last executing test programs:

1m43.771298572s ago: executing program 0 (id=275):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{0xffffffffffffffff, <r0=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)='%pK    \x00'}, 0x20)
socket$nl_rdma(0x10, 0x3, 0x14)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x5, &(0x7f0000000080)=@framed={{}, [@map_val={0x18, 0xc, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xfffffffd}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x55}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x10000}, 0x50) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x10000}, 0x50)

1m42.447215428s ago: executing program 0 (id=279):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
prctl$PR_SET_SECUREBITS(0x1c, 0x25)
setresuid(0xee01, 0xee01, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000003140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4085}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=[@cred={{0x1c}}], 0x20, 0x4004}}], 0x2, 0xc0)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x1, 0x15, 0xfffc, 0x2e}, 0x8, 0x7, 0x3a1b, 0x0, 0x1, 0x101, 0x0})
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
r3 = open(&(0x7f00000005c0)='./bus\x00', 0x6c143, 0x0)
r4 = syz_open_dev$loop(&(0x7f00000001c0), 0x100000000000008, 0x129002)
ioctl$LOOP_SET_FD(r4, 0x4c00, r3)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
pread64(r5, &(0x7f0000000200)=""/82, 0x52, 0x2000000fc)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x1a0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r6, &(0x7f0000000440)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304}, "9806d1267c49cd76", "000000072d85a4609e9104a000", "608642ca", "bc7e7f5df6aec397"}, 0x28)
setsockopt$inet6_tcp_int(r6, 0x11a, 0x4, &(0x7f0000000040), 0x44)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x22301, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000000080)=0x1000)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)

1m41.340469825s ago: executing program 0 (id=283):
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xe)
shutdown(0xffffffffffffffff, 0x0)
read$msr(0xffffffffffffffff, &(0x7f00000002c0)=""/66, 0x42)
unshare(0x4a000200)
syz_emit_ethernet(0x46, &(0x7f0000000180)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000086dd6100000000103afffe80000000009ae08704133222f3ee80e2000000000000000000aa0000000000000000000000000000000186009078002d06009909000032590000"], 0x0)
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0x4)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, r0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x50, 0x0, &(0x7f0000000000)="ff", 0x0, 0x36, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)
r2 = syz_open_procfs(0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000080)=0x9, 0x4)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
socket$inet(0x2, 0x80000, 0x8)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r10, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r9])
preadv(r2, 0x0, 0x0, 0x33, 0x0)
ioctl$BLKTRACESETUP(r2, 0xc0481273, 0x0)

1m36.460230298s ago: executing program 0 (id=296):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1400000000090101000000000000000000000000d7ce53b3220a5854351b734a29885afccd07ce2182816339f3eeff2c5e4ce4deda83cf96df80d5ac9223562b4461af959be8021f0a3d3f0d5ffea39b7da1176bfa8fb11284c116038983c0e8de11db7ac92caaad378725d54549c657c2ead35ab6fde5ff1b42788b0438639f4c393881120e53e1ba373b042f530782700b14e1a5f8056490e282e5da8459c7e01f73cd25f8e0261c33203806fdca1208556ab03b6e172aae7d2677c924254065c55d652e2b52e92ef816ab2c51b24cd309a1bb"], 0x14}}, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = open(&(0x7f0000000000)='.\x00', 0x2000, 0x20)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r3}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001500)=ANY=[@ANYBLOB="2000000076000d0b00000000f3441d5043d1db951f000000080005008fdfc7e9"], 0x20}}, 0x40000)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6, 0x0, 0x0, 0x6}]})
mkdirat(0xffffffffffffffff, 0x0, 0xa1)
close_range(r6, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x181)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, &(0x7f0000000180))

1m34.935380246s ago: executing program 0 (id=298):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000001280)="b7f2288a91", 0x5)
r4 = accept$alg(r3, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000680)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000000c0)="5bdbd57a0e656889964df9937f561de9b944d1e381fed329742e239cb13cf2af711d48d2f15b3118abd8fd087f117830209a631f9dfbec5cbbbb2216a2d87dfb0d7dd906c594125a10053c8e288ac4445ff0e999d423cc250e31e8650d248e49ba5fb3be8db01db38acf5a4455630ecb10f753530ada6598a1", 0x79}, {&(0x7f0000000000)="ef7791000dc7777cb951ca638ea0e1b5d280548c882aa59a68cd17c0e7f23d6d56a03be6caa272b3505e304463179c4d7768d9c3e5c21f3a9963ffde6682e5ecfe30b771e51c8d", 0x47}], 0x2, 0x0, 0x0, 0x2}], 0x1, 0x0)
recvmmsg(r4, 0x0, 0x0, 0x2101, 0x0)

1m33.727097019s ago: executing program 0 (id=301):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
lsm_set_self_attr(0x68, 0x0, 0x20, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x1c302)
r4 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
ioctl$USBDEVFS_CLEAR_HALT(r3, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0xfe3, 0x7a3f, 0x80, 0x51, 0x7e, 0x4, 0x9, 0x0, 0xd, 0x8, 0x2, 0x2, 0x6}, {0x80000001, 0x10, 0x0, 0x2b, 0x6, 0xe, 0x0, 0x1, 0x9, 0x8, 0x7, 0x6, 0x10}, {0x800, 0x2, 0x1, 0x1, 0x5, 0x7, 0x7, 0x0, 0x5, 0x2, 0x81, 0x3, 0xd8e}], 0x5})
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000080)={0x1, {{0xa, 0x4e27, 0x6, @mcast2, 0xb9}}, {{0xa, 0x4ea3, 0x5, @mcast1, 0x7}}}, 0x108)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x14d802, 0x0)
r7 = dup(r6)
r8 = open(&(0x7f0000000240)='./file1\x00', 0x183142, 0x2f)
ftruncate(r8, 0x2007ffc)
sendfile(r7, r8, 0x0, 0x800000009)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000002d00)={0x1, {{0xa, 0x4e22, 0x1000, @mcast2, 0x3}}, {{0xa, 0x4e22, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0xb0}}}, 0x108)
r9 = syz_open_procfs(0x0, &(0x7f0000000640)='net/mcfilter6\x00')
preadv(r9, &(0x7f0000001640)=[{&(0x7f0000000280)=""/191, 0xbf}], 0x1, 0x2, 0x451)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

1m32.893341224s ago: executing program 32 (id=301):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
lsm_set_self_attr(0x68, 0x0, 0x20, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x1c302)
r4 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
ioctl$USBDEVFS_CLEAR_HALT(r3, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0xfe3, 0x7a3f, 0x80, 0x51, 0x7e, 0x4, 0x9, 0x0, 0xd, 0x8, 0x2, 0x2, 0x6}, {0x80000001, 0x10, 0x0, 0x2b, 0x6, 0xe, 0x0, 0x1, 0x9, 0x8, 0x7, 0x6, 0x10}, {0x800, 0x2, 0x1, 0x1, 0x5, 0x7, 0x7, 0x0, 0x5, 0x2, 0x81, 0x3, 0xd8e}], 0x5})
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000080)={0x1, {{0xa, 0x4e27, 0x6, @mcast2, 0xb9}}, {{0xa, 0x4ea3, 0x5, @mcast1, 0x7}}}, 0x108)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x14d802, 0x0)
r7 = dup(r6)
r8 = open(&(0x7f0000000240)='./file1\x00', 0x183142, 0x2f)
ftruncate(r8, 0x2007ffc)
sendfile(r7, r8, 0x0, 0x800000009)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000002d00)={0x1, {{0xa, 0x4e22, 0x1000, @mcast2, 0x3}}, {{0xa, 0x4e22, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0xb0}}}, 0x108)
r9 = syz_open_procfs(0x0, &(0x7f0000000640)='net/mcfilter6\x00')
preadv(r9, &(0x7f0000001640)=[{&(0x7f0000000280)=""/191, 0xbf}], 0x1, 0x2, 0x451)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

19.272395884s ago: executing program 3 (id=470):
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet(0x2, 0x5, 0x883)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1413, 0x4, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getrandom(&(0x7f0000000000)=""/3, 0x3, 0x3)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000009, 0x13, r4, 0x4000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x14)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)

19.199302674s ago: executing program 5 (id=471):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="110100007303000005100e00000904ff7ab31ce6cf51050003fe03010009cdda6cc00c0000000904000203cf726d123979a78c00"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000000080)={0x14, &(0x7f0000000000)={0x40, 0x23, 0x1c, {0x1c, 0x8, "da72c2949c85907dca979d392143c51ad5d4e89dd966dc9f80aa"}}, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3009}}}, &(0x7f0000000340)={0x44, &(0x7f0000000100)={0x20, 0x16, 0x4a, "19a951dcac75679235004f3ab92645e18d3c8efd9f3685609e34cc7f671195d6db2c9fb5554c94d93eed8ec5825caad70e854b6861c835ed5de1ab42099c950ce71494a25f0de2349e4a"}, &(0x7f0000000180)={0x0, 0xa, 0x1}, &(0x7f00000001c0)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000200)={0x20, 0x81, 0x2, "2c86"}, &(0x7f0000000240)={0x20, 0x82, 0x3, "317013"}, &(0x7f0000000280)={0x20, 0x83, 0x1, 'h'}, &(0x7f00000002c0)={0x20, 0x84, 0x1, "f0"}, &(0x7f0000000300)={0x20, 0x85, 0x3, "57b15c"}})

16.199609648s ago: executing program 4 (id=475):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) (async)
ioctl$EVIOCSKEYCODE(r2, 0x40084504, &(0x7f0000000000)=[0x40, 0x3]) (async)
syz_emit_ethernet(0xfdef, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "92c01f", 0x8, 0x2f, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @private}, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x6558, 0x0, 0x12}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21}, {}, {0x8, 0x88be, 0x4305000f}}}}}}}, 0x0)

15.131126029s ago: executing program 4 (id=477):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
syz_open_dev$amidi(0x0, 0x2, 0x80042)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
openat(0xffffffffffffff9c, 0x0, 0x2c040, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
write$UHID_INPUT(r2, &(0x7f0000002b40)={0xe, {"a2e3ad099b0d09f91b5f450987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0a75e70a9b334d959b669a240d5b0af3988f7ef31952010afde8d178708c523c921b1b5b07070d075b0936cd3b78130daa61d8e81a0000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397273ce1766769f0c91c00305d3f46635eb016d5b1dda98e2d739be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc3609aa24b7d520c829d095083bba2987a67399eac430d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b2860d1b3cff57d8b6d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b34cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827955e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c58b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef8473b53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b344340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb5a68a1f0c4549820a73c8859dde0712ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcb7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ec00000000000000b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a52830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000e00f96f06817fb903729a7fb6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x942}}, 0x1006)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb012018"], &(0x7f0000000100)=""/226, 0x34, 0xe2, 0x8, 0xdd6}, 0x28)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
pselect6(0x40, &(0x7f0000000100), &(0x7f0000000000)={0x1f}, 0x0, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="3400000041d0e81a8b8bbacc866e65cb60fa9c64565200978c3ed51f4a570f99b756448b7948c9adf002102a85994db84fadfa5a1e2502febdd993d73f5f2bc2f348d97efbc8f56c7d86809d8112252b6a8e0e773548bbd3813aea334b654fcc0b1cef46bd55364000496032cd79c851529b17e5e385a56de7d7998db584b5841b227a317e91b9f308", @ANYRES16=0x0, @ANYBLOB="00042abd7000ffdbdf250800000005002a0001000000050029000000000005002f00000000000600280000000000"], 0x34}, 0x1, 0x0, 0x0, 0x8869}, 0x20000000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$COMEDI_CMDTEST(r3, 0x8050640a, &(0x7f0000000440)={0x8, 0x80, 0x100, 0x1, 0x0, 0xfffffff2, 0x2, 0x10, 0x154, 0x37f2, 0x10, 0x3f223ac6, 0x0, 0x0, 0x0})

14.616578652s ago: executing program 3 (id=479):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f00000002c0)=0xfffffffe, 0x4)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
listen(r5, 0x6)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r4, 0xc0384707, &(0x7f0000000040)={0xfffffffd, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"})
r6 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000240)={{0x3, @null}, [@rose, @default, @netrom, @bcast, @netrom, @null, @default, @bcast]}, &(0x7f00000000c0)=0x48, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xfffffffffffffdff}, 0x40004)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0)
ioctl$TCXONC(r7, 0x540a, 0x2)
ioctl$TIOCSPTLCK(r7, 0x40045431, &(0x7f0000000000))
r8 = ioctl$TIOCGPTPEER(r7, 0x5441, 0x3)
ppoll(&(0x7f0000000280)=[{r8, 0x62}], 0x1, 0x0, 0x0, 0x0)
ioctl$TCXONC(r8, 0x540a, 0x2)
openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_CLEAR_HALT(r1, 0xc0105502, &(0x7f00000001c0)={0x1, 0x1})
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
write$binfmt_script(r1, &(0x7f0000000200), 0xfffffd9d)

12.986709304s ago: executing program 5 (id=482):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e40000001900200026bd7000fbdbdf251c201030fc03fd0700320000840013000000000000000000000001000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000001400120018008ac138bcb4d3667fe682734c017805001a000d00000005001a00050000000c000900060018d7", @ANYRES32, @ANYBLOB="14001200100018b9057ce310f58becb00723fa6d"], 0xe4}, 0x1, 0x0, 0x0, 0x48090}, 0x20008050)
r4 = syz_open_dev$vim2m(&(0x7f0000000400), 0xd, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045613, &(0x7f00000000c0)=0x2)

12.891186061s ago: executing program 4 (id=483):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
pselect6(0x40, &(0x7f0000001680)={0x1, 0x4, 0x4, 0xffffe00000000000, 0x3, 0x2, 0x5f1fc331}, 0xfffffffffffffffd, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x44055)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4624, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
r2 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x2001}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff)
bind$tipc(r2, 0x0, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r4, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x1004)
waitid(0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0xa000, 0x1da)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)

11.743426223s ago: executing program 5 (id=486):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000980)={0x14, &(0x7f0000000d40)={0x0, 0xd, 0x102, {0x102, 0xb, "f68a61d3be15fbfee5f188d2c67143c28ecb36ec47b4eb2154f1e796d252da6da1073b81f94c98683a2e68fb49fc1c6093079b4c2c714529000092024a2d5568257f4a75f020c3b31708cdc15a4ed9e46240d92faf8ed205ee83cf430d03622819824a6e57adac43b9132500184e5d72a53d125da50d0c02fc378c9b6bd3849c689c3ee21fdb6997e4875134c0dec7816fdba39979ee1367bb0962a4e4c3216cbc3edefba31e9649d9f7c30154f7f93752d8fbf1a917b0e276bb80588453d0b030345fa798facb8d6c077a23627e4de522fcab3d4251e9c564282433033afe991a2b300d99703360804d5d0a9d9f0ce1173c5508f93b7930708ff2b908ad6bb8"}}, &(0x7f0000000940)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000c40)={0x44, &(0x7f00000009c0)={0x20, 0x18, 0x59, "4b43a06671ce7d28d38d8b8d3c9f19bb437a1b91096dfbe2bf5f953a3ff131db2e4aa7a7c7b1e357db5bc5feec093c6d8cee7ea03626ccc32ee3104e7c34c5e93bed8f278ccfab7de16f3d98fb33802131acfc81c5840f1ee4"}, &(0x7f0000000a40)={0x0, 0xa, 0x1, 0x4}, &(0x7f00000008c0)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000ac0)={0x20, 0x80, 0x1c, {0x7, 0x6, 0x400, 0x8, 0x7fff, 0x0, 0x9, 0x9, 0x71d, 0x17, 0xff, 0x5}}, &(0x7f0000000b40)={0x20, 0x85, 0x4, 0x2}, &(0x7f0000000b80)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000bc0)={0x20, 0x87, 0x2, 0x3}, &(0x7f0000000c00)={0x20, 0x89, 0x2, 0x1}})
mmap(&(0x7f0000372000/0x3000)=nil, 0x3000, 0x2, 0x4008032, 0xffffffffffffffff, 0x24d57000)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, r3, 0x1, 0x70bd24, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PORT={0x5}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20009005}, 0x4000080)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
close(r1)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000000000000100000000000000cc00000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e64021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
epoll_create1(0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000900)={@cgroup, r8, 0x5}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r7}, &(0x7f00000006c0), &(0x7f0000000700)=r6}, 0x20)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r9, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00', 0x7, 0x2, 0x3e0, 0x1f8, 0x2f8, 0x1f8, 0x2f8, 0x2f8, 0x2f8, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE2={0x28}}, {{@arp={@multicast2, @empty, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'vxcan1\x00', 'nr0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac, @broadcast}}}, {{@arp={@remote, @multicast2, 0x0, 0x0, 0x0, 0x0, {@mac}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg\x00', 'vcan0\x00'}, 0xc0, 0x100}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "dcbc4f0fcafe5fd600342efa7968d220b64d039e8a81d171eeb2e9630554"}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x430)
r10 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r11, r10, 0x26}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r11}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000680)={0x1c, &(0x7f00000003c0)=ANY=[], 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000300)={0x2c, &(0x7f0000000000)={0x40, 0x1, 0xab, {0xab, 0x32, "8ce32bf1eb0b24d1f47693713cb4787e1766bd704b91807eea15b14277eb6cf42acbbe9f77fae40bd19f20b359fa9694512fbb01991bb041b85d43512e3fa23029df549ae976d796d7fbdf30bde47f309b571cd2226a2bc12af0e7b5744f29052d50ed779f66ac0f8f6f08b1da251bb4a599f52541e75168a4b9230f8488749c08dd1f971c6f900012d4afe060922659379dce68d60812f090fc79c15af1fb4b6658dcbd1ec28a63f9"}}, &(0x7f0000000140)={0x0, 0x3, 0xdc, @string={0xdc, 0x3, "95d117a435590e169be9eccad653692e702ab2c473af5df4c0f208fb69e0eae5e2f35a5b31faa0031d43fd2bf72981b620181c45b81101f18d26ab620aa0e77cc0a774e548ad0ba81029fc3521394a461f0364d6665706f6f19ca4f4e617eda4889d801145252b2a22069d69ae230f25a62d7e3ced26f49c687e29763679b66924680c42dfa558a62201f628da802c8351491d071db5a36be7c37bb0556e2840c36ab57e36fe46d6cbbeab11a0ef875813d19be68df6211a53cbddd4e04a79d877b8dde11192a8d00c74e2ee66c223b0cfcd10a5695439efdb06"}}, &(0x7f0000000240)=ANY=[@ANYBLOB="000f5d230000050f5d00043e100330e3bdd0c8476c0f954c5280c2bb537d90bf31348eba5b0d5153da606bb9176095e4e6e21a416f6b663df369fea45c687f2000100a7bc49b0ee8110c100a01c00000000000ffff0b10010c0100140009000203100b"], &(0x7f00000000c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6, 0x2, 0xc, 0x4, "39ab5b1c", "85b3db91"}}, &(0x7f00000002c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x8, 0xb0, 0x5, 0x7f, 0xd72, 0x8}}}, &(0x7f0000000800)={0x84, &(0x7f0000000340)={0x0, 0x0, 0x27, "e16f22096aa7bf343e83dca3ffd62b385856d887a2993de18f165835e5cda2839b80888d8ddbdd"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x6}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000000440)={0x20, 0x0, 0x8, {0x40, 0x8, [0x0]}}, &(0x7f0000000500)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000000540)={0x40, 0x9, 0x1, 0x7f}, &(0x7f0000000580)={0x40, 0xb, 0x2, "e8ab"}, &(0x7f00000005c0)={0x40, 0xf, 0x2, 0x5}, &(0x7f0000000600)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000640)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}}, &(0x7f00000006c0)={0x40, 0x19, 0x2, "1cc3"}, &(0x7f0000000700)={0x40, 0x1a, 0x2, 0x6}, &(0x7f0000000740)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000780)={0x40, 0x1e, 0x1, 0x5}, &(0x7f00000007c0)={0x40, 0x21, 0x1, 0x81}})

11.08324142s ago: executing program 1 (id=487):
epoll_create(0x10000e9)
openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7\x88\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7`\x9b=\xec\x9f\x1d\x9b@$\x8c\bb\x1a\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\'\xffO,4\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2\x01G\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\rr\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\xc6\x8a=\x04\xa35\x9b\xf5\x80E\x8f\x1e\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x10\x00'/276, 0x2)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
memfd_create(0x0, 0x7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/14, @ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0x17, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r1=>0x0})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
syz_emit_ethernet(0x66, &(0x7f0000000780)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6100272400303afffc000000000000000000000000000001ff0200000000000000000000000000019078000000006d2308d31000000120010000000000000000000000000001ff010000000000000000000000000001"], 0x0)
ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r1, 0x0, &(0x7f0000ff0000/0x10000)=nil, 0x10000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x5, r1, 0x0, <r3=>0xffffffffffffffff}) (fail_nth: 4)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, r3, 0x0, 0x0, 0xffca, &(0x7f0000000040)='?', 0x5})
mq_open(&(0x7f0000000180)='$@\x00', 0x842, 0x121, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))

10.216496339s ago: executing program 1 (id=488):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
ppoll(&(0x7f0000000500), 0x0, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x300000000000000, 0x0, 0x7fffffff}, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)

10.019053429s ago: executing program 3 (id=490):
socket(0x10, 0x803, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x40)
r1 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000300)=[@wrmsr={0x1e, 0x20, {0x88b, 0x773d}}, @rdmsr={0x32, 0x18, {0xadd}}, @uexit={0x0, 0x18, 0x9}, @wrmsr={0x1e, 0x20, {0x17, 0x7f}}, @code={0xa, 0x5a, {"410f20640f06360f019ae73e4aeb0f00d2b9800000c00f3235010000000f30440f20c03507000000440f22c00f22818f6978cb4737f30f1ecd66baf80cb888518d8aef66bafc0c66ed"}}, @uexit={0x0, 0x18, 0xfff}, @wr_crn={0x46, 0x20, {0x4, 0x3}}, @code={0xa, 0x5d, {"66bad10466edb9810200000f32362e400f005900450f4e6904400f32c74424008000c0fec744240240000000c7442406000000000f011c24b8010000000f01c1420f06440f380b7b00420f08"}}, @cpuid={0x14, 0x18, {0x5e22, 0x4}}, @rdmsr={0x32, 0x18, {0xb19}}, @uexit={0x0, 0x18, 0x7}, @uexit={0x0, 0x18, 0x9633}, @cpuid={0x14, 0x18, {0x5d6b, 0xd52}}, @rdmsr={0x32, 0x18, {0x904}}, @uexit={0x0, 0x18, 0xffffffffffffffff}, @code={0xa, 0x4e, {"420f01c80fc7bc9db300000066b8c0000f00d066baf80cb89aa33a8bef66bafc0cb0dfee67490fc71a440f01c43ed9fa440f212d0f206326f3400f1ef9"}}, @code={0xa, 0x62, {"66f3460fae77b80f1a0766baf80cb8b0567c86ef66bafc0ced48b800000000000000000f23c80f21f8350000e0000f23f8f3ae66f244ad8f0978c18100000080c44249a90ac48189d2ff66ba4300b000ee"}}, @code={0xa, 0x8f, {"64f20fc2227b672e363e36f36564f0428000000f01cf44f6d7b9270200000f32660f3a17984172a52fbc48b800800000000000000f23c80f21f8350c00e0000f23f866baf80cb84a0f998eef66bafc0c66ed66baf80cb80c920683ef66bafc0cb808000000ef48b800800000000000000f23d00f21f835000000080f23f8"}}, @wrmsr={0x1e, 0x20, {0xd53, 0x1}}, @uexit={0x0, 0x18, 0x9}, @wrmsr={0x1e, 0x20, {0x3c2, 0x800}}, @rdmsr={0x32, 0x18, {0x8b6}}, @rdmsr={0x32, 0x18, {0x272}}], 0x3ce})
syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000000c0)="0fc7b21b00fb77b9800000c00f3235000800000f300f20c035000000800f22c0430f21c2c403f9159b16000000dd66baf80cb88c786885ef66bafc0c66b8ce8a66efc422e1a9cb66b802010f00d866b818010f00d00f01f8", 0x58}], 0x1, 0x1, &(0x7f0000000180)=[@flags={0x3, 0x35010}], 0x1)
add_key$user(0x0, &(0x7f00000005c0), 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
epoll_create(0x7)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f00000000c0)=0x2)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r7 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$SNDCTL_DSP_GETOSPACE(r6, 0x8010500c, &(0x7f0000000040))
ioctl$SNDRV_PCM_IOCTL_READI_FRAMES(r7, 0x80184151, &(0x7f0000000340)={0x0, 0x0})

9.810767232s ago: executing program 2 (id=491):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000002c0)=ANY=[@ANYBLOB="88000000", @ANYRES16=r3, @ANYBLOB="010029bd7000000000003b00000008000300", @ANYRES32=r1, @ANYBLOB="4d00330040bc01000802110000000000000000000250505050509400ac0146c0000f9db4a84f2beb2f4ecb945a20a904b02d1a00080010002100000000000300010008000000000406000000090000000600cd000000000004008e0008005700961200ca"], 0x88}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be70}, 0x24008080)

9.448389249s ago: executing program 2 (id=492):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$SNDRV_PCM_IOCTL_READI_FRAMES(r3, 0x80184151, &(0x7f0000000180)={0x0, &(0x7f0000000080)="2eead8feb30ef642d4d01ad859078b7f4604cd7268eb8263eb0b2913e43c59ca94c47be0be18", 0x26})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x18, 0x18, &(0x7f0000000280)={@flat=@binder={0x73682a85, 0x101, 0x1}, @flat=@weak_binder={0x77622a85, 0x1001, 0x3}, @flat=@weak_binder={0x77622a85, 0x1101, 0x3}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000480)={0x0, 0x17, 0x100, "94c161ee11d000934faf2e4158ed08cc0247ab0794a2daa70509cbb4500c4717d72b25fbf8dd802eba8e5177f9c758940c7b0d6daa9e21563e71abce5fb3f90709db66fceec1cb2962ad98785363c04cc8f4be4a61dd60bdcaae83070258505a7e3c63211966ea46cf1eb2dcb8aa0d8abd695ecff52f037a8fc07f08a2bf409e78702f4abaa1306b48917df74a000a56ab03b47c2ae817b357cb1b3de1b98c967dd1e43700006effc49130fdc3f75f61f427a433a6057201cd5fcb8f017e5ce2a787f2627ada84a7155316f18493147b7a001736c7ca69b874c5d38e448741dddb2ebaea0c0aa60f4a5a7756c84316694abfcb8b4db426e0c82ccad548185dde"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)=ANY=[@ANYBLOB="000f04e9000002000000"], 0x0, 0x0})

9.15134117s ago: executing program 1 (id=493):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000080)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x7)
r1 = syz_open_procfs(0x0, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x298})
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
r2 = socket(0x26, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000140)={0x5, 0x3, 0x0, 0x2}, 0x10)
write(r2, &(0x7f0000000000), 0x0)
fstatfs(0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/cgroup\x00')
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000140)=0x14)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x7e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

6.950338539s ago: executing program 3 (id=494):
r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x100, 0x90)
open_tree(r0, 0x0, 0x89901)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$pokeuser(0x6, r1, 0x358, 0xffff8880b8638c40)
r2 = socket(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@ipmr_delroute={0x28, 0x19, 0x1, 0x70bd2b, 0x25dfdbff, {0x80, 0x20, 0x90, 0x0, 0x0, 0x11, 0x0, 0x5}, [@RTA_MULTIPATH={0xc, 0x9, {0x60, 0xc, 0xfa}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040810}, 0x4000004)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r7)
accept4$alg(r2, 0x0, 0x0, 0x80000)
sendmsg$TIPC_NL_KEY_SET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x54, r8, 0x200, 0x70bd28, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4, @dev={0xac, 0x14, 0x14, 0x13}}}, {0x14, 0x2, @in={0x2, 0x4e23, @private=0xa010102}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(0x0, 0xb, 0x0, &(0x7f0000000000))

6.760242991s ago: executing program 5 (id=495):
r0 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000180)={0x5, @raw_data="2fb04a43cb4edbb2f8c11d55fe7e39d98cc683907ce4751204e83d1785190479f3c5d378bed2c1fc92e0629a4fffd9a52b7a93d12eb198729676b0d892c9c02879d5700ed2ea2a5352518f772c3d9d2809911d42843bd3931a529ac577f811f21e91d3e16bb79748df00c9b6882ccd692b1170aa76a9de8d4bd5f8690cc3edf408d220b7d5916b3eba2d13f751cb46d2cf9034ed3d98a91172eea90e991030a3af605efb6671b50a33e46fdc5695084f7cc34d71ea422e337bf362d643c2827ae8e7f38afa894e0c"})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r1}, 0x8)
r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x3c, r3, 0x1, 0x9, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40800}, 0x4000040)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000080)={0x0, 0x8, 0x2, {0x2, @sliced={0x0, [0x3, 0x0, 0x0, 0x5, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5]}}})
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000300)={0x2, @vbi={0xfffffffd, 0x6, 0x8, 0x3234564e, [0x800, 0x4], [0x527, 0x2]}})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r5}, 0x18)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000480)={0x0, {{0xa, 0x4e22, 0x214e, @rand_addr=' \x01\x00', 0x7ff}}, {{0xa, 0x4e21, 0x935, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3}}}, 0x108)
setgroups(0x0, 0x0)

6.450620902s ago: executing program 4 (id=496):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x490, 0x168, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3c0, 0xffffffff, 0xffffffff, 0x3c0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x148, 0x168, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x810001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x228, 0x258, 0x0, {}, [@common=@ipv6header={{0x28}, {0x20}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4f0)
syz_emit_ethernet(0xd9, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd69c8670000a30600fe800000000000000080fe00000000bbff0200000000000000000000000000014e344e24", @ANYRES32=0x41424344, @ANYBLOB="8118000690"], 0x0)

6.327767855s ago: executing program 1 (id=497):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000100"/20, @ANYRES32], 0x50)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb010018000000000000007c0000007c00000002000000000000000000000e0000000000000000000000000600000d000000000000000000000000000000000000000000000000fd000000000000000000000000000000000000000000000000000000000000000000000c00000000000000000000000900000000000000000000000900000000000000000000000a02"], 0x0, 0x96, 0x0, 0x3}, 0x28)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10}, 0x94)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0x12, &(0x7f0000000040)=0x46c, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'macvlan1\x00'})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r7, 0xc4c85513, &(0x7f0000000000)={0xb, 0x0, 0x0, 0x0, 'syz1\x00'})
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000001000/0x400000)=nil)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="020000000000000000000040000000000600100000000000c5030ca2b39b4bcd44df02897801000040000000000700000000000000"])
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f0000000200)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560702000f0200006706000020000000620a00ff0ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffcd35010000000000ce040000000000001c000000000000009500000000000000db13d5d8b741f2cdaabc8383c8f56bb5df3083d20f8c2bf304000000815dcf0066d7ded3c5c49a08a503ea6d54f7f3125a8200578ac0836d6454745e70a27444003c5b20451b624db6f5320e9befc1e00b8b32917c4d30d16b7edb732bc3ac330b16c442aff70d27659bc58e296b16750c5577c848754b4894b07f15bab1c640a5c0c4fd62f9db829b301ef67fd2b2736f3af0c54af2412313b17c4c8081c4ed0572261960e227d34cfbfdb247bc2351c9d8363a8cb18b7330604da78b0aba47545f9a25a80dd7d28a5ae41824f611dd2de6dd581c52698f9542a444a8a3969946faded5d0e14c6c946eeb44fe63275c00000000"], &(0x7f0000000100)='GPL\x00'}, 0x48)

6.095818154s ago: executing program 5 (id=498):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x2001370, &(0x7f00000004c0)={0x0, 0x8ca7, 0x11110, 0xfffffffe, 0x4e}, &(0x7f0000000200)=<r4=>0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000300), 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0xcf, 0xfffffffb, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0xfeff]}}], 0x1001a)

5.990795331s ago: executing program 4 (id=499):
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x40b4832, 0xffffffffffffffff, 0xb2993000)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x10000, 0x0)
ioctl$SNDCTL_SEQ_CTRLRATE(r1, 0xc0045103, &(0x7f0000000180)=0x7fffffff)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
io_submit(0x0, 0x5, &(0x7f0000000680)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x10000000}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x6, 0x800, r0, &(0x7f0000000000)="abceeda37f347dd8fd31fdee379656b32b9e1448f834241f1d93d6a9dc836d21f0fc44da7b3603dda72e60799355db41350a9e713b8cb31bbf7e6ff6223d90b5d0e0440cc1480f7aaafac87b3712c2ab286f7f80df494c65eb75a6939ba2866296626dcfb23c60841f277c2f116e68f74b86cea166b106", 0x77, 0x0, 0x0, 0x1, r2}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2, 0x59, 0xffffffffffffffff, &(0x7f00000006c0)="4c5597c7f6fb8247a8155321e11a3e3535fd0cafd1314c90eb7b3a0e379eef0fd431a69a87be8f10932cfa4823165210b9a8761e4231a519826746f15b0eafef999ab9583d0bc09ee2ac3a2f2eab8726463eb4fd6d0f380aa4cda2798e24633341cd1c490578e3cd89831f6cabaebc4a340f5dab14eeb539bba3ad4167ad8cd736b039aa23e8beb5e3861f0ff57911854cbf1ac115bd4700ab3f93bd", 0x9c, 0x3, 0x0, 0x0, r2}, 0x0, 0x0])
read(r1, &(0x7f0000000240)=""/96, 0x60)
write$binfmt_misc(r2, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

4.500783557s ago: executing program 2 (id=500):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000e280)={0x2020, 0x0, <r1=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f00000061c0)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b7c447bf9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e7fccfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992fecfc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, {0x6, 0x0, 0x0, 0xc3, 0x0, 0x8000000, 0x0, 0x0, 0x81, 0xc000, 0x2000, 0x0, 0x0, 0x0, 0xff000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, r1, {0x7, 0x29, 0x1c000, 0x0, 0x0, 0x2, 0x100, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x50)
link(&(0x7f0000000280)='./file0/../file0/file0\x00', &(0x7f0000000400)='./file0/../file0/file0\x00')

4.444406173s ago: executing program 1 (id=501):
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000700)={0x1, 0x58, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r0=>0x0}}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_FREEZE(r3, 0x400c620e, &(0x7f0000000000)={0x0, 0x0, 0x402})
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f0000000940)=[{{&(0x7f0000000180)=@caif=@dgm, 0x0, &(0x7f0000000600)=[{&(0x7f0000000300)=""/83}, {&(0x7f0000000380)=""/152}, {&(0x7f0000000040)=""/51}, {&(0x7f0000000440)=""/69}, {&(0x7f0000000540)=""/151}]}, 0x5}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000840)=""/243}], 0x0, &(0x7f0000000680)=""/72}, 0x401}], 0x10129, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000740)="d800000019008111e0020f060d8107040a60000000010000001455a12a000900083f0699e3ffffff14000500fe80817806000567b8b7b94002000009080016060000000000000000d67f6f9400f7d1d9bbe94fa27100a007a2f7457f01896034277ce06bbace8017cb39b62ee5a7cef4090000001fb791643a5e83d42365f003724a237e09000000b2a10000000014d6d930dfe1d9c322fe040000005025acca262f3d40fad95667e006dcdf634c1f215ce3bb9ad809d50b7b4338c9f1ac76efb42a9ecbee5de6ccd44242f4d643f6fd0f26187b51980dd6", 0xd8}], 0x1}, 0x80)

3.274923434s ago: executing program 1 (id=502):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) (async)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
setrlimit(0x7, &(0x7f0000000000))
landlock_create_ruleset(&(0x7f0000000400)={0x100}, 0x10, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async, rerun: 64)
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) (async, rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0xfffffffffffffda9) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
r5 = syz_open_dev$loop(&(0x7f0000000000), 0x1d7a, 0x1c1400) (async, rerun: 32)
mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad342e87ed63595e043a81fa36feb0f49bca508854", @ANYRESDEC, @ANYBLOB="40ef35a971d35097635122028eb919802534a9e95b3ca94bf84415370e72798ba993e10be6a82eee4caa011b2c213a3a032f32435692c0ba1dc1f06b1de6bc83e6d684a1f35cf6c3d5", @ANYRESOCT]) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000400)=ANY=[], 0x1df)
getpid() (async)
write$binfmt_misc(r6, &(0x7f00000001c0)="d4c1ce69a55f02b191d7d08b238b860a09f3a94b0ef55e21cd563eac25e00679b6f617", 0x23) (async)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000400000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00'})

3.273432601s ago: executing program 4 (id=503):
socket$inet6(0xa, 0x3, 0x3c)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x2400c801)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3f}, {0x85, 0x0, 0x0, 0x89}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43, 0x70000000}}, 0x0}, 0x94)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020100020a0000000000000000000000030006002b20000002004e24ac1414aa0000000000000000030005000000000002000a01000000000000000000000000020013"], 0x50}, 0x1, 0x7}, 0x20000000)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x11)
ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f00000000c0)={0x1, 0x0, 0xffff17f2, 0xc})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$F2FS_IOC_SEC_TRIM_FILE(0xffffffffffffffff, 0x4018f514, &(0x7f0000000000)={0xff, 0x6, 0x3})
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40840)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0)
preadv(r4, &(0x7f0000001cc0)=[{0x0}], 0x1, 0x0, 0xa3)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10)
setsockopt$sock_int(r5, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4)

3.16355015s ago: executing program 2 (id=504):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1}, 0xc)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r1, &(0x7f0000000240)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e45440000851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9620bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b200fedea1c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006) (async)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async)
write$P9_RREADLINK(r1, &(0x7f0000001280)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e20, 0x2, @ipv4={'\x00', '\xff\xff', @empty}}, {0xa, 0x0, 0xfffffffe, @empty}, 0x0, {[0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x8]}}, 0x5c)

2.600817056s ago: executing program 3 (id=505):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) (fail_nth: 7)

2.235107806s ago: executing program 2 (id=506):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000300)={0x0, 0x7ffd}, &(0x7f0000000340)=0x10)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$xdp(0x2c, 0x3, 0x0)
mmap(&(0x7f000000b000/0x4000)=nil, 0x4000, 0x1000005, 0x8012, r3, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x11}}], 0x1, 0x4000800)
r4 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x0)
ioctl$VIDIOC_QUERYCTRL(r4, 0xc0445624, &(0x7f0000001d00)={0xbf9f, 0x23b4b4b239d825f2, "b058b584c75da73d1f7600450b8add59e9665ce1d040fef200", 0x0, 0x2})
syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000380)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r5 = syz_io_uring_setup(0x24fe, &(0x7f00000003c0)={0x0, 0x793, 0x10100}, &(0x7f0000000100), &(0x7f0000000140))
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='='], 0x38}}, 0x4000080)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100fdffffff040000001300000008000300", @ANYRES32=r9, @ANYBLOB="06001200000000000600b50085010000040013000a000600ffffffffffff0000140081"], 0x50}, 0x1, 0x0, 0x0, 0x45}, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x5, 0x4000010, r6, 0x3000)
io_uring_enter(r5, 0x2d3e, 0x2936, 0x0, 0x0, 0x0)

1.720496989s ago: executing program 5 (id=507):
socket$nl_route(0x10, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
socket(0x28, 0x5, 0x0)
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x42, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket(0xf, 0x2, 0x4)
write(r3, &(0x7f0000000380)="02", 0x33fe0)
socket(0x1e, 0x805, 0x0)
r4 = syz_open_procfs(0x0, 0x0)
write$binfmt_misc(r4, &(0x7f00000003c0), 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0xb000200, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)

1.719848956s ago: executing program 3 (id=508):
socket$l2tp6(0xa, 0x2, 0x73)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)={0x28, 0x37, 0x1, 0x7fffc, 0x4, {0x1}, [@nested={0x8, 0x6a, 0x0, 0x1, [@nested={0x4, 0xc8}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64}]}, 0x28}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
sendfile(r1, r0, 0x0, 0x7ffffffd)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x29, 0x7, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r3, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x7)
r5 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000001d00070f000200000000000007000000", @ANYRES32=r6], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000a0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0x2004, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r7, 0x2, 0x1}, 0x50)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, 0x0, 0x9c3fa077fa966179, 0x0, 0x700, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

0s ago: executing program 2 (id=509):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@int=0x7fff, 0x4)

kernel console output (not intermixed with test programs):

oth: hci4: unexpected cc 0x1001 length: 249 > 9
[   94.319326][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   94.327704][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   94.335610][ T5854] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   94.344639][ T5854] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   94.352095][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   95.041359][ T5839] chnl_net:caif_netlink_parms(): no params data found
[   95.105155][ T5849] chnl_net:caif_netlink_parms(): no params data found
[   95.164628][ T5834] chnl_net:caif_netlink_parms(): no params data found
[   95.274045][ T5836] chnl_net:caif_netlink_parms(): no params data found
[   95.432662][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.440177][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.447625][ T5839] bridge_slave_0: entered allmulticast mode
[   95.455395][ T5839] bridge_slave_0: entered promiscuous mode
[   95.464277][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.471940][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.479531][ T5839] bridge_slave_1: entered allmulticast mode
[   95.486855][ T5839] bridge_slave_1: entered promiscuous mode
[   95.494576][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   95.604964][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.613031][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.620696][ T5849] bridge_slave_0: entered allmulticast mode
[   95.628100][ T5849] bridge_slave_0: entered promiscuous mode
[   95.689630][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.696851][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.704303][ T5849] bridge_slave_1: entered allmulticast mode
[   95.711757][ T5849] bridge_slave_1: entered promiscuous mode
[   95.734858][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.750709][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.757886][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.765251][ T5834] bridge_slave_0: entered allmulticast mode
[   95.772665][ T5834] bridge_slave_0: entered promiscuous mode
[   95.817667][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.836848][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.877846][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.885211][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.893263][ T5834] bridge_slave_1: entered allmulticast mode
[   95.903637][ T5834] bridge_slave_1: entered promiscuous mode
[   95.955100][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.008457][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.015965][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.023407][ T5836] bridge_slave_0: entered allmulticast mode
[   96.032070][ T5836] bridge_slave_0: entered promiscuous mode
[   96.041025][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.048149][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.055569][ T5836] bridge_slave_1: entered allmulticast mode
[   96.063902][ T5836] bridge_slave_1: entered promiscuous mode
[   96.098263][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.105701][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.113084][ T5845] bridge_slave_0: entered allmulticast mode
[   96.120777][ T5845] bridge_slave_0: entered promiscuous mode
[   96.132345][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.176480][ T5839] team0: Port device team_slave_0 added
[   96.182998][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.190464][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.197667][ T5845] bridge_slave_1: entered allmulticast mode
[   96.207392][ T5845] bridge_slave_1: entered promiscuous mode
[   96.216924][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.258025][ T5849] team0: Port device team_slave_0 added
[   96.269527][ T5839] team0: Port device team_slave_1 added
[   96.299660][ T5854] Bluetooth: hci0: command tx timeout
[   96.324863][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.336827][ T5849] team0: Port device team_slave_1 added
[   96.369330][ T5854] Bluetooth: hci3: command tx timeout
[   96.369474][ T5841] Bluetooth: hci1: command tx timeout
[   96.397326][ T5834] team0: Port device team_slave_0 added
[   96.407091][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.444518][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.451680][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.477898][ T5841] Bluetooth: hci4: command tx timeout
[   96.477908][ T5854] Bluetooth: hci2: command tx timeout
[   96.480399][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.503893][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.517376][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.529587][ T5834] team0: Port device team_slave_1 added
[   96.549544][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.556573][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.583375][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.595259][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.602572][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.628654][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.677006][ T5836] team0: Port device team_slave_0 added
[   96.684000][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.691351][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.717565][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.761532][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.768631][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.795262][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.809451][ T5836] team0: Port device team_slave_1 added
[   96.840116][ T5845] team0: Port device team_slave_0 added
[   96.846875][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.854030][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.880391][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.935192][ T5845] team0: Port device team_slave_1 added
[   96.965405][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.972479][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.999201][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.012283][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.019450][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.045483][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.062786][ T5839] hsr_slave_0: entered promiscuous mode
[   97.069890][ T5839] hsr_slave_1: entered promiscuous mode
[   97.126810][ T5849] hsr_slave_0: entered promiscuous mode
[   97.133988][ T5849] hsr_slave_1: entered promiscuous mode
[   97.140469][ T5849] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   97.148218][ T5849] Cannot create hsr debugfs directory
[   97.172107][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.179979][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.181256][  T926] cfg80211: failed to load regulatory.db
[   97.215706][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.228282][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.235756][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.261970][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.408560][ T5834] hsr_slave_0: entered promiscuous mode
[   97.415234][ T5834] hsr_slave_1: entered promiscuous mode
[   97.421878][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   97.430616][ T5834] Cannot create hsr debugfs directory
[   97.476701][ T5836] hsr_slave_0: entered promiscuous mode
[   97.483327][ T5836] hsr_slave_1: entered promiscuous mode
[   97.490637][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   97.498356][ T5836] Cannot create hsr debugfs directory
[   97.526689][ T5845] hsr_slave_0: entered promiscuous mode
[   97.533426][ T5845] hsr_slave_1: entered promiscuous mode
[   97.540576][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   97.548208][ T5845] Cannot create hsr debugfs directory
[   98.116635][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   98.152557][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   98.173654][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   98.186113][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   98.236820][ T5849] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   98.250538][ T5849] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   98.261406][ T5849] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   98.276837][ T5849] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   98.369482][ T5841] Bluetooth: hci0: command tx timeout
[   98.380990][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.392771][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.406145][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.418213][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   98.449285][ T5841] Bluetooth: hci3: command tx timeout
[   98.460461][ T5841] Bluetooth: hci1: command tx timeout
[   98.529054][ T5841] Bluetooth: hci4: command tx timeout
[   98.529305][ T5854] Bluetooth: hci2: command tx timeout
[   98.552335][ T5845] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   98.581337][ T5845] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   98.594594][ T5845] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   98.606368][ T5845] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   98.719870][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   98.748194][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   98.761727][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   98.776992][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   98.824352][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.852132][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.937150][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[   98.954707][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[   98.981756][   T76] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.989086][   T76] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.001484][   T76] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.008717][   T76] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.038037][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.048120][   T76] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.055343][   T76] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.103497][ T4883] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.111130][ T4883] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.142281][ T5834] 8021q: adding VLAN 0 to HW filter on device team0
[   99.175240][ T4883] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.182534][ T4883] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.216136][ T4883] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.223347][ T4883] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.276693][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.333266][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.424443][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   99.451629][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[   99.502607][   T76] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.509860][   T76] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.583884][   T76] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.591168][   T76] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.612714][   T76] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.619972][   T76] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.636853][   T76] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.644104][   T76] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.973427][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.015883][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.174524][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.261585][ T5849] veth0_vlan: entered promiscuous mode
[  100.274471][ T5839] veth0_vlan: entered promiscuous mode
[  100.296953][ T5849] veth1_vlan: entered promiscuous mode
[  100.370516][ T5839] veth1_vlan: entered promiscuous mode
[  100.390697][ T5834] veth0_vlan: entered promiscuous mode
[  100.442771][ T5834] veth1_vlan: entered promiscuous mode
[  100.456578][ T5854] Bluetooth: hci0: command tx timeout
[  100.486520][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.494290][ T5849] veth0_macvtap: entered promiscuous mode
[  100.529376][ T5854] Bluetooth: hci1: command tx timeout
[  100.531121][ T5841] Bluetooth: hci3: command tx timeout
[  100.547553][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.585422][ T5849] veth1_macvtap: entered promiscuous mode
[  100.611369][ T5841] Bluetooth: hci4: command tx timeout
[  100.611769][ T5854] Bluetooth: hci2: command tx timeout
[  100.632093][ T5839] veth0_macvtap: entered promiscuous mode
[  100.671793][ T5839] veth1_macvtap: entered promiscuous mode
[  100.693872][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.723409][ T5834] veth0_macvtap: entered promiscuous mode
[  100.757581][ T5836] veth0_vlan: entered promiscuous mode
[  100.782009][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.795815][ T5849] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.804970][ T5849] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.814276][ T5849] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.823148][ T5849] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.837583][ T5834] veth1_macvtap: entered promiscuous mode
[  100.880461][ T5836] veth1_vlan: entered promiscuous mode
[  100.918726][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.957047][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.969771][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.003035][ T5839] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.018132][ T5839] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.033562][ T5839] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.042523][ T5839] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.103682][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.121669][ T5834] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.132896][ T5834] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.142098][ T5834] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.152900][ T5834] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.180266][   T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.188276][   T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.266066][ T4883] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.281123][ T5836] veth0_macvtap: entered promiscuous mode
[  101.292057][ T4883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.315446][ T5836] veth1_macvtap: entered promiscuous mode
[  101.415115][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.415345][ T5849] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  101.426125][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.446312][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.500054][ T5845] veth0_vlan: entered promiscuous mode
[  101.511366][   T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.538577][   T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.556563][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.664581][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.674474][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.747568][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.784672][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.917999][ T5845] veth1_vlan: entered promiscuous mode
[  101.955280][ T4883] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.964501][ T4883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.034631][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.064415][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.237706][ T5845] veth0_macvtap: entered promiscuous mode
[  102.268684][ T5845] veth1_macvtap: entered promiscuous mode
[  102.389247][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.397994][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.534809][ T5854] Bluetooth: hci0: command tx timeout
[  102.559604][   T43] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  102.609413][ T5854] Bluetooth: hci1: command tx timeout
[  102.609644][ T5841] Bluetooth: hci3: command tx timeout
[  102.676426][ T5965] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  102.691956][ T5841] Bluetooth: hci2: command tx timeout
[  102.716320][ T5854] Bluetooth: hci4: command tx timeout
[  102.732068][ T2134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.734259][ T5965] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  102.750249][   T43] usb 4-1: Using ep0 maxpacket: 32
[  102.760874][ T5965] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  102.771590][ T5965] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  102.780901][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.784683][ T2134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.887658][   T43] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  102.887971][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.906983][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.907035][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.907075][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.907114][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.907152][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.907190][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.907230][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.907269][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.907307][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  103.221883][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  103.263152][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  103.285540][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  103.300463][ T5971] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  103.325812][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  103.349228][   T43] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  103.361703][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.369910][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.377969][   T43] usb 4-1: Product: syz
[  103.391884][ T5845] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.406456][   T43] usb 4-1: Manufacturer: syz
[  103.412832][   T43] usb 4-1: SerialNumber: syz
[  103.416699][ T5845] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.442444][ T5845] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.452928][   T43] usb 4-1: config 0 descriptor??
[  103.452928][ T5845] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.486712][ T5972] netlink: 48 bytes leftover after parsing attributes in process `syz.2.8'.
[  103.754823][ T5975] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  103.814126][ T5975] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  103.835492][ T5975] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  103.845117][ T5975] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  104.077970][   T43] iforce 4-1:0.0: usb_submit_urb failed: -32
[  104.093284][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.102690][   T43] input input5: Device does not respond to id packet M
[  104.132557][   T43] iforce 4-1:0.0: usb_submit_urb failed: -32
[  104.134055][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.147586][   T43] input input5: Device does not respond to id packet P
[  104.156103][   T43] iforce 4-1:0.0: usb_submit_urb failed: -32
[  104.339504][   T43] input input5: Device does not respond to id packet B
[  104.384275][   T43] input input5: Limiting number of effects to 32 (device reports 115)
[  104.606176][   T43] iforce 4-1:0.0: usb_submit_urb failed: -71
[  104.654170][   T43] iforce 4-1:0.0: usb_submit_urb failed: -71
[  104.674995][   T43] iforce 4-1:0.0: usb_submit_urb failed: -71
[  104.701177][ T2134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.711750][   T43] iforce 4-1:0.0: usb_submit_urb failed: -71
[  104.732095][ T2134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.733134][   T43] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input5
[  105.183600][   T43] usb 4-1: USB disconnect, device number 2
[  105.226577][ T5191] iforce 4-1:0.0: usb_submit_urb failed -19
[  105.745582][ T6000] fuse: Bad value for 'fd'
[  105.766892][ T6000] sctp: [Deprecated]: syz.4.5 (pid 6000) Use of int in maxseg socket option.
[  105.766892][ T6000] Use struct sctp_assoc_value instead
[  105.951977][ T6000] netlink: 100 bytes leftover after parsing attributes in process `syz.4.5'.
[  106.020137][ T6006] FAULT_INJECTION: forcing a failure.
[  106.020137][ T6006] name failslab, interval 1, probability 0, space 0, times 1
[  106.033168][ T6006] CPU: 1 UID: 0 PID: 6006 Comm: syz.3.13 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  106.033196][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  106.033217][ T6006] Call Trace:
[  106.033230][ T6006]  <TASK>
[  106.033239][ T6006]  dump_stack_lvl+0x189/0x250
[  106.033276][ T6006]  ? __pfx____ratelimit+0x10/0x10
[  106.033300][ T6006]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.033325][ T6006]  ? __pfx__printk+0x10/0x10
[  106.033361][ T6006]  ? __pfx___might_resched+0x10/0x10
[  106.033384][ T6006]  ? fs_reclaim_acquire+0x7d/0x100
[  106.033417][ T6006]  should_fail_ex+0x414/0x560
[  106.033446][ T6006]  should_failslab+0xa8/0x100
[  106.033472][ T6006]  __kmalloc_noprof+0xcb/0x4f0
[  106.033492][ T6006]  ? kernfs_fop_write_iter+0x158/0x4f0
[  106.033531][ T6006]  kernfs_fop_write_iter+0x158/0x4f0
[  106.033572][ T6006]  vfs_write+0x54b/0xa90
[  106.033605][ T6006]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  106.033640][ T6006]  ? __pfx_vfs_write+0x10/0x10
[  106.033673][ T6006]  ? __fget_files+0x2a/0x420
[  106.033708][ T6006]  ksys_write+0x145/0x250
[  106.033732][ T6006]  ? __pfx_ksys_write+0x10/0x10
[  106.033759][ T6006]  ? do_syscall_64+0xbe/0x3b0
[  106.033788][ T6006]  do_syscall_64+0xfa/0x3b0
[  106.033814][ T6006]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.033835][ T6006]  ? asm_sysvec_call_function_single+0x1a/0x20
[  106.033857][ T6006]  ? clear_bhb_loop+0x60/0xb0
[  106.033884][ T6006]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.033905][ T6006] RIP: 0033:0x7fae6c78ebe9
[  106.033929][ T6006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.033948][ T6006] RSP: 002b:00007fae6d5d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  106.033970][ T6006] RAX: ffffffffffffffda RBX: 00007fae6c9b6180 RCX: 00007fae6c78ebe9
[  106.033986][ T6006] RDX: 000000000000000a RSI: 0000200000000140 RDI: 0000000000000008
[  106.033999][ T6006] RBP: 00007fae6d5d8090 R08: 0000000000000000 R09: 0000000000000000
[  106.034013][ T6006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.034025][ T6006] R13: 00007fae6c9b6218 R14: 00007fae6c9b6180 R15: 00007ffefa2eb568
[  106.034060][ T6006]  </TASK>
[  106.257352][    C1] vkms_vblank_simulate: vblank timer overrun
[  106.599222][ T6004] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  107.288664][ T6016] overlayfs: failed to resolve './file1': -2
[  107.590841][ T6018] JFS: charset not found
[  109.743779][ T6036] capability: warning: `syz.4.21' uses deprecated v2 capabilities in a way that may be insecure
[  109.790635][ T6036] netlink: 12 bytes leftover after parsing attributes in process `syz.4.21'.
[  112.298942][  T981] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  113.212768][  T981] usb 1-1: Using ep0 maxpacket: 16
[  113.248060][  T981] usb 1-1: config 114 has an invalid interface number: 5 but max is 1
[  113.277204][  T981] usb 1-1: config 114 has an invalid descriptor of length 0, skipping remainder of the config
[  113.302717][  T981] usb 1-1: config 114 has 1 interface, different from the descriptor's value: 2
[  113.323401][  T981] usb 1-1: config 114 has no interface number 0
[  113.329936][  T981] usb 1-1: config 114 interface 5 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 10
[  113.345868][  T981] usb 1-1: config 114 interface 5 has no altsetting 0
[  113.354733][ T6067] overlayfs: failed to resolve './file1': -2
[  113.380534][  T981] usb 1-1: New USB device found, idVendor=05c6, idProduct=9010, bcdDevice= a.d6
[  113.555068][  T981] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.565107][  T981] usb 1-1: Product: ³䢪▵䳸魙膾敏Ŷ駊斏㓹뵊뤾廕∖鼧裓㥵Ⲙᗛ爵湒粄
[  113.584438][  T981] usb 1-1: Manufacturer: у
[  113.601727][  T981] usb 1-1: SerialNumber: О
[  113.676303][ T6069] JFS: charset not found
[  114.030440][ T6075] Zero length message leads to an empty skb
[  114.558934][  T926] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  114.739323][  T926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  114.766709][ T6080] tipc: Started in network mode
[  114.769074][  T926] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1c1e, bcdDevice= 0.00
[  114.779673][ T6080] tipc: Node identity e29ac90296eb, cluster identity 4711
[  114.808896][  T926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.809959][ T6080] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  114.825686][  T926] usb 3-1: config 0 descriptor??
[  114.852099][ T6083] syzkaller0: entered promiscuous mode
[  114.857738][ T6083] syzkaller0: entered allmulticast mode
[  114.935933][ T6080] tipc: Resetting bearer <eth:syzkaller0>
[  114.952958][ T6079] tipc: Resetting bearer <eth:syzkaller0>
[  115.018398][ T6079] tipc: Disabling bearer <eth:syzkaller0>
[  115.307276][  T926] corsair-psu 0003:1B1C:1C1E.0001: hidraw0: USB HID v0.00 Device [HID 1b1c:1c1e] on usb-dummy_hcd.2-1/input0
[  115.406585][  T926] corsair-psu 0003:1B1C:1C1E.0001: unable to initialize device (-38)
[  115.460356][  T926] corsair-psu 0003:1B1C:1C1E.0001: probe with driver corsair-psu failed with error -38
[  115.532727][  T926] usb 3-1: USB disconnect, device number 2
[  115.533583][ T6090] JFS: charset not found
[  115.661894][ T6087] fido_id[6087]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  116.319038][  T981] usb 1-1: USB disconnect, device number 2
[  116.813735][ T6100] process 'syz.2.38' launched './file0' with NULL argv: empty string added
[  117.107729][ T6107] FAULT_INJECTION: forcing a failure.
[  117.107729][ T6107] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  117.214119][ T6107] CPU: 1 UID: 0 PID: 6107 Comm: syz.3.36 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  117.214150][ T6107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  117.214163][ T6107] Call Trace:
[  117.214172][ T6107]  <TASK>
[  117.214185][ T6107]  dump_stack_lvl+0x189/0x250
[  117.214213][ T6107]  ? __pfx____ratelimit+0x10/0x10
[  117.214234][ T6107]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.214255][ T6107]  ? __pfx__printk+0x10/0x10
[  117.214279][ T6107]  ? __might_fault+0xb0/0x130
[  117.214308][ T6107]  should_fail_ex+0x414/0x560
[  117.214332][ T6107]  _copy_from_user+0x2d/0xb0
[  117.214360][ T6107]  ___sys_sendmsg+0x158/0x2a0
[  117.214391][ T6107]  ? __pfx____sys_sendmsg+0x10/0x10
[  117.214454][ T6107]  ? __fget_files+0x2a/0x420
[  117.214474][ T6107]  ? __fget_files+0x3a0/0x420
[  117.214504][ T6107]  __x64_sys_sendmsg+0x19b/0x260
[  117.214535][ T6107]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  117.214572][ T6107]  ? __pfx_ksys_write+0x10/0x10
[  117.214587][ T6107]  ? rcu_is_watching+0x15/0xb0
[  117.214612][ T6107]  ? do_syscall_64+0xbe/0x3b0
[  117.214636][ T6107]  do_syscall_64+0xfa/0x3b0
[  117.214655][ T6107]  ? lockdep_hardirqs_on+0x9c/0x150
[  117.214674][ T6107]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.214693][ T6107]  ? clear_bhb_loop+0x60/0xb0
[  117.214715][ T6107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.214733][ T6107] RIP: 0033:0x7fae6c78ebe9
[  117.214756][ T6107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.214772][ T6107] RSP: 002b:00007fae6d5d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.214792][ T6107] RAX: ffffffffffffffda RBX: 00007fae6c9b6180 RCX: 00007fae6c78ebe9
[  117.214806][ T6107] RDX: 0000000000000050 RSI: 0000200000000100 RDI: 0000000000000007
[  117.214817][ T6107] RBP: 00007fae6d5d8090 R08: 0000000000000000 R09: 0000000000000000
[  117.214829][ T6107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.214839][ T6107] R13: 00007fae6c9b6218 R14: 00007fae6c9b6180 R15: 00007ffefa2eb568
[  117.214868][ T6107]  </TASK>
[  117.421013][    C1] vkms_vblank_simulate: vblank timer overrun
[  117.533747][  T926] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  117.703432][  T926] usb 3-1: Using ep0 maxpacket: 8
[  117.713107][  T926] usb 3-1: config 1 has an invalid descriptor of length 133, skipping remainder of the config
[  117.757292][  T926] usb 3-1: too many endpoints for config 1 interface 0 altsetting 4: 242, using maximum allowed: 30
[  117.942858][  T926] usb 3-1: config 1 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 242
[  117.956948][  T926] usb 3-1: config 1 interface 0 has no altsetting 0
[  117.975345][  T926] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  117.988917][  T926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.997025][  T926] usb 3-1: Product: 电ᆫ
[  118.048298][  T926] usb 3-1: Manufacturer: 澞讝ﰕ俊坴뽒쭵
[  118.058374][  T926] usb 3-1: SerialNumber: ࠌ
[  119.769300][  T926] usb 3-1: bad CDC descriptors
[  119.819191][  T926] usb 3-1: USB disconnect, device number 3
[  120.073343][ T6125] netlink: 12 bytes leftover after parsing attributes in process `syz.1.44'.
[  121.292704][ T6135] netlink: 12 bytes leftover after parsing attributes in process `syz.2.46'.
[  121.310230][ T6139] overlayfs: failed to resolve './file1': -2
[  121.406202][ T6143] FAULT_INJECTION: forcing a failure.
[  121.406202][ T6143] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  121.492354][ T6143] CPU: 1 UID: 0 PID: 6143 Comm: syz.0.50 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  121.492386][ T6143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  121.492399][ T6143] Call Trace:
[  121.492408][ T6143]  <TASK>
[  121.492418][ T6143]  dump_stack_lvl+0x189/0x250
[  121.492447][ T6143]  ? __pfx____ratelimit+0x10/0x10
[  121.492471][ T6143]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.492496][ T6143]  ? __pfx__printk+0x10/0x10
[  121.492524][ T6143]  ? __might_fault+0xb0/0x130
[  121.492569][ T6143]  should_fail_ex+0x414/0x560
[  121.492599][ T6143]  _copy_from_iter+0x1db/0x16f0
[  121.492639][ T6143]  ? rcu_is_watching+0x15/0xb0
[  121.492665][ T6143]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  121.492689][ T6143]  ? __pfx__copy_from_iter+0x10/0x10
[  121.492718][ T6143]  ? __build_skb_around+0x257/0x3e0
[  121.492753][ T6143]  ? netlink_sendmsg+0x642/0xb30
[  121.492783][ T6143]  ? skb_put+0x11b/0x210
[  121.492818][ T6143]  netlink_sendmsg+0x6b2/0xb30
[  121.492860][ T6143]  ? __pfx_netlink_sendmsg+0x10/0x10
[  121.492901][ T6143]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  121.492924][ T6143]  ? __pfx_netlink_sendmsg+0x10/0x10
[  121.492957][ T6143]  __sock_sendmsg+0x21c/0x270
[  121.492986][ T6143]  ____sys_sendmsg+0x52d/0x830
[  121.493027][ T6143]  ? __pfx_____sys_sendmsg+0x10/0x10
[  121.493071][ T6143]  ? import_iovec+0x74/0xa0
[  121.493106][ T6143]  ___sys_sendmsg+0x21f/0x2a0
[  121.493143][ T6143]  ? __pfx____sys_sendmsg+0x10/0x10
[  121.493217][ T6143]  ? __fget_files+0x2a/0x420
[  121.493241][ T6143]  ? __fget_files+0x3a0/0x420
[  121.493277][ T6143]  __sys_sendmmsg+0x227/0x430
[  121.493318][ T6143]  ? __pfx___sys_sendmmsg+0x10/0x10
[  121.493349][ T6143]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  121.493408][ T6143]  ? ksys_write+0x22a/0x250
[  121.493432][ T6143]  ? __pfx_ksys_write+0x10/0x10
[  121.493449][ T6143]  ? rcu_is_watching+0x15/0xb0
[  121.493480][ T6143]  __x64_sys_sendmmsg+0xa0/0xc0
[  121.493517][ T6143]  do_syscall_64+0xfa/0x3b0
[  121.493540][ T6143]  ? lockdep_hardirqs_on+0x9c/0x150
[  121.493563][ T6143]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.493584][ T6143]  ? clear_bhb_loop+0x60/0xb0
[  121.493621][ T6143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.493643][ T6143] RIP: 0033:0x7f4ffaf8ebe9
[  121.493663][ T6143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.493680][ T6143] RSP: 002b:00007f4ffbd10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  121.493703][ T6143] RAX: ffffffffffffffda RBX: 00007f4ffb1b5fa0 RCX: 00007f4ffaf8ebe9
[  121.493719][ T6143] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  121.493734][ T6143] RBP: 00007f4ffbd10090 R08: 0000000000000000 R09: 0000000000000000
[  121.493747][ T6143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  121.493759][ T6143] R13: 00007f4ffb1b6038 R14: 00007f4ffb1b5fa0 R15: 00007fff595d5d08
[  121.493793][ T6143]  </TASK>
[  121.782521][    C1] vkms_vblank_simulate: vblank timer overrun
[  121.904082][ T6144] JFS: charset not found
[  122.230329][ T5917] usb 5-1: new low-speed USB device number 2 using dummy_hcd
[  122.434566][ T5917] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  122.442985][ T5917] usb 5-1: config 179 has no interface number 0
[  122.459400][ T5917] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  122.477533][ T5917] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  122.490849][ T5917] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  122.523361][ T5917] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 58368, setting to 8
[  122.570026][ T5917] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  122.643759][ T5917] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  122.674314][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.710440][ T6146] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  122.725743][ T5917] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  122.812117][ T5917] xpad 5-1:179.65: probe with driver xpad failed with error -90
[  124.491425][ T6167] JFS: charset not found
[  125.229007][ T5827] usb 5-1: USB disconnect, device number 2
[  126.905397][ T6185] syz.4.60 uses obsolete (PF_INET,SOCK_PACKET)
[  128.841972][ T6200] overlayfs: failed to resolve './file1': -2
[  129.237251][ T6206] JFS: charset not found
[  129.664922][ T6212] Cannot find add_set index 0 as target
[  130.419433][ T5827] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  131.439169][ T5827] usb 5-1: Using ep0 maxpacket: 16
[  131.656857][ T5827] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  131.666178][ T5827] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.678051][ T5827] usb 5-1: Product: syz
[  131.685114][ T5827] usb 5-1: Manufacturer: syz
[  131.718458][ T5827] usb 5-1: SerialNumber: syz
[  131.776631][ T5827] usb 5-1: config 0 descriptor??
[  132.421280][ T6234] FAULT_INJECTION: forcing a failure.
[  132.421280][ T6234] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  132.435033][ T6234] CPU: 0 UID: 0 PID: 6234 Comm: syz.0.70 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  132.435062][ T6234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  132.435075][ T6234] Call Trace:
[  132.435087][ T6234]  <TASK>
[  132.435096][ T6234]  dump_stack_lvl+0x189/0x250
[  132.435126][ T6234]  ? __pfx____ratelimit+0x10/0x10
[  132.435149][ T6234]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.435174][ T6234]  ? __pfx__printk+0x10/0x10
[  132.435215][ T6234]  should_fail_ex+0x414/0x560
[  132.435244][ T6234]  _copy_to_user+0x31/0xb0
[  132.435277][ T6234]  simple_read_from_buffer+0xe1/0x170
[  132.435306][ T6234]  proc_fail_nth_read+0x1df/0x250
[  132.435336][ T6234]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  132.435367][ T6234]  ? rw_verify_area+0x258/0x650
[  132.435400][ T6234]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  132.435428][ T6234]  vfs_read+0x200/0x980
[  132.435467][ T6234]  ? __pfx___mutex_lock+0x10/0x10
[  132.435493][ T6234]  ? __pfx_vfs_read+0x10/0x10
[  132.435528][ T6234]  ? __fget_files+0x2a/0x420
[  132.435566][ T6234]  ? __fget_files+0x3a0/0x420
[  132.435589][ T6234]  ? __fget_files+0x2a/0x420
[  132.435624][ T6234]  ksys_read+0x145/0x250
[  132.435642][ T6234]  ? __fget_files+0x3a0/0x420
[  132.435668][ T6234]  ? __pfx_ksys_read+0x10/0x10
[  132.435694][ T6234]  ? do_syscall_64+0xbe/0x3b0
[  132.435721][ T6234]  do_syscall_64+0xfa/0x3b0
[  132.435747][ T6234]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.435769][ T6234]  ? asm_sysvec_call_function_single+0x1a/0x20
[  132.435790][ T6234]  ? clear_bhb_loop+0x60/0xb0
[  132.435817][ T6234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.435839][ T6234] RIP: 0033:0x7f4ffaf8d5fc
[  132.435858][ T6234] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  132.435876][ T6234] RSP: 002b:00007f4ff91f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  132.435898][ T6234] RAX: ffffffffffffffda RBX: 00007f4ffb1b6090 RCX: 00007f4ffaf8d5fc
[  132.435914][ T6234] RDX: 000000000000000f RSI: 00007f4ff91f60a0 RDI: 0000000000000009
[  132.435927][ T6234] RBP: 00007f4ff91f6090 R08: 0000000000000000 R09: 0000000000000000
[  132.435940][ T6234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  132.435952][ T6234] R13: 00007f4ffb1b6128 R14: 00007f4ffb1b6090 R15: 00007fff595d5d08
[  132.435986][ T6234]  </TASK>
[  132.449860][ T5827] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  132.799386][ T5827] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  132.871251][ T5827] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  133.168085][ T6237] netlink: 12 bytes leftover after parsing attributes in process `syz.3.69'.
[  133.278977][ T5827] usb 5-1: media controller created
[  133.491162][ T5827] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  133.829781][ T5827] zl10353_read_register: readreg error (reg=127, ret==0)
[  134.194753][ T5827] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  134.247581][ T5827] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  134.369979][ T5827] usb 5-1: USB disconnect, device number 3
[  134.626650][ T6264] 9pnet_fd: Insufficient options for proto=fd
[  134.696422][ T5827] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  134.746746][ T6268] tipc: Started in network mode
[  134.796871][ T6268] tipc: Node identity 4a96318f18cb, cluster identity 4711
[  134.808610][ T6268] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  134.821156][ T6271] syzkaller0: entered promiscuous mode
[  134.827644][ T6271] syzkaller0: entered allmulticast mode
[  134.989067][   T43] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  135.033140][ T6268] tipc: Resetting bearer <eth:syzkaller0>
[  135.049173][ T6267] tipc: Resetting bearer <eth:syzkaller0>
[  135.165246][ T6267] tipc: Disabling bearer <eth:syzkaller0>
[  135.203301][   T43] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  135.229576][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.269141][   T43] usb 2-1: config 0 descriptor??
[  135.280956][   T43] gspca_main: spca508-2.14.0 probing 8086:0110
[  136.454222][   T43] gspca_spca508: reg_read err -110
[  136.467284][   T43] gspca_spca508: reg_read err -32
[  136.476072][   T43] gspca_spca508: reg_read err -32
[  136.499015][   T43] gspca_spca508: reg_read err -32
[  136.510232][   T43] gspca_spca508: reg write: error -32
[  136.515819][   T43] spca508 2-1:0.0: probe with driver spca508 failed with error -32
[  136.648175][ T6287] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  136.711687][ T6287] syzkaller0: entered promiscuous mode
[  136.717246][ T6287] syzkaller0: entered allmulticast mode
[  136.748384][ T6287] tipc: Resetting bearer <eth:syzkaller0>
[  136.769852][ T6286] tipc: Resetting bearer <eth:syzkaller0>
[  136.792458][ T6286] tipc: Disabling bearer <eth:syzkaller0>
[  137.109648][ T6291] FAULT_INJECTION: forcing a failure.
[  137.109648][ T6291] name failslab, interval 1, probability 0, space 0, times 0
[  137.123232][ T6291] CPU: 0 UID: 0 PID: 6291 Comm: syz.3.84 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  137.123252][ T6291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  137.123262][ T6291] Call Trace:
[  137.123268][ T6291]  <TASK>
[  137.123274][ T6291]  dump_stack_lvl+0x189/0x250
[  137.123295][ T6291]  ? __pfx____ratelimit+0x10/0x10
[  137.123312][ T6291]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.123329][ T6291]  ? __pfx__printk+0x10/0x10
[  137.123353][ T6291]  ? __pfx___might_resched+0x10/0x10
[  137.123374][ T6291]  should_fail_ex+0x414/0x560
[  137.123393][ T6291]  should_failslab+0xa8/0x100
[  137.123412][ T6291]  kmem_cache_alloc_noprof+0x73/0x3c0
[  137.123426][ T6291]  ? getname_flags+0xb8/0x540
[  137.123448][ T6291]  getname_flags+0xb8/0x540
[  137.123469][ T6291]  user_path_at+0x24/0x60
[  137.123491][ T6291]  __se_sys_mount+0x2d3/0x410
[  137.123513][ T6291]  ? __pfx___se_sys_mount+0x10/0x10
[  137.123534][ T6291]  ? do_syscall_64+0xbe/0x3b0
[  137.123550][ T6291]  ? __x64_sys_mount+0x20/0xc0
[  137.123569][ T6291]  do_syscall_64+0xfa/0x3b0
[  137.123586][ T6291]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.123601][ T6291]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  137.123616][ T6291]  ? clear_bhb_loop+0x60/0xb0
[  137.123635][ T6291]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.123649][ T6291] RIP: 0033:0x7fae6c78ebe9
[  137.123664][ T6291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  137.123677][ T6291] RSP: 002b:00007fae6d61a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  137.123693][ T6291] RAX: ffffffffffffffda RBX: 00007fae6c9b5fa0 RCX: 00007fae6c78ebe9
[  137.123704][ T6291] RDX: 0000200000000180 RSI: 0000200000000300 RDI: 0000000000000000
[  137.123714][ T6291] RBP: 00007fae6d61a090 R08: 00002000000000c0 R09: 0000000000000000
[  137.123724][ T6291] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001
[  137.123732][ T6291] R13: 00007fae6c9b6038 R14: 00007fae6c9b5fa0 R15: 00007ffefa2eb568
[  137.123755][ T6291]  </TASK>
[  138.140894][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  138.160109][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  140.050225][ T6311] program syz.0.89 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  140.310034][    C1] sd 0:0:1:0: [sda] tag#5679 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  140.320801][    C1] sd 0:0:1:0: [sda] tag#5679 CDB: Write(6) 0a 00 00 00 00 00
[  140.346788][ T6306] xt_CT: You must specify a L4 protocol and not use inversions on it
[  140.663069][  T981] usb 2-1: USB disconnect, device number 2
[  140.731221][ T6319] netlink: 12 bytes leftover after parsing attributes in process `syz.4.91'.
[  145.389078][  T926] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  145.566856][  T926] usb 1-1: config 0 has an invalid interface number: 239 but max is 0
[  145.594354][  T926] usb 1-1: config 0 has no interface number 0
[  145.628394][  T926] usb 1-1: config 0 interface 239 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  145.671836][  T926] usb 1-1: config 0 interface 239 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  145.723793][  T926] usb 1-1: config 0 interface 239 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  145.808177][  T926] usb 1-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=60.d9
[  145.829016][  T926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.860226][  T926] usb 1-1: Product: syz
[  145.864586][  T926] usb 1-1: Manufacturer: syz
[  145.878383][  T926] usb 1-1: SerialNumber: syz
[  145.935037][  T926] usb 1-1: config 0 descriptor??
[  145.977005][ T6352] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  147.549188][  T926] usb 1-1: probing VID:PID(2201:012C)   
[  147.610430][  T926] usb 1-1: vub300 testing BULK OUT EndPoint(0) 02
[  147.635907][  T926] usb 1-1: vub300 testing BULK IN EndPoint(1) 82
[  147.658894][  T926] usb 1-1: Could not find two sets of bulk-in/out endpoint pairs
[  147.727471][  T926] vub300 1-1:0.239: probe with driver vub300 failed with error -22
[  147.851742][  T926] usb 1-1: USB disconnect, device number 3
[  148.580015][  T978] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  148.871541][ T6384] JFS: charset not found
[  148.882268][ T5986] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  149.596765][  T978] usb 2-1: Using ep0 maxpacket: 16
[  149.650273][  T978] usb 2-1: config 1 has an invalid interface number: 27 but max is 0
[  149.679020][  T978] usb 2-1: config 1 has no interface number 0
[  149.679039][ T5986] usb 5-1: Using ep0 maxpacket: 32
[  149.701332][  T978] usb 2-1: New USB device found, idVendor=06e1, idProduct=a190, bcdDevice= 3.d5
[  149.715420][ T5986] usb 5-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=56.a5
[  149.734917][ T5986] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.738945][  T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=246
[  149.751229][ T5986] usb 5-1: Product: syz
[  149.751252][ T5986] usb 5-1: Manufacturer: syz
[  149.751268][ T5986] usb 5-1: SerialNumber: syz
[  149.769781][ T6391] netlink: 'syz.2.110': attribute type 1 has an invalid length.
[  149.770620][ T5986] usb 5-1: config 0 descriptor??
[  149.798408][  T978] usb 2-1: Product: syz
[  149.818655][  T978] usb 2-1: Manufacturer: syz
[  149.823499][  T978] usb 2-1: SerialNumber: syz
[  149.837554][ T5986] gspca_main: mars-2.14.0 probing 093a:050f
[  150.291659][  T978] gspca_main: spca506-2.14.0 probing 06e1:a190
[  150.988199][   T30] audit: type=1326 audit(1755803434.124:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6396 comm="syz.2.112" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f077fd8ebe9 code=0x0
[  151.157608][ T6401] usb usb8: usbfs: process 6401 (syz.0.111) did not claim interface 0 before use
[  152.340387][  T978] videodev: could not get a free minor
[  152.357406][  T978] gspca_main: video_register_device err -23
[  152.370101][  T978] spca506 2-1:1.27: probe with driver spca506 failed with error -23
[  152.385034][  T978] usb 2-1: USB disconnect, device number 3
[  153.019858][ T6416] netlink: 12 bytes leftover after parsing attributes in process `syz.2.113'.
[  153.150424][ T6423] netlink: 340 bytes leftover after parsing attributes in process `syz.3.115'.
[  153.530806][   T43] usb 5-1: USB disconnect, device number 4
[  154.540651][ T6436] tipc: Started in network mode
[  155.297816][ T6436] tipc: Node identity c237ffabe02a, cluster identity 4711
[  155.456736][ T6436] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  155.485404][ T6431] syzkaller0: entered promiscuous mode
[  155.535313][ T6431] syzkaller0: entered allmulticast mode
[  155.731643][ T6441] tipc: Resetting bearer <eth:syzkaller0>
[  155.751104][ T6429] tipc: Resetting bearer <eth:syzkaller0>
[  155.913650][ T6429] tipc: Disabling bearer <eth:syzkaller0>
[  155.924021][ T5827] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  156.024071][ T6443] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  156.089076][ T6443] tipc: Resetting bearer <eth:syzkaller0>
[  156.129678][ T5827] usb 2-1: Using ep0 maxpacket: 8
[  156.157379][ T5827] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  156.181840][ T6442] tipc: Disabling bearer <eth:syzkaller0>
[  156.187275][ T5827] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  156.259063][   T43] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  156.275219][ T5827] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  156.305480][ T5827] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  156.319661][ T5827] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  156.329194][ T6448] FAULT_INJECTION: forcing a failure.
[  156.329194][ T6448] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  156.329242][ T6448] CPU: 0 UID: 0 PID: 6448 Comm: syz.4.123 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  156.329268][ T6448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  156.329283][ T6448] Call Trace:
[  156.329293][ T6448]  <TASK>
[  156.329303][ T6448]  dump_stack_lvl+0x189/0x250
[  156.329339][ T6448]  ? __pfx____ratelimit+0x10/0x10
[  156.329368][ T6448]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.329393][ T6448]  ? __pfx__printk+0x10/0x10
[  156.329441][ T6448]  should_fail_ex+0x414/0x560
[  156.329472][ T6448]  _copy_to_user+0x31/0xb0
[  156.329521][ T6448]  simple_read_from_buffer+0xe1/0x170
[  156.329552][ T6448]  proc_fail_nth_read+0x1df/0x250
[  156.329587][ T6448]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  156.329619][ T6448]  ? rw_verify_area+0x258/0x650
[  156.329664][ T6448]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  156.329695][ T6448]  vfs_read+0x200/0x980
[  156.329740][ T6448]  ? __pfx___mutex_lock+0x10/0x10
[  156.329784][ T6448]  ? __pfx_vfs_read+0x10/0x10
[  156.329824][ T6448]  ? __fget_files+0x2a/0x420
[  156.329856][ T6448]  ? __fget_files+0x3a0/0x420
[  156.329881][ T6448]  ? __fget_files+0x2a/0x420
[  156.329919][ T6448]  ksys_read+0x145/0x250
[  156.329945][ T6448]  ? __pfx_ksys_read+0x10/0x10
[  156.329964][ T6448]  ? rcu_is_watching+0x15/0xb0
[  156.329997][ T6448]  ? do_syscall_64+0xbe/0x3b0
[  156.330029][ T6448]  do_syscall_64+0xfa/0x3b0
[  156.330054][ T6448]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.330080][ T6448]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.330104][ T6448]  ? clear_bhb_loop+0x60/0xb0
[  156.330133][ T6448]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.330157][ T6448] RIP: 0033:0x7f2286b8d5fc
[  156.330178][ T6448] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  156.330197][ T6448] RSP: 002b:00007f22879a2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  156.330222][ T6448] RAX: ffffffffffffffda RBX: 00007f2286db6090 RCX: 00007f2286b8d5fc
[  156.330240][ T6448] RDX: 000000000000000f RSI: 00007f22879a20a0 RDI: 0000000000000009
[  156.330255][ T6448] RBP: 00007f22879a2090 R08: 0000000000000000 R09: 0000000000000000
[  156.330269][ T6448] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  156.330284][ T6448] R13: 00007f2286db6128 R14: 00007f2286db6090 R15: 00007ffd754e4078
[  156.330321][ T6448]  </TASK>
[  156.918341][   T43] usb 1-1: Using ep0 maxpacket: 8
[  157.059200][   T43] usb 1-1: config index 0 descriptor too short (expected 6427, got 27)
[  157.067792][   T43] usb 1-1: config 0 has an invalid interface number: 21 but max is 0
[  157.089146][   T43] usb 1-1: config 0 has no interface number 0
[  157.099135][   T43] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  157.123612][   T43] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  157.147329][   T43] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  157.222356][   T43] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  157.276189][   T43] usb 1-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  157.295674][   T43] usb 1-1: Product: syz
[  157.306915][   T43] usb 1-1: config 0 descriptor??
[  157.312767][ T5827] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.321565][ T6445] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  157.583807][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  157.622996][ T6458] tipc: New replicast peer: 10.1.1.2
[  157.630280][ T6458] tipc: Enabled bearer <udp:syz2>, priority 10
[  158.400906][ T5827] usb 2-1: GET_CAPABILITIES returned 0
[  158.408299][ T5827] usbtmc 2-1:16.0: can't read capabilities
[  158.659679][ T6440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.677261][ T6440] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  158.738418][    T9] usb 3-1: Using ep0 maxpacket: 16
[  158.883915][  T981] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  158.894498][ T6461] netlink: 8 bytes leftover after parsing attributes in process `syz.3.127'.
[  158.929502][ T5917] tipc: Node number set to 1953614082
[  158.937250][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  158.981862][    T9] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 83, changing to 7
[  159.013350][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  159.031890][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.060097][    T9] usb 3-1: Product: syz
[  159.064350][    T9] usb 3-1: Manufacturer: syz
[  159.069648][    T9] usb 3-1: SerialNumber: syz
[  159.119112][  T981] usb 5-1: Using ep0 maxpacket: 16
[  159.163681][ T6467] FAULT_INJECTION: forcing a failure.
[  159.163681][ T6467] name failslab, interval 1, probability 0, space 0, times 0
[  159.176953][ T6467] CPU: 0 UID: 0 PID: 6467 Comm: syz.3.128 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  159.176983][ T6467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  159.176996][ T6467] Call Trace:
[  159.177008][ T6467]  <TASK>
[  159.177018][ T6467]  dump_stack_lvl+0x189/0x250
[  159.177047][ T6467]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.177070][ T6467]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.177111][ T6467]  should_fail_ex+0x414/0x560
[  159.177139][ T6467]  should_failslab+0xa8/0x100
[  159.177165][ T6467]  __kmalloc_noprof+0xcb/0x4f0
[  159.177185][ T6467]  ? tomoyo_encode+0x28b/0x550
[  159.177218][ T6467]  tomoyo_encode+0x28b/0x550
[  159.177251][ T6467]  tomoyo_realpath_from_path+0x58d/0x5d0
[  159.177291][ T6467]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  159.177313][ T6467]  tomoyo_path_number_perm+0x1e8/0x5a0
[  159.177340][ T6467]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  159.177382][ T6467]  ? __lock_acquire+0xab9/0xd20
[  159.177423][ T6467]  ? __fget_files+0x2a/0x420
[  159.177457][ T6467]  ? __fget_files+0x2a/0x420
[  159.177481][ T6467]  ? __fget_files+0x3a0/0x420
[  159.177504][ T6467]  ? __fget_files+0x2a/0x420
[  159.177532][ T6467]  security_file_ioctl+0xcb/0x2d0
[  159.177560][ T6467]  __se_sys_ioctl+0x47/0x170
[  159.177595][ T6467]  do_syscall_64+0xfa/0x3b0
[  159.177622][ T6467]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.177644][ T6467]  ? asm_sysvec_call_function_single+0x1a/0x20
[  159.177666][ T6467]  ? clear_bhb_loop+0x60/0xb0
[  159.177693][ T6467]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.177714][ T6467] RIP: 0033:0x7fae6c78ebe9
[  159.177734][ T6467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.177751][ T6467] RSP: 002b:00007fae6d5f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  159.177774][ T6467] RAX: ffffffffffffffda RBX: 00007fae6c9b6090 RCX: 00007fae6c78ebe9
[  159.177789][ T6467] RDX: 0000200000000180 RSI: 0000000000003ba0 RDI: 0000000000000006
[  159.177803][ T6467] RBP: 00007fae6d5f9090 R08: 0000000000000000 R09: 0000000000000000
[  159.177815][ T6467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.177827][ T6467] R13: 00007fae6c9b6128 R14: 00007fae6c9b6090 R15: 00007ffefa2eb568
[  159.177859][ T6467]  </TASK>
[  159.410181][ T6467] ERROR: Out of memory at tomoyo_realpath_from_path.
[  159.522690][ T6451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.882328][  T981] usb 5-1: config 1 has an invalid interface number: 27 but max is 0
[  159.891864][  T981] usb 5-1: config 1 has no interface number 0
[  159.915452][ T6466] 9pnet_fd: Insufficient options for proto=fd
[  159.922502][  T981] usb 5-1: New USB device found, idVendor=06e1, idProduct=a190, bcdDevice= 3.d5
[  159.927765][   T43] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.21/input/input6
[  159.931802][  T981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=246
[  159.951196][  T981] usb 5-1: Product: syz
[  159.959175][  T981] usb 5-1: Manufacturer: syz
[  159.963882][  T981] usb 5-1: SerialNumber: syz
[  159.969855][ T6451] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  160.102118][    T9] usb 3-1: 2:1 : unsupported format bits 0x80
[  160.102261][   T43] usb 1-1: USB disconnect, device number 4
[  160.108551][    C1] keyspan_remote 1-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19
[  160.219959][  T981] gspca_main: spca506-2.14.0 probing 06e1:a190
[  160.315529][    T9] usb 3-1: USB disconnect, device number 4
[  161.121853][  T981] usb 5-1: USB disconnect, device number 5
[  161.193680][  T926] usb 2-1: USB disconnect, device number 4
[  162.316706][ T6489] netlink: 12 bytes leftover after parsing attributes in process `syz.2.134'.
[  164.536117][ T6494] --map-set only usable from mangle table
[  164.601794][    T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  164.641991][    T9] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  166.732598][ T6509] netlink: 4 bytes leftover after parsing attributes in process `syz.1.139'.
[  166.741796][ T6509] netlink: 'syz.1.139': attribute type 3 has an invalid length.
[  168.028303][ T6523] program syz.1.142 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  168.164342][ T6521] netlink: 20 bytes leftover after parsing attributes in process `syz.1.142'.
[  168.292993][ T6521] netlink: 20 bytes leftover after parsing attributes in process `syz.1.142'.
[  168.417309][ T6529] FAULT_INJECTION: forcing a failure.
[  168.417309][ T6529] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  168.430724][ T6529] CPU: 1 UID: 0 PID: 6529 Comm: syz.2.143 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  168.430751][ T6529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  168.430765][ T6529] Call Trace:
[  168.430774][ T6529]  <TASK>
[  168.430784][ T6529]  dump_stack_lvl+0x189/0x250
[  168.430815][ T6529]  ? __pfx____ratelimit+0x10/0x10
[  168.430839][ T6529]  ? __pfx_dump_stack_lvl+0x10/0x10
[  168.430864][ T6529]  ? __pfx__printk+0x10/0x10
[  168.430892][ T6529]  ? __might_fault+0xb0/0x130
[  168.430927][ T6529]  should_fail_ex+0x414/0x560
[  168.430963][ T6529]  _copy_from_iter+0x1db/0x16f0
[  168.430995][ T6529]  ? __phys_addr+0xd3/0x180
[  168.431027][ T6529]  ? __pfx__copy_from_iter+0x10/0x10
[  168.431052][ T6529]  ? rcu_is_watching+0x15/0xb0
[  168.431079][ T6529]  ? rcu_is_watching+0x15/0xb0
[  168.431103][ T6529]  ? trace_kmalloc+0x1f/0xd0
[  168.431121][ T6529]  ? __kmalloc_noprof+0x29b/0x4f0
[  168.431140][ T6529]  ? bcm_tx_setup+0x598/0x1bd0
[  168.431167][ T6529]  bcm_tx_setup+0x6d9/0x1bd0
[  168.431208][ T6529]  bcm_sendmsg+0x45c/0x6a0
[  168.431228][ T6529]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  168.431256][ T6529]  ? __pfx_bcm_sendmsg+0x10/0x10
[  168.431289][ T6529]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  168.431310][ T6529]  ? __pfx_bcm_sendmsg+0x10/0x10
[  168.431331][ T6529]  __sock_sendmsg+0x21c/0x270
[  168.431362][ T6529]  ____sys_sendmsg+0x505/0x830
[  168.431402][ T6529]  ? __pfx_____sys_sendmsg+0x10/0x10
[  168.431446][ T6529]  ? import_iovec+0x74/0xa0
[  168.431481][ T6529]  ___sys_sendmsg+0x21f/0x2a0
[  168.431517][ T6529]  ? __pfx____sys_sendmsg+0x10/0x10
[  168.431559][ T6529]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  168.431621][ T6529]  ? __fget_files+0x2a/0x420
[  168.431645][ T6529]  ? __fget_files+0x3a0/0x420
[  168.431681][ T6529]  __x64_sys_sendmsg+0x19b/0x260
[  168.431719][ T6529]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  168.431765][ T6529]  ? __pfx_ksys_write+0x10/0x10
[  168.431792][ T6529]  ? do_syscall_64+0xbe/0x3b0
[  168.431820][ T6529]  do_syscall_64+0xfa/0x3b0
[  168.431846][ T6529]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.431867][ T6529]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  168.431888][ T6529]  ? clear_bhb_loop+0x60/0xb0
[  168.431915][ T6529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.431937][ T6529] RIP: 0033:0x7f077fd8ebe9
[  168.431962][ T6529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.431980][ T6529] RSP: 002b:00007f0780b3d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  168.432003][ T6529] RAX: ffffffffffffffda RBX: 00007f077ffb6180 RCX: 00007f077fd8ebe9
[  168.432019][ T6529] RDX: 0000000004000000 RSI: 0000200000000200 RDI: 000000000000000a
[  168.432033][ T6529] RBP: 00007f0780b3d090 R08: 0000000000000000 R09: 0000000000000000
[  168.432046][ T6529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  168.432059][ T6529] R13: 00007f077ffb6218 R14: 00007f077ffb6180 R15: 00007ffd5d8e0378
[  168.432093][ T6529]  </TASK>
[  168.812072][ T6518] sctp: failed to load transform for md5: -4
[  169.894387][   T30] audit: type=1326 audit(1755803452.634:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  169.937768][   T30] audit: type=1326 audit(1755803452.644:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  170.029057][   T30] audit: type=1326 audit(1755803452.644:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  170.114456][   T30] audit: type=1326 audit(1755803452.644:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  170.151593][   T30] audit: type=1326 audit(1755803452.644:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  170.179101][   T30] audit: type=1326 audit(1755803452.644:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=444 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  170.224388][   T30] audit: type=1326 audit(1755803452.644:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  170.247548][   T30] audit: type=1326 audit(1755803452.644:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  170.259105][    T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  170.273752][   T30] audit: type=1326 audit(1755803452.644:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  170.349369][   T30] audit: type=1326 audit(1755803452.644:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6530 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  170.431913][ T6550] xt_TPROXY: Can be used only with -p tcp or -p udp
[  170.459180][    T9] usb 3-1: Using ep0 maxpacket: 8
[  171.230878][    T9] usb 3-1: config 0 has too many interfaces: 65, using maximum allowed: 32
[  171.263801][    T9] usb 3-1: config 0 has an invalid interface number: 150 but max is 64
[  171.378512][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  171.572245][    T9] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 65
[  171.760666][    T9] usb 3-1: config 0 has no interface number 0
[  171.887355][    T9] usb 3-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  171.960939][    T9] usb 3-1: config 0 interface 150 has no altsetting 0
[  172.116621][    T9] usb 3-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  172.128769][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.149415][    T9] usb 3-1: config 0 descriptor??
[  173.134707][ T6562] warning: `syz.1.152' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  173.160679][    T9] usb 3-1: USB disconnect, device number 5
[  175.648499][ T6576] input: syz0 as /devices/virtual/input/input7
[  176.254953][ T6597] tipc: Started in network mode
[  176.265656][ T6597] tipc: Node identity 169bc02c8347, cluster identity 4711
[  176.284494][ T6597] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  176.412057][ T6592] tipc: Resetting bearer <eth:syzkaller0>
[  177.189065][ T6603] JFS: charset not found
[  177.590313][ T5917] tipc: Node number set to 2514272300
[  177.679709][ T6591] tipc: Disabling bearer <eth:syzkaller0>
[  177.777010][ T6607] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  178.124682][ T6619] =======================================================
[  178.124682][ T6619] WARNING: The mand mount option has been deprecated and
[  178.124682][ T6619]          and is ignored by this kernel. Remove the mand
[  178.124682][ T6619]          option from the mount to silence this warning.
[  178.124682][ T6619] =======================================================
[  178.160717][ T6621] binder: Unknown parameter '0x0000000000000000'
[  178.572694][ T6624] syz_tun: entered allmulticast mode
[  178.641950][ T6620] syz_tun: left allmulticast mode
[  181.945770][ T5917] kernel write not supported for file /129/net/snmp6 (pid: 5917 comm: kworker/0:6)
[  182.442584][ T6655] TCP: TCP_TX_DELAY enabled
[  182.455301][ T6655] program syz.3.180 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  183.690941][ T6660] JFS: charset not found
[  184.524026][ T6662] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  185.256788][ T6671] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  185.302743][ T6671] cramfs: wrong magic
[  185.324722][ T6670] syzkaller0: entered promiscuous mode
[  185.619099][ T6670] syzkaller0: entered allmulticast mode
[  185.646564][   T43] tipc: Node number set to 1381839247
[  186.319167][ T6659] tipc: Resetting bearer <eth:syzkaller0>
[  186.389822][ T6659] tipc: Disabling bearer <eth:syzkaller0>
[  186.437271][ T6676] netlink: 8 bytes leftover after parsing attributes in process `syz.3.186'.
[  189.909219][  T981] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  191.137961][  T981] usb 4-1: device not accepting address 3, error -71
[  191.334075][ T6715] netlink: 28 bytes leftover after parsing attributes in process `syz.3.196'.
[  191.898989][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  192.216959][    T9] usb 2-1: device descriptor read/64, error -71
[  192.303190][ T6723] JFS: charset not found
[  193.049171][    T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  193.249287][    T9] usb 2-1: device descriptor read/64, error -71
[  193.469661][ T5827] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  193.596029][    T9] usb usb2-port1: attempt power cycle
[  193.813783][ T5827] usb 3-1: Using ep0 maxpacket: 8
[  194.249794][ T5827] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  194.269377][ T5827] usb 3-1: config 0 interface 0 has no altsetting 0
[  194.279257][ T5827] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  194.365644][ T5827] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.477237][ T5827] usb 3-1: Product: syz
[  194.507539][ T5827] usb 3-1: Manufacturer: syz
[  194.517675][ T5827] usb 3-1: SerialNumber: syz
[  194.559360][ T5827] usb 3-1: config 0 descriptor??
[  194.573708][ T5827] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found
[  194.824003][ T5827] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected
[  194.857215][ T5827] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -22
[  194.976625][ T6750] netlink: 16 bytes leftover after parsing attributes in process `syz.1.203'.
[  194.986408][ T6750] netlink: 16 bytes leftover after parsing attributes in process `syz.1.203'.
[  195.788454][  T981] usb 3-1: USB disconnect, device number 6
[  197.440597][ T6777] netlink: 'syz.2.211': attribute type 10 has an invalid length.
[  197.443157][ T6771] syzkaller0: entered promiscuous mode
[  197.454142][ T6771] syzkaller0: entered allmulticast mode
[  197.471988][ T6777] 8021q: adding VLAN 0 to HW filter on device batadv0
[  197.770208][ T6780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.210'.
[  197.784064][ T6780] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  198.126398][ T6777] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  198.330401][ T6777] syz.2.211 (6777) used greatest stack depth: 19848 bytes left
[  198.700985][ T6792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.215'.
[  198.732467][ T6792] netlink: 'syz.2.215': attribute type 3 has an invalid length.
[  199.037008][ T6796] xt_bpf: check failed: parse error
[  199.044245][ T6796] overlayfs: failed to resolve './file1/file0': -2
[  199.584509][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  199.808982][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  200.008942][ T6802] veth0_to_bond: entered allmulticast mode
[  200.429025][ T6813] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  200.458375][ T6813] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  200.513301][ T6813] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  200.542942][ T6813] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  202.707969][ T6834] netlink: 4 bytes leftover after parsing attributes in process `syz.4.227'.
[  202.717486][ T6834] netlink: 'syz.4.227': attribute type 3 has an invalid length.
[  203.408928][  T981] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  203.586696][  T981] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  203.610716][  T981] usb 2-1: config 1 has an invalid descriptor of length 114, skipping remainder of the config
[  203.655732][  T981] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  203.679433][  T981] usb 2-1: config 1 has no interface number 1
[  203.702357][ T6841] netlink: 'syz.0.231': attribute type 10 has an invalid length.
[  203.703763][  T981] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  203.745818][  T981] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  203.768404][  T981] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.820689][  T981] usb 2-1: Product: syz
[  203.825214][  T981] usb 2-1: Manufacturer: syz
[  203.832463][  T981] usb 2-1: SerialNumber: syz
[  204.660828][  T981] usb 2-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  205.031029][  T981] usb 2-1: MIDIStreaming interface descriptor not found
[  205.119279][  T981] usb 2-1: USB disconnect, device number 8
[  205.152817][ T6864] netlink: 60 bytes leftover after parsing attributes in process `syz.4.239'.
[  205.172157][ T6862] netlink: 60 bytes leftover after parsing attributes in process `syz.4.239'.
[  205.293510][ T6253] udevd[6253]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  206.270138][ T6886] netlink: 4 bytes leftover after parsing attributes in process `syz.1.243'.
[  206.286974][ T6886] netlink: 'syz.1.243': attribute type 3 has an invalid length.
[  207.273557][   T30] kauditd_printk_skb: 56 callbacks suppressed
[  207.273576][   T30] audit: type=1326 audit(1755803490.934:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6889 comm="syz.4.245" exe="/root/syz-executor" sig=31 arch=c000003e syscall=317 compat=0 ip=0x7f2286b8ebe9 code=0x0
[  207.421559][ T5841] Bluetooth: hci5: command 0x1003 tx timeout
[  207.428535][ T5854] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  207.528994][ T5917] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  207.735884][ T5917] usb 5-1: unable to get BOS descriptor or descriptor too short
[  207.766463][ T5917] usb 5-1: not running at top speed; connect to a high speed hub
[  207.809146][ T5917] usb 5-1: config 219 has 1 interface, different from the descriptor's value: 2
[  207.852687][ T5917] usb 5-1: config 219 interface 0 has no altsetting 0
[  207.879037][ T5917] usb 5-1: config 219 interface 0 has no altsetting 1
[  207.898556][ T5917] usb 5-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e
[  207.918067][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.953234][ T5917] usb 5-1: Product: syz
[  207.958735][ T5917] usb 5-1: Manufacturer: syz
[  207.999176][ T5917] usb 5-1: SerialNumber: syz
[  208.280775][ T5917] usb 5-1: selecting invalid altsetting 0
[  208.287632][ T5917] usb 5-1: selecting invalid altsetting 0
[  208.377552][ T6901] netlink: 16 bytes leftover after parsing attributes in process `syz.3.248'.
[  208.387296][ T6901] netlink: 16 bytes leftover after parsing attributes in process `syz.3.248'.
[  209.052662][ T5917] usb 5-1: USB disconnect, device number 6
[  209.477635][ T6908] trusted_key: syz.4.251 sent an empty control message without MSG_MORE.
[  209.735856][ T6253] udevd[6253]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:219.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  210.134821][ T6917] program syz.3.252 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  211.873439][ T6949] netlink: 4 bytes leftover after parsing attributes in process `syz.2.264'.
[  211.896765][ T6949] FAULT_INJECTION: forcing a failure.
[  211.896765][ T6949] name failslab, interval 1, probability 0, space 0, times 0
[  211.932005][ T6949] CPU: 0 UID: 0 PID: 6949 Comm: syz.2.264 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  211.932036][ T6949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  211.932050][ T6949] Call Trace:
[  211.932059][ T6949]  <TASK>
[  211.932069][ T6949]  dump_stack_lvl+0x189/0x250
[  211.932111][ T6949]  ? __pfx____ratelimit+0x10/0x10
[  211.932136][ T6949]  ? __pfx_dump_stack_lvl+0x10/0x10
[  211.932161][ T6949]  ? __pfx__printk+0x10/0x10
[  211.932196][ T6949]  ? __pfx___might_resched+0x10/0x10
[  211.932220][ T6949]  ? fs_reclaim_acquire+0x7d/0x100
[  211.932252][ T6949]  should_fail_ex+0x414/0x560
[  211.932281][ T6949]  should_failslab+0xa8/0x100
[  211.932307][ T6949]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  211.932331][ T6949]  ? __alloc_skb+0x112/0x2d0
[  211.932374][ T6949]  __alloc_skb+0x112/0x2d0
[  211.932411][ T6949]  netlink_ack+0x146/0xa50
[  211.932439][ T6949]  ? __pfx_genl_rcv_msg+0x10/0x10
[  211.932460][ T6949]  ? ref_tracker_free+0x63a/0x7d0
[  211.932482][ T6949]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  211.932502][ T6949]  ? __pfx_nl80211_post_doit+0x10/0x10
[  211.932523][ T6949]  ? __pfx_ref_tracker_free+0x10/0x10
[  211.932560][ T6949]  netlink_rcv_skb+0x28c/0x470
[  211.932592][ T6949]  ? __pfx_genl_rcv_msg+0x10/0x10
[  211.932617][ T6949]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  211.932668][ T6949]  ? down_read+0x1ad/0x2e0
[  211.932698][ T6949]  genl_rcv+0x28/0x40
[  211.932719][ T6949]  netlink_unicast+0x75c/0x8e0
[  211.932760][ T6949]  netlink_sendmsg+0x805/0xb30
[  211.932803][ T6949]  ? __pfx_netlink_sendmsg+0x10/0x10
[  211.932844][ T6949]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  211.932866][ T6949]  ? __pfx_netlink_sendmsg+0x10/0x10
[  211.932899][ T6949]  __sock_sendmsg+0x21c/0x270
[  211.932929][ T6949]  ____sys_sendmsg+0x505/0x830
[  211.932974][ T6949]  ? __pfx_____sys_sendmsg+0x10/0x10
[  211.933020][ T6949]  ? import_iovec+0x74/0xa0
[  211.933055][ T6949]  ___sys_sendmsg+0x21f/0x2a0
[  211.933092][ T6949]  ? __pfx____sys_sendmsg+0x10/0x10
[  211.933167][ T6949]  ? __fget_files+0x2a/0x420
[  211.933192][ T6949]  ? __fget_files+0x3a0/0x420
[  211.933229][ T6949]  __x64_sys_sendmsg+0x19b/0x260
[  211.933266][ T6949]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  211.933312][ T6949]  ? __pfx_ksys_write+0x10/0x10
[  211.933330][ T6949]  ? rcu_is_watching+0x15/0xb0
[  211.933366][ T6949]  ? do_syscall_64+0xbe/0x3b0
[  211.933395][ T6949]  do_syscall_64+0xfa/0x3b0
[  211.933419][ T6949]  ? lockdep_hardirqs_on+0x9c/0x150
[  211.933441][ T6949]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.933462][ T6949]  ? clear_bhb_loop+0x60/0xb0
[  211.933490][ T6949]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.933511][ T6949] RIP: 0033:0x7f077fd8ebe9
[  211.933537][ T6949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.933555][ T6949] RSP: 002b:00007f0780b7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  211.933586][ T6949] RAX: ffffffffffffffda RBX: 00007f077ffb5fa0 RCX: 00007f077fd8ebe9
[  211.933602][ T6949] RDX: 0000000020004000 RSI: 0000200000000040 RDI: 0000000000000003
[  211.933616][ T6949] RBP: 00007f0780b7f090 R08: 0000000000000000 R09: 0000000000000000
[  211.933629][ T6949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  211.933641][ T6949] R13: 00007f077ffb6038 R14: 00007f077ffb5fa0 R15: 00007ffd5d8e0378
[  211.933676][ T6949]  </TASK>
[  212.239138][ T5827] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  212.858923][  T926] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  212.920519][ T5917] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  213.004001][ T6959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.266'.
[  213.022630][ T6959] netlink: 'syz.1.266': attribute type 3 has an invalid length.
[  213.088891][  T926] usb 3-1: Using ep0 maxpacket: 16
[  213.155816][ T5917] usb 1-1: Using ep0 maxpacket: 32
[  213.425703][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  213.439837][  T926] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  213.449030][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  213.468996][ T5917] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  213.624607][  T926] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  213.628898][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.639011][  T926] usb 3-1: config 1 has no interface number 1
[  213.666203][  T926] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  213.680779][ T5917] usb 1-1: config 0 descriptor??
[  213.688758][  T926] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  213.698626][  T926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.715739][  T926] usb 3-1: Product: syz
[  213.720763][  T926] usb 3-1: Manufacturer: syz
[  213.721716][ T5917] hub 1-1:0.0: USB hub found
[  213.725665][  T926] usb 3-1: SerialNumber: syz
[  213.802862][ T6964] delete_channel: no stack
[  214.056193][  T926] usb 3-1: USB disconnect, device number 7
[  214.219208][ T6969] program syz.4.268 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  214.277697][ T5855] udevd[5855]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  214.819557][ T6983] netlink: 12 bytes leftover after parsing attributes in process `syz.4.270'.
[  214.981588][ T5917] hub 1-1:0.0: 1 port detected
[  216.211568][ T5917] hub 1-1:0.0: hub_hub_status failed (err = -32)
[  216.238600][ T5917] hub 1-1:0.0: config failed, can't get hub status (err -32)
[  216.311729][ T5917] usbhid 1-1:0.0: can't add hid device: -71
[  216.332892][ T5917] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  216.471708][ T5917] usb 1-1: USB disconnect, device number 5
[  217.009539][ T5844] Bluetooth: hci0: command 0x0406 tx timeout
[  217.015667][ T5844] Bluetooth: hci2: command 0x0406 tx timeout
[  217.040093][ T5852] Bluetooth: hci3: command 0x0406 tx timeout
[  217.046257][ T5852] Bluetooth: hci4: command 0x0406 tx timeout
[  217.052919][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  218.426839][ T7004] usb usb6: usbfs: process 7004 (syz.0.279) did not claim interface 46 before use
[  219.136667][ T7014] netlink: 'syz.4.280': attribute type 4 has an invalid length.
[  219.229926][ T7014] netlink: 'syz.4.280': attribute type 4 has an invalid length.
[  221.287069][ T7044] netlink: 8 bytes leftover after parsing attributes in process `syz.4.287'.
[  223.368624][ T7069] netlink: 12 bytes leftover after parsing attributes in process `syz.4.290'.
[  224.167183][ T7075] xt_hashlimit: size too large, truncated to 1048576
[  224.314797][ T7079] �: renamed from vxcan1 (while UP)
[  224.664094][ T7087] netlink: 16 bytes leftover after parsing attributes in process `syz.1.295'.
[  224.673241][ T7087] netlink: 16 bytes leftover after parsing attributes in process `syz.1.295'.
[  225.419362][   T30] audit: type=1326 audit(1755803509.074:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7082 comm="syz.0.296" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ffaf8ebe9 code=0x0
[  227.528536][ T5827] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  227.583254][ T4883] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.762875][ T4883] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.774278][ T5827] usb 3-1: Using ep0 maxpacket: 16
[  227.794623][ T5827] usb 3-1: config index 0 descriptor too short (expected 16456, got 72)
[  227.813144][ T5827] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  227.824898][ T5827] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  227.882831][ T5827] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  227.919245][ T5827] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  227.955670][ T5827] usb 3-1: config 0 has no interface number 0
[  228.004560][ T5827] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  228.153252][ T4883] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.243075][ T5827] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  228.269144][ T5827] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  228.299662][ T5827] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  228.320600][ T5827] usb 3-1: config 0 interface 125 has no altsetting 0
[  228.344154][ T5827] usb 3-1: config 0 interface 125 has no altsetting 2
[  228.381238][ T5827] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  228.416800][ T5827] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.452960][ T5827] usb 3-1: Product: syz
[  228.457263][ T5827] usb 3-1: Manufacturer: syz
[  228.487557][ T5827] usb 3-1: SerialNumber: syz
[  228.565555][ T5827] usb 3-1: config 0 descriptor??
[  228.581277][ T4883] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.615510][ T5827] usb 3-1: selecting invalid altsetting 2
[  228.896744][ T7104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  228.908535][ T7104] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  229.774341][ T5850] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  229.791967][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  229.808873][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  229.823819][ T5850] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  229.834814][ T5850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  229.845269][ T5827] get_1284_register timeout
[  229.932768][ T7132] ptrace attach of "./syz-executor exec"[5836] was attempted by ""[7132]
[  229.950752][    C1] usb 3-1: async_complete: urb error -104
[  229.969233][ T5827] uss720 3-1:0.125: probe with driver uss720 failed with error -5
[  229.996284][ T7132] syz_tun: entered allmulticast mode
[  230.003242][ T7131] syz_tun: left allmulticast mode
[  230.252106][ T4883] bridge_slave_1: left allmulticast mode
[  230.271690][ T4883] bridge_slave_1: left promiscuous mode
[  230.287226][ T4883] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.437893][ T4883] bridge_slave_0: left allmulticast mode
[  230.477493][ T4883] bridge_slave_0: left promiscuous mode
[  230.555755][ T4883] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.629767][ T5952] usb 3-1: USB disconnect, device number 8
[  231.891032][ T5854] Bluetooth: hci0: command tx timeout
[  232.477167][ T4883] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  232.497767][ T4883] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  232.517068][ T4883] bond0 (unregistering): Released all slaves
[  232.769498][ T7160] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  232.784026][ T7161] syzkaller0: entered promiscuous mode
[  232.801551][ T7161] syzkaller0: entered allmulticast mode
[  232.869174][ T4883] tipc: Left network mode
[  232.888392][ T7181] tipc: Started in network mode
[  232.905676][ T7181] tipc: Node identity 6a11945bff74, cluster identity 4711
[  232.926852][ T7181] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  232.996365][ T7184] syzkaller0: entered promiscuous mode
[  233.036837][ T7184] syzkaller0: entered allmulticast mode
[  233.077508][ T7181] tipc: Resetting bearer <eth:syzkaller0>
[  233.101286][ T7180] tipc: Resetting bearer <eth:syzkaller0>
[  233.133980][ T7180] tipc: Disabling bearer <eth:syzkaller0>
[  233.150502][ T7161] tipc: Resetting bearer <eth:syzkaller0>
[  233.195937][ T7161] tipc: Disabling bearer <eth:syzkaller0>
[  233.802288][ T7198] JFS: charset not found
[  233.990013][ T5854] Bluetooth: hci0: command tx timeout
[  234.474211][    T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  234.638866][    T9] usb 3-1: Using ep0 maxpacket: 8
[  234.647781][    T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  234.667498][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  234.677681][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  234.687681][    T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  234.702497][    T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  234.711641][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.990450][ T4883] hsr_slave_0: left promiscuous mode
[  235.079070][ T4883] hsr_slave_1: left promiscuous mode
[  235.098499][ T4883] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  235.127514][ T4883] batman_adv: batadv0: Removing interface: batadv_slave_0
[  235.173584][ T4883] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  235.208914][ T4883] batman_adv: batadv0: Removing interface: batadv_slave_1
[  235.273219][    T9] usb 3-1: GET_CAPABILITIES returned 0
[  235.295148][    T9] usbtmc 3-1:16.0: can't read capabilities
[  235.375667][ T7218] sctp: [Deprecated]: syz.3.320 (pid 7218) Use of int in maxseg socket option.
[  235.375667][ T7218] Use struct sctp_assoc_value instead
[  235.553963][ T4883] veth1_vlan: left promiscuous mode
[  235.640724][ T4883] veth0_vlan: left promiscuous mode
[  235.746347][   T30] audit: type=1326 audit(1755803519.404:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7201 comm="syz.1.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa52238ebe9 code=0x7fc00000
[  235.945318][ T7222] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  236.118702][ T5854] Bluetooth: hci0: command tx timeout
[  236.161213][ T7225] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.320'.
[  236.983720][ T5952] usb 3-1: USB disconnect, device number 9
[  237.493155][ T7234] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  237.500820][ T7234] IPv6: NLM_F_CREATE should be set when creating new route
[  237.508244][ T7234] IPv6: NLM_F_CREATE should be set when creating new route
[  237.515763][ T7234] IPv6: NLM_F_CREATE should be set when creating new route
[  237.963636][ T7240] netlink: 24 bytes leftover after parsing attributes in process `syz.1.323'.
[  238.131472][ T5854] Bluetooth: hci0: command tx timeout
[  238.511068][ T4883] team0 (unregistering): Port device team_slave_1 removed
[  238.591745][ T4883] team0 (unregistering): Port device team_slave_0 removed
[  238.694987][ T7247] netlink: 12 bytes leftover after parsing attributes in process `syz.1.325'.
[  239.768094][ T7133] chnl_net:caif_netlink_parms(): no params data found
[  239.837459][ T7234] netlink: 80 bytes leftover after parsing attributes in process `syz.2.322'.
[  241.097735][ T7261] binder: Bad value for 'max'
[  242.248862][   T30] audit: type=1326 audit(1755803525.884:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7273 comm="syz.3.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  242.278479][   T30] audit: type=1326 audit(1755803525.884:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7273 comm="syz.3.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  242.310765][ T7277] tipc: Cannot configure node identity twice
[  242.449021][   T30] audit: type=1326 audit(1755803525.884:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7273 comm="syz.3.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  242.514499][   T30] audit: type=1326 audit(1755803525.884:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7273 comm="syz.3.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  242.541483][   T30] audit: type=1326 audit(1755803525.884:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7273 comm="syz.3.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  242.563076][   T30] audit: type=1326 audit(1755803525.884:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7273 comm="syz.3.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  242.584673][   T30] audit: type=1326 audit(1755803525.884:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7273 comm="syz.3.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  242.611688][   T30] audit: type=1326 audit(1755803525.884:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7273 comm="syz.3.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  242.633899][   T30] audit: type=1326 audit(1755803525.884:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7273 comm="syz.3.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  242.855407][   T30] audit: type=1326 audit(1755803525.884:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7273 comm="syz.3.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae6c78ebe9 code=0x7ffc0000
[  242.924446][ T7133] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.932179][ T7133] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.944108][ T7133] bridge_slave_0: entered allmulticast mode
[  242.956876][ T7133] bridge_slave_0: entered promiscuous mode
[  243.044336][ T7133] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.061931][ T7133] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.113863][ T7133] bridge_slave_1: entered allmulticast mode
[  243.130932][ T7133] bridge_slave_1: entered promiscuous mode
[  243.244222][ T7133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  243.286770][ T7133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  245.604110][ T7133] team0: Port device team_slave_0 added
[  245.684270][ T7133] team0: Port device team_slave_1 added
[  245.876323][ T7311] netlink: 12 bytes leftover after parsing attributes in process `syz.1.336'.
[  245.997404][ T7325] netlink: 16 bytes leftover after parsing attributes in process `syz.3.340'.
[  247.112938][ T7325] netlink: 16 bytes leftover after parsing attributes in process `syz.3.340'.
[  248.371389][ T7133] batman_adv: batadv0: Adding interface: batadv_slave_0
[  248.380649][ T7133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  248.408089][ T7133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  248.530506][ T7133] batman_adv: batadv0: Adding interface: batadv_slave_1
[  248.556824][ T7133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  248.602792][ T7133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  248.936438][ T7133] hsr_slave_0: entered promiscuous mode
[  248.966028][ T7133] hsr_slave_1: entered promiscuous mode
[  248.994277][ T7133] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  249.038311][ T7133] Cannot create hsr debugfs directory
[  249.313440][ T7340] netlink: 8 bytes leftover after parsing attributes in process `syz.2.342'.
[  250.437167][ T7133] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  250.554296][ T7133] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  250.598963][  T978] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  250.639972][ T7133] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  250.704639][ T7133] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  250.784748][  T978] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  250.816965][  T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.852084][  T978] usb 3-1: config 0 descriptor??
[  250.865006][  T978] gspca_main: spca508-2.14.0 probing 8086:0110
[  251.835437][  T978] gspca_spca508: reg_read err -110
[  251.853863][  T978] gspca_spca508: reg_read err -32
[  251.869214][  T978] gspca_spca508: reg_read err -32
[  251.874870][  T978] gspca_spca508: reg_read err -32
[  251.886051][  T978] gspca_spca508: reg write: error -32
[  251.909066][  T978] spca508 3-1:0.0: probe with driver spca508 failed with error -32
[  252.025933][ T7133] 8021q: adding VLAN 0 to HW filter on device bond0
[  252.081031][ T7133] 8021q: adding VLAN 0 to HW filter on device team0
[  252.109240][ T4883] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.116474][ T4883] bridge0: port 1(bridge_slave_0) entered forwarding state
[  252.163488][ T7392] syzkaller0: entered promiscuous mode
[  252.188403][ T7392] syzkaller0: entered allmulticast mode
[  252.758562][ T6190] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.765885][ T6190] bridge0: port 2(bridge_slave_1) entered forwarding state
[  253.166821][ T7133] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  253.177579][ T7133] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  253.758472][ T7413] netlink: 12 bytes leftover after parsing attributes in process `syz.4.354'.
[  254.198891][  T978] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  254.391884][  T978] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  254.477353][  T978] usb 4-1: config 0 has no interface number 0
[  254.532017][  T978] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  254.543190][ T7133] 8021q: adding VLAN 0 to HW filter on device batadv0
[  254.558220][  T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.572539][ T5917] usb 3-1: USB disconnect, device number 10
[  254.585792][  T978] usb 4-1: Product: syz
[  254.628849][  T978] usb 4-1: Manufacturer: syz
[  254.633545][  T978] usb 4-1: SerialNumber: syz
[  254.686000][  T978] usb 4-1: config 0 descriptor??
[  254.940859][ T7418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  254.982302][ T7418] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  255.030181][  T978] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  255.091672][  T978] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  255.135576][  T978] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  255.155520][  T978] usb 4-1: media controller created
[  255.276009][  T978] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  255.438531][  T978] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  255.635323][  T978] usb 4-1: USB disconnect, device number 5
[  257.056612][ T7437] ceph: No mds server is up or the cluster is laggy
[  257.126617][ T7448] ceph: No mds server is up or the cluster is laggy
[  257.144323][ T7133] veth0_vlan: entered promiscuous mode
[  257.149159][ T7444] ceph: No mds server is up or the cluster is laggy
[  257.833416][ T7133] veth1_vlan: entered promiscuous mode
[  258.022964][ T7133] veth0_macvtap: entered promiscuous mode
[  258.110185][ T7133] veth1_macvtap: entered promiscuous mode
[  258.777781][ T7133] batman_adv: batadv0: Interface activated: batadv_slave_0
[  258.842470][ T7133] batman_adv: batadv0: Interface activated: batadv_slave_1
[  258.878339][ T7133] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  258.931167][ T7133] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  258.976086][ T7133] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  258.998363][ T7133] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  261.025789][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  261.043041][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  261.262424][  T981] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  261.458905][  T981] usb 5-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  261.514502][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  261.553123][  T981] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.698740][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  261.761177][  T981] usb 5-1: config 0 descriptor??
[  261.770661][ T7513] sctp: [Deprecated]: syz.2.370 (pid 7513) Use of int in maxseg socket option.
[  261.770661][ T7513] Use struct sctp_assoc_value instead
[  262.353102][  T981] gspca_main: spca508-2.14.0 probing 8086:0110
[  262.369635][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  262.410109][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  263.053724][  T981] gspca_spca508: reg_read err -110
[  263.068931][  T981] gspca_spca508: reg_read err -32
[  263.118425][  T981] gspca_spca508: reg_read err -32
[  263.199788][  T981] gspca_spca508: reg_read err -32
[  263.220298][  T981] gspca_spca508: reg write: error -32
[  263.225829][  T981] spca508 5-1:0.0: probe with driver spca508 failed with error -32
[  264.951946][ T7554] ref_ctr_offset mismatch. inode: 0x193 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6
[  265.483102][ T7559] input: syz1 as /devices/virtual/input/input8
[  265.928058][ T7568] sctp: [Deprecated]: syz.3.379 (pid 7568) Use of int in max_burst socket option.
[  265.928058][ T7568] Use struct sctp_assoc_value instead
[  266.296065][ T7578] netlink: 'syz.3.382': attribute type 10 has an invalid length.
[  266.336723][  T926] usb 5-1: USB disconnect, device number 7
[  266.903319][ T7578] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  267.088247][ T7587] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  267.887430][ T7587] orangefs_mount: mount request failed with -4
[  271.061308][ T7629] sctp: [Deprecated]: syz.2.392 (pid 7629) Use of int in max_burst socket option.
[  271.061308][ T7629] Use struct sctp_assoc_value instead
[  271.532133][ T7620] netlink: 16 bytes leftover after parsing attributes in process `syz.1.390'.
[  271.750082][ T7620] netlink: 16 bytes leftover after parsing attributes in process `syz.1.390'.
[  272.400109][ T7639] netlink: 128 bytes leftover after parsing attributes in process `syz.3.393'.
[  273.029794][ T7655] sctp: [Deprecated]: syz.5.398 (pid 7655) Use of int in max_burst socket option deprecated.
[  273.029794][ T7655] Use struct sctp_assoc_value instead
[  275.251526][ T7689] sctp: [Deprecated]: syz.1.404 (pid 7689) Use of int in max_burst socket option.
[  275.251526][ T7689] Use struct sctp_assoc_value instead
[  276.845302][ T7709] netlink: 'syz.1.408': attribute type 1 has an invalid length.
[  276.964196][ T7710] tipc: Started in network mode
[  276.998120][ T7710] tipc: Node identity c2be1edfbb32, cluster identity 4711
[  277.040518][ T7710] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  277.209088][ T7710] syzkaller0: entered promiscuous mode
[  277.843419][ T7710] syzkaller0: entered allmulticast mode
[  278.080721][ T7719] vlan2: entered promiscuous mode
[  278.085840][ T7719] geneve0: entered promiscuous mode
[  278.134446][ T5854] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  278.145056][ T5854] CPU: 1 UID: 0 PID: 5854 Comm: kworker/u9:9 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  278.145086][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  278.145101][ T5854] Workqueue: hci0 hci_rx_work
[  278.145129][ T5854] Call Trace:
[  278.145139][ T5854]  <TASK>
[  278.145148][ T5854]  dump_stack_lvl+0x189/0x250
[  278.145177][ T5854]  ? kernfs_path_from_node+0x2c/0x260
[  278.145206][ T5854]  ? __pfx_dump_stack_lvl+0x10/0x10
[  278.145232][ T5854]  ? __pfx__printk+0x10/0x10
[  278.145275][ T5854]  ? kernfs_path_from_node+0x2c/0x260
[  278.145301][ T5854]  ? kernfs_path_from_node+0x2c/0x260
[  278.145330][ T5854]  ? kernfs_path_from_node+0x22c/0x260
[  278.145356][ T5854]  ? kernfs_path_from_node+0x2c/0x260
[  278.145387][ T5854]  sysfs_create_dir_ns+0x259/0x280
[  278.145418][ T5854]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  278.145447][ T5854]  ? do_raw_spin_unlock+0x122/0x240
[  278.145482][ T5854]  kobject_add_internal+0x59f/0xb40
[  278.145522][ T5854]  kobject_add+0x155/0x220
[  278.145555][ T5854]  ? __pfx_kobject_add+0x10/0x10
[  278.145584][ T5854]  ? _raw_spin_unlock+0x28/0x50
[  278.145625][ T5854]  ? get_device_parent+0x366/0x3a0
[  278.145664][ T5854]  device_add+0x408/0xb50
[  278.145704][ T5854]  hci_conn_add_sysfs+0xd5/0x1e0
[  278.145744][ T5854]  le_conn_complete_evt+0xc3a/0x1220
[  278.145790][ T5854]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  278.145821][ T5854]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  278.145845][ T5854]  ? __asan_memcpy+0x40/0x70
[  278.145879][ T5854]  ? __pfx___mutex_lock+0x10/0x10
[  278.145905][ T5854]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  278.145929][ T5854]  ? skb_pull_data+0xfb/0x200
[  278.145959][ T5854]  hci_le_conn_complete_evt+0x187/0x450
[  278.145997][ T5854]  hci_event_packet+0x78c/0x1200
[  278.146025][ T5854]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  278.146056][ T5854]  ? __pfx_hci_event_packet+0x10/0x10
[  278.146082][ T5854]  ? kcov_remote_start+0x4d3/0x7f0
[  278.146114][ T5854]  ? lockdep_hardirqs_on+0x90/0x150
[  278.146141][ T5854]  ? hci_send_to_monitor+0xe2/0x570
[  278.146176][ T5854]  hci_rx_work+0x46a/0xe80
[  278.146209][ T5854]  ? process_scheduled_works+0x9ef/0x17b0
[  278.146242][ T5854]  process_scheduled_works+0xade/0x17b0
[  278.146301][ T5854]  ? __pfx_process_scheduled_works+0x10/0x10
[  278.146346][ T5854]  worker_thread+0x8a0/0xda0
[  278.146375][ T5854]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  278.146422][ T5854]  ? __kthread_parkme+0x7b/0x200
[  278.146460][ T5854]  kthread+0x70e/0x8a0
[  278.146495][ T5854]  ? __pfx_worker_thread+0x10/0x10
[  278.146520][ T5854]  ? __pfx_kthread+0x10/0x10
[  278.146553][ T5854]  ? _raw_spin_unlock_irq+0x23/0x50
[  278.146574][ T5854]  ? lockdep_hardirqs_on+0x9c/0x150
[  278.146594][ T5854]  ? __pfx_kthread+0x10/0x10
[  278.146626][ T5854]  ret_from_fork+0x3fc/0x770
[  278.146651][ T5854]  ? __pfx_ret_from_fork+0x10/0x10
[  278.146681][ T5854]  ? __switch_to_asm+0x39/0x70
[  278.146707][ T5854]  ? __switch_to_asm+0x33/0x70
[  278.146733][ T5854]  ? __pfx_kthread+0x10/0x10
[  278.146765][ T5854]  ret_from_fork_asm+0x1a/0x30
[  278.146812][ T5854]  </TASK>
[  278.442832][    C1] vkms_vblank_simulate: vblank timer overrun
[  278.456669][ T5854] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  278.470916][ T5854] Bluetooth: hci0: failed to register connection device
[  278.583412][ T5827] tipc: Node number set to 2039226079
[  278.867947][ T7720] vlan2: entered promiscuous mode
[  279.922118][ T7708] tipc: Resetting bearer <eth:syzkaller0>
[  280.008699][ T7737] xt_bpf: check failed: parse error
[  281.219505][ T7708] tipc: Disabling bearer <eth:syzkaller0>
[  285.015022][ T5854] Bluetooth: hci0: command 0x0406 tx timeout
[  285.409517][ T7790] netlink: 8 bytes leftover after parsing attributes in process `syz.3.429'.
[  285.629512][ T7798] sg_write: data in/out 268435420/98 bytes for SCSI command 0x0-- guessing data in;
[  285.629512][ T7798]    program syz.4.431 not setting count and/or reply_len properly
[  285.777845][ T7798] 9pnet_fd: Insufficient options for proto=fd
[  287.299092][ T7828] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.435'.
[  287.309285][ T7828] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.435'.
[  288.397462][ T7838] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  290.533868][ T7852] delete_channel: no stack
[  291.676586][ T7870] veth1_macvtap: left promiscuous mode
[  291.688949][ T7870] macsec0: entered promiscuous mode
[  291.694246][ T7870] macsec0: entered allmulticast mode
[  291.740533][ T7866] netlink: 56 bytes leftover after parsing attributes in process `syz.1.444'.
[  292.089112][ T5952] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  292.276776][ T7884] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  292.369559][ T5952] usb 2-1: unable to read config index 0 descriptor/start: -61
[  292.426020][ T5952] usb 2-1: can't read configurations, error -61
[  292.822544][ T5952] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  292.969741][ T7887] veth1_macvtap: left promiscuous mode
[  292.986423][ T7887] macsec0: entered allmulticast mode
[  293.065935][ T5952] usb 2-1: unable to read config index 0 descriptor/start: -61
[  293.094404][ T7889] veth1_macvtap: entered promiscuous mode
[  293.107679][ T5952] usb 2-1: can't read configurations, error -61
[  293.139088][ T7889] veth1_macvtap: entered allmulticast mode
[  293.158129][ T5952] usb usb2-port1: attempt power cycle
[  293.169237][ T7889] macsec0: left allmulticast mode
[  293.174318][ T7889] veth1_macvtap: left allmulticast mode
[  293.478912][   T43] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  293.569025][ T7898] capability: warning: `syz.1.451' uses 32-bit capabilities (legacy support in use)
[  293.668904][   T43] usb 4-1: Using ep0 maxpacket: 32
[  293.708847][   T43] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  293.729407][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.748983][   T43] usb 4-1: Product: syz
[  293.760500][   T43] usb 4-1: Manufacturer: syz
[  293.776130][   T43] usb 4-1: SerialNumber: syz
[  293.799487][   T43] usb 4-1: config 0 descriptor??
[  294.260117][   T43] airspy 4-1:0.0: usb_control_msg() failed -71 request 0a
[  294.269821][   T43] airspy 4-1:0.0: Could not detect board
[  294.275647][   T43] airspy 4-1:0.0: probe with driver airspy failed with error -71
[  294.290520][   T43] usb 4-1: USB disconnect, device number 6
[  294.389066][ T7917] Driver unsupported XDP return value 0 on prog  (id 111) dev N/A, expect packet loss!
[  294.867220][ T5855] udevd[5855]: setting mode of /dev/bus/usb/004/006 to 020664 failed: No such file or directory
[  294.886757][ T5855] udevd[5855]: setting owner of /dev/bus/usb/004/006 to uid=0, gid=0 failed: No such file or directory
[  297.716884][ T7949] netlink: 16 bytes leftover after parsing attributes in process `syz.2.459'.
[  298.342304][ T7949] netlink: 16 bytes leftover after parsing attributes in process `syz.2.459'.
[  301.977956][ T7989] nfs4: Unexpected value for 'acl'
[  303.971937][ T5917] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  304.275957][ T5917] usb 6-1: device descriptor read/64, error -71
[  304.528984][ T5917] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  305.199109][ T5917] usb 6-1: device descriptor read/64, error -71
[  305.319398][ T5917] usb usb6-port1: attempt power cycle
[  305.696823][ T5917] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  305.759611][ T5917] usb 6-1: device descriptor read/8, error -71
[  306.188800][ T5917] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  306.212102][ T5917] usb 6-1: device descriptor read/8, error -71
[  306.297283][ T8048] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f���_ٮ,��
�<�_e�F��"
[  306.309406][ T8048] CUSE: unknown device info "3�ܟ�,��̘�"
[  306.315305][ T8048] CUSE: unknown device info "J���2SZ�� !e/��������J�+-n��a4����D�|G$��5O~�q	��
[  306.315305][ T8048] f����z��X�SA�x��j��T�ǔ��w���xR�ɐQ��(hҏj	p�VdY0��|M?2J��I�v�^
R�@��"
[  306.334325][ T8048] CUSE: unknown device info "!To�}ݝ&|L+U��o��ϲ���"��FstV�:׌E�gJ�����<@c�����4�T�M�M|�����"
[  306.345760][ T8048] CUSE: DEVNAME unspecified
[  306.361435][ T5917] usb usb6-port1: unable to enumerate USB device
[  306.390484][   T30] kauditd_printk_skb: 44 callbacks suppressed
[  306.390530][   T30] audit: type=1326 audit(1755803590.014:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8044 comm="syz.2.478" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f077fd8ebe9 code=0x0
[  307.838382][ T8060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  307.879399][ T8060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  308.059105][  T978] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  309.834360][ T8083] FAULT_INJECTION: forcing a failure.
[  309.834360][ T8083] name failslab, interval 1, probability 0, space 0, times 0
[  309.847324][ T8083] CPU: 0 UID: 0 PID: 8083 Comm: syz.1.487 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  309.847353][ T8083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  309.847378][ T8083] Call Trace:
[  309.847387][ T8083]  <TASK>
[  309.847394][ T8083]  dump_stack_lvl+0x189/0x250
[  309.847417][ T8083]  ? __pfx____ratelimit+0x10/0x10
[  309.847434][ T8083]  ? __pfx_dump_stack_lvl+0x10/0x10
[  309.847451][ T8083]  ? __pfx__printk+0x10/0x10
[  309.847475][ T8083]  ? __pfx___might_resched+0x10/0x10
[  309.847492][ T8083]  ? fs_reclaim_acquire+0x7d/0x100
[  309.847514][ T8083]  should_fail_ex+0x414/0x560
[  309.847534][ T8083]  should_failslab+0xa8/0x100
[  309.847552][ T8083]  __kmalloc_cache_noprof+0x70/0x3d0
[  309.847567][ T8083]  ? iommufd_test+0x27b/0x5170
[  309.847585][ T8083]  iommufd_test+0x27b/0x5170
[  309.847608][ T8083]  ? __pfx_iommufd_test+0x10/0x10
[  309.847624][ T8083]  ? __lock_acquire+0xab9/0xd20
[  309.847647][ T8083]  ? __might_fault+0xb0/0x130
[  309.847678][ T8083]  iommufd_fops_ioctl+0x446/0x520
[  309.847700][ T8083]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  309.847736][ T8083]  ? __fget_files+0x3a0/0x420
[  309.847753][ T8083]  ? __fget_files+0x2a/0x420
[  309.847773][ T8083]  ? bpf_lsm_file_ioctl+0x9/0x20
[  309.847791][ T8083]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  309.847812][ T8083]  __se_sys_ioctl+0xfc/0x170
[  309.847837][ T8083]  do_syscall_64+0xfa/0x3b0
[  309.847855][ T8083]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.847870][ T8083]  ? asm_sysvec_call_function_single+0x1a/0x20
[  309.847885][ T8083]  ? clear_bhb_loop+0x60/0xb0
[  309.847904][ T8083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.847919][ T8083] RIP: 0033:0x7fa52238ebe9
[  309.847933][ T8083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  309.847946][ T8083] RSP: 002b:00007fa52314d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  309.847962][ T8083] RAX: ffffffffffffffda RBX: 00007fa5225b6180 RCX: 00007fa52238ebe9
[  309.847976][ T8083] RDX: 0000200000000180 RSI: 0000000000003ba0 RDI: 0000000000000006
[  309.847986][ T8083] RBP: 00007fa52314d090 R08: 0000000000000000 R09: 0000000000000000
[  309.847995][ T8083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  309.848003][ T8083] R13: 00007fa5225b6218 R14: 00007fa5225b6180 R15: 00007ffd62deaf18
[  309.848027][ T8083]  </TASK>
[  310.655896][   T43] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  310.814024][ T8092] sctp: [Deprecated]: syz.2.489 (pid 8092) Use of int in maxseg socket option.
[  310.814024][ T8092] Use struct sctp_assoc_value instead
[  310.850973][   T43] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  310.862539][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  310.947039][   T43] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  310.977538][   T43] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  311.004390][   T43] usb 6-1: Manufacturer: syz
[  311.030851][   T43] usb 6-1: config 0 descriptor??
[  311.103509][ T8098] netlink: 8 bytes leftover after parsing attributes in process `syz.2.491'.
[  311.211592][   T43] rc_core: IR keymap rc-hauppauge not found
[  311.228419][   T43] Registered IR keymap rc-empty
[  311.275199][   T43] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  311.342149][   T43] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input9
[  311.636561][    C1] igorplugusb 6-1:0.0: receive overflow invalid: 160
[  311.658973][  T981] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  312.438833][  T981] usb 3-1: Using ep0 maxpacket: 32
[  312.446180][  T981] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  312.462939][  T981] usb 3-1: config 0 has no interface number 0
[  312.634275][  T981] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  312.657052][  T981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.721678][    C1] igorplugusb 6-1:0.0: receive overflow, at least 34 lost
[  312.966794][  T981] usb 3-1: Product: syz
[  313.011978][  T981] usb 3-1: Manufacturer: syz
[  313.083837][  T981] usb 3-1: SerialNumber: syz
[  313.136860][  T981] usb 3-1: config 0 descriptor??
[  313.163872][  T981] smsc95xx v2.0.0
[  313.302056][  T978] usb 6-1: USB disconnect, device number 6
[  313.565798][  T981] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  313.649909][  T981] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  313.918447][ T8103] binder: 8101:8103 ioctl 80184151 200000000180 returned -22
[  314.007737][  T981] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  314.072774][  T981] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -61
[  314.406180][ T8128] vim2m vim2m.0: vidioc_s_fmt queue busy
[  314.498461][ T8135] xt_hashlimit: max too large, truncated to 1048576
[  316.037810][ T8149] loop2: detected capacity change from 0 to 7
[  316.189289][   T43] usb 3-1: USB disconnect, device number 12
[  316.269271][ T8149]  loop2: [POWERTEC] p1 p2 p3 p4
[  316.274793][ T8149] loop2: p1 start 305626056 is beyond EOD, truncated
[  316.308862][ T8149] loop2: p2 start 656376928 is beyond EOD, truncated
[  316.329039][ T8149] loop2: p3 start 113311743 is beyond EOD, truncated
[  316.371320][ T8149] loop2: p4 start 4294901760 is beyond EOD, truncated
[  316.470243][ T8159] binder: 8158:8159 ioctl 400c620e 200000000000 returned -22
[  316.731985][ T8165] netlink: 144 bytes leftover after parsing attributes in process `syz.1.501'.
[  318.310304][ T8175] pim6reg: entered allmulticast mode
[  318.452525][ T8183] FAULT_INJECTION: forcing a failure.
[  318.452525][ T8183] name failslab, interval 1, probability 0, space 0, times 0
[  318.524529][ T8183] CPU: 0 UID: 0 PID: 8183 Comm: syz.3.505 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  318.524558][ T8183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  318.524570][ T8183] Call Trace:
[  318.524578][ T8183]  <TASK>
[  318.524587][ T8183]  dump_stack_lvl+0x189/0x250
[  318.524616][ T8183]  ? __pfx____ratelimit+0x10/0x10
[  318.524639][ T8183]  ? __pfx_dump_stack_lvl+0x10/0x10
[  318.524663][ T8183]  ? __pfx__printk+0x10/0x10
[  318.524697][ T8183]  ? __pfx___might_resched+0x10/0x10
[  318.524718][ T8183]  ? fs_reclaim_acquire+0x7d/0x100
[  318.524748][ T8183]  should_fail_ex+0x414/0x560
[  318.524775][ T8183]  should_failslab+0xa8/0x100
[  318.524801][ T8183]  kmem_cache_alloc_noprof+0x73/0x3c0
[  318.524821][ T8183]  ? alloc_empty_file+0x55/0x1d0
[  318.524853][ T8183]  alloc_empty_file+0x55/0x1d0
[  318.524879][ T8183]  alloc_file_pseudo+0x13d/0x210
[  318.524911][ T8183]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  318.524936][ T8183]  ? __local_bh_enable_ip+0x12d/0x1c0
[  318.524975][ T8183]  anon_inode_getfile+0xc5/0x1a0
[  318.525003][ T8183]  bpf_link_prime+0xfc/0x220
[  318.525033][ T8183]  bpf_raw_tp_link_attach+0x4a5/0x6b0
[  318.525064][ T8183]  ? __pfx_bpf_raw_tp_link_attach+0x10/0x10
[  318.525098][ T8183]  ? __fget_files+0x2a/0x420
[  318.525131][ T8183]  bpf_raw_tracepoint_open+0x19b/0x1f0
[  318.525166][ T8183]  __sys_bpf+0x3cd/0x860
[  318.525204][ T8183]  ? __pfx___sys_bpf+0x10/0x10
[  318.525249][ T8183]  ? ksys_write+0x22a/0x250
[  318.525271][ T8183]  ? __pfx_ksys_write+0x10/0x10
[  318.525288][ T8183]  ? rcu_is_watching+0x15/0xb0
[  318.525320][ T8183]  __x64_sys_bpf+0x7c/0x90
[  318.525350][ T8183]  do_syscall_64+0xfa/0x3b0
[  318.525382][ T8183]  ? lockdep_hardirqs_on+0x9c/0x150
[  318.525405][ T8183]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.525426][ T8183]  ? clear_bhb_loop+0x60/0xb0
[  318.525451][ T8183]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.525471][ T8183] RIP: 0033:0x7fae6c78ebe9
[  318.525490][ T8183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.525507][ T8183] RSP: 002b:00007fae6d61a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  318.525529][ T8183] RAX: ffffffffffffffda RBX: 00007fae6c9b5fa0 RCX: 00007fae6c78ebe9
[  318.525545][ T8183] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000011
[  318.525558][ T8183] RBP: 00007fae6d61a090 R08: 0000000000000000 R09: 0000000000000000
[  318.525571][ T8183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  318.525583][ T8183] R13: 00007fae6c9b6038 R14: 00007fae6c9b5fa0 R15: 00007ffefa2eb568
[  318.525615][ T8183]  </TASK>
[  318.785687][    C0] vkms_vblank_simulate: vblank timer overrun
[  319.389342][ T8193] netlink: 16 bytes leftover after parsing attributes in process `syz.2.506'.
[  319.399066][ T8193] netlink: 16 bytes leftover after parsing attributes in process `syz.2.506'.
[  320.353132][ T8196] netlink: 8 bytes leftover after parsing attributes in process `syz.3.508'.
[  320.766952][ T8194] ==================================================================
[  320.775079][ T8194] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0xa7/0xf0
[  320.783357][ T8194] Read of size 1 at addr ffff88814b81beb0 by task syz.5.507/8194
[  320.791098][ T8194] 
[  320.793463][ T8194] CPU: 1 UID: 0 PID: 8194 Comm: syz.5.507 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  320.793485][ T8194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  320.793497][ T8194] Call Trace:
[  320.793504][ T8194]  <TASK>
[  320.793512][ T8194]  dump_stack_lvl+0x189/0x250
[  320.793536][ T8194]  ? rcu_is_watching+0x15/0xb0
[  320.793556][ T8194]  ? __kasan_check_byte+0x12/0x40
[  320.793575][ T8194]  ? __pfx_dump_stack_lvl+0x10/0x10
[  320.793593][ T8194]  ? rcu_is_watching+0x15/0xb0
[  320.793612][ T8194]  ? lock_release+0x4b/0x3e0
[  320.793629][ T8194]  ? __virt_addr_valid+0x1c8/0x5c0
[  320.793651][ T8194]  ? __virt_addr_valid+0x4a5/0x5c0
[  320.793673][ T8194]  print_report+0xca/0x240
[  320.793699][ T8194]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[  320.793727][ T8194]  kasan_report+0x118/0x150
[  320.793745][ T8194]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[  320.793776][ T8194]  ? remove_wait_queue+0x24/0x120
[  320.793800][ T8194]  __kasan_check_byte+0x2a/0x40
[  320.793817][ T8194]  lock_acquire+0x8d/0x360
[  320.793833][ T8194]  ? task_work_add+0x281/0x420
[  320.793861][ T8194]  _raw_spin_lock_irqsave+0xa7/0xf0
[  320.793888][ T8194]  ? remove_wait_queue+0x24/0x120
[  320.793912][ T8194]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  320.793948][ T8194]  ? __fput_deferred+0x215/0x390
[  320.793971][ T8194]  ? __pfx___fput_deferred+0x10/0x10
[  320.793996][ T8194]  remove_wait_queue+0x24/0x120
[  320.794022][ T8194]  poll_freewait+0xb1/0x240
[  320.794041][ T8194]  do_select+0x172f/0x17e0
[  320.794062][ T8194]  ? do_select+0xbb1/0x17e0
[  320.794088][ T8194]  ? __pfx_do_select+0x10/0x10
[  320.794103][ T8194]  ? rcu_is_watching+0x15/0xb0
[  320.794121][ T8194]  ? trace_sched_exit_tp+0x38/0x120
[  320.794147][ T8194]  ? __schedule+0x16c8/0x4c90
[  320.794167][ T8194]  ? __pfx_pollwake+0x10/0x10
[  320.794187][ T8194]  ? __pfx_pollwake+0x10/0x10
[  320.794206][ T8194]  ? __pfx_pollwake+0x10/0x10
[  320.794225][ T8194]  ? __pfx_pollwake+0x10/0x10
[  320.794243][ T8194]  ? __pfx_pollwake+0x10/0x10
[  320.794262][ T8194]  ? __pfx_pollwake+0x10/0x10
[  320.794282][ T8194]  ? __pfx_pollwake+0x10/0x10
[  320.794301][ T8194]  ? __pfx_pollwake+0x10/0x10
[  320.794319][ T8194]  ? __pfx_pollwake+0x10/0x10
[  320.794347][ T8194]  core_sys_select+0x6dd/0xa20
[  320.794374][ T8194]  ? __pfx_core_sys_select+0x10/0x10
[  320.794402][ T8194]  ? __pfx_set_user_sigmask+0x10/0x10
[  320.794426][ T8194]  __se_sys_pselect6+0x27a/0x300
[  320.794446][ T8194]  ? __pfx___se_sys_pselect6+0x10/0x10
[  320.794464][ T8194]  ? rcu_is_watching+0x15/0xb0
[  320.794485][ T8194]  ? __x64_sys_pselect6+0x21/0xf0
[  320.794503][ T8194]  do_syscall_64+0xfa/0x3b0
[  320.794523][ T8194]  ? lockdep_hardirqs_on+0x9c/0x150
[  320.794540][ T8194]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.794558][ T8194]  ? clear_bhb_loop+0x60/0xb0
[  320.794577][ T8194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.794594][ T8194] RIP: 0033:0x7f289278ebe9
[  320.794611][ T8194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  320.794626][ T8194] RSP: 002b:00007f289352a038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  320.794645][ T8194] RAX: ffffffffffffffda RBX: 00007f28929b6090 RCX: 00007f289278ebe9
[  320.794659][ T8194] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  320.794671][ T8194] RBP: 00007f2892811e19 R08: 0000000000000000 R09: 0000000000000000
[  320.794682][ T8194] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000000
[  320.794694][ T8194] R13: 00007f28929b6128 R14: 00007f28929b6090 R15: 00007ffc54f93c98
[  320.794714][ T8194]  </TASK>
[  320.794720][ T8194] 
[  321.147506][ T8194] Allocated by task 1:
[  321.151780][ T8194]  kasan_save_track+0x3e/0x80
[  321.156490][ T8194]  __kasan_kmalloc+0x93/0xb0
[  321.161203][ T8194]  __kmalloc_cache_noprof+0x230/0x3d0
[  321.166588][ T8194]  comedi_device_postconfig+0x4a8/0xc90
[  321.172156][ T8194]  comedi_auto_config+0x267/0x380
[  321.177233][ T8194]  comedi_test_init+0x8e/0x110
[  321.182013][ T8194]  do_one_initcall+0x233/0x820
[  321.186804][ T8194]  do_initcall_level+0x137/0x1f0
[  321.191762][ T8194]  do_initcalls+0x69/0xd0
[  321.196109][ T8194]  kernel_init_freeable+0x3d9/0x570
[  321.201323][ T8194]  kernel_init+0x1d/0x1d0
[  321.205700][ T8194]  ret_from_fork+0x3fc/0x770
[  321.210300][ T8194]  ret_from_fork_asm+0x1a/0x30
[  321.215081][ T8194] 
[  321.217410][ T8194] Freed by task 8171:
[  321.221397][ T8194]  kasan_save_track+0x3e/0x80
[  321.226104][ T8194]  kasan_save_free_info+0x46/0x50
[  321.231156][ T8194]  __kasan_slab_free+0x62/0x70
[  321.235936][ T8194]  kfree+0x18e/0x440
[  321.239853][ T8194]  comedi_device_detach+0x372/0x720
[  321.245064][ T8194]  comedi_unlocked_ioctl+0xbd2/0xfc0
[  321.250361][ T8194]  __se_sys_ioctl+0xfc/0x170
[  321.254972][ T8194]  do_syscall_64+0xfa/0x3b0
[  321.259489][ T8194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.265394][ T8194] 
[  321.267729][ T8194] The buggy address belongs to the object at ffff88814b81be00
[  321.267729][ T8194]  which belongs to the cache kmalloc-256 of size 256
[  321.281793][ T8194] The buggy address is located 176 bytes inside of
[  321.281793][ T8194]  freed 256-byte region [ffff88814b81be00, ffff88814b81bf00)
[  321.295603][ T8194] 
[  321.297941][ T8194] The buggy address belongs to the physical page:
[  321.304391][ T8194] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14b81a
[  321.313338][ T8194] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  321.321849][ T8194] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  321.329624][ T8194] page_type: f5(slab)
[  321.333623][ T8194] raw: 057ff00000000040 ffff88801a441b40 dead000000000100 dead000000000122
[  321.342232][ T8194] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  321.350828][ T8194] head: 057ff00000000040 ffff88801a441b40 dead000000000100 dead000000000122
[  321.359514][ T8194] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  321.368209][ T8194] head: 057ff00000000001 ffffea00052e0681 00000000ffffffff 00000000ffffffff
[  321.376891][ T8194] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  321.385572][ T8194] page dumped because: kasan: bad access detected
[  321.392001][ T8194] page_owner tracks the page as allocated
[  321.397729][ T8194] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 25236243480, free_ts 0
[  321.417457][ T8194]  post_alloc_hook+0x240/0x2a0
[  321.422236][ T8194]  get_page_from_freelist+0x21d5/0x22b0
[  321.427803][ T8194]  __alloc_frozen_pages_noprof+0x181/0x370
[  321.433633][ T8194]  alloc_pages_mpol+0x232/0x4a0
[  321.438499][ T8194]  allocate_slab+0x8a/0x3b0
[  321.443018][ T8194]  ___slab_alloc+0xbfc/0x1480
[  321.447706][ T8194]  __kmalloc_cache_noprof+0x296/0x3d0
[  321.453084][ T8194]  bus_add_driver+0x162/0x640
[  321.457779][ T8194]  driver_register+0x23a/0x320
[  321.462578][ T8194]  usb_register_driver+0x1e4/0x390
[  321.467796][ T8194]  do_one_initcall+0x233/0x820
[  321.472575][ T8194]  do_initcall_level+0x137/0x1f0
[  321.477647][ T8194]  do_initcalls+0x69/0xd0
[  321.481993][ T8194]  kernel_init_freeable+0x3d9/0x570
[  321.487211][ T8194]  kernel_init+0x1d/0x1d0
[  321.491558][ T8194]  ret_from_fork+0x3fc/0x770
[  321.496165][ T8194] page_owner free stack trace missing
[  321.501542][ T8194] 
[  321.503874][ T8194] Memory state around the buggy address:
[  321.509597][ T8194]  ffff88814b81bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  321.517669][ T8194]  ffff88814b81be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  321.525739][ T8194] >ffff88814b81be80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  321.533811][ T8194]                                      ^
[  321.539451][ T8194]  ffff88814b81bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  321.547519][ T8194]  ffff88814b81bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  321.555588][ T8194] ==================================================================
[  321.563656][ T8194] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  321.571050][ T8194] CPU: 1 UID: 0 PID: 8194 Comm: syz.5.507 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  321.580902][ T8194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  321.590988][ T8194] Call Trace:
[  321.594279][ T8194]  <TASK>
[  321.597310][ T8194]  dump_stack_lvl+0x99/0x250
[  321.601941][ T8194]  ? __asan_memcpy+0x40/0x70
[  321.606555][ T8194]  ? __pfx_dump_stack_lvl+0x10/0x10
[  321.611774][ T8194]  ? __pfx__printk+0x10/0x10
[  321.616410][ T8194]  panic+0x2db/0x790
[  321.620614][ T8194]  ? __pfx_panic+0x10/0x10
[  321.625059][ T8194]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  321.630986][ T8194]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  321.637387][ T8194]  ? print_memory_metadata+0x314/0x400
[  321.643078][ T8194]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[  321.648505][ T8194]  check_panic_on_warn+0x89/0xb0
[  321.653537][ T8194]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[  321.658982][ T8194]  end_report+0x78/0x160
[  321.663265][ T8194]  kasan_report+0x129/0x150
[  321.667830][ T8194]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[  321.673235][ T8194]  ? remove_wait_queue+0x24/0x120
[  321.678284][ T8194]  __kasan_check_byte+0x2a/0x40
[  321.683155][ T8194]  lock_acquire+0x8d/0x360
[  321.687583][ T8194]  ? task_work_add+0x281/0x420
[  321.692377][ T8194]  _raw_spin_lock_irqsave+0xa7/0xf0
[  321.697617][ T8194]  ? remove_wait_queue+0x24/0x120
[  321.702662][ T8194]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  321.708595][ T8194]  ? __fput_deferred+0x215/0x390
[  321.713552][ T8194]  ? __pfx___fput_deferred+0x10/0x10
[  321.718859][ T8194]  remove_wait_queue+0x24/0x120
[  321.723733][ T8194]  poll_freewait+0xb1/0x240
[  321.728253][ T8194]  do_select+0x172f/0x17e0
[  321.732685][ T8194]  ? do_select+0xbb1/0x17e0
[  321.737216][ T8194]  ? __pfx_do_select+0x10/0x10
[  321.741999][ T8194]  ? rcu_is_watching+0x15/0xb0
[  321.746781][ T8194]  ? trace_sched_exit_tp+0x38/0x120
[  321.752002][ T8194]  ? __schedule+0x16c8/0x4c90
[  321.756695][ T8194]  ? __pfx_pollwake+0x10/0x10
[  321.761390][ T8194]  ? __pfx_pollwake+0x10/0x10
[  321.766084][ T8194]  ? __pfx_pollwake+0x10/0x10
[  321.770783][ T8194]  ? __pfx_pollwake+0x10/0x10
[  321.775501][ T8194]  ? __pfx_pollwake+0x10/0x10
[  321.780212][ T8194]  ? __pfx_pollwake+0x10/0x10
[  321.784912][ T8194]  ? __pfx_pollwake+0x10/0x10
[  321.789602][ T8194]  ? __pfx_pollwake+0x10/0x10
[  321.794294][ T8194]  ? __pfx_pollwake+0x10/0x10
[  321.799000][ T8194]  core_sys_select+0x6dd/0xa20
[  321.803784][ T8194]  ? __pfx_core_sys_select+0x10/0x10
[  321.809102][ T8194]  ? __pfx_set_user_sigmask+0x10/0x10
[  321.814541][ T8194]  __se_sys_pselect6+0x27a/0x300
[  321.819503][ T8194]  ? __pfx___se_sys_pselect6+0x10/0x10
[  321.824979][ T8194]  ? rcu_is_watching+0x15/0xb0
[  321.829764][ T8194]  ? __x64_sys_pselect6+0x21/0xf0
[  321.834807][ T8194]  do_syscall_64+0xfa/0x3b0
[  321.839338][ T8194]  ? lockdep_hardirqs_on+0x9c/0x150
[  321.844653][ T8194]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.850754][ T8194]  ? clear_bhb_loop+0x60/0xb0
[  321.855446][ T8194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.861359][ T8194] RIP: 0033:0x7f289278ebe9
[  321.865789][ T8194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  321.885414][ T8194] RSP: 002b:00007f289352a038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  321.893845][ T8194] RAX: ffffffffffffffda RBX: 00007f28929b6090 RCX: 00007f289278ebe9
[  321.901835][ T8194] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  321.909820][ T8194] RBP: 00007f2892811e19 R08: 0000000000000000 R09: 0000000000000000
[  321.917804][ T8194] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000000
[  321.925786][ T8194] R13: 00007f28929b6128 R14: 00007f28929b6090 R15: 00007ffc54f93c98
[  321.933788][ T8194]  </TASK>
[  321.937175][ T8194] Kernel Offset: disabled
[  321.941506][ T8194] Rebooting in 86400 seconds..