e6a4d10490a9df1387b3743cf51e206c7dbc0741c408bbebaae7f36d81b5ce5b21bb9fe992c8a0cb3a91ea2df21e571ff094b53b17c46fe22c0cead29144d203294eb42c984790a6b6348ed8b7b0317ee5b2353cc54bcfd808bf0f61f73917584e17bd9259c8a04d2ba3b4f931571947c77035975933471fb1203088dce478eb4e411ddb7b88caeb02e1cda741245df701a2b5c29c48a631eaf18549bd90c70222fd6dafe5550726bb58dd0fbf84ffeeae683a0379505f03740a652025add8e0e4e6b5bfb4bd0876dfe1ecb639acc110eba97294a4e4642aefbcad04ba50d830e945fd9900ee7e02488694041f43cbaa86280c1df64e8f1f81f7cd5130914efd19b58262f3bd2c43bd8b4a5beac09f1ba27020521994465e62c329debb50efe0716d22cf0056febc7cb95aa818e10639077e91cac3c80b37d6eebc6907dde971b578383ee04086a0dad18750ceff6b8d6d373afa93a51fee65fe1318c1ac291b784e45d66962c8b54571bc1e92a996c11561d94af6ecdd37948d35adbd1ad63c1c05c31c7f4afd707aa1956d1444fec1137fb6d81f56566887131777e5fe3e2fafe8af8f21ed34480afe74afb25d8d16f8089fcb851ac49dd826b7f273aa3d771856d712c62397d49c72d93e3c2a5e6b9767fcff0fc5b3d70dcd70ff8bad5dfd7f5a84c194f99450601f970104f9be026852ead21824152dd8f6536fcd01a69177a65f2af266e619d61d20de0c738680fbec29e7c594cad29f009d46d87908c951b2e4ad8d9a67db8be6f570fe5416d9e4dd22a108140a1c95369731807325ee7f4201209a795fa1609ce8fa27384677816f651a96cc08400e1b647bdddfb851313e3ccaa472b9a6a1da3a0936e119a6d7808f09de244d739c39df3ed36004b77cb54b6b1396b718c87fba28cb1439c7d1d140dae1ee2c2a7d647427b1e7472710c7ac4f1fb0fc0c9d15ecce28167d23e2e42474dbf1c63c0819606be9c9b6dc2eb59bf9932568ef408c20e9498cf105e84eee30460d4348f4cdfab623b416adadb4427887d9b1b6b8db75b224e8a55fa0351d21093b2b7e42e6685491cbfce100d602d0281f4bd086b50612f3ccf055fab1aad97a52695a233c3d458be4536b66b0acdda5ce0aaab48bb7d7f39a8af473c4478991f1c4569839eab0c1d684001ee1772290871653a2293bb7754c1eac178c60f86e2a98e1992dee198c76365f2d04d159d7c210c6cc58764e3b7dfb5bc15190555febd01c69cab8f55926c28a13fa4f9060dde1ca2df7e1f71fd99a0c350d7f0e341ece8e0685e9c205b486ef400910211b688f07fb05b542261c74b45f4ac23ff53e9e620ab12dad7b5131f67128bb8ed6a4a70caec437f2157f8bcb3d080091e5715dfc7d7539dd0320c90d0aab6a6d7a447ebeea893a0efa2176292c648c62cedd4138c9d0535ab0621855484fc43e0e3e84357db6951bb21fe2f4e99fa188ebecbc23f73ea879bd304408acd1c470fd112606ccfd7b7970e950ebd363afbba359a51877248a42845097094ff785dc82264225752f3aefa980d9ed5309b48f47a5b5ef49f69808b91bde955277b6525f55436ffeba0bfa8c13f6314c57ec97eea295afc66a9f4ec844474c0da6ff1ef0c6c65c035f3bb74a70ffa668359b58a46af97600c428626b45c81a4e372e198894c02e2bee8010fb4c2c075ea623a6ee24a99e225f809322df6ea6f39b1566b1aee5403d45ba648f94f70976013199b3241744458d030a5319360780897413289d89267c389e04f23de79adf4b864c5ca76efc225eb1ecf6424887f0d8b3ac13cbe9df4eb69f7b702e85fb396dc4a030d57a8c4edd227ee568fb11a9859935ad53dcfdb01727f106af352c569a020b7e405a1ad4c6b39e2e8796fe9f16db3794550f5ef3ecd6af2b2ab0383e6c198f17ada5840bde84ccbaa661d9c456d9ddaf92763ba450098cd5a971d847fd5030a4c9b066ab3b0096dfdf7e5ce2f8349165f94c493b7e4192e85239bb11552f910fb41c5e96ee10fc8dce711e88e0572ce0bbbd9c9f3b7c9dae89f1dfa6af309c4321755a5b19070c8731ac590c30fffb69feeb75f699aebb101d3a30f784f1745182cb4f0bf63a148b521f0a03c691927694ee453b278523e3ed256c150098a932f62c90ac65faa4b9782c27a3ef6ca2b5ecae6a01d8a1d7096bf6a7d1b317a9eab22ef4907c631bcca224f723f5fb9a44d7e1295186cf37fd71343919aa167fa70a505a73e9f52a11cfbd40d8c1087d4ffdfe45a40ed5aebfa4b0c3622c78a914d68dd92f46478711437ff88803ab28cd9ce2223aa0fa37eb9d9a4a7866dec4ca6bb66e794ccac6bd19b11daa0b6d4d42cbcf7d6426b5718030ca51bf92b3d8ea0b11c46ec5c0c6e3805c88b39731b2b751d9928ed1ddba7c66bcc5273d709fd295aa0792384435b98c1f44575c028ff2869074156713931f7e62f8b0f8c7ee9dfeaeb2e096e77600586a47d6f6a2e13a17dfceae46ad84858bf8873f9f1e35fc700aef0a648af168ab0774a3441a203ef325577f2c76f5f0e5808acdc7965bc65e8ad1ca816bc3b67711ea42e619c957d0f26b394be1f3b0c4ac9af8558eaebf5c1c27b6549022513479b4c28dbe3f1c3131cc9211eee768f96a9c8b5e0e6425bef921a355faccf0072ba19b16d88b75feb5dc8fcfc1b7b5973eb9654ca3dcfd482831ff5d1fe09fe7ae43cf129c8c17a6686685a13ed076f34608b7ac16eb8e9de6a44418c4e3f8162e6a679bc9482df96a04b14575ebf093b99bf5cc26495f5dd6e571129d9760de3f801b001a1f3248d14f579bc519de2b656641a88da758a2ed3baf15fdf2739ddb44f0e5892de7ea48e9302129d0c939137b9d0687b296577675bcbf433a53f6a9816797cbfef1ba0caa2b8602387b5a8bae24d3e15d42b34d81708738fd269c3e8cbacdc3ff5ab1d4816a783d7be0f0a8086e345a6b4c231ffd61745f6c45cfceaf6089e70542aea1574e3c78740f77a08eb55b37f03549c1dd318cb5a76094210e8cf800c350d328fbf9442d0437e7affd54b3bfc33da3f24558f3ea8e59da8e61ae60e7e7b4de7179b8cf941d51d420c8eee69143966800dc4f7bcb50a033331fcac02a65e88de28ab219c68388a9da9196e044dd1ebbd3994bf8cc862f6f8b419fa1f4f4e5427f10866b498935fa28b8e6f9c5e48be8b74b9c2262823390480f71aff6cf72281f526265877d223eef9ad7a4be7438f9afb6aff0e80c5125c2c612ceb83f0470ea04479979c0a10fbbd0bed7379e949cc19fe36fbcbcc59a9fe30a2662d3e4d22862e8841b587b8995ef8482bc60fe0863b41752ef3dd44a387eff101595822bf1ce440ff9e5f73e560e4f7fbfe4754d9dabbcd92de02017eb43d3cf7c75e45ba04009a782a68ce11eefd52253c721daa5f37c6408e37b48d1f2e36d7c1793300f2c9039e69a52057486b63c0fa644d00528ce48f2e551ca88e356ac25ae74c73492ed3e6233490acfbe7ed8244f23e2af86e0ade6b78bb34a75a86f6cbadbd39762680cb0821d6d28f18d427df13d0e747f6da54be970e43ef8ca8285dc8bf44e3cecdbf2d8757a9800bb889b846d58cc636a2648809451a95736a0ecec6ea3fe61fb24dcd8a00ac0b8933918189cda555b17e431d99ee190d6d0d9f769e665ec193ba8889ae72a01e18b98cebb75d20ed778e5778ef657ce85d40eafa44b46f293d64023b877e8c5d58587c3abecf9a1ad8d874a4cdba0bfbea61b7eb19e81f7c932be12a83bacc51017b42dbe2931dc11c742a5a942cb6ed9bd9922ad78f55b0f6cbae0e8d4235140263ed8c83ab22e71a0f0a62b6920b5d5109e415254e527546546bd025cf1583e3e8d9d5bf735a4651fa2e5c3c86a185bb77e9b75224cdda8cb0eb21d9e3bb19e286832aa5dce19f055539a0a5caccfd752742a31d0af882c4f02c29cbd90ac2cdf5cc61c448cd09eb7b82b930ca99962c0e5ed84124fe37f7d30aad0296ee340377a7e0aa7413c495ac8ab0b482c4c5f59872efd5a1ceadbc7606e67d3c79a77d095bd82519db0893b9d2bbc2b2f3a7391826840e49424703c006399cde5f2a52a9383e89dfbfca284be4d75dd3aafd8a43dc6c71bd7fde9460647eb5c97707e96ddb9124d6020da38ee7ad743db8fd0377a8711905194c496e39a2132d7bbf35b79f920b6dcaa73625bf8b5320da250513cd45bf42c8072809ad59d69c02f0554cf82b79ff291e42d9227de1948352b0dba0281b69876ae0ca24972a5e75aee7e0a46bd4fc83f5a0dd3f22d666f2d950ca580c6da6dfaaa293beded10d1328613611b6e01d5d8567541e81466467302d8050a3ae4791fbddc1aec749edb68173be5341166c1d5c42d63e7368473e48bafa43459de3fa3a5550a4ac979711dd9a2d6796b0bcf9b5881124ade4b12bf64fa55724976a0da9d642e76a036c430f5fb2c06d599b0f78e978580f8eb763d2846177ff18b9b5cf8c76197ed809ef24212bc5563a1713214ce78e0e6cced6e41578d46a07839795c83c189610244bc1b680535fce39f290da90d719078015d90020b1d4567a97081b48514709df8e327d814e8c15496d90efacae6b13e297ed520d280203896bbc3a23f3b638adf594de03a782bb292a93ef0b14b8b3e13c01787a0b7bfb3abd8ab15eebbc651b7b054d3e56ebb7808de9b9bd067560ec6a6432455b37054292a3d9d32434506bf84b2907560017089de3f60c2deb4dfb7371f96d65a575d446aa1d2df81867135120df4e24e9227f72ff9f8f015a7754948704ecd084a1a93fbeb5a44af086ef73e9fc1c072b7d5473e92558fc2824acf27f1dbe9b019247d3074bf4256a966ceb674a2c4222632c8e4b6c0736de019ccfe4cca40b9b07f8c4df9753cdfb4ad66643ed71510983e29c2b5f9ae7db4913cb74d9dd0461a900810650d0da73f766aa6882385f3bb40644bf43f01faf2aa4cd187659edb0498527f201442b64349afa814b3dae5ce815971f3b11d177e3e1aaf90c7674c097d475640218ad27e63f9071c9081c06d9b5d1f3a070da3eed4f4080190a74063e7f97b5f35706dd1173dcbfa13a70d5362e50d57d0c5105c8d3beb926d93f61699e737ebe1a935839c3aa5b629dc93aa209d9e7774c40de7f59fca1eb274a8280022a15934e5dd2579a8cf5cd16a3b0a1ff3ea712c4258164fe2fa17a4cbfa5630f4041bad4204605eb2e762d610fa17dafa415ed8a678da1d4b5a6618d71d0066d66e3ac10b3ce65137a5a02344abc57f1be4ce0cbf1a2ac66dcb5e94495e863819c627e4704fb479c232b27aa4a5dfca8896a7eb8e0592b6b392ec9fa2767f569d5c1356d7ef7a909d8ee344ba017c75ca664d98f5288230b7f1ffa2fa7a5d07fab5f4b53b7f19c3fb361795fd632fa8a654004d931b4b7fc0890927aec727160cded3c01b7e40e6b81ce015796895f9c007762a1c22acfb9513eccd93c845e91ea8b0960b299b3ce788cbcce5bea9a94325289d2c3573975c512d56e19c4655f849b3652f8b5f9fa6f49e03202f2031debe3c299c3ceceb1febf4b285da9033493088a36f885ed6d3958b8d05cc6be00f3465de8bf6e41796d17e393067585b459b143d592cea102f584e48676a45f896cf662bd6b3b2309aa7f46d2b8ec6597a063f12bcc88922050c8c1e070134ce77ab1cb7a7f29983a0b30d9b2abeca5cfbfc55e941376c616c2834b1c1c9a9473b531c86c3b708478ee95923fe6a8108c2c4dc8a78a9d5e995f6c815b292b986cab0afa233ef10567a49d4e8dc17f438b90b620df4d291b52549ac8e1b69078b62011ed4bb0e288db740817ff07d01e779e11cb8e0606b5ca3aac6c7b262499f5a115acdad8a67b6eb77503318ef3bf0008347b270aa986d9e79e2af174f38a4743250c1091e6053a7a785464483161aad3ef3ad976e5329b71afe9bbfd93d7541a1014db4cc159ac266021e841c665217fa150e130f921ebd4cfb5accdb87f5f9bc0fd94b402289db4d0ac3f0906a689aef044c09fc2c5a00f7795ea935aeb943eb32826bd2176c1d1cb058195e3229d293595ebc07514c6b038a1d964199c59e59d4fc621c54b7bbd3410ccec22f7fb6751527c2aa0940ed2f0c9dcfc4e99ced91d09ba4a37042b5f48b127439cad24df2951ff1e769d3892dc4788dbbe27cce60f7f0138789444712e84e059ac0a4e87557f6c3369fc61b9a843c816df3cb4ec77a11e16390234da24dc0420f6a44554fc7954cc74d63ec030d4d964898e14500d0dacdbb2959f7a8a191773f66448348f36c3f4904187088bcfeafda7dd721236810d04469e93ca4e7926305c25b1ef1380d775008fd238e33e8dd2dc5a9783f97414487a7ef70eba3dcf71331803fad223f65aadfc87d79512bf311c14926d619a089f5e84c46f4a9ff393969f8eacc8fa20acaa9eb01a8aab625853e415d3871e555a11ee71ee93cba85ee9cde60b3962e294c2c840f0a1ba87714bac54f1ca0ebda74daa3e8e19d382b951d64a22da48c632ec5754f42129214a807427e69a93c128b6b0a8697c9ee375818dd79244a38287fe8f66c7cc3aa18aee2fbf804fc1aadcc7d2daf75be82a60276b6902a51f2bbb64c261915b80053fb9635f405f1fa855d1ec8adc0ebe9648b8151eda70ec5ad5f704fa2a337bcfb7ecbc845a11cae7a68d6bc58f107ac7bb0c2f6b83edc48703ba00c94036b9af4ada51d6d78bfe697df06f47573c14cd7191ec52dc0f208ecdcf54669529bba2c2fb7a6b38f6f2b5ec5fe876f03c096ae092b6f881a84b00edd1e9f67449069d876afaa99eb1a446f20656b5104c72ed28bd8553c724785f4e8bfdc33194409960de4969b708ce26e4cd608d21ace0c38e27d54b55369a9e807cfda9a6240466dd94f6150d4b0105f7b9ae392009b2cf146d1dad5d7c8664463d7d60d11b45f30d01db7364e21ac557d37a4c9ad88926c472e98710d2cbfc4b70d6a5dbb128d46909e634761c6f6952bf9021aa5282c391dcee3278a25e3e2ee31a7f6713979a546084fb2e598214c36a3b7618bf23c57bb23b33e9c98dfe5192ef257dc2d891a6f7c11be334fbdab015eedafe1c4aea95ff1fa6d340d0cade542f3f782c1589470fa64c6fd9ac0c31536ecee0ae312f992733beea6fcaf7562dd6e0f2c016f712ce14d93f02a54f577c75b444fd7f46e9bd2cd9cd1f89195781d88f984eca45c97355095d3b48b0d9bd730c7d6f63b1dc78d2344bdb0f18c4e1554822345c11efa2ba32bcef4f29ed05315cf44617a80d7d1392de077bbda08669c8c3cb6c0b12f872f1247bc1d07634bf5bf4acc3a4ecdae7e6acd7c4af9820147afe55500a7270d7eb511f907339e5af54cfaf33e2364f54091ebee2a245ba048452d383cd441604c4dd1c6376e4df8b83ebf6070d2be248174fc1dc0a1352c103325360aeb3ab71cb73bb646ac6247dd68155fd48b90250c3b0f250a74f827780367e117a94094e5005e2f926accaef0b3e36c25e315c1e80cd4c3481f3465d99025c7de91c45bb8dd0a5577174c1f366017d87d2033239a8b6f399a9095845b5fafe9cca113b93f455bb790709b6c93fcbbd0c4bd7b5d621088dca06802e241836291226ad56d40b3b4e90eb68bd5845742baf4cb4a69b4bdb07f02d0bd6fbb5a5fad3af030816b254725e6db4073b7a0536b884c8985c3a159cdb105c73f7e0e03546248336449eff6afeb96cf8ad3617df18ee2247bc2d11ebbe10e0379f5578c41611872c5461541fb4da5be3f3348e0592982a61c352315370a9b452306c9f31f9040ef755ad096a8733dd9daf6bdbcb7a3521ad2282ae4fa7bfdb9cda5997ba3a6652af46c6d0205bb356dfb411e2b931b357723bb70254211819b74a461ed5c126cec6573cda4f6107fc3ebc76483621e9ab5789a5575ea3a91463f76138ea0f3ec9c44e1cddb2de59bef83333d235e922b920e267453676575b38e6415bd136534b8df2360ab489fb69eefd04b66758ab5dd105be7b0635f7194f9e4b158b22b21ac97fda4e804747a9718b40a32531cd5c3fd1d3c1dd8ba5ef9c86d3c8df8c71f81da1a9756e5db4dddf70755053f7129d656a8069fe83c39ab240cf7a73f0f880ec7a791c5115ab262184839b906c238eaabf2268dfcd6560c5bcb70fea00b580ad52e7de0333e6de63ae351952e6e5dee6edf284de0a2f53e2089db13bd5eca5f98883a24eb2e1a58ae199f8db9c60a5b6b85585b2d2a17d6b5406e5668685d95c4718c375db05f7953b363c25d2ed0906eda70eb659845acd31fec9b8e4d5951d12fd50bbb969dd824a78c72622c8311a980f0f2e6a1ddc368879a1f3a07d3c0780e85a4e5d13223a3424782e3f77bf6a1ebf823f468d41b777ff61345064f1096ed653c277bab90ca5afc8ad6d25f4447236cdd82950afff27763f3fef5308f034379f4ad4955cb8cc5280d51b5427de4eba374f64dde2f1e7a6ae628aa4696160a5cf0ae9fc70e307b4eb19c0a5af2c2855710c8e117211d73a7e7f3f7f2ba55d03a4b73d816c9c3fc1edb86ec95ddcd77884a913805ad6549e7a5f776a1c2385dd6d83877727f128207cda29f83462269a7f606fa31934d06a6e0efd238d0a180c754a9d2e85609fd20c880ea0e79cbe887c442f9f682801da783529e1e45eb3e70195fa2711fa291dca43ee0672b7afc14cf87b9506a7ebe223019c856777e1783f6ae1b0ed90486b32e3b6f7ff77be834c7b6676da6c8052fa49450e3e16a6f90ee33742bbfe3dc025832e0bbc7abeb625077b8c1ea07dee89c7dc26fa42514ff9ac21e848e32309bc2862a873fb57796e05923fce42fa2833c73866e22a04497ec13acebcdff6ae1df71dd8756f1febac04f2034c1f3e1d401ddbdb7f2ef676d5c85437830d527a5fb04c9bbf0d892ee1306d2d2df37008916a3a66e70f865cd6d25de16fdb4bb4f2616204cf86a3ffdbf147223968c092a46dc2aae4aedb32fb850b85d4adb87bfada328bce4c2c70ec42affde442179fcc1d3d9f5e4a848c8ba03b0df3065d1b2d5f1b08d8c25148c51bb54e191a87ea59903084000b4b520fffda111fe831d4bdcf62423c1fcd673b020c5f2c41973dd1b9698054368081f917715e1c1592bc78dd265e051bcda5bf5877821fedfcf7790a58b328cf780f71ee71491e59194504bc800d319251607e53ba0e1ed15cd4fd5c959eaff4d3a1c7cb28c479f2776256633ef7c0f0e98688b54e8c8634cf57e27e5c1ee1e43573ae23bfbb1ff1bef6cabd33c02ff165c44f0f190426ba8391ba4f03458be3351869c5c5c9d5fa5600edbcce523525b9cd9c3bb040e34771ea277d05cb76302c72fac5edc815412dbbbc651371d70d044c4f89a68da7abd836fb3a495e212b5fd13819c41c9a240405582ae69b7c35b30935af3085d457a4d76a94c9272c5eafcecc4c92dd4f314b04b4739864e626a5bab27fa2f345f052afe3bae2ff4c442c42a1c83091bfcc23a3b5e06a511d02cefcd618a6d9761de00af192cf1aacc902cf3ba98f898c48fbc74b6710db7ac890b4f7ed7377e0fa3b4c46a131e775130a80db5014a79e674c8fc8b45495066e88201d2e320320fa4561abab617d0e67e9e879b0080a8ab404f4eb007a088990aa6a7b29afce5b8dd038ce96d43e1271315f6070e761e759c44fba1ce78730e35ca31e0bf5840cc01289c81613a07c497f288ed70a6d10d9f58fe135558b2a862bd877fcc939d7536e7dc988409290cd73da04a3b1399b0a2637f737d5f86bba4a31019546e2000a3ca57f8291cd9af28299eb93909061200c9738cca998add04e7bb0137ecc460fc3ef72872e7d13c159914fcdf577910e6c5d7a1636b13b78c5088551c614e3c75befb0f37fb89b918f4aad0126a9efd3390d6a0cab97ed0e01c7eae0e798a4142345578beb10d6b61a90b4d1fe836022def90bb8e37e07428a4592e7bf30e935951e492234a8db96f081379e7c4e18c3b6ce4ed1f97698dc1da940f14217e877bb8e0f33b392d801a01c48ec62ce2774d2e4e55e9415c063e1bfa31a8f0633443ec19c5fab977c1485147e46c06f86742278fd071de4a165dff7eddd5390a1e031d80e3d44477f6009c9fc27a7d92b865a292b0d586083f681c2d92da7e7f42eabd076fa7d61eba0c2b406c75f1cec561b1a523dd4c6f344b02ed59bd473d7d30a24144e981fc8da434931adeb841d63bb705485f8f58a180da91af64bad1379356787b37467dc9b4a0d12496e5048e7ccb40a978eebee5eaac4e9dd96faf194aa93a22333d7f68cccde147dce26c9ff18d7c8ffe0d1377c70dd1057d54473b2c2b2b3eea82fb223952c0dc3796efd0cd94afea38341ab9a83c6a9ee77f26bf8dea8510dfc964f9b9b4942c08ade50e43f06e5101f2e6b68b6a7f9cc5443c862b1198627461938daf4bd1fc7b21d6d7fd3f775f0e4a1f60434a242b049f159dbe5de145e741c5c9b4e59a7f5d7de54a6d51cd87845dde819ca74e3abf60356fbcf18bfff3b6ae1c545e243c08f9f41b86e55ed6e71be453843e0bffc5b6bdcfeefd33075ee5110627d4f05e008e54ddd62fb6979d9c2a5e4a2cb45fad7b2d77bd17508952889b30df2124cdc2fe6a749a12c9f6dbbd01226cc4ba2693b7e6a858d3c36ac6519ee70e896588a6df81b0e3be3604bbbe1a845088cf1834a04368dde8b6ee76d0492911dc09b05cf6642e0003cd8faafd398872c1a8dc3e85d3658ec8", 0x2000, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={0x90, 0x0, 0x8, {0x3, 0x3, 0x100000003, 0x0, 0x0, 0x3881fffc, {0x5, 0x7, 0x1, 0x0, 0x3, 0x0, 0xa, 0x0, 0x0, 0x8000, 0x0, 0x0, r3, 0x5, 0x8009}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f00000021c0)="01d9bd747db6ed5fe9f9059f787566419f91d8fd78724849848a7e4a1a459fec0b4a3069cd75e15842507ac4ae6e8bf0fa837d91f84cf0466f3acc71dd5d7967234f1181d4688760639ae355157ccbbc1a5bc59697b87b1c09077b4b9c480ce87c1cb58bb6ac722f0f61210f72b8ae1bbb3f606bb58fb4f735bbc00def5fc46c9649e336ccb3a83948ec44bea55d74fa4b56c31a58c3bf68334b3092add8d5073ab8736f3da6d91389d1c71146bdfd9775b05463ca1c87219b3dc9051b87795ad2da4f6d16f6ebedea5a3474e5bcb5aaf4f82bef66127f0e86886cc566e248b876338160e4a417ee5054365328fbc5c70ec1f89685fb00befb9c808b9187af4801be13365f3a85e54c4d5cd55a3333a26940f405c0d8233f2ad923ce66032e90f14774ebd91cfaa07a57840fcc9a875da1af500d54a74c0b85383d8570444cf4f4a22e54922c43c6a1f88d30bd00e7f16395d1a096977e1b8dd453b096100cff6bf7fb15aebbf0fd5bcf90080ca8829978d616aaae6842d3bd8a9c62f2841a4cbb8185b1b77f0c67ad6a308129ccb7d2e630ad22f55f3a27728d5047c08a6ce533f15d8ad0b26e96287c9ce8ca5c55361c6c4700537baaffccdf8c9c61c26ed438969fe62010c4dffdac0ad554205aac3c87f277f9cf900b24c51df10f0b9b748a722dd3fee80d34909cc88011a7c9ea9da85bb5133ffeb0914d8f5718830f45b5470206e456b2bf4682c8317000b8c1b72f50d75b4b5193340b9ebba71599439cdcb4677c52cd8e3fa7065e6da5c4017967e7a671f538a9d05320b0bbee2300d095f71d29b071fec6d348a4d4d6a9dd81bf6cefc5738a8cff25ec4a92e0e9ca20094e5784f668159373cc26fc51ac9143f57387f6057587da1aaa4dac958ee3a840e31f8fc08424384f4ad17e7514d039127dfea7c57ca179dc0edea233db22f7b2828a7cbf9ec255e366c48b468641f987f4424cce789da4c73931d645d152d2f8fd05c6abba60eeeeff540fdd2a1498025576d408f99bbdb9f935198df1f620bebe2aa109d9f76884c24e8406e6cb4e8c8596be504080c12e7558e7af03a31118985bed538881585ed514151a85f609aacd236b774efd0f88e3b9e95a8a9c069d66cd46383ced698083775cbf8d3bc8cc1a94e68bd956fa050de8a7261cf882da4c8cbe60458cdf237c1c7682fde5f8661af31de8ac0d7e5165cf541dd867f0b81fa674abc0d8e8d47f1f7d35492abf26c9277ac420413862dacf558d43f3052fce8f81977fcc0ce9e645d50a373e34b6948b6c9b46bd61bebf8fab0b000000000000426d66752fa9990ec6949671f498491909974d7216067976d08bb17d3d0e35b0334929472dadd4e2b46fbda7697ca66548996844fc50e1846e5c99ab9949b9d4833bb564cb3fe2c6edeb7322a442b31e65c97b6748b0444dba6a3ad829d85d37055579bc1daaf8d2ae1dcc70ea6a6c1406ec20670df5c09782e9521c95f0cbdde74b75fa08e5dc04149696128e7d96365e525c010b5b908f13d14aff699bcb03a11b1b751e7a17b4b191c3c55338ed8c8a6ef1921c363cff2cbb3844e8ff4a70a5dd2e2ed5b0c1658716d407b8c7136af807dfcb76a47c94b9c1d226de418d467a485260e93fc047751a8ebc5becd54085ba40501f2c9aa233f90a07d32cd3bd3bdd990d91a9639366c84feb766b7d6b1dcdf9659a1bf32beeb05eb77b43efcd1071ace1e5e22d75c77d1df472b0952cb5a9d10461d8fa8077425366e74d9c3626cdbda19447225ff9832cd3be17486099ffdd2e40d91e85f9c80e6bd526cd2fdd038bd14aae74d09441ac335f1e1ba9067df31d8456dbcf187f709e69e86f32bfc14c0e560d49cf75adfdeb1eeb669fe6e1e633b4011af592068cb6d04da83740374ac486ceaa1595fa9d988cef328a54e29bdda394d3fe63b534d5deec94dae012ef4af1f14a5119b1b242efb522b6e8f4db3db6b969abbf11b3dba51f955aa235f5494cf91bd85446fd9af3f9d574d2539e4c66f628676d92121197a87894a0cb4720739b49102531df036eed1ff1a5e8ea185ef678b8b03e2f40a39512f216dda5e23a193b716138da1ede456a6a9131b3e543c0b282030a702223414017c33575ddee481dd08aaf80881c7cd809d16d8a1f6053d740d2633a2b6163c18ace00740cd8d9e8e519903902041e40d6c72b75a1d8c424455c46bfe94194ce4ff32fc521ca58388f3fd527da1b104eb8cc2806495f3791b82c0e589734d7bfe9db9b45b27297c707e1062830f9846b0e00bc9e9275ca1c657fcfd2c671ea2637dfcd9fb9879c67811c30251f404a009ac7007afd3fb189cd3b6ccd4833ba9309015eeee32293bd7e42562442593b55f3acff3701a4dc882faa9e466636bffc778fedc8bdc77dabd9f93157654985340302925e6356b09a75cc5d76c702b95ec5ced416c0c8205b00ce8546e708b6000bfaf6a81b86b6aef432335fb85f6b8ce4b2e4929c250408289c92c7cc0ff981c5d20485940a88ea51c995b654b4ef3914e76b7a1cc8c3e73e08224fb097decede57c8660f28cc05d7957848b445f4ec5147740d5b840539ecc2793a329ad7c184f8c53426f9c5d9b0d1923c0f27b8467485893b59e117ae7d3859e9b8ca858b911cc1d0ef72fe57c6b449118c8de941e99bb0a62c0331e48d932cb4d2eb2310626b7f018dce8e07b07dc05c130fd00b8981fe7a3957eb339a5a79eae891a3e53d885084ce0df58f0273962af7c4bdcf4ef11e294737d355684950592bcb6b519a7c0f8f2e073652de5f1516f2dc4f55a101b4267ea0657d256f46b9aa12cd7932cc1b128161eb079d10a340f03ff514a28f033b2fce53b135df5e375030f8924d6c75baaea35f74888d21901924f93054990f82a8982541d3e1dffcd283d812417b987c3862f246a9d1e5bbfcaba129633d66106f9626faaf5e7e82fa5a511c36873df7329b5e73daef85b96ea2226f1795635f521b588b00c218e110a829ee69c26aef7684437b7007075a5ec5a35e747636510af1761c979c7b75872e66ad652ef7f6661544c6b2dd875c79f3b57b49f1aa552867ea9f556849e8625d6e089c41ae0dd3d08cc2f28435142f9a043aac446a56adfe0679fb107452c9893987ebb471eefb0ea9bd7ca0281ef8e45207b81c983fb44d47805378271590f01c01de6f3d21f4c6d320102e71a5a88d346037b00e7136c4ba275c91bda277f1e4d19dd13aa182960412aeac6f4cff0df7763e2765a71214ede4a98c90b3ee7c7ba9cbc9656df96f9bde9f99b0b413924cf96e41491ec2206ba946b4cbdb64173257d85870996f28f6928693106214967f55245e24cfbefeab58f59fc1893e03adab5a685ff916a6cf48c514a9845b2c71edd5a7cb8c3e261b224a4f5fcfc06ded6f634b0cae99bf366b09e8e4f082e2b26be752f0703198af1c8737d64c91a0ec7b54f9c33d91378ea2e5caedd3b2fdeef0a0277d07efeb7f09fb4c6deedfb42696576e1559c8ab55cc2d452101e0b3cb22229b5a9df12df23651a955fb091cf4b573371d260e4354f8fd13d53a2560fba582ddea7679dff96d7a89195a364c7271e98734dd7e2b53bd9af3bcb46634c033c3bcfa82d956eb6d5bff069a176b5f92f24db693af4866cb44bea283903ed11dab80f0e30d5eedc04ee6535ac6e00c7ec68953cb7fae2708bae9f5bb1a592cd4e7db93a067c3da2b72e4cb61930d29ccc29919d3731e7334e61630daae383301446aeb07963ce8a329a4107b07343eb2686e2304ef316cc5f32f0b5b7b619750adca5b7b45c0b9e6ca876bde4ad3fee9f32449230c900c890b0cf044efb4100410b8591658e9c38f64feabfd7cdceb57b30a16f38c3266f01102a6cbb382139a0c8ebf1f4b3fc8ed69a9baa82f466030511a92c0b236f3a513d906ceeebf973da71d8c458df8e2a96046fb3798946997e731eabd4605a2ebf1b09e49f43b871fb653dee1db85a44fcd0f45853e9fbcace734aaf6908213670e841dff7e6a7317ae8b8d6be1f6c8b9446bd43373ac3fb08de8a1e4a9e17efdefc08bfce8fa41432fd5fa8a8f3ad5849a778c6dadff2bc9a6227c16366cd588d7e130ca6f8b8367f427412be861021cc077ca1f572ae1ffcbaad7e4772d1a873cd959230e542eacf3b28ce6245adab37abf0a6f73adb96fa91d63cba33b523f7adaea8075ca29224818f40822b7e90129cd962f479d606a6c6fb270bd273288a30e820729edc9c1fe7e96541aa854b03f70d26639a0f177e5193d59de82abd1d64d993d8be1b24783428ac35962527bdcea26976fdb3aec376a5b1e7d1c9bc8744e19ae35868409bf6538d9a8c60f9d375f9e7dfe1bd1df8dcbada68d3151d294ef10263909c2df4842d19b2383b86411637f261b731fe64fcbb19bae35eec6cd19a6f9936e52c28d775e1ac4a34ef986091ac2485b6c2bcb64b279b6e3f77077562cf2a16d32ef86a0a4566c21da3187dd7b4736cf1d76b5aabbf0734e2c46db63fa5b5d28478c7fbc8de54364ee696e90341f041ad3f435477e0b944c63949c707a25c99f82a14a3cbdcb8e7d67c423453c7d8d9f97ebbc61eb672696eccf185aa844677a9fa4d5587744aca6cb5b2db4898a3c689f312f22828585866e47e04acc4dc8d0f19e414194821997687558412ce4118acba56ccc65965465ec5e88cd2e164c80df4aa59181b30740abffc71f4b968a20de3713d559c50b0fb6219fdd2b510011b5de6d4debf8e6551ebb7b4f983f6d993a13f9da0284d21728cc3e17326ee5b2b1c604dc113f9391df4f0dc9513e8dfd063af37735a420668f40a925520fd07b237fa9468dfe5b33c57fbddc6a925e1a1923309734d8808942b6a4dcfab2a9e6cb0242159ce73c0871b2b0966d079dd9d57521a137c7c262de2afa8c1c19465e02c930d10e4569d0fd0c29dd2724f56928c3c753f33764063fa5530fac0810078b13fe8cd3c828b2ac47e379ff6e497a6a4fad3def72c72e073586d798de6a1593e4bb08a7e06039e806eaba3ffb813f9abca40d38be6bd6e25043c1a2ae3aac13bd61d4884e3d67152b1efc75b3acea4cba57013fdb39c84e0e4a27758353e1dcb6aa2a736d60c0f591714464f1f1889bf7aaa7c97b9126f509158c23211fe1bd55839e5ce6249305b664afa1491f9fe9315ffa8e5b2f5a539d267786c41206c59f2c51de6b3004c79f48a3512bcfaf08ef2c50d3bf4f2dc7b48fe41574543d625cf5ccbab790e49a4b36cbf86ed1903697b3dec4d2d602d68b58a92adc5a60664cd33c65db16bbe9e745bcd578867129667ba987f13dd94853381b7f9557e4efc9671dc01512968d1d219b467b2587bc35cfee0022f56f8e0f413ed728b6d6f927dc92805360309c986aa5dcb2b25f4bdb62c69cf343f5d658811083df7d228ad779709bb62530fa288cc04f4246266974a9c8fb1e3a0c7f6fd36364f05251bfa4329bade5a695f50297d463de238510ff392fb0fadca7a03f5dbf0c35e290c9dd8c2dc161e4067f3635f905adecc54e8abb1af2c2d2821bd2e57afb21296a447ab31302ce062f2273e9bd11a7a34af15ced2151a3a4cb99a362e0ad1c56da253728de0ba8174ccf51aeae68373d5e7a9ed1e05d23b27da4b0ab1f989412a8f37156b2250f9fdc963727e39453dd82785ccc6a56650e3a55baa5f3aaf0d3ac09a7e22402580630a2aeddaf710820609bf5409ffb4d32fa1b4def62f189ff4b6cd63c2b66213ea6af4675018b4b1bc8145a42b53e5b962487bf2211b5287bad700c06c44101ff36a9357949a6e6512a6ca800bc64d54d3839c86049d13a68007c9124d1e65363e9d3d2ae6abda06ce2210d7513aecb7cda30b3cef3b769cc07e0101034c4ae8bf99dbb8e757c4c6eeac4eb2c38c756c2f8d8a8d85aff83af5e44682f29e8ae3acf5a2da70c75259b7cf2ee3c96553d6c9b5f4055888001c3c56d5fbdad17e215e92f8b94eb7ca5c7fea4a1c84fd314bda36ff071906cbebadbbb61c264e51487611feed04a09caf40c364ea0b105c33617635b4a2da8337f2f60e38cd031f6adb18b808a54fc991d2480c8f710ecb7e8eb4517031b12cdfeec1a5386253a4683fdf28a1f8098893ddd0f3eac3f01f27ae8d08ca0d567d81e572def70fe9e26a053faff45933a1ba42535624adf0d95391bb53f8c5d386f4d6fea82ba974a81f6e97eb4eee706070956009f87935ff695a1c1fb888464e47dff62756ea6af463621b7e2652d3e92cc93a4d453060b1d309b7d7d38b1ff54c5de867a105c32efe383481aeeffc4732c785a62a23ca958819d344a80f9cc1a57372ad795d18c58d541ff3d64da997f3af375673b644e5640d5f6656e25b55931f4bf0585cfcf0a49b7411ddc37def67ad4cd7d344580b8f9015d41173b8e837d070e0554cfd379acf3190bfe9447432d708b4e04dd74d6c14654ee6037715274425ba9a703b90303b73cf4c66b524f2c788aec33e448ecc428ae9daab714ab31304f66f1d14ea1cf111ff76f3428455a97b4f959c763ad60f50e9ff2ef840ec8aecd18874d3814c5dcca93effd6658cfe9642a21b5e47c7b12376e16e0700553762d3dcaeeb59d9c45e736fc13d07fac9159a52bad01466bbde0d9f41a56ba403da0aa9995070b54dad0f6c6df97517e32868737753280271c4ba863c0392c74a90a7e3489900c41546fe2b53d9939fc78449feb439d083305f4cd311b4465861b03869c0013d950de9084dbeb712443f5dfeb3d4c269203225f1977dcba8e55be3dfda61cf4ba88542f054e8c602a006ff54a9caa0d3f140b346e937e950b099ad049fc1bc08abff1d2e9dadcdd385118e3240a7b1777a773a7ae84322a0d2ae7d94d5119f8cf4de4167fe7b303000000000000009485b8326c6a251768a874ba7a41ca8abe105feb7599f4ee89a1324976c528740420ff0bf4cdae01cb6445ea3ceb4f5bfc687a6d9d56eeaf69ade363b5d97ccce02f866cd1870b64ebeed7da81caa3cad3a19a65bc266d2e36fadf75a0ea8aa62a412709195d54ff4ee5c069b5411e81f72969a5d13a8f69c8438275499112937f25ad0350f866192216395eeeb3459a8ad32aeae85afb6fae11f82af0578ca71e4474ce5bc936db3f3703c970f0486f3b09154b3c4d183b50e706af21df394f757558bc9eaffe1aa6b8612a478a1c2802e280144998492dfed0fe7f020bad4a72015fb657400f8f360e2c101d69f3c784612ee89184e56329a4e2f8650e93d2d2f2d0ab252dba7637ff10c76dd3c0ea704179d13d6bfe6c5b951900097f1f3e618057b4dad6d06541fde48ef21ec8e17808d83cffba390151f7ddcfd770cf9747c190280b470e025a9ade33c9a6abcb6daf40a56440bb34aa46868bd4db9107773496a905af16f23dffa8ac8d2838c2bbf01ef19d095aba581ece2594d6f703fd723ca013e81a006f1bb9b0b31380c7311c6a94394d0c3799cfa89204196046e1f5910ac4dc755129ee4f99d589ed94b3721e45c521a8ce2cbd6a8950a8667bf0632661f3a00e5267c591112d5568c95cb7cac89e54ed9854a330a6c932ceba3135e775037ab38e9384eb02069e0cc123c3dff03b322b81b479040bfc5bb51a5988838d020861a0f27e621ff60b2a878c5a46ffb074ba1ba1376f0512097dcd2a854dad40d1ea94776530e949059bdfc92071299eb4b2ae9d9216c8b2ea98df581f7c80ea84ec630f7cdfb71d2989c86795a5a7a8f2fa900b12035c23e09d405126e2ad0f8a5824dc1e0100cc9e664f18d6200c42f99e9f946f481f71b59c3ce3bafb12bf4b0b261f9d090b10e332f36c77e0d9f7029783ae537e6e8930e060f7b7893b1c45b1f72570a92a5da8e334e87c5b4e30310bac4c0963ef835f3017d6da7b38a21920f7b3ed271fcb6f295da45909f89b8309d695ea3bdaa23fe9e8ee09ba1bc0056d0faf8d021e590fcd588e5b1fcfcfdde962a08cafdc5a93462a0598923ab9710d6ab8b74375fc45cbf1246fd3c0db1a44b188f82d84ff2f5b9ffde516e5afae8e61d30361b7902e3280afaa9a964689ffe86476e432f5f7500ee029d7c969ad44e9bcc9a33431a6b21d070000000000000007f17444c5b0fb5bba3841cbd4626932901bda7030e4cb0e81caf720190ef6b3baf61f0a80ecddc7cf6f8bfae2135ee09d78fd3b3e39971445bcf6faccf84d5c1dfc6de07be07b7ab4fca0eb200604f21e8c86471435fb4d10385dee7cd87a5c3dacfc7d05eeaf5a687e2560fd462348acf5b5f018bb22eb07f4cc1841fcd478158212bbf6c27226d0e0fa1de0b68379f14e9beeee23071b05599ef468cc3c07de57200638ba55af4e1f66e4ab452e1350ef2584654727f99c24dd575c623f3a282341941d62c0bb544ad0c760ea6dac7719095bd968f8b756c7adb5399c46e20404a92ae95fe963b597207c10fa18926d5079ead101b873d1c01912fb952ef862c0d49f8fe7c00ca5c41409166670da936a116a50ef3888b50137f13f8f7d0b690021ec79aeb2f594ce7838f204a36e19eadf69101bcba7e8419929ae95c1fb72b341b025d619ef34c13ce17fb95b5cd8fdb38a0905a8e31059a348de1b96100521e9aa28b2754d74f3e66d78d4fc577b3facc91c6b3ec731888a68599ce6b7b8f51527a6b4f805a502078b644c23f3151e8d239f28b5df9eb0baf21f783931cd6fbd241ece83ffd28e95ba391ac4627788817dae1bee3d2ba96d9715b7f27b1cb4dfa9e4965efed4175c7f707d59f2274f420c0346bf64145d436b4a6ac00297b2f3ac9ac251e7c111e36dbaa7acf56f0623033ab7b777bfd567f059fa5cb81f1d2cd37d182bbe0b63fbd38308ffe7afa635d1e45ad9e47b7984f0245a18f8d3c1ee119aac8f356dcce6e79fcef0510ecab7b21aac2e62a02e65bec2f1ed07e5fd1cd5606029acd0bf0a03d6f27e7ec516e77356d8f45a773bce41b167ce634e4c41783b0460631b512578ab484e272cdf92198ff4c1f7186c13ff7b6e88b64d9a492cb5fa320e37bc836d7bb87c8330b63053613dc93ec29cfdd383b2a941ef83ff08031aa26adb3f9cdaf8246b58bd54b7d2591a1c9437307c1193b476020e7305876c5d7556bc510a6bde39ff9e70d2a4f765068166f2a0309e7c44f56f743a0a38ce766d8f450f7a2421cde3b25132a0e1cfa2dd56415f054b3af7ae8b4d900d5bbe8f66059725b91235880dada844a2921aa512c7e2e8bb5836c242270af03a5233a4162d2f4b40e5da91078f12dc1cc7799363e6fd1a812084e6b1f555b8f5a111040fe4f9c1aa75b9da845a585ee8eed619d4fb6de9d1059805eae13e9ab5775a16e49a1f8b45e4a7224162cd60b79268748c1664534264072953b7274ecb0cc741ea55c691a405041edda1a12d03594881a11a4fd0e531023cb4ef377266562a7a2dfdfffe7d7c8cdf0e813ea30e090dabfeb2c47f877af68f34717aa6ffe085cf6790871e9df4e6900bf141bb3d22f2aa25a7df47b96307c4f1b89386f94aac5e0c2769f92b95eb9f380b8e025da96184550c40ff019a9c5bfeb1210f57bfb053a1b0e4d61a3f65fe592613cf0dbb76accd92af04bccfca27032a6188ed862879a3e6df3f672bd58fb56a774cfc05000000000000008b4f9b949f410589b78aca7b25f7e0883cc730dc21fb78bc2f58c97bcfba60b1036f1593a3778532660602d8e05e68bd540e98ec9a87746b9ad233fa6013a47c6a3fbf1b1424bb71523ef8a9fae34b3ae232f87a6182de01e6b8f6a38b832b4f66f7f126c39fbd0264ba712e71d95ad4bc2480bb79051fe5bc2e1ed5a439ce3f2ee45b425dce801b490d6e0f1903e9f833c344b661500cc08ed546c680fc9b1e19636e46598c8ae7f21c24b95c6462b4341c8348226ec4d95b88769ccec366cdaf4794e0278f8d0a61c404ee314bdcdaf9be08b4bc05d9e1b1d9cce8d9e06119567919ec038ae3b9709a09c9c674fc0580528daae0968710dde370cbff2aa48185cbb406814d3a0696d858324de5d2e2e7595a6821bc84fd2bc33376bc29b109d37abfbfcf13f57473e78c7dc23be71a174c0b19c9bac81ac1f31751c0f68ac2c79e3ee86129ac548957fc474e2df14182ebe5a2dfa615646bbec8e4edcf19787f13ebc7db9d4c2da108407c4b7f2187acd97d8f6c9b5bab606dc10f61f913ba9640d313b8f4307fb3e65125be10be861284bd9a84736c464d005c16fcdeb01c1888d0bf9b8d11a0a122384110e7868fe43073bd3f082d4994b771d0728094d51a03d5b5749bcc41e35a8f56151eca9d96180dc2b6b3b1d357d089f2792e6304ba6680415d6ff77e55ce3dffce4223d73b48243e93e3d29c1c775ffb825afaf6502cb199d14990b2a5c883a8d78d2c022be7500912c14d3ca0333457e36ff429a198acfb1805939f3c91c28d9ccff9bec44a268d517e17b1443d0f90a723c3d5a040c6afffa8fa30459683cdbb374387ff61904713ed9b63dfd8f290e690337bf80db660c7d6879da132eea405e948d6a8d8dc669795fdfe31101ed41fc30453edb3db556fcb0418ff6f05ada9e96e7e546874cd74cc99adeaf2a66c3ae3cb2fd8507c679568bea62880f9d7777fbcb103d07e734b1eb8610798135f04afa589f49fa1a12e19630106b9372c49789f7a924821ab5aae6a0c6fc7b6d2b4e39fe6e7a4871cdcba9ca9061a153f54ca3b23928fac47c2590a1597b93d84585acd0bc9576ddd9bf84587d139fba81df01ed451d9a34d6895b05e625b12b5e7661b3763efeb3f3a5e9e27365e3ce814e849d6da7b6494d5f9677c4d306ec3f536e94f37de362a173537884c4d07d504a42943282eeaa64686b8d714b66183f760b9c952b36712954df4323b370b4075b8731bd45375d71d4cd4b361d5a9abceb6f31c506898ab7a8c0971e5be8ee11007de1ca0f9cca41038e5c50c17c0c5a433ab361c9350d6f720202204e63af59a2c244e1bbdf25b0eaacd2965f064e6a791f73cc4ee985911974c5a6a48145fde26365262722e0e3c8ac4c36fc7c899265c3235ba655cdaa08a2e1df3c0ed75e2726ab16aa53f0c8f4800eaaa6330121d04e754ab624f48d4d3faac38d0fb4d6cdfeab23b3d15ade6c841da3e43096e28b2c638d7278f18e835d694b8f24372829a03b25070b2a1f2eb31f5f8bf51b51777ed033d5bbdc204cc77bd4b8b2f3c05190d24985c1dca0dead25400ac48892fff9b7a70d9c7bcf0d7395ea0985f38112363e4b0a3bd7ad4e28a9566708feeaf6ae214b3804e8eddb1eb10452363457ac774b76677f5ea29923e4daef44e3504d4dc7f5c67a9cb4d0a692b5b8fe47cfde7baab97adda63c39383fffbf7762185cda71d5bd11eb93295486e5c54956ad0ef679f15a15530ef0f957e6b881c3423e37924053ec79dd941a2c4327475718295db879e2e33d0a639371810992d2858ada14201e70cd4744eef286ba33aa891dab6ea2529d69a678d3401454b2ffffd1269de51ddde43c649ca4893757053e6c72c5881f9d2e9c65241465b6fc4f7562181eb57d78c8e5c8e00", 0x2000, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f000000c280)="f3b2d4da7b1ab9c72c98606918b85c4cfcb89af27014d34d238305838cedd7698e4388a1e9fff17cb69c0ce73d015e3dbd415b203292f90e82c2578f70f2f2437a3855b07c3ac797ad11291283bb0fff7d590985e86fe50425acbc644c4d14782cb8e96a6fd4033d10a0d078890eb02c7c1732c7b4b5d11275927b6180383aa2fe55d11871bf276243f09be7af4c729f2bd35607cbf9990f7d2efd1414651a33871a5b28809691e1003b3f641222fd38ff4f3070130a22884c2a975f70e67e93afabce85ea24105d34de3e7aacb48879284402c13bd4a4ad21ee1a24ba0b95eec3714d81bd33f42d198d5efbdf104c53633b715e6cffcfe33f34194d964b8822dbb408e222b0ba375621dbaeaee94306f7f0d88e2240aab1bdea38ec1ec4c7eea6bf156b35c477ce8da0b17e382d824b3a7ad31cfbf5e97a8b97428ffca7bc138a6c4f8e34a7f346391de952f938bf2609a00ce96cfd55d9d5ada0f852997e90761635668564cee5a8ab4cd0417660a7184b3803b940930a27cc4cb935c5b98310cc5b870fa71aff321cc36a0774bd17509e3b0953e4e7c1bed123acadd2c3924b4399b42b17fe9f94179149fc601de8f5dd44b50a393818c964074ff63cb5844c84627af75d7239f8f75bff4b2ab79f2fde3693055a79445774baa8d39ddd6a79acae8264d9bd364c5b1e51f0596ecceb9ba945d39bed24cece40e5d1f1aa1f913c476adf1d8ed35c9c3048869c4fe192e2ae127455c420e38879c227c2cb81afbe76373ac50eb470033d1b2644b8da272cb2e51209f1e56c06f9952257e078b4b61454664f18dba05a969d7379207029f1f60369846de10218dee075b71cb2d8dd7a870325c581713616b8b1aee57a491108a57a59b1f269ae2fd8be19dfeeeba0ed2102aabd4aa733b38abb940276c56bed8d1908b69dc28aac345cfab83850a64fb7441a7c95d3e8e4a768bcd140ec54c98124101b234c517bdd9611d949a0df47b4890d7649b99adc905da668329c7f4b1630c96fe7cc7359db3886ccb6f500f6a8522dbcbc35f35b69f4463d093ecfb4797bfde93b654a6f33b60a8df6e747c429db647ced5f0e335208ce29aa6fc2ac5a7402a5dafdf3fca02f0430ff8c6068993784b3f9fe21022676b03cf4c5b280b10cde7230a28b28f727bc337b4b74ae6f1806370b73cb01d9a66fab44b42614815436335810baa82de9fb9bfb2432d319b424bbc302dec68dc9b9bd13a2b16c9dc7add7826caa22357d799c8c3a5e7d3e6af2283f921a2c670640651a68bebde916ec2548e1e9c3b03177a78de315fa22350d4fefbaabdda56c1c21c1d85c8fbbb59af4524273e13640e64d485721ba4fe6f3f6c4cf9822bd54f7b8f195d8e201f41d189d1606541256162a79fff7065bbd4ac8a20390dd6150f59d1d54300a4a8d3aee7b8e589f093cb8d9884cd784df917a9d7e52f6936c93d3f383d32bfccf62147d4651675d298ebd53752fd13ca4b8e73b9dd159f348cae6a45fddc3f36df3b0c90a6db9cad6c3541ab5a07334e48bc915bf8bc1dc185196881f17f5ba810a052b06dab4b0d3ca518e3d80fb91f49ee2098ff440032ec938dd2dded344486e79449e4c7ca0ee50953a6dd119e8a662d6614786a9c649793653c4b9ec438f485cd894468caf4fbfe7b91ad17d1224382fc7c6a27887362952e8d17eda1864a6a3ee5108998b525d88cffa9f53e493e17a1c6588592c93e52660965a5fc735a897e55f72ff71e0d733e6a39282fae5acb267bfd1ca900fa6588df0e4ec851f6474e78b2cafc4395b092eedc4a3e84f6509d0c16472ff07c50ef8c5dd1659a8f0ad9ee9d0ced42a7e6d1d94621be085dcd95e36e02ef8bbd0f6efeff47ae76c6d27ce08102b352bce979c9960d46c469ab06cfefdc923be1d015d588555edb0e174057a09fbf59223df8c6f66dc1f96e686f38b140d06b8a2f3fbfeff2d5606f743bc0783f1e13233f9376a8d466d7bcd217243c04fa3179e8d89ff1f51caf584d50604d2aea0ee05adb19f39675b5c967f674b5f476556be6a2c6d40e6ff675b6c87d8804ba57031c44e0d0352f3cd886166f130ce26540b1b9c72ab0bf0ab41b8fd8810ab8ea90c82b39bf4d79d3227d0d7787a9f6677213c4e4f62506b11d1d1fa48a9947ac2864ee67005df0ebb2cb363a136095530567cca0649535e9de9595b133445a840ee135750e798653f9ce7716d81f28c2821365eb36d441cd5a2f576743c34414ed2fb6feee6fbd6a5b736c9d198ed8c86216bb5f1ca6b1ef980892bfb569dd25f76f68aaa300a347e2a7ef258709d67896617625f9b62ab81ab64cd44f272379576f5692acf3cd10eed33e08e607739ab19d759152d80b4612c962ce0fd8a26676cb9422973533655be9a9492c5afc7f2848eccc994f4e96662c1864100101a30a74da7ad69d1da9d4a64fc7c1884796ea80ff22de1489a6147cd00b36ed1bd76e946886e8b94b15382a3ff8331d7f408df60466c883867e68eff651d0429ef265fda561fcd7574a44099979dc030cba3156f20644a1e44b55e1b056c3bc15cb2b925776a5a2de7401805bfe46c60d88e664fa9b1afafcd0ed78147e46df3d2635c07daf035672ac88709b4483ecd43e8a65feb54db6c1a3b199ec1f6815c27e78f4f587994b3ba8402514a906d56a5986e6fbb67c189b3252bc868c22644c8e5f684abc47a7be8885b099aad73ea2d088c66e45ea5b7a83e36bb3bf1b995a20843b671b9e999c64f1199942aa920494368c912c87f600317cac4149e8dba42ebd110fe33a6b38ad0ed554d9b4e07c9bc23a24ba7dac0d7d1e0076c7f6ef9b6ad68e0797f744ec46883b911c00311e85c037345a7c05689362888a7d232d2c5fab691ff80d4e394fd66f54bc5656a7fae918c489605ccdccf10c77118e866a0fd68637c23b73debcd16c50d363b611668cd569722754ad928f8158dd08ffb0ae51019ea9e894de1f5dfaff9c184d36bf49faa573c41a178fb9a82525eddb890ca368cd0f034ea2747ee7d40f700d68d7d645a56a2cdf350a3dd5e647fd5169693acc5bfa30026c94f0d9d36e9b5b36ce91c5437190997508b7dd27ed7e1b439ff03fc55cb597b5c5f75ff8dd3de461bc474f8a73c24089347d83d94ebc77c80bf3af27443d3b4de2e96bc1c843bf543a90233709a9652353534ba9a400d859c40b28ccc1be3abcfc404c195ccf7a7a5cf84c2f5a60028aff0feaf990e4b29785516469db8fbf6ab48d0bc1b6d81f9c44a89835b9474bd4af6bfec374bd5809a27fb3839b268e06927340c448a9c62d5490c5a905e6c529f339b16787b07f8d800ae56c423b7269e5bcbf898bfa78404e945568672d7f03370f544cdfeeb73facacef5ca24b1b546b994321f138ea85ca53956f11b0f789f8563f4e97bb85d8946a3dbc4b0d0b43369a99c42d1e0ada4fde255776f52ce35a0d05482a3dc8816c8f1f7456d81335fd895321abda5249cdf5fef51313773b676fe36f60e2f052dab13cc713cefdf8c969923cd01416d15ee2ff55a35cc86d90af7fe7f43c904db3a2daef8eb157eda903fcf670d2a3a8e28a796eb72d28cea05803fb24f629ab0e986f67cdf40c778c18992da432e946de11f280f1c19fe0e760ce55ba828c3e4965b87b60147fe8e374c0c8785529f3dbec947e0147340b14a2ea08cb284530f3d2985da04ac30ba22ecacd77b8df054dc73f4fd8479415dc6e473cacb926d7fba7a45d75b566bee9a66400932686b218b56178ccff08e855680064b08792fa6c408b67aa959fb46b64a702a24ddcfc5579d3bfe39fbaadc2c7e376dd2cdea93b517cdf400bd33c3144fca150677477cb6734834860ffa2ffa5ae791f87636eed36c30e0851b5ebba5f43e2df6e5bc839205696f3e30408369f4fea3a218d800c1b4ee985a5c96d6e6a72de834f635eef78e65c70283660a5862bea649c1633a9124fc6144ee2eec5f050d1391957e5e24e12d32a1e7d40f51ff1d7da2c0af54a7d4936be2d0f72da4332969979e6b6ce7c9cb214c537d34c2f1e64c940befdfef4b9662c3c04205b60bc36d8359292394001f2cdb2c5c20b8d286ba23a506456a2310adf97b258a2e8300e04cc457b8083dd5d94b18a062ad869d8cdfb303921dc490c9f5af59b5b963c591e86b4e78b21f9914e6fcf82ee1cdc3eb311db5cf74ad615eb6609905a82417f61457d1d4d80c9d3fcbf0f1a4b8591cc8017a72124aab3d6ce53c55b3c42c79fa1fa1d2db282a5e4beffebbe31e99debae6536f03266dca1a40f364a92c0637d08350bdd5e3172b5eeb289236a73a29d1c5bd0dfedfefd4d24835e33e9f8b7d7b4c6d5d439a81752e98b8a4a5ea95fc1c4296c32a71f1536a2280736aa974cc1fbf0fd69e839c2ec93869a90124a3b26c339b79a59a95c2b737cb2e0e749159f377cf9918868536083550aa4885f6be13d01e0a12a98b7cfe6da3a51eaa4badcae9b712e76493322cc6f8899b9613dea90810a9ed1390f3d7214aa6d7afb90e23df7ef0c25b65a4a43c3561a3e35af077153b7a8ca238f99dc117b61b1b8da43f782172914269abe6d7f7be60ea1beee28982d68c4e1de3f89637de8b0af9634f316c9cfd6962380c5d74c1ac34ca7782744f4797e4dea408a4ea44712e8ec30397b519c6a0616c0315eacf902763730a9d6ee372ecb00c2b1b1eeca785715030490d39c37128235be14364dd98871c75f1825c30b0cb61fb4af6734a9929c3f202ff1a552fdb60929a6203dd5fa7186f379710985271358925ce3f90a9528be76368897034ff5cc43a9ed587713237a2b5db0a2b3c83e77bf6643c0a4d93094fa94e7c2ef4d7bd1de541b2f61dc8c84f8b990bb9bcf8ff15fdbe252ecec07d7547747d90b7dfb2402a9e7f69c99506a32fce5ee00ef2c868647f3b18afa7c774d13f5e0f8cc164d5ca1e376feea248c8e47f67ddb45316a462fc81ece4eafb3ba7e03adfc924f62f11369a8c11a786430235febac1fa2c2ebcb62a7b0ff95b5fedc2c7fab67df38b049d18253ef17af5204c858d7402c02264afef77b43f5a88626f42bc7e8af0d71c0cc2a400a23951abbb20846faf95099736f6290912813c16c45d845b0f1650fa05da92e477e3aa46710240c3faf5a085fe0c30e497779cc0f46cf3af7dcf20b2b804e6cbd22451a47067686009d2a5fa1ddd7412eeae840f121fa5acb2b17f339b0926a04aaf4ce66c78ee1f4841df9e59ab5b6ae9e7875e61378e56ebc1377ea7bf49d2812cb010c01a17257997ea0c59acf3fa22897e73c9e6e56545fafdb80fc7c00e6ebb9792db51089a08c0d1786f3ce2ba9b6c317ff666cc70e77fdd9cec9818ffc293044b50cd4e6fbdfb1879b80e494620cb65c1f3f85a20659f69641e5a0ed50070719b684e6a32b01bb5a2bbb833b3e331f31792dec7f61fe89719220fda92a321e30b38fb91d96182870ffb97cd9e64f16bbe48b989e6a8bcf27d59e32bf38195f68b5e5b4263ff17bb3a3e770921a87a7a606038a3a22ffd0b8a558f349358a2150aa46759a4bca9eb3f9e5f8a571c036d5ede33d9918364b4e85ffa76fc2f649f066c43d0700eaefb76a6e6a34f643cb14b00c2a8c980dadb42a1370b0383591f1f6efa89008b74e706bd37689b5e698f199a314f17823dd188e1e01d2632c53e597df523694dc0f161f41a155417bd64e60e0946df5826a5122b6559aa83eaf8ca8baf22c46ffc7d9bc11a66d87d38db78c8e1842d22fe26b6f921d8df4cc3fa3320d3064de8ce03e89f360ab69d7441b0fa78da2b9785e5d3da2aa7d5fbac15727f70931a0dc34a949b0ff4c58edec8c44618c5b6d09094beaa87a97524a7f4a0bc037a8312d678a9a8d4f2244fe182b8535811c0578b1c585264b6fb9b9d9bc7e5eeaca5625162ba7acc4373eee104844d60e5e39594c5f70243602d916daf297e62a288268cfcebdf8804887e6b7b6363f19edf875ea8015138ca1b320e83234e4185a2bf2160da4ed21ba27b1f1a148c62a907d0ac269f0ba4033bbfaf0e0081029158e92737ef6656f20cd4b6d5517823a2d61bccf38c6b1abb5f0363a4d05ffd298e2038c4ffbe87d043920b485a0219050d86a77a245b0bede8052d499b92e006fdc40c0a7f63ec1cfb68ca36c31a06394c47e68613b06045787135061c020212e3eb68fd5510bde542422d2b0bd94be07b9aea60362cb30eb65892291891948782b2e80a4dccf4cdc9408969e7981723e0227b3a9704b6aaf295c17ceb06bd8ac1db0c2ed71186179a2c8fb52ea5ade5cb8efa6b85ca555fe794d2ec3c80df3a46661ca3c08fcfe1c41efc2bf7e208494a45190a55ce0a7c861d74f7d9bfa6559ef74299e6785b597296ad6ee45bf1e4b4a0cbacb569826574449029be7be50766b0bbecc4ff96fc1f3f2d0eec345a9414bd9e1096eadc52227074bc41954993b08417439a720f6a1f9cb5afa49208c7a968fc7a6636c98a539db12ab7548c1a91826dae385bc4a64b529546e3cde2f7883b9695eb5f81134ec0a724b4b83d6f860c39487a2ec5b45d36d51c152648e26a09917b29bb6a67682d3af8b6bbfc0f507718862151938c8cef330bf2f916c2a981d89f036ea5d3198c3abd8aba9f640cae2664d9ce0e6c4767d6717663e1e92146c1e00902b85c12464102349e39c8f28fd88e0694be1aeec55c96325545950bd7fada4e473844066b129de8fa5d8c5b21bdc2b22ac12ecc67a02c4a31d066ac2a139aec4b2f56f510317454d20796460603862682adf554554815771f60c89cfa76b3ee085fc38d8cee568c4fd6e3bba1b989ef1eef65d08debd8203233281a0e2d1894d23c2a9d2e20d8fde618ab86cbc9d7c938526c0573b7c6b61afe93ea3ea90db9dc5f0066fb6195c7e65e3ae1b07385fb42528de80595f89dd75a148a5200c5b495e924b7c1daa67b1350d703a2ce913ab08baef9737694fad0c00a96f8f23ce22c3f7c91b938cf9ed2001486b68b5802f08ba03ce4c3fed890f3ebacf2353a14391387dd7d6ef3737976c4d48a4416f0c6e7fb9e40714ddc7f7fb462ddef0fbab9a3757280ef7527c6dcc847f3e147a7421402858fd5fa36001e3dafd75b55c768d4b4c48de48b3208bb9241b958ebab7262c98385c55f1a01b7d324417188517be19489264185955659a72fb99e3742bee924e28ab8e53994982128d4ab0e57f99b75824485c597c688d2205da81391ef2cafc04a9d0433efcacc4b52777e414b9ec6b1969c76419c216444a62a6e0c4fd87e3f93094dc9227a73f77fc0096fd79574fe5cc1d68de66b0b98a2969a38c30009c16c707e3984daf940ff1d34c7033adf4bab9e2de886eb528c03a62b98a6d38bce26001b9c80c9894f1d4b77b78303da61e30977b715007af8e53baf69daed70bdb399831abc5be0cd66056dd15a2d4f28d8382808d88fd02c7a6311614e452f64a68be26f3d8986492092e4b64d152e8fc04d5fb4d6652aecd53c3423d6d41c1b9bfe5bef13f1ddd8029a61ed63ce750fc587f9fe53c9a962fdcf771c0f96d05ae6bc74dadaeb657e2994ec7e7b02ef8ff528a1e09621f443e6975d38192867dd2371cff6682c35fd34f7945fc04622bff1bef1d63a8611d34fd89e01ee41f21cf9ab1495a265be5ebb5a18766c12660b2dea969da0053515b109b0285e3c6502ea35e209c10f8619c5ba2a6d75ed9d37e1456d65512f60c509d7e66d1a70405203715447e61ad69035116008f7a63a862fbcc801fbbbab3ac2a246b90a11ebdff6dba64e122a8bccf8abef4553fea531975a15966a935e839bf73f1d5d0927c29e6d33f9c9e325c91fb7453ea0cad7e89d762ab46f520f3cd47895d441ed521352be25efa8c2121d2110506e365db299898f72d465d8c6671d198a27d45e6db5811264787d082c87520d8a31c08508504a5be33bb7a3335860713c2e937e887f65ef5fa2ffd3d0cc9e3b5ec60dcdecf4c1afa4d8b2fa6eee561fa306c189c9a78451d8f28e0daa5244d72919e383cb185d7f416aef499477fcf29dd65f90f5f1c412242b35c22e0ac0c061a9c4d4bfaa88afcca892932fe3c2d94c1a9924ade7d4e6785d301e7bb33c8818320be121d6ef79b3f1684b5e7dbaa31dafe175e5cd907d86ea7c6fb32afbcc121e4f7f1048a1cd688db91dc22d6392e4b2455cc012a116949a7064d35ea1d0bf43583d54d260cb56b9e41c6f296f4a4fec122b99fee9b813aa7ef9a12d884c3019d81b4f351cc9763bf022baf859d17a2a5ca71b66330ca92f2f46a52c6d8beae555238745eeaa1b3c084e35a7ea646ed977efeaafdc2ccb21c43eec53eb44278944c20d48ccc4a435072ac0a608d35f359b29e887f31c9eb8c990d37189b70d06d537998e2f7d4f2cbc3770a822bcf439afb3ddb1d4d15a1c5654c8bd0ce87019d94f20ea1965f3ba4c290514a11ef97ad22bb1e31b58a635d5c79163da56390c60bce49ea6c6bdb3e341f1ca8bda890774fefd1b82030f555627a91ad7d3198ac2478012b8261a27f0b2846433abf5715bb482fa7d83d72a9c3f3788e78dff599fe394a2570f7ce5c9d129dd35883ddab398905844b5133dd4bbada53ad05246924cb2c8bbb1ba0e65293364d0ce063a2ac4fa4511c31888657befb3a34816cd2901d8b2c049a314c38eca4124ada948ef7ce625b321a3e51f2d17545e30a30fa34ed8872506e03a73d47bc1cc8119697797d66006f2b44cf71947e1b6594195934dc3711666f104908ff7f08a14dfe16542ed1aa193f6cd34e8bfc3b6adedb4bfb803270db80c12bf89ad282e4817049761ce85d97807f28e1cf6a45000e40647be1f7392bf30582f43b6e7837d5dfa962a6468f07eb94bc18e9436a1b4f46c8a3f165b9ac36eff9fea9fa60c74aa791ab7394425dd5150e91fbc45249455b9461a5f0aaa4a2b69bdcb22f96233a8997e4dcb6888cf6cac04458465654eba49bbd46f7fd2f7a67c8833386749587f33bc781a4246419c377e18542e31e2ed55b93a0d9b137a50d2a528a8524587fb5c29ea137ac954e3147897ed6b12e4f10285434f47f10adb88028f56879ead1db63b3c4dc14038b05f341501030dfc9af285c6ccf2297c2da46eb211a0b230849e3daeb4f67ec095214a36bc657c75fa3505ec88dbc4bdd0ff1b698faa28258665a3a968e054d8dad050abdd996d56d15cc7a5a99b4a7dae0e1c4ec2fe77af367f302f4613903177f9e802b43f9e908432322fb993e63faa75833136b7f396eea41f67f1eb2df5dfc45468a8ab8f7c8d84c93aa252aa18979d7aef345e631d0e27e4f7fe7a62508001304f2ffd4f9b40095662ec712f45834fedf60f1040ee552f47b9f0f283e24dfda3314d0f3b63e2427b3d8bd36860688de9027d88da2754480a3b358b1feaa4ec11dcb190e045e19a40bd8c6b89453aade6a27423f350bea49b159c94fd0447af43af359157f1f4af02ed050872fb471688677ad1d21436c5b67f0cdeb64205931f5e65b5e9c9fdad9f1561744022d458af1477e11226bde9b2ec123cfd68a3f02c32bdeedacb3429b47b318ee634134ea5cc6da91a87bf49f39d05b08dfecaa62864307958b945c9cdf3a05d7981350789e0f33e537e72ea751f4a5b27dd0cdf5e42f5ed64e04aad5d238fffa33a079f4e0290d7f4a68125e697bf7bcbb10b26b97093845f482456e6046b903a92a9af44e736b27bac96d633bacadcefe89044dd822cb1c5345adf6e5e148ab6f2e1ece742d85984e6ddfcfab482b0b0b9b152aca647a11d2fe09a636945dfd64a5462b834d613c488df5fe80b26143af6f13ff26b08d971ae997a790a956e8ba380d0e27b177eead724b1281d304b4a0f33c52edd96abb4c069f000c41b1f580614aabbc8b0ab3de4262798b38f2ac923364def9c7f8ac50328432c01330346d8f1a58083b95c9cf7817066013c72c797944763a6d07ba5b57a440fc0902f2dbba338583a05e3a9dc57827781ea1f1e0ea3803d45456fb34db378d7fdfb0e18f8dc2749eeec1d12ea46ed56c503e3d87e0a584a2b9bfe2dc50348ca903309f97ac027757b6f0b3495c854852d17fcc2b18b91b1f926d543ffdfc806ed4eb11c9a5e137614391f47b3d879476049417f96b636548fee67d6126aa6369c072cc948572b41e005aabf2c56c59261e3a830564b85b1e73225af049236c2d47c555abd46df35017b48c7c6dde13369fc1950d9a12402308b52e2cc19a0eeb3f098acb39c1dc8ab6570d20808732b364f3b0afcf226876c5891f01f7f66e4241e197004d01def64bf73da83a8c359c99630078d883454b515104d91a7845e6b0aaf6d0fad1dafdd77a28fdc7b31c41b9e4671324ec297bdefeeaca78af798d8f62a41f2675294b527589571366564e939f877bce8095a07dcc7e94614fa698854ea18ebccb024b8d5b686ed0ef6e6cf41c108c320e98ca5f4c7c47a5e9547268a907df7b91572a5387953b6ea54e85048768e287abc566b019d009260359cd760ed7b87350438e567e20e5737513ef618d3ded46e119cd56564f3e4823ccafdf21e3ad905906ce79aadd246dbc6f08cb06c3eea02246162b3417d22a64c3f48f4b20b32c58866da890f38bfc914547064a1525d0549c30f4d829fb3a26cdd711525855f5fab5b5d801c1ad07e67710b3959106143c389f83d312174fe22cdef3722d4885d6bb06b34ffe77242d0a18eb754bea0d4dcfa46892b62f9cc7bf5e03af64c85dd0a8a47682dd3d2ce22aa2803c04e784057ef143fec5cbdb4636797ec80d16861688d136379bf6bb77bfca6fa1b81ac333056f4337a6c00321eb676fe6e7cabfc782491889ea31cfdd5173245a89f2177f75bb814ecc7072ec152e35f616e6b50c3aa42891388477fb7fba0ba386c86df8030d4e494a811a001e17100124d9ffce48d0be09af9bb380769e2f9b4cfc66bb78993bcdeadb20fe2b33e3ecc069cfe78399b82fbf4559cedad89897448c2681a1854415f21a36500b15c9c2de9aa89472ac8ba0daef67935cdc019457bd1e410928d833020ac06403bed609316574178c5044105f8ff56318cca0888fb75ac5f9b3bbe16cc01133083922763075bbe9c8860b65b336b6df7b1441b45f33fac6577e3d9594c5238b346c84173c51f9630bbaf881a7005810e2cfdc8f40e599cb61ea224b10a67ef15e60655682a2fc9e30ecd97c257e731f73954bc70a1cb6e9336148035462e1395ae0e5c879b07740cad8210aa5dfd6d92ab8cdcd61d5774aaca870a725a9d41e93f4f8ad32438360338058b6b82b70786d0223208d66d89888982d2a5155851802ef47377ac89dbdd5cc20d10949707f732fbb5ccf5805854e33a39838d558b39c40d7705fb7ec7a10080364fb758f4a4f6c92f7b0258bb251d8f2dadf131334332bfdf541e806251f72d3b5676fc72f7cdec599f7e187ba3db7846be289e4c9579807d14bac0fe123a254af7d5951667a0e7337ac10da481acd6e2560fd6d74a69c769a1a452ea07c3f8fff32acbbaaabf802152d508e21f28f9e0aa8e6e274efd641f9c7c6cc44d2252a20c244c3791", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x78, 0x0, 0x7fff, {0x81, 0xf6, 0x0, {0x6, 0xffffffffffffffff, 0x9, 0xffffffffffffff81, 0x200000010001, 0x3, 0x837d, 0x7, 0x6, 0x8000, 0x8, r2, r3, 0x800, 0x5}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) execve(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f000000e280)='./file0/../file0/file0\x00', &(0x7f000000e2c0)={0x880, 0x0, 0x10}, 0x18) 1.726224867s ago: executing program 2 (id=2608): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = syz_open_procfs(0x0, &(0x7f0000000c40)='net/icmp6\x00') fchdir(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x163041, 0xc8) 1.722660708s ago: executing program 3 (id=2609): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kvm_ioapic_set_irq\x00', r0}, 0x10) close(0xffffffffffffffff) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000140)={0x2, 0x0, @ioapic={0x3000, 0x7, 0x13, 0x3, 0x0, [{0x6, 0x31, 0x81, '\x00', 0x80}, {0x10, 0x9, 0x2, '\x00', 0x4}, {0x3, 0x81, 0x10, '\x00', 0x6}, {0x0, 0xa, 0x3, '\x00', 0x6}, {0x2, 0xd, 0x80}, {0x7, 0xe1, 0x4, '\x00', 0x90}, {0x4, 0x6, 0x60, '\x00', 0x7}, {0x7, 0x9, 0x8, '\x00', 0x6}, {0x1, 0x8, 0x6, '\x00', 0x3}, {0xd8, 0xf, 0x5, '\x00', 0x9}, {0x2e, 0xfc, 0x6, '\x00', 0xfa}, {0xb6, 0x1, 0x80, '\x00', 0x4d}, {0x2, 0x0, 0x0, '\x00', 0x6}, {0xc3, 0x5e, 0x5, '\x00', 0x6}, {0x1, 0x7, 0x5, '\x00', 0x8}, {0x33, 0x1c, 0xf, '\x00', 0x5}, {0x4, 0x9, 0x8, '\x00', 0x3}, {0x4, 0x0, 0x9, '\x00', 0x2}, {0x6, 0x8, 0x2, '\x00', 0x6}, {0x0, 0xfb, 0xa, '\x00', 0xf8}, {0x45, 0x3, 0x1, '\x00', 0x8}, {0x3, 0xa, 0x4, '\x00', 0x6}, {0x30, 0x2, 0x9, '\x00', 0x40}, {0xa, 0x59, 0x3, '\x00', 0x5}]}}) 1.633539511s ago: executing program 2 (id=2611): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0022b9000000174380c7c5a3ef11037f2727"], 0x0}, 0x0) 1.62581902s ago: executing program 0 (id=2612): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x4a400, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000140)={0x5000, 0x0, 0x1, 0xffffffffffffffff, 0x1}) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r6, 0x380000a, 0x11, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000100)="fb014401ac2cc4a2c0a6000000faff00bfffffffffffffffff00000d00e6ffea0000000020007f45c9cf9b202f3700", 0x0, 0xdf65f8bcd9ee0292) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r8, 0x1, 0x11, r5, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000040)=@x86={0x28, 0x8, 0x0, 0x0, 0x2, 0x9e, 0x5, 0x4, 0x4, 0xc, 0x8, 0xf8, 0x0, 0x3ff, 0xffff8001, 0x1, 0x2, 0x1, 0x1, '\x00', 0xe, 0x100200}) 1.460986838s ago: executing program 3 (id=2616): ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000340)={0x0, 0x2, 0x1, 0x80080000c55}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8082, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000000c0)={0x22}) 1.37095331s ago: executing program 0 (id=2618): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x35, 0x1, 0x5, 0xffffffff7fffbffc, 0x0) 1.310728092s ago: executing program 5 (id=2620): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000200)=[0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0], 0x4000000000000042, r1}) 1.2496012s ago: executing program 0 (id=2621): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) syz_emit_ethernet(0x83, 0x0, &(0x7f0000000000)={0x0, 0x2, [0x4ff, 0xc71, 0xf65, 0x5fe]}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.24933672s ago: executing program 3 (id=2622): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, 0x0) 1.249107814s ago: executing program 5 (id=2623): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000009c0)={"73cce1a2b9fbcb97694043ebfb82442d7f428290538e75ff029908cebee95ac2b1febd018ae4703d3263c5b30d4db3243275dd57287ef3c41695e828a0e03b5098370515dc8c9b278addefde0e6ea6ef65a74a3e66e51ee0a646e634cd9cf3ceb03dcf88a235bd6d7a5e64ea39db4636dc9b79c3fc4b6c82b54a6bea17ebf522d474b39c4f6fee3ae29caeec81652b33e49426ec6481fe2262eebd869b7a14a8646751f0b15e94a6bb853e3b3443d254af5852a59766fd5aa457c444e713dbbd7699a8d887ab77e97cf1fd6dd2fe80662726aa9efd1d9c535c161a6b413a473c37876cf8be6867395fe6513e10f14d5c677d301612987f4b25a719961e7bc1d10de8eb93960e40c99b502d401556250d52c53d05eb471d675802ccbbc3de9366ccb6e096b235ae2b81c4f9168f4ce4e741d7e8b381daae4674eacd719870f1f113568e647f04109efd349cb74234c3a469d48e857b3e33ac6a7d7d332a72854c980b550af5a90d997c3c40fbc5fb22492f83675786435181dc40777c05c77ddf9432d2fd86cb3d56393e08f2d9b94b1cb579be8d4110c6a34689fa5972e6879e5c3a7ef48caf8cf42ca467d135665ce259b1dc5ea6c4b07a47260fd8661c29367a99f26a415bea9b5ed5e69d42b8f58ee3f245d4475b05def5960100ef1658d586e1066e24baa59543545c2cca981c6e100a966b52314a8d00863eb35faff0418b5285534298b7d677641b4a5aba2958e1ca74639cd17cf72972aaf8235354157b65f3f06e4e6036c81c33b0464bc6b2d3b9a76323930b1c4c7bf88aad05e2e5332719685c2968ebef1e26f2652bc37b5e4f53617e0bdf41059d7ccf00468537714b77478147d69decae6979b56fa0048f1a9ca8986ba81033850bffe420bed347ec85f23cf78084e5a2f384c9b8ebaf547289fa7b798f53ec2266a9d2150ae353bb8f9a1adc385081366708c819d6ed45a778e5d9ab90333b12d9346d28340d20293a7e9364312bd9ac1048b3ad5306d2f35defb6addea0e6cac0fd8937dbca03968f94433696e77aa48282661b4a3c6aacce6bf023dc078401daf8a7df4081d561fb48c9e6d706123fc273f63203a09addf81dba40f25c2e3ba9035d3678a0f289a3fb0f13baf9e827df7cf7a3b97c3b2504f00e0aa2bc4de28874eb8d88fe393fb165cb8acc6b029eba087bfb614962633e2b00db758e9309b5446e26fcd0634ae2ea70bfd47b9132dd91262554d8fcae51638e9faf2f9fb86a2d5749d56dbb6fb04fde46962ad52d9b9a4bc907ffaa30a007cdeb3df46fb2138bf5baa9ff06e3d708ff8b188d8889d9a8dd95ba74b8e2410bd94e88a3cdfe69927b4d656ff89ab16e8fe7440c707b0e9f308f7164908780c0c1e5e60e6b51281510318de838a4f1e3baf40418deefbc9ab7d4549044c124d0a509d9dc7175fdf469edb9a6"}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x6000, 0x8, 0x0, 0xeffffe02, 0x0, [{0x2, 0x0, 0xfc, '\x00', 0xfb}, {0x3, 0x9, 0x82, '\x00', 0x7c}, {0xfc, 0x2, 0x4, '\x00', 0xb9}, {0x11, 0xb, 0x8, '\x00', 0x7d}, {0xfe, 0x9, 0x4}, {0x0, 0xfc, 0xfe, '\x00', 0x2}, {0xfd, 0x0, 0x7, '\x00', 0x7f}, {0x0, 0xfa}, {0x1, 0x8f, 0x40, '\x00', 0x4}, {0x39, 0x6, 0x1, '\x00', 0x1}, {0xb}, {0x5, 0xe5, 0x0, '\x00', 0xff}, {0x0, 0x9, 0x2, '\x00', 0x3}, {0x2, 0x2, 0x6}, {0xc3, 0x0, 0x0, '\x00', 0x49}, {0x4, 0x21, 0x80, '\x00', 0x5}, {0x3, 0x1, 0x0, '\x00', 0xfe}, {0x0, 0x2, 0x5, '\x00', 0x10}, {0x48, 0x0, 0x9, '\x00', 0xd9}, {0x0, 0x80}, {0x0, 0x2, 0x0, '\x00', 0x37}, {0xfe, 0x8, 0x0, '\x00', 0x5}, {0x0, 0x4, 0x9}, {0x7f, 0xff, 0x6, '\x00', 0x7}]}}) 1.179931907s ago: executing program 5 (id=2624): r0 = socket$inet_smc(0x2b, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendto$unix(r2, 0x0, 0x0, 0x4000, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, 0x0, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x2, @remote}, 0x10) 1.102997087s ago: executing program 3 (id=2625): syz_usb_connect(0x1, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e00000001090224"], 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x12) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000100)=[@in6={0xa, 0x4e21, 0xf0, @private2, 0xe}, @in={0x2, 0x4e21, @multicast1}], 0x1e) 1.038695999s ago: executing program 5 (id=2626): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="24000000220001"], 0x24}], 0x1, 0x0, 0x0, 0x4000081}, 0x0) 1.038220849s ago: executing program 0 (id=2627): syz_emit_ethernet(0x4e, &(0x7f0000000200)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd6000000000183a00fe8000000000000000000000000000bbff0200000000000000000000000000018300907800000000fc000000000000000000000000000000a6f22362b09b"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1200) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x3, 0x3a) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f00000000c0)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000100)={@host}) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000080)=0x9, 0x4) socket$inet6_sctp(0xa, 0x5, 0x84) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f00001b4000/0x4000)=nil) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0xfffffffffffffffe}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7fffffff, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 986.89523ms ago: executing program 5 (id=2628): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d80ff0008000200", @ANYRES16=r1, @ANYRES32=r3], 0x44}}, 0x0) 510.890726ms ago: executing program 4 (id=2629): mmap(&(0x7f0000a66000/0x4000)=nil, 0x4000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xe5ab0000) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x8c83) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) r1 = socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0) openat$cgroup_subtree(r2, &(0x7f00000001c0), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) readahead(0xffffffffffffffff, 0x1de, 0x6) mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x8, @local, 0xfff}, 0x1c) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x2b8, 0xb0000010, 0x2, 0x5c8f0200, 0x388, 0x3a8, 0x3a8, 0x388, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x248, 0x290, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0xf1, 0x0, 0x33, 0x0, 0x0, 0x1, 0x7fffffff}}}, @common=@unspec=@limit={{0x48}, {0x10000000, 0x3}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x206, 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000080)={{0x1, 0x1, 0x18, r6}, './file0\x00'}) shmget$private(0x0, 0x3000, 0x4, &(0x7f0000ffd000/0x3000)=nil) r7 = shmget(0x1, 0x4000, 0x20, &(0x7f0000ffc000/0x4000)=nil) ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, 0x0) shmctl$SHM_STAT(r7, 0xd, 0x0) 352.140719ms ago: executing program 5 (id=2630): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x235, &(0x7f0000000240)={0x0, 0x42eb, 0x10100, 0x1, 0x20, 0x0, r1}, &(0x7f0000000200)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) r5 = userfaultfd(0x801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000440)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) socket$isdn(0x22, 0x3, 0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) 49.394546ms ago: executing program 0 (id=2631): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) listen(r0, 0x9) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r1, 0x0, 0x0, 0x20044000) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x140, 0x0) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r3, @ANYBLOB], 0x84}}, 0x20000000) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r3, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800) 0s ago: executing program 0 (id=2632): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x2, 0x4e20, @multicast1}, 0x10) kernel console output (not intermixed with test programs): 07f0a4d010d69 R08: 0000000000000000 R09: 0000000000000000 [ 1054.558816][T14924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1054.558826][T14924] R13: 0000000000000000 R14: 00007f0a4d1b5fa0 R15: 00007fff2a988598 [ 1054.558852][T14924] [ 1055.052282][ T51] Bluetooth: hci6: command 0x1003 tx timeout [ 1055.059391][ T5832] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1062.921706][T15022] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 1062.928230][T15022] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1063.137107][T15022] vhci_hcd vhci_hcd.0: Device attached [ 1063.392124][T14097] usb 41-1: new low-speed USB device number 13 using vhci_hcd [ 1063.701970][T15024] vhci_hcd: connection reset by peer [ 1063.731005][ T6059] vhci_hcd: stop threads [ 1063.766231][ T6059] vhci_hcd: release socket [ 1063.800120][ T6059] vhci_hcd: disconnect device [ 1064.020783][T15044] netlink: 'syz.2.2100': attribute type 20 has an invalid length. [ 1065.534411][ T36] Bluetooth: hci1: Frame reassembly failed (-90) [ 1067.397512][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1068.492058][T14097] vhci_hcd: vhci_device speed not set [ 1072.275273][T15136] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2121'. [ 1072.329699][T15138] binder: BINDER_SET_CONTEXT_MGR already set [ 1072.341986][T15138] binder: 15135:15138 ioctl 4018620d 2000000002c0 returned -16 [ 1074.436703][T15162] binder: BINDER_SET_CONTEXT_MGR already set [ 1074.442859][T15162] binder: 15161:15162 ioctl 4018620d 2000000002c0 returned -16 [ 1074.453509][T15162] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.2127'. [ 1074.500608][T15162] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²ÿ' [ 1074.541090][T15162] CPU: 0 UID: 0 PID: 15162 Comm: syz.0.2127 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1074.541109][T15162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1074.541132][T15162] Call Trace: [ 1074.541136][T15162] [ 1074.541141][T15162] dump_stack_lvl+0x16c/0x1f0 [ 1074.541160][T15162] sysfs_warn_dup+0x7f/0xa0 [ 1074.541176][T15162] sysfs_do_create_link_sd+0x124/0x140 [ 1074.541192][T15162] sysfs_create_link+0x61/0xc0 [ 1074.541206][T15162] device_add+0x62c/0x1a70 [ 1074.541224][T15162] ? __pfx_device_add+0x10/0x10 [ 1074.541240][T15162] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1074.541255][T15162] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1074.541273][T15162] wiphy_register+0x1c9c/0x2850 [ 1074.541289][T15162] ? netdev_run_todo+0x864/0x1320 [ 1074.541305][T15162] ? __dev_printk+0x260/0x270 [ 1074.541333][T15162] ? __pfx_wiphy_register+0x10/0x10 [ 1074.541370][T15162] ieee80211_register_hw+0x24ac/0x4140 [ 1074.541405][T15162] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1074.541436][T15162] ? find_held_lock+0x2b/0x80 [ 1074.541461][T15162] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1074.541485][T15162] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1074.541512][T15162] ? __hrtimer_setup+0x176/0x280 [ 1074.541535][T15162] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1074.541572][T15162] ? trace_kmalloc+0x2b/0xd0 [ 1074.541592][T15162] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1074.541613][T15162] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1074.541633][T15162] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1074.541655][T15162] ? __asan_memcpy+0x3c/0x60 [ 1074.541686][T15162] hwsim_new_radio_nl+0xb51/0x12c0 [ 1074.541711][T15162] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1074.541742][T15162] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1074.541773][T15162] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1074.541809][T15162] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1074.541841][T15162] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1074.541878][T15162] ? bpf_lsm_capable+0x9/0x10 [ 1074.541900][T15162] ? security_capable+0x7e/0x260 [ 1074.541927][T15162] ? ns_capable+0xd7/0x110 [ 1074.541949][T15162] genl_rcv_msg+0x55c/0x800 [ 1074.541970][T15162] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1074.541987][T15162] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1074.542014][T15162] netlink_rcv_skb+0x155/0x420 [ 1074.542039][T15162] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1074.542057][T15162] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1074.542094][T15162] ? netlink_deliver_tap+0x1ae/0xd30 [ 1074.542132][T15162] genl_rcv+0x28/0x40 [ 1074.542158][T15162] netlink_unicast+0x58d/0x850 [ 1074.542190][T15162] ? __pfx_netlink_unicast+0x10/0x10 [ 1074.542213][T15162] ? __build_skb_around+0x278/0x3b0 [ 1074.542246][T15162] netlink_sendmsg+0x8d1/0xdd0 [ 1074.542276][T15162] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1074.542313][T15162] ____sys_sendmsg+0xa98/0xc70 [ 1074.542341][T15162] ? copy_msghdr_from_user+0x10a/0x160 [ 1074.542362][T15162] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1074.542401][T15162] ___sys_sendmsg+0x134/0x1d0 [ 1074.542420][T15162] ? futex_private_hash_put+0x176/0x300 [ 1074.542448][T15162] ? __pfx____sys_sendmsg+0x10/0x10 [ 1074.542468][T15162] ? __lock_acquire+0x622/0x1c90 [ 1074.542532][T15162] __sys_sendmsg+0x16d/0x220 [ 1074.542554][T15162] ? __pfx___sys_sendmsg+0x10/0x10 [ 1074.542575][T15162] ? __x64_sys_futex+0x1e0/0x4c0 [ 1074.542608][T15162] do_syscall_64+0xcd/0x4c0 [ 1074.542633][T15162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1074.542651][T15162] RIP: 0033:0x7f33ce98e9a9 [ 1074.542666][T15162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1074.542683][T15162] RSP: 002b:00007f33cf862038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1074.542702][T15162] RAX: ffffffffffffffda RBX: 00007f33cebb5fa0 RCX: 00007f33ce98e9a9 [ 1074.542713][T15162] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000007 [ 1074.542723][T15162] RBP: 00007f33cea10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1074.542733][T15162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1074.542744][T15162] R13: 0000000000000000 R14: 00007f33cebb5fa0 R15: 00007ffdcbb8d2b8 [ 1074.542769][T15162] [ 1075.650166][T11177] Bluetooth: hci1: Frame reassembly failed (-90) [ 1076.287168][T15183] netlink: 'syz.3.2132': attribute type 21 has an invalid length. [ 1076.295783][T15183] netlink: 'syz.3.2132': attribute type 6 has an invalid length. [ 1076.303716][T15183] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2132'. [ 1076.474846][T15184] netlink: 'syz.0.2131': attribute type 21 has an invalid length. [ 1076.746751][T15184] netlink: 'syz.0.2131': attribute type 6 has an invalid length. [ 1076.774862][T15184] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2131'. [ 1076.926369][T15188] netlink: 'syz.2.2133': attribute type 21 has an invalid length. [ 1076.934658][T15188] netlink: 'syz.2.2133': attribute type 6 has an invalid length. [ 1076.942552][T15188] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2133'. [ 1077.237284][T15191] netlink: 'syz.0.2134': attribute type 21 has an invalid length. [ 1077.246261][T15191] netlink: 'syz.0.2134': attribute type 6 has an invalid length. [ 1077.254429][T15191] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2134'. [ 1077.632736][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1079.145206][T11177] Bluetooth: hci1: Frame reassembly failed (-90) [ 1079.893845][ T6059] Bluetooth: hci6: Frame reassembly failed (-90) [ 1081.241332][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1081.349006][ T6059] Bluetooth: hci8: Frame reassembly failed (-84) [ 1081.932169][ T51] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1082.419646][ T6524] Bluetooth: hci1: Frame reassembly failed (-90) [ 1082.972219][T11227] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 1082.976807][ T51] Bluetooth: hci7: command 0x1003 tx timeout [ 1083.371967][T14211] Bluetooth: hci8: Opcode 0x1003 failed: -110 [ 1084.511077][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1085.167331][ T6059] Bluetooth: hci1: Frame reassembly failed (-90) [ 1085.206946][T15259] Bluetooth: hci1: Frame reassembly failed (-84) [ 1087.086258][ T6524] Bluetooth: hci6: Frame reassembly failed (-90) [ 1087.212012][T11227] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1087.212070][T14211] Bluetooth: hci1: command 0x1003 tx timeout [ 1087.775589][T15294] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2160'. [ 1087.793587][T15294] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.2160'. [ 1087.805402][T15294] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1087.816030][T15294] CPU: 0 UID: 0 PID: 15294 Comm: syz.2.2160 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1087.816047][T15294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1087.816059][T15294] Call Trace: [ 1087.816064][T15294] [ 1087.816069][T15294] dump_stack_lvl+0x16c/0x1f0 [ 1087.816087][T15294] sysfs_warn_dup+0x7f/0xa0 [ 1087.816102][T15294] sysfs_do_create_link_sd+0x124/0x140 [ 1087.816118][T15294] sysfs_create_link+0x61/0xc0 [ 1087.816132][T15294] device_add+0x62c/0x1a70 [ 1087.816150][T15294] ? __pfx_device_add+0x10/0x10 [ 1087.816165][T15294] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1087.816180][T15294] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1087.816198][T15294] wiphy_register+0x1c9c/0x2850 [ 1087.816214][T15294] ? netdev_run_todo+0x864/0x1320 [ 1087.816229][T15294] ? __dev_printk+0x260/0x270 [ 1087.816244][T15294] ? __pfx_wiphy_register+0x10/0x10 [ 1087.816267][T15294] ieee80211_register_hw+0x24ac/0x4140 [ 1087.816288][T15294] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1087.816310][T15294] ? find_held_lock+0x2b/0x80 [ 1087.816325][T15294] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1087.816339][T15294] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1087.816356][T15294] ? __hrtimer_setup+0x176/0x280 [ 1087.816370][T15294] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1087.816390][T15294] ? trace_kmalloc+0x2b/0xd0 [ 1087.816403][T15294] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1087.816415][T15294] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1087.816427][T15294] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1087.816440][T15294] ? __asan_memcpy+0x3c/0x60 [ 1087.816458][T15294] hwsim_new_radio_nl+0xb51/0x12c0 [ 1087.816473][T15294] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1087.816490][T15294] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1087.816509][T15294] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1087.816531][T15294] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1087.816549][T15294] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1087.816571][T15294] ? bpf_lsm_capable+0x9/0x10 [ 1087.816586][T15294] ? security_capable+0x7e/0x260 [ 1087.816603][T15294] ? ns_capable+0xd7/0x110 [ 1087.816617][T15294] genl_rcv_msg+0x55c/0x800 [ 1087.816629][T15294] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1087.816639][T15294] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1087.816657][T15294] netlink_rcv_skb+0x155/0x420 [ 1087.816672][T15294] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1087.816682][T15294] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1087.816704][T15294] ? netlink_deliver_tap+0x1ae/0xd30 [ 1087.816721][T15294] genl_rcv+0x28/0x40 [ 1087.816736][T15294] netlink_unicast+0x58d/0x850 [ 1087.816753][T15294] ? __pfx_netlink_unicast+0x10/0x10 [ 1087.816767][T15294] ? __build_skb_around+0x278/0x3b0 [ 1087.816788][T15294] netlink_sendmsg+0x8d1/0xdd0 [ 1087.816805][T15294] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1087.816826][T15294] ____sys_sendmsg+0xa98/0xc70 [ 1087.816843][T15294] ? copy_msghdr_from_user+0x10a/0x160 [ 1087.816856][T15294] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1087.816879][T15294] ___sys_sendmsg+0x134/0x1d0 [ 1087.816890][T15294] ? futex_private_hash_put+0x176/0x300 [ 1087.816907][T15294] ? __pfx____sys_sendmsg+0x10/0x10 [ 1087.816919][T15294] ? __lock_acquire+0x622/0x1c90 [ 1087.816954][T15294] __sys_sendmsg+0x16d/0x220 [ 1087.816967][T15294] ? __pfx___sys_sendmsg+0x10/0x10 [ 1087.816979][T15294] ? __x64_sys_futex+0x1e0/0x4c0 [ 1087.816998][T15294] do_syscall_64+0xcd/0x4c0 [ 1087.817013][T15294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1087.817025][T15294] RIP: 0033:0x7f5c3618e9a9 [ 1087.817035][T15294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1087.817046][T15294] RSP: 002b:00007f5c36f2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1087.817064][T15294] RAX: ffffffffffffffda RBX: 00007f5c363b5fa0 RCX: 00007f5c3618e9a9 [ 1087.817072][T15294] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1087.817080][T15294] RBP: 00007f5c36210d69 R08: 0000000000000000 R09: 0000000000000000 [ 1087.817087][T15294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1087.817094][T15294] R13: 0000000000000000 R14: 00007f5c363b5fa0 R15: 00007fffbd1daab8 [ 1087.817109][T15294] [ 1088.702445][T15302] netlink: 'syz.2.2161': attribute type 21 has an invalid length. [ 1088.711008][T15302] netlink: 'syz.2.2161': attribute type 6 has an invalid length. [ 1088.718947][T15302] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2161'. [ 1089.136799][ T5832] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1091.579216][T15330] netlink: 'syz.3.2168': attribute type 20 has an invalid length. [ 1092.383232][ T9251] Bluetooth: hci1: Frame reassembly failed (-84) [ 1093.586023][T15354] netlink: 'syz.0.2174': attribute type 21 has an invalid length. [ 1093.594271][T15354] netlink: 'syz.0.2174': attribute type 6 has an invalid length. [ 1093.602184][T15354] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2174'. [ 1094.422861][T11227] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1098.021360][T15407] netlink: 'syz.4.2186': attribute type 21 has an invalid length. [ 1098.029644][T15407] netlink: 'syz.4.2186': attribute type 6 has an invalid length. [ 1098.037550][T15407] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2186'. [ 1098.085124][T15406] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2187'. [ 1098.248273][T15406] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.2187'. [ 1098.293901][T15406] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1098.368434][T15406] CPU: 0 UID: 0 PID: 15406 Comm: syz.3.2187 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1098.368463][T15406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1098.368474][T15406] Call Trace: [ 1098.368481][T15406] [ 1098.368489][T15406] dump_stack_lvl+0x16c/0x1f0 [ 1098.368517][T15406] sysfs_warn_dup+0x7f/0xa0 [ 1098.368540][T15406] sysfs_do_create_link_sd+0x124/0x140 [ 1098.368566][T15406] sysfs_create_link+0x61/0xc0 [ 1098.368589][T15406] device_add+0x62c/0x1a70 [ 1098.368620][T15406] ? __pfx_device_add+0x10/0x10 [ 1098.368646][T15406] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1098.368667][T15406] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1098.368694][T15406] wiphy_register+0x1c9c/0x2850 [ 1098.368721][T15406] ? netdev_run_todo+0x864/0x1320 [ 1098.368747][T15406] ? __dev_printk+0x260/0x270 [ 1098.368773][T15406] ? __pfx_wiphy_register+0x10/0x10 [ 1098.368817][T15406] ieee80211_register_hw+0x24ac/0x4140 [ 1098.368855][T15406] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1098.368885][T15406] ? find_held_lock+0x2b/0x80 [ 1098.368909][T15406] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1098.368932][T15406] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1098.368959][T15406] ? __hrtimer_setup+0x176/0x280 [ 1098.368982][T15406] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1098.369019][T15406] ? trace_kmalloc+0x2b/0xd0 [ 1098.369037][T15406] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1098.369057][T15406] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1098.369078][T15406] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1098.369100][T15406] ? __asan_memcpy+0x3c/0x60 [ 1098.369131][T15406] hwsim_new_radio_nl+0xb51/0x12c0 [ 1098.369156][T15406] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1098.369186][T15406] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1098.369217][T15406] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1098.369253][T15406] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1098.369290][T15406] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1098.369330][T15406] ? bpf_lsm_capable+0x9/0x10 [ 1098.369353][T15406] ? security_capable+0x7e/0x260 [ 1098.369383][T15406] ? ns_capable+0xd7/0x110 [ 1098.369408][T15406] genl_rcv_msg+0x55c/0x800 [ 1098.369430][T15406] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1098.369451][T15406] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1098.369483][T15406] netlink_rcv_skb+0x155/0x420 [ 1098.369508][T15406] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1098.369526][T15406] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1098.369564][T15406] ? netlink_deliver_tap+0x1ae/0xd30 [ 1098.369593][T15406] genl_rcv+0x28/0x40 [ 1098.369618][T15406] netlink_unicast+0x58d/0x850 [ 1098.369648][T15406] ? __pfx_netlink_unicast+0x10/0x10 [ 1098.369672][T15406] ? __build_skb_around+0x278/0x3b0 [ 1098.369709][T15406] netlink_sendmsg+0x8d1/0xdd0 [ 1098.369737][T15406] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1098.369770][T15406] ____sys_sendmsg+0xa98/0xc70 [ 1098.369795][T15406] ? copy_msghdr_from_user+0x10a/0x160 [ 1098.369814][T15406] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1098.369844][T15406] ? __pfx_futex_wake_mark+0x10/0x10 [ 1098.369868][T15406] ___sys_sendmsg+0x134/0x1d0 [ 1098.369886][T15406] ? futex_private_hash_put+0x176/0x300 [ 1098.369913][T15406] ? __pfx____sys_sendmsg+0x10/0x10 [ 1098.369932][T15406] ? __lock_acquire+0x622/0x1c90 [ 1098.369994][T15406] __sys_sendmsg+0x16d/0x220 [ 1098.370015][T15406] ? __pfx___sys_sendmsg+0x10/0x10 [ 1098.370035][T15406] ? __x64_sys_futex+0x1e0/0x4c0 [ 1098.370066][T15406] do_syscall_64+0xcd/0x4c0 [ 1098.370089][T15406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1098.370107][T15406] RIP: 0033:0x7f0a4cf8e9a9 [ 1098.370123][T15406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1098.370140][T15406] RSP: 002b:00007f0a4adf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1098.370158][T15406] RAX: ffffffffffffffda RBX: 00007f0a4d1b5fa0 RCX: 00007f0a4cf8e9a9 [ 1098.370170][T15406] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1098.370181][T15406] RBP: 00007f0a4d010d69 R08: 0000000000000000 R09: 0000000000000000 [ 1098.370191][T15406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1098.370201][T15406] R13: 0000000000000000 R14: 00007f0a4d1b5fa0 R15: 00007fff2a988598 [ 1098.370226][T15406] [ 1099.124730][T15418] netlink: 'syz.4.2190': attribute type 21 has an invalid length. [ 1099.133495][T15418] netlink: 'syz.4.2190': attribute type 6 has an invalid length. [ 1099.141256][T15418] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2190'. [ 1100.109472][ T6365] Bluetooth: hci1: Frame reassembly failed (-90) [ 1101.365872][ T6524] Bluetooth: hci6: Frame reassembly failed (-90) [ 1102.014721][T14211] Bluetooth: hci1: command 0x1003 tx timeout [ 1102.020954][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1103.325984][T11177] Bluetooth: hci7: Frame reassembly failed (-84) [ 1103.372437][T11227] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1103.457409][ T6393] Bluetooth: hci7: Frame reassembly failed (-90) [ 1103.466828][T15464] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2202'. [ 1103.481273][T15464] binder: BINDER_SET_CONTEXT_MGR already set [ 1103.487355][T15464] binder: 15463:15464 ioctl 4018620d 2000000002c0 returned -16 [ 1103.497248][T15464] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.2202'. [ 1103.507648][T15464] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1103.519235][T15464] CPU: 1 UID: 0 PID: 15464 Comm: syz.0.2202 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1103.519252][T15464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1103.519259][T15464] Call Trace: [ 1103.519263][T15464] [ 1103.519268][T15464] dump_stack_lvl+0x16c/0x1f0 [ 1103.519288][T15464] sysfs_warn_dup+0x7f/0xa0 [ 1103.519302][T15464] sysfs_do_create_link_sd+0x124/0x140 [ 1103.519317][T15464] sysfs_create_link+0x61/0xc0 [ 1103.519330][T15464] device_add+0x62c/0x1a70 [ 1103.519349][T15464] ? __pfx_device_add+0x10/0x10 [ 1103.519366][T15464] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1103.519381][T15464] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1103.519400][T15464] wiphy_register+0x1c9c/0x2850 [ 1103.519416][T15464] ? netdev_run_todo+0x864/0x1320 [ 1103.519430][T15464] ? __dev_printk+0x260/0x270 [ 1103.519445][T15464] ? __pfx_wiphy_register+0x10/0x10 [ 1103.519468][T15464] ieee80211_register_hw+0x24ac/0x4140 [ 1103.519489][T15464] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1103.519507][T15464] ? find_held_lock+0x2b/0x80 [ 1103.519522][T15464] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1103.519536][T15464] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1103.519553][T15464] ? __hrtimer_setup+0x176/0x280 [ 1103.519567][T15464] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1103.519587][T15464] ? trace_kmalloc+0x2b/0xd0 [ 1103.519600][T15464] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1103.519612][T15464] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1103.519625][T15464] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1103.519638][T15464] ? __asan_memcpy+0x3c/0x60 [ 1103.519656][T15464] hwsim_new_radio_nl+0xb51/0x12c0 [ 1103.519670][T15464] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1103.519688][T15464] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1103.519707][T15464] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1103.519728][T15464] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1103.519746][T15464] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1103.519768][T15464] ? bpf_lsm_capable+0x9/0x10 [ 1103.519783][T15464] ? security_capable+0x7e/0x260 [ 1103.519800][T15464] ? ns_capable+0xd7/0x110 [ 1103.519814][T15464] genl_rcv_msg+0x55c/0x800 [ 1103.519825][T15464] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1103.519836][T15464] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1103.519854][T15464] netlink_rcv_skb+0x155/0x420 [ 1103.519869][T15464] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1103.519879][T15464] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1103.519900][T15464] ? netlink_deliver_tap+0x1ae/0xd30 [ 1103.519917][T15464] genl_rcv+0x28/0x40 [ 1103.519932][T15464] netlink_unicast+0x58d/0x850 [ 1103.519950][T15464] ? __pfx_netlink_unicast+0x10/0x10 [ 1103.519964][T15464] ? __build_skb_around+0x278/0x3b0 [ 1103.519986][T15464] netlink_sendmsg+0x8d1/0xdd0 [ 1103.520004][T15464] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1103.520025][T15464] ____sys_sendmsg+0xa98/0xc70 [ 1103.520050][T15464] ? copy_msghdr_from_user+0x10a/0x160 [ 1103.520064][T15464] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1103.520088][T15464] ___sys_sendmsg+0x134/0x1d0 [ 1103.520101][T15464] ? futex_private_hash_put+0x176/0x300 [ 1103.520119][T15464] ? __pfx____sys_sendmsg+0x10/0x10 [ 1103.520132][T15464] ? __lock_acquire+0x622/0x1c90 [ 1103.520169][T15464] __sys_sendmsg+0x16d/0x220 [ 1103.520183][T15464] ? __pfx___sys_sendmsg+0x10/0x10 [ 1103.520196][T15464] ? __x64_sys_futex+0x1e0/0x4c0 [ 1103.520215][T15464] do_syscall_64+0xcd/0x4c0 [ 1103.520230][T15464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1103.520241][T15464] RIP: 0033:0x7f33ce98e9a9 [ 1103.520251][T15464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1103.520262][T15464] RSP: 002b:00007f33cf862038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1103.520273][T15464] RAX: ffffffffffffffda RBX: 00007f33cebb5fa0 RCX: 00007f33ce98e9a9 [ 1103.520279][T15464] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1103.520286][T15464] RBP: 00007f33cea10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1103.520292][T15464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1103.520298][T15464] R13: 0000000000000000 R14: 00007f33cebb5fa0 R15: 00007ffdcbb8d2b8 [ 1103.520312][T15464] [ 1104.002313][T15468] netlink: 'syz.5.2203': attribute type 20 has an invalid length. [ 1104.496274][T15473] netlink: 'syz.3.2204': attribute type 21 has an invalid length. [ 1104.504646][T15473] netlink: 'syz.3.2204': attribute type 6 has an invalid length. [ 1104.512790][T15473] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2204'. [ 1105.490644][T14211] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 1105.506589][T14211] Bluetooth: hci1: command 0x1003 tx timeout [ 1105.508556][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1106.543778][ T6365] Bluetooth: hci1: Frame reassembly failed (-90) [ 1106.688710][T15498] netlink: 'syz.3.2210': attribute type 20 has an invalid length. [ 1106.946386][T15502] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2213'. [ 1107.430702][T15502] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.2213'. [ 1107.465582][T15502] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1107.476436][T15502] CPU: 1 UID: 0 PID: 15502 Comm: syz.2.2213 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1107.476463][T15502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1107.476474][T15502] Call Trace: [ 1107.476482][T15502] [ 1107.476489][T15502] dump_stack_lvl+0x16c/0x1f0 [ 1107.476515][T15502] sysfs_warn_dup+0x7f/0xa0 [ 1107.476537][T15502] sysfs_do_create_link_sd+0x124/0x140 [ 1107.476562][T15502] sysfs_create_link+0x61/0xc0 [ 1107.476583][T15502] device_add+0x62c/0x1a70 [ 1107.476613][T15502] ? __pfx_device_add+0x10/0x10 [ 1107.476639][T15502] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1107.476664][T15502] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1107.476693][T15502] wiphy_register+0x1c9c/0x2850 [ 1107.476712][T15502] ? netdev_run_todo+0x864/0x1320 [ 1107.476726][T15502] ? __dev_printk+0x260/0x270 [ 1107.476741][T15502] ? __pfx_wiphy_register+0x10/0x10 [ 1107.476764][T15502] ieee80211_register_hw+0x24ac/0x4140 [ 1107.476786][T15502] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1107.476803][T15502] ? find_held_lock+0x2b/0x80 [ 1107.476819][T15502] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1107.476833][T15502] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1107.476851][T15502] ? __hrtimer_setup+0x176/0x280 [ 1107.476865][T15502] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1107.476886][T15502] ? trace_kmalloc+0x2b/0xd0 [ 1107.476898][T15502] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1107.476911][T15502] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1107.476923][T15502] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1107.476936][T15502] ? __asan_memcpy+0x3c/0x60 [ 1107.476954][T15502] hwsim_new_radio_nl+0xb51/0x12c0 [ 1107.476969][T15502] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1107.476989][T15502] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1107.477010][T15502] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1107.477030][T15502] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1107.477049][T15502] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1107.477072][T15502] ? bpf_lsm_capable+0x9/0x10 [ 1107.477087][T15502] ? security_capable+0x7e/0x260 [ 1107.477106][T15502] ? ns_capable+0xd7/0x110 [ 1107.477121][T15502] genl_rcv_msg+0x55c/0x800 [ 1107.477132][T15502] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1107.477143][T15502] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1107.477161][T15502] netlink_rcv_skb+0x155/0x420 [ 1107.477176][T15502] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1107.477186][T15502] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1107.477208][T15502] ? netlink_deliver_tap+0x1ae/0xd30 [ 1107.477225][T15502] genl_rcv+0x28/0x40 [ 1107.477246][T15502] netlink_unicast+0x58d/0x850 [ 1107.477264][T15502] ? __pfx_netlink_unicast+0x10/0x10 [ 1107.477278][T15502] ? __build_skb_around+0x278/0x3b0 [ 1107.477302][T15502] netlink_sendmsg+0x8d1/0xdd0 [ 1107.477320][T15502] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1107.477342][T15502] ____sys_sendmsg+0xa98/0xc70 [ 1107.477361][T15502] ? copy_msghdr_from_user+0x10a/0x160 [ 1107.477375][T15502] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1107.477399][T15502] ___sys_sendmsg+0x134/0x1d0 [ 1107.477412][T15502] ? futex_private_hash_put+0x176/0x300 [ 1107.477430][T15502] ? __pfx____sys_sendmsg+0x10/0x10 [ 1107.477442][T15502] ? __lock_acquire+0x622/0x1c90 [ 1107.477489][T15502] __sys_sendmsg+0x16d/0x220 [ 1107.477510][T15502] ? __pfx___sys_sendmsg+0x10/0x10 [ 1107.477524][T15502] ? __x64_sys_futex+0x1e0/0x4c0 [ 1107.477543][T15502] do_syscall_64+0xcd/0x4c0 [ 1107.477558][T15502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1107.477569][T15502] RIP: 0033:0x7f5c3618e9a9 [ 1107.477580][T15502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1107.477591][T15502] RSP: 002b:00007f5c36f2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1107.477602][T15502] RAX: ffffffffffffffda RBX: 00007f5c363b5fa0 RCX: 00007f5c3618e9a9 [ 1107.477609][T15502] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1107.477615][T15502] RBP: 00007f5c36210d69 R08: 0000000000000000 R09: 0000000000000000 [ 1107.477621][T15502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1107.477627][T15502] R13: 0000000000000000 R14: 00007f5c363b5fa0 R15: 00007fffbd1daab8 [ 1107.477642][T15502] [ 1108.748195][ T51] Bluetooth: hci1: command 0x1003 tx timeout [ 1108.761794][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1115.465411][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.471743][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1115.733819][T15581] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2231'. [ 1116.338577][T15581] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.2231'. [ 1116.481462][T15581] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1116.494500][T15581] CPU: 0 UID: 0 PID: 15581 Comm: syz.0.2231 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1116.494518][T15581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1116.494526][T15581] Call Trace: [ 1116.494531][T15581] [ 1116.494536][T15581] dump_stack_lvl+0x16c/0x1f0 [ 1116.494554][T15581] sysfs_warn_dup+0x7f/0xa0 [ 1116.494569][T15581] sysfs_do_create_link_sd+0x124/0x140 [ 1116.494584][T15581] sysfs_create_link+0x61/0xc0 [ 1116.494597][T15581] device_add+0x62c/0x1a70 [ 1116.494616][T15581] ? __pfx_device_add+0x10/0x10 [ 1116.494632][T15581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1116.494647][T15581] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1116.494665][T15581] wiphy_register+0x1c9c/0x2850 [ 1116.494681][T15581] ? netdev_run_todo+0x864/0x1320 [ 1116.494696][T15581] ? __dev_printk+0x260/0x270 [ 1116.494710][T15581] ? __pfx_wiphy_register+0x10/0x10 [ 1116.494734][T15581] ieee80211_register_hw+0x24ac/0x4140 [ 1116.494755][T15581] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1116.494773][T15581] ? find_held_lock+0x2b/0x80 [ 1116.494788][T15581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1116.494801][T15581] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1116.494819][T15581] ? __hrtimer_setup+0x176/0x280 [ 1116.494832][T15581] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1116.494853][T15581] ? trace_kmalloc+0x2b/0xd0 [ 1116.494866][T15581] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1116.494878][T15581] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1116.494890][T15581] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1116.494903][T15581] ? __asan_memcpy+0x3c/0x60 [ 1116.494921][T15581] hwsim_new_radio_nl+0xb51/0x12c0 [ 1116.494937][T15581] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1116.494955][T15581] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1116.494973][T15581] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1116.494994][T15581] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1116.495012][T15581] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1116.495034][T15581] ? bpf_lsm_capable+0x9/0x10 [ 1116.495048][T15581] ? security_capable+0x7e/0x260 [ 1116.495065][T15581] ? ns_capable+0xd7/0x110 [ 1116.495079][T15581] genl_rcv_msg+0x55c/0x800 [ 1116.495091][T15581] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1116.495101][T15581] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1116.495119][T15581] netlink_rcv_skb+0x155/0x420 [ 1116.495134][T15581] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1116.495145][T15581] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1116.495166][T15581] ? netlink_deliver_tap+0x1ae/0xd30 [ 1116.495190][T15581] genl_rcv+0x28/0x40 [ 1116.495206][T15581] netlink_unicast+0x58d/0x850 [ 1116.495226][T15581] ? __pfx_netlink_unicast+0x10/0x10 [ 1116.495242][T15581] ? __build_skb_around+0x278/0x3b0 [ 1116.495264][T15581] netlink_sendmsg+0x8d1/0xdd0 [ 1116.495283][T15581] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1116.495306][T15581] ____sys_sendmsg+0xa98/0xc70 [ 1116.495323][T15581] ? copy_msghdr_from_user+0x10a/0x160 [ 1116.495337][T15581] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1116.495357][T15581] ? __pfx_futex_wake_mark+0x10/0x10 [ 1116.495371][T15581] ___sys_sendmsg+0x134/0x1d0 [ 1116.495383][T15581] ? futex_private_hash_put+0x176/0x300 [ 1116.495400][T15581] ? __pfx____sys_sendmsg+0x10/0x10 [ 1116.495412][T15581] ? __lock_acquire+0x622/0x1c90 [ 1116.495446][T15581] __sys_sendmsg+0x16d/0x220 [ 1116.495459][T15581] ? __pfx___sys_sendmsg+0x10/0x10 [ 1116.495472][T15581] ? __x64_sys_futex+0x1e0/0x4c0 [ 1116.495490][T15581] do_syscall_64+0xcd/0x4c0 [ 1116.495505][T15581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1116.495517][T15581] RIP: 0033:0x7f33ce98e9a9 [ 1116.495527][T15581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1116.495542][T15581] RSP: 002b:00007f33cf862038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1116.495553][T15581] RAX: ffffffffffffffda RBX: 00007f33cebb5fa0 RCX: 00007f33ce98e9a9 [ 1116.495562][T15581] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1116.495569][T15581] RBP: 00007f33cea10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1116.495577][T15581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1116.495584][T15581] R13: 0000000000000000 R14: 00007f33cebb5fa0 R15: 00007ffdcbb8d2b8 [ 1116.495598][T15581] [ 1117.748748][T15599] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2236'. [ 1118.179140][T15608] netlink: 'syz.5.2239': attribute type 20 has an invalid length. [ 1118.467492][T15610] netlink: 'syz.0.2237': attribute type 21 has an invalid length. [ 1118.475751][T15610] netlink: 'syz.0.2237': attribute type 6 has an invalid length. [ 1118.483673][T15610] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2237'. [ 1122.738110][T15660] netlink: 'syz.0.2253': attribute type 20 has an invalid length. [ 1123.016234][T15663] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2251'. [ 1123.039315][T15663] netlink: 4400 bytes leftover after parsing attributes in process `syz.5.2251'. [ 1123.199017][T15664] netlink: 'syz.4.2252': attribute type 21 has an invalid length. [ 1123.215027][T15664] netlink: 'syz.4.2252': attribute type 6 has an invalid length. [ 1123.223210][T15664] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2252'. [ 1123.627380][T15663] debugfs: 'Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' already exists in 'ieee80211' [ 1124.052068][ T36] Bluetooth: hci1: Frame reassembly failed (-84) [ 1124.512096][T15682] netlink: 'syz.3.2258': attribute type 21 has an invalid length. [ 1124.520561][T15682] netlink: 'syz.3.2258': attribute type 6 has an invalid length. [ 1124.528424][T15682] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2258'. [ 1126.102469][ T51] Bluetooth: hci1: command 0x1003 tx timeout [ 1126.109509][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1127.055207][T15714] netlink: 'syz.3.2265': attribute type 21 has an invalid length. [ 1127.063664][T15714] netlink: 'syz.3.2265': attribute type 6 has an invalid length. [ 1127.071645][T15714] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2265'. [ 1128.888653][T15739] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 1128.895202][T15739] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1128.983045][T15739] vhci_hcd vhci_hcd.0: Device attached [ 1129.008918][T15743] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(10) [ 1129.015563][T15743] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1129.085659][T15743] vhci_hcd vhci_hcd.0: Device attached [ 1129.174191][ T5937] vhci_hcd: vhci_device speed not set [ 1129.266222][T15744] vhci_hcd: connection closed [ 1129.266363][T15741] vhci_hcd: connection closed [ 1129.276872][ T5937] usb 39-1: new low-speed USB device number 8 using vhci_hcd [ 1129.280486][ T49] vhci_hcd: stop threads [ 1129.317479][T15742] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 1129.323602][ T49] vhci_hcd: release socket [ 1129.328264][ T49] vhci_hcd: disconnect device [ 1129.338185][ T49] vhci_hcd: stop threads [ 1129.345175][ T49] vhci_hcd: release socket [ 1129.352312][ T49] vhci_hcd: disconnect device [ 1132.960333][T15786] netlink: 'syz.2.2281': attribute type 21 has an invalid length. [ 1132.968577][T15786] netlink: 'syz.2.2281': attribute type 6 has an invalid length. [ 1132.977876][T15786] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2281'. [ 1133.735961][T15795] netlink: 'syz.3.2284': attribute type 21 has an invalid length. [ 1133.744204][T15795] netlink: 'syz.3.2284': attribute type 6 has an invalid length. [ 1133.752110][T15795] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2284'. [ 1134.312275][T15807] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(10) [ 1134.318928][T15807] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1134.401988][ T5937] vhci_hcd: vhci_device speed not set [ 1134.421735][T15802] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 1134.428260][T15802] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1134.460463][T15802] vhci_hcd vhci_hcd.0: Device attached [ 1134.620406][T15807] vhci_hcd vhci_hcd.0: Device attached [ 1134.673342][ T10] usb 41-2: new low-speed USB device number 14 using vhci_hcd [ 1134.959162][T15818] netlink: 'syz.3.2287': attribute type 21 has an invalid length. [ 1134.967486][T15818] netlink: 'syz.3.2287': attribute type 6 has an invalid length. [ 1134.975507][T15818] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2287'. [ 1135.107644][T15808] vhci_hcd: connection reset by peer [ 1135.130560][T15805] vhci_hcd: connection closed [ 1135.190517][ T49] vhci_hcd: stop threads [ 1135.210764][ T49] vhci_hcd: release socket [ 1135.481208][ T49] vhci_hcd: disconnect device [ 1135.486207][ T49] vhci_hcd: stop threads [ 1135.490441][ T49] vhci_hcd: release socket [ 1135.515479][ T49] vhci_hcd: disconnect device [ 1137.072697][T15839] netlink: 'syz.3.2294': attribute type 20 has an invalid length. [ 1138.300637][T15848] netlink: 'syz.5.2297': attribute type 21 has an invalid length. [ 1138.308629][T15848] netlink: 'syz.5.2297': attribute type 6 has an invalid length. [ 1138.316552][T15848] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2297'. [ 1138.630670][ T49] Bluetooth: hci1: Frame reassembly failed (-84) [ 1139.289578][T15870] netlink: 'syz.5.2301': attribute type 21 has an invalid length. [ 1139.298859][T15870] netlink: 'syz.5.2301': attribute type 6 has an invalid length. [ 1139.306822][T15870] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2301'. [ 1139.576004][T15869] netlink: 'syz.3.2302': attribute type 20 has an invalid length. [ 1139.842001][ T10] vhci_hcd: vhci_device speed not set [ 1140.546011][T15881] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2305'. [ 1140.569459][T15881] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.2305'. [ 1140.587180][T15881] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1140.605854][T15881] CPU: 1 UID: 0 PID: 15881 Comm: syz.2.2305 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1140.605884][T15881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1140.605895][T15881] Call Trace: [ 1140.605902][T15881] [ 1140.605910][T15881] dump_stack_lvl+0x16c/0x1f0 [ 1140.605935][T15881] sysfs_warn_dup+0x7f/0xa0 [ 1140.605957][T15881] sysfs_do_create_link_sd+0x124/0x140 [ 1140.605980][T15881] sysfs_create_link+0x61/0xc0 [ 1140.606000][T15881] device_add+0x62c/0x1a70 [ 1140.606027][T15881] ? __pfx_device_add+0x10/0x10 [ 1140.606049][T15881] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1140.606072][T15881] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1140.606099][T15881] wiphy_register+0x1c9c/0x2850 [ 1140.606122][T15881] ? netdev_run_todo+0x864/0x1320 [ 1140.606144][T15881] ? __dev_printk+0x260/0x270 [ 1140.606166][T15881] ? __pfx_wiphy_register+0x10/0x10 [ 1140.606205][T15881] ieee80211_register_hw+0x24ac/0x4140 [ 1140.606238][T15881] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1140.606264][T15881] ? find_held_lock+0x2b/0x80 [ 1140.606285][T15881] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1140.606306][T15881] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1140.606330][T15881] ? __hrtimer_setup+0x176/0x280 [ 1140.606352][T15881] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1140.606386][T15881] ? trace_kmalloc+0x2b/0xd0 [ 1140.606406][T15881] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1140.606425][T15881] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1140.606446][T15881] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1140.606468][T15881] ? __asan_memcpy+0x3c/0x60 [ 1140.606490][T15881] hwsim_new_radio_nl+0xb51/0x12c0 [ 1140.606504][T15881] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1140.606522][T15881] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1140.606541][T15881] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1140.606562][T15881] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1140.606581][T15881] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1140.606603][T15881] ? bpf_lsm_capable+0x9/0x10 [ 1140.606618][T15881] ? security_capable+0x7e/0x260 [ 1140.606635][T15881] ? ns_capable+0xd7/0x110 [ 1140.606649][T15881] genl_rcv_msg+0x55c/0x800 [ 1140.606661][T15881] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1140.606671][T15881] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1140.606689][T15881] netlink_rcv_skb+0x155/0x420 [ 1140.606704][T15881] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1140.606715][T15881] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1140.606736][T15881] ? netlink_deliver_tap+0x1ae/0xd30 [ 1140.606753][T15881] genl_rcv+0x28/0x40 [ 1140.606768][T15881] netlink_unicast+0x58d/0x850 [ 1140.606786][T15881] ? __pfx_netlink_unicast+0x10/0x10 [ 1140.606800][T15881] ? __build_skb_around+0x278/0x3b0 [ 1140.606828][T15881] netlink_sendmsg+0x8d1/0xdd0 [ 1140.606847][T15881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1140.606870][T15881] ____sys_sendmsg+0xa98/0xc70 [ 1140.606887][T15881] ? copy_msghdr_from_user+0x10a/0x160 [ 1140.606901][T15881] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1140.606926][T15881] ___sys_sendmsg+0x134/0x1d0 [ 1140.606939][T15881] ? futex_private_hash_put+0x176/0x300 [ 1140.606956][T15881] ? __pfx____sys_sendmsg+0x10/0x10 [ 1140.606969][T15881] ? __lock_acquire+0x622/0x1c90 [ 1140.607004][T15881] __sys_sendmsg+0x16d/0x220 [ 1140.607017][T15881] ? __pfx___sys_sendmsg+0x10/0x10 [ 1140.607030][T15881] ? __x64_sys_futex+0x1e0/0x4c0 [ 1140.607049][T15881] do_syscall_64+0xcd/0x4c0 [ 1140.607065][T15881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1140.607078][T15881] RIP: 0033:0x7f5c3618e9a9 [ 1140.607088][T15881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1140.607100][T15881] RSP: 002b:00007f5c36f2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1140.607113][T15881] RAX: ffffffffffffffda RBX: 00007f5c363b5fa0 RCX: 00007f5c3618e9a9 [ 1140.607121][T15881] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1140.607128][T15881] RBP: 00007f5c36210d69 R08: 0000000000000000 R09: 0000000000000000 [ 1140.607135][T15881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1140.607143][T15881] R13: 0000000000000000 R14: 00007f5c363b5fa0 R15: 00007fffbd1daab8 [ 1140.607158][T15881] [ 1141.026747][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1141.518759][T15891] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2306'. [ 1141.568067][T15886] binder: BINDER_SET_CONTEXT_MGR already set [ 1141.574491][T15886] binder: 15885:15886 ioctl 4018620d 2000000002c0 returned -16 [ 1145.320450][T15921] 9pnet_fd: Insufficient options for proto=fd [ 1146.148892][T15927] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(10) [ 1146.155620][T15927] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1146.185801][T15929] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(13) [ 1146.192727][T15929] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1146.204947][T15927] vhci_hcd vhci_hcd.0: Device attached [ 1146.204959][T15929] vhci_hcd vhci_hcd.0: Device attached [ 1146.349434][T15935] vhci_hcd: connection closed [ 1146.378744][ T36] vhci_hcd: stop threads [ 1146.391989][ T43] vhci_hcd: vhci_device speed not set [ 1146.412026][ T36] vhci_hcd: release socket [ 1146.417359][T15933] vhci_hcd: connection closed [ 1146.686515][ T43] usb 41-1: new full-speed USB device number 15 using vhci_hcd [ 1146.738026][ T36] vhci_hcd: disconnect device [ 1146.766540][ T36] vhci_hcd: stop threads [ 1146.770877][ T36] vhci_hcd: release socket [ 1146.792940][ T36] vhci_hcd: disconnect device [ 1146.839986][ T43] usb 41-1: enqueue for inactive port 0 [ 1147.111952][ T43] vhci_hcd: vhci_device speed not set [ 1148.068512][T15956] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7) [ 1148.075079][T15956] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1148.105353][T15956] vhci_hcd vhci_hcd.0: Device attached [ 1148.565596][T15958] vhci_hcd: connection closed [ 1148.579719][T11177] vhci_hcd: stop threads [ 1148.629461][T11177] vhci_hcd: release socket [ 1148.708236][T11177] vhci_hcd: disconnect device [ 1148.752085][ T10] vhci_hcd: vhci_device speed not set [ 1153.689298][ T6059] Bluetooth: hci1: Frame reassembly failed (-90) [ 1153.785991][T16017] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 1153.792521][T16017] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1153.834678][T16017] vhci_hcd vhci_hcd.0: Device attached [ 1153.934597][T16024] vhci_hcd: connection closed [ 1153.968069][ T6365] vhci_hcd: stop threads [ 1154.011295][ T6365] vhci_hcd: release socket [ 1154.047418][ T6365] vhci_hcd: disconnect device [ 1154.057424][T16026] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2339'. [ 1154.083847][ T10] usb 41-1: new low-speed USB device number 16 using vhci_hcd [ 1154.091641][ T10] usb 41-1: enqueue for inactive port 0 [ 1154.155663][T16026] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.2339'. [ 1154.164921][ T10] vhci_hcd: vhci_device speed not set [ 1154.193802][T16026] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1154.244378][T16026] CPU: 0 UID: 0 PID: 16026 Comm: syz.2.2339 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1154.244410][T16026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1154.244422][T16026] Call Trace: [ 1154.244429][T16026] [ 1154.244436][T16026] dump_stack_lvl+0x16c/0x1f0 [ 1154.244463][T16026] sysfs_warn_dup+0x7f/0xa0 [ 1154.244487][T16026] sysfs_do_create_link_sd+0x124/0x140 [ 1154.244512][T16026] sysfs_create_link+0x61/0xc0 [ 1154.244536][T16026] device_add+0x62c/0x1a70 [ 1154.244565][T16026] ? __pfx_device_add+0x10/0x10 [ 1154.244589][T16026] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1154.244613][T16026] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1154.244642][T16026] wiphy_register+0x1c9c/0x2850 [ 1154.244669][T16026] ? netdev_run_todo+0x864/0x1320 [ 1154.244693][T16026] ? __dev_printk+0x260/0x270 [ 1154.244718][T16026] ? __pfx_wiphy_register+0x10/0x10 [ 1154.244759][T16026] ieee80211_register_hw+0x24ac/0x4140 [ 1154.244794][T16026] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1154.244821][T16026] ? find_held_lock+0x2b/0x80 [ 1154.244842][T16026] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1154.244864][T16026] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1154.244891][T16026] ? __hrtimer_setup+0x176/0x280 [ 1154.244914][T16026] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1154.244951][T16026] ? trace_kmalloc+0x2b/0xd0 [ 1154.244972][T16026] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1154.244992][T16026] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1154.245012][T16026] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1154.245040][T16026] ? __asan_memcpy+0x3c/0x60 [ 1154.245069][T16026] hwsim_new_radio_nl+0xb51/0x12c0 [ 1154.245092][T16026] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1154.245122][T16026] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1154.245152][T16026] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1154.245183][T16026] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1154.245210][T16026] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1154.245242][T16026] ? bpf_lsm_capable+0x9/0x10 [ 1154.245262][T16026] ? security_capable+0x7e/0x260 [ 1154.245286][T16026] ? ns_capable+0xd7/0x110 [ 1154.245309][T16026] genl_rcv_msg+0x55c/0x800 [ 1154.245326][T16026] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1154.245342][T16026] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1154.245372][T16026] netlink_rcv_skb+0x155/0x420 [ 1154.245395][T16026] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1154.245411][T16026] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1154.245446][T16026] ? netlink_deliver_tap+0x1ae/0xd30 [ 1154.245473][T16026] genl_rcv+0x28/0x40 [ 1154.245496][T16026] netlink_unicast+0x58d/0x850 [ 1154.245522][T16026] ? __pfx_netlink_unicast+0x10/0x10 [ 1154.245545][T16026] ? __build_skb_around+0x278/0x3b0 [ 1154.245578][T16026] netlink_sendmsg+0x8d1/0xdd0 [ 1154.245604][T16026] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1154.245636][T16026] ____sys_sendmsg+0xa98/0xc70 [ 1154.245663][T16026] ? copy_msghdr_from_user+0x10a/0x160 [ 1154.245684][T16026] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1154.245714][T16026] ? __pfx_futex_wake_mark+0x10/0x10 [ 1154.245738][T16026] ___sys_sendmsg+0x134/0x1d0 [ 1154.245756][T16026] ? futex_private_hash_put+0x176/0x300 [ 1154.245780][T16026] ? __pfx____sys_sendmsg+0x10/0x10 [ 1154.245797][T16026] ? __lock_acquire+0x622/0x1c90 [ 1154.245855][T16026] __sys_sendmsg+0x16d/0x220 [ 1154.245874][T16026] ? __pfx___sys_sendmsg+0x10/0x10 [ 1154.245893][T16026] ? __x64_sys_futex+0x1e0/0x4c0 [ 1154.245922][T16026] do_syscall_64+0xcd/0x4c0 [ 1154.245944][T16026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1154.245963][T16026] RIP: 0033:0x7f5c3618e9a9 [ 1154.245978][T16026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1154.245995][T16026] RSP: 002b:00007f5c36f2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1154.246013][T16026] RAX: ffffffffffffffda RBX: 00007f5c363b5fa0 RCX: 00007f5c3618e9a9 [ 1154.246026][T16026] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1154.246045][T16026] RBP: 00007f5c36210d69 R08: 0000000000000000 R09: 0000000000000000 [ 1154.246058][T16026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1154.246070][T16026] R13: 0000000000000000 R14: 00007f5c363b5fa0 R15: 00007fffbd1daab8 [ 1154.246096][T16026] [ 1155.692092][ T5832] Bluetooth: hci1: command 0x1003 tx timeout [ 1155.692332][ T51] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1156.880529][T16049] netlink: 'syz.3.2345': attribute type 21 has an invalid length. [ 1156.888492][T16049] netlink: 'syz.3.2345': attribute type 6 has an invalid length. [ 1156.896350][T16049] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2345'. [ 1156.994529][T16056] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2347'. [ 1157.007853][T16056] binder: BINDER_SET_CONTEXT_MGR already set [ 1157.013918][T16056] binder: 16055:16056 ioctl 4018620d 2000000002c0 returned -16 [ 1157.023443][T16056] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.2347'. [ 1157.034007][T16056] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1157.072021][T16056] CPU: 1 UID: 0 PID: 16056 Comm: syz.2.2347 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1157.072049][T16056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1157.072060][T16056] Call Trace: [ 1157.072066][T16056] [ 1157.072073][T16056] dump_stack_lvl+0x16c/0x1f0 [ 1157.072098][T16056] sysfs_warn_dup+0x7f/0xa0 [ 1157.072121][T16056] sysfs_do_create_link_sd+0x124/0x140 [ 1157.072145][T16056] sysfs_create_link+0x61/0xc0 [ 1157.072164][T16056] device_add+0x62c/0x1a70 [ 1157.072192][T16056] ? __pfx_device_add+0x10/0x10 [ 1157.072214][T16056] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1157.072237][T16056] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1157.072264][T16056] wiphy_register+0x1c9c/0x2850 [ 1157.072290][T16056] ? netdev_run_todo+0x864/0x1320 [ 1157.072314][T16056] ? __dev_printk+0x260/0x270 [ 1157.072336][T16056] ? __pfx_wiphy_register+0x10/0x10 [ 1157.072374][T16056] ieee80211_register_hw+0x24ac/0x4140 [ 1157.072408][T16056] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1157.072435][T16056] ? find_held_lock+0x2b/0x80 [ 1157.072458][T16056] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1157.072481][T16056] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1157.072509][T16056] ? __hrtimer_setup+0x176/0x280 [ 1157.072533][T16056] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1157.072569][T16056] ? trace_kmalloc+0x2b/0xd0 [ 1157.072589][T16056] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1157.072609][T16056] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1157.072631][T16056] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1157.072653][T16056] ? __asan_memcpy+0x3c/0x60 [ 1157.072683][T16056] hwsim_new_radio_nl+0xb51/0x12c0 [ 1157.072707][T16056] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1157.072738][T16056] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1157.072775][T16056] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1157.072812][T16056] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1157.072845][T16056] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1157.072887][T16056] ? bpf_lsm_capable+0x9/0x10 [ 1157.072911][T16056] ? security_capable+0x7e/0x260 [ 1157.072940][T16056] ? ns_capable+0xd7/0x110 [ 1157.072963][T16056] genl_rcv_msg+0x55c/0x800 [ 1157.072983][T16056] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1157.073001][T16056] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1157.073030][T16056] netlink_rcv_skb+0x155/0x420 [ 1157.073056][T16056] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1157.073073][T16056] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1157.073108][T16056] ? netlink_deliver_tap+0x1ae/0xd30 [ 1157.073133][T16056] genl_rcv+0x28/0x40 [ 1157.073156][T16056] netlink_unicast+0x58d/0x850 [ 1157.073182][T16056] ? __pfx_netlink_unicast+0x10/0x10 [ 1157.073202][T16056] ? __build_skb_around+0x278/0x3b0 [ 1157.073242][T16056] netlink_sendmsg+0x8d1/0xdd0 [ 1157.073270][T16056] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1157.073305][T16056] ____sys_sendmsg+0xa98/0xc70 [ 1157.073332][T16056] ? copy_msghdr_from_user+0x10a/0x160 [ 1157.073350][T16056] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1157.073385][T16056] ___sys_sendmsg+0x134/0x1d0 [ 1157.073405][T16056] ? futex_private_hash_put+0x176/0x300 [ 1157.073435][T16056] ? __pfx____sys_sendmsg+0x10/0x10 [ 1157.073453][T16056] ? __lock_acquire+0x622/0x1c90 [ 1157.073511][T16056] __sys_sendmsg+0x16d/0x220 [ 1157.073533][T16056] ? __pfx___sys_sendmsg+0x10/0x10 [ 1157.073554][T16056] ? __x64_sys_futex+0x1e0/0x4c0 [ 1157.073588][T16056] do_syscall_64+0xcd/0x4c0 [ 1157.073608][T16056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1157.073625][T16056] RIP: 0033:0x7f5c3618e9a9 [ 1157.073641][T16056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1157.073659][T16056] RSP: 002b:00007f5c36f2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1157.073677][T16056] RAX: ffffffffffffffda RBX: 00007f5c363b5fa0 RCX: 00007f5c3618e9a9 [ 1157.073689][T16056] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1157.073699][T16056] RBP: 00007f5c36210d69 R08: 0000000000000000 R09: 0000000000000000 [ 1157.073709][T16056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1157.073718][T16056] R13: 0000000000000000 R14: 00007f5c363b5fa0 R15: 00007fffbd1daab8 [ 1157.073739][T16056] [ 1158.275818][T16067] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2350'. [ 1158.573894][T16072] binder: BINDER_SET_CONTEXT_MGR already set [ 1158.579934][T16072] binder: 16064:16072 ioctl 4018620d 2000000002c0 returned -16 [ 1158.596924][T16072] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.2350'. [ 1158.608073][T16072] debugfs: 'Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²ÿ' already exists in 'ieee80211' [ 1159.756323][ T6534] Bluetooth: hci1: Frame reassembly failed (-90) [ 1160.171364][T16095] netlink: 'syz.3.2357': attribute type 21 has an invalid length. [ 1160.179883][T16095] netlink: 'syz.3.2357': attribute type 6 has an invalid length. [ 1160.187823][T16095] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2357'. [ 1161.696061][ T12] Bluetooth: hci6: Frame reassembly failed (-84) [ 1161.772028][T14211] Bluetooth: hci1: command 0x1003 tx timeout [ 1161.779783][ T51] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1162.957527][T16128] netlink: 'syz.3.2365': attribute type 21 has an invalid length. [ 1162.965740][T16128] netlink: 'syz.3.2365': attribute type 6 has an invalid length. [ 1162.973771][T16128] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2365'. [ 1163.691940][ T5832] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1167.762413][T16178] netlink: 'syz.0.2376': attribute type 21 has an invalid length. [ 1167.770459][T16178] netlink: 'syz.0.2376': attribute type 6 has an invalid length. [ 1167.778280][T16178] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2376'. [ 1168.058373][T16181] netlink: 'syz.5.2379': attribute type 21 has an invalid length. [ 1168.066831][T16181] netlink: 'syz.5.2379': attribute type 6 has an invalid length. [ 1168.074684][T16181] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2379'. [ 1168.599638][T16191] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2381'. [ 1168.669084][T16195] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.2381'. [ 1168.690143][T16195] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1168.700728][T16191] binder: BINDER_SET_CONTEXT_MGR already set [ 1168.701050][T16195] CPU: 0 UID: 0 PID: 16195 Comm: syz.0.2381 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1168.701073][T16195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1168.701083][T16195] Call Trace: [ 1168.701089][T16195] [ 1168.701095][T16195] dump_stack_lvl+0x16c/0x1f0 [ 1168.701120][T16195] sysfs_warn_dup+0x7f/0xa0 [ 1168.701140][T16195] sysfs_do_create_link_sd+0x124/0x140 [ 1168.701165][T16195] sysfs_create_link+0x61/0xc0 [ 1168.701185][T16195] device_add+0x62c/0x1a70 [ 1168.701211][T16195] ? __pfx_device_add+0x10/0x10 [ 1168.701233][T16195] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1168.701254][T16195] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1168.701281][T16195] wiphy_register+0x1c9c/0x2850 [ 1168.701304][T16195] ? netdev_run_todo+0x864/0x1320 [ 1168.701325][T16195] ? __dev_printk+0x260/0x270 [ 1168.701346][T16195] ? __pfx_wiphy_register+0x10/0x10 [ 1168.701381][T16195] ieee80211_register_hw+0x24ac/0x4140 [ 1168.701412][T16195] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1168.701437][T16195] ? find_held_lock+0x2b/0x80 [ 1168.701457][T16195] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1168.701478][T16195] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1168.701503][T16195] ? __hrtimer_setup+0x176/0x280 [ 1168.701523][T16195] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1168.701554][T16195] ? trace_kmalloc+0x2b/0xd0 [ 1168.701571][T16195] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1168.701588][T16195] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1168.701605][T16195] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1168.701625][T16195] ? __asan_memcpy+0x3c/0x60 [ 1168.701651][T16195] hwsim_new_radio_nl+0xb51/0x12c0 [ 1168.701672][T16195] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1168.701697][T16195] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1168.701723][T16195] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1168.701753][T16195] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1168.701779][T16195] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1168.701811][T16195] ? bpf_lsm_capable+0x9/0x10 [ 1168.701832][T16195] ? security_capable+0x7e/0x260 [ 1168.701861][T16195] ? ns_capable+0xd7/0x110 [ 1168.701882][T16195] genl_rcv_msg+0x55c/0x800 [ 1168.701899][T16195] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1168.701915][T16195] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1168.701947][T16195] netlink_rcv_skb+0x155/0x420 [ 1168.701969][T16195] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1168.701985][T16195] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1168.702017][T16195] ? netlink_deliver_tap+0x1ae/0xd30 [ 1168.702041][T16195] genl_rcv+0x28/0x40 [ 1168.702062][T16195] netlink_unicast+0x58d/0x850 [ 1168.702088][T16195] ? __pfx_netlink_unicast+0x10/0x10 [ 1168.702109][T16195] ? __build_skb_around+0x278/0x3b0 [ 1168.702144][T16195] netlink_sendmsg+0x8d1/0xdd0 [ 1168.702172][T16195] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1168.702203][T16195] ____sys_sendmsg+0xa98/0xc70 [ 1168.702227][T16195] ? copy_msghdr_from_user+0x10a/0x160 [ 1168.702245][T16195] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1168.702273][T16195] ? __pfx_futex_wake_mark+0x10/0x10 [ 1168.702295][T16195] ___sys_sendmsg+0x134/0x1d0 [ 1168.702311][T16195] ? futex_private_hash_put+0x176/0x300 [ 1168.702335][T16195] ? __pfx____sys_sendmsg+0x10/0x10 [ 1168.702352][T16195] ? __lock_acquire+0x622/0x1c90 [ 1168.702406][T16195] __sys_sendmsg+0x16d/0x220 [ 1168.702426][T16195] ? __pfx___sys_sendmsg+0x10/0x10 [ 1168.702444][T16195] ? __x64_sys_futex+0x1e0/0x4c0 [ 1168.702472][T16195] do_syscall_64+0xcd/0x4c0 [ 1168.702493][T16195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1168.702509][T16195] RIP: 0033:0x7f33ce98e9a9 [ 1168.702523][T16195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1168.702537][T16195] RSP: 002b:00007f33cf841038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1168.702553][T16195] RAX: ffffffffffffffda RBX: 00007f33cebb6080 RCX: 00007f33ce98e9a9 [ 1168.702563][T16195] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1168.702572][T16195] RBP: 00007f33cea10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1168.702582][T16195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1168.702591][T16195] R13: 0000000000000000 R14: 00007f33cebb6080 R15: 00007ffdcbb8d2b8 [ 1168.702613][T16195] [ 1169.385137][T16191] binder: 16190:16191 ioctl 4018620d 200000000240 returned -16 [ 1171.030689][ T6365] Bluetooth: hci1: Frame reassembly failed (-90) [ 1172.972879][ T51] Bluetooth: hci1: command 0x1003 tx timeout [ 1172.979800][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1173.367896][T16237] netlink: 'syz.3.2393': attribute type 21 has an invalid length. [ 1173.376115][T16237] netlink: 'syz.3.2393': attribute type 6 has an invalid length. [ 1173.384126][T16237] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2393'. [ 1176.047836][T16261] netlink: 'syz.4.2400': attribute type 21 has an invalid length. [ 1176.055779][T16261] netlink: 'syz.4.2400': attribute type 6 has an invalid length. [ 1176.063519][T16261] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2400'. [ 1176.932331][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1176.942389][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.696186][T16283] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2406'. [ 1177.710248][T16283] binder: BINDER_SET_CONTEXT_MGR already set [ 1177.717965][T16283] binder: 16282:16283 ioctl 4018620d 2000000002c0 returned -16 [ 1177.729068][T16283] netlink: 4400 bytes leftover after parsing attributes in process `syz.5.2406'. [ 1177.740959][T16283] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1177.754965][T16283] CPU: 0 UID: 0 PID: 16283 Comm: syz.5.2406 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1177.754983][T16283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1177.754991][T16283] Call Trace: [ 1177.754995][T16283] [ 1177.755000][T16283] dump_stack_lvl+0x16c/0x1f0 [ 1177.755019][T16283] sysfs_warn_dup+0x7f/0xa0 [ 1177.755034][T16283] sysfs_do_create_link_sd+0x124/0x140 [ 1177.755050][T16283] sysfs_create_link+0x61/0xc0 [ 1177.755064][T16283] device_add+0x62c/0x1a70 [ 1177.755083][T16283] ? __pfx_device_add+0x10/0x10 [ 1177.755097][T16283] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1177.755113][T16283] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1177.755130][T16283] wiphy_register+0x1c9c/0x2850 [ 1177.755146][T16283] ? netdev_run_todo+0x864/0x1320 [ 1177.755161][T16283] ? __dev_printk+0x260/0x270 [ 1177.755176][T16283] ? __pfx_wiphy_register+0x10/0x10 [ 1177.755199][T16283] ieee80211_register_hw+0x24ac/0x4140 [ 1177.755221][T16283] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1177.755239][T16283] ? find_held_lock+0x2b/0x80 [ 1177.755253][T16283] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1177.755267][T16283] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1177.755283][T16283] ? __hrtimer_setup+0x176/0x280 [ 1177.755297][T16283] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1177.755318][T16283] ? trace_kmalloc+0x2b/0xd0 [ 1177.755331][T16283] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1177.755343][T16283] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1177.755356][T16283] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1177.755369][T16283] ? __asan_memcpy+0x3c/0x60 [ 1177.755387][T16283] hwsim_new_radio_nl+0xb51/0x12c0 [ 1177.755402][T16283] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1177.755420][T16283] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1177.755438][T16283] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1177.755460][T16283] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1177.755479][T16283] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1177.755501][T16283] ? bpf_lsm_capable+0x9/0x10 [ 1177.755516][T16283] ? security_capable+0x7e/0x260 [ 1177.755533][T16283] ? ns_capable+0xd7/0x110 [ 1177.755547][T16283] genl_rcv_msg+0x55c/0x800 [ 1177.755559][T16283] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1177.755569][T16283] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1177.755588][T16283] netlink_rcv_skb+0x155/0x420 [ 1177.755603][T16283] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1177.755614][T16283] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1177.755635][T16283] ? netlink_deliver_tap+0x1ae/0xd30 [ 1177.755652][T16283] genl_rcv+0x28/0x40 [ 1177.755667][T16283] netlink_unicast+0x58d/0x850 [ 1177.755716][T16283] ? __pfx_netlink_unicast+0x10/0x10 [ 1177.755731][T16283] ? __build_skb_around+0x278/0x3b0 [ 1177.755754][T16283] netlink_sendmsg+0x8d1/0xdd0 [ 1177.755774][T16283] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1177.755796][T16283] ____sys_sendmsg+0xa98/0xc70 [ 1177.755814][T16283] ? copy_msghdr_from_user+0x10a/0x160 [ 1177.755827][T16283] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1177.755850][T16283] ___sys_sendmsg+0x134/0x1d0 [ 1177.755862][T16283] ? futex_private_hash_put+0x176/0x300 [ 1177.755880][T16283] ? __pfx____sys_sendmsg+0x10/0x10 [ 1177.755893][T16283] ? __lock_acquire+0x622/0x1c90 [ 1177.755927][T16283] __sys_sendmsg+0x16d/0x220 [ 1177.755940][T16283] ? __pfx___sys_sendmsg+0x10/0x10 [ 1177.755953][T16283] ? __x64_sys_futex+0x1e0/0x4c0 [ 1177.755972][T16283] do_syscall_64+0xcd/0x4c0 [ 1177.755987][T16283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1177.755998][T16283] RIP: 0033:0x7f1c3e98e9a9 [ 1177.756008][T16283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1177.756019][T16283] RSP: 002b:00007f1c3f894038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1177.756030][T16283] RAX: ffffffffffffffda RBX: 00007f1c3ebb5fa0 RCX: 00007f1c3e98e9a9 [ 1177.756037][T16283] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1177.756043][T16283] RBP: 00007f1c3ea10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1177.756049][T16283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1177.756056][T16283] R13: 0000000000000000 R14: 00007f1c3ebb5fa0 R15: 00007ffd576b36d8 [ 1177.756070][T16283] [ 1179.231256][T16294] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2408'. [ 1179.621219][T16301] binder: BINDER_SET_CONTEXT_MGR already set [ 1179.650121][T16301] binder: 16293:16301 ioctl 4018620d 2000000002c0 returned -16 [ 1180.194660][T16301] netlink: 4400 bytes leftover after parsing attributes in process `syz.5.2408'. [ 1180.205344][T16301] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1180.215840][T16301] CPU: 1 UID: 0 PID: 16301 Comm: syz.5.2408 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1180.215857][T16301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1180.215865][T16301] Call Trace: [ 1180.215869][T16301] [ 1180.215875][T16301] dump_stack_lvl+0x16c/0x1f0 [ 1180.215893][T16301] sysfs_warn_dup+0x7f/0xa0 [ 1180.215908][T16301] sysfs_do_create_link_sd+0x124/0x140 [ 1180.215924][T16301] sysfs_create_link+0x61/0xc0 [ 1180.215938][T16301] device_add+0x62c/0x1a70 [ 1180.215957][T16301] ? __pfx_device_add+0x10/0x10 [ 1180.215971][T16301] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1180.215987][T16301] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1180.216005][T16301] wiphy_register+0x1c9c/0x2850 [ 1180.216021][T16301] ? netdev_run_todo+0x864/0x1320 [ 1180.216036][T16301] ? __dev_printk+0x260/0x270 [ 1180.216050][T16301] ? __pfx_wiphy_register+0x10/0x10 [ 1180.216074][T16301] ieee80211_register_hw+0x24ac/0x4140 [ 1180.216095][T16301] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1180.216113][T16301] ? find_held_lock+0x2b/0x80 [ 1180.216128][T16301] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1180.216141][T16301] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1180.216158][T16301] ? __hrtimer_setup+0x176/0x280 [ 1180.216172][T16301] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1180.216193][T16301] ? trace_kmalloc+0x2b/0xd0 [ 1180.216205][T16301] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1180.216218][T16301] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1180.216230][T16301] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1180.216243][T16301] ? __asan_memcpy+0x3c/0x60 [ 1180.216261][T16301] hwsim_new_radio_nl+0xb51/0x12c0 [ 1180.216277][T16301] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1180.216294][T16301] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1180.216313][T16301] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1180.216334][T16301] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1180.216352][T16301] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1180.216375][T16301] ? bpf_lsm_capable+0x9/0x10 [ 1180.216389][T16301] ? security_capable+0x7e/0x260 [ 1180.216407][T16301] ? ns_capable+0xd7/0x110 [ 1180.216421][T16301] genl_rcv_msg+0x55c/0x800 [ 1180.216433][T16301] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1180.216443][T16301] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1180.216461][T16301] netlink_rcv_skb+0x155/0x420 [ 1180.216477][T16301] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1180.216487][T16301] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1180.216509][T16301] ? netlink_deliver_tap+0x1ae/0xd30 [ 1180.216525][T16301] genl_rcv+0x28/0x40 [ 1180.216541][T16301] netlink_unicast+0x58d/0x850 [ 1180.216558][T16301] ? __pfx_netlink_unicast+0x10/0x10 [ 1180.216573][T16301] ? __build_skb_around+0x278/0x3b0 [ 1180.216593][T16301] netlink_sendmsg+0x8d1/0xdd0 [ 1180.216611][T16301] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1180.216632][T16301] ____sys_sendmsg+0xa98/0xc70 [ 1180.216648][T16301] ? copy_msghdr_from_user+0x10a/0x160 [ 1180.216661][T16301] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1180.216689][T16301] ? __pfx_futex_wake_mark+0x10/0x10 [ 1180.216704][T16301] ___sys_sendmsg+0x134/0x1d0 [ 1180.216717][T16301] ? futex_private_hash_put+0x176/0x300 [ 1180.216737][T16301] ? __pfx____sys_sendmsg+0x10/0x10 [ 1180.216750][T16301] ? __lock_acquire+0x622/0x1c90 [ 1180.216790][T16301] __sys_sendmsg+0x16d/0x220 [ 1180.216803][T16301] ? __pfx___sys_sendmsg+0x10/0x10 [ 1180.216816][T16301] ? __x64_sys_futex+0x1e0/0x4c0 [ 1180.216834][T16301] do_syscall_64+0xcd/0x4c0 [ 1180.216849][T16301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1180.216861][T16301] RIP: 0033:0x7f1c3e98e9a9 [ 1180.216871][T16301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1180.216881][T16301] RSP: 002b:00007f1c3f873038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1180.216893][T16301] RAX: ffffffffffffffda RBX: 00007f1c3ebb6080 RCX: 00007f1c3e98e9a9 [ 1180.216900][T16301] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1180.216906][T16301] RBP: 00007f1c3ea10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1180.216912][T16301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1180.216918][T16301] R13: 0000000000000000 R14: 00007f1c3ebb6080 R15: 00007ffd576b36d8 [ 1180.216933][T16301] [ 1181.164985][T16313] netlink: 'syz.2.2412': attribute type 21 has an invalid length. [ 1181.173132][T16313] netlink: 'syz.2.2412': attribute type 6 has an invalid length. [ 1181.180924][T16313] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2412'. [ 1181.806640][T16322] 9pnet_fd: Insufficient options for proto=fd [ 1182.252574][T16324] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 1182.259218][T16324] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1182.283347][ T49] Bluetooth: hci1: Frame reassembly failed (-90) [ 1182.304511][T16324] vhci_hcd vhci_hcd.0: Device attached [ 1182.498528][ T9] vhci_hcd: vhci_device speed not set [ 1182.590698][T16331] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(13) [ 1182.597342][T16331] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1182.606978][ T9] usb 33-1: new low-speed USB device number 17 using vhci_hcd [ 1182.807363][T16331] vhci_hcd vhci_hcd.0: Device attached [ 1183.369720][T16332] vhci_hcd: connection closed [ 1183.371598][T16327] vhci_hcd: connection reset by peer [ 1183.382756][ T49] vhci_hcd: stop threads [ 1183.401244][ T49] vhci_hcd: release socket [ 1183.417728][ T49] vhci_hcd: disconnect device [ 1183.427819][ T49] vhci_hcd: stop threads [ 1183.435820][ T49] vhci_hcd: release socket [ 1183.446185][ T49] vhci_hcd: disconnect device [ 1184.253002][ T51] Bluetooth: hci1: command 0x1003 tx timeout [ 1184.259573][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1185.523954][T16368] netlink: 'syz.5.2426': attribute type 21 has an invalid length. [ 1185.532596][T16368] netlink: 'syz.5.2426': attribute type 6 has an invalid length. [ 1185.540517][T16368] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2426'. [ 1186.629547][ T12] Bluetooth: hci1: Frame reassembly failed (-90) [ 1187.763209][ T9] vhci_hcd: vhci_device speed not set [ 1188.788407][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1188.795447][ T51] Bluetooth: hci1: command 0x1003 tx timeout [ 1188.809317][T16407] netlink: 'syz.3.2436': attribute type 20 has an invalid length. [ 1189.567715][T16420] netlink: 'syz.0.2439': attribute type 20 has an invalid length. [ 1191.774395][T16439] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2444'. [ 1191.815062][T16439] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.2444'. [ 1191.997571][T16439] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1192.181945][T16439] CPU: 0 UID: 0 PID: 16439 Comm: syz.4.2444 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1192.181975][T16439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1192.181987][T16439] Call Trace: [ 1192.181994][T16439] [ 1192.182001][T16439] dump_stack_lvl+0x16c/0x1f0 [ 1192.182029][T16439] sysfs_warn_dup+0x7f/0xa0 [ 1192.182053][T16439] sysfs_do_create_link_sd+0x124/0x140 [ 1192.182079][T16439] sysfs_create_link+0x61/0xc0 [ 1192.182102][T16439] device_add+0x62c/0x1a70 [ 1192.182133][T16439] ? __pfx_device_add+0x10/0x10 [ 1192.182157][T16439] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1192.182182][T16439] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1192.182212][T16439] wiphy_register+0x1c9c/0x2850 [ 1192.182239][T16439] ? netdev_run_todo+0x864/0x1320 [ 1192.182263][T16439] ? __dev_printk+0x260/0x270 [ 1192.182288][T16439] ? __pfx_wiphy_register+0x10/0x10 [ 1192.182329][T16439] ieee80211_register_hw+0x24ac/0x4140 [ 1192.182366][T16439] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1192.182396][T16439] ? find_held_lock+0x2b/0x80 [ 1192.182420][T16439] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1192.182445][T16439] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1192.182472][T16439] ? __hrtimer_setup+0x176/0x280 [ 1192.182495][T16439] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1192.182531][T16439] ? trace_kmalloc+0x2b/0xd0 [ 1192.182550][T16439] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1192.182570][T16439] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1192.182591][T16439] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1192.182613][T16439] ? __asan_memcpy+0x3c/0x60 [ 1192.182642][T16439] hwsim_new_radio_nl+0xb51/0x12c0 [ 1192.182667][T16439] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1192.182697][T16439] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1192.182728][T16439] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1192.182764][T16439] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1192.182795][T16439] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1192.182834][T16439] ? bpf_lsm_capable+0x9/0x10 [ 1192.182863][T16439] ? security_capable+0x7e/0x260 [ 1192.182897][T16439] ? ns_capable+0xd7/0x110 [ 1192.182923][T16439] genl_rcv_msg+0x55c/0x800 [ 1192.182944][T16439] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1192.182961][T16439] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1192.182993][T16439] netlink_rcv_skb+0x155/0x420 [ 1192.183019][T16439] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1192.183038][T16439] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1192.183077][T16439] ? netlink_deliver_tap+0x1ae/0xd30 [ 1192.183106][T16439] genl_rcv+0x28/0x40 [ 1192.183131][T16439] netlink_unicast+0x58d/0x850 [ 1192.183161][T16439] ? __pfx_netlink_unicast+0x10/0x10 [ 1192.183184][T16439] ? __build_skb_around+0x278/0x3b0 [ 1192.183221][T16439] netlink_sendmsg+0x8d1/0xdd0 [ 1192.183251][T16439] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1192.183288][T16439] ____sys_sendmsg+0xa98/0xc70 [ 1192.183316][T16439] ? copy_msghdr_from_user+0x10a/0x160 [ 1192.183337][T16439] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1192.183371][T16439] ? __pfx_futex_wake_mark+0x10/0x10 [ 1192.183396][T16439] ___sys_sendmsg+0x134/0x1d0 [ 1192.183416][T16439] ? futex_private_hash_put+0x176/0x300 [ 1192.183444][T16439] ? __pfx____sys_sendmsg+0x10/0x10 [ 1192.183463][T16439] ? __lock_acquire+0x622/0x1c90 [ 1192.183527][T16439] __sys_sendmsg+0x16d/0x220 [ 1192.183549][T16439] ? __pfx___sys_sendmsg+0x10/0x10 [ 1192.183570][T16439] ? __x64_sys_futex+0x1e0/0x4c0 [ 1192.183604][T16439] do_syscall_64+0xcd/0x4c0 [ 1192.183627][T16439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1192.183646][T16439] RIP: 0033:0x7efec398e9a9 [ 1192.183661][T16439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1192.183679][T16439] RSP: 002b:00007efec4837038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1192.183698][T16439] RAX: ffffffffffffffda RBX: 00007efec3bb5fa0 RCX: 00007efec398e9a9 [ 1192.183709][T16439] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1192.183720][T16439] RBP: 00007efec3a10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1192.183730][T16439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1192.183740][T16439] R13: 0000000000000000 R14: 00007efec3bb5fa0 R15: 00007fff52d31ac8 [ 1192.183765][T16439] [ 1193.736686][ T49] Bluetooth: hci1: Frame reassembly failed (-84) [ 1193.746128][T16458] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2450'. [ 1193.760707][T16458] binder: BINDER_SET_CONTEXT_MGR already set [ 1193.766781][T16458] binder: 16457:16458 ioctl 4018620d 2000000002c0 returned -16 [ 1193.779293][T16458] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.2450'. [ 1193.815328][T16458] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²' [ 1193.922396][T16458] CPU: 1 UID: 0 PID: 16458 Comm: syz.2.2450 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1193.922426][T16458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1193.922438][T16458] Call Trace: [ 1193.922444][T16458] [ 1193.922451][T16458] dump_stack_lvl+0x16c/0x1f0 [ 1193.922478][T16458] sysfs_warn_dup+0x7f/0xa0 [ 1193.922499][T16458] sysfs_do_create_link_sd+0x124/0x140 [ 1193.922521][T16458] sysfs_create_link+0x61/0xc0 [ 1193.922541][T16458] device_add+0x62c/0x1a70 [ 1193.922569][T16458] ? __pfx_device_add+0x10/0x10 [ 1193.922590][T16458] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1193.922612][T16458] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1193.922639][T16458] wiphy_register+0x1c9c/0x2850 [ 1193.922661][T16458] ? netdev_run_todo+0x864/0x1320 [ 1193.922682][T16458] ? __dev_printk+0x260/0x270 [ 1193.922704][T16458] ? __pfx_wiphy_register+0x10/0x10 [ 1193.922744][T16458] ieee80211_register_hw+0x24ac/0x4140 [ 1193.922778][T16458] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1193.922801][T16458] ? find_held_lock+0x2b/0x80 [ 1193.922816][T16458] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1193.922830][T16458] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1193.922846][T16458] ? __hrtimer_setup+0x176/0x280 [ 1193.922866][T16458] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1193.922889][T16458] ? trace_kmalloc+0x2b/0xd0 [ 1193.922903][T16458] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1193.922916][T16458] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1193.922930][T16458] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1193.922944][T16458] ? __asan_memcpy+0x3c/0x60 [ 1193.922963][T16458] hwsim_new_radio_nl+0xb51/0x12c0 [ 1193.922979][T16458] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1193.922997][T16458] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1193.923018][T16458] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1193.923039][T16458] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1193.923057][T16458] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1193.923081][T16458] ? bpf_lsm_capable+0x9/0x10 [ 1193.923096][T16458] ? security_capable+0x7e/0x260 [ 1193.923113][T16458] ? ns_capable+0xd7/0x110 [ 1193.923127][T16458] genl_rcv_msg+0x55c/0x800 [ 1193.923139][T16458] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1193.923149][T16458] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1193.923168][T16458] netlink_rcv_skb+0x155/0x420 [ 1193.923183][T16458] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1193.923194][T16458] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1193.923216][T16458] ? netlink_deliver_tap+0x1ae/0xd30 [ 1193.923233][T16458] genl_rcv+0x28/0x40 [ 1193.923248][T16458] netlink_unicast+0x58d/0x850 [ 1193.923266][T16458] ? __pfx_netlink_unicast+0x10/0x10 [ 1193.923280][T16458] ? __build_skb_around+0x278/0x3b0 [ 1193.923302][T16458] netlink_sendmsg+0x8d1/0xdd0 [ 1193.923319][T16458] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1193.923341][T16458] ____sys_sendmsg+0xa98/0xc70 [ 1193.923357][T16458] ? copy_msghdr_from_user+0x10a/0x160 [ 1193.923370][T16458] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1193.923393][T16458] ___sys_sendmsg+0x134/0x1d0 [ 1193.923405][T16458] ? futex_private_hash_put+0x176/0x300 [ 1193.923422][T16458] ? __pfx____sys_sendmsg+0x10/0x10 [ 1193.923434][T16458] ? __lock_acquire+0x622/0x1c90 [ 1193.923469][T16458] __sys_sendmsg+0x16d/0x220 [ 1193.923482][T16458] ? __pfx___sys_sendmsg+0x10/0x10 [ 1193.923495][T16458] ? __x64_sys_futex+0x1e0/0x4c0 [ 1193.923513][T16458] do_syscall_64+0xcd/0x4c0 [ 1193.923529][T16458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1193.923540][T16458] RIP: 0033:0x7f5c3618e9a9 [ 1193.923551][T16458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1193.923562][T16458] RSP: 002b:00007f5c36f2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1193.923574][T16458] RAX: ffffffffffffffda RBX: 00007f5c363b5fa0 RCX: 00007f5c3618e9a9 [ 1193.923580][T16458] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1193.923587][T16458] RBP: 00007f5c36210d69 R08: 0000000000000000 R09: 0000000000000000 [ 1193.923593][T16458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1193.923600][T16458] R13: 0000000000000000 R14: 00007f5c363b5fa0 R15: 00007fffbd1daab8 [ 1193.923615][T16458] [ 1195.772033][ T51] Bluetooth: hci1: command 0x1003 tx timeout [ 1195.779294][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1197.887339][T16507] netlink: 'syz.3.2460': attribute type 21 has an invalid length. [ 1197.896074][T16507] netlink: 'syz.3.2460': attribute type 6 has an invalid length. [ 1197.904017][T16507] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2460'. [ 1198.144650][T16509] 9pnet_fd: Insufficient options for proto=fd [ 1198.532282][T16519] netlink: 'syz.5.2465': attribute type 20 has an invalid length. [ 1199.120576][T16518] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 1199.127197][T16518] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1199.181656][T16518] vhci_hcd vhci_hcd.0: Device attached [ 1199.212633][T16527] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(13) [ 1199.219260][T16527] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1199.263275][T16527] vhci_hcd vhci_hcd.0: Device attached [ 1199.372609][T14097] vhci_hcd: vhci_device speed not set [ 1199.512127][T14097] usb 37-1: new full-speed USB device number 11 using vhci_hcd [ 1200.012260][T16538] netlink: 'syz.0.2467': attribute type 20 has an invalid length. [ 1200.047640][T16535] vhci_hcd: connection closed [ 1200.050590][ T49] vhci_hcd: stop threads [ 1200.072741][ T49] vhci_hcd: release socket [ 1200.082353][ T49] vhci_hcd: disconnect device [ 1200.096846][T16533] vhci_hcd: connection reset by peer [ 1200.111750][ T49] vhci_hcd: stop threads [ 1200.116452][ T49] vhci_hcd: release socket [ 1200.129757][ T49] vhci_hcd: disconnect device [ 1200.266726][T16542] netlink: 'syz.3.2468': attribute type 21 has an invalid length. [ 1200.274650][T16542] netlink: 'syz.3.2468': attribute type 6 has an invalid length. [ 1200.282415][T16542] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2468'. [ 1201.439294][ T6059] Bluetooth: hci1: Frame reassembly failed (-90) [ 1201.915668][T16566] netlink: 'syz.5.2474': attribute type 21 has an invalid length. [ 1201.923558][T16566] netlink: 'syz.5.2474': attribute type 6 has an invalid length. [ 1201.931273][T16566] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2474'. [ 1203.542046][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1203.545238][ T51] Bluetooth: hci1: command 0x1003 tx timeout [ 1203.685883][T16590] netlink: 'syz.0.2481': attribute type 21 has an invalid length. [ 1203.693898][T16590] netlink: 'syz.0.2481': attribute type 6 has an invalid length. [ 1203.701618][T16590] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2481'. [ 1204.722636][T14097] vhci_hcd: vhci_device speed not set [ 1204.848967][T16593] netlink: 'syz.2.2483': attribute type 21 has an invalid length. [ 1204.857015][T16593] netlink: 'syz.2.2483': attribute type 6 has an invalid length. [ 1204.864791][T16593] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2483'. [ 1206.605210][T16621] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.2489'. [ 1206.623293][T16621] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²ÿ' [ 1206.722080][T16621] CPU: 1 UID: 0 PID: 16621 Comm: syz.3.2489 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1206.722107][T16621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1206.722117][T16621] Call Trace: [ 1206.722124][T16621] [ 1206.722131][T16621] dump_stack_lvl+0x16c/0x1f0 [ 1206.722156][T16621] sysfs_warn_dup+0x7f/0xa0 [ 1206.722179][T16621] sysfs_do_create_link_sd+0x124/0x140 [ 1206.722202][T16621] sysfs_create_link+0x61/0xc0 [ 1206.722222][T16621] device_add+0x62c/0x1a70 [ 1206.722250][T16621] ? __pfx_device_add+0x10/0x10 [ 1206.722273][T16621] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1206.722299][T16621] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1206.722328][T16621] wiphy_register+0x1c9c/0x2850 [ 1206.722355][T16621] ? netdev_run_todo+0x864/0x1320 [ 1206.722378][T16621] ? __dev_printk+0x260/0x270 [ 1206.722400][T16621] ? __pfx_wiphy_register+0x10/0x10 [ 1206.722438][T16621] ieee80211_register_hw+0x24ac/0x4140 [ 1206.722471][T16621] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1206.722498][T16621] ? find_held_lock+0x2b/0x80 [ 1206.722519][T16621] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1206.722554][T16621] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1206.722581][T16621] ? __hrtimer_setup+0x176/0x280 [ 1206.722604][T16621] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1206.722641][T16621] ? trace_kmalloc+0x2b/0xd0 [ 1206.722660][T16621] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1206.722680][T16621] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1206.722700][T16621] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1206.722722][T16621] ? __asan_memcpy+0x3c/0x60 [ 1206.722754][T16621] hwsim_new_radio_nl+0xb51/0x12c0 [ 1206.722778][T16621] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1206.722808][T16621] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1206.722839][T16621] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1206.722873][T16621] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1206.722905][T16621] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1206.722944][T16621] ? bpf_lsm_capable+0x9/0x10 [ 1206.722968][T16621] ? security_capable+0x7e/0x260 [ 1206.722996][T16621] ? ns_capable+0xd7/0x110 [ 1206.723019][T16621] genl_rcv_msg+0x55c/0x800 [ 1206.723039][T16621] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1206.723056][T16621] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1206.723087][T16621] netlink_rcv_skb+0x155/0x420 [ 1206.723113][T16621] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1206.723131][T16621] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1206.723167][T16621] ? netlink_deliver_tap+0x1ae/0xd30 [ 1206.723196][T16621] genl_rcv+0x28/0x40 [ 1206.723221][T16621] netlink_unicast+0x58d/0x850 [ 1206.723251][T16621] ? __pfx_netlink_unicast+0x10/0x10 [ 1206.723274][T16621] ? __build_skb_around+0x278/0x3b0 [ 1206.723310][T16621] netlink_sendmsg+0x8d1/0xdd0 [ 1206.723340][T16621] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1206.723377][T16621] ____sys_sendmsg+0xa98/0xc70 [ 1206.723405][T16621] ? copy_msghdr_from_user+0x10a/0x160 [ 1206.723426][T16621] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1206.723460][T16621] ? __pfx_futex_wake_mark+0x10/0x10 [ 1206.723485][T16621] ___sys_sendmsg+0x134/0x1d0 [ 1206.723504][T16621] ? futex_private_hash_put+0x176/0x300 [ 1206.723539][T16621] ? __pfx____sys_sendmsg+0x10/0x10 [ 1206.723558][T16621] ? __lock_acquire+0x622/0x1c90 [ 1206.723621][T16621] __sys_sendmsg+0x16d/0x220 [ 1206.723641][T16621] ? __pfx___sys_sendmsg+0x10/0x10 [ 1206.723661][T16621] ? __x64_sys_futex+0x1e0/0x4c0 [ 1206.723686][T16621] do_syscall_64+0xcd/0x4c0 [ 1206.723702][T16621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.723713][T16621] RIP: 0033:0x7f0a4cf8e9a9 [ 1206.723723][T16621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1206.723734][T16621] RSP: 002b:00007f0a4adf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1206.723746][T16621] RAX: ffffffffffffffda RBX: 00007f0a4d1b5fa0 RCX: 00007f0a4cf8e9a9 [ 1206.723754][T16621] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1206.723760][T16621] RBP: 00007f0a4d010d69 R08: 0000000000000000 R09: 0000000000000000 [ 1206.723767][T16621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1206.723774][T16621] R13: 0000000000000000 R14: 00007f0a4d1b5fa0 R15: 00007fff2a988598 [ 1206.723790][T16621] [ 1209.291054][ T6534] Bluetooth: hci1: Frame reassembly failed (-84) [ 1210.695687][ T6524] Bluetooth: hci6: Frame reassembly failed (-90) [ 1210.864087][T16655] binder: BINDER_SET_CONTEXT_MGR already set [ 1210.870094][T16655] binder: 16654:16655 ioctl 4018620d 2000000002c0 returned -16 [ 1210.881384][T16655] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.2499'. [ 1210.901908][T16655] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²ÿ' [ 1210.910309][T16658] netlink: 'syz.5.2500': attribute type 21 has an invalid length. [ 1210.926943][T16655] CPU: 1 UID: 0 PID: 16655 Comm: syz.0.2499 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1210.926971][T16655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1210.926983][T16655] Call Trace: [ 1210.926989][T16655] [ 1210.926997][T16655] dump_stack_lvl+0x16c/0x1f0 [ 1210.927025][T16655] sysfs_warn_dup+0x7f/0xa0 [ 1210.927049][T16655] sysfs_do_create_link_sd+0x124/0x140 [ 1210.927075][T16655] sysfs_create_link+0x61/0xc0 [ 1210.927098][T16655] device_add+0x62c/0x1a70 [ 1210.927130][T16655] ? __pfx_device_add+0x10/0x10 [ 1210.927154][T16655] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1210.927180][T16655] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1210.927209][T16655] wiphy_register+0x1c9c/0x2850 [ 1210.927247][T16655] ? __pfx_wiphy_register+0x10/0x10 [ 1210.927282][T16655] ? ieee80211_register_hw+0x2486/0x4140 [ 1210.927312][T16655] ieee80211_register_hw+0x24ac/0x4140 [ 1210.927348][T16655] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1210.927378][T16655] ? find_held_lock+0x2b/0x80 [ 1210.927400][T16655] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1210.927423][T16655] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1210.927450][T16655] ? __hrtimer_setup+0x176/0x280 [ 1210.927473][T16655] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1210.927510][T16655] ? trace_kmalloc+0x2b/0xd0 [ 1210.927530][T16655] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1210.927550][T16655] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1210.927570][T16655] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1210.927598][T16655] ? __asan_memcpy+0x3c/0x60 [ 1210.927629][T16655] hwsim_new_radio_nl+0xb51/0x12c0 [ 1210.927654][T16655] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1210.927684][T16655] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1210.927718][T16655] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1210.927755][T16655] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1210.927787][T16655] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1210.927826][T16655] ? bpf_lsm_capable+0x9/0x10 [ 1210.927849][T16655] ? security_capable+0x7e/0x260 [ 1210.927878][T16655] ? ns_capable+0xd7/0x110 [ 1210.927901][T16655] genl_rcv_msg+0x55c/0x800 [ 1210.927921][T16655] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1210.927938][T16655] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1210.927971][T16655] netlink_rcv_skb+0x155/0x420 [ 1210.927996][T16655] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1210.928014][T16655] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1210.928051][T16655] ? netlink_deliver_tap+0x1ae/0xd30 [ 1210.928080][T16655] genl_rcv+0x28/0x40 [ 1210.928106][T16655] netlink_unicast+0x58d/0x850 [ 1210.928136][T16655] ? __pfx_netlink_unicast+0x10/0x10 [ 1210.928159][T16655] ? __build_skb_around+0x278/0x3b0 [ 1210.928196][T16655] netlink_sendmsg+0x8d1/0xdd0 [ 1210.928227][T16655] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1210.928264][T16655] ____sys_sendmsg+0xa98/0xc70 [ 1210.928292][T16655] ? copy_msghdr_from_user+0x10a/0x160 [ 1210.928313][T16655] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1210.928347][T16655] ? __pfx_futex_wake_mark+0x10/0x10 [ 1210.928372][T16655] ___sys_sendmsg+0x134/0x1d0 [ 1210.928392][T16655] ? futex_private_hash_put+0x176/0x300 [ 1210.928421][T16655] ? __pfx____sys_sendmsg+0x10/0x10 [ 1210.928440][T16655] ? __lock_acquire+0x622/0x1c90 [ 1210.928504][T16655] __sys_sendmsg+0x16d/0x220 [ 1210.928526][T16655] ? __pfx___sys_sendmsg+0x10/0x10 [ 1210.928547][T16655] ? __x64_sys_futex+0x1e0/0x4c0 [ 1210.928581][T16655] do_syscall_64+0xcd/0x4c0 [ 1210.928611][T16655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1210.928629][T16655] RIP: 0033:0x7f33ce98e9a9 [ 1210.928646][T16655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1210.928664][T16655] RSP: 002b:00007f33cf862038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1210.928681][T16655] RAX: ffffffffffffffda RBX: 00007f33cebb5fa0 RCX: 00007f33ce98e9a9 [ 1210.928694][T16655] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1210.928705][T16655] RBP: 00007f33cea10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1210.928716][T16655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1210.928727][T16655] R13: 0000000000000000 R14: 00007f33cebb5fa0 R15: 00007ffdcbb8d2b8 [ 1210.928754][T16655] [ 1211.337685][T14211] Bluetooth: hci1: command 0x1003 tx timeout [ 1211.338651][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1211.358749][T16658] netlink: 'syz.5.2500': attribute type 6 has an invalid length. [ 1211.366644][T16658] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2500'. [ 1211.948253][ T6534] Bluetooth: hci1: Frame reassembly failed (-90) [ 1212.653706][ T51] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1213.354076][ T6388] Bluetooth: hci6: Frame reassembly failed (-90) [ 1213.361006][ T6388] Bluetooth: hci6: Frame reassembly failed (-84) [ 1213.509268][ T6365] Bluetooth: hci6: Frame reassembly failed (-84) [ 1213.962819][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1215.372803][ T5832] Bluetooth: hci6: command 0x1003 tx timeout [ 1215.379461][ T51] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1218.226504][ T6393] Bluetooth: hci1: Frame reassembly failed (-90) [ 1218.237456][ T6393] Bluetooth: hci1: Frame reassembly failed (-84) [ 1220.091996][ T51] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1238.334365][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.340648][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1290.043207][ T6365] Bluetooth: hci1: Frame reassembly failed (-90) [ 1290.154267][T16760] netlink: 'syz.2.2524': attribute type 21 has an invalid length. [ 1290.217203][T16760] netlink: 'syz.2.2524': attribute type 6 has an invalid length. [ 1290.229152][T16760] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2524'. [ 1292.012009][ T51] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1292.016392][T16779] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.2528'. [ 1292.110839][T16779] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²ÿ' [ 1292.331286][T16779] CPU: 1 UID: 0 PID: 16779 Comm: syz.4.2528 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1292.331307][T16779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1292.331314][T16779] Call Trace: [ 1292.331319][T16779] [ 1292.331324][T16779] dump_stack_lvl+0x16c/0x1f0 [ 1292.331343][T16779] sysfs_warn_dup+0x7f/0xa0 [ 1292.331358][T16779] sysfs_do_create_link_sd+0x124/0x140 [ 1292.331373][T16779] sysfs_create_link+0x61/0xc0 [ 1292.331387][T16779] device_add+0x62c/0x1a70 [ 1292.331406][T16779] ? __pfx_device_add+0x10/0x10 [ 1292.331422][T16779] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1292.331438][T16779] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1292.331466][T16779] wiphy_register+0x1c9c/0x2850 [ 1292.331484][T16779] ? netdev_run_todo+0x864/0x1320 [ 1292.331499][T16779] ? __dev_printk+0x260/0x270 [ 1292.331515][T16779] ? __pfx_wiphy_register+0x10/0x10 [ 1292.331540][T16779] ieee80211_register_hw+0x24ac/0x4140 [ 1292.331562][T16779] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1292.331581][T16779] ? find_held_lock+0x2b/0x80 [ 1292.331597][T16779] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1292.331610][T16779] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1292.331627][T16779] ? __hrtimer_setup+0x176/0x280 [ 1292.331641][T16779] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1292.331661][T16779] ? trace_kmalloc+0x2b/0xd0 [ 1292.331674][T16779] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1292.331686][T16779] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1292.331699][T16779] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1292.331712][T16779] ? __asan_memcpy+0x3c/0x60 [ 1292.331730][T16779] hwsim_new_radio_nl+0xb51/0x12c0 [ 1292.331745][T16779] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1292.331764][T16779] ? genl_family_rcv_msg_doit+0xe3/0x2f0 [ 1292.331784][T16779] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1292.331807][T16779] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1292.331839][T16779] ? bpf_lsm_capable+0x9/0x10 [ 1292.331861][T16779] ? security_capable+0x7e/0x260 [ 1292.331885][T16779] ? ns_capable+0xd7/0x110 [ 1292.331899][T16779] genl_rcv_msg+0x55c/0x800 [ 1292.331911][T16779] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1292.331921][T16779] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1292.331940][T16779] netlink_rcv_skb+0x155/0x420 [ 1292.331955][T16779] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1292.331966][T16779] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1292.331988][T16779] ? netlink_deliver_tap+0x1ae/0xd30 [ 1292.332005][T16779] genl_rcv+0x28/0x40 [ 1292.332020][T16779] netlink_unicast+0x58d/0x850 [ 1292.332038][T16779] ? __pfx_netlink_unicast+0x10/0x10 [ 1292.332052][T16779] ? __build_skb_around+0x278/0x3b0 [ 1292.332073][T16779] netlink_sendmsg+0x8d1/0xdd0 [ 1292.332091][T16779] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1292.332112][T16779] ____sys_sendmsg+0xa98/0xc70 [ 1292.332129][T16779] ? copy_msghdr_from_user+0x10a/0x160 [ 1292.332142][T16779] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1292.332161][T16779] ? __pfx_futex_wake_mark+0x10/0x10 [ 1292.332176][T16779] ___sys_sendmsg+0x134/0x1d0 [ 1292.332188][T16779] ? futex_private_hash_put+0x176/0x300 [ 1292.332205][T16779] ? __pfx____sys_sendmsg+0x10/0x10 [ 1292.332218][T16779] ? __lock_acquire+0x622/0x1c90 [ 1292.332254][T16779] __sys_sendmsg+0x16d/0x220 [ 1292.332267][T16779] ? __pfx___sys_sendmsg+0x10/0x10 [ 1292.332280][T16779] ? __x64_sys_futex+0x1e0/0x4c0 [ 1292.332302][T16779] do_syscall_64+0xcd/0x4c0 [ 1292.332324][T16779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1292.332341][T16779] RIP: 0033:0x7efec398e9a9 [ 1292.332358][T16779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1292.332375][T16779] RSP: 002b:00007efec4837038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1292.332387][T16779] RAX: ffffffffffffffda RBX: 00007efec3bb5fa0 RCX: 00007efec398e9a9 [ 1292.332394][T16779] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1292.332400][T16779] RBP: 00007efec3a10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1292.332407][T16779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1292.332413][T16779] R13: 0000000000000000 R14: 00007efec3bb5fa0 R15: 00007fff52d31ac8 [ 1292.332427][T16779] [ 1293.676129][ T6534] Bluetooth: hci1: Frame reassembly failed (-90) [ 1294.263424][ T6534] Bluetooth: hci6: Frame reassembly failed (-84) [ 1295.692051][ T5832] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1296.251960][ T51] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1296.258266][T14211] Bluetooth: hci6: command 0x1003 tx timeout [ 1296.665299][T11177] Bluetooth: hci1: Frame reassembly failed (-84) [ 1296.674021][T11177] Bluetooth: hci1: Frame reassembly failed (-84) [ 1296.680925][ T6365] Bluetooth: hci1: Frame reassembly failed (-84) [ 1298.835107][ T51] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1298.878452][ T6365] Bluetooth: hci6: Frame reassembly failed (-90) [ 1299.775555][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1299.783286][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.131838][T16866] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.2551'. [ 1300.163341][T16866] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²ÿ' [ 1300.221193][T16867] netlink: 'syz.3.2550': attribute type 21 has an invalid length. [ 1300.249455][T16866] CPU: 0 UID: 0 PID: 16866 Comm: syz.4.2551 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1300.249479][T16866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1300.249486][T16866] Call Trace: [ 1300.249491][T16866] [ 1300.249496][T16866] dump_stack_lvl+0x16c/0x1f0 [ 1300.249515][T16866] sysfs_warn_dup+0x7f/0xa0 [ 1300.249530][T16866] sysfs_do_create_link_sd+0x124/0x140 [ 1300.249546][T16866] sysfs_create_link+0x61/0xc0 [ 1300.249559][T16866] device_add+0x62c/0x1a70 [ 1300.249582][T16866] ? __pfx_device_add+0x10/0x10 [ 1300.249598][T16866] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1300.249613][T16866] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1300.249631][T16866] wiphy_register+0x1c9c/0x2850 [ 1300.249648][T16866] ? netdev_run_todo+0x864/0x1320 [ 1300.249664][T16866] ? __dev_printk+0x260/0x270 [ 1300.249679][T16866] ? __pfx_wiphy_register+0x10/0x10 [ 1300.249702][T16866] ieee80211_register_hw+0x24ac/0x4140 [ 1300.249725][T16866] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1300.249742][T16866] ? find_held_lock+0x2b/0x80 [ 1300.249757][T16866] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1300.249770][T16866] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1300.249787][T16866] ? __hrtimer_setup+0x176/0x280 [ 1300.249806][T16866] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1300.249828][T16866] ? trace_kmalloc+0x2b/0xd0 [ 1300.249840][T16866] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1300.249853][T16866] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1300.249865][T16866] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1300.249879][T16866] ? __asan_memcpy+0x3c/0x60 [ 1300.249897][T16866] hwsim_new_radio_nl+0xb51/0x12c0 [ 1300.249912][T16866] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1300.249932][T16866] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1300.249952][T16866] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1300.249974][T16866] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1300.249994][T16866] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1300.250016][T16866] ? bpf_lsm_capable+0x9/0x10 [ 1300.250031][T16866] ? security_capable+0x7e/0x260 [ 1300.250049][T16866] ? ns_capable+0xd7/0x110 [ 1300.250064][T16866] genl_rcv_msg+0x55c/0x800 [ 1300.250076][T16866] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1300.250086][T16866] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1300.250105][T16866] netlink_rcv_skb+0x155/0x420 [ 1300.250126][T16866] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1300.250137][T16866] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1300.250159][T16866] ? netlink_deliver_tap+0x1ae/0xd30 [ 1300.250177][T16866] genl_rcv+0x28/0x40 [ 1300.250194][T16866] netlink_unicast+0x58d/0x850 [ 1300.250213][T16866] ? __pfx_netlink_unicast+0x10/0x10 [ 1300.250228][T16866] ? __build_skb_around+0x278/0x3b0 [ 1300.250251][T16866] netlink_sendmsg+0x8d1/0xdd0 [ 1300.250270][T16866] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1300.250293][T16866] ____sys_sendmsg+0xa98/0xc70 [ 1300.250311][T16866] ? copy_msghdr_from_user+0x10a/0x160 [ 1300.250324][T16866] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1300.250345][T16866] ? __pfx_futex_wake_mark+0x10/0x10 [ 1300.250360][T16866] ___sys_sendmsg+0x134/0x1d0 [ 1300.250373][T16866] ? futex_private_hash_put+0x176/0x300 [ 1300.250390][T16866] ? __pfx____sys_sendmsg+0x10/0x10 [ 1300.250402][T16866] ? __lock_acquire+0x622/0x1c90 [ 1300.250438][T16866] __sys_sendmsg+0x16d/0x220 [ 1300.250452][T16866] ? __pfx___sys_sendmsg+0x10/0x10 [ 1300.250465][T16866] ? __x64_sys_futex+0x1e0/0x4c0 [ 1300.250484][T16866] do_syscall_64+0xcd/0x4c0 [ 1300.250500][T16866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1300.250512][T16866] RIP: 0033:0x7efec398e9a9 [ 1300.250522][T16866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1300.250533][T16866] RSP: 002b:00007efec4837038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1300.250545][T16866] RAX: ffffffffffffffda RBX: 00007efec3bb5fa0 RCX: 00007efec398e9a9 [ 1300.250552][T16866] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1300.250559][T16866] RBP: 00007efec3a10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1300.250566][T16866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1300.250573][T16866] R13: 0000000000000000 R14: 00007efec3bb5fa0 R15: 00007fff52d31ac8 [ 1300.250587][T16866] [ 1300.668513][T16867] netlink: 'syz.3.2550': attribute type 6 has an invalid length. [ 1300.682307][T16867] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2550'. [ 1300.893225][ T51] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1300.895418][T14211] Bluetooth: hci6: command 0x1003 tx timeout [ 1301.325898][T16879] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 1301.332463][T16879] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1301.461525][T16879] vhci_hcd vhci_hcd.0: Device attached [ 1301.621056][T16887] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.2556'. [ 1301.651897][T14097] usb 33-1: new low-speed USB device number 18 using vhci_hcd [ 1301.661283][T16887] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²ÿ' [ 1301.751974][T16887] CPU: 1 UID: 0 PID: 16887 Comm: syz.4.2556 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1301.752005][T16887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1301.752017][T16887] Call Trace: [ 1301.752024][T16887] [ 1301.752034][T16887] dump_stack_lvl+0x16c/0x1f0 [ 1301.752063][T16887] sysfs_warn_dup+0x7f/0xa0 [ 1301.752087][T16887] sysfs_do_create_link_sd+0x124/0x140 [ 1301.752113][T16887] sysfs_create_link+0x61/0xc0 [ 1301.752136][T16887] device_add+0x62c/0x1a70 [ 1301.752168][T16887] ? __pfx_device_add+0x10/0x10 [ 1301.752193][T16887] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1301.752219][T16887] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1301.752250][T16887] wiphy_register+0x1c9c/0x2850 [ 1301.752278][T16887] ? netdev_run_todo+0x864/0x1320 [ 1301.752303][T16887] ? __dev_printk+0x260/0x270 [ 1301.752328][T16887] ? __pfx_wiphy_register+0x10/0x10 [ 1301.752375][T16887] ieee80211_register_hw+0x24ac/0x4140 [ 1301.752414][T16887] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1301.752445][T16887] ? find_held_lock+0x2b/0x80 [ 1301.752472][T16887] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1301.752496][T16887] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1301.752526][T16887] ? __hrtimer_setup+0x176/0x280 [ 1301.752551][T16887] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1301.752589][T16887] ? trace_kmalloc+0x2b/0xd0 [ 1301.752611][T16887] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1301.752632][T16887] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1301.752653][T16887] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1301.752677][T16887] ? __asan_memcpy+0x3c/0x60 [ 1301.752708][T16887] hwsim_new_radio_nl+0xb51/0x12c0 [ 1301.752735][T16887] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1301.752767][T16887] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1301.752798][T16887] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1301.752835][T16887] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1301.752867][T16887] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1301.752907][T16887] ? bpf_lsm_capable+0x9/0x10 [ 1301.752932][T16887] ? security_capable+0x7e/0x260 [ 1301.752962][T16887] ? ns_capable+0xd7/0x110 [ 1301.752988][T16887] genl_rcv_msg+0x55c/0x800 [ 1301.753009][T16887] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1301.753028][T16887] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1301.753061][T16887] netlink_rcv_skb+0x155/0x420 [ 1301.753088][T16887] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1301.753107][T16887] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1301.753144][T16887] ? netlink_deliver_tap+0x1ae/0xd30 [ 1301.753174][T16887] genl_rcv+0x28/0x40 [ 1301.753201][T16887] netlink_unicast+0x58d/0x850 [ 1301.753232][T16887] ? __pfx_netlink_unicast+0x10/0x10 [ 1301.753258][T16887] ? __build_skb_around+0x278/0x3b0 [ 1301.753296][T16887] netlink_sendmsg+0x8d1/0xdd0 [ 1301.753328][T16887] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1301.753372][T16887] ____sys_sendmsg+0xa98/0xc70 [ 1301.753401][T16887] ? copy_msghdr_from_user+0x10a/0x160 [ 1301.753421][T16887] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1301.753455][T16887] ? __pfx_futex_wake_mark+0x10/0x10 [ 1301.753482][T16887] ___sys_sendmsg+0x134/0x1d0 [ 1301.753503][T16887] ? futex_private_hash_put+0x176/0x300 [ 1301.753533][T16887] ? __pfx____sys_sendmsg+0x10/0x10 [ 1301.753554][T16887] ? __lock_acquire+0x622/0x1c90 [ 1301.753620][T16887] __sys_sendmsg+0x16d/0x220 [ 1301.753643][T16887] ? __pfx___sys_sendmsg+0x10/0x10 [ 1301.753666][T16887] ? __x64_sys_futex+0x1e0/0x4c0 [ 1301.753701][T16887] do_syscall_64+0xcd/0x4c0 [ 1301.753727][T16887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1301.753747][T16887] RIP: 0033:0x7efec398e9a9 [ 1301.753764][T16887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1301.753783][T16887] RSP: 002b:00007efec4837038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1301.753803][T16887] RAX: ffffffffffffffda RBX: 00007efec3bb5fa0 RCX: 00007efec398e9a9 [ 1301.753816][T16887] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1301.753828][T16887] RBP: 00007efec3a10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1301.753840][T16887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1301.753852][T16887] R13: 0000000000000000 R14: 00007efec3bb5fa0 R15: 00007fff52d31ac8 [ 1301.753879][T16887] [ 1302.178480][T16883] vhci_hcd: connection reset by peer [ 1302.211973][T11177] vhci_hcd: stop threads [ 1302.216257][T11177] vhci_hcd: release socket [ 1302.220683][T11177] vhci_hcd: disconnect device [ 1304.741130][T16921] binder: BINDER_SET_CONTEXT_MGR already set [ 1304.747332][T16921] binder: 16919:16921 ioctl 4018620d 2000000002c0 returned -16 [ 1304.757032][T16921] netlink: 4400 bytes leftover after parsing attributes in process `syz.5.2565'. [ 1304.767765][T16921] debugfs: 'Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²ÿ' already exists in 'ieee80211' [ 1304.790343][T16920] netlink: 'syz.0.2564': attribute type 21 has an invalid length. [ 1304.831136][T16924] 9pnet_fd: Insufficient options for proto=fd [ 1304.831775][T16920] netlink: 'syz.0.2564': attribute type 6 has an invalid length. [ 1304.849312][T16920] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2564'. [ 1305.154343][T16926] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 1305.160988][T16926] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1305.176601][T16926] vhci_hcd vhci_hcd.0: Device attached [ 1305.200909][T16928] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(13) [ 1305.207532][T16928] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1305.221132][T16933] binder: BINDER_SET_CONTEXT_MGR already set [ 1305.227884][T16933] binder: 16932:16933 ioctl 4018620d 2000000002c0 returned -16 [ 1305.251081][T16928] vhci_hcd vhci_hcd.0: Device attached [ 1305.253668][T16933] netlink: 4400 bytes leftover after parsing attributes in process `syz.5.2567'. [ 1305.361954][ T9] vhci_hcd: vhci_device speed not set [ 1305.372162][ T51] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1305.378285][T16933] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²ÿ' [ 1305.491924][ T9] usb 37-1: new full-speed USB device number 12 using vhci_hcd [ 1305.515117][T16933] CPU: 0 UID: 0 PID: 16933 Comm: syz.5.2567 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1305.515146][T16933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1305.515158][T16933] Call Trace: [ 1305.515164][T16933] [ 1305.515170][T16933] dump_stack_lvl+0x16c/0x1f0 [ 1305.515188][T16933] sysfs_warn_dup+0x7f/0xa0 [ 1305.515203][T16933] sysfs_do_create_link_sd+0x124/0x140 [ 1305.515219][T16933] sysfs_create_link+0x61/0xc0 [ 1305.515233][T16933] device_add+0x62c/0x1a70 [ 1305.515254][T16933] ? __pfx_device_add+0x10/0x10 [ 1305.515270][T16933] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1305.515287][T16933] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1305.515305][T16933] wiphy_register+0x1c9c/0x2850 [ 1305.515322][T16933] ? netdev_run_todo+0x864/0x1320 [ 1305.515339][T16933] ? __dev_printk+0x260/0x270 [ 1305.515354][T16933] ? __pfx_wiphy_register+0x10/0x10 [ 1305.515378][T16933] ieee80211_register_hw+0x24ac/0x4140 [ 1305.515400][T16933] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1305.515419][T16933] ? find_held_lock+0x2b/0x80 [ 1305.515433][T16933] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1305.515447][T16933] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1305.515464][T16933] ? __hrtimer_setup+0x176/0x280 [ 1305.515478][T16933] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1305.515499][T16933] ? trace_kmalloc+0x2b/0xd0 [ 1305.515512][T16933] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1305.515525][T16933] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1305.515537][T16933] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1305.515551][T16933] ? __asan_memcpy+0x3c/0x60 [ 1305.515569][T16933] hwsim_new_radio_nl+0xb51/0x12c0 [ 1305.515584][T16933] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1305.515602][T16933] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1305.515621][T16933] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1305.515642][T16933] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1305.515661][T16933] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1305.515684][T16933] ? bpf_lsm_capable+0x9/0x10 [ 1305.515699][T16933] ? security_capable+0x7e/0x260 [ 1305.515716][T16933] ? ns_capable+0xd7/0x110 [ 1305.515731][T16933] genl_rcv_msg+0x55c/0x800 [ 1305.515744][T16933] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1305.515755][T16933] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1305.515773][T16933] netlink_rcv_skb+0x155/0x420 [ 1305.515789][T16933] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1305.515800][T16933] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1305.515822][T16933] ? netlink_deliver_tap+0x1ae/0xd30 [ 1305.515839][T16933] genl_rcv+0x28/0x40 [ 1305.515855][T16933] netlink_unicast+0x58d/0x850 [ 1305.515873][T16933] ? __pfx_netlink_unicast+0x10/0x10 [ 1305.515888][T16933] ? __build_skb_around+0x278/0x3b0 [ 1305.515909][T16933] netlink_sendmsg+0x8d1/0xdd0 [ 1305.515927][T16933] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1305.515949][T16933] ____sys_sendmsg+0xa98/0xc70 [ 1305.515966][T16933] ? copy_msghdr_from_user+0x10a/0x160 [ 1305.515979][T16933] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1305.516003][T16933] ___sys_sendmsg+0x134/0x1d0 [ 1305.516015][T16933] ? futex_private_hash_put+0x176/0x300 [ 1305.516033][T16933] ? __pfx____sys_sendmsg+0x10/0x10 [ 1305.516045][T16933] ? __lock_acquire+0x622/0x1c90 [ 1305.516081][T16933] __sys_sendmsg+0x16d/0x220 [ 1305.516105][T16933] ? __pfx___sys_sendmsg+0x10/0x10 [ 1305.516119][T16933] ? __x64_sys_futex+0x1e0/0x4c0 [ 1305.516139][T16933] do_syscall_64+0xcd/0x4c0 [ 1305.516156][T16933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1305.516170][T16933] RIP: 0033:0x7f1c3e98e9a9 [ 1305.516182][T16933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1305.516193][T16933] RSP: 002b:00007f1c3f894038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1305.516206][T16933] RAX: ffffffffffffffda RBX: 00007f1c3ebb5fa0 RCX: 00007f1c3e98e9a9 [ 1305.516213][T16933] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000008 [ 1305.516219][T16933] RBP: 00007f1c3ea10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1305.516226][T16933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1305.516233][T16933] R13: 0000000000000000 R14: 00007f1c3ebb5fa0 R15: 00007ffd576b36d8 [ 1305.516248][T16933] [ 1306.112128][T16929] vhci_hcd: connection reset by peer [ 1306.112128][T16931] vhci_hcd: connection closed [ 1306.138069][T16940] netlink: 'syz.3.2568': attribute type 21 has an invalid length. [ 1306.155000][ T49] vhci_hcd: stop threads [ 1306.159315][ T49] vhci_hcd: release socket [ 1306.163902][ T49] vhci_hcd: disconnect device [ 1306.179199][T16941] netlink: 'syz.4.2569': attribute type 21 has an invalid length. [ 1306.191619][ T49] vhci_hcd: stop threads [ 1306.202168][ T49] vhci_hcd: release socket [ 1306.206682][ T49] vhci_hcd: disconnect device [ 1306.308106][T16940] netlink: 'syz.3.2568': attribute type 6 has an invalid length. [ 1306.316132][T16940] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2568'. [ 1306.327364][T16941] netlink: 'syz.4.2569': attribute type 6 has an invalid length. [ 1306.335322][T16941] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2569'. [ 1306.805270][T14097] vhci_hcd: vhci_device speed not set [ 1307.791737][T16955] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 1307.798291][T16955] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1307.829887][T16955] vhci_hcd vhci_hcd.0: Device attached [ 1307.861604][T16954] netlink: 'syz.4.2573': attribute type 21 has an invalid length. [ 1307.873767][T16957] vhci_hcd: connection closed [ 1307.879617][ T49] vhci_hcd: stop threads [ 1307.914390][T16954] netlink: 'syz.4.2573': attribute type 6 has an invalid length. [ 1308.015538][ T49] vhci_hcd: release socket [ 1308.025041][ T49] vhci_hcd: disconnect device [ 1308.030964][T16954] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2573'. [ 1308.133673][T16967] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7) [ 1308.140229][T16967] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1308.239807][T16973] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(10) [ 1308.246435][T16973] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1308.320038][T16973] vhci_hcd vhci_hcd.0: Device attached [ 1308.385489][T16967] vhci_hcd vhci_hcd.0: Device attached [ 1308.522046][ T5941] vhci_hcd: vhci_device speed not set [ 1308.586856][ T5941] usb 43-1: new low-speed USB device number 8 using vhci_hcd [ 1309.028260][T16974] vhci_hcd: connection closed [ 1309.028510][T11177] vhci_hcd: stop threads [ 1309.044325][T16969] vhci_hcd: connection reset by peer [ 1309.084727][T11177] vhci_hcd: release socket [ 1309.091647][T11177] vhci_hcd: disconnect device [ 1309.151841][T11177] vhci_hcd: stop threads [ 1309.169790][T11177] vhci_hcd: release socket [ 1309.190008][T11177] vhci_hcd: disconnect device [ 1309.958749][ T49] Bluetooth: hci1: Frame reassembly failed (-90) [ 1310.652762][ T9] vhci_hcd: vhci_device speed not set [ 1312.133800][T14211] Bluetooth: hci1: command 0x1003 tx timeout [ 1312.140112][ T51] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1313.764163][ T5941] vhci_hcd: vhci_device speed not set [ 1314.903249][T17031] netlink: 'syz.5.2590': attribute type 21 has an invalid length. [ 1314.911950][T17031] netlink: 'syz.5.2590': attribute type 6 has an invalid length. [ 1314.919781][T17031] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2590'. [ 1315.639561][ T49] Bluetooth: hci1: Frame reassembly failed (-90) [ 1315.728387][T17038] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2593'. [ 1316.079112][T17051] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(10) [ 1316.085759][T17051] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1316.094286][T17051] vhci_hcd vhci_hcd.0: Device attached [ 1316.105616][T17047] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7) [ 1316.112164][T17047] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1316.207505][T17047] vhci_hcd vhci_hcd.0: Device attached [ 1316.352163][ T5941] usb 43-2: new low-speed USB device number 9 using vhci_hcd [ 1316.743546][T17052] vhci_hcd: connection reset by peer [ 1316.749077][T17049] vhci_hcd: connection closed [ 1316.751286][ T6388] vhci_hcd: stop threads [ 1316.760652][ T6388] vhci_hcd: release socket [ 1316.765338][ T6388] vhci_hcd: disconnect device [ 1316.776476][ T6388] vhci_hcd: stop threads [ 1316.786080][ T6388] vhci_hcd: release socket [ 1316.799054][ T6388] vhci_hcd: disconnect device [ 1317.705204][T14211] Bluetooth: hci1: command 0x1003 tx timeout [ 1317.712245][ T51] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1318.318944][ T51] Bluetooth: hci0: Malformed MSFT vendor event: 0x02 [ 1318.470634][ T30] audit: type=1400 audit(1753866822.988:2369): avc: denied { setopt } for pid=17099 comm="syz.5.2614" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1318.654611][ T5901] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 1318.825827][ T5901] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1318.845055][ T5901] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1318.856267][ T5901] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1318.900565][ T5901] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1318.919967][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1318.933495][ T5901] usb 3-1: config 0 descriptor?? [ 1319.191910][ T9] usb 4-1: new low-speed USB device number 4 using dummy_hcd [ 1319.614875][ T5901] plantronics 0003:047F:FFFF.0002: unbalanced collection at end of report description [ 1319.873338][ T5901] plantronics 0003:047F:FFFF.0002: parse failed [ 1319.879982][ T5901] plantronics 0003:047F:FFFF.0002: probe with driver plantronics failed with error -22 [ 1319.894463][ T5901] usb 3-1: USB disconnect, device number 4 [ 1320.052424][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1320.082513][ T9] usb 4-1: config 0 has no interfaces? [ 1320.089119][T17140] BUG: assuming non migratable context at ./include/linux/filter.h:703 [ 1320.113548][T17140] in_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 17140, name: syz.0.2632 [ 1320.119326][ T9] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1320.123760][T17140] 1 lock held by syz.0.2632/17140: [ 1320.192667][T17143] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1320.217798][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1320.252518][T17140] #0: ffffffff8e5c3aa0 (rcu_read_lock){....}-{1:3}, at: nf_hook+0xb2/0x680 [ 1320.357964][T17140] CPU: 0 UID: 0 PID: 17140 Comm: syz.0.2632 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 1320.357996][T17140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1320.358007][T17140] Call Trace: [ 1320.358015][T17140] [ 1320.358029][T17140] dump_stack_lvl+0x16c/0x1f0 [ 1320.358058][T17140] __cant_migrate+0x1c7/0x250 [ 1320.358085][T17140] ? __pfx_ipt_do_table+0x10/0x10 [ 1320.358106][T17140] ? __pfx___cant_migrate+0x10/0x10 [ 1320.358139][T17140] nf_hook_run_bpf+0x83/0x1e0 [ 1320.358169][T17140] ? __pfx_nf_hook_run_bpf+0x10/0x10 [ 1320.358197][T17140] ? __pfx_iptable_mangle_hook+0x10/0x10 [ 1320.358220][T17140] ? nf_nat_ipv4_out+0xb2/0x520 [ 1320.358242][T17140] ? __pfx_nf_hook_run_bpf+0x10/0x10 [ 1320.358267][T17140] nf_hook_slow+0xbe/0x200 [ 1320.358291][T17140] nf_hook+0x370/0x680 [ 1320.358317][T17140] ? __pfx_ip_mc_finish_output+0x10/0x10 [ 1320.358343][T17140] ? __pfx_nf_hook+0x10/0x10 [ 1320.358367][T17140] ? __asan_memcpy+0x3c/0x60 [ 1320.358396][T17140] ? __pfx_ip_mc_finish_output+0x10/0x10 [ 1320.358426][T17140] ? __skb_clone+0x570/0x760 [ 1320.358452][T17140] ip_mc_output+0x5dc/0xc70 [ 1320.358479][T17140] ? __pfx_ip_mc_finish_output+0x10/0x10 [ 1320.358506][T17140] ? __pfx_ip_mc_output+0x10/0x10 [ 1320.358534][T17140] ip_send_skb+0x329/0x560 [ 1320.358564][T17140] udp_send_skb+0x71d/0x15b0 [ 1320.358599][T17140] udp_sendmsg+0x1816/0x2870 [ 1320.358628][T17140] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 1320.358657][T17140] ? avc_has_perm_noaudit+0x80/0x3b0 [ 1320.358682][T17140] ? __pfx_udp_sendmsg+0x10/0x10 [ 1320.358709][T17140] ? avc_has_perm+0x144/0x1f0 [ 1320.358765][T17140] ? __pfx_udp_sendmsg+0x10/0x10 [ 1320.358792][T17140] inet_sendmsg+0x105/0x140 [ 1320.358813][T17140] __sys_sendto+0x43c/0x520 [ 1320.358834][T17140] ? __pfx___sys_sendto+0x10/0x10 [ 1320.358864][T17140] ? find_held_lock+0x2b/0x80 [ 1320.358899][T17140] ? xfd_validate_state+0x61/0x180 [ 1320.358931][T17140] __x64_sys_sendto+0xe0/0x1c0 [ 1320.358950][T17140] ? do_syscall_64+0x91/0x4c0 [ 1320.358972][T17140] ? lockdep_hardirqs_on+0x7c/0x110 [ 1320.358993][T17140] do_syscall_64+0xcd/0x4c0 [ 1320.359016][T17140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1320.359040][T17140] RIP: 0033:0x7f33ce98e9a9 [ 1320.359056][T17140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1320.359074][T17140] RSP: 002b:00007f33cf862038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1320.359093][T17140] RAX: ffffffffffffffda RBX: 00007f33cebb5fa0 RCX: 00007f33ce98e9a9 [ 1320.359105][T17140] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 1320.359116][T17140] RBP: 00007f33cea10d69 R08: 00002000000004c0 R09: 0000000000000010 [ 1320.359128][T17140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1320.359138][T17140] R13: 0000000000000000 R14: 00007f33cebb5fa0 R15: 00007ffdcbb8d2b8 [ 1320.359165][T17140] [ 1320.360293][ T9] usb 4-1: config 0 descriptor?? [ 1321.501936][ T5941] vhci_hcd: vhci_device speed not set [ 1322.492381][ T43] usb 4-1: USB disconnect, device number 4