last executing test programs:

7m6.605944152s ago: executing program 0 (id=1510):
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001040)={0x30, 0xd, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)

7m6.516629639s ago: executing program 0 (id=1512):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0x0, r0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0x2b9})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x1c1d42, 0xf3)

7m6.221689191s ago: executing program 0 (id=1516):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x48201)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000080)={0x1, 0x3, 0x900000})
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/rcu_expedited', 0x1, 0x28)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000100)={0x9, r0, 0x10, {0x2b, 0x5}}, 0x1)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000002, 0x20010, r1, 0x32b3f000)
ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, &(0x7f0000000140)={0x95df, 0x6, 0x1, 0x8, 0x0, [0x79d34ebd, 0x2d, 0x7fff, 0x4]})
r3 = openat2(r2, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x189000, 0x24, 0x4}, 0x18)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000200)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000240)=0x14)
r4 = syz_clone(0x20000000, &(0x7f0000000280)="3c9dec621b63e20853382b53b460500545ed3471bee40bf39e9fe7adde45da318b183d82e7d89820b64671c0c5a13d5abb5ee6a84170c6aabb055eb8c9133fba4e04202213ab35412b9a4b56527d40ffeb1fbcbc475d7218dd566ec77e03923ee052289e3dfd41898782cdfa92e014f7f56442a71d60d07019cfc9b4914114bfdb1fd7b4f7b9ccc22fadbbc8b87b628add33b3cf6608f596f53963972458674851d00666264d60e062d7b201cdf8080d27992d3e634715f542d5b467c890d4a0c8b14937039dbb243395fe02309f6f978d7793174860bceea6c8a3d736ef4a2791cf73554f8c5adae171ab70b082", 0xee, &(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000400)="dc4c8d71c81a6225087d5ff400a3684090ccec0c25249b0d59909cabdc3c70eb3f33f704ec682264aa08fcea59f815c470c7f682be3bde84aaae8dc1a8d4de526fa1191338de1c1fa402d7f16e5d09bbe8781ff3e4ef7b27103f3d5fb5e7e486762fae49dbbf31ffd1f63dbbde39d94e4b97aec771d9c29ad4e7bf7e154aeeb216667e5849eb6672a3f947668294aea754cae4b6c6dde78fee961a52d9c920cb8b82610ec7a9a502cbff203316b1858a")
ioctl$INCFS_IOC_PERMIT_FILL(r0, 0x40046721, &(0x7f00000004c0)={r0})
ioctl$XFS_IOC_DIOINFO(r3, 0x800c581e, &(0x7f0000000500))
ptrace(0x11, r4)
ioctl$BTRFS_IOC_DEV_REPLACE(r2, 0xca289435, &(0x7f0000000540)={0x2, 0x1, @status={[0xffffffff, 0x4, 0x7ff, 0x8, 0x10001, 0x7]}, [0x3, 0x1, 0x6, 0xb, 0x6, 0x80000000, 0x7ff, 0x0, 0x2, 0x7, 0x4da4, 0x9, 0x1, 0x100000000, 0x80, 0x5, 0x195a, 0x5, 0xa173, 0x9, 0x3, 0x4, 0x6, 0xc, 0x1, 0x401, 0x0, 0x0, 0x800, 0x6, 0x3, 0x0, 0x4, 0x101, 0x4a2, 0xfff, 0x1400000000000, 0x7fffffff, 0x0, 0x3, 0x1, 0x101, 0x2, 0x5, 0x6, 0x3, 0x3, 0x7, 0x0, 0x5, 0x8, 0x2, 0x4, 0x1, 0x317, 0xffffffff, 0x7, 0x1, 0xfffffffffffffffa, 0x5, 0x8, 0x0, 0x0, 0x8f]})
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000001240)={0x2c, &(0x7f0000000f80)={0x20, 0x0, 0xe5, {0xe5, 0x1, "e126d4ce59e9d584509a2d1316b8d7ce863b53effd532e7a9f6866713be2f92e18fb6834ab7e459710cf670d3e147a98ddfe1fbe79948daf1ca03a168fdd1104b261dd44956b1f06dc6ac5e880f712b302387d2baf00280f36a6fe2b9c63cf08b9757eedf34cdf96618bbc856460728e8093626a60c5f292041e59f884bad980ab7accc0c5c08d8cccdb90e6bd5a05851c364e724a4c7411dcd2fa645a29a5e0d52805b5e9b47148ba5fea8e99f6b7d4c1757912491e7dbbcf62f84816d68fca2589be612af4f589a5033a46a12d9a5b3c72918927453333447931146615f316fc85c3"}}, &(0x7f0000001080)={0x0, 0x3, 0x3, @string={0x3, 0x3, "c9"}}, &(0x7f00000010c0)={0x0, 0xf, 0xc0, {0x5, 0xf, 0xc0, 0x6, [@ssp_cap={0xc, 0x10, 0xa, 0x4, 0x0, 0x8, 0xf, 0x5192}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0xf, 0x7, 0xe7b}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "c7c5427e6257adb6ecf00601615d22f5"}, @generic={0x86, 0x10, 0x4, "8db46c952e4c77d1655df60f1056699748b59280d0a073c10b85eb8f10c8dccaac8fd340a14f59dd6fa64c5313a3a1eeb0d2c2fede91cc053983451da84cef14f739d504e9c64291ea7c22128b8d303eda4f7cd5091857574a05242bc6ab998291acb2feb375ba43ee366f48f4405543b5471d5b3ed5d1782d6f77fbd66e0e9f67bddc"}, @wireless={0xb, 0x10, 0x1, 0xc, 0xc0, 0xf5, 0x1, 0x7, 0xea}]}}, &(0x7f00000011c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x5, 0x60, 0xd, 0x3, "ab54c12e", "80492983"}}, &(0x7f0000001200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x97, 0x80, 0x1, 0x1, 0x8, 0xaf5, 0x7}}}, &(0x7f0000001680)={0x84, &(0x7f0000001280)={0x40, 0x7, 0x2, 'IV'}, &(0x7f00000012c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000001300)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000001340)={0x20, 0x0, 0x4, {0x1, 0x3}}, &(0x7f0000001380)={0x20, 0x0, 0x4, {0x1e0, 0x40}}, &(0x7f00000013c0)={0x40, 0x7, 0x2, 0x401}, &(0x7f0000001400)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000001440)={0x40, 0xb, 0x2, "a1b5"}, &(0x7f0000001480)={0x40, 0xf, 0x2, 0x6}, &(0x7f00000014c0)={0x40, 0x13, 0x6, @local}, &(0x7f0000001500)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000001540)={0x40, 0x19, 0x2, "64db"}, &(0x7f0000001580)={0x40, 0x1a, 0x2, 0x7}, &(0x7f00000015c0)={0x40, 0x1c, 0x1, 0x4}, &(0x7f0000001600)={0x40, 0x1e, 0x1, 0x40}, &(0x7f0000001640)={0x40, 0x21, 0x1, 0xa4}})
read$FUSE(r3, &(0x7f0000001740)={0x2020, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
stat(&(0x7f0000003780)='./file0/file0\x00', &(0x7f00000037c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
statx(r2, &(0x7f0000003840)='./file0\x00', 0x2000, 0x800, &(0x7f0000003880)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
r8 = getegid()
stat(&(0x7f0000003980)='./file0\x00', &(0x7f00000039c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
lstat(&(0x7f0000003a40)='./file0\x00', &(0x7f0000003a80)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
setgroups(0x9, &(0x7f0000003b00)=[0xee00, r5, 0xffffffffffffffff, r6, r7, r8, r9, r10, 0xee01])
syz_usb_connect$cdc_ncm(0x3, 0xc2, &(0x7f0000003c00)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb0, 0x2, 0x1, 0xa, 0x20, 0xf8, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "00832d4730"}, {0x5, 0x24, 0x0, 0x81}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x8, 0x7, 0xb5}, {0x6, 0x24, 0x1a, 0x4, 0x18}, [@mdlm_detail={0x4f, 0x24, 0x13, 0x8, "523884b954161725b6950a0a19cb1dcab2527184d60df36d0cc726dd97bc85611a225b32996960b511e1240b28c0bf456b70bfb293a52f3cb6a793c7236d33e63fabfc080904d27957a9dc"}]}, {{0x9, 0x5, 0x81, 0x3, 0x400, 0x1, 0x3, 0xd8}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x6, 0x9, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x2, 0x1, 0x9}}}}}}}]}}, &(0x7f0000004100)={0xa, &(0x7f0000003d00)={0xa, 0x6, 0x0, 0xa5, 0xa7, 0xff, 0x8, 0x8}, 0x32, &(0x7f0000003d40)={0x5, 0xf, 0x32, 0x4, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0x14, 0x3, 0x3, 0x101, 0x61}, @generic={0xb, 0x10, 0xb, "d639cfd24e837eb3"}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "f4478649b0a7cd08d30f4014178b3ea0"}]}, 0x8, [{0x4, &(0x7f0000003d80)=@lang_id={0x4, 0x3, 0x3401}}, {0x19, &(0x7f0000003dc0)=@string={0x19, 0x3, "fc9e42a22987442d702cf490fa6516a8e07867c05ae3a3"}}, {0xa5, &(0x7f0000003e00)=@string={0xa5, 0x3, "8859110be70a40e6a8c913dbc23464f48892669a9bcb9047c8412d8e282559f554391d28293dd3152a5fa10d9b41a34d67908e820869d0eb08646bb8d3727908a5cafc9e7b2c7f7fa3a601f17dd027c848ed0ff90762da0ae49a43f5ec1cbfd86640d50433d93200e80209b52a27c9b9933d904ceb6934e2b3cc656c97b7b19b827041d5f7345e9500d6a6ac89c604095fd81b7c46c9d91ab98a2f2734ce796952ab7f"}}, {0x4, &(0x7f0000003ec0)=@lang_id={0x4, 0x3, 0x427}}, {0x4, &(0x7f0000003f00)=@lang_id={0x4, 0x3, 0x42a}}, {0x1b, &(0x7f0000003f40)=@string={0x1b, 0x3, "2fa9e4a430b36aa96f6f3472a9ce17f09b0e503b03be1a8946"}}, {0x47, &(0x7f0000003f80)=@string={0x47, 0x3, "d5d65bb8f3c295e7c1ac4e4edf17d07532c5b32434770640ea1c731e89aa30d057b0e18f775468d6342a25d375a332244d7a5ec43bbe670ee86d6843872ad4b0c136325f30"}}, {0xe9, &(0x7f0000004000)=@string={0xe9, 0x3, "f251557283a20eff101cdedd92d5a23c5543f3ef3970b29ef70e69f3630d2922738c0583c5fded7a2806bba6a6a7beffdaf62130888386c5ea8c7bd8ef0c87f3a65d3a62865297f282fbe15670af1943fe160c5a033b578d7e8bf9e50441e980c6c80c6f3d9b6ad2c5c19c4262c64213111ed85bcd685bddb159fcfc016d6e11c13fffb0504e8e83272060aa8bcbad119c5901cafedd05a90b50d5f74fcd97c697acd4b69dfd578abc54425d646850ad529c6e81ccc6d9665a48b7389cf6883f887ca4139a8dbb6055a3b244ca9b9e77ee3440fbfc824bd1efd8a85b9db53a2d735783d972fa64"}}]})

7m4.32976605s ago: executing program 0 (id=1523):
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$kcm(0x10, 0x2, 0x4)
socket$packet(0x11, 0x2, 0x300)
socket$netlink(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r4, @ANYBLOB="ff83050000", @ANYRES8=r0], 0x4}}, 0x0)
sendfile(r3, r1, 0x0, 0x100000000)

7m3.989369009s ago: executing program 0 (id=1527):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace$setregset(0x4205, r0, 0x200, &(0x7f0000000080)={0x0})
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x2, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffd}, 0x10}, 0x1, 0x7}, 0x0)
ioctl$PTP_EXTTS_REQUEST2(0xffffffffffffffff, 0x40103d0b, &(0x7f0000000180)={0xc, 0x1})

7m1.385776469s ago: executing program 0 (id=1542):
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000024d00)={0x0, 0x0, &(0x7f0000024cc0)={&(0x7f0000002440)=@delchain={0x8d8, 0x65, 0x200, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x5, 0xc}, {0xfff3, 0x4}, {0x0, 0x2}}, [@f_rsvp6={{0xa}, {0x8a8, 0x2, [@TCA_RSVP_CLASSID={0x8, 0x1, {0xc, 0xd}}, @TCA_RSVP_POLICE={0x4}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x6, 0x4}}, @TCA_RSVP_POLICE={0x2c, 0x5, [@TCA_POLICE_RESULT={0x8, 0x5, 0x1}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x7fffffff}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x3}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xe95}]}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x10, 0xa}}, @TCA_RSVP_DST={0x14, 0x2, @mcast1}, @TCA_RSVP_ACT={0x848, 0x6, [@m_xt={0x208, 0x14, 0x0, 0x0, {{0x7}, {0x158, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x4}, @TCA_IPT_INDEX={0x8, 0x3, 0x9}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_TARG={0x65, 0x6, {0x5a, 'filter\x00', 0xdd, 0x9, "421afb04bd4f34bb4e0101cf7be13218c075e2e816b8b5028e2ac0845cd5b6765fda9157c9b9c6708b28a22441978a5aa33ad2221adadfc645ee5c"}}, @TCA_IPT_TARG={0xb5, 0x6, {0x2, 'raw\x00', 0x0, 0x8, "eaf957fb465b9ddc7af57fc871ff419016145573fbd0667c6429d45636b8cd4137558d9b12838a79f7cf35ec8c56357b977a62335295519bef7e545f248334724a6a391a37a25c703813a33c6446e6d796bf39c0af370f8adb95d176543b097cd5fd3564a43023efe4b1b354d3aa910c7809bea658689aa4ca8f054202854963219ecf3901ff69d5927390"}}]}, {0x89, 0x6, "c90b6c0ce2fdcb9d28485947c7f2aadc7072fd043eb5d6653bb45a7fe8c1c6a75f29adf71acb1113b9fff1f86d83f779d0fa0f2a6401843013f1b59715aaa819f80c8f44d8ad1672dc2bc0d46c2fd21a0b660885f429898a48e6cab5332aaa0d19568757d28ff1693a282b1cd99330800e3d7a44e3f8b5bcb07ba2e3abb170b6e0bf4ce3fd"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_nat={0x2c, 0x5, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x715a96b04967857, 0x3}}}}, @m_skbmod={0x158, 0x1b, 0x0, 0x0, {{0xb}, {0x60, 0x2, 0x0, 0x1, [@TCA_SKBMOD_SMAC={0xa, 0x4, @broadcast}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local}, @TCA_SKBMOD_DMAC={0xa, 0x3, @remote}, @TCA_SKBMOD_DMAC={0xa}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x3, 0xc, 0x20000000, 0x6, 0x9}, 0x2}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x96}]}, {0xcd, 0x6, "ce1479f34cfbffac730d1b89412695f9f62a883554492d7af0bfc57a2334d3d2dd9b05f1f17d111c18331493785dc6e063919e93f336c85ca27904c130d09f48e10be49e68605f2a6de8f0258e80070b3ff6b5869a8a8179f2c15d55342218589e298ed3d24eda1515fde57a2813524da3a4106d599153aa1c5e701d835fd4b306442c85a335e55534b05944e4473e1e495a41e79f387febd069a8680812e29a926f49e26db181ff1f92306a1149a4db4ab91e9150a87818be0499c3df8cdbd8c7ae002cab0ef581f7"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_sample={0x78, 0x16, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x5}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0x4, 0x3, 0x9, 0x9}}]}, {0x29, 0x6, "12ddf4f57a93285076c0538c19e52479fc7994836657d6c86625083f75fe267ac9208d5b29"}, {0xc}, {0xc, 0x8, {0x1, 0x7}}}}, @m_police={0x440, 0x13, 0x0, 0x0, {{0xb}, {0x414, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0xe, 0x4d, 0x3, 0x3, 0x3, 0x8001, 0x7fffffff, 0xc, 0xfd, 0x3, 0x7, 0x4, 0x8, 0xc5, 0x3, 0x6, 0x7, 0x7ff, 0x200, 0x2, 0x76, 0xffffffff, 0x8, 0x3, 0x8000, 0x7f, 0x0, 0xb, 0x8, 0x101, 0xfffff0ba, 0x8, 0xf8, 0x7fffffff, 0x124, 0xfffffffd, 0x5e, 0x7, 0x101, 0x10000, 0x7, 0xfffffffd, 0x10001, 0x6, 0x4, 0x400, 0x4, 0x3, 0x10000, 0x9, 0x4, 0x401, 0x200, 0xfff, 0x5, 0x0, 0x8, 0x2bf, 0xffffffff, 0x0, 0x6, 0x40, 0xa087, 0x80000001, 0xb, 0x2, 0x2, 0x0, 0x9, 0x6, 0x5, 0x8, 0x1000, 0xffff0000, 0x2, 0xb, 0x6, 0x3, 0x8, 0x10000, 0x8, 0x5, 0x1, 0x2, 0x1, 0x5, 0x80, 0x101, 0x7f, 0xffff, 0x7, 0x5, 0xe64, 0x0, 0x7, 0x5, 0x1, 0x200, 0x9, 0x400, 0x5525, 0x6, 0x3ff, 0x1, 0xae, 0x3, 0x7, 0xffff, 0x80000001, 0x6, 0x71af, 0x10, 0x400, 0x2, 0x1a93, 0x3, 0x8001, 0x7, 0xd, 0x0, 0xffffffff, 0x2, 0x1, 0x5d1, 0xc, 0x2, 0x5, 0x0, 0x8, 0x0, 0x23e, 0x5, 0x8, 0x2, 0x7, 0x4, 0xf1a, 0x8a4, 0xa58e, 0x5, 0x20e, 0x8, 0x2, 0xbb4edaf6, 0xfffff660, 0x6, 0x5, 0x4, 0x0, 0x9, 0x5, 0x9, 0xffff, 0x1, 0xaf40, 0x1, 0x4, 0x6, 0x5, 0x4, 0x8, 0x5, 0xfffff801, 0x6, 0x9, 0x10000, 0x4, 0x80000001, 0x607, 0xfffffffd, 0x8, 0x9, 0x4, 0x400, 0x1000, 0x1, 0x10001, 0x1, 0x1, 0x9, 0x1df22292, 0xaa, 0x6, 0x0, 0xffffff2b, 0xbe, 0x189, 0xf2, 0x7, 0x3, 0x35f6, 0x5, 0x7, 0x2, 0x101, 0x9, 0x5, 0x6, 0xff, 0xb, 0x3d5, 0x81, 0x5, 0xff, 0x8, 0x7d2, 0x1, 0x6, 0x0, 0x5, 0x8, 0x0, 0x1, 0x8, 0x7f, 0x6a, 0x0, 0x101, 0x129, 0x0, 0x3, 0x1, 0xd, 0x1810, 0x7, 0xfffffffe, 0x4, 0x1, 0x5, 0x80, 0xfd01, 0x0, 0x3ff, 0x5, 0xd, 0x1, 0xf, 0xd0a7, 0x9, 0x7, 0x1335d295, 0x7, 0x3, 0x3ff, 0xb8e, 0xffffffff, 0x7, 0x7, 0x3, 0x9, 0x2, 0x9, 0x2, 0x6, 0x8000, 0x6]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x539}]]}, {0x4}, {0xc, 0x7, {0x1, 0xeea12236c61d8cae}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x8d8}, 0x1, 0x0, 0x0, 0x810}, 0x41)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

6m46.989830323s ago: executing program 32 (id=1542):
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000024d00)={0x0, 0x0, &(0x7f0000024cc0)={&(0x7f0000002440)=@delchain={0x8d8, 0x65, 0x200, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x5, 0xc}, {0xfff3, 0x4}, {0x0, 0x2}}, [@f_rsvp6={{0xa}, {0x8a8, 0x2, [@TCA_RSVP_CLASSID={0x8, 0x1, {0xc, 0xd}}, @TCA_RSVP_POLICE={0x4}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x6, 0x4}}, @TCA_RSVP_POLICE={0x2c, 0x5, [@TCA_POLICE_RESULT={0x8, 0x5, 0x1}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x7fffffff}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x3}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xe95}]}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x10, 0xa}}, @TCA_RSVP_DST={0x14, 0x2, @mcast1}, @TCA_RSVP_ACT={0x848, 0x6, [@m_xt={0x208, 0x14, 0x0, 0x0, {{0x7}, {0x158, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x4}, @TCA_IPT_INDEX={0x8, 0x3, 0x9}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_TARG={0x65, 0x6, {0x5a, 'filter\x00', 0xdd, 0x9, "421afb04bd4f34bb4e0101cf7be13218c075e2e816b8b5028e2ac0845cd5b6765fda9157c9b9c6708b28a22441978a5aa33ad2221adadfc645ee5c"}}, @TCA_IPT_TARG={0xb5, 0x6, {0x2, 'raw\x00', 0x0, 0x8, "eaf957fb465b9ddc7af57fc871ff419016145573fbd0667c6429d45636b8cd4137558d9b12838a79f7cf35ec8c56357b977a62335295519bef7e545f248334724a6a391a37a25c703813a33c6446e6d796bf39c0af370f8adb95d176543b097cd5fd3564a43023efe4b1b354d3aa910c7809bea658689aa4ca8f054202854963219ecf3901ff69d5927390"}}]}, {0x89, 0x6, "c90b6c0ce2fdcb9d28485947c7f2aadc7072fd043eb5d6653bb45a7fe8c1c6a75f29adf71acb1113b9fff1f86d83f779d0fa0f2a6401843013f1b59715aaa819f80c8f44d8ad1672dc2bc0d46c2fd21a0b660885f429898a48e6cab5332aaa0d19568757d28ff1693a282b1cd99330800e3d7a44e3f8b5bcb07ba2e3abb170b6e0bf4ce3fd"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_nat={0x2c, 0x5, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x715a96b04967857, 0x3}}}}, @m_skbmod={0x158, 0x1b, 0x0, 0x0, {{0xb}, {0x60, 0x2, 0x0, 0x1, [@TCA_SKBMOD_SMAC={0xa, 0x4, @broadcast}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local}, @TCA_SKBMOD_DMAC={0xa, 0x3, @remote}, @TCA_SKBMOD_DMAC={0xa}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x3, 0xc, 0x20000000, 0x6, 0x9}, 0x2}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x96}]}, {0xcd, 0x6, "ce1479f34cfbffac730d1b89412695f9f62a883554492d7af0bfc57a2334d3d2dd9b05f1f17d111c18331493785dc6e063919e93f336c85ca27904c130d09f48e10be49e68605f2a6de8f0258e80070b3ff6b5869a8a8179f2c15d55342218589e298ed3d24eda1515fde57a2813524da3a4106d599153aa1c5e701d835fd4b306442c85a335e55534b05944e4473e1e495a41e79f387febd069a8680812e29a926f49e26db181ff1f92306a1149a4db4ab91e9150a87818be0499c3df8cdbd8c7ae002cab0ef581f7"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_sample={0x78, 0x16, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x5}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0x4, 0x3, 0x9, 0x9}}]}, {0x29, 0x6, "12ddf4f57a93285076c0538c19e52479fc7994836657d6c86625083f75fe267ac9208d5b29"}, {0xc}, {0xc, 0x8, {0x1, 0x7}}}}, @m_police={0x440, 0x13, 0x0, 0x0, {{0xb}, {0x414, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0xe, 0x4d, 0x3, 0x3, 0x3, 0x8001, 0x7fffffff, 0xc, 0xfd, 0x3, 0x7, 0x4, 0x8, 0xc5, 0x3, 0x6, 0x7, 0x7ff, 0x200, 0x2, 0x76, 0xffffffff, 0x8, 0x3, 0x8000, 0x7f, 0x0, 0xb, 0x8, 0x101, 0xfffff0ba, 0x8, 0xf8, 0x7fffffff, 0x124, 0xfffffffd, 0x5e, 0x7, 0x101, 0x10000, 0x7, 0xfffffffd, 0x10001, 0x6, 0x4, 0x400, 0x4, 0x3, 0x10000, 0x9, 0x4, 0x401, 0x200, 0xfff, 0x5, 0x0, 0x8, 0x2bf, 0xffffffff, 0x0, 0x6, 0x40, 0xa087, 0x80000001, 0xb, 0x2, 0x2, 0x0, 0x9, 0x6, 0x5, 0x8, 0x1000, 0xffff0000, 0x2, 0xb, 0x6, 0x3, 0x8, 0x10000, 0x8, 0x5, 0x1, 0x2, 0x1, 0x5, 0x80, 0x101, 0x7f, 0xffff, 0x7, 0x5, 0xe64, 0x0, 0x7, 0x5, 0x1, 0x200, 0x9, 0x400, 0x5525, 0x6, 0x3ff, 0x1, 0xae, 0x3, 0x7, 0xffff, 0x80000001, 0x6, 0x71af, 0x10, 0x400, 0x2, 0x1a93, 0x3, 0x8001, 0x7, 0xd, 0x0, 0xffffffff, 0x2, 0x1, 0x5d1, 0xc, 0x2, 0x5, 0x0, 0x8, 0x0, 0x23e, 0x5, 0x8, 0x2, 0x7, 0x4, 0xf1a, 0x8a4, 0xa58e, 0x5, 0x20e, 0x8, 0x2, 0xbb4edaf6, 0xfffff660, 0x6, 0x5, 0x4, 0x0, 0x9, 0x5, 0x9, 0xffff, 0x1, 0xaf40, 0x1, 0x4, 0x6, 0x5, 0x4, 0x8, 0x5, 0xfffff801, 0x6, 0x9, 0x10000, 0x4, 0x80000001, 0x607, 0xfffffffd, 0x8, 0x9, 0x4, 0x400, 0x1000, 0x1, 0x10001, 0x1, 0x1, 0x9, 0x1df22292, 0xaa, 0x6, 0x0, 0xffffff2b, 0xbe, 0x189, 0xf2, 0x7, 0x3, 0x35f6, 0x5, 0x7, 0x2, 0x101, 0x9, 0x5, 0x6, 0xff, 0xb, 0x3d5, 0x81, 0x5, 0xff, 0x8, 0x7d2, 0x1, 0x6, 0x0, 0x5, 0x8, 0x0, 0x1, 0x8, 0x7f, 0x6a, 0x0, 0x101, 0x129, 0x0, 0x3, 0x1, 0xd, 0x1810, 0x7, 0xfffffffe, 0x4, 0x1, 0x5, 0x80, 0xfd01, 0x0, 0x3ff, 0x5, 0xd, 0x1, 0xf, 0xd0a7, 0x9, 0x7, 0x1335d295, 0x7, 0x3, 0x3ff, 0xb8e, 0xffffffff, 0x7, 0x7, 0x3, 0x9, 0x2, 0x9, 0x2, 0x6, 0x8000, 0x6]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x539}]]}, {0x4}, {0xc, 0x7, {0x1, 0xeea12236c61d8cae}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x8d8}, 0x1, 0x0, 0x0, 0x810}, 0x41)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

6.47768186s ago: executing program 5 (id=3355):
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x7fd, @mcast2, 0x3}, 0x1c)
r1 = socket(0xa, 0x5, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="211d00000000000007e6"], 0xf0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x1, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r2, 0x0, 0x3})
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)

6.297061205s ago: executing program 5 (id=3358):
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000140)={0x0, 0x40, 0x20}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f00000004c0)={0x2, 0x4e24, @multicast2}, 0x10)

5.565178886s ago: executing program 4 (id=3360):
r0 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f00000002c0)={{}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58)

5.180332739s ago: executing program 5 (id=3362):
landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
statfs(0x0, &(0x7f0000000200)=""/215)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r3, 0x29, 0x41, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
read$FUSE(r4, &(0x7f0000002c00)={0x2020}, 0x2020)
syz_emit_ethernet(0x4a, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaa8e219784"], 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)

3.912389571s ago: executing program 4 (id=3365):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) (async)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) (async)
ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={0x0, @sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, @vsock={0x28, 0x0, 0x0, @host}, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x81}, 0x5, 0x0, 0x0, 0x0, 0xffff, &(0x7f0000000000)='ip6gre0\x00', 0x8, 0x6, 0x1000}) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) (async)
r2 = accept$alg(r1, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x9, 0x7, 0x1, 0x1, 0x2, 0x1, 0x1, 0xff, 0x5, 0x0, 0xe, 0x9, 0xa, 0x2, 0xd, 0x5}}) (async)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[0x2, 0x7, 0x5, 0x180, 0x0, 0x0, 0xf1, 0x9, 0x8, 0x5, 0xfffffffffffffff7, 0x5, 0x0, 0x0, 0x0, 0xbd9], 0x1, 0x1c4292})
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
sendmsg$alg(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000240)="0f", 0x1}], 0x1, 0x0, 0x0, 0x44050}, 0x8000) (async)
r6 = accept4(r2, 0x0, 0x0, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1b, 0x3, &(0x7f0000000940)=@framed={{0x18, 0x0, 0x0, 0x0, 0xd}}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000280)="6a993376ddacab9cdca3b48515f1064014e891164f650900a786a011b9a82ac62197234b3745dbcbba561df974add0f327be53a59853fdf5c4546ba342d4cd56d4429e516e5bc41c16119e02ef309a81c42e5a0aa86d6344d820969ba1ea21a4cd8282249cbb7b36f098d4ce715c46be6004fddb62ba3b3d688f59bd9fa54f4e070530d45e2d", 0x9, r7}, 0xfffffffffffffeb8)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff43, 0x0, 0x0, 0x0}, 0x94) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r10, &(0x7f000000d040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x1c, r9, 0x8de13c6b70ae92c3, 0x41003, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_WOWLAN(r6, &(0x7f0000000640)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x50, r9, 0x1, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_WOWLAN_TRIGGERS={0x34, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_ANY={0x4}, @NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST={0x4}, @NL80211_WOWLAN_TRIG_RFKILL_RELEASE={0x4}, @NL80211_WOWLAN_TRIG_DISCONNECT={0x4}, @NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST={0x4}, @NL80211_WOWLAN_TRIG_MAGIC_PKT={0x4}, @NL80211_WOWLAN_TRIG_ANY={0x4}, @NL80211_WOWLAN_TRIG_NET_DETECT={0xc, 0x12, 0x0, 0x1, [@NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x80}]}, @NL80211_WOWLAN_TRIG_MAGIC_PKT={0x4}, @NL80211_WOWLAN_TRIG_RFKILL_RELEASE={0x4}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x4001)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r8, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

3.640581204s ago: executing program 5 (id=3366):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0x437, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, 0x0, 0x704c3, 0xc4a48b7f26bf141b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast2}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1d}}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x10000, 0x440)
ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f00000002c0)={0x9a090a, 0x937})
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000002c0)=[{0x0}, {&(0x7f00000003c0)='M', 0x1}], 0x2, 0x0, 0x0, 0x4000400}, 0x2)
r2 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x4856, 0x10}]})
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x28)
r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180), 0x50000, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000280), 0xffffffffffffffff)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x81, 0xc0)
writev(r7, &(0x7f0000000000)=[{&(0x7f0000002140)="bc99cb92e3", 0x5}], 0x1)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r7, 0x3ba0, &(0x7f0000000740)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x4, 0x1d2cf2, 0x2f6766})
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x1c, r6, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x20008090)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
r9 = fanotify_init(0x1, 0x0)
r10 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x40, 0x148)
fanotify_mark(r9, 0x101, 0x38, r10, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x7, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x61e4, 0x0, 0x0, 0x0, 0x5}, [@map_val={0x18, 0x0, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x2}, @alu={0x4, 0x0, 0x0, 0xa, 0x9, 0x6, 0x10}, @ldst={0x0, 0x0, 0x1, 0x1, 0x7, 0x18, 0xfffffffffffffffc}]}, &(0x7f0000000400)='syzkaller\x00', 0x3, 0xa2, &(0x7f00000007c0)=""/162, 0x41000, 0x15, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000500)={0x5, 0x7, 0x6, 0x6}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000540)=[r4, r4, r4, r4, r4, r8, r4], &(0x7f0000000580)=[{0x5, 0x1, 0x4, 0x3}, {0x3, 0x1, 0xa, 0x9}, {0x1, 0x5, 0x6, 0x2}], 0x10, 0x5}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x25, 0x8, @void}, 0x10)
recvfrom$packet(r8, &(0x7f0000000440)=""/139, 0x8b, 0x2000, &(0x7f0000000880)={0x11, 0x10, 0x0, 0x1, 0xff, 0x6, @remote}, 0x14)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r3, 0x27, &(0x7f00000002c0)={0x0, 0x0, 0x0, &(0x7f00000027c0)=""/4096, 0x1000}}, 0x7f)
syz_usb_connect(0x3, 0x4f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000e45aa5205b109917e9360102030109023d0001000000000904ef0404ff010100090502020800d0000909050800ff030700060705a902e86f4c0905d5"], 0x0)

3.618842105s ago: executing program 2 (id=3367):
socket$inet6(0xa, 0x80002, 0x88)
r0 = socket(0xa, 0x5, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="211d00000000000007e6"], 0xf0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x1, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r1, 0x0, 0x3})
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)

3.484186118s ago: executing program 2 (id=3368):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000500000000000000000000008500000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f0000000080)='GPL\x00'}, 0x94)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xbecd6000)
futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000), 0x2}], 0x1, 0x0, 0x0, 0x0)
futex(&(0x7f0000000140), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_io_uring_setup(0x22f, &(0x7f0000019140)={0x0, 0x8ffd, 0x4000, 0x0, 0x100002cf}, &(0x7f0000000000), 0x0)
syz_io_uring_setup(0x23c, &(0x7f0000000080)={0x0, 0x7ffffffe, 0x10100}, 0x0, &(0x7f0000000200))
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x80010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRES16=r0], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2982, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x20000023896)
ioctl$TIOCSERGETLSR(r5, 0x5459, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))

3.156578564s ago: executing program 4 (id=3373):
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x7fd, @mcast2, 0x3}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f0000000100)=0x17, 0x4)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0)
r1 = socket(0xa, 0x5, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="211d00000000000007e6"], 0xf0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
sendto$inet6(r1, &(0x7f0000000040)="00d8", 0x20a00, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c)
r2 = socket$kcm(0x11, 0x7, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000080)={0x4})
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000000)={<r3=>0x0, 0xfccb, 0xffff, 0x4}, &(0x7f0000000080)=0x10)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={r3, 0x6be, 0x6}, 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
get_robust_list(0x0, &(0x7f0000000bc0)=0x0, &(0x7f0000000c00))
getrlimit(0xd, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
open(&(0x7f0000000400)='./bus\x00', 0x143342, 0x1c0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r4, 0x0, 0x3})
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)

3.03945668s ago: executing program 1 (id=3374):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000104000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_LINK_CREATE(0x8, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x1c, 0x0, @val=@netfilter={0xf, 0x0, 0x1}}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f0000000040), 0x10)
sendmsg$netlink(r1, &(0x7f0000005d80)={&(0x7f0000000440)=@proc={0x10, 0x0, 0x25dfdbfc, 0x1000000}, 0xc, &(0x7f0000000140)=[{&(0x7f0000000000)=ANY=[@ANYRES8, @ANYRES16, @ANYRES64=r1, @ANYRES16=r1], 0x38}], 0x4, 0x0, 0x0, 0x20000c4}, 0x0)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffff9})
mmap(&(0x7f0000a3f000/0x1000)=nil, 0x1000, 0x2000001, 0x4006030, 0xffffffffffffffff, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000001040)={'gretap0\x00', 0x0})
r3 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x5000, 0x3, @mcast2, 0x3}, 0x1c)
writev(r3, &(0x7f00000192c0)=[{&(0x7f0000019380)="8492956181f597fb0ffb48658363a2a01c96049e2e9fd2a3e2e7be731a73ddea38e7ac4a3086bb42d7d8a3a640886432488ab2f34452de7280f9588015069553e24c9763fea9281e607f90155ec28699d4ef97e057f34607536543735c4962f95e6bd27486ff53e9ba7adc7f8631cdfb6d48cabde8f13ec182e08fca6f232e1008af46a9d3b53b22d819deaa5cf6f97a8d50a58ef8efab2b188030b082c0084ba17ddfa97c2fcc41de17db855ba3e7431343c9ad296952ddba0b08d6ed111d5f389ed743e990d25f88f2e305de633716dee9303e188ec4fd69d31893f61d2d259af7418c31d9b6e9ea12b6cc0eb3ab4ab1b3be887c25f5a537a8c030f7b0b841cbfef61db5f34da24d3e4115d9e82fdcaa3e26df08a58682700180aec0de731382b0580c75abe9d0dec6b7610a6f4a5039cf2413f8acd013f15a0118a1640d94113167b77dc0a38d014fa637d057c3d283b68d6d2dbed065a2ca23e7a87469396f21651029aa79cfd98650189bff70ede2571ff7280195cfe32a932e955618d8dbfc904a989f7da4b81a05efdef30440a0f05153ea81fd0cf742ab5520a7220c3986bee179f5e06408173e166f35212b493966e6224c7e5d29030643c86b27808b2be56d439a3ab1a59424c95972fa25c6fa6e57bb6aa7a5892515a35a75e814db9c5caa93f67e49229ffe3b05f1f76c59ba63166b4df5c98c1036f8a284cbaa6b62976bbb0dd39352473406376fe3aa33b6ea6a7376f6704490331eb2a013131aa15d4d0fa6b637fa9bf84ae1ff322dbadfc94478d7f1895a2d0b0d7cee96169877cde72792f01ee551a8a1cec1e54c8656d245d0747c001f0cd439cd31d9b9697ec588b59242340743e6b9eb46a2090b13044dce9cc5ecacc3bf38c5e52f2fb5d834eb7de3436ca787d1d3b7f98860628df0d59d7611fe9d109a1bf67447e68c37534ffd13a05e8b87570a18a640f6fbd16716d4c0fc34c94c8a9b5fd12f7f961cadede6763539d805828d75966795c956e8cd5e815bbd92345f93ed888203d50ca3420cf78d80be67d0719a53ef7665812b54993f2197c9534f80fc0e3c98ea3863df45388ed3e16895919c8ac8deed340fc1d50eea8e9e5b1d221854ce1c480afad4fa46d57e6327951182eab7f2fc4bdf75dbd4a31f0a132fee680f25cd25fc6cfa1d2ec1dc9c10fa1ac0273847ca56004a0c1d3727c7a5829f518602b04b7c7488391e16c93f6122ad22fc0e84f88f5ecd2e3c15b23588f2a7985f5a25b9632079f9b86da3b36424c9a80f3668fedaeb2c974ef735c7a89f7238c48e9991ca446d954003134e44476b73ba46cb9d1aa4810ecd784229af6f007e81e0b01761e190c04e8fd5ba1a64259ad0bf11d7b614d6ee7b4618636b3418e38e6e439259a0806cdc2613d797233e87f1c922f426608ec40a0384c269bcf019bc5f29fc2362a5497aa329ae0769beb61d3986d1511f862cc496b8d6e7ac5efdc40b5309d2a1535b0fc08f23c3257794137a9516b661b63ea2eb5ea479cbf0876afe938f59f6736c591ec6bf094e34e0607b7e878812d84712f84decd2099c9f8cd1a3aa62c2bc57e0b18a6efcacb90e3531356736e7e7fe2f8f5b59737fd44e3610282556dc6e73e4730f4e2dd3d3a7ca8d140483a89851ea41c7d1bf72a1b83e25cee0ccc213bf876ddc876f496d331d1114f0641015e21241231f227d159d4c74af4962a25a13510180860f695b47218aebc41baeaf2d863a3c997a52290bc9ff74e90ba192b932e8ed9f343feb126beed1d0832e3df77ddbc32472b319b2cfd8555a48765da164698f0b1a73d59759b25bfa643a376546ae6c7639a2c990e59dd0a37f3e06fd61fe6ebe597422f46559d4aaf2a000d5b7cd52c3825712ff171650a2baf86eadcb22a9c674ea664377e06414baad8fb28df1e8190f8a4a421cf866b7eb685810d6e6dab58264a527676abed7ba2397ca416e4fe68b1ec40edd51793f620ae12ed4aef283ef8501be06280c7405ccb74317047e227d1c3ce2cc97b210717dc6c712c6ded8cbd933c8f086f025e116cf30f6af3482090e9bf436ce5d9164ed4934f9dc808541d0a011abd06c3fa830d1962904370878b701baa146444fe495a7689a2aeda1be44fa384132fd4fd53739e0b067af953ea777b0a0057f9b15f0c47efb902a086cde26d3f99a756fffc9852b19a7923f7b1bf25677", 0x61e}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xac}, [@ldst={0x3, 0x0, 0x3}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)

3.036615834s ago: executing program 4 (id=3375):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0/file1\x00', 0x40, 0x83)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x121542, 0x60)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000001c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
setitimer(0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b703000000000000a500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000030000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000100000085000000b500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
cachestat(r4, &(0x7f0000000140)={0xfffffffffffffffe, 0x7}, 0xfffffffffffffffd, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000180)=[@cr4={0x1, 0x40002}], 0x1)
ioctl$XFS_IOC_READLINK_BY_HANDLE(r0, 0xc038586c, &(0x7f00000002c0)={r4, &(0x7f0000000080)='-&{@)\'/\x00', 0x0, &(0x7f00000001c0)={@align=0x8, {0x400, 0x2, 0x0, 0x842f}}, 0x98, &(0x7f0000000240)={@_ha_fsid}, &(0x7f0000000280)=0x8})
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r5, 0xc01064ac, &(0x7f0000000240)={0x0, 0x0, 0x0})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000008000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)

2.784749683s ago: executing program 2 (id=3376):
landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
statfs(0x0, &(0x7f0000000200)=""/215)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r3, 0x29, 0x41, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
read$FUSE(r4, &(0x7f0000002c00)={0x2020}, 0x2020)
syz_emit_ethernet(0x4a, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaa8e219784"], 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)

2.002082094s ago: executing program 1 (id=3378):
r0 = socket(0xa, 0x5, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="211d00000000000007e6"], 0xf0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x1, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r1, 0x0, 0x3})
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)

1.672108754s ago: executing program 3 (id=3379):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18030000ffffffff0000000004100000851000000600000018000000000000000000000002000000650000000000000018000000000000000000040000000000950000000000000004030000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x10, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @sk_msg}, 0x94)
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
close_range(r1, 0xffffffffffffffff, 0x2)
open_by_handle_at(r1, &(0x7f0000001880)=@FILEID_UDF_WITHOUT_PARENT={0xc, 0x51, {0x1, 0x9, 0x1, 0x3ff}}, 0x417c02)
bind$unix(r0, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCGPTPEER(r3, 0x5441, 0xa)
bind$unix(r2, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
r4 = socket$unix(0x1, 0x3, 0x0)
bind$unix(r4, &(0x7f0000003000)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', <r7=>0x0})
sendmsg$can_raw(r6, &(0x7f00000005c0)={&(0x7f0000000500)={0x1d, r7}, 0x10, &(0x7f0000000580)={&(0x7f0000000540)=@can={{0x1, 0x0, 0x1, 0x1}, 0x7, 0x3, 0x0, 0x0, "b800e7c9c74ab560"}, 0x10}, 0x1, 0x0, 0x0, 0x4000000}, 0x20008045)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000180)={'ip6gre0\x00', {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x28}}})
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e746572009c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000700003806c000080080003400000000260000b80440001800c000100636f756e746572"], 0x130}, 0x1, 0x0, 0x0, 0x8000}, 0x8880)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

1.671067427s ago: executing program 2 (id=3380):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300), 0x106, 0x3}}, 0x2c)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x6, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x111, 0x6}}, 0x20)
r2 = socket$netlink(0x10, 0x3, 0x9)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0xffffffff, @empty, 0xa09b}, {0xa, 0x4e21, 0x8000009, @mcast1}, r1, 0x4040099d}}, 0x48)
r3 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000180)='.log\x00', 0xcc000, 0x14)
ioctl$VIDIOC_SUBDEV_S_SELECTION(r3, 0xc040563e, &(0x7f0000000200)={0x1, 0x0, 0x2, 0x2, {0x1000, 0x3, 0x3ff, 0x80000001}})
writev(r0, &(0x7f0000000040)=[{0x0}], 0x1)
close(0x3)
syz_usb_connect$midi(0x5, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x0, 0x2, 0x0, 0x20, 0x7fd, 0x1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x1, 0x60, 0x8, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x20, 0x8}}}}}]}}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "a75f5a8f5626508c", "9c53caffdc2575a0f73da400b63f9cfa", "2772fcbc", "3243c4cb8dc3c1ba"}, 0x28)

1.560433109s ago: executing program 1 (id=3381):
r0 = socket(0x1, 0x5, 0x0)
close(r0)
r1 = getpgid(0x0)
syz_pidfd_open(r1, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000500)={0xe000200c})

1.547934246s ago: executing program 4 (id=3382):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r1 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$revoke(0x3, r1)
keyctl$read(0xb, r1, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r2=>0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x10408, 0x8, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x5af, {0xfeffffffffffffff, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8000000000000, 0x0, 0x21, 0x7, 0x1, 0x8000, 0x0, r3, r4, 0x1000003, 0x7d1d}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file0\x00', 0x80101, 0x8c)
write$FUSE_NOTIFY_RETRIEVE(r5, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r6, 0x84, 0x6b, &(0x7f0000000280)=[@in6={0xa, 0x4e20, 0x8, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e20, 0x1, @remote, 0x6}, @in={0x2, 0x4e23, @rand_addr=0x64010101}], 0x58)

1.495477409s ago: executing program 3 (id=3383):
r0 = socket(0x1, 0x5, 0x0)
close(r0)
r1 = getpgid(0x0)
syz_pidfd_open(r1, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000500)={0xe000200c}) (fail_nth: 1)

1.402524937s ago: executing program 1 (id=3384):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000001700090025bd70000400df25060000000800010003"], 0x1c}, 0x1, 0x0, 0x0, 0x4000002}, 0x4000080)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x2)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)

1.336672349s ago: executing program 3 (id=3385):
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x7fd, @mcast2, 0x3}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f0000000100)=0x17, 0x4)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0)
r1 = socket(0xa, 0x5, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="211d00000000000007e6"], 0xf0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
sendto$inet6(r1, &(0x7f0000000040)="00d8", 0x20a00, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c)
r2 = socket$kcm(0x11, 0x7, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000080)={0x4})
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000000)={<r3=>0x0, 0xfccb, 0xffff, 0x4}, &(0x7f0000000080)=0x10)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={r3, 0x6be, 0x6}, 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
get_robust_list(0x0, &(0x7f0000000bc0)=0x0, &(0x7f0000000c00))
getrlimit(0xd, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
open(&(0x7f0000000400)='./bus\x00', 0x143342, 0x1c0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r4, 0x0, 0x3})
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)

1.240836059s ago: executing program 1 (id=3386):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000500000000000000000000008500000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f0000000080)='GPL\x00'}, 0x94)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xbecd6000)
futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000), 0x2}], 0x1, 0x0, 0x0, 0x0)
futex(&(0x7f0000000140), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_io_uring_setup(0x22f, &(0x7f0000019140)={0x0, 0x8ffd, 0x4000, 0x0, 0x100002cf}, &(0x7f0000000000), 0x0)
syz_io_uring_setup(0x23c, &(0x7f0000000080)={0x0, 0x7ffffffe, 0x10100}, 0x0, &(0x7f0000000200))
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x80010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRES16=r0], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2982, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x20000023896)
ioctl$TIOCSERGETLSR(r5, 0x5459, 0x0)

1.158013346s ago: executing program 3 (id=3387):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
ftruncate(r0, 0xc17a)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r3=>0x0})
socket$nl_rdma(0x10, 0x3, 0x14)
socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x2)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_int(r7, &(0x7f0000000980)='pids.max\x00', 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f00000000c0)=ANY=[@ANYBLOB='-', @ANYRESDEC=r7], 0x27)
r9 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/comedi4\x00', 0x80100, 0x0)
ioctl$COMEDI_INSNLIST(r9, 0x8010640b, &(0x7f0000000280)={0x1, &(0x7f00001b2e80)=[{0xe000003, 0x0, 0x0, 0x3, 0x101}]})
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="210f00000000fedbdf252000000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x0)

1.100061997s ago: executing program 5 (id=3388):
r0 = syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f00000002c0)={0x0, 0x1, 0x3, 0x0, 0x4, 0xfffffffe, 0x6ae4})
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
write(r1, &(0x7f0000000000)="a050b5", 0x3)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
r2 = eventfd(0x0)
select(0x40, &(0x7f0000000380)={0x1ff, 0x2, 0x4, 0x7ff, 0x9, 0x9, 0x5, 0x600000000000000}, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f00000001c0)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90})
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000001cc0)={0x1, 0x0, [{0x0, 0xffb, &(0x7f0000001d80)=""/4091}]})
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000340)=0x1)

824.321332ms ago: executing program 5 (id=3389):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff, 0x31a}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000404f1c590000000000000109022400010000e80b0904000001030002000921fd7f000122a70009058003fe1efe8f3b05b8b800f7ccfa4af4e3698afb9f413d24e53b"], 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect(r5, &(0x7f0000000000)=@in={0x2, 0x4e24, @multicast1}, 0x80)
syz_usb_control_io$hid(r4, 0x0, 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000200)={0x1, 0x2, 0x2}, 0x18, 0x3)
landlock_restrict_self(r6, 0x8)
socket$netlink(0x10, 0x3, 0x2)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000240)={'wg2\x00'})
syz_usb_control_io$hid(r4, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x595)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r0, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r1, 0x47f5, 0x0, 0x0, 0x0, 0x4000)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000002, 0x80010, r1, 0xf867f000)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000180)={'macvlan1\x00', &(0x7f0000000000)=@ethtool_rxfh_indir={0x38, 0x7, [0x8, 0x5679, 0x200, 0x2, 0x0, 0x6, 0x7fff]}})

538.692799ms ago: executing program 1 (id=3390):
syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000003c00)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0xa, 0x20, 0xf8, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x81}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x8, 0x7, 0xb5}, {0x6, 0x24, 0x1a, 0x4, 0x18}}, {{0x9, 0x5, 0x81, 0x3, 0x400, 0x1, 0x3, 0xd8}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x6, 0x9, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x2, 0x1, 0x9}}}}}}}]}}, &(0x7f0000004100)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000003d80)=@lang_id={0x4, 0x3, 0x3401}}, {0x68, &(0x7f0000003e00)=@string={0x68, 0x3, "8859110be70a40e6a8c913dbc23464f48892669a9bcb9047c8412d8e282559f554391d28293dd3152a5fa10d9b41a34d67908e820869d0eb08646bb8d3727908a5cafc9e7b2c7f7fa3a601f17dd027c848ed0ff90762da0ae49a43f5ec1cbfd86640d50433d9"}}]})

502.07249ms ago: executing program 4 (id=3391):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b80)={0x21c, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_NAT={0x110, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x88, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @loopback}}}]}, @CTA_EXPECT_NAT_TUPLE={0x0, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x0, 0x1, 0x0, 0x1, @ipv6={{0x0, 0x3, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x0, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0x0, 0x2, 0x0, 0x1, {0x0, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x0, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO, @CTA_TUPLE_ZONE={0x0, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0x0, 0x2, 0x0, 0x1, {0x0, 0x1, 0x84}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x64, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x12, 0x3, @dev={0xfe, 0x80, '\x00', 0x2a}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @rand_addr=0x64010102}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}, @CTA_EXPECT_NAT={0xf8, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x4}, @CTA_EXPECT_NAT_DIR, @CTA_EXPECT_NAT_TUPLE={0x60, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x58, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv6={{0x0, 0x3, @dev={0xfe, 0x80, '\x00', 0xe}}, {0x0, 0x4, @remote}}}]}]}]}, 0x21c}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x8800)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000100)={&(0x7f000000c300)={{0x14}, [@NFT_MSG_NEWSET={0x14, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000700)=[{}, {&(0x7f0000000180)="0912f7b179d91aebdd36958c70", 0xd}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="ac2032d95fa30d76efd223848bb74a174682c1816c8d1e10209d95f1eec34f520023d0bc0f1f41aeb00a7cc375ff368441dc0f389683b198b0e7080f791292aad935fde5a325365277753f77c88f30318189f27edfa0e6f438b6ff486eddbde81087c7ca13369b6d3d8972fdde9de5560297f8", 0x73}, {&(0x7f0000000400)="fcea50680173131d5d451188b94e1cd1e64f3bbca06484be2509a5dbeed2631c2e256baea8b797b7220fc9fdeb513a986078e79cb96c5e09195f4f22c7b1d7805d1c0ae706582ee358416f31046d602805aeee7bd33eada48a61d413467290820fe82baab19fbe2b8547f0433a8a7139b8ad84cc3e8cc66745f8c98cd80bc77f35d96710ead4cbd59ff847b4eb33fd8a88f296e1715c3b0dbd5af99ac7ffcc6b8ed551bef240aec47ec135d167e7079b09a3b33e0215a9", 0xb7}, {&(0x7f0000000500)}, {&(0x7f0000000640)="5e4db21c69bfe929de9a26285a77f9228a8c404887a8c83811c670b0d074cce6b8cc438e4cd9caf25a6f7385d6e21b869deecde1eeb35409a43d677778d16efed00b496b168caf8b5cdfffebd01b8ec910ec35c536b2c04c96f56d42a92d926b6fde9f70f744a2f6c911b3b15962a0d68246506c9d0094073d11608b6ba79e3ac495b36b2d85", 0x86}], 0x9, &(0x7f00000007c0)=[{0xf8, 0x114, 0xffff, "4fb5095e1e0e4b4ee1d53343541bd86221f0636fc07f534576a79efb779b2bf5ba90c5a1c231fe2b37259f35e161047e38fd9faf626b1793fa6d5457b3b605a81644851919f3c5676ddc21aec2bcf7e41dfef1aee53f5b0c3725352bf10fbda8c845f71b67c4550f291c95248b8d4af3caae2783325e86699b39fef4f5f90d8fd9d3cb36fd1cf8f77e2a51a159e771a6eccc8f53de82f43832bb9f7b0e992feff55373a1bc281eeb78dfc26d694aa43623ef447b5f5fb7ee066983fc847a1500c5140159f85ab4715d2e3ea6af5aebe7970f251a5cb0a86efdfc11316a033b6b4f7b77facff5bbd5"}, {0xc8, 0x117, 0xffff0000, "4c99e29437f4d64175c19c1d6926ce841cf3da2ef9fb61dc3922458b13e852520dacfba429d811f62697be049eb2e97ca359e9970cddfe89846d75057819c5831fd4f2372e6257d4c97559e97c6050cf7e77d80a71d1f3293d76237f2d2b442047c053e12cd8f6106a84d85294b1f8e686626b2076debd7799b55cdeab33558205901fd753a72a6c21687c8d40cfc4ffe94946510ddf387e946cf8328f0c3b7a4b293406cbaff0f3083d040b919a49ba4bd4525e72d8"}, {0x80, 0x6, 0x4, "034ee23293b07d5ff0976f9407114a06aac9d3af74e4d11c9f681a70b49608827cf83ec007697538fb0ab9f94919eddb287ec731dcb67489cdfc99efb2f8275943c72e4163105a6e45519c142ac788f5cc1b4c4ba77600ef89de7a07db6a7c22247c97536a692db1b41cb6dbcb"}, {0x10, 0x102, 0x8}, {0x48, 0x117, 0xffffffcb, "6a3a25da76bf30434677db446e625f45d347a55ab61bbaef87f058793cd7194526bc27183d68f61a4f4211ff43efba22c7e7"}], 0x298}, 0x80)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$sequencer(0xffffff9c, 0x0, 0x2000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
ioctl$KDSETMODE(r2, 0x4b3a, 0x1)
ioctl$TCXONC(r2, 0x4b3a, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0x5)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @pic={0x4, 0x6, 0x3, 0xaa, 0x7, 0x9, 0x9, 0xea, 0x9, 0x4, 0x7, 0x1, 0x5, 0x5, 0x6, 0x80}})
r6 = io_uring_setup(0x21bf, &(0x7f0000000080)={0x0, 0x6b86, 0x400, 0x1, 0x20000002})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

278.327799ms ago: executing program 2 (id=3392):
r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$int_in(r0, 0x5421, 0x0)

139.330557ms ago: executing program 2 (id=3393):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, &(0x7f0000000180)=0x1)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0xb, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'gre0\x00', <r2=>0x0})
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
writev(0xffffffffffffffff, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471", 0x36}], 0x1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="e80000003f00070100000000fddbdf25027c0000d100378013000300717472283414d6bba919736d34290000080008"], 0xe8}, 0x1, 0x0, 0x0, 0xc880}, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000140), 0xffffffffffffffff)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000880)={0x5c4, r5, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_DEBUG_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @ETHTOOL_A_DEBUG_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}]}, @ETHTOOL_A_DEBUG_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x234, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xf5, 0x4, "2c7e1b9ecc6e61bda6884dee26094d7d44c70dcf74f5c7d9ff89225e5ad40ca4a359a5a20ba72561e39b7bffceefbffad445b0791a0a55ce58c08f84925cb3d8a1982fdc2c404217a1bdc53f27d143e9a976656e8ef01c49d0f733c32eb26cc45cc09b352a80ec07757945919ad1bce3fb1634cc2e56e43a45fb0aed82ad0e34d909ae3ed719a8f19e2d684343ba60cea7c1585d5e953072fc2c52ca960ceda3b4f62821e2ff5e0674e68129d8144defd148b1fa2373cef7f2c6c5b7cf5214b3c3636796e42fca363eaadee8fda265558bdb98e8393cbb60beaa6945cc4a3fe1157d942e9219ff1fb76dbf239ca2ffb859"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x5}, @ETHTOOL_A_BITSET_BITS={0xe4, 0x3, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xb21}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7ff}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '/\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '+\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '#&\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x72}]}, {0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '-(^,:,*-\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '$\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '((^&\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x400}]}]}, @ETHTOOL_A_BITSET_MASK={0x2f, 0x5, "66fc0e9db1df6daf4cee371598df49d43e3f35a0702a77c846045d5052598963d0f48d296d828f42880a82"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7f}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x144, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0xfb, 0x5, "bc913de449741cbcedc6669b4f4c9f942c6049597670429d0a17b5cb198768674f7dd65eee414ced0d5b024f2f246653632d169111af4b1bdb982c0aa466866416ff83c68197f04d0341f9b6e3d6a07b9fe68f2a6bab5a9aea8e4ab3308b44a04b0792679f0b2c8e2223e4bbcb53766e9c37c20731dbb03f76f99ac8149e38d5c7bce7f38708ed0bce4f48a85fb23559c7511e325842b74dab243dcbf21530f1dfc3e4a74219549aac0fe517dc5e015aa3f40918a50de15e471ac142f87fc53e6a48128b32e07287af6ba6a4d5bc7cecd3f7983e0f08b4118bc0cbe01f4ec545d140814c1b45c51cada00138724eb53b49d46103f1e33b"}, @ETHTOOL_A_BITSET_BITS={0x3c, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x74d}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xb0}]}, @ETHTOOL_A_DEBUG_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x17c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x41, 0x5, "20c64872fccda14ab9532028900bed8dae089538ecdb89fc5e9c490b52634adb8de45203a93db4b1fcb79386df3971f44a8f996a75e9cd876a4e5368fb"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0xe5, 0x4, "d3e9e6e15c90ec2941be1ad566151c04bc86269ec31a9e773c2b8c54b985e186ab136ff5b3d1d9bb1ee4fc019f6cd2833b0a8ac9f7b55746596772f4c4be7bcea92d97323b8c34faabaa8b0f810fb8b1c656caeb809e5ae1ff4a5e12c5a9c6841612992b6b2c6cebefd5792a335f78b3936c4b9a27dccd9dd273bfd2053b86eccaf2524c1b359e6692271c6f66390c23f7959c6bbcacc133d4f3a37567ac6fb437d33ae4ccf204bced60a0d7e7f148f4b30e777698c6940ea4a62a5f717f9423e2aaa1236a8ac2d1634f84351f7b06f5a8b937349a9c177b67d1859d0a3ca454bd"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x3c, 0x5, "f0fe631b8dc96296acf1321b96229a595c2d02834a1e0aa31aa8e23673fe3056f1f7248b3692069a5bde3e71affa984bbd5f1e1121d3ada8"}]}]}, 0x5c4}, 0x1, 0x0, 0x0, 0x810}, 0x1)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r3, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
socket$nl_audit(0x10, 0x3, 0x9)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000"], 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)

138.500152ms ago: executing program 3 (id=3394):
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x7fd, @mcast2, 0x3}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f0000000100)=0x17, 0x4)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0)
r1 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="211d00000000000007e6"], 0xf0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r2, 0x0, 0x3})
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)

0s ago: executing program 3 (id=3395):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x6, r1, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x5})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x2, r1, 0x0, &(0x7f0000b1b000/0x3000)=nil, 0x3000, 0x100})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000140)={0xc, r1})
ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) (fail_nth: 1)

kernel console output (not intermixed with test programs):

03e syscall=308 compat=0 ip=0x7fe345d4da97 code=0x7ffc0000
[  773.577751][   T37] audit: type=1326 audit(1773844838.988:1543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14522 comm="syz.3.2805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fe345d0cfce code=0x7ffc0000
[  773.622447][ T5973] usb 2-1: Using ep0 maxpacket: 32
[  773.625620][ T5973] usb 2-1: unable to get BOS descriptor or descriptor too short
[  773.653149][ T5973] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 0.40
[  773.653178][ T5973] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  773.653197][ T5973] usb 2-1: Product: syz
[  773.653211][ T5973] usb 2-1: Manufacturer: syz
[  773.653226][ T5973] usb 2-1: SerialNumber: syz
[  773.924240][ T5973] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  774.103036][ T5973] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -2
[  774.142045][ T5973] usb 2-1: USB disconnect, device number 40
[  774.212664][T13633] udevd[13633]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  776.022354][ T5889] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  776.053261][ T5973] usb 2-1: new full-speed USB device number 41 using dummy_hcd
[  776.165044][ T5889] usb 5-1: Using ep0 maxpacket: 32
[  776.167199][ T5889] usb 5-1: unable to get BOS descriptor or descriptor too short
[  776.170683][ T5889] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 0.40
[  776.170710][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  776.170731][ T5889] usb 5-1: Product: syz
[  776.170744][ T5889] usb 5-1: Manufacturer: syz
[  776.170759][ T5889] usb 5-1: SerialNumber: syz
[  776.221643][ T5973] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 10
[  776.236835][ T5973] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  776.236864][ T5973] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  776.236884][ T5973] usb 2-1: Product: syz
[  776.236898][ T5973] usb 2-1: Manufacturer: syz
[  776.236913][ T5973] usb 2-1: SerialNumber: syz
[  776.278724][ T5973] usb 2-1: config 0 descriptor??
[  776.297961][ T5973] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  777.023329][ T5889] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  777.746808][ T1151] usb 2-1: Failed to submit usb control message: -71
[  777.746843][ T1151] usb 2-1: unable to send the bmi data to the device: -71
[  777.746860][ T1151] usb 2-1: unable to get target info from device
[  777.746873][ T1151] usb 2-1: could not get target info (-71)
[  777.748140][ T1151] usb 2-1: could not probe fw (-71)
[  777.748583][  T809] usb 2-1: USB disconnect, device number 41
[  777.813607][ T5889] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -2
[  777.819687][ T5889] usb 5-1: USB disconnect, device number 41
[  777.962940][T13633] udevd[13633]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  779.954785][T14639] tmpfs: Bad value for 'mpol'
[  780.327153][ T5973] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  780.479491][ T5973] usb 3-1: Using ep0 maxpacket: 32
[  780.483603][ T5973] usb 3-1: config 0 has an invalid interface number: 239 but max is 0
[  780.483632][ T5973] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  780.483654][ T5973] usb 3-1: config 0 has no interface number 0
[  780.483707][ T5973] usb 3-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  780.483732][ T5973] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  780.483757][ T5973] usb 3-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[  780.483782][ T5973] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[  780.483809][ T5973] usb 3-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[  780.483835][ T5973] usb 3-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xD5, changing to 0x85
[  780.483863][ T5973] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x85 has invalid maxpacket 4168, setting to 1024
[  780.483888][ T5973] usb 3-1: config 0 interface 239 altsetting 4 bulk endpoint 0x85 has invalid maxpacket 1024
[  780.483919][ T5973] usb 3-1: config 0 interface 239 has no altsetting 0
[  780.487503][ T5973] usb 3-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  780.487544][ T5973] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  780.487570][ T5973] usb 3-1: Product: syz
[  780.487587][ T5973] usb 3-1: Manufacturer: syz
[  780.487604][ T5973] usb 3-1: SerialNumber: syz
[  780.501729][ T5973] usb 3-1: config 0 descriptor??
[  780.502732][T14641] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  780.503048][T14641] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  780.503218][T14641] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  780.733533][ T5973] usb 3-1: USB disconnect, device number 58
[  780.890421][T14650] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2847'.
[  780.890452][T14650] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2847'.
[  780.891367][T14650] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2847'.
[  781.176946][ T5819] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  781.191371][ T5819] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  781.193455][ T5819] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  781.205328][ T5819] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  781.211133][ T5819] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  782.388286][T14668] overlayfs: missing 'lowerdir'
[  783.215533][ T5819] Bluetooth: hci1: command tx timeout
[  783.385693][T14682] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2858'.
[  783.386299][T14682] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2858'.
[  783.589353][ T5804] syz_tun (unregistering): left allmulticast mode
[  783.589382][ T5804] syz_tun (unregistering): left promiscuous mode
[  783.589485][ T5804] bridge0: port 3(syz_tun) entered disabled state
[  783.676563][T14696] netlink: 248 bytes leftover after parsing attributes in process `syz.5.2862'.
[  783.803534][  T809] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  783.967972][  T809] usb 5-1: Using ep0 maxpacket: 8
[  783.982350][  T809] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  783.982439][  T809] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.982461][  T809] usb 5-1: Product: syz
[  783.982475][  T809] usb 5-1: Manufacturer: syz
[  783.982490][  T809] usb 5-1: SerialNumber: syz
[  784.037604][  T809] usb 5-1: config 0 descriptor??
[  784.255307][  T809] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  784.450770][  T809] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  784.531614][T14717] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2869'.
[  784.532600][T14717] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2869'.
[  784.557492][ T5973] kernel read not supported for file /vcs (pid: 5973 comm: kworker/0:9)
[  784.947803][T14654] chnl_net:caif_netlink_parms(): no params data found
[  785.163049][T14654] bridge0: port 1(bridge_slave_0) entered blocking state
[  785.163307][T14654] bridge0: port 1(bridge_slave_0) entered disabled state
[  785.163606][T14654] bridge_slave_0: entered allmulticast mode
[  785.165246][T14654] bridge_slave_0: entered promiscuous mode
[  785.169990][T14654] bridge0: port 2(bridge_slave_1) entered blocking state
[  785.170127][T14654] bridge0: port 2(bridge_slave_1) entered disabled state
[  785.170310][T14654] bridge_slave_1: entered allmulticast mode
[  785.172889][T14654] bridge_slave_1: entered promiscuous mode
[  785.195106][ T5819] Bluetooth: hci1: command tx timeout
[  785.259329][T14654] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  785.274244][T14654] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  785.380451][T14654] team0: Port device team_slave_0 added
[  785.429971][T14654] team0: Port device team_slave_1 added
[  785.504143][T14654] batman_adv: batadv0: Adding interface: batadv_slave_0
[  785.504153][T14654] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  785.504167][T14654] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  785.578858][T14654] batman_adv: batadv0: Adding interface: batadv_slave_1
[  785.578875][T14654] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  785.578902][T14654] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  785.635047][   T86] bridge_slave_1: left allmulticast mode
[  785.635071][   T86] bridge_slave_1: left promiscuous mode
[  785.635273][   T86] bridge0: port 2(bridge_slave_1) entered disabled state
[  785.641903][ T1234] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  785.700368][   T86] bridge_slave_0: left allmulticast mode
[  785.700387][   T86] bridge_slave_0: left promiscuous mode
[  785.700539][   T86] bridge0: port 1(bridge_slave_0) entered disabled state
[  785.787675][ T1234] usb 4-1: Using ep0 maxpacket: 32
[  785.795816][ T1234] usb 4-1: unable to get BOS descriptor or descriptor too short
[  785.799967][ T1234] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 0.40
[  785.799994][ T1234] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  785.800013][ T1234] usb 4-1: Product: syz
[  785.800026][ T1234] usb 4-1: Manufacturer: syz
[  785.800040][ T1234] usb 4-1: SerialNumber: syz
[  786.097553][ T1234] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  786.176167][ T1234] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -2
[  786.200799][ T1234] usb 4-1: USB disconnect, device number 62
[  786.257749][T13633] udevd[13633]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  786.617429][ T1234] usb 5-1: USB disconnect, device number 42
[  786.710769][T14756] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2879'.
[  786.711656][T14756] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2879'.
[  787.015612][   T37] kauditd_printk_skb: 33 callbacks suppressed
[  787.015631][   T37] audit: type=1326 audit(1773844853.109:1577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14760 comm="syz.3.2881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  787.016049][   T37] audit: type=1326 audit(1773844853.109:1578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14760 comm="syz.3.2881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  787.016096][   T37] audit: type=1326 audit(1773844853.109:1579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14760 comm="syz.3.2881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  787.016369][   T37] audit: type=1326 audit(1773844853.109:1580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14760 comm="syz.3.2881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  787.017217][   T37] audit: type=1326 audit(1773844853.109:1581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14760 comm="syz.3.2881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  787.017437][   T37] audit: type=1326 audit(1773844853.109:1582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14760 comm="syz.3.2881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe345d0cfce code=0x7ffc0000
[  787.018145][   T37] audit: type=1326 audit(1773844853.109:1583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14760 comm="syz.3.2881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fe345d4da97 code=0x7ffc0000
[  787.018306][   T37] audit: type=1326 audit(1773844853.109:1584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14760 comm="syz.3.2881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  787.021741][   T37] audit: type=1326 audit(1773844853.109:1585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14760 comm="syz.3.2881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fe345d4da97 code=0x7ffc0000
[  787.021790][   T37] audit: type=1326 audit(1773844853.109:1586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14760 comm="syz.3.2881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fe345d0cfce code=0x7ffc0000
[  787.176094][ T5819] Bluetooth: hci1: command tx timeout
[  787.815645][   T86] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  787.929416][   T86] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  787.935778][T14786] fuse: Bad value for 'rootmode'
[  787.987103][   T86] bond0 (unregistering): Released all slaves
[  788.042197][  T809] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  788.186766][T14790] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2892'.
[  788.629854][  T809] usb 6-1: Using ep0 maxpacket: 8
[  788.788212][  T809] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  789.172285][T14654] hsr_slave_0: entered promiscuous mode
[  789.173836][T14654] hsr_slave_1: entered promiscuous mode
[  789.174750][T14654] debugfs: 'hsr0' already exists in 'hsr'
[  789.174773][T14654] Cannot create hsr debugfs directory
[  789.213729][ T5819] Bluetooth: hci1: command tx timeout
[  789.225790][  T809] usb 6-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  789.225819][  T809] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  789.225839][  T809] usb 6-1: Product: syz
[  789.225888][  T809] usb 6-1: Manufacturer: syz
[  789.225902][  T809] usb 6-1: SerialNumber: syz
[  789.240939][  T809] usb 6-1: config 0 descriptor??
[  789.262537][  T809] streamzap 6-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[  789.478190][T14801] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2894'.
[  789.539232][ T5809] usb 6-1: USB disconnect, device number 25
[  790.928791][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  790.928863][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  792.058677][T14835] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2902'.
[  792.189709][T14839] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2903'.
[  792.547998][   T86] hsr_slave_0: left promiscuous mode
[  792.613396][   T86] hsr_slave_1: left promiscuous mode
[  792.614800][   T86] batman_adv: batadv0: Removing interface: batadv_slave_0
[  792.653410][   T86] batman_adv: batadv0: Removing interface: batadv_slave_1
[  792.676990][T14849] ieee802154 phy0 wpan0: encryption failed: -22
[  792.890267][ T5819] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  793.385233][   T31] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  793.566267][   T31] usb 4-1: Using ep0 maxpacket: 8
[  793.575861][   T31] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  793.575890][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  793.575909][   T31] usb 4-1: Product: syz
[  793.575923][   T31] usb 4-1: Manufacturer: syz
[  793.575937][   T31] usb 4-1: SerialNumber: syz
[  793.588752][   T31] usb 4-1: config 0 descriptor??
[  793.689942][T14869] netlink: 236 bytes leftover after parsing attributes in process `syz.2.2912'.
[  793.790039][T14866] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2913'.
[  793.792850][   T31] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  794.776152][   T31] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  794.784059][T14881] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  795.026538][   T86] team0 (unregistering): Port device team_slave_1 removed
[  795.139051][ T5809] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  795.889668][   T86] team0 (unregistering): Port device team_slave_0 removed
[  795.952036][ T1151] Bluetooth: hci3: Frame reassembly failed (-84)
[  795.994610][   T31] usb 4-1: USB disconnect, device number 63
[  796.052207][ T5809] usb 6-1: Using ep0 maxpacket: 32
[  796.055805][ T5809] usb 6-1: config 0 has an invalid interface number: 239 but max is 0
[  796.055832][ T5809] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  796.055852][ T5809] usb 6-1: config 0 has no interface number 0
[  796.055896][ T5809] usb 6-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  796.055922][ T5809] usb 6-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  796.055948][ T5809] usb 6-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[  796.055985][ T5809] usb 6-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[  796.056009][ T5809] usb 6-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[  796.056032][ T5809] usb 6-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xD5, changing to 0x85
[  796.056056][ T5809] usb 6-1: config 0 interface 239 altsetting 4 endpoint 0x85 has invalid maxpacket 4168, setting to 1024
[  796.056082][ T5809] usb 6-1: config 0 interface 239 altsetting 4 bulk endpoint 0x85 has invalid maxpacket 1024
[  796.056105][ T5809] usb 6-1: config 0 interface 239 has no altsetting 0
[  796.060111][ T5809] usb 6-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  796.060139][ T5809] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  796.060159][ T5809] usb 6-1: Product: syz
[  796.060173][ T5809] usb 6-1: Manufacturer: syz
[  796.060187][ T5809] usb 6-1: SerialNumber: syz
[  796.320114][ T5809] usb 6-1: config 0 descriptor??
[  796.321089][T14883] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  796.321462][T14883] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  796.322384][T14883] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  797.691366][   T31] usb 6-1: USB disconnect, device number 26
[  797.843203][ T5819] Bluetooth: hci3: command 0x1003 tx timeout
[  797.858027][T11499] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  798.073285][T14907] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2923'.
[  799.944182][T14926] overlayfs: missing 'workdir'
[  800.040416][T14935] netlink: 248 bytes leftover after parsing attributes in process `syz.5.2925'.
[  800.214454][ T1234] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  800.357716][ T1234] usb 5-1: Using ep0 maxpacket: 8
[  800.362460][ T1234] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  800.362478][ T1234] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  800.362489][ T1234] usb 5-1: Product: syz
[  800.362497][ T1234] usb 5-1: Manufacturer: syz
[  800.362504][ T1234] usb 5-1: SerialNumber: syz
[  800.365513][ T1234] usb 5-1: config 0 descriptor??
[  800.611167][ T1234] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  801.185197][ T1234] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  801.215104][T14954] 8021q: adding VLAN 0 to HW filter on device bond0
[  801.513537][T14654] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  801.556385][T14654] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  801.651449][T14654] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  802.735600][T14654] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  803.707000][ T5809] usb 5-1: USB disconnect, device number 43
[  803.834791][T14654] 8021q: adding VLAN 0 to HW filter on device bond0
[  803.976530][T14654] 8021q: adding VLAN 0 to HW filter on device team0
[  804.055793][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state
[  804.058636][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state
[  804.165261][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state
[  804.191526][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  805.364233][T14654] 8021q: adding VLAN 0 to HW filter on device batadv0
[  805.769073][T14654] veth0_vlan: entered promiscuous mode
[  805.796223][T14654] veth1_vlan: entered promiscuous mode
[  805.981700][T14654] veth0_macvtap: entered promiscuous mode
[  805.994054][T14654] veth1_macvtap: entered promiscuous mode
[  806.085925][T14654] batman_adv: batadv0: Interface activated: batadv_slave_0
[  806.688484][    T9] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  806.736309][T14654] batman_adv: batadv0: Interface activated: batadv_slave_1
[  806.776665][ T1496] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  806.784822][ T1496] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  806.786971][ T1496] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  806.787830][ T1496] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  806.910599][    T9] usb 4-1: Using ep0 maxpacket: 8
[  806.916632][    T9] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  806.916659][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.916680][    T9] usb 4-1: Product: syz
[  806.916695][    T9] usb 4-1: Manufacturer: syz
[  806.916710][    T9] usb 4-1: SerialNumber: syz
[  806.978930][    T9] usb 4-1: config 0 descriptor??
[  807.214596][    T9] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  807.389724][T15069] ieee802154 phy0 wpan0: encryption failed: -22
[  807.451259][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  807.451660][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  807.558620][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  807.558641][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  807.784747][    T9] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  808.272161][ T6252] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  808.472874][ T6252] usb 5-1: Using ep0 maxpacket: 32
[  808.660871][T15108] ieee802154 phy0 wpan0: encryption failed: -22
[  809.157123][ T6252] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  809.157151][ T6252] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  809.157171][ T6252] usb 5-1: config 0 has no interface number 0
[  809.157204][ T6252] usb 5-1: config 0 interface 8 altsetting 248 endpoint 0xD has invalid wMaxPacketSize 0
[  809.157217][ T6252] usb 5-1: config 0 interface 8 altsetting 248 has 3 endpoint descriptors, different from the interface descriptor's value: 10
[  809.157231][ T6252] usb 5-1: config 0 interface 8 has no altsetting 0
[  809.214786][ T6252] usb 5-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb
[  809.214817][ T6252] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  809.214837][ T6252] usb 5-1: Product: syz
[  809.214852][ T6252] usb 5-1: Manufacturer: syz
[  809.214866][ T6252] usb 5-1: SerialNumber: syz
[  809.288760][ T6252] usb 5-1: config 0 descriptor??
[  809.339162][T14156] usb 4-1: USB disconnect, device number 64
[  809.533431][ T6252] ath6kl: Failed to submit usb control message: -71
[  809.533482][ T6252] ath6kl: unable to send the bmi data to the device: -71
[  809.533498][ T6252] ath6kl: Unable to send get target info: -71
[  809.534499][ T6252] ath6kl: Failed to init ath6kl core: -71
[  809.535960][ T6252] ath6kl_usb 5-1:0.8: probe with driver ath6kl_usb failed with error -71
[  809.606514][ T6252] usb 5-1: USB disconnect, device number 44
[  809.920630][T15126] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2966'.
[  810.000166][   T37] kauditd_printk_skb: 12 callbacks suppressed
[  810.000185][   T37] audit: type=1326 audit(1773844877.236:1599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.1.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  810.000229][   T37] audit: type=1326 audit(1773844877.236:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.1.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  810.003343][   T37] audit: type=1326 audit(1773844877.236:1601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.1.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  810.003389][   T37] audit: type=1326 audit(1773844877.236:1602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.1.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  810.003431][   T37] audit: type=1326 audit(1773844877.236:1603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.1.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  810.003470][   T37] audit: type=1326 audit(1773844877.236:1604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.1.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  810.003510][   T37] audit: type=1326 audit(1773844877.236:1605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.1.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  810.003549][   T37] audit: type=1326 audit(1773844877.236:1606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.1.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  810.003590][   T37] audit: type=1326 audit(1773844877.236:1607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.1.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fefdff9cfce code=0x7ffc0000
[  810.003629][   T37] audit: type=1326 audit(1773844877.236:1608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.1.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fefdffdda97 code=0x7ffc0000
[  810.734099][ T5819] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  810.754375][ T5819] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  810.766976][ T5819] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  810.768496][ T5819] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  810.770098][ T5819] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  810.901405][ T5889] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  811.167799][ T5889] usb 3-1: Using ep0 maxpacket: 8
[  812.168019][ T5889] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  812.168050][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  812.168070][ T5889] usb 3-1: Product: syz
[  812.168084][ T5889] usb 3-1: Manufacturer: syz
[  812.168099][ T5889] usb 3-1: SerialNumber: syz
[  812.174902][ T5889] usb 3-1: config 0 descriptor??
[  812.577973][ T5889] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  812.591615][T15153] chnl_net:caif_netlink_parms(): no params data found
[  812.800209][T11499] Bluetooth: hci3: command tx timeout
[  813.226609][T15178] overlayfs: missing 'workdir'
[  813.434937][    T9] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  813.598770][    T9] usb 2-1: Using ep0 maxpacket: 8
[  813.602514][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  813.606180][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  813.606205][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  813.640063][    T9] usb 2-1: New USB device found, idVendor=2466, idProduct=8010, bcdDevice= 0.40
[  813.640092][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  813.640112][    T9] usb 2-1: Product: syz
[  813.640126][    T9] usb 2-1: Manufacturer: syz
[  813.640149][    T9] usb 2-1: SerialNumber: syz
[  813.975559][ T5889] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  814.041764][T15153] bridge0: port 1(bridge_slave_0) entered blocking state
[  814.041979][T15153] bridge0: port 1(bridge_slave_0) entered disabled state
[  814.042149][T15153] bridge_slave_0: entered allmulticast mode
[  814.044234][T15153] bridge_slave_0: entered promiscuous mode
[  814.048377][T15153] bridge0: port 2(bridge_slave_1) entered blocking state
[  814.048575][T15153] bridge0: port 2(bridge_slave_1) entered disabled state
[  814.048745][T15153] bridge_slave_1: entered allmulticast mode
[  814.051096][T15153] bridge_slave_1: entered promiscuous mode
[  814.168507][T15166] netlink: 'syz.1.2979': attribute type 1 has an invalid length.
[  814.295408][T15153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  814.410767][T15153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  814.509247][    T9] usb 2-1: cannot find UAC_HEADER
[  814.584606][    T9] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  814.606758][    T9] usb 2-1: USB disconnect, device number 42
[  814.652454][T13633] udevd[13633]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  814.758969][T11499] Bluetooth: hci3: command tx timeout
[  814.807540][T15153] team0: Port device team_slave_0 added
[  814.812064][T15153] team0: Port device team_slave_1 added
[  815.003831][T15153] batman_adv: batadv0: Adding interface: batadv_slave_0
[  815.003849][T15153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  815.003876][T15153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  815.006182][T15153] batman_adv: batadv0: Adding interface: batadv_slave_1
[  815.006195][T15153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  815.085759][T15153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  815.349958][T14156] usb 3-1: USB disconnect, device number 59
[  815.543835][T15217] ieee802154 phy0 wpan0: encryption failed: -22
[  815.568739][T15153] hsr_slave_0: entered promiscuous mode
[  815.570988][T15153] hsr_slave_1: entered promiscuous mode
[  815.571847][T15153] debugfs: 'hsr0' already exists in 'hsr'
[  815.571871][T15153] Cannot create hsr debugfs directory
[  815.574145][   T37] kauditd_printk_skb: 16 callbacks suppressed
[  815.574160][   T37] audit: type=1326 audit(1773844883.084:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15212 comm="syz.2.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52858cc799 code=0x7ffc0000
[  815.574202][   T37] audit: type=1326 audit(1773844883.084:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15212 comm="syz.2.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f52858cc799 code=0x7ffc0000
[  815.574241][   T37] audit: type=1326 audit(1773844883.084:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15212 comm="syz.2.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52858cc799 code=0x7ffc0000
[  815.574278][   T37] audit: type=1326 audit(1773844883.084:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15212 comm="syz.2.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7f52858cc799 code=0x7ffc0000
[  815.574315][   T37] audit: type=1326 audit(1773844883.084:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15212 comm="syz.2.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52858cc799 code=0x7ffc0000
[  815.574352][   T37] audit: type=1326 audit(1773844883.084:1630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15212 comm="syz.2.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f528588cfce code=0x7ffc0000
[  815.574451][   T37] audit: type=1326 audit(1773844883.084:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15212 comm="syz.2.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f52858cda97 code=0x7ffc0000
[  815.574487][   T37] audit: type=1326 audit(1773844883.084:1632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15212 comm="syz.2.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f52858cc799 code=0x7ffc0000
[  815.574524][   T37] audit: type=1326 audit(1773844883.084:1633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15212 comm="syz.2.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f52858cda97 code=0x7ffc0000
[  815.574561][   T37] audit: type=1326 audit(1773844883.084:1634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15212 comm="syz.2.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f528588cfce code=0x7ffc0000
[  816.544817][ T1496] bridge_slave_1: left allmulticast mode
[  816.544846][ T1496] bridge_slave_1: left promiscuous mode
[  816.545097][ T1496] bridge0: port 2(bridge_slave_1) entered disabled state
[  816.629667][ T1496] bridge_slave_0: left allmulticast mode
[  816.629693][ T1496] bridge_slave_0: left promiscuous mode
[  816.629931][ T1496] bridge0: port 1(bridge_slave_0) entered disabled state
[  816.676296][T15249] ieee802154 phy0 wpan0: encryption failed: -22
[  816.740149][T11499] Bluetooth: hci3: command tx timeout
[  816.903641][T15261] ieee802154 phy0 wpan0: encryption failed: -22
[  818.397748][T15284] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  818.397785][T15284] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  818.398006][T15284] vhci_hcd vhci_hcd.0: Device attached
[  818.736235][T11499] Bluetooth: hci3: command tx timeout
[  818.736797][T15286] vhci_hcd: connection closed
[  818.839335][   T44] vhci_hcd vhci_hcd.3: stop threads
[  818.839504][   T44] vhci_hcd vhci_hcd.3: release socket
[  818.871040][T13543] usb 39-1: new low-speed USB device number 9 using vhci_hcd
[  818.875949][   T44] vhci_hcd vhci_hcd.3: disconnect device
[  819.302414][ T5973] kernel read not supported for file /vcs (pid: 5973 comm: kworker/0:9)
[  819.320058][T15298] ieee802154 phy0 wpan0: encryption failed: -22
[  820.138853][  T764] Bluetooth: hci0: Frame reassembly failed (-84)
[  820.797411][ T5809] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  820.879338][T15330] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4)
[  820.879471][T15330] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  820.880503][T15330] vhci_hcd vhci_hcd.0: Device attached
[  820.949802][ T5809] usb 3-1: Using ep0 maxpacket: 32
[  820.977157][ T5809] usb 3-1: config 0 has an invalid interface number: 239 but max is 0
[  820.977192][ T5809] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  820.977244][ T5809] usb 3-1: config 0 has no interface number 0
[  820.977424][ T5809] usb 3-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  820.977489][ T5809] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  820.977547][ T5809] usb 3-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[  820.977620][ T5809] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[  820.977684][ T5809] usb 3-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[  820.977752][ T5809] usb 3-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xD5, changing to 0x85
[  820.977789][ T5809] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x85 has invalid maxpacket 4168, setting to 1024
[  820.977874][ T5809] usb 3-1: config 0 interface 239 altsetting 4 bulk endpoint 0x85 has invalid maxpacket 1024
[  820.977898][ T5809] usb 3-1: config 0 interface 239 has no altsetting 0
[  820.991934][ T5809] usb 3-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  820.991975][ T5809] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  820.992036][ T5809] usb 3-1: Product: syz
[  820.992091][ T5809] usb 3-1: Manufacturer: syz
[  820.992151][ T5809] usb 3-1: SerialNumber: syz
[  821.004594][ T5973] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  821.149721][ T1234] usb 43-1: new low-speed USB device number 4 using vhci_hcd
[  821.243272][ T5809] usb 3-1: config 0 descriptor??
[  821.253444][T15321] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  821.266484][T15321] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  821.325234][T15321] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  821.381809][ T5973] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  821.381973][ T5973] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  821.382171][ T5973] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  821.561750][T15331] vhci_hcd: connection reset by peer
[  821.591844][  T764] vhci_hcd vhci_hcd.5: stop threads
[  821.592182][  T764] vhci_hcd vhci_hcd.5: release socket
[  821.592731][  T764] vhci_hcd vhci_hcd.5: disconnect device
[  821.623820][ T5973] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  821.921409][T11499] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  822.185573][T15337] tmpfs: Bad value for 'mpol'
[  822.195079][ T5973] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -2
[  822.215797][ T5973] usb 4-1: USB disconnect, device number 65
[  822.279785][T15341] ieee802154 phy0 wpan0: encryption failed: -22
[  822.361106][ T1496] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  822.439275][ T1496] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  822.475483][ T1496] bond0 (unregistering): Released all slaves
[  824.464634][T13543] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  825.101834][    T9] usb 3-1: USB disconnect, device number 60
[  825.256273][T15370] ieee802154 phy0 wpan0: encryption failed: -22
[  825.321716][  T823] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  825.464167][  T823] usb 6-1: Using ep0 maxpacket: 32
[  825.468622][  T823] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  825.468647][  T823] usb 6-1: config 0 has no interface number 0
[  825.498802][  T823] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  825.498831][  T823] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  825.498854][  T823] usb 6-1: Product: syz
[  825.498869][  T823] usb 6-1: Manufacturer: syz
[  825.498885][  T823] usb 6-1: SerialNumber: syz
[  825.547801][  T823] usb 6-1: config 0 descriptor??
[  825.778430][T14156] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  825.969409][  T823] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  825.969442][  T823] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  825.971334][T15389] netlink: 180 bytes leftover after parsing attributes in process `syz.2.3044'.
[  826.013321][T11499] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  826.026567][ T1234] vhci_hcd vhci_hcd.5: vhci_device speed not set
[  826.167307][T14156] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  826.167366][T14156] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  826.167389][T14156] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  828.031640][  T823] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000038: -61
[  828.032540][  T823] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -61
[  829.486881][T14156] usb 2-1: can't set config #27, error -71
[  829.489261][T14156] usb 2-1: USB disconnect, device number 43
[  829.656475][ T6252] usb 6-1: USB disconnect, device number 27
[  829.909859][T15416] ieee802154 phy0 wpan0: encryption failed: -22
[  830.077374][T11499] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  830.077437][T11499] CPU: 0 UID: 0 PID: 11499 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  830.077464][T11499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  830.077479][T11499] Workqueue: hci1 hci_rx_work
[  830.077514][T11499] Call Trace:
[  830.077523][T11499]  <TASK>
[  830.077533][T11499]  dump_stack_lvl+0xe8/0x150
[  830.077567][T11499]  sysfs_create_dir_ns+0x271/0x2a0
[  830.077591][T11499]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  830.077621][T11499]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  830.077649][T11499]  ? rt_spin_unlock+0x160/0x200
[  830.077677][T11499]  kobject_add_internal+0x631/0xd10
[  830.077708][T11499]  kobject_add+0x163/0x240
[  830.077736][T11499]  ? __pfx_kobject_add+0x10/0x10
[  830.077764][T11499]  ? get_device_parent+0x370/0x3a0
[  830.077794][T11499]  device_add+0x408/0xb80
[  830.077822][T11499]  hci_conn_add_sysfs+0xd5/0x210
[  830.077853][T11499]  le_conn_complete_evt+0xf1d/0x1430
[  830.077887][T11499]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  830.077910][T11499]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  830.077940][T11499]  ? lockdep_hardirqs_on+0x7a/0x110
[  830.077972][T11499]  ? skb_pull_data+0xfb/0x200
[  830.078003][T11499]  hci_le_conn_complete_evt+0x187/0x470
[  830.078032][T11499]  hci_event_packet+0x7af/0x12c0
[  830.078065][T11499]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  830.078097][T11499]  ? __pfx_hci_event_packet+0x10/0x10
[  830.078124][T11499]  ? rt_spin_unlock+0x14f/0x200
[  830.078158][T11499]  ? hci_send_to_monitor+0xe2/0x590
[  830.078185][T11499]  hci_rx_work+0x3ee/0x1030
[  830.078221][T11499]  ? process_scheduled_works+0xa8d/0x18c0
[  830.078252][T11499]  process_scheduled_works+0xb6e/0x18c0
[  830.078313][T11499]  ? __pfx_process_scheduled_works+0x10/0x10
[  830.078350][T11499]  ? assign_work+0x3d5/0x5e0
[  830.078383][T11499]  worker_thread+0xa53/0xfc0
[  830.078450][T11499]  kthread+0x388/0x470
[  830.078474][T11499]  ? __pfx_worker_thread+0x10/0x10
[  830.078501][T11499]  ? __pfx_kthread+0x10/0x10
[  830.078525][T11499]  ret_from_fork+0x51e/0xb90
[  830.078558][T11499]  ? __pfx_ret_from_fork+0x10/0x10
[  830.078586][T11499]  ? __switch_to+0xc7d/0x1450
[  830.078616][T11499]  ? __pfx_kthread+0x10/0x10
[  830.078639][T11499]  ret_from_fork_asm+0x1a/0x30
[  830.078677][T11499]  </TASK>
[  830.078715][T11499] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  830.078850][T11499] Bluetooth: hci1: failed to register connection device
[  832.575897][ T1496] hsr_slave_0: left promiscuous mode
[  832.846018][ T1496] hsr_slave_1: left promiscuous mode
[  832.914634][ T1496] batman_adv: batadv0: Removing interface: batadv_slave_0
[  833.136641][T15432] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  833.136670][T15432] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  833.136768][T15432] vhci_hcd vhci_hcd.0: Device attached
[  833.150015][ T1496] batman_adv: batadv0: Removing interface: batadv_slave_1
[  833.326743][T15433] vhci_hcd: connection closed
[  833.344877][T13650] vhci_hcd vhci_hcd.2: stop threads
[  833.344934][T13650] vhci_hcd vhci_hcd.2: release socket
[  833.345135][T13650] vhci_hcd vhci_hcd.2: disconnect device
[  833.392590][ T1234] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  833.608134][T15439] 9p: Bad value for 'wfdno'
[  833.619395][T15441] 9p: Bad value for 'rfdno'
[  833.707409][T15445] netlink: 'syz.1.3061': attribute type 25 has an invalid length.
[  833.707429][T15445] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3061'.
[  833.846067][T14156] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  834.121989][T14156] usb 4-1: Using ep0 maxpacket: 32
[  834.123819][T14156] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  834.123844][T14156] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  834.123863][T14156] usb 4-1: config 0 has no interface number 0
[  834.123913][T14156] usb 4-1: config 0 interface 8 altsetting 248 endpoint 0xD has invalid wMaxPacketSize 0
[  834.123926][T14156] usb 4-1: config 0 interface 8 altsetting 248 has 3 endpoint descriptors, different from the interface descriptor's value: 10
[  834.123949][T14156] usb 4-1: config 0 interface 8 has no altsetting 0
[  834.126480][T14156] usb 4-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb
[  834.126507][T14156] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  834.126527][T14156] usb 4-1: Product: syz
[  834.126538][T14156] usb 4-1: Manufacturer: syz
[  834.126546][T14156] usb 4-1: SerialNumber: syz
[  834.130377][T14156] usb 4-1: config 0 descriptor??
[  834.561437][T15453] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.3063'.
[  835.435330][T14156] ath6kl: Failed to submit usb control message: -71
[  835.435379][T14156] ath6kl: unable to send the bmi data to the device: -71
[  835.435395][T14156] ath6kl: Unable to send get target info: -71
[  835.444670][T14156] ath6kl: Failed to init ath6kl core: -71
[  835.446054][T14156] ath6kl_usb 4-1:0.8: probe with driver ath6kl_usb failed with error -71
[  835.475108][T14156] usb 4-1: USB disconnect, device number 66
[  835.516551][T15456] ieee802154 phy0 wpan0: encryption failed: -22
[  835.694320][ T1496] team0 (unregistering): Port device team_slave_1 removed
[  835.735841][ T1496] team0 (unregistering): Port device team_slave_0 removed
[  836.012593][T15445] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  836.246253][T15474] 9p: Bad value for 'rfdno'
[  836.700383][T15153] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  837.045091][T15486] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  837.045118][T15486] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  837.045226][T15486] vhci_hcd vhci_hcd.0: Device attached
[  837.199260][T15153] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  837.219015][T15488] vhci_hcd: connection closed
[  837.221422][   T70] vhci_hcd vhci_hcd.3: stop threads
[  837.221438][   T70] vhci_hcd vhci_hcd.3: release socket
[  837.221620][   T70] vhci_hcd vhci_hcd.3: disconnect device
[  837.257040][ T1234] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  837.264211][   T37] kauditd_printk_skb: 38 callbacks suppressed
[  837.264227][   T37] audit: type=1326 audit(1773844905.846:1673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15490 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52858cc799 code=0x7ffc0000
[  837.264277][   T37] audit: type=1326 audit(1773844905.857:1674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15490 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f52858cc799 code=0x7ffc0000
[  837.264316][   T37] audit: type=1326 audit(1773844905.857:1675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15490 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52858cc799 code=0x7ffc0000
[  837.264363][   T37] audit: type=1326 audit(1773844905.857:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15490 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f528588cfce code=0x7ffc0000
[  837.409361][   T37] audit: type=1326 audit(1773844905.857:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15490 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f52858cda97 code=0x7ffc0000
[  837.409408][   T37] audit: type=1326 audit(1773844906.014:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15490 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f52858cc799 code=0x7ffc0000
[  837.409449][   T37] audit: type=1326 audit(1773844906.014:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15490 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f52858cda97 code=0x7ffc0000
[  837.409497][   T37] audit: type=1326 audit(1773844906.014:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15490 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f528588cfce code=0x7ffc0000
[  837.409538][   T37] audit: type=1326 audit(1773844906.014:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15490 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52858cc799 code=0x7ffc0000
[  837.409576][   T37] audit: type=1326 audit(1773844906.014:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15490 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52858cc799 code=0x7ffc0000
[  837.574819][T15505] netlink: 'syz.1.3078': attribute type 25 has an invalid length.
[  837.574841][T15505] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3078'.
[  837.589355][T15153] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  837.659746][T15505] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  837.734691][T15153] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  838.236043][T15153] 8021q: adding VLAN 0 to HW filter on device bond0
[  838.255508][T15153] 8021q: adding VLAN 0 to HW filter on device team0
[  838.262907][ T1471] bridge0: port 1(bridge_slave_0) entered blocking state
[  838.263097][ T1471] bridge0: port 1(bridge_slave_0) entered forwarding state
[  838.273760][ T1231] bridge0: port 2(bridge_slave_1) entered blocking state
[  838.273953][ T1231] bridge0: port 2(bridge_slave_1) entered forwarding state
[  839.536875][T15153] 8021q: adding VLAN 0 to HW filter on device batadv0
[  839.753929][T15560] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  839.758690][T15560] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  839.758824][T15560] vhci_hcd vhci_hcd.0: Device attached
[  840.046410][T12999] usb 39-1: new low-speed USB device number 11 using vhci_hcd
[  840.322816][T15562] vhci_hcd: connection reset by peer
[  840.354464][   T86] vhci_hcd vhci_hcd.3: stop threads
[  840.354491][   T86] vhci_hcd vhci_hcd.3: release socket
[  840.354569][   T86] vhci_hcd vhci_hcd.3: disconnect device
[  840.467249][T15581] fuse: Bad value for 'fd'
[  840.581134][T15587] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  840.581187][T15587] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  840.748631][T15153] veth0_vlan: entered promiscuous mode
[  840.769304][T15153] veth1_vlan: entered promiscuous mode
[  840.864838][T15153] veth0_macvtap: entered promiscuous mode
[  840.888561][T15153] veth1_macvtap: entered promiscuous mode
[  840.939982][T15153] batman_adv: batadv0: Interface activated: batadv_slave_0
[  841.007373][T15153] batman_adv: batadv0: Interface activated: batadv_slave_1
[  841.048366][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  841.049313][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  841.049354][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  841.049389][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  841.131387][T15608] ieee802154 phy0 wpan0: encryption failed: -22
[  841.455642][ T1471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  841.455660][ T1471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  841.642798][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  841.642819][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  841.725371][T15624] FAULT_INJECTION: forcing a failure.
[  841.725371][T15624] name failslab, interval 1, probability 0, space 0, times 0
[  841.725403][T15624] CPU: 0 UID: 0 PID: 15624 Comm: syz.5.3103 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  841.725428][T15624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  841.725439][T15624] Call Trace:
[  841.725447][T15624]  <TASK>
[  841.725455][T15624]  dump_stack_lvl+0xe8/0x150
[  841.725487][T15624]  should_fail_ex+0x46b/0x600
[  841.725519][T15624]  should_failslab+0xa8/0x100
[  841.725541][T15624]  __kvmalloc_node_noprof+0x170/0x8e0
[  841.725572][T15624]  ? seq_read_iter+0x203/0xe20
[  841.725591][T15624]  ? mutex_lock_nested+0x152/0x1d0
[  841.725613][T15624]  ? seq_read_iter+0xb8/0xe20
[  841.725636][T15624]  seq_read_iter+0x203/0xe20
[  841.725657][T15624]  ? kstrtoull+0x12f/0x1d0
[  841.725683][T15624]  ? __asan_memset+0x22/0x50
[  841.725714][T15624]  seq_read+0x36a/0x490
[  841.725741][T15624]  ? __pfx_seq_read+0x10/0x10
[  841.725768][T15624]  ? rw_verify_area+0x2ac/0x4e0
[  841.725792][T15624]  ? __pfx_seq_read+0x10/0x10
[  841.725813][T15624]  vfs_read+0x212/0xa80
[  841.725846][T15624]  ? __pfx_vfs_read+0x10/0x10
[  841.725872][T15624]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  841.725899][T15624]  ? lockdep_hardirqs_on+0x7a/0x110
[  841.725925][T15624]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  841.725951][T15624]  ? mutex_lock_nested+0x152/0x1d0
[  841.725971][T15624]  ? fdget_pos+0x252/0x320
[  841.726002][T15624]  ksys_read+0x156/0x270
[  841.726031][T15624]  ? __pfx_ksys_read+0x10/0x10
[  841.726067][T15624]  do_syscall_64+0x14d/0xf80
[  841.726092][T15624]  ? trace_irq_disable+0x3b/0x150
[  841.726112][T15624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  841.726132][T15624]  ? clear_bhb_loop+0x40/0x90
[  841.726155][T15624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  841.726174][T15624] RIP: 0033:0x7f378ee2c799
[  841.726192][T15624] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  841.726209][T15624] RSP: 002b:00007f378d07e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  841.726230][T15624] RAX: ffffffffffffffda RBX: 00007f378f0a5fa0 RCX: 00007f378ee2c799
[  841.726245][T15624] RDX: 0000000000002020 RSI: 0000200000001180 RDI: 0000000000000004
[  841.726258][T15624] RBP: 00007f378d07e090 R08: 0000000000000000 R09: 0000000000000000
[  841.726270][T15624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  841.726282][T15624] R13: 00007f378f0a6038 R14: 00007f378f0a5fa0 R15: 00007ffc701b6b08
[  841.726314][T15624]  </TASK>
[  843.104537][T15630] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  843.104565][T15630] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  843.107362][T15630] vhci_hcd vhci_hcd.0: Device attached
[  843.313681][T15637] vhci_hcd: connection closed
[  843.324618][ T1471] vhci_hcd vhci_hcd.1: stop threads
[  843.324644][ T1471] vhci_hcd vhci_hcd.1: release socket
[  843.324712][ T1471] vhci_hcd vhci_hcd.1: disconnect device
[  843.390003][ T6244] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  843.566713][ T6252] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  843.716393][ T6252] usb 6-1: Using ep0 maxpacket: 8
[  843.718869][ T6252] usb 6-1: unable to get BOS descriptor or descriptor too short
[  843.720057][ T6252] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  843.722753][ T6252] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  843.722780][ T6252] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  843.722799][ T6252] usb 6-1: Product: syz
[  843.722812][ T6252] usb 6-1: SerialNumber: syz
[  843.969325][ T6252] cdc_ncm 6-1:1.0: bind() failure
[  843.991000][ T6252] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  843.991055][ T6252] cdc_ncm 6-1:1.1: bind() failure
[  844.023959][ T6252] usb 6-1: USB disconnect, device number 28
[  844.109895][T11499] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  844.127775][T11499] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  844.134552][T11499] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  844.151041][T11499] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  844.152323][T11499] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  844.964649][T14156] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  845.491516][T12999] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  845.758229][T14156] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  845.758282][T14156] usb 5-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  845.758323][T14156] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  845.758346][T14156] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  845.811720][T14156] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  845.934252][T14156] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -2
[  846.192649][ T5819] Bluetooth: hci0: command tx timeout
[  846.391671][    T9] usb 5-1: USB disconnect, device number 45
[  846.561612][   T37] kauditd_printk_skb: 91 callbacks suppressed
[  846.561629][   T37] audit: type=1326 audit(1773844915.610:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15677 comm="syz.3.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  846.561667][   T37] audit: type=1326 audit(1773844915.621:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15677 comm="syz.3.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  846.562305][   T37] audit: type=1326 audit(1773844915.621:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15677 comm="syz.3.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  846.562350][   T37] audit: type=1326 audit(1773844915.621:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15677 comm="syz.3.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  846.564103][   T37] audit: type=1326 audit(1773844915.621:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15677 comm="syz.3.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  846.564560][   T37] audit: type=1326 audit(1773844915.621:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15677 comm="syz.3.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  846.570088][   T37] audit: type=1326 audit(1773844915.621:1780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15677 comm="syz.3.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  846.570135][   T37] audit: type=1326 audit(1773844915.621:1781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15677 comm="syz.3.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe345d0cfce code=0x7ffc0000
[  846.570174][   T37] audit: type=1326 audit(1773844915.621:1782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15677 comm="syz.3.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fe345d4da97 code=0x7ffc0000
[  846.570213][   T37] audit: type=1326 audit(1773844915.621:1783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15677 comm="syz.3.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe345d4c799 code=0x7ffc0000
[  847.135437][T15683] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  847.135466][T15683] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  847.139619][T15683] vhci_hcd vhci_hcd.0: Device attached
[  847.503349][T15684] vhci_hcd: connection closed
[  847.508616][  T764] vhci_hcd vhci_hcd.1: stop threads
[  847.508643][  T764] vhci_hcd vhci_hcd.1: release socket
[  847.508717][  T764] vhci_hcd vhci_hcd.1: disconnect device
[  847.542437][    T9] usb 35-1: new low-speed USB device number 11 using vhci_hcd
[  847.542502][    T9] usb 35-1: enqueue for inactive port 0
[  848.354226][    T9] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  848.386563][T11499] Bluetooth: hci0: command tx timeout
[  848.681036][T15650] chnl_net:caif_netlink_parms(): no params data found
[  849.123868][  T823] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  849.290695][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  849.290765][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  849.313736][  T823] usb 2-1: Using ep0 maxpacket: 8
[  849.324808][  T823] usb 2-1: unable to get BOS descriptor or descriptor too short
[  849.330845][  T823] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  849.489212][T15710] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.3126'.
[  849.821701][ T5819] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  850.197970][  T823] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  850.198002][  T823] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  850.198032][  T823] usb 2-1: Product: syz
[  850.198047][  T823] usb 2-1: Manufacturer: 妈଑૧즨㓂銈驦쮛䞐䇈踭┨㥔⠝㴩ᗓ弪ඡ䆛䶣遧芎
[  850.198064][  T823] usb 2-1: SerialNumber: syz
[  850.397176][ T5120] Bluetooth: hci0: command tx timeout
[  850.481263][  T823] cdc_ncm 2-1:1.0: bind() failure
[  850.500583][  T823] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  850.500609][  T823] cdc_ncm 2-1:1.1: bind() failure
[  850.574353][  T823] usb 2-1: USB disconnect, device number 44
[  850.726238][T15650] bridge0: port 1(bridge_slave_0) entered blocking state
[  850.739027][T15650] bridge0: port 1(bridge_slave_0) entered disabled state
[  850.739289][T15650] bridge_slave_0: entered allmulticast mode
[  850.758341][T15650] bridge_slave_0: entered promiscuous mode
[  850.770463][T15650] bridge0: port 2(bridge_slave_1) entered blocking state
[  850.770622][T15650] bridge0: port 2(bridge_slave_1) entered disabled state
[  850.770757][T15650] bridge_slave_1: entered allmulticast mode
[  851.280457][T15650] bridge_slave_1: entered promiscuous mode
[  851.510280][T15650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  851.586621][T15650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  851.678474][   T37] kauditd_printk_skb: 17 callbacks suppressed
[  851.678493][   T37] audit: type=1326 audit(1773844920.996:1801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15729 comm="syz.1.3133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  851.678840][   T37] audit: type=1326 audit(1773844920.996:1802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15729 comm="syz.1.3133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  851.679086][   T37] audit: type=1326 audit(1773844920.996:1803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15729 comm="syz.1.3133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  851.679415][   T37] audit: type=1326 audit(1773844920.996:1804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15729 comm="syz.1.3133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  851.679682][   T37] audit: type=1326 audit(1773844920.996:1805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15729 comm="syz.1.3133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  851.679998][   T37] audit: type=1326 audit(1773844920.996:1806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15729 comm="syz.1.3133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fefdff9cfce code=0x7ffc0000
[  851.680834][   T37] audit: type=1326 audit(1773844920.996:1807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15729 comm="syz.1.3133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fefdffdda97 code=0x7ffc0000
[  851.681132][   T37] audit: type=1326 audit(1773844920.996:1808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15729 comm="syz.1.3133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fefdffdc799 code=0x7ffc0000
[  851.681579][   T37] audit: type=1326 audit(1773844920.996:1809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15729 comm="syz.1.3133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fefdffdda97 code=0x7ffc0000
[  851.681849][   T37] audit: type=1326 audit(1773844920.996:1810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15729 comm="syz.1.3133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fefdff9cfce code=0x7ffc0000
[  852.109538][T15736] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3135'.
[  852.188006][T15650] team0: Port device team_slave_0 added
[  852.191970][T15736] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  852.330575][T15736] batman_adv: batadv0: Removing interface: batadv_slave_1
[  852.338162][ T5120] Bluetooth: hci0: command tx timeout
[  852.478735][T15738] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  852.478764][T15738] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  852.493997][T15738] vhci_hcd vhci_hcd.0: Device attached
[  852.681826][T15650] team0: Port device team_slave_1 added
[  852.682915][ T1496] vlan2: left allmulticast mode
[  852.682927][ T1496] bond0: left allmulticast mode
[  852.682935][ T1496] bond_slave_0: left allmulticast mode
[  852.682947][ T1496] bond_slave_1: left allmulticast mode
[  852.698913][ T1496] vlan2: left promiscuous mode
[  852.699719][ T1496] bond0: left promiscuous mode
[  852.699771][ T1496] bond_slave_0: left promiscuous mode
[  852.702249][ T1496] bond_slave_1: left promiscuous mode
[  852.704987][ T1234] usb 35-1: new low-speed USB device number 12 using vhci_hcd
[  852.705792][ T1496] bridge0: port 3(vlan2) entered disabled state
[  852.797054][T15739] vhci_hcd: connection reset by peer
[  852.797444][   T86] vhci_hcd vhci_hcd.1: stop threads
[  852.797470][   T86] vhci_hcd vhci_hcd.1: release socket
[  852.797670][   T86] vhci_hcd vhci_hcd.1: disconnect device
[  852.824933][ T1496] bridge_slave_1: left allmulticast mode
[  852.824949][ T1496] bridge_slave_1: left promiscuous mode
[  852.825109][ T1496] bridge0: port 2(bridge_slave_1) entered disabled state
[  852.917771][ T1496] bridge_slave_0: left allmulticast mode
[  852.917788][ T1496] bridge_slave_0: left promiscuous mode
[  852.917958][ T1496] bridge0: port 1(bridge_slave_0) entered disabled state
[  852.951552][T15743] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3136'.
[  853.028713][T15750] netlink: 'syz.4.3138': attribute type 25 has an invalid length.
[  853.028726][T15750] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3138'.
[  853.495496][ T6252] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  853.640027][ T6252] usb 6-1: Using ep0 maxpacket: 8
[  853.642067][ T6252] usb 6-1: unable to get BOS descriptor or descriptor too short
[  853.643254][ T6252] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  853.645498][ T6252] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  853.645525][ T6252] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  853.645546][ T6252] usb 6-1: Product: syz
[  853.645560][ T6252] usb 6-1: Manufacturer: 妈଑૧즨㓂銈驦쮛䞐䇈踭┨㥔⠝㴩ᗓ弪ඡ䆛䶣遧芎
[  853.645580][ T6252] usb 6-1: SerialNumber: syz
[  854.052990][ T6252] cdc_ncm 6-1:1.0: bind() failure
[  854.077251][ T6252] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  854.077301][ T6252] cdc_ncm 6-1:1.1: bind() failure
[  854.195988][ T6252] usb 6-1: USB disconnect, device number 29
[  855.054250][T15771] ieee802154 phy0 wpan0: encryption failed: -22
[  855.126239][ T1496] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  855.162873][ T1496] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  855.182316][ T1496] bond0 (unregistering): Released all slaves
[  855.405509][T15750] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  855.763261][T15650] batman_adv: batadv0: Adding interface: batadv_slave_0
[  855.763279][T15650] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  855.763306][T15650] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  855.826276][T15650] batman_adv: batadv0: Adding interface: batadv_slave_1
[  855.826294][T15650] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  855.826322][T15650] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  855.858990][T15781] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  855.859017][T15781] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  855.859112][T15781] vhci_hcd vhci_hcd.0: Device attached
[  856.027885][T15650] hsr_slave_0: entered promiscuous mode
[  856.034915][T15650] hsr_slave_1: entered promiscuous mode
[  856.185430][T15782] vhci_hcd: connection closed
[  856.185966][ T1151] vhci_hcd vhci_hcd.1: stop threads
[  856.185991][ T1151] vhci_hcd vhci_hcd.1: release socket
[  856.186066][ T1151] vhci_hcd vhci_hcd.1: disconnect device
[  856.500816][T15794] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3152'.
[  856.757846][    T9] usb 4-1: new full-speed USB device number 67 using dummy_hcd
[  856.933472][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 10
[  856.936066][    T9] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  856.936095][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  856.936116][    T9] usb 4-1: Product: syz
[  856.936131][    T9] usb 4-1: Manufacturer: syz
[  856.936145][    T9] usb 4-1: SerialNumber: syz
[  856.966029][    T9] usb 4-1: config 0 descriptor??
[  857.050705][    T9] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  857.263934][   T70] usb 4-1: Failed to submit usb control message: -71
[  857.263969][   T70] usb 4-1: unable to send the bmi data to the device: -71
[  857.263987][   T70] usb 4-1: unable to get target info from device
[  857.264000][   T70] usb 4-1: could not get target info (-71)
[  857.264090][   T70] usb 4-1: could not probe fw (-71)
[  857.265059][    T9] usb 4-1: USB disconnect, device number 67
[  857.385544][T15819] netlink: 180 bytes leftover after parsing attributes in process `syz.1.3159'.
[  857.743113][ T5120] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  857.743179][ T5120] CPU: 1 UID: 0 PID: 5120 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  857.743204][ T5120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  857.743219][ T5120] Workqueue: hci1 hci_rx_work
[  857.743254][ T5120] Call Trace:
[  857.743263][ T5120]  <TASK>
[  857.743272][ T5120]  dump_stack_lvl+0xe8/0x150
[  857.743305][ T5120]  sysfs_create_dir_ns+0x271/0x2a0
[  857.743327][ T5120]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  857.743353][ T5120]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  857.743379][ T5120]  ? rt_spin_unlock+0x160/0x200
[  857.743403][ T5120]  kobject_add_internal+0x631/0xd10
[  857.743433][ T5120]  kobject_add+0x163/0x240
[  857.743458][ T5120]  ? __pfx_kobject_add+0x10/0x10
[  857.743484][ T5120]  ? get_device_parent+0x370/0x3a0
[  857.743510][ T5120]  device_add+0x408/0xb80
[  857.743534][ T5120]  hci_conn_add_sysfs+0xd5/0x210
[  857.743563][ T5120]  le_conn_complete_evt+0xf1d/0x1430
[  857.743594][ T5120]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  857.743622][ T5120]  ? skb_pull_data+0xfb/0x200
[  857.743650][ T5120]  hci_le_conn_complete_evt+0x187/0x470
[  857.743676][ T5120]  hci_event_packet+0x7af/0x12c0
[  857.743706][ T5120]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  857.743737][ T5120]  ? __pfx_hci_event_packet+0x10/0x10
[  857.743762][ T5120]  ? rt_spin_unlock+0x14f/0x200
[  857.743795][ T5120]  ? hci_send_to_monitor+0xe2/0x590
[  857.743821][ T5120]  hci_rx_work+0x3ee/0x1030
[  857.743857][ T5120]  ? process_scheduled_works+0xa8d/0x18c0
[  857.743899][ T5120]  process_scheduled_works+0xb6e/0x18c0
[  857.743957][ T5120]  ? __pfx_process_scheduled_works+0x10/0x10
[  857.743991][ T5120]  ? assign_work+0x3d5/0x5e0
[  857.744023][ T5120]  worker_thread+0xa53/0xfc0
[  857.744076][ T5120]  kthread+0x388/0x470
[  857.744097][ T5120]  ? __pfx_worker_thread+0x10/0x10
[  857.744124][ T5120]  ? __pfx_kthread+0x10/0x10
[  857.744146][ T5120]  ret_from_fork+0x51e/0xb90
[  857.744178][ T5120]  ? __pfx_ret_from_fork+0x10/0x10
[  857.744203][ T5120]  ? __switch_to+0xc7d/0x1450
[  857.744232][ T5120]  ? __pfx_kthread+0x10/0x10
[  857.744255][ T5120]  ret_from_fork_asm+0x1a/0x30
[  857.744292][ T5120]  </TASK>
[  857.747573][ T5120] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  857.751122][ T5120] Bluetooth: hci1: failed to register connection device
[  857.850660][T15819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3159'.
[  857.850678][T15819] nbd: must specify at least one socket
[  857.924539][ T1234] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  858.455555][T15831] ieee802154 phy0 wpan0: encryption failed: -22
[  858.652930][T15836] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3163'.
[  858.695840][ T1496] hsr_slave_0: left promiscuous mode
[  858.736924][ T1496] hsr_slave_1: left promiscuous mode
[  858.737949][ T1496] batman_adv: batadv0: Removing interface: batadv_slave_0
[  858.783718][ T1496] batman_adv: batadv0: Removing interface: batadv_slave_1
[  858.984916][T15842] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  858.984935][T15842] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  858.993224][T15842] vhci_hcd vhci_hcd.0: Device attached
[  859.238711][    T9] usb 41-1: new low-speed USB device number 11 using vhci_hcd
[  859.345762][T15853] FAULT_INJECTION: forcing a failure.
[  859.345762][T15853] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  859.345804][T15853] CPU: 0 UID: 0 PID: 15853 Comm: syz.5.3169 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  859.345827][T15853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  859.345839][T15853] Call Trace:
[  859.345847][T15853]  <TASK>
[  859.345856][T15853]  dump_stack_lvl+0xe8/0x150
[  859.345889][T15853]  should_fail_ex+0x46b/0x600
[  859.345919][T15853]  _copy_to_user+0x31/0xb0
[  859.345947][T15853]  simple_read_from_buffer+0xe1/0x170
[  859.345976][T15853]  proc_fail_nth_read+0x1be/0x230
[  859.346003][T15853]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  859.346029][T15853]  ? rw_verify_area+0x2ac/0x4e0
[  859.346054][T15853]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  859.346078][T15853]  vfs_read+0x212/0xa80
[  859.346111][T15853]  ? __pfx_vfs_read+0x10/0x10
[  859.346140][T15853]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  859.346169][T15853]  ? lockdep_hardirqs_on+0x7a/0x110
[  859.346194][T15853]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  859.346221][T15853]  ? mutex_lock_nested+0x152/0x1d0
[  859.346241][T15853]  ? fdget_pos+0x252/0x320
[  859.346273][T15853]  ksys_read+0x156/0x270
[  859.346296][T15853]  ? __pfx_filldir+0x10/0x10
[  859.346318][T15853]  ? __pfx_ksys_read+0x10/0x10
[  859.346355][T15853]  do_syscall_64+0x14d/0xf80
[  859.346381][T15853]  ? trace_irq_disable+0x3b/0x150
[  859.346402][T15853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  859.346422][T15853]  ? clear_bhb_loop+0x40/0x90
[  859.346445][T15853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  859.346465][T15853] RIP: 0033:0x7f378edecfce
[  859.346484][T15853] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  859.346500][T15853] RSP: 002b:00007f378d07dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  859.346521][T15853] RAX: ffffffffffffffda RBX: 00007f378d07e6c0 RCX: 00007f378edecfce
[  859.346535][T15853] RDX: 000000000000000f RSI: 00007f378d07e0a0 RDI: 0000000000000006
[  859.346547][T15853] RBP: 00007f378d07e090 R08: 0000000000000000 R09: 0000000000000000
[  859.346560][T15853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  859.346572][T15853] R13: 00007f378f0a6038 R14: 00007f378f0a5fa0 R15: 00007ffc701b6b08
[  859.346604][T15853]  </TASK>
[  859.620881][T15846] vhci_hcd: connection reset by peer
[  859.623864][   T70] vhci_hcd vhci_hcd.4: stop threads
[  859.623888][   T70] vhci_hcd vhci_hcd.4: release socket
[  859.623932][   T70] vhci_hcd vhci_hcd.4: disconnect device
[  860.111385][ T1496] team0 (unregistering): Port device team_slave_1 removed
[  860.144698][ T1496] team0 (unregistering): Port device team_slave_0 removed
[  860.417434][T15859] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3171'.
[  861.934502][T15873] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.3175'.
[  864.086683][T15912] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  864.086705][T15912] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  864.086767][T15912] vhci_hcd vhci_hcd.0: Device attached
[  864.124939][    T9] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  864.319049][T13543] usb 35-1: new low-speed USB device number 13 using vhci_hcd
[  864.755144][T15913] vhci_hcd: connection reset by peer
[  864.791329][  T764] vhci_hcd vhci_hcd.1: stop threads
[  864.791354][  T764] vhci_hcd vhci_hcd.1: release socket
[  864.791433][  T764] vhci_hcd vhci_hcd.1: disconnect device
[  864.963339][T15650] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  865.070627][T15650] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  865.165492][T15650] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  865.239506][T15650] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  865.776920][T15650] 8021q: adding VLAN 0 to HW filter on device bond0
[  865.832814][T15650] 8021q: adding VLAN 0 to HW filter on device team0
[  865.853850][T15946] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.3186'.
[  866.331372][ T1231] bridge0: port 1(bridge_slave_0) entered blocking state
[  866.342041][ T1231] bridge0: port 1(bridge_slave_0) entered forwarding state
[  866.381561][ T1415] bridge0: port 2(bridge_slave_1) entered blocking state
[  866.391862][ T1415] bridge0: port 2(bridge_slave_1) entered forwarding state
[  866.624712][T15965] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3192'.
[  867.085252][T15978] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  867.085271][T15978] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  867.085356][T15978] vhci_hcd vhci_hcd.0: Device attached
[  867.157184][T15650] 8021q: adding VLAN 0 to HW filter on device batadv0
[  867.439483][T14156] usb 39-1: new low-speed USB device number 12 using vhci_hcd
[  867.643654][T15650] veth0_vlan: entered promiscuous mode
[  867.716399][T15650] veth1_vlan: entered promiscuous mode
[  867.752521][T15983] vhci_hcd: connection reset by peer
[  867.795160][  T764] vhci_hcd vhci_hcd.3: stop threads
[  867.795195][  T764] vhci_hcd vhci_hcd.3: release socket
[  867.795274][  T764] vhci_hcd vhci_hcd.3: disconnect device
[  867.986406][T15650] veth0_macvtap: entered promiscuous mode
[  867.991287][T15650] veth1_macvtap: entered promiscuous mode
[  868.091504][T15650] batman_adv: batadv0: Interface activated: batadv_slave_0
[  868.128545][T15650] batman_adv: batadv0: Interface activated: batadv_slave_1
[  868.161769][ T1496] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  868.186960][ T1496] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  868.188417][ T1496] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  868.189038][ T1496] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  868.676269][ T1496] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  868.676290][ T1496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  868.935159][  T764] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  868.935189][  T764] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  869.153717][T13543] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  869.290475][T16022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3108'.
[  869.847614][T16031] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.3205'.
[  870.839583][ T6252] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  871.020770][ T6252] usb 6-1: Using ep0 maxpacket: 8
[  871.027909][ T6252] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  871.027942][ T6252] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  871.027963][ T6252] usb 6-1: Product: syz
[  871.027979][ T6252] usb 6-1: Manufacturer: syz
[  871.027993][ T6252] usb 6-1: SerialNumber: syz
[  871.069010][T16040] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  871.069035][T16040] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  871.069101][T16040] vhci_hcd vhci_hcd.0: Device attached
[  871.110566][ T6252] usb 6-1: config 0 descriptor??
[  871.122631][ T5819] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  871.140331][ T5819] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  871.142920][ T5819] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  871.149374][ T5819] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  871.150193][ T5819] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  871.306259][T13543] usb 41-1: new low-speed USB device number 12 using vhci_hcd
[  871.686402][ T6252] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  871.695919][T16041] vhci_hcd: connection reset by peer
[  871.708377][ T1231] vhci_hcd vhci_hcd.4: stop threads
[  871.708403][ T1231] vhci_hcd vhci_hcd.4: release socket
[  871.708470][ T1231] vhci_hcd vhci_hcd.4: disconnect device
[  872.306302][T14156] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  872.431231][T16061] FAULT_INJECTION: forcing a failure.
[  872.431231][T16061] name failslab, interval 1, probability 0, space 0, times 0
[  872.431263][T16061] CPU: 0 UID: 0 PID: 16061 Comm: syz.1.3215 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  872.431286][T16061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  872.431298][T16061] Call Trace:
[  872.431306][T16061]  <TASK>
[  872.431315][T16061]  dump_stack_lvl+0xe8/0x150
[  872.431349][T16061]  should_fail_ex+0x46b/0x600
[  872.431376][T16061]  should_failslab+0xa8/0x100
[  872.431398][T16061]  __kmalloc_noprof+0xdf/0x7b0
[  872.431424][T16061]  ? kfree+0x4d/0x6c0
[  872.431445][T16061]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  872.431472][T16061]  tomoyo_realpath_from_path+0xe3/0x5d0
[  872.431504][T16061]  ? tomoyo_path_number_perm+0x219/0x630
[  872.431541][T16061]  tomoyo_path_number_perm+0x246/0x630
[  872.431570][T16061]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  872.431600][T16061]  ? sb_end_write+0xe9/0x1c0
[  872.431622][T16061]  ? vfs_write+0x9ce/0xba0
[  872.431680][T16061]  ? ksys_write+0x202/0x270
[  872.431712][T16061]  security_file_ioctl+0xc3/0x2a0
[  872.431741][T16061]  __se_sys_ioctl+0x47/0x170
[  872.431770][T16061]  do_syscall_64+0x14d/0xf80
[  872.431795][T16061]  ? trace_irq_disable+0x3b/0x150
[  872.431817][T16061]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  872.431838][T16061]  ? clear_bhb_loop+0x40/0x90
[  872.431860][T16061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  872.431879][T16061] RIP: 0033:0x7fefdffdc799
[  872.431898][T16061] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  872.431914][T16061] RSP: 002b:00007fefde22e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  872.431935][T16061] RAX: ffffffffffffffda RBX: 00007fefe0255fa0 RCX: 00007fefdffdc799
[  872.431950][T16061] RDX: 0000200000000000 RSI: 000000004020ae76 RDI: 0000000000000004
[  872.431962][T16061] RBP: 00007fefde22e090 R08: 0000000000000000 R09: 0000000000000000
[  872.431974][T16061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  872.431985][T16061] R13: 00007fefe0256038 R14: 00007fefe0255fa0 R15: 00007ffe51fd2408
[  872.432014][T16061]  </TASK>
[  872.432022][T16061] ERROR: Out of memory at tomoyo_realpath_from_path.
[  872.852152][T16042] chnl_net:caif_netlink_parms(): no params data found
[  872.898601][T16065] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3216'.
[  873.089079][    C1] raw-gadget.0 gadget.5: ignoring, device is not running
[  873.091146][ T6252] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  873.107113][ T6252] usb 6-1: USB disconnect, device number 30
[  873.166588][ T5819] Bluetooth: hci2: command tx timeout
[  873.228465][T16072] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.3217'.
[  874.938287][T16102] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3229'.
[  875.028978][T16042] bridge0: port 1(bridge_slave_0) entered blocking state
[  875.029193][T16042] bridge0: port 1(bridge_slave_0) entered disabled state
[  875.029379][T16042] bridge_slave_0: entered allmulticast mode
[  875.067215][T16042] bridge_slave_0: entered promiscuous mode
[  875.449452][ T5819] Bluetooth: hci2: command tx timeout
[  876.050561][T16042] bridge0: port 2(bridge_slave_1) entered blocking state
[  876.050682][T16042] bridge0: port 2(bridge_slave_1) entered disabled state
[  876.050942][T16042] bridge_slave_1: entered allmulticast mode
[  876.061636][T16042] bridge_slave_1: entered promiscuous mode
[  876.167834][T13543] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  876.507076][  T823] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  876.678055][  T823] usb 6-1: Using ep0 maxpacket: 32
[  876.696034][  T823] usb 6-1: config 0 has an invalid interface number: 239 but max is 0
[  876.696064][  T823] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  876.696084][  T823] usb 6-1: config 0 has no interface number 0
[  876.696129][  T823] usb 6-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  876.696155][  T823] usb 6-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  876.696183][  T823] usb 6-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[  876.696209][  T823] usb 6-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[  876.696237][  T823] usb 6-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[  876.696261][  T823] usb 6-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xD5, changing to 0x85
[  876.696287][  T823] usb 6-1: config 0 interface 239 altsetting 4 endpoint 0x85 has invalid maxpacket 4168, setting to 1024
[  876.696314][  T823] usb 6-1: config 0 interface 239 altsetting 4 bulk endpoint 0x85 has invalid maxpacket 1024
[  876.696339][  T823] usb 6-1: config 0 interface 239 has no altsetting 0
[  876.720133][ T1234] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  876.818368][T16128] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3239'.
[  876.887938][ T1234] usb 5-1: Using ep0 maxpacket: 32
[  876.901703][ T1234] usb 5-1: config 0 has an invalid interface number: 239 but max is 0
[  876.901732][ T1234] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  876.901752][ T1234] usb 5-1: config 0 has no interface number 0
[  876.901795][ T1234] usb 5-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  876.901819][ T1234] usb 5-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  876.901837][ T1234] usb 5-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[  876.901850][ T1234] usb 5-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[  876.901864][ T1234] usb 5-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[  876.901877][ T1234] usb 5-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xD5, changing to 0x85
[  876.901890][ T1234] usb 5-1: config 0 interface 239 altsetting 4 endpoint 0x85 has invalid maxpacket 4168, setting to 1024
[  876.901903][ T1234] usb 5-1: config 0 interface 239 altsetting 4 bulk endpoint 0x85 has invalid maxpacket 1024
[  876.901916][ T1234] usb 5-1: config 0 interface 239 has no altsetting 0
[  876.902017][  T823] usb 6-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  876.902030][  T823] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.902040][  T823] usb 6-1: Product: syz
[  876.902048][  T823] usb 6-1: Manufacturer: syz
[  876.902056][  T823] usb 6-1: SerialNumber: syz
[  876.905546][ T1234] usb 5-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  876.905577][ T1234] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.905593][ T1234] usb 5-1: Product: syz
[  876.905600][ T1234] usb 5-1: Manufacturer: syz
[  876.905609][ T1234] usb 5-1: SerialNumber: syz
[  876.950454][T16131] netlink: 248 bytes leftover after parsing attributes in process `syz.2.3240'.
[  877.071510][  T823] usb 6-1: config 0 descriptor??
[  877.072646][T16120] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  877.072860][T16120] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  877.072996][T16120] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  877.147651][ T1234] usb 5-1: config 0 descriptor??
[  877.148385][T16126] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  877.151317][T16126] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  877.151449][T16126] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  877.278552][T16042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  877.281638][ T5889] usb 6-1: USB disconnect, device number 31
[  877.350178][  T823] usb 5-1: USB disconnect, device number 46
[  877.386865][T16042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  877.394737][ T5819] Bluetooth: hci2: command tx timeout
[  878.648296][T16042] team0: Port device team_slave_0 added
[  878.662207][T16042] team0: Port device team_slave_1 added
[  878.819200][T16042] batman_adv: batadv0: Adding interface: batadv_slave_0
[  878.819218][T16042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  878.819244][T16042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  878.836842][T16042] batman_adv: batadv0: Adding interface: batadv_slave_1
[  878.836859][T16042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  878.836885][T16042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  879.014843][T16156] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3249'.
[  879.042720][ T1234] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  879.048450][T16042] hsr_slave_0: entered promiscuous mode
[  879.049693][T16042] hsr_slave_1: entered promiscuous mode
[  879.070796][T16042] debugfs: 'hsr0' already exists in 'hsr'
[  879.070824][T16042] Cannot create hsr debugfs directory
[  879.081930][T16161] netlink: 248 bytes leftover after parsing attributes in process `syz.2.3252'.
[  879.198361][ T1234] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  879.198416][ T1234] usb 6-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  879.198439][ T1234] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  879.198483][ T1234] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  879.198507][ T1234] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  879.376653][ T5819] Bluetooth: hci2: command tx timeout
[  879.417212][ T1234] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  879.476769][T13650] bridge_slave_1: left allmulticast mode
[  879.476797][T13650] bridge_slave_1: left promiscuous mode
[  879.477038][T13650] bridge0: port 2(bridge_slave_1) entered disabled state
[  879.526441][ T1234] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -2
[  879.567328][T13650] bridge_slave_0: left allmulticast mode
[  879.567434][T13650] bridge_slave_0: left promiscuous mode
[  879.592170][T13650] bridge0: port 1(bridge_slave_0) entered disabled state
[  879.623540][ T6252] usb 6-1: USB disconnect, device number 32
[  880.986544][T16185] netlink: 'syz.1.3261': attribute type 25 has an invalid length.
[  880.986564][T16185] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3261'.
[  881.105321][T13543] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  881.158646][T16191] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3263'.
[  881.249919][T13543] usb 3-1: Using ep0 maxpacket: 8
[  881.252402][T13543] usb 3-1: unable to get BOS descriptor or descriptor too short
[  881.253752][T13543] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  881.256302][T13543] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  881.256328][T13543] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  881.256348][T13543] usb 3-1: Product: syz
[  881.256362][T13543] usb 3-1: Manufacturer: 妈଑૧즨㓂銈驦쮛䞐䇈踭┨㥔⠝㴩ᗓ弪ඡ䆛䶣遧芎椈搈롫狓ࡹ쪥黼ⱻ罿ꚣ큽젧羅戇૚髤
[  881.256384][T13543] usb 3-1: SerialNumber: syz
[  881.314655][T16203] netlink: 248 bytes leftover after parsing attributes in process `syz.4.3265'.
[  881.441032][T13650] bond1 (unregistering): (slave ip6gretap1): Releasing active interface
[  881.441060][T13650] ip6gretap1 (unregistering): left allmulticast mode
[  881.451698][T16206] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3266'.
[  881.561153][T13543] cdc_ncm 3-1:1.0: bind() failure
[  881.587729][T13543] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  881.587777][T13543] cdc_ncm 3-1:1.1: bind() failure
[  881.633128][T13543] usb 3-1: USB disconnect, device number 61
[  881.736327][T14156] usb 6-1: new full-speed USB device number 33 using dummy_hcd
[  881.880347][T14156] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  881.880378][T14156] usb 6-1: config 0 has no interface number 0
[  881.880479][T14156] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  881.880508][T14156] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  881.880546][T14156] usb 6-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  881.880561][T14156] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  881.908315][T14156] usb 6-1: config 0 descriptor??
[  882.833196][ T6244] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  882.996418][ T6244] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  882.996473][ T6244] usb 3-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  882.996530][ T6244] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  882.996556][ T6244] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  882.996568][ T6244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  883.049476][T14156] uclogic 0003:28BD:0071.000C: pen parameters not found
[  883.049505][T14156] uclogic 0003:28BD:0071.000C: interface is invalid, ignoring
[  883.051721][ T6244] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  883.156218][ T6244] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -2
[  883.228071][T13543] usb 3-1: USB disconnect, device number 62
[  883.355749][T13650] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  883.431549][T13650] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  883.450866][T13650] bond0 (unregistering): Released all slaves
[  883.546798][T13650] bond1 (unregistering): Released all slaves
[  883.670061][T16185] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  883.748159][T13543] usb 6-1: USB disconnect, device number 33
[  883.889957][T16233] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3274'.
[  884.073545][T16240] netlink: 220 bytes leftover after parsing attributes in process `syz.2.3276'.
[  884.345658][T16250] netlink: 'syz.4.3282': attribute type 25 has an invalid length.
[  884.345681][T16250] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3282'.
[  884.530634][T16250] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  885.013504][T16262] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3286'.
[  885.036552][T16264] netlink: 248 bytes leftover after parsing attributes in process `syz.4.3285'.
[  886.042818][T16289] netlink: 220 bytes leftover after parsing attributes in process `syz.2.3295'.
[  886.080868][T16291] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3297'.
[  886.147259][T16288] FAULT_INJECTION: forcing a failure.
[  886.147259][T16288] name failslab, interval 1, probability 0, space 0, times 0
[  886.147290][T16288] CPU: 0 UID: 0 PID: 16288 Comm: syz.1.3296 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  886.147311][T16288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  886.147323][T16288] Call Trace:
[  886.147330][T16288]  <TASK>
[  886.147347][T16288]  dump_stack_lvl+0xe8/0x150
[  886.147373][T16288]  should_fail_ex+0x46b/0x600
[  886.147395][T16288]  should_failslab+0xa8/0x100
[  886.147412][T16288]  __kmalloc_noprof+0xdf/0x7b0
[  886.147432][T16288]  ? kfree+0x4d/0x6c0
[  886.147449][T16288]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  886.147470][T16288]  tomoyo_realpath_from_path+0xe3/0x5d0
[  886.147494][T16288]  ? tomoyo_path_number_perm+0x219/0x630
[  886.147514][T16288]  tomoyo_path_number_perm+0x246/0x630
[  886.147536][T16288]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  886.147558][T16288]  ? __lock_acquire+0x6b5/0x2cf0
[  886.147598][T16288]  ? __fget_files+0x2a/0x420
[  886.147618][T16288]  ? __fget_files+0x2a/0x420
[  886.147633][T16288]  ? __fget_files+0x3a6/0x420
[  886.147648][T16288]  ? __fget_files+0x2a/0x420
[  886.147667][T16288]  security_file_ioctl+0xc3/0x2a0
[  886.147691][T16288]  __se_sys_ioctl+0x47/0x170
[  886.147714][T16288]  do_syscall_64+0x14d/0xf80
[  886.147734][T16288]  ? trace_irq_disable+0x3b/0x150
[  886.147750][T16288]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.147765][T16288]  ? clear_bhb_loop+0x40/0x90
[  886.147782][T16288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.147797][T16288] RIP: 0033:0x7fefdffdc799
[  886.147812][T16288] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  886.147825][T16288] RSP: 002b:00007fefde22e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  886.147841][T16288] RAX: ffffffffffffffda RBX: 00007fefe0255fa0 RCX: 00007fefdffdc799
[  886.147853][T16288] RDX: 0000200000000100 RSI: 000000008208ae63 RDI: 0000000000000004
[  886.147862][T16288] RBP: 00007fefde22e090 R08: 0000000000000000 R09: 0000000000000000
[  886.147871][T16288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  886.147880][T16288] R13: 00007fefe0256038 R14: 00007fefe0255fa0 R15: 00007ffe51fd2408
[  886.147904][T16288]  </TASK>
[  886.147911][T16288] ERROR: Out of memory at tomoyo_realpath_from_path.
[  886.243892][T16293] ieee802154 phy0 wpan0: encryption failed: -22
[  886.518535][T13650] hsr_slave_0: left promiscuous mode
[  886.950510][T13650] hsr_slave_1: left promiscuous mode
[  886.956203][T13650] batman_adv: batadv0: Removing interface: batadv_slave_0
[  887.020260][T13650] batman_adv: batadv0: Removing interface: batadv_slave_1
[  888.866559][T13650] team0 (unregistering): Port device team_slave_1 removed
[  888.917983][T13650] team0 (unregistering): Port device team_slave_0 removed
[  889.111326][T16340] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3309'.
[  889.426334][T16354] FAULT_INJECTION: forcing a failure.
[  889.426334][T16354] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  889.426367][T16354] CPU: 1 UID: 0 PID: 16354 Comm: syz.4.3315 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  889.426390][T16354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  889.426401][T16354] Call Trace:
[  889.426410][T16354]  <TASK>
[  889.426418][T16354]  dump_stack_lvl+0xe8/0x150
[  889.426450][T16354]  should_fail_ex+0x46b/0x600
[  889.426480][T16354]  _copy_from_user+0x2d/0xb0
[  889.426507][T16354]  ___sys_sendmsg+0x1c6/0x360
[  889.426534][T16354]  ? __pfx____sys_sendmsg+0x10/0x10
[  889.426587][T16354]  ? __fget_files+0x2a/0x420
[  889.426610][T16354]  ? __fget_files+0x3a6/0x420
[  889.426643][T16354]  __x64_sys_sendmsg+0x1c3/0x2a0
[  889.426665][T16354]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  889.426694][T16354]  ? __pfx_ksys_write+0x10/0x10
[  889.426731][T16354]  do_syscall_64+0x14d/0xf80
[  889.426756][T16354]  ? trace_irq_disable+0x3b/0x150
[  889.426777][T16354]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.426797][T16354]  ? clear_bhb_loop+0x40/0x90
[  889.426820][T16354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.426839][T16354] RIP: 0033:0x7f7b2c23c799
[  889.426857][T16354] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  889.426873][T16354] RSP: 002b:00007f7b2a48e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  889.426893][T16354] RAX: ffffffffffffffda RBX: 00007f7b2c4b5fa0 RCX: 00007f7b2c23c799
[  889.426908][T16354] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000005
[  889.426920][T16354] RBP: 00007f7b2a48e090 R08: 0000000000000000 R09: 0000000000000000
[  889.426932][T16354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  889.426944][T16354] R13: 00007f7b2c4b6038 R14: 00007f7b2c4b5fa0 R15: 00007ffc2099ec88
[  889.426976][T16354]  </TASK>
[  890.331662][T16369] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3320'.
[  891.305131][T16393] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3326'.
[  891.341227][T16042] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  891.372611][T16042] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  891.542229][T16042] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  892.394101][T16042] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  892.576300][T16433] FAULT_INJECTION: forcing a failure.
[  892.576300][T16433] name failslab, interval 1, probability 0, space 0, times 0
[  892.576334][T16433] CPU: 0 UID: 0 PID: 16433 Comm: syz.4.3335 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  892.576356][T16433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  892.576367][T16433] Call Trace:
[  892.576375][T16433]  <TASK>
[  892.576383][T16433]  dump_stack_lvl+0xe8/0x150
[  892.576419][T16433]  should_fail_ex+0x46b/0x600
[  892.576449][T16433]  should_failslab+0xa8/0x100
[  892.576469][T16433]  __kmalloc_noprof+0xdf/0x7b0
[  892.576494][T16433]  ? kfree+0x4d/0x6c0
[  892.576514][T16433]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  892.576541][T16433]  tomoyo_realpath_from_path+0xe3/0x5d0
[  892.576570][T16433]  ? tomoyo_path_number_perm+0x219/0x630
[  892.576598][T16433]  tomoyo_path_number_perm+0x246/0x630
[  892.576627][T16433]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  892.576656][T16433]  ? sb_end_write+0xe9/0x1c0
[  892.576678][T16433]  ? vfs_write+0x9ce/0xba0
[  892.576736][T16433]  ? ksys_write+0x202/0x270
[  892.576767][T16433]  security_file_ioctl+0xc3/0x2a0
[  892.576797][T16433]  __se_sys_ioctl+0x47/0x170
[  892.576824][T16433]  do_syscall_64+0x14d/0xf80
[  892.576849][T16433]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  892.576875][T16433]  ? clear_bhb_loop+0x40/0x90
[  892.576897][T16433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  892.576916][T16433] RIP: 0033:0x7f7b2c23c799
[  892.576934][T16433] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  892.576947][T16433] RSP: 002b:00007f7b2a48e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  892.576968][T16433] RAX: ffffffffffffffda RBX: 00007f7b2c4b5fa0 RCX: 00007f7b2c23c799
[  892.576982][T16433] RDX: 0000000000000200 RSI: 0000000000004c09 RDI: 0000000000000003
[  892.576995][T16433] RBP: 00007f7b2a48e090 R08: 0000000000000000 R09: 0000000000000000
[  892.577007][T16433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  892.577019][T16433] R13: 00007f7b2c4b6038 R14: 00007f7b2c4b5fa0 R15: 00007ffc2099ec88
[  892.577051][T16433]  </TASK>
[  892.579489][T16433] ERROR: Out of memory at tomoyo_realpath_from_path.
[  893.079876][T16442] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.3336'.
[  894.140982][T16446] netlink: 248 bytes leftover after parsing attributes in process `syz.1.3337'.
[  894.285978][T16042] 8021q: adding VLAN 0 to HW filter on device bond0
[  894.355018][T16042] 8021q: adding VLAN 0 to HW filter on device team0
[  894.390306][ T1231] bridge0: port 1(bridge_slave_0) entered blocking state
[  894.394497][ T1231] bridge0: port 1(bridge_slave_0) entered forwarding state
[  894.466443][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state
[  894.480564][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  895.765122][T16472] FAULT_INJECTION: forcing a failure.
[  895.765122][T16472] name failslab, interval 1, probability 0, space 0, times 0
[  895.765156][T16472] CPU: 0 UID: 0 PID: 16472 Comm: syz.1.3346 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  895.765180][T16472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  895.765192][T16472] Call Trace:
[  895.765203][T16472]  <TASK>
[  895.765212][T16472]  dump_stack_lvl+0xe8/0x150
[  895.765246][T16472]  should_fail_ex+0x46b/0x600
[  895.765275][T16472]  should_failslab+0xa8/0x100
[  895.765297][T16472]  __kmalloc_noprof+0xdf/0x7b0
[  895.765324][T16472]  ? kfree+0x4d/0x6c0
[  895.765347][T16472]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  895.765375][T16472]  tomoyo_realpath_from_path+0xe3/0x5d0
[  895.765407][T16472]  ? tomoyo_path_number_perm+0x219/0x630
[  895.765435][T16472]  tomoyo_path_number_perm+0x246/0x630
[  895.765465][T16472]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  895.765494][T16472]  ? __lock_acquire+0x6b5/0x2cf0
[  895.765548][T16472]  ? __fget_files+0x2a/0x420
[  895.765574][T16472]  ? __fget_files+0x2a/0x420
[  895.765595][T16472]  ? __fget_files+0x3a6/0x420
[  895.765615][T16472]  ? __fget_files+0x2a/0x420
[  895.765636][T16472]  security_file_ioctl+0xc3/0x2a0
[  895.765667][T16472]  __se_sys_ioctl+0x47/0x170
[  895.765697][T16472]  do_syscall_64+0x14d/0xf80
[  895.765722][T16472]  ? trace_irq_disable+0x3b/0x150
[  895.765744][T16472]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.765764][T16472]  ? clear_bhb_loop+0x40/0x90
[  895.765795][T16472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.765814][T16472] RIP: 0033:0x7fefdffdc799
[  895.765833][T16472] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  895.765849][T16472] RSP: 002b:00007fefde22e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  895.765870][T16472] RAX: ffffffffffffffda RBX: 00007fefe0255fa0 RCX: 00007fefdffdc799
[  895.765885][T16472] RDX: 00002000000000c0 RSI: 0000000000002285 RDI: 0000000000000003
[  895.765898][T16472] RBP: 00007fefde22e090 R08: 0000000000000000 R09: 0000000000000000
[  895.765910][T16472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  895.765922][T16472] R13: 00007fefe0256038 R14: 00007fefe0255fa0 R15: 00007ffe51fd2408
[  895.765953][T16472]  </TASK>
[  896.007330][T16472] ERROR: Out of memory at tomoyo_realpath_from_path.
[  896.506804][T16477] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.3347'.
[  897.633972][T16042] 8021q: adding VLAN 0 to HW filter on device batadv0
[  897.736683][T16042] veth0_vlan: entered promiscuous mode
[  897.754345][T16042] veth1_vlan: entered promiscuous mode
[  897.938589][T16042] veth0_macvtap: entered promiscuous mode
[  898.129233][T16042] veth1_macvtap: entered promiscuous mode
[  898.149261][T16488] kvm: user requested TSC rate below hardware speed
[  898.151647][T16488] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4055050731 (8110101462 ns) > initial count (3992482008 ns). Using initial count to start timer.
[  899.031493][T16042] batman_adv: batadv0: Interface activated: batadv_slave_0
[  899.074486][T16042] batman_adv: batadv0: Interface activated: batadv_slave_1
[  899.115256][   T44] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  899.115301][   T44] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  899.115336][   T44] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  899.115369][   T44] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  899.793749][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  899.803814][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  900.001619][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  900.001640][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  900.026988][ T5819] Bluetooth: hci1: command 0x0406 tx timeout
[  901.808665][T16527] FAULT_INJECTION: forcing a failure.
[  901.808665][T16527] name failslab, interval 1, probability 0, space 0, times 0
[  901.808695][T16527] CPU: 0 UID: 0 PID: 16527 Comm: syz.1.3364 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  901.808708][T16527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  901.808714][T16527] Call Trace:
[  901.808719][T16527]  <TASK>
[  901.808724][T16527]  dump_stack_lvl+0xe8/0x150
[  901.808745][T16527]  should_fail_ex+0x46b/0x600
[  901.808762][T16527]  should_failslab+0xa8/0x100
[  901.808775][T16527]  __kmalloc_noprof+0xdf/0x7b0
[  901.808791][T16527]  ? kfree+0x4d/0x6c0
[  901.808803][T16527]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  901.808819][T16527]  tomoyo_realpath_from_path+0xe3/0x5d0
[  901.808836][T16527]  ? tomoyo_path_number_perm+0x219/0x630
[  901.808853][T16527]  tomoyo_path_number_perm+0x246/0x630
[  901.808870][T16527]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  901.808887][T16527]  ? __lock_acquire+0x6b5/0x2cf0
[  901.808915][T16527]  ? __fget_files+0x2a/0x420
[  901.808930][T16527]  ? __fget_files+0x2a/0x420
[  901.808942][T16527]  ? __fget_files+0x3a6/0x420
[  901.808954][T16527]  ? __fget_files+0x2a/0x420
[  901.808969][T16527]  security_file_ioctl+0xc3/0x2a0
[  901.808989][T16527]  __se_sys_ioctl+0x47/0x170
[  901.809007][T16527]  do_syscall_64+0x14d/0xf80
[  901.809025][T16527]  ? trace_irq_disable+0x3b/0x150
[  901.809044][T16527]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  901.809063][T16527]  ? clear_bhb_loop+0x40/0x90
[  901.809086][T16527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  901.809104][T16527] RIP: 0033:0x7fefdffdc799
[  901.809123][T16527] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  901.809136][T16527] RSP: 002b:00007fefde22e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  901.809148][T16527] RAX: ffffffffffffffda RBX: 00007fefe0255fa0 RCX: 00007fefdffdc799
[  901.809156][T16527] RDX: 0000200000000080 RSI: 000000004020ae76 RDI: 0000000000000004
[  901.809163][T16527] RBP: 00007fefde22e090 R08: 0000000000000000 R09: 0000000000000000
[  901.809170][T16527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  901.809176][T16527] R13: 00007fefe0256038 R14: 00007fefe0255fa0 R15: 00007ffe51fd2408
[  901.809195][T16527]  </TASK>
[  901.816036][T16527] ERROR: Out of memory at tomoyo_realpath_from_path.
[  902.385045][  T823] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  902.527920][  T823] usb 6-1: Using ep0 maxpacket: 32
[  902.530889][  T823] usb 6-1: config 0 has an invalid interface number: 239 but max is 0
[  902.530914][  T823] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  902.530933][  T823] usb 6-1: config 0 has no interface number 0
[  902.530973][  T823] usb 6-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  902.530992][  T823] usb 6-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  902.531014][  T823] usb 6-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[  902.531039][  T823] usb 6-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[  902.531064][  T823] usb 6-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[  902.531083][  T823] usb 6-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xD5, changing to 0x85
[  902.531101][  T823] usb 6-1: config 0 interface 239 altsetting 4 endpoint 0x85 has invalid maxpacket 4168, setting to 1024
[  902.531121][  T823] usb 6-1: config 0 interface 239 altsetting 4 bulk endpoint 0x85 has invalid maxpacket 1024
[  902.531139][  T823] usb 6-1: config 0 interface 239 has no altsetting 0
[  902.533364][  T823] usb 6-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  902.533387][  T823] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  902.533405][  T823] usb 6-1: Product: syz
[  902.533418][  T823] usb 6-1: Manufacturer: syz
[  902.533431][  T823] usb 6-1: SerialNumber: syz
[  902.553423][   T37] kauditd_printk_skb: 16 callbacks suppressed
[  902.553440][   T37] audit: type=1326 audit(1773844974.405:1827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16553 comm="syz.4.3373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b2c23c799 code=0x7ffc0000
[  902.553797][   T37] audit: type=1326 audit(1773844974.405:1828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16553 comm="syz.4.3373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f7b2c23c799 code=0x7ffc0000
[  902.554043][   T37] audit: type=1326 audit(1773844974.405:1829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16553 comm="syz.4.3373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b2c23c799 code=0x7ffc0000
[  902.554419][   T37] audit: type=1326 audit(1773844974.405:1830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16553 comm="syz.4.3373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7f7b2c23c799 code=0x7ffc0000
[  902.554660][   T37] audit: type=1326 audit(1773844974.405:1831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16553 comm="syz.4.3373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b2c23c799 code=0x7ffc0000
[  902.554961][   T37] audit: type=1326 audit(1773844974.405:1832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16553 comm="syz.4.3373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7b2c1fcfce code=0x7ffc0000
[  902.558044][   T37] audit: type=1326 audit(1773844974.416:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16553 comm="syz.4.3373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f7b2c23da97 code=0x7ffc0000
[  902.558435][   T37] audit: type=1326 audit(1773844974.416:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16553 comm="syz.4.3373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7b2c23c799 code=0x7ffc0000
[  902.558832][   T37] audit: type=1326 audit(1773844974.416:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16553 comm="syz.4.3373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f7b2c23da97 code=0x7ffc0000
[  902.559112][   T37] audit: type=1326 audit(1773844974.416:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16553 comm="syz.4.3373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f7b2c1fcfce code=0x7ffc0000
[  902.570344][  T823] usb 6-1: config 0 descriptor??
[  902.781336][T16558] syz.4.3375 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  902.807500][T16531] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  902.807719][T16531] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  902.807830][T16531] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  903.128931][ T6244] usb 6-1: USB disconnect, device number 34
[  904.084171][T16572] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3379'.
[  904.084199][T16572] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3379'.
[  904.084216][T16572] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3379'.
[  904.231497][T16577] FAULT_INJECTION: forcing a failure.
[  904.231497][T16577] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  904.231538][T16577] CPU: 1 UID: 0 PID: 16577 Comm: syz.3.3383 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  904.231560][T16577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  904.231571][T16577] Call Trace:
[  904.231579][T16577]  <TASK>
[  904.231588][T16577]  dump_stack_lvl+0xe8/0x150
[  904.231619][T16577]  should_fail_ex+0x46b/0x600
[  904.231648][T16577]  _copy_from_user+0x2d/0xb0
[  904.231674][T16577]  __x64_sys_epoll_ctl+0x128/0x1b0
[  904.231703][T16577]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[  904.231738][T16577]  do_syscall_64+0x14d/0xf80
[  904.231764][T16577]  ? trace_irq_disable+0x3b/0x150
[  904.231783][T16577]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  904.231799][T16577]  ? clear_bhb_loop+0x40/0x90
[  904.231816][T16577]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  904.231831][T16577] RIP: 0033:0x7fb6d3dbc799
[  904.231845][T16577] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  904.231858][T16577] RSP: 002b:00007fb6d2016028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  904.231874][T16577] RAX: ffffffffffffffda RBX: 00007fb6d4035fa0 RCX: 00007fb6d3dbc799
[  904.231886][T16577] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004
[  904.231895][T16577] RBP: 00007fb6d2016090 R08: 0000000000000000 R09: 0000000000000000
[  904.231904][T16577] R10: 0000200000000500 R11: 0000000000000246 R12: 0000000000000001
[  904.231914][T16577] R13: 00007fb6d4036038 R14: 00007fb6d4035fa0 R15: 00007ffddb042168
[  904.231937][T16577]  </TASK>
[  904.283387][ T6244] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  904.435245][ T6244] usb 3-1: Using ep0 maxpacket: 32
[  904.437600][ T6244] usb 3-1: unable to get BOS descriptor or descriptor too short
[  904.445983][ T6244] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 0.40
[  904.446012][ T6244] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  904.446031][ T6244] usb 3-1: Product: syz
[  904.446045][ T6244] usb 3-1: Manufacturer: syz
[  904.446060][ T6244] usb 3-1: SerialNumber: syz
[  904.767190][T16592] ieee802154 phy0 wpan0: encryption failed: -22
[  904.848895][ T6244] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  904.929747][ T6244] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -2
[  904.935705][ T6244] usb 3-1: USB disconnect, device number 63
[  904.966165][T16565] udevd[16565]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  905.128183][ T1234] usb 6-1: new full-speed USB device number 35 using dummy_hcd
[  905.272639][ T1234] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  905.272691][ T1234] usb 6-1: New USB device found, idVendor=1c4f, idProduct=0059, bcdDevice= 0.00
[  905.272715][ T1234] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  905.275637][ T1234] usb 6-1: config 0 descriptor??
[  905.279682][T16595] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  905.326866][ T1234] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  905.414094][T14156] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  905.566264][T14156] usb 2-1: Using ep0 maxpacket: 8
[  905.569062][T14156] usb 2-1: unable to get BOS descriptor or descriptor too short
[  905.571679][T14156] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  905.613934][T14156] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  905.613964][T14156] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  905.613985][T14156] usb 2-1: Product: syz
[  905.614004][T14156] usb 2-1: Manufacturer: 妈଑૧즨㓂銈驦쮛䞐䇈踭┨㥔⠝㴩ᗓ弪ඡ䆛䶣遧芎椈搈롫狓ࡹ쪥黼ⱻ罿ꚣ큽젧羅戇૚髤ᳬ䁦ӕ
[  905.614028][T14156] usb 2-1: SerialNumber: syz
[  905.677322][T16604] netlink: 180 bytes leftover after parsing attributes in process `syz.2.3393'.
[  905.723021][ T5120] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  905.723048][ T5120] CPU: 1 UID: 0 PID: 5120 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  905.723075][ T5120] Hardware name: Google Goo[  905.723075][ T5120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  905.723093][ T5120] Workqueue: hci0 hci_rx_work
[  905.723128][ T5120] Call Trace:
[  905.723136][ T5120]  <TASK>
[  905.723145][ T5120]  dump_stack_lvl+0xe8/0x150
[  905.723180][ T5120]  sysfs_create_dir_ns+0x271/0x2a0
[  905.723205][ T5120]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  905.723233][ T5120]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  905.723261][ T5120]  ? rt_spin_unlock+0x160/0x200
[  905.723287][ T5120]  kobject_add_internal+0x631/0xd10
[  905.723319][ T5120]  kobject_add+0x163/0x240
[  905.723346][ T5120]  ? __pfx_kobject_add+0x10/0x10
[  905.723376][ T5120]  ? get_device_parent+0x370/0x3a0
[  905.723404][ T5120]  device_add+0x408/0xb80
[  905.723431][ T5120]  hci_conn_add_sysfs+0xd5/0x210
[  905.723505][ T5120]  le_conn_complete_evt+0xf1d/0x1430
[  905.723538][ T5120]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  905.723563][ T5120]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  905.723595][ T5120]  ? lockdep_hardirqs_on+0x7a/0x110
[  905.723628][ T5120]  ? skb_pull_data+0xfb/0x200
[  905.723657][ T5120]  hci_le_conn_complete_evt+0x187/0x470
[  905.723687][ T5120]  hci_event_packet+0x7af/0x12c0
[  905.723721][ T5120]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  905.723755][ T5120]  ? __pfx_hci_event_packet+0x10/0x10
[  905.723782][ T5120]  ? rt_spin_unlock+0x14f/0x200
[  905.723815][ T5120]  ? hci_send_to_monitor+0xe2/0x590
[  905.723841][ T5120]  hci_rx_work+0x3ee/0x1030
[  905.723878][ T5120]  ? process_scheduled_works+0xa8d/0x18c0
[  905.723908][ T5120]  process_scheduled_works+0xb6e/0x18c0
[  905.724014][ T5120]  ? __pfx_process_scheduled_works+0x10/0x10
[  905.724062][ T5120]  ? assign_work+0x3d5/0x5e0
[  905.724094][ T5120]  worker_thread+0xa53/0xfc0
[  905.724148][ T5120]  kthread+0x388/0x470
[  905.724172][ T5120]  ? __pfx_worker_thread+0x10/0x10
[  905.724201][ T5120]  ? __pfx_kthread+0x10/0x10
[  905.724224][ T5120]  ret_from_fork+0x51e/0xb90
[  905.724257][ T5120]  ? __pfx_ret_from_fork+0x10/0x10
[  905.724284][ T5120]  ? __switch_to+0xc7d/0x1450
[  905.724313][ T5120]  ? __pfx_kthread+0x10/0x10
[  905.724334][ T5120]  ret_from_fork_asm+0x1a/0x30
[  905.724372][ T5120]  </TASK>
[  905.724486][ T5120] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  905.724547][ T5120] Bluetooth: hci0: failed to register connection device
[  905.730660][T16604] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3393'.
[  905.730683][T16604] nbd: must specify at least one socket
[  905.768306][ T5120] ==================================================================
[  905.768324][ T5120] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1f9/0x2e0
[  905.768442][ T5120] Read of size 8 at addr ffff88805fe1f7b0 by task kworker/u9:1/5120
[  905.768459][ T5120] 
[  905.768473][ T5120] CPU: 1 UID: 0 PID: 5120 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  905.768496][ T5120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  905.768509][ T5120] Workqueue: hci0 hci_rx_work
[  905.768549][ T5120] Call Trace:
[  905.768557][ T5120]  <TASK>
[  905.768566][ T5120]  dump_stack_lvl+0xe8/0x150
[  905.768597][ T5120]  print_report+0xba/0x230
[  905.768638][ T5120]  ? l2cap_sock_new_connection_cb+0x1f9/0x2e0
[  905.768662][ T5120]  kasan_report+0x117/0x150
[  905.768689][ T5120]  ? l2cap_sock_new_connection_cb+0x1f9/0x2e0
[  905.768720][ T5120]  l2cap_sock_new_connection_cb+0x1f9/0x2e0
[  905.768748][ T5120]  l2cap_connect_cfm+0x368/0x1390
[  905.768776][ T5120]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  905.768798][ T5120]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  905.768830][ T5120]  ? lockdep_hardirqs_on+0x7a/0x110
[  905.768860][ T5120]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  905.768889][ T5120]  ? mutex_lock_nested+0x152/0x1d0
[  905.768912][ T5120]  ? hci_connect_cfm+0x2c/0x140
[  905.768931][ T5120]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  905.768954][ T5120]  hci_connect_cfm+0x95/0x140
[  905.768975][ T5120]  le_conn_complete_evt+0xf65/0x1430
[  905.769001][ T5120]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  905.769021][ T5120]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  905.769051][ T5120]  ? lockdep_hardirqs_on+0x7a/0x110
[  905.769080][ T5120]  ? skb_pull_data+0xfb/0x200
[  905.769106][ T5120]  hci_le_conn_complete_evt+0x187/0x470
[  905.769130][ T5120]  hci_event_packet+0x7af/0x12c0
[  905.769157][ T5120]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  905.769188][ T5120]  ? __pfx_hci_event_packet+0x10/0x10
[  905.769214][ T5120]  ? rt_spin_unlock+0x14f/0x200
[  905.769243][ T5120]  ? hci_send_to_monitor+0xe2/0x590
[  905.769267][ T5120]  hci_rx_work+0x3ee/0x1030
[  905.769297][ T5120]  ? process_scheduled_works+0xa8d/0x18c0
[  905.769326][ T5120]  process_scheduled_works+0xb6e/0x18c0
[  905.769369][ T5120]  ? __pfx_process_scheduled_works+0x10/0x10
[  905.769399][ T5120]  ? assign_work+0x3d5/0x5e0
[  905.769426][ T5120]  worker_thread+0xa53/0xfc0
[  905.769464][ T5120]  kthread+0x388/0x470
[  905.769484][ T5120]  ? __pfx_worker_thread+0x10/0x10
[  905.769509][ T5120]  ? __pfx_kthread+0x10/0x10
[  905.769537][ T5120]  ret_from_fork+0x51e/0xb90
[  905.769565][ T5120]  ? __pfx_ret_from_fork+0x10/0x10
[  905.769591][ T5120]  ? __switch_to+0xc7d/0x1450
[  905.769616][ T5120]  ? __pfx_kthread+0x10/0x10
[  905.769635][ T5120]  ret_from_fork_asm+0x1a/0x30
[  905.769660][ T5120]  </TASK>
[  905.769668][ T5120] 
[  905.769674][ T5120] Allocated by task 5120:
[  905.769684][ T5120]  kasan_save_track+0x3e/0x80
[  905.769772][ T5120]  __kasan_kmalloc+0x93/0xb0
[  905.769796][ T5120]  __kmalloc_noprof+0x3e7/0x7b0
[  905.769824][ T5120]  sk_prot_alloc+0xe7/0x210
[  905.769852][ T5120]  sk_alloc+0x3a/0x390
[  905.769877][ T5120]  bt_sock_alloc+0x3b/0x310
[  905.769940][ T5120]  l2cap_sock_new_connection_cb+0xe2/0x2e0
[  905.769964][ T5120]  l2cap_connect_cfm+0x368/0x1390
[  905.769983][ T5120]  hci_connect_cfm+0x95/0x140
[  905.769997][ T5120]  le_conn_complete_evt+0xf65/0x1430
[  905.770013][ T5120]  hci_le_conn_complete_evt+0x187/0x470
[  905.770029][ T5120]  hci_event_packet+0x7af/0x12c0
[  905.770053][ T5120]  hci_rx_work+0x3ee/0x1030
[  905.770077][ T5120]  process_scheduled_works+0xb6e/0x18c0
[  905.770100][ T5120]  worker_thread+0xa53/0xfc0
[  905.770125][ T5120]  kthread+0x388/0x470
[  905.770141][ T5120]  ret_from_fork+0x51e/0xb90
[  905.770160][ T5120]  ret_from_fork_asm+0x1a/0x30
[  905.770174][ T5120] 
[  905.770179][ T5120] Freed by task 16603:
[  905.770188][ T5120]  kasan_save_track+0x3e/0x80
[  905.770210][ T5120]  kasan_save_free_info+0x46/0x50
[  905.770231][ T5120]  __kasan_slab_free+0x5c/0x80
[  905.770252][ T5120]  kfree+0x1c1/0x6c0
[  905.770273][ T5120]  __sk_destruct+0x626/0x880
[  905.770296][ T5120]  l2cap_sock_cleanup_listen+0xe0/0x440
[  905.770316][ T5120]  l2cap_sock_release+0x6e/0x270
[  905.770333][ T5120]  sock_close+0xc3/0x240
[  905.770349][ T5120]  __fput+0x461/0xa90
[  905.770367][ T5120]  task_work_run+0x1d9/0x270
[  905.770383][ T5120]  exit_to_user_mode_loop+0xed/0x480
[  905.770407][ T5120]  do_syscall_64+0x32d/0xf80
[  905.770430][ T5120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  905.770447][ T5120] 
[  905.770452][ T5120] The buggy address belongs to the object at ffff88805fe1f000
[  905.770452][ T5120]  which belongs to the cache kmalloc-2k of size 2048
[  905.770468][ T5120] The buggy address is located 1968 bytes inside of
[  905.770468][ T5120]  freed 2048-byte region [ffff88805fe1f000, ffff88805fe1f800)
[  905.770487][ T5120] 
[  905.770492][ T5120] The buggy address belongs to the physical page:
[  905.770525][ T5120] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5fe18
[  905.770542][ T5120] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  905.770558][ T5120] flags: 0x80000000000040(head|node=0|zone=1)
[  905.770577][ T5120] page_type: f5(slab)
[  905.770595][ T5120] raw: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122
[  905.770611][ T5120] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  905.770628][ T5120] head: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122
[  905.770644][ T5120] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  905.770661][ T5120] head: 0080000000000003 ffffea00017f8601 00000000ffffffff 00000000ffffffff
[  905.770676][ T5120] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  905.770687][ T5120] page dumped because: kasan: bad access detected
[  905.770701][ T5120] page_owner tracks the page as allocated
[  905.770708][ T5120] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5800, tgid 5800 (syz-executor), ts 84176318549, free_ts 0
[  905.770739][ T5120]  post_alloc_hook+0x231/0x280
[  905.770830][ T5120]  get_page_from_freelist+0x28bb/0x2950
[  905.770847][ T5120]  __alloc_frozen_pages_noprof+0x18d/0x380
[  905.770864][ T5120]  allocate_slab+0x77/0x660
[  905.770882][ T5120]  refill_objects+0x334/0x3c0
[  905.770899][ T5120]  __pcs_replace_empty_main+0x35c/0x710
[  905.770919][ T5120]  __kmalloc_node_track_caller_noprof+0x60b/0x7e0
[  905.770945][ T5120]  pskb_expand_head+0x228/0x1320
[  905.770961][ T5120]  netlink_trim+0x1b3/0x2c0
[  905.770979][ T5120]  netlink_broadcast_filtered+0xd6/0x1010
[  905.770998][ T5120]  nlmsg_notify+0xf0/0x1a0
[  905.771016][ T5120]  __dev_notify_flags+0xf2/0x310
[  905.771123][ T5120]  netif_change_flags+0xe8/0x1a0
[  905.771147][ T5120]  dev_change_flags+0x130/0x260
[  905.771192][ T5120]  devinet_ioctl+0x9f2/0x1b30
[  905.771212][ T5120]  inet_ioctl+0x42a/0x560
[  905.771259][ T5120] page_owner free stack trace missing
[  905.771266][ T5120] 
[  905.771270][ T5120] Memory state around the buggy address:
[  905.771280][ T5120]  ffff88805fe1f680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  905.771293][ T5120]  ffff88805fe1f700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  905.771305][ T5120] >ffff88805fe1f780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  905.771315][ T5120]                                      ^
[  905.771325][ T5120]  ffff88805fe1f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  905.771337][ T5120]  ffff88805fe1f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  905.771347][ T5120] ==================================================================
[  905.775529][ T5120] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  905.775558][ T5120] CPU: 1 UID: 0 PID: 5120 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  905.775585][ T5120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  905.775600][ T5120] Workqueue: hci0 hci_rx_work
[  905.775635][ T5120] Call Trace:
[  905.775643][ T5120]  <TASK>
[  905.775652][ T5120]  vpanic+0x56c/0xa60
[  905.775686][ T5120]  ? __pfx_vpanic+0x10/0x10
[  905.775710][ T5120]  ? __pfx___schedule+0x10/0x10
[  905.775737][ T5120]  panic+0xc5/0xd0
[  905.775762][ T5120]  ? __pfx_panic+0x10/0x10
[  905.775790][ T5120]  ? preempt_schedule_common+0x82/0xd0
[  905.775818][ T5120]  ? l2cap_sock_new_connection_cb+0x1f9/0x2e0
[  905.775844][ T5120]  check_panic_on_warn+0x89/0xb0
[  905.775890][ T5120]  ? l2cap_sock_new_connection_cb+0x1f9/0x2e0
[  905.775916][ T5120]  end_report+0x73/0x180
[  905.775935][ T5120]  ? l2cap_sock_new_connection_cb+0x1f9/0x2e0
[  905.775960][ T5120]  kasan_report+0x128/0x150
[  905.775980][ T5120]  ? l2cap_sock_new_connection_cb+0x1f9/0x2e0
[  905.776009][ T5120]  l2cap_sock_new_connection_cb+0x1f9/0x2e0
[  905.776035][ T5120]  l2cap_connect_cfm+0x368/0x1390
[  905.776060][ T5120]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  905.776081][ T5120]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  905.776111][ T5120]  ? lockdep_hardirqs_on+0x7a/0x110
[  905.776139][ T5120]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  905.776166][ T5120]  ? mutex_lock_nested+0x152/0x1d0
[  905.776189][ T5120]  ? hci_connect_cfm+0x2c/0x140
[  905.776208][ T5120]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  905.776232][ T5120]  hci_connect_cfm+0x95/0x140
[  905.776252][ T5120]  le_conn_complete_evt+0xf65/0x1430
[  905.776279][ T5120]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  905.776300][ T5120]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  905.776330][ T5120]  ? lockdep_hardirqs_on+0x7a/0x110
[  905.776359][ T5120]  ? skb_pull_data+0xfb/0x200
[  905.776384][ T5120]  hci_le_conn_complete_evt+0x187/0x470
[  905.776407][ T5120]  hci_event_packet+0x7af/0x12c0
[  905.776437][ T5120]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  905.776469][ T5120]  ? __pfx_hci_event_packet+0x10/0x10
[  905.776496][ T5120]  ? rt_spin_unlock+0x14f/0x200
[  905.776533][ T5120]  ? hci_send_to_monitor+0xe2/0x590
[  905.776558][ T5120]  hci_rx_work+0x3ee/0x1030
[  905.776589][ T5120]  ? process_scheduled_works+0xa8d/0x18c0
[  905.776618][ T5120]  process_scheduled_works+0xb6e/0x18c0
[  905.776659][ T5120]  ? __pfx_process_scheduled_works+0x10/0x10
[  905.776690][ T5120]  ? assign_work+0x3d5/0x5e0
[  905.776718][ T5120]  worker_thread+0xa53/0xfc0
[  905.776759][ T5120]  kthread+0x388/0x470
[  905.776779][ T5120]  ? __pfx_worker_thread+0x10/0x10
[  905.776805][ T5120]  ? __pfx_kthread+0x10/0x10
[  905.776826][ T5120]  ret_from_fork+0x51e/0xb90
[  905.776856][ T5120]  ? __pfx_ret_from_fork+0x10/0x10
[  905.776883][ T5120]  ? __switch_to+0xc7d/0x1450
[  905.776908][ T5120]  ? __pfx_kthread+0x10/0x10
[  905.776929][ T5120]  ret_from_fork_asm+0x1a/0x30
[  905.776961][ T5120]  </TASK>
[  905.777321][ T5120] Kernel Offset: disabled