last executing test programs:

1m59.464484325s ago: executing program 3 (id=298):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e2000"], 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0x503, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0)

1m58.189040153s ago: executing program 3 (id=302):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=""/70, 0x46}}], 0x1, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, 0x0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

1m56.279641254s ago: executing program 3 (id=306):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_usb_connect$uac1(0x3, 0x8e, &(0x7f0000000280)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7c, 0x3, 0x1, 0x4, 0xa0, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xfff7, 0x7}, [@output_terminal={0x9, 0x24, 0x3, 0x3, 0x300, 0x3, 0x3, 0xb}, @selector_unit={0x5, 0x24, 0x5, 0x6, 0x2}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0xff, 0xc8, 0x3, {0x7, 0x25, 0x1, 0x0, 0x4, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0xe, 0x1, 0x8, 0x1}, @as_header={0x7, 0x24, 0x1, 0x1, 0xc0, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x50, 0x5, 0x9, 0x41, {0x7, 0x25, 0x1, 0x82, 0xfe, 0x7}}}}}}}]}}, 0x0)

1m51.575725375s ago: executing program 3 (id=319):
syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="8580f83288e1aaaaaaaaaa1c08004515001c00670000000290780a010102e000000111819078e00005272d0001"], 0x0)
execve(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={[&(0x7f00000000c0)='\x00']}, &(0x7f0000000140))
r0 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_msfilter(r0, 0x0, 0x23, &(0x7f0000004b00)=ANY=[@ANYBLOB="e0000808ac1414aa"], 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000040)=ANY=[@ANYBLOB="5c000000210021002cbd7000fedbdf2502141007020000000000010008000100e0000001080006000a0000000c000c40000000000000001e"], 0x5c}, 0x1, 0x0, 0x0, 0x40d5}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc82b00fe8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)

1m48.072849917s ago: executing program 3 (id=325):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
setsockopt$MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000000280)={{0xa, 0x4e20, 0x6, @loopback, 0x7}, {0xa, 0x4e24, 0x9, @mcast2, 0xfff}, 0xffffffffffffffff, {[0x63e, 0x6, 0xec0, 0x5, 0x1, 0xe7, 0x3, 0x5]}}, 0x5c)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pread64(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x7fff)
getpid()
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0)
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r5, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x2, &(0x7f0000000200)=[{0x15, 0x0, 0x1, 0x20000}, {0x1, 0x0, 0x0, 0xfffffffe}]})
process_mrelease(r1, 0x0)
r6 = syz_open_dev$admmidi(&(0x7f0000000000), 0x2, 0x1a9882)
quotactl_fd$Q_GETQUOTA(r6, 0xffffffff80000701, 0xee00, &(0x7f0000000300))
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r6, 0xc0305710, &(0x7f0000000040)={0x0, 0x10002, 0x0, 0x0, 0x9})
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r7, 0x0, 0x60, &(0x7f0000001600)={'filter\x00', 0xb001, 0x4, 0x3d0, 0x0, 0x0, 0x110, 0x2e8, 0x2e8, 0x2e8, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@broadcast, @private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x7, 0xffffffff}}}, {{@uncond, 0xc0, 0xe8, 0x0, {0x0, 0x1e03}}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x6}}}, {{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x8, 0x0, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x420)

1m46.432247222s ago: executing program 3 (id=327):
r0 = syz_io_uring_setup(0x837, &(0x7f0000000180)={0x0, 0x679a, 0x80, 0x4, 0x3cc}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000380)={0x113201, 0x34, 0x1}, &(0x7f00000003c0)='./file0\x00', 0x18, 0x0, 0x12345})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x24, r4, 0x300, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x101}, @NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0x9d}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x24048845)
sendmsg$NL80211_CMD_SET_COALESCE(r3, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000739f546267d62836e84b3d547637c3cdee9f3a02363ba24522c0d72a", @ANYRES16=r4, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r6, @ANYBLOB], 0x28}, 0x1, 0x6c00}, 0x0)
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048001}, 0x2404880d)
r7 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$SIOCGSTAMP(r7, 0x8906, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000feffffffffffffff0000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000140)='uid_map\x00')
r10 = socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000a00)=ANY=[@ANYRES32, @ANYRES8=r10, @ANYBLOB="9795e9fb06333028f37c64dc474dd455cf48ce8414b0dac381aac180b0f55f3a78b2ab809eefe99eda34fec6a1321ffab12feccf17eefa0bc4cd045c144aeb94b8d3ac66d9fa09b563726784572e9ec0b7a1e3b9418452930758a89147a00c0ec02cc0c75f5b818c568ca9811eb15f7b6e38c421db375b01a297e15d7f1a2667f6f770be660296eff6af586bb0d8cff7484bf968c9f4397a10ac4177eabe26fc517eb60408bf7c857735563d6805ed6f85b7f4baa65210d7e4adfe6a9ba933540c9b0181bb96ef501380eff2f78af35a74c05380dcee0e15cd244412facd78a6a99c9feafa67e07dc2a6d6511eee22df9db92703de56d23432420f22c0002be570fb3943b4607f226128e487b6356394549fe0e906014ecaf5cea62e6a0b11a8e6e9f40743776e6694894cdf1c90497ad382d86ab688f24f1ace741907cb280891533a29ec8b3aecbaa32191a6a7febe87ea910624d61e43e3d5e4e0a9612623358edda670586ed3b1ed33e45751cab989726a5803df12065ead5295ee1ce0747ddc05ad332d41c6c5e32bc0c640ca06371c5f6b4de290eeb3e54fdab2c373f4156c1310764f3934016e5187787c5717dc76034946568bab92973799b04520bd5fa6288c1a08db78ba4aebec230e0ac910307a60b96cb7476b32e6823fa4f8d1985b0d7c432bd671ebbcc387fc373c37b08a0e1581d869e5b586b9bdb0aa0122c6fdfc35ca178bdf7f943280f27402fcf6f2483cc9f29ab8534c6317b6aeed8b2618c0f6a67cfa079251312e0e272d5709337d6bdf42df1dfa820b0ed7b461e5b2c8ab8d89191a68dcb6b1a8101b7925cafdb5896dc34c2f0a99273ca99335955370e6973a55fe12bf47b22b2e7eb6f56b0412f2574b1cf07d726ee3d9b68c426c34f30948ed7dec3b5d74f4c70e1791a369ac1c9b2e380594c9403f0bb1d483dae38239655698f4601a69a70951832a95f8255495c9e2408caa009928848a17439c3d62a4c8e3e2383c18564b0fc08ef623c803c3760a7d109ba86b06497601c081efe1624f5caef6c39e975b0f9b411c92c4d6707da5e61d2d34ae4522338db6678f16d5fd5de11a0cc421c29d1986dabbb8a387daee708c7effcd2a26c90e98f77403d3b942ae38433e5aa1aa09624b79999de5b491c72cd7632cfb87cdd6f3a81e77d3c0bfa2c3d1d429fdf994fe9ed9cc89e45c4e4caaebd972a93c00e92003416aeaede6ad57ee20de710d278a35345aed998920f4e066751c373f269ddf600b566ac6b1b079c9528a7423315fc5449ea9913b3d98bbaf767bc0ef16a8e4de9398a8d61bf2a9b65ae6e609705b6e6beaa70f83997bc945fa13082f74b9b9739f96ad039c932dc08e57eaf23e138aaef54042b6cf428f8bd107722b833d6bfbd1fb30053dcf613b5b6eabd14fae1e20ec3cc3f23d0f93469d505ace03b1ad2fa23b25a9b1a7556fb4ad2a9d3a0f04b9b1d66d61a8f07852a67466e35b792d0247d3ac6352a8bb776a22db35efda3f12572d708b00ade11ec67efe9a7ba1be58f6dcc8bb267d84f05f5f6338be7e6102be9f503ca575297c8e84d3fe1c5afb9b0f96a16f3bcee0dc6ccbe7ab38f6dc693f0b5c85a53afaba06d78d5f984da3f62b00699390b3451294844364962fd15dcbeb9849e3ac3384d8293fd508e32870d228c3aba3194e6d5787963a15e0a69a67015cf505258bd1f2047a1c9fc3cc550225fd0e9558c37b712991bf25e0bdcb65f7e1c9f419069ca4680d7734aa477db73d2ec0a30a9f048098158abd27a717186d2a690bd299a17b67207f542991a05951925be69e2afceda7a2def998aad384370408e93e515509dc32b4b47eac411c559e5143e12d90a8f2842772519df5060b4ab6e0634463e2716b5236b05b2ef3b97ccd39f7707fb6218d9adc9834832f67596ea244abb89ea48297c675e6f019949cae1dbf81ed9e5122ed84f616b43f96708fe0c74cdfaa96f2b0b9d0ee516d12c49e34de7e3814a78296c2e4c73d9310b4fb5bbd8aa93f900b113b8ad7efd59fab57eca77d07aed622d3d4a7bdf4fab68411f84d0427df01c3972335e3e70452ef42a25c13acb06411a1a7d4f826429bae1d0276bf3898a868b75c0440c922cfbd93796de35826188b3ed6faefe62648786b585fba168040882b32a2063ab0c043455cb488f388627090dac2947c4869d52cd7b0e4250ff6d61797b20b4a69313ba19c17fedfacf4ce70c83e2ca2825e0c6d93d36cfe971b1e0865dd4c6ef136118786429fa0d28d42bb0054d1476ab7acbadccc3e0ed010f0904c8ac8d6be55110b15f7b45f66c842bca6ca2e97c686f5459e9511286105357e66b2f95e87ebfac3389b3fb70286cbe28af8e3467edd9dc54c15fd44b61342fd38803dbe1a5cccdb78dfade909a3c8ca909c8d968f25db50cc15230c8c82d43f2ed043cc8a9b26c0dfd92a70f3c6acfb8e009f23f261d7957c9d171a843dc3aaef4bcb2326ab2f3fd0488953bddc0dffe62d620cb5bb19a140acf1bc8166ee9422ff6ac10fe9f41b84a7cc129d167a9e0cd93c6d3b0cb5486be7867af8027e0f54a61897a245776b859a2c554ea1b5fcf7557e71414bfa2fbba2b3a248ba6b031b10bce3dfb01fb07733d7ec97aca5db300cf565db1ba01c5a1fe31a07f20d97e592f52b99fd12925906c92bb572eee928f65d4c0ec35dfb49664dbd3c987df63a530b4aed64d83926cb26ba1ae62da7cf03a7ff69d1a1db267dff22286ed80292e527d600fbaad7bcbc94b36643ad1e966c036c2574ca6f1f24984c8e8b3a8e3f778da62a2cd3f9104e02c25dae6f593544848263fb2b06882cb9d507e67766cb7d510c36b6ff0b73fad52cc106d3868eb6885e34dba78afd5af1c8e3c9ee498abe1d37ac60120548beb4a092a43ac23cdff3657794fbed6989cfac1360ae9ed4f0c041c02a4f58a57f9436df0aa426e44ccd5a3350637ae144d3c4feb7581201381fa041ffdf749c9efbdabad4f942fd0af6e32b581b7810324a572c20d8d87e3646a5261e61fcd1e2136b7c7883e75a7a0e3e946e2ae9433d2bd9218c89869b3440c77e4965fa124746f9b20b09453566f58da9fad26c0d92cabed538ee92841c7299367b59281dc51dd1b06b29d856642d918dacb687a4facb65c357d3f9a85e42c2c1367fdf67d383fe14d048e1586d0f532c2071728f227664c8922cd60b2fa30b6e5dbf64a2c7e3bb5bd2c8025eafc3d0e9d47b4c21703f8c3f04040b06cb74a2ba00b62069aa44fa6bac937fe51755ac5c87b1df1b6cca402266e369927fab7e009d54dbc694f9c373bf5c3d9e7314b3a298c0ccf5bc991974a3b49371af70f306629034c26a9890a10bb73f406345d45b5aa11f218e5b7d41a8681b4168cb05cd2074a01fdc44e76ea7bee5b1baa482b2dc67cde4575d0c6efb88d78e7211b0840bdaaf846f927a7ad78881dc19a582127979209dc6e98eb41d0e2455f14ad53ec9aa4a9fe47f626b7a141f9e7a814db4d697b34700e024c3bd020e6a4c8fc78fa03f0f8e6d2680d8b240fcf005ab50861f31c946b490c09792c7823464b8fcb8055a983eb6dc914af53afcdab22e0ddc1038e5e1a1ea0b2933d55be88585c4cc94ab3808b623a6cfed229a780a389a178570d54402f6d285a63bd2f672bd7fd83081c12e1d2f28ef91bf19ae16020e7a2ba4dc077f6900a9eb2528baf07f4a69a2a333c7cbe95b204829434af90ea4cfadec8d8fb3337b598f5442fd5d9af1346e60e9ded52eed217b6ba5fa35cd439ac80dde29ef8957481d4592d672fb64ad02340c4c798e3c1613216c245bcc4401e785bbf457349031d2e989bafbbae681f1ed16bf98a0a462ad600c2e4cd4762e5941ba7ce93cab8244529255e520a76b16d268955b6c5d9c47a45c88798a2336b98a834dba47480d6238dc3030cc299aeb1a44108cae43cba0d7fce92af262f68a71672b0874b1ca3987bf184c4b6488363855abfe739a77520b2cbf15171271821c4f33d31be6fda3e6cbf9bbcdfad09664d7a9c7010ba2cd87944005c6ea9f4aa210e4a481f7bb1c68cb485122716b398f47a4eb3ac4d372ed84d77ec1691ee5eec5a30657285f2454300fbf9cc9a586cd5638d3ad9e28ed0e3a59530af779e64e7b56a915515405e4fd25a5b4cee1eea3d47322b3fd17a45ae405ea259dfc6dce2ac9e59203e0cba6921c944ed2a6921b48268ce8d59ce91129edffcf154122110ea51a15e14ccbc8a275fa52a296a2fa6197c0d1aa534129044dfa67d383d2e3b6c0f367db58241e32cf9a290e2f10690ef3e034c12095e315f5d6b2dfa3140cb70afa1b6261dac52dee33ff302ba1d4114baa6ae02cdf5825399999003b1fe980568c233657796175784fdda7b3b192aabd5a54f3993ea0d6d1a40c53190260aa8c3a87989d6950bbf8f9027ff0fae2e0c7c036ccecf618437d775eff81a41f71e98ff664f8a9cdd50a5c428dfdca1ef67bc6ad271582bfcc3a4759b34e155b11582fa5334563c005ad17d2e227faa87c9985d104e3141e921428b42efa86cbab53dd235ce83dcc14d484358e3fa0a095f6b241b24b090ef18c2a381e7f931faafb59084265f12b0f8787f00484a20cefe4d308375db871c2d7433eec6aa4812350211819c798d30076495e15d5b8df302f4f307eee7a91438e9bde2bf6b5cc5d6628716694091f9d10afbd34d1912acb50ab9e7e0fc1e6f47ac3a92d8a6d5c51fa8756ed247f71ae0a594105170e887fdcc3e9bf7efcd6eaee037213603d34e06404a26155d11ad1079ecea63f334670373a7d533975663ae6eb5bf80a61610ee93b72000673b5308fc9dce635bafaca6f5c296eb703d58deb226fb310191a51ca96adaacbfc4db88707412a4ab3ed05d9593a4701ccf7000a7402722dca0b8c211b7d8d204bdf67e336991f6789ce70968ea1f7cfd6c1a39296ee53742d66449c4edaa0d79f391eb029f4dea44de9587ea9f8302f742b8562917f69ead21e6298f9255d3d41b596688c111fdb0e78f446041e2fbd227cd9ea9be75b82a4e3a816c252104a950dadd7dc6e85be12fdf3e94efe0d4fa6330c9de0c5ff57e3a0cfe6668deb49d8645cefcc6540d084cef411cc32a92e4e83bfa8722cc4d8fbc54973439f41e49c2ea5841811a223c94b27c099c5c2f739e70fa7b97d72ba4beb506a529cde2dffa3556de51b879adf72acb9541b9edf5f99eeca29ca17061f3a5156929380e818794edcc8c92264a2c4d7ab1f8946e96bd21e5d935b5b2caa5e793f60f2d8b15288f0f90cf3f26c10aad24c57e76983398e5dde41361bc386fbb7ff8df29aa19dacccffd523eb1e9224e10b4a75f023966b74650add43f3005e428723dc3d94ef79d89d3574a664924eb7e86afe08715cd4cabe1cba0ba6a6baccd26a60076c8a36515e1f2a26fc233ad95b57749d1a58869ad810fbed18ddbdf94df19163fe7bb6ba948de449a163d284a3ef9deaa3ba9a3c9f2db9d0e552a71f152ae5fa42024efa080787027db72bf499a3c28dbc75e0bc4163440757ef26b24f31ff59cc17d7f7bf65ee4e03e4173bfb09d0aca014f31d191713a6f4f6306d340f41401d510da4480b2fe1258e9e16144052117cbe0367514fdb295f998328db4e81df18033cdabc2c3a9a8f731b95b4bcb42c4e188c6edb5505fe54cd1e940ebe58eedd38691e26ba286bd5be516a1428fbaa9d762a97ee6f89330538e3ef77b8f441ec704ff37ca63528f6e005379cc26bde0a8bf0844d9fa8a1716f1f70d265f81f5351c3b80057", @ANYRESOCT], 0x20)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e24, @multicast1}, 0x10)
connect$inet(r8, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r8, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
recvmmsg(r8, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000003780)=[{&(0x7f0000003740)=""/4, 0x4}], 0x1}}], 0x1, 0x40000121, 0x0)

1m31.126598843s ago: executing program 32 (id=327):
r0 = syz_io_uring_setup(0x837, &(0x7f0000000180)={0x0, 0x679a, 0x80, 0x4, 0x3cc}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000380)={0x113201, 0x34, 0x1}, &(0x7f00000003c0)='./file0\x00', 0x18, 0x0, 0x12345})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x24, r4, 0x300, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x101}, @NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0x9d}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x24048845)
sendmsg$NL80211_CMD_SET_COALESCE(r3, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000739f546267d62836e84b3d547637c3cdee9f3a02363ba24522c0d72a", @ANYRES16=r4, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r6, @ANYBLOB], 0x28}, 0x1, 0x6c00}, 0x0)
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048001}, 0x2404880d)
r7 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$SIOCGSTAMP(r7, 0x8906, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000feffffffffffffff0000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000140)='uid_map\x00')
r10 = socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000a00)=ANY=[@ANYRES32, @ANYRES8=r10, @ANYBLOB="9795e9fb06333028f37c64dc474dd455cf48ce8414b0dac381aac180b0f55f3a78b2ab809eefe99eda34fec6a1321ffab12feccf17eefa0bc4cd045c144aeb94b8d3ac66d9fa09b563726784572e9ec0b7a1e3b9418452930758a89147a00c0ec02cc0c75f5b818c568ca9811eb15f7b6e38c421db375b01a297e15d7f1a2667f6f770be660296eff6af586bb0d8cff7484bf968c9f4397a10ac4177eabe26fc517eb60408bf7c857735563d6805ed6f85b7f4baa65210d7e4adfe6a9ba933540c9b0181bb96ef501380eff2f78af35a74c05380dcee0e15cd244412facd78a6a99c9feafa67e07dc2a6d6511eee22df9db92703de56d23432420f22c0002be570fb3943b4607f226128e487b6356394549fe0e906014ecaf5cea62e6a0b11a8e6e9f40743776e6694894cdf1c90497ad382d86ab688f24f1ace741907cb280891533a29ec8b3aecbaa32191a6a7febe87ea910624d61e43e3d5e4e0a9612623358edda670586ed3b1ed33e45751cab989726a5803df12065ead5295ee1ce0747ddc05ad332d41c6c5e32bc0c640ca06371c5f6b4de290eeb3e54fdab2c373f4156c1310764f3934016e5187787c5717dc76034946568bab92973799b04520bd5fa6288c1a08db78ba4aebec230e0ac910307a60b96cb7476b32e6823fa4f8d1985b0d7c432bd671ebbcc387fc373c37b08a0e1581d869e5b586b9bdb0aa0122c6fdfc35ca178bdf7f943280f27402fcf6f2483cc9f29ab8534c6317b6aeed8b2618c0f6a67cfa079251312e0e272d5709337d6bdf42df1dfa820b0ed7b461e5b2c8ab8d89191a68dcb6b1a8101b7925cafdb5896dc34c2f0a99273ca99335955370e6973a55fe12bf47b22b2e7eb6f56b0412f2574b1cf07d726ee3d9b68c426c34f30948ed7dec3b5d74f4c70e1791a369ac1c9b2e380594c9403f0bb1d483dae38239655698f4601a69a70951832a95f8255495c9e2408caa009928848a17439c3d62a4c8e3e2383c18564b0fc08ef623c803c3760a7d109ba86b06497601c081efe1624f5caef6c39e975b0f9b411c92c4d6707da5e61d2d34ae4522338db6678f16d5fd5de11a0cc421c29d1986dabbb8a387daee708c7effcd2a26c90e98f77403d3b942ae38433e5aa1aa09624b79999de5b491c72cd7632cfb87cdd6f3a81e77d3c0bfa2c3d1d429fdf994fe9ed9cc89e45c4e4caaebd972a93c00e92003416aeaede6ad57ee20de710d278a35345aed998920f4e066751c373f269ddf600b566ac6b1b079c9528a7423315fc5449ea9913b3d98bbaf767bc0ef16a8e4de9398a8d61bf2a9b65ae6e609705b6e6beaa70f83997bc945fa13082f74b9b9739f96ad039c932dc08e57eaf23e138aaef54042b6cf428f8bd107722b833d6bfbd1fb30053dcf613b5b6eabd14fae1e20ec3cc3f23d0f93469d505ace03b1ad2fa23b25a9b1a7556fb4ad2a9d3a0f04b9b1d66d61a8f07852a67466e35b792d0247d3ac6352a8bb776a22db35efda3f12572d708b00ade11ec67efe9a7ba1be58f6dcc8bb267d84f05f5f6338be7e6102be9f503ca575297c8e84d3fe1c5afb9b0f96a16f3bcee0dc6ccbe7ab38f6dc693f0b5c85a53afaba06d78d5f984da3f62b00699390b3451294844364962fd15dcbeb9849e3ac3384d8293fd508e32870d228c3aba3194e6d5787963a15e0a69a67015cf505258bd1f2047a1c9fc3cc550225fd0e9558c37b712991bf25e0bdcb65f7e1c9f419069ca4680d7734aa477db73d2ec0a30a9f048098158abd27a717186d2a690bd299a17b67207f542991a05951925be69e2afceda7a2def998aad384370408e93e515509dc32b4b47eac411c559e5143e12d90a8f2842772519df5060b4ab6e0634463e2716b5236b05b2ef3b97ccd39f7707fb6218d9adc9834832f67596ea244abb89ea48297c675e6f019949cae1dbf81ed9e5122ed84f616b43f96708fe0c74cdfaa96f2b0b9d0ee516d12c49e34de7e3814a78296c2e4c73d9310b4fb5bbd8aa93f900b113b8ad7efd59fab57eca77d07aed622d3d4a7bdf4fab68411f84d0427df01c3972335e3e70452ef42a25c13acb06411a1a7d4f826429bae1d0276bf3898a868b75c0440c922cfbd93796de35826188b3ed6faefe62648786b585fba168040882b32a2063ab0c043455cb488f388627090dac2947c4869d52cd7b0e4250ff6d61797b20b4a69313ba19c17fedfacf4ce70c83e2ca2825e0c6d93d36cfe971b1e0865dd4c6ef136118786429fa0d28d42bb0054d1476ab7acbadccc3e0ed010f0904c8ac8d6be55110b15f7b45f66c842bca6ca2e97c686f5459e9511286105357e66b2f95e87ebfac3389b3fb70286cbe28af8e3467edd9dc54c15fd44b61342fd38803dbe1a5cccdb78dfade909a3c8ca909c8d968f25db50cc15230c8c82d43f2ed043cc8a9b26c0dfd92a70f3c6acfb8e009f23f261d7957c9d171a843dc3aaef4bcb2326ab2f3fd0488953bddc0dffe62d620cb5bb19a140acf1bc8166ee9422ff6ac10fe9f41b84a7cc129d167a9e0cd93c6d3b0cb5486be7867af8027e0f54a61897a245776b859a2c554ea1b5fcf7557e71414bfa2fbba2b3a248ba6b031b10bce3dfb01fb07733d7ec97aca5db300cf565db1ba01c5a1fe31a07f20d97e592f52b99fd12925906c92bb572eee928f65d4c0ec35dfb49664dbd3c987df63a530b4aed64d83926cb26ba1ae62da7cf03a7ff69d1a1db267dff22286ed80292e527d600fbaad7bcbc94b36643ad1e966c036c2574ca6f1f24984c8e8b3a8e3f778da62a2cd3f9104e02c25dae6f593544848263fb2b06882cb9d507e67766cb7d510c36b6ff0b73fad52cc106d3868eb6885e34dba78afd5af1c8e3c9ee498abe1d37ac60120548beb4a092a43ac23cdff3657794fbed6989cfac1360ae9ed4f0c041c02a4f58a57f9436df0aa426e44ccd5a3350637ae144d3c4feb7581201381fa041ffdf749c9efbdabad4f942fd0af6e32b581b7810324a572c20d8d87e3646a5261e61fcd1e2136b7c7883e75a7a0e3e946e2ae9433d2bd9218c89869b3440c77e4965fa124746f9b20b09453566f58da9fad26c0d92cabed538ee92841c7299367b59281dc51dd1b06b29d856642d918dacb687a4facb65c357d3f9a85e42c2c1367fdf67d383fe14d048e1586d0f532c2071728f227664c8922cd60b2fa30b6e5dbf64a2c7e3bb5bd2c8025eafc3d0e9d47b4c21703f8c3f04040b06cb74a2ba00b62069aa44fa6bac937fe51755ac5c87b1df1b6cca402266e369927fab7e009d54dbc694f9c373bf5c3d9e7314b3a298c0ccf5bc991974a3b49371af70f306629034c26a9890a10bb73f406345d45b5aa11f218e5b7d41a8681b4168cb05cd2074a01fdc44e76ea7bee5b1baa482b2dc67cde4575d0c6efb88d78e7211b0840bdaaf846f927a7ad78881dc19a582127979209dc6e98eb41d0e2455f14ad53ec9aa4a9fe47f626b7a141f9e7a814db4d697b34700e024c3bd020e6a4c8fc78fa03f0f8e6d2680d8b240fcf005ab50861f31c946b490c09792c7823464b8fcb8055a983eb6dc914af53afcdab22e0ddc1038e5e1a1ea0b2933d55be88585c4cc94ab3808b623a6cfed229a780a389a178570d54402f6d285a63bd2f672bd7fd83081c12e1d2f28ef91bf19ae16020e7a2ba4dc077f6900a9eb2528baf07f4a69a2a333c7cbe95b204829434af90ea4cfadec8d8fb3337b598f5442fd5d9af1346e60e9ded52eed217b6ba5fa35cd439ac80dde29ef8957481d4592d672fb64ad02340c4c798e3c1613216c245bcc4401e785bbf457349031d2e989bafbbae681f1ed16bf98a0a462ad600c2e4cd4762e5941ba7ce93cab8244529255e520a76b16d268955b6c5d9c47a45c88798a2336b98a834dba47480d6238dc3030cc299aeb1a44108cae43cba0d7fce92af262f68a71672b0874b1ca3987bf184c4b6488363855abfe739a77520b2cbf15171271821c4f33d31be6fda3e6cbf9bbcdfad09664d7a9c7010ba2cd87944005c6ea9f4aa210e4a481f7bb1c68cb485122716b398f47a4eb3ac4d372ed84d77ec1691ee5eec5a30657285f2454300fbf9cc9a586cd5638d3ad9e28ed0e3a59530af779e64e7b56a915515405e4fd25a5b4cee1eea3d47322b3fd17a45ae405ea259dfc6dce2ac9e59203e0cba6921c944ed2a6921b48268ce8d59ce91129edffcf154122110ea51a15e14ccbc8a275fa52a296a2fa6197c0d1aa534129044dfa67d383d2e3b6c0f367db58241e32cf9a290e2f10690ef3e034c12095e315f5d6b2dfa3140cb70afa1b6261dac52dee33ff302ba1d4114baa6ae02cdf5825399999003b1fe980568c233657796175784fdda7b3b192aabd5a54f3993ea0d6d1a40c53190260aa8c3a87989d6950bbf8f9027ff0fae2e0c7c036ccecf618437d775eff81a41f71e98ff664f8a9cdd50a5c428dfdca1ef67bc6ad271582bfcc3a4759b34e155b11582fa5334563c005ad17d2e227faa87c9985d104e3141e921428b42efa86cbab53dd235ce83dcc14d484358e3fa0a095f6b241b24b090ef18c2a381e7f931faafb59084265f12b0f8787f00484a20cefe4d308375db871c2d7433eec6aa4812350211819c798d30076495e15d5b8df302f4f307eee7a91438e9bde2bf6b5cc5d6628716694091f9d10afbd34d1912acb50ab9e7e0fc1e6f47ac3a92d8a6d5c51fa8756ed247f71ae0a594105170e887fdcc3e9bf7efcd6eaee037213603d34e06404a26155d11ad1079ecea63f334670373a7d533975663ae6eb5bf80a61610ee93b72000673b5308fc9dce635bafaca6f5c296eb703d58deb226fb310191a51ca96adaacbfc4db88707412a4ab3ed05d9593a4701ccf7000a7402722dca0b8c211b7d8d204bdf67e336991f6789ce70968ea1f7cfd6c1a39296ee53742d66449c4edaa0d79f391eb029f4dea44de9587ea9f8302f742b8562917f69ead21e6298f9255d3d41b596688c111fdb0e78f446041e2fbd227cd9ea9be75b82a4e3a816c252104a950dadd7dc6e85be12fdf3e94efe0d4fa6330c9de0c5ff57e3a0cfe6668deb49d8645cefcc6540d084cef411cc32a92e4e83bfa8722cc4d8fbc54973439f41e49c2ea5841811a223c94b27c099c5c2f739e70fa7b97d72ba4beb506a529cde2dffa3556de51b879adf72acb9541b9edf5f99eeca29ca17061f3a5156929380e818794edcc8c92264a2c4d7ab1f8946e96bd21e5d935b5b2caa5e793f60f2d8b15288f0f90cf3f26c10aad24c57e76983398e5dde41361bc386fbb7ff8df29aa19dacccffd523eb1e9224e10b4a75f023966b74650add43f3005e428723dc3d94ef79d89d3574a664924eb7e86afe08715cd4cabe1cba0ba6a6baccd26a60076c8a36515e1f2a26fc233ad95b57749d1a58869ad810fbed18ddbdf94df19163fe7bb6ba948de449a163d284a3ef9deaa3ba9a3c9f2db9d0e552a71f152ae5fa42024efa080787027db72bf499a3c28dbc75e0bc4163440757ef26b24f31ff59cc17d7f7bf65ee4e03e4173bfb09d0aca014f31d191713a6f4f6306d340f41401d510da4480b2fe1258e9e16144052117cbe0367514fdb295f998328db4e81df18033cdabc2c3a9a8f731b95b4bcb42c4e188c6edb5505fe54cd1e940ebe58eedd38691e26ba286bd5be516a1428fbaa9d762a97ee6f89330538e3ef77b8f441ec704ff37ca63528f6e005379cc26bde0a8bf0844d9fa8a1716f1f70d265f81f5351c3b80057", @ANYRESOCT], 0x20)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e24, @multicast1}, 0x10)
connect$inet(r8, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r8, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
recvmmsg(r8, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000003780)=[{&(0x7f0000003740)=""/4, 0x4}], 0x1}}], 0x1, 0x40000121, 0x0)

15.187934695s ago: executing program 2 (id=598):
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=""/156, 0x9c}], 0x1}, 0x0)
set_mempolicy(0x6, &(0x7f0000000080)=0x9, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = fsopen(&(0x7f00000002c0)='gadgetfs\x00', 0x1)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x10c, 0x0, 0x0, 0x4)
r2 = socket$kcm(0x10, 0x8, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4000044)
socket$key(0xf, 0x3, 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x10040104)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005240), 0x0, 0x401eb94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000015000103000000", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, 0x0, 0x24000010)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
fsmount(r0, 0x0, 0x0)

14.212680626s ago: executing program 2 (id=602):
mmap(&(0x7f000015a000/0x2000)=nil, 0x2000, 0xe, 0x31, 0xffffffffffffffff, 0x7d992000)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0xfffffffffffffa8a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r3 = fanotify_init(0xf00, 0x40000)
r4 = io_uring_setup(0xab1, 0x0)
io_uring_register$IORING_REGISTER_PBUF_STATUS(r4, 0x1a, &(0x7f0000000040), 0x1)
readv(r3, &(0x7f0000000940)=[{&(0x7f0000001080)=""/4096, 0x1000}], 0x1)
fanotify_mark(r3, 0x105, 0x4000997d, r2, 0x0)
mkdirat(r2, &(0x7f0000000000)='./file0\x00', 0x100)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
connect$inet6(r1, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000002c0), 0x220, 0x100, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="41d8edff000000001009000084000000050100", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000240), 0x800, r5}, 0x38)
setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e21, @multicast2}}}, 0x84)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000001080)=@mangle={'mangle\x00', 0x64, 0x6, 0x6a0, 0x2d8, 0xd0, 0x0, 0x3f0, 0x2d8, 0x5d0, 0x5d0, 0x5d0, 0x5d0, 0x5d0, 0x6, 0x0, {[{{@uncond, 0x11e, 0xa8, 0xd0, 0x1f000000, {0x0, 0x7}}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x400, 0x5}}}, {{@ipv6={@rand_addr=' \x01\x00', @dev, [0x0, 0x0, 0x0, 0xff], [], 'batadv_slave_0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x1e0, 0x208, 0x7400, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@dev, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @private2, @private1, @dev={0xfe, 0x80, '\x00', 0x39}, @loopback, @mcast2, @local, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, @loopback, @local, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3f0}}, {{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x68}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @inet=@TOS={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x700)
socket$inet_udp(0x2, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)

12.367378595s ago: executing program 1 (id=607):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
munlockall() (async)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000300)={{0x2, 0x2, 0x0, 0x0, 0x10}})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0x4018aee2, &(0x7f0000000040)=""/23) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f00000001c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x88) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]}) (async)
r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00') (async)
link(&(0x7f0000000100)='./file1\x00', &(0x7f0000000180)='./file0\x00') (async)
creat(&(0x7f0000000880)='./file0\x00', 0x0)

11.179608583s ago: executing program 1 (id=610):
syz_open_dev$vbi(&(0x7f0000004b00), 0x1, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0x8, &(0x7f00000004c0)={0x100000004f0d, 0x5}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x7)
socket(0x11, 0xa, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x4)
socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000000)=0xc)
setreuid(0x0, r2)
write(r1, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x410000, 0x0)
ioctl$SNAPSHOT_GET_IMAGE_SIZE(r5, 0x8008330e, 0xffffffffffffffff)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r7 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r6, 0x0, 0x8}, 0x18)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_ro(r8, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r9, &(0x7f00000000c0)=0x4, 0x12)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r9, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="40000000091404002dbd7000fedb00000008000100000000000800015fd73af822adf0eb630000080001000000ca00"/64], 0x40}}, 0x20008011)
openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x82, 0x0)

9.466491146s ago: executing program 5 (id=614):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
unshare(0x8020000)
r0 = getpgid(0x0)
syz_open_procfs$userns(r0, &(0x7f0000000740))
semget$private(0x0, 0x4000, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000", 0xe)
r3 = accept$alg(r2, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="05000000010000004000000040"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r4}, &(0x7f0000000000), &(0x7f0000000040)='%pK    \x00'}, 0x20)
sendmsg$alg(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0)
write$binfmt_script(r3, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0xc8}, {&(0x7f0000000140)}, {&(0x7f0000000300)=""/225, 0xe1}, {&(0x7f0000000400)=""/41, 0x29}, {0x0}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0x7b, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0x18}}], 0x2, 0xcb, 0x0)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r5, &(0x7f0000000040)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x40)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)={0x1c, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x8, 0x11, 0x0, 0x1, [@typed={0x4, 0xc}]}]}, 0x1c}], 0x1}, 0x300)

9.168560975s ago: executing program 4 (id=616):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_begin\x00', r0, 0x0, 0x5}, 0x18)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x80800, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r1, 0x8002f515, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611934000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f0000002d00)=[{{0x0, 0x0, &(0x7f0000004940)=[{0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000003740)=""/4096, 0x1000}], 0x5}, 0x2}], 0x1, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000001600)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001098b7500090583"], 0x0)
syz_usb_disconnect(0xffffffffffffffff)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)

8.710370252s ago: executing program 1 (id=618):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xcc, 0xc, 0x0, 0xffffffffffffffff, 0x1}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x4, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffc}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={r3, 0x0, 0x0}, 0x10)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x2)
r4 = fcntl$dupfd(r0, 0x406, r0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000480))

8.345704259s ago: executing program 5 (id=619):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000300), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="000000000000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000100000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
r1 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000140)={'vxcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x1, {0x2, 0xd439cb9668a1a235}, 0xff}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4b, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f0000000580)=@canfd={{0x1}, 0xf6, 0x0, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000004e2f9663a918fa1efd9b0b"}, 0x48}, 0xee, 0x0, 0x0, 0x40041}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
r6 = socket(0x10, 0x3, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d40)=@newqdisc={0x3a8, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x378, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x64, 0x2, 0x3, 0x17, 0xd, 0x8, 0x1}}, @TCA_CHOKE_MAX_P={0x8, 0x3, 0x2}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x104, 0x2, "dc542b4e237011fb38ddb228806571a8633206e26df63a43bbc516382325dedd79c1cf0a26379dfaf72cb5ab9ab7efe16f312ee9ab598d1ac0d7903ac69c51f1b6842ebecf00dec5deff737b59f0c1f0b57cc6c2b7b8c5b2c527aafa57222f4bd2355ccab39fa20d4033b6b687491532080101805feb9c6fa8a56a77186efcb394ce1a1cd7f2130835e3bf9e3ac25d0a102a808be13beb51f37da6d10046f131834545ee5013f43e41e91eb18a12c28540ab4106286e0f7568f6a9cd0c0da51df08e42848096b25d455ebec9adfd6e493d8c9725bc2d49bbbae0a5375b359f91d9dad20ed109ffbc52469cffd2cf5df7773f7a4c72ae167485315c326281efc4"}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x104, 0x2, "a2a88faa7ec665a571a9ad3d1f9512e3c591df4a4554c6c2e2cc6cb4d9aee4579684743ad4888f1522a47ddaff3d4f9450d288e8559bc4f795aa0d1bc74d926038adb808cba6e90535b2eb8ba3e8ff927207d17a86b10d604e77a459df67e7f0c842d463ca5977b7e2eb55fbb9881d15633717817c735da52a1da7d64bb22e58550d8ee20883e41ec2f119a6a6364d68900c1cce4a3b3225a9ce9e1e00b444e9e7bcd10e1dec202ce7786aa7cf10d4dd6bbcee586d7903a6239ff90b49cd7fddb0c67ddab326cdb2d0fa48a783f691be9ebaa1243b21afd04a372650aa7eb46a2675cc67ae12d3b99c9acb4d9fb7c78081d269b443affd86eededd4867311221"}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_STAB={0x104, 0x2, "554b956aa3fcfbc4a187baf0437163b5d33108db016465f92a93480d2c246d90f03741da6ee916f7c9917dbd81da67d6150151679559af8402b932745d19fbfbd679c133c4714565f91cd05790d990818bac85598b6a844cb2c2d277aaca9a88ee0e6a834ba02b4e549f11fb13e9fe33730c55997f2d3b7e6469210db81587fc522295f49a78f4e08ddfb01172b12a19b303a0c47fa3500cdc3e6725a79dcd3731c37083c3bbe73c43e7e2ea82c72986a1499c677c565ea1cfc874e7e978e4ebe8d338f0b37807d40333ee570133982998623ec809826f1009856a9d9d8e839c65d3ead78c6b3cb8f7beee8e59f19de93d06628a2cdfa4333d96882b96c36cc3"}]}}]}, 0x3a8}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x470bd2d, 0xfffffffd, {0x60, 0x0, 0x0, r9, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0xe}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000040}, 0x44080)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4000)
r10 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r10, &(0x7f0000000040)=ANY=[@ANYBLOB='lock io'], 0xc)
write$vga_arbiter(r10, &(0x7f0000000100)=@other={'unlock', ' ', 'io+mem'}, 0xe)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r11}, 0x10)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

8.344658593s ago: executing program 2 (id=620):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0)
close(0xffffffffffffffff)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="02070009"], 0x10}}, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f00000003c0)={0x0, @phonet={0x23, 0x6, 0x8, 0x9}, @rc={0x1f, @none, 0x7f}, @generic={0x23, "22f2b6cd499d85be3d9ff743adbc"}, 0x8, 0x0, 0x0, 0x0, 0xffff, &(0x7f0000000200)='veth1_virt_wifi\x00', 0x97f, 0x6, 0x984})
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair(0x1e, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000004e40)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="000000000000000000000b000000000000000000be18fed03ec49efc5bee411014dad274ff530305b9d08dfb3771aabbb2f0e8f894a8da491d16effd577f0490ebf19f9bde8bc3310b9398861423b81a5a0371564015def767a9058c1176dc67ab028e81c472b4960d5746f4cf4356c5a13c3932e4243b663860f7e32916f90b26b3203753354292029394adbc5c57db84e2116f4c560c278713689450ffedb214c8de722e9dd5cc6b6368198b7e6481997225b53990f6fd80f968fedb0acc8b7559cacd921f69fe7161cc7ad4", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b000000000000000000", @ANYBLOB='\x00\x00\x00@\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/11], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0xa, 0x20}, {}, {}, {0x18, 0x2, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg(r3, &(0x7f0000004d00)=[{{&(0x7f0000000540)=@in6={0xa, 0x4e24, 0x7, @private1, 0x3}, 0x80, &(0x7f0000000900)=[{&(0x7f00000005c0)="41c523ad8e09424710361ad46eb1ef29101a73417911c1f137a7e425c3e6e0af0c6bbacc47f2c9db4f3478adbc0255c382a7ca3ca46a8f42b525642401ea6a19a436e522ea6617a01c24465fbdba4a7bcf0182a4719076", 0x57}, {&(0x7f0000000300)="cb1c8355fc24ba74221a5290fad9f4dcdc039e6a292c521344dfb180cbf524587b66292477bda5e8", 0x28}, {&(0x7f0000000440)="c5f0704aac6cc1d411954acbb74d214c136fb8c003f9e581d5d74bec6f7b55", 0x1f}, {&(0x7f00000004c0)="070660cfcaf623c398000dc100", 0xd}, {&(0x7f0000000640)="7d4f01290d8dcb2a98ae0da6610b3bd9d60ea7bce75dcdbb68652ab26caefd4945c9b7912c9641b17661301f1ac1f90a996c45c781152c6fa940b1892d0839c1275501d035c728626315516e0dd788c38f40caa6b704d50f66ab5b395dc06b94cf11082efa090462312a6f0a90a304523eee3a82a5f2323199d6b50b2a60efad507985713248554b28dffd6a150ab1b29978f5f9e28b8c3ac2549d5b902e11a7bfd8d8d082fbfd6e98f9e076b3118ec1998b6eb177a6d2da3b62b36428ff8ff1218fdb646fd5372b09e658437c5a03ac4f817245f6e1e377235f53acac3fd6fccb4f23", 0xe3}, {&(0x7f00000009c0)="22bdd45ec120c5c22f1fdc821c59f1bd0db7d5408ca390ed3538551696c3f499448be49c371f5d089b0e9e5de3a1faf63d4e3d971da0c5fb96a4827acd0f0c54d11e3e6c713c8f9b7f907926495b87c4ee599c693f1be28a44262d8b2212101e9bebad4837f437ea9f0c008e63790565c28c133f60994947f3a5f9618c1e763474851ac19a9884f7b017ca270859fce73548c175cefeebc966320742b9cc902d750937875dac8a24520dcedb8e88e165ba9e0585d3ea26ca", 0xb8}, {&(0x7f0000000800)="19b5e9926699e47b88", 0x9}], 0x7}}, {{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000a80)="f5f2ac3e33eb277fb36d21efc5d280f8407093745d8682e6a61d7fab1bc86a4055078820712bfaaeb0b195e8e6ea456175e69646e14cfc1b5a45769613567719ef9583dfe6029d8cd5e165915539a5a3054d39dd46b931714962a7f521e80e2c32f399625ec270def8e016d1ded49032f6d949ca1f6efaf4261e9cc08bec07ee2fe68ee31ee91be9f6ba9388a30a37507d1f2edd5c9b3a450ce595bd0c974c2d8e5bec0834e234ebba0a37dbf0cd1d5b01b87106d18f5b", 0xb7}, {&(0x7f0000000b40)="c2a58521c9b4a11e737b43efddea447407468141f5e182b835f03e98aba9f195e8c0e5d4ff9e4d093be2bc9d1f49e8118bb5c4e67a62cfacc35009c71eb456f4e1c1ae8dd4f4d3c06cee6775008fd7c1d50a562e406abf24edb542961c51eebdfdc4f418116e32c31585a78f1f589bb148e09bc819e3c5c639d175bc54daab1bc79f999984be566ec822d31b0e50b8b6d5a4a8ba164ff1bf177fdc559b976d4b95762017d33012b7c5dfb021f49424ae8ba78412099e0796626f998acc57373b5d70d48b2412a53ccf2bad96925a47d2cadc9687b8561251124606dcbe7aab167f56b7c3e7b9", 0xe6}, {&(0x7f0000000c40)="ecea14717ad2af7682f244ed62c3524f85", 0x11}, {&(0x7f0000000c80)="d022da684077fe6c7a3fa3b2684420cdf258c1abbd3b29a34381b02ac84d622e4a5c8004a2c612bb1c2ade40f9df973515e90d7872050b018bc05f1a5a7da74b6881dd497554d0e608c648b1291396db5e14f03e29b554873680f136a062ed90c22a6f46cdbb6ef968731920d4ea8b57921feca9c72b261f5328ff5343fbb0c6a7b6483c6c33a897f5724ea89f8c14c1d9ae954191e44da29e7340012fbcb79696c903a06f1501720b419dfe4b6a03d54e048e3b5a49a01014a1a52c226632079bb1a45aa670", 0xc6}, {&(0x7f0000000e80)="a590b6d39b94387d08cc24445b1aed99f83c83b077aab1ec9fbd69dd330ea1a7eb9530f949a469935b10a8d48f5c67ec07a7b558a61b85badd79a5976b017120565db4ae48bd9ebeb139ab471507316253886dd1d63f14f311f48236aa4318", 0x5f}, {&(0x7f0000000f00)="9349b2684c2404ef09a7adfd62383c59", 0x10}, {&(0x7f0000000f40)="19dd42fb7eca840a51388fe6ad684e3cb2930673b8b93943712ce8c0384f83b96ed1fc44d695c34a7e082854f46d7a8f3fd8d53631b6c80eb14f7c21a8095f6c9634482708ac8f9b2bc46c5d63e210e01afaafb942fd0053ad0b66a1369eb266aac818ce8f57ef1fb842755edf2e69a5bd476d589e0df79e556c32302f5240e18655c30c02522f725a0f42d7b62bd3b2868aa34df9", 0x95}, {&(0x7f0000001000)="89d31826df622c90ef6ee398cf6bbedddfd94407c15e56cb85fb6aa275621298495d926703140c4ee43cd6dff087c8ec638d79a4cc8765799bb0a96968202aa9759f79b7b8cd4e381515d5fa0ea980d2391ad69f22b31b6869995cc6dbd119be62992a243c579a2570e3f73a8345c0", 0x6f}, {&(0x7f0000001080)="d0104d46a6b10694aff27101bdc9f8b4fce23633b50e0382b6e0dbf93037afec6b8b73a094a4866029bdf094d1edeec28ad87fbdbadcbd8935563ad47ddac9cd7a5a61a2e8f7a2ab1e56a07bb29b9db684cc77be60b82c827b8d02b752d13ab6d2af535fb1484208dd090cb80c44a7efc36794809156357f72dd9e6cc96598bddf4b51033ccc381874b0b6c97d5692ae38422bfa2684782e41ec8966b89e067f4566ce7eee4152c91c78da614f0c807d4d8409f01b0e62", 0xb7}, {&(0x7f0000001140)="43e578130a559f2f654e7e10233341641b4bd069fc772e1fd0efed978036614dc30f9019fcd4440a6d8c69e271921da11e52059bbfd3121222d32ac51955391a30b904275f0985bf5536a03f8e043e08e258d51dd281be77c5a6ecc237c1712997096dbe3a190a5996e47b73ad", 0x6d}], 0xa, &(0x7f0000001280)}}, {{&(0x7f0000001380)=@can, 0x80, &(0x7f0000001500)=[{&(0x7f0000001400)="81a6300565e74043b64bbe2a783f4ee54aa4a1732224835ad2b87f1aed14fa246c9a1c5951542bed0ddc30e57403dbd371789fb0c183f7af7d42514e84f17189d36285857b64e32f8fab4438ab4c258bfe2b1f8772e02ada4ac2b2e25db4d0c227e51d918883bd42990cf548523fb162a714ade06d15414def59e6a0ae2fe529f207eedf06211d116a204d16320e135819bcb13e9684d6199eddee7eb7d00fd365ead5fe950212d12e7773aaaf69adeaaa927b9e8142fc3e4770bdf14cd7a8c3758eebce5a6460f178114244482f", 0xce}], 0x1, &(0x7f0000001540)=ANY=[@ANYBLOB="f0000000000000000701000008000000025f9fcc835a85f307c4fbb5ea3b3b5bf41b7c1c74dab6c827a1e774a565dc0e28f8125e70ad44c9ca57c7ae13cf449f1c8c5f88d6d1be72691dda97f70d34a150d9b08279e070281aa164100dc18a578599327bc9a25adb6f226ecd054e5de9b162c188e4c48c8701cc85f13b94f5555ca42421d6d75272a8b8bcc9ff7b5f1440afda6bf67aecc2a0bed32eedeadbdcaeb6a2be3e4e90c88e23a525db959ea7b51b6452d435d2dac735a6307107f48045aaf3027affd9daa6b84429ff69403d2098f085d8fe067fe8ff07ae6e220b9c2998c22aa6b8e05d83c0cd939ef43cb030000000000000001801000005000000f3613c658685c3b23972158be5b115b0e989c0d3fa8c7f475200000000000000"], 0x120}}, {{&(0x7f0000001680)=@generic={0x11, "057f12b430fcd1014a54973f39ba2ffc2636ff591692861b4bf3d6e265ef9a137568665bf83bca327fbd15f8d50e6b437a4abe54306be7de87429173ea5e57f53d73ddbc50e54ca6b5bbb2a84289e7fa977bf001f3baae804988f3e5dabb1a9dcfd06637a73eee3b565965dcd140e96c7618c3d5992af2a37c0857d790f9"}, 0x80, &(0x7f0000002900)=[{&(0x7f0000001700)="8c80febfb69a1c60e5c4412e01a669f5c9c3b1c62ad86be919e34e9332b8c6831cb9f638c44cd4829b4b2d56adb3594305371cbcc29de417c1e1c874b8aaae79e86dbd7c84031d8df1c92ae2f831d4eef9dd6885518bd572e6067d0c8baaea84021c6f5105badc02d34a5a4050954b2733f29862641c7ac4b836cdfaf3e02111be8e5aaa1c42f1a0d700", 0x8a}, {&(0x7f00000017c0)="d6f4feca843fd036eb1f532c424c8b5d749ae1afc2c47c31aec6925724612de2843359b333a0ff40c16a8b705c36ffe454bc8f0783a0ab121d2e541091c23e51041e763d5c1c69a62ca8c276a3f8732336f36f0b7e0f2e883712b095cc4e607f79ddf85e4a06af9c7f1f24bca48053b9b015344f352201c461ef7175b228f00db4ec8a633d02789f26c3370149d54fef8cfdef8ffb3e7a6985b4da0c88b154e290a177e6dd42dafc51d3d64e213c69eaa309b5e72958f294150f8dd07daac7ef17bfef29c2d8b4f770c6bd4cc5f717ccd30d83a59c9ca6d3e15464958c2c59a12951a0a0676f4386d795a4377a7acc48451691d267e1d3c2f762f7a9fd5fcd64341d42a9af1333a923c1d99fdeae3d6165721d968dafe5881749a213f533ea809a24779f9e206aab5314faab4a869e936809f70beda5b58a25737f3c59e5f6d2dfe13cd7598625ec745dab4c364dbb44d017d2a63a2d1db3fbc3e8fc30d3f59a5a354c859e052a7a7c0df415856762d6e7e038f09a14392e599418facb10c3ce046f6a65ba1c018806f3625cd3091d2d8192a9db498aa92d5bd86b7a8b31cfe76a7cffe24aaabec4f27999b4c7a24e23b2f6d91f25cc7d3156b6b0a78f0aa8df0366df4f111bfc6f9d6de71ec97e2a1229a14c6f27828e4f14d0ac828df3f9be36c9d6465663c67e3fcb6e47e41f5f1267ad6e5a96a033905b5930ef65d02880a1881bc8ee24a470a70f23d97171177812ad06af672b9837c6b1b3a3c9c1a76e36536cfbfe1200715e892fa99101bf956b1f27940eef25258855e744068bd633df8f3de9a3500ad105ea2bb60953d9d6f4f09fca3204a368dd1434ab1a76a79138cfe257e50a6409d34ef02a49bb3169353be50f491a36d8400e651977b349e60a41946b919955fa99e5047430caf5188b9476ee05662e1eb75b04f41f125b224bf7cf05f7b231d5d61d4e0f72ff5405dad9887df27933f6d6a20f66032822c800aa552325d468fc507b735528e2c458f537b6147112e05d5e0ee39946ba8cdffeb40589719f22b5134bd2f557dde385bb2559d284d1cd4c321ad7f6f93801efb4de944b9c709d846331a8512bcebacb89566f4421e0b9b97f35dfa18438612f3701d6c9881b2309fe84fd789be18e7a7bb9f80897a4e5e1c5c21fbbd5eba3e9e70cbf8e035276fcba2c8d61bfd2d31b497061a5cb76120233fc932815d7b80df4369a4ede65adc62ab7b3135a57d70d0356656f06cb937c537662e65e333ccb8eacdb842fb4c689ed3bb9b09f1546b1f0014c811146247a6e18215d5a269cd4f9c86bcf742b53a27c62a83b41da572b3a1e9d093315662c98be1a7fe2689aae3b275f26821df3af03cbb894cd66fe0aa9399bf0385e02c29169753e66ebb1c8c75f9d7131739ae751c06ab7a364e70d71a78f4f131acd7d8e7fc55e2726c44d02bb08a37c4395bfc5cccf9f99485bb3e68efeb9181aa2f43a14d9375cd4aebe3269a680601d5056276653a91fae4a8bd18371fe4b176b37d9aa078b6b949fc44452ff4f6c5e2325ac330a03db34fd0a975566552f37e2d156eb1cf331e75374a464394fc96fe6ba1157d5049a2c4fcabbfae6017a779c7477dd5a7dd501c50d606f516481073cf1058320f3e71ec9a7ebb540e97354da4edfd480c03b764925412eebefd11c1829649acf2bb133fd90c598939dd4189330b7b10ec2b1e96b8ffa1c768214971f3a7b89e9633a13d1cfea2137a941b9f534bd69e52f47164c084b3da42c898e599ba795dda6085b033d5d3e4da3d86091524255b489c9fe86330440ad870144f0a39bdd8e385d7c2c9f278b39fa1daf396c61d433d2c7bb105c5e3bb2238e8116f36fae6a011a202da3f5e97d1893407bae640aff9963ab8e493fd60de29e6ecd7e82aca05e684f1a5bea9d25842039aa563f8429033cdc24b2e92ba103c6ccbb4602fe3c48c2ecb3dccb13a95b30832966eff1f9593cfc5c87cc92c36e1d9e809af97455f55e637c41c75978e80967e802b4253ef5df8b07b0b3aa44443bea51957b6c363f930f929296a3d3b666e41e4c26f8c3e4036941f1c75fe7720382debde86ac5681a89f66ee5608c7c4da71372b0dd6f489777df5f7bc6a5675d0743e26f771985458ec83d0a97bfb672ae08c7b4c9f338cda530fc05c80dc2ce2b030db4eb90f6642029c051a14ae09c68718962b65c70a0f72b68c787b2bc17105f3d3719680038c6c6ba95f92beb819143a85ce5ecd0eccbe9f402935aaf8b2e27cd6fcfc1a2fd4bb9fff1cf2521fd6bec5bfd470ac7852c9c1d16f241a2c8b6f86f230e23c34b97900a40e7e5b91d68c0f65adc36991c70aae5467194097980d950cc429a190887872d0a3d900f8588d5594500ffc18afe27c094c6a9e4462c8c9535be28192add969e051a00737b1dbca880985f6727e68436f7d0f39d254d9e30a3fbfc5d115334fcecad6162e99ff7569b43e89a6ae09757de36c40d838a9919f5d0d15766601ecb15bcaf19bc385622b7ef3755fb8eb30a6bf58790d38bd76d6283f5a46bca35f6959966e2da625cbabfc3ad42dfcfb024ddc7245e77bca2ec124c1a978471c61689fe30f3750d441ca71d49b01785cf11f73a26b579db2ceb3d398bf42cf00846325036330f1c806a2224598aa0847ebd409e562765ed0f88398b7f6743b2ccc4a850ed5e5202225a4356e1ea7e5cf4ee46f30b733a345b30a4c4dd50ba4913a0cec4892749f52f3e5accdcfec596d0c70317202f7e53075806e55f6810a459115eb94bc91ef183cc1a5fc264f64e8f7fc9a61dc7403764bfa6bde02154dac34f4aa02b23204eb38e219d55395a6dda008faf1b7e00693af0cbf03947fde6225eb1571fcd756c8c4d3e34c6b0e26d10d2755901eb030dcdd28fed2fcb658e214aad3fabee75f1d7fe662568f90eadbcfd557d0b6964b9204525842cc8cbd63e95846a4472068b2e52ca8194b10e64d142dc2e658efbb8f0b493c0a28f3ee0c3d9a9b7f1986382a3e1b4317258995ced0e0f4013055f132a3555b31abdabca45d05f8a7ef38fd776713e96fc1f5f6f1a934b5b0c056fb13f5a74ac571ab1441789e872de8d047ddcb8159095ca1ca33e16342973145671c29e0d1b6fda4a7e96c19629381e9b6aae049f10ace495adc27004a05b137f1760a6da3d220efc8659d067af603a2f012ebe9bdd56fd92ffbf09c1dfa9a5a4f99e80d0bcb65ec0e19ae53e1fbfa107d6c37ff1cbb2c34525a7b6255a3c66fa0202c20c674ef08d780c16ec76cd7c09c0b54d6bef5556b2e9c5191aa0dcd13b14227bfa62837a4c42aaa8aab7dff4095b0fbb880e1e96a9632d1dcc4977c8fc9fa524239bd8fb122d2fe7ff8c4721c652dba8a3cb169e1df2ea2fce3147c4243bf00565aad6de23cf5282a77523ee67bbcde9f803f6fa8d5bef239784e8f6af32c488bd582d81912585a3927c4e8112b4cde677be5d6f9f80560fc40e28576831691af2a185c1ba25ea71666a5d8331d6dbe5c367a60f5ec93cd65fed519e0baaf2e8901f78f09661716ac0f1fead15a272a4fdbc28a16bf075a0c372229a6f8b32d383782d1046a59f8ecd4a07f39ad438f94cadba7bf591a99efc5e4f3ef40f2ec9645033c2689f37066f70245a577dce1d22cfcc443f1df8d6bd0a3d0db46d7f5c0b4b11aa3075390fba46c4fd20efa243184f9cdde826423958c636e05e434cdaacc2551c7dcbc1de74ec16ed3489ede359e94cba692200a54000774b2f93256a95d3977c2d3f3c976e7a1fbdb6fb39562acea3e48bdfcca8ffb2de87a78801f36d25ccc1d1ccf1738ddbf6ee81de858e0a520a3ce6636861d2f70a4a3a036861a71a4d9b4f625900c6b5a78bda0b131e4b64fa1f1ea733f9b27a70bc965c0c3199dd2551daa4999b60dee1e176821c317e8d3fd75fb1f5bdc5ccf66e5e55fce65155d6d9e6827a5d12a1ff27184b44476419434ab485bbd3b8415f5d655d724614bc8705f98b5240c8357ceaa9a313ceda1134c86f2a103ba6ca83a471b824a95a44ddc8cb99ed5f851d456c0fe22c1a396148a3a9f07ffaef63eb68f7bf6f73ffceae5dbf820b805918683db721c33da55e859b412581e739b05311ef374cfa4ba7dada337539ed1b0d7d810be5e19059eb294965f25857374b4c5bd1d87633b9ae48ef2635877760dfa7e7e3b64389018cbc7525fee9bebd05a4f38e2703a82ae24d1c6a154a67ed1a19d09d15ab0c2dbeb96a8d3a9228310e79cbc7ca1079c822421dee712adb6ed568d878644505358fd8b2adc9c7311f49d490133a0bd989ac0ed1fde5558739144e09222c3c74a5aec4755a3d923e6c3af96759816536e9e9dafe6f9ef6223e15c49134414235adbbcce6ce3562b22d1ad488959b8ba4ee5202cb2ae195d12da5789946e35c226583e649b94039b0d1a7b8b4f841b5b09367728f48497e4d45f657863c2fb8bc20ba49a4ee692108dfa8565d4ce5ea288dd821ee3b792cf1575d0baa8fbe546ec917ec1af72b4bf6f7581b31ef8a41ecdc6a9559bf9e02129efb496c4b741b8e83558b3016696fe03e96c0052b2f90f04b56a83940e6dd5eaad3f2d87d7b0a5c92769cb73f6bbb8b6765654964c37f41dfc43ae6aacad100a351cb2fc601213b476c06cefdbb192a8e4d5d0f607957b32a0151a97e9f3d550c1638566f99c9152c93e9f4356647277f435f880c8a8de48ff24914d8b33d58f314c6d3726da0b19ae309f8a5a398a89caed25bed4072db13d30da68b67d1c2900ffb4b0bb1cd0a312d2a627c1f9f5a9d2414d6ee43caae773c5dcccc339e4c52d0cfd1ff3c891ac9d6b12614031c368ea554bce3af75cd78a8bf432f41a9ea3e5c93ff0060b4c43ac2a191184bb5d3bbdb017c63b367afb3a7e0b7b4e58ad0143dc52a141ca57b4e240e3f493e99f1768964402bbae71b5d32b24bb321eac8f8a6d37726ee6c364ed1f2ea5fc2cd160efde5e210c97556046d50cf2d7858d699e5e7702e4653d92d080ea0d80221094cefad9d073d35dae9905c2d0485337909363540c5a4035840e67776a8685dfa5ab009c67d7241f3f87ab0530a80cd34419914fd9db896bba2485dd74e6bdb6f666cdf8e9d83e668d3dc01f769d07e077e04874abf3345a86aec86bb705298f10c659f0f85178b57b640ff2847d1a7d86fec2e36022ab76f5c3cb1b7095e710b864b38295365737203a4d521c50a255b4c533688fd25e52388448f8e7992f3d70413e5299b8c05a2173c8dcb72ad1ce27834744860c0d6cd3399f099f8ed955b78ccf1be6ccacc38e3c0b45688c88bdee8ce10a16fe37708d6a6d6a1b4d52ac9714e03205d1117fa0f70bf2d638bb325741aa874a065373f6df08748fb786f502fb417d6fb70333044c362ce3fdb14bf05955bf81123cbb83075c173967365710fca3b607056944fafe820b75d86c607ce4d89874288cfd4699531efbec50b359aa6e279c01dfa7680dd2e07a2206b7ec0329ba68fbfbe2dd5daaaffb383fa0d55db13e7c416e770a9bb96045aada7a50744bb0fa84e2db8eba035348e8ef9261ccf743bc1900e4662a6508a6b47b6641f4d1eab96f3170d560c9d7ac45eb3c20a1eae23c87001f9f695eb1af54b5584e6ff5ef0db689737d0419e0aeb1108ba078c0a638b2b6e4d099166bdcc973ae82c489ef1fbf5e4960f95e7c85aa5ff1a833c8af351e5b0f0b196ea06e25ebf6826054d048111d651bcb001d878185e6f0076970b280814eae64da83c2d8549838df4df2bf2a0ec81545202ac0cd8cc8b", 0x1000}, {&(0x7f00000027c0)="86b3f83e28eae3c07594803c5d18e341624fdd8de321a1d37f792b9dd505b32f9a50b7ded342ba655e67179ca41b821710c014f6277e8e7e070ac32ab86e6ecfa3e4c499a8bd3207ae84e7fd04438a1cd98bc76f275620323e6db7a70256110a3881ea4125329bf340b45cc33abf31cc12f3574bb18ebf7e9ef547b61dd1ffdbbc2e7c5ceaea5704064b436532c691696d570e186ce57c505b6d8e3c61e9860fe40867bf4e78cf6ae6dc93ea78a635c30d8e439acb89bb48701c3da3c1336571f1566e68e83ae4b7acd380014b6dbac48819360839", 0xd5}, {&(0x7f00000028c0)="6498d635c37b0b2ee99186b3ed8d4a7c738695fbd7a375bef7cbfed64884d7e7a129c2e1", 0x24}], 0x4}}, {{&(0x7f0000002940)=@l2={0x1f, 0x8, @none, 0x8001, 0x1}, 0x80, &(0x7f0000004c80)=[{&(0x7f00000029c0)="cfc184754abf4aadac1b049f7466d79c53e1ce360b", 0x15}, {&(0x7f0000002a00)="efad27cfff88f64cc3ca0260d7d667cb59", 0x11}, {&(0x7f0000002a40)="80f3443aeae15cbde21f83304dc966e1c6b07d", 0x13}, {&(0x7f0000002a80)="a59d22ea590dce7fea8c3020171e1076d88fc433bf754fe0984cc051bfabba648ab205c0925ee1a1ab8c2fedcecb8fbdc720bf61c677506da66a7beda931c59556b88a4550ba0dda792d843e7ec2277b81ab09153443a5a595b833351fabeead04f875d5b907471b70849e9c89fc71da46b4b7d2a2c20e521007e56e7cbef5d75f7c0b87420b6a1bdd8df91a30ffcf205a1aafed5a1cc3dafc0a5228bd832f2c5468858f4f0364aed849233a4cdfd9eb94b33864aa0d0aee70ae41db56e96529d1043073b33bf1e44d5d2b1a1ab2abbac767d30a2771b3fa2085b04ab7944c54b9474f6a9c518786b94fd81473dd9a6c062fe5205af5c0395e4bb46c75998cec8d6996afaacd9a234f1ad905d968aedef43a1e5e4871f10fe2396abd0338bfe3f652ba6108c4297e7ae8049f24016520c2f1c9a265ade0f9b26ba026154c5a0dc4d1e4e91934e51f108a2f15966764cc44dba08849934429b304f5f466d5e35abaee62b0178a55afdd17a2755b5146e2edb95538107938142e64dce94e18bcf0793cfb6ef073c2ea0f3f8341596615fadeaabf70b9099dd389359c1187167c207bc7a8eb4e44a2d3be047112763553991231fb7008f63828bc668cbd05d69b225bb0f1db25de727be0c71da9c490ce1dd6a48431bf20f5b56c679334544ff2cf1e5f3d09cea37ce1e3b10b643845dec9c840dc4b4140c6467e854dae5cf7b4810d30f2c6e3aa737385540b8d3cb7a2367701024d640327a668b944db1aa92933533ff9690bf58df5ae569f415a57198e1a017f0a73f872504e7a71fbebe8cb67809ac8316ebfdf390c335fe560ff2db7caa7f0671966fd4c00d63aade0b3e7096a66c6f99517132fb6e4240d12764bbbe97f222126676bedfc9e68622015b5d094f379e796f11be3a05e51aab5ddd58310389dc1e540e068558b2d2d731efb6cb269f0102bc6e316010e731ad4af91fdcb84dcdc2ff4e9388bf13a90bd65e357928706b5774f11a9ac5a0316ba77b0e1d61383949e33308383c6359968b9682e99e12bc73c293cd3436682c433236f4de9ce4c9725917e78ec35d9c9e8677232314ecf2b4ea6ee9f8fa1bf998d36e2493546949dd4ed99e422c7306177a2e1733aa775b68855e8750393d45f8dc563f09a274921dabfefad7a5fa157d5a6abd3d6696b1c5bfb7f2ba0268ee4d88654d19665ba22262ef83e84c09fd57eedecbb2160569a35b4894d66dadb13158e92db4389c50f6b8627f56820a22845d259420ea3e12be54fe5e6d6013e8c63863578c25e95df9577ebce4f418466f710ea9a54f422b7f5cb60f1f384a0c395d8ea404853f139a470f0971bf602daf0b7094cec2d35f46784a4c74f2e6695e20347d110e7c0162eb063400d8844522e7667291ed1817408601e40c206078eff7eb347d85852e4d1dafdc608df7809daaf43eb1492b99bdcc8643c7d5d4750ff3b0185632cbfd72287ceaa061c5fc46f29583efa2722b97b47697aab3f71f4f245bfb817bfd834d67d0b54dc97c828ae8094824fd73017c557a0d35e86c3d99cb3707413b2b5ad5c2241fdb1edd5ebdc8d076201882c9ecc9aa27d93904edc8d202363bc24aebb9e5c5af207abb5f5bd3ec1e61a3df2d104f87cd64b0862fc7f5f6174438dad542358a0346047fc29752eedb6128a90039e75b0f701ae26e56625c7b541445c3c1ef31861c72d3181777ce154a70f4d8751b79fa67b400315503c72f2cb0e4e5c5bd272a065b89087ab97d3dcc48acf57084a93049e5f32f92f04f97862bc9366b5e9c973cbf0347bacfbeb66b1c9687eabb4f1fed47cfa4cb86cad0e70f16ee98fc500f02eb7ed05b5e393930d6ae1362733307a050a33193c200b2e517ebbc0edaccaec40e0d8d9ae5a7359994387155e13514fbb5e5bfc4b1ecd7e509c6f56a943d08d083750ac410ee6a1c2e3de03544bc2d19f70876221bed73ca89525018b667ec545c3f1c67f6e935e0b32da371186d15d86db0a43bb202f5b0d645ecd90f3a5f635ec5f37a22a3237deafaa0950a284405bef2cd5b0c900841ccdacb73297b335b8a083a5d252e0e91698df92f1a8407e3ba3414710095825dd6c1eb80e78ac08c71d6849e7aa7e8095ad3a34ac41b848a1a444f30de110963b5a6964cef318e24522c52a0a1a9f4e6c8573893215dabcf76cb3c953973b33baa2030def9b4b0cf5d656ea03c1b89a3ca6e5d66d338c4f1e954ccf08fcb4a37bcd8110e78b743d03495c6290a3492900d2f2c3210bec8df3486fd85761a24cb1ec2858f05bd9592e336835ab8f0ae2100a384b1e0e804dea508750e742944ace81bb008a22f5c8eefe35f78c7afdd163cb4ea148f5e02a04b6b8e40b3f26ab1de466b1b51ddbaef44e04b9c34fa37f333e7c232431c7047df9c6fceb139f46ea935d062c92a0352e30db0863b72c010d496b7951d41546c5077d10c5f6b69c0dc4537dee4b9b472af198fe86d2ef7262d03d22b08a4ff7102919e7a8491ec20e43025d8c4d7519909eceba22fb972220cb5d08d97feb19916c072c4fd2cfe192c9c1927c4a77a1ea29ed2b4635ebe342072a54c48f42c74cf8eca62676b384a98a0240a9e0d4f208ae1cf767dcd8792e4a25895a7a8f129c36438c66891bace59439a7acea7eb77d28c41cd342c853151a6bd30de159aed6287f20a1599d7bd37ff3c7101ffeae05d8553c337bd5a1b5afb8e234ba9dfad22117721797a84e4f1f8b3c4d13e2200add8f663f7f98c0eea4fac5c5066c960d504a50d891cef31ba2952566f5bed03ccda5070bd2b46129c896b151ee633fa6b693fcc73af4d597334af7dfd09a5a09b7cdfd7f5954c2cee8fc6503c0a921233535531fb52efdd7c09dcd16568085e47061bc12db80fc72b84d5200108dd109bc747e83227fb3f0cd82909f8cb4a3ba1511da7e2fbbe679715bb23abdc9b3442c70fe349e5ac94f61bf38cd709709e5b442d351a4f74931e3bfaf81622976964ca22ad8777213d398aef47c735dd53562604da606d88831591d6bbd86a7762331f117b30f7682f619285a6e59ed4e852c1383e259f3d921b85561fb9d6f1d4351a75e39e81f516e36c09f6ea8f8a0442f83a81561c0a92142e2ad473aa1d6687ab5e7c8e1cc4aad17fdea209e609ac97585f6dfe273defe54edb434e642a820c31e8d499f1d82e3e4c921d447b7523ddcad1f76c40c58a0e6d493ecbffa9e10c29bd93da60472a6359ab182df6f9e7028eef9a3c234613c53e3c2fedd5afe7eaa6d4ccfb1216b8fcfbf7ae4a046bc01e4c5d735b0248dfc5b46d464b4d27aab3826d7d135ccc9abcdef4afed504f3a4dd2bf6d02411bc9a8c8370c21c68a833ff9ceb1c6f67068d33414cfcf77bb9156406c425709a93df30a08873678cef423d8eaf1f76e76a52f2eb99b63428919f115c384d9ff2b989206dece9b1203a4771d339f996dd9d6424f8ff41d09077cb60490f3a12614d9b94bf1a1afdbb94d787bbea32310da63e5aea8f97c5f11ffe2c96892a9035e26518ea0acc7a4c36c3499526507d5d465ef11cfed333954880760051081f40d2329cc7fedb71428973554ec5b61f135c772c2222a6cfe0057ca028da59d566f316a1fa5fb8ee757ceebb78c68a71b65003d1784ab7bcad96cc24b2781f84134a342681106848e0ec7295e18c112a85bbc0475226a4ff0edc317835a53025f79bb1a732f30ba7f72828da314bacfe22e87d37599ac643a14d1994bbafc69d6cd9bfda85415c8ac8857689e38ae7a5248a6062c14015280b460454170ddfda5c61dcaea526567fe76dbe100f91d6a768421a48593b5d81bb06ef894424def1df0f8024d37a616a4727c46d8a2287ad2634e54a883c8e78d3f0f637d561f00aba3eff5bc6a8163f3b1550ef444999a0132cfb8d725963bac9d162d6cc788044577ffeb453179b4250d99928d43a3a2770af08f23b35a7d41286b9f6fd642777c9349e5ad9695d48a5487f3187f0bc2520140a138b1bfd18893ff173b158a9fd50b5a4f186ad31fa65ce5aeab1fc183c07f72ffd4755581f9a1dc820b458501e8225a295da3fe69f9d1f9ecd52724b35979ed14b59b5d27a46685117d3d50ee15f5f3b61fa5878214120f886e08b61e708fca87e546ae2a346c9693b60183b0c3220e6a63625f4e8a2b67f2a2be843aba4072fcbf8a4fc5b738c4be907dfb6e76402ce9db91b57c529ee058c74619445f76d42c170cf71dd245c8ccb32af932140056586d2fca41a67162d85e7f4d7d8740d31ebf57ddd3ed0db26ad2891e88c599d4d69795c0a83f410423610c50e5ee1bca3f7b395e82cb91b39e3370f4c9b750c43c70d56336268e90e74e12f96341d078f89e9712e4f67a37515bbb281f108852cf51e57964a4e4d88879a02d60743aea7c0ef59e0c642e5455b3cba1c580e3993f6fc23c69aa90d7217e56b77637af952c4b8810fc6a41abfc7a7ab48b229ae3fccaa11a448f63423cade5d47c4316331b4abb21526b80d44aafe001075323c22298fbdb3c28fb85f4bc77242c0c8f26839cddb2503c4d42fb4d05c0e3b4755af62be044cf4849c667d34b3ddd9cfe13a28387f5ef9134282c13b3bff001eb647c803cd5a39629be56f551a54b7aca06726c6e824af616c6a4593c7cf343a50bbd7114cfcc5ac8eeb353ffe3951ce74e6a6a4d7ddc589e49a875aefb7ee6d61e0777214ff2f537e89c406bfbd72cf5b56cb049bce06535f21e3d5d23950731c635631ffb06a64b893ba5e5452951d03139f4e81115f1cb12454ff1a462e864262fad88b9c309fdc0e1a9676e18c08162ccf2ca3f7d8216204707b0de2419819532b2d15c9b40f234c47b863d169c634c2cbe7a82a2e87e7a8d522885a977ad655b761dcad7af413f8f6a6173c176c623a6a7ee7dd4de058d913a31890c5e66a884278b37ac22263a281271b92a6d918a10817907e925cd5b43a5242943d380a423580b0a1a01a0bc9634d9d2308fdc7359c33e670a003ccd74688902687d892479e4cbbd0c766e096962ed672743b691cb47b0ea86f51f778f315f6e59d549d129fc1fc9c07b38f700fe9ef34ae5bb0235147e3f1248cdf49bc7499e0fd7835e129c7a8b6351d81e509d8adaaae5da50758d30e3e81458b65bb4b47e0ac326a6c8dfb590506705ee7341a0d7828ea2a3a158fc1b7564cd9c0452ae21157994bde3a255f0660c22fd7e69f1241004928a23d9d5c643057843907f93955d9eff329e0237df2787b106e42d7f98f9e462196441041a3ef603a6e34b0c2704a500059368e4581875b5370bf7f1a7c0abe382e40c487791edde22b492d70cebb5419e44c19bcd974c67fa092979a07c6a169bfeee896d659ad5eb5c8635d1255441ff1c459e6a9005962179fb8ca51ee7a40cb147971bf959b969567f33c11b9c9eacbdab8c7022c0cb874aca7f3cfb57f8fc54a1f20f6af4a3650ac4be9ef5365a278261ea11d54c0724e9fd6c8508c9edf5ca811ec5817a187c678d0a8e1e4ff197c19a5d0d3ea0f31c1a4b98498af2018101164d91e8fea0be64223d1fbe589cba1ac2a8ff10bd4d69dc604e755e1b2ef17e2d5f36659c0e313acb8d962b51dac7ed43d4dc7c9e8eb3e975c4ccf73dd0292776135dc0e2a9f656e5c1e2715e0a91b6fd0ad7242cc6e5405aa924f78617dcf85da851da2e960c3eccc625c152312645c568d3c8942292ae3adffda95ef16e4cbf443ea605c6f54c31af231819cf62020cb9510cb6ca6555cdf9f747fb87f8a70ab373389583276bab74890385802", 0x1000}, {&(0x7f0000003a80)="f434e1f93e17bd8285e3ead26bf2e36b36595e02c0f2c7ee3c3108c0c2c446fbc0c010bb13999d496ef1ed1b9a3fab0d8f41202097b8d630fc50281fe57ea864e2b3bef8381ef54e431c1d4d1bcdf7274d3f25e28725d69b9f22ec4c32b8d20d01e0d21e5a1ad03158805696ad1ce8901cb37dea1d921160e5e4cd179419df8b8c2983daa5ecec5a6287c05a240551e37bcf0d544ea68ade3df901de4a908ed0673b4d6d11d47f7bd546113f1abeaa308803bf1b8cb47ee7bce9e8c43fb7f5e4e0e6dfd2c04663fe0e62a53dc65002b9babe940e7b30231d03d9c98819f70749e7bc6571cbb12cbcaa9078a2333b31626f847005dbda061f4feac57f11b618b52dbe8fdcc8f1f5d534534f70874347cc411311c42487452e51403704b6b70c9f44ab20dea2528a61f602d3727fb0acdcd11a6e6f70dbfdfa5bc4360c0d5e9992b68f9a83373670a181eaca69eafaf81a23774f548d9f11325ffde60719f686bf297a4bde5634ccc96a55a17b127dd7f203b02a086f0666b921ace5f90ed43b8aad7074ef39bc68dab17283ad733d2bcbe3a4cb0aa11dbc943b4787dad63eaa21b666df3f15f3600f77ec191aef5bf467eff626585453f85177bbd0dde1c7e93a2193d795b953b9653c9e9cd8dc228de94a39a6c3e56dfe3c61c37f52bb9a8d508183a77f4d138c70ec76b6cc1b90593d26f6e605d6390e4be3c07021bda30bded5b151de5ae085986fc84b424f96909ed3d0a8efa0b4be5731497762d5e399d508cb553aee07354508e6304ee981ab5089a5088f32666d7c93779fc992a07c41ec9d8714c4cdba9c6fda7cb5967d0ad0c53fe8cdf9f1eeb931b943ccec2ec2ec4e05708d6c4b2296154acf51fafc62bd19887d0cd11e2308fb73156440587898b3136c3da20c50d4aa0ec87f38bae1cacbce900ba70fec652ada91692b1ca10d7fa29c0429966c00b15895a2a8ce66f761dc486664ec8e003264384cd3c169f548c2158073248451d1cd517dfac95705ee9f7ef528cab39e4a09b630f2bbad1912ce144cafd1c761c4221da4570d7d091f8ed7f625d7f2ca69ed54005caa61c0787363f8d956b5e391f5ff8be068d394e194cdde92d8c84282588c8bfa447a7184b3a2683503b2ccbad7873db2d79d53949cd9d16b1224391ed26f4946f1cb920dee16d3415f22180c0b1ad305c402ebc65da363efcaec0a87345a8d6caf33378e551cb0bfefc6220c812aca1034fa04ff60c99415b27974d74d4e8509079ba7683a66205e5b7f190acee59515ec354ab22182dc199f07ab98e11bd5ded14c975a6651c84118b16e50f4437c632336c584cff72aa43ac8ccfd9760ae992e8e9072adbb9e9b30b6f955d4e04ac9aab46ca672ca8487d9dea6fdb7c7605135530576628fb7b291a56511cdb7296d1d8791bdded8b56a6c6603a94bfcf3e3022f346ffecdede985e769b68308435c511251b79ecbb84bd1a82c9f62d3e152c9a2f527b92987314c3e05e01e3068ad872dc5aa2b7788d63440148f3a2942d73f271ed73c1b26e5f88210afd49f8bda9f2ef189f4f3ed0d4faa06d87d2dd77611a3d89d183cfd4474635cd2d277a923fc4d07073644bc657d47f86c83e300aea90903d0559ab89c4bf7815a079b3707b458244c70c99986ccd81391aa987835912e22e7393647aad43c76861497b153e8a212d742344bba30d1e32893c130ab261085caf45c6475c6d0de16cce95aabfbeba718efb98cbcbe38b16c6b3820a34242678012b06d90d7ad89b4c537ff1a33001fd3076d36c79ef6cf3fa336e2450e2b073459e2024bd66c175c3eeea4c249f99111b76532d9788619ceefd0db05c5475a13cc1f3eddd0227afaf0dfcdaaaacf9095a6af5152e5eb880f964e23245ba14093be77275a9e950536acde8050544947adaf3241fdd7c2ecfe04d5fb363c60a664edeccd44c2333cfcd7080d404aa5856c6bf6ced60cb6e5b45f5d72ee9e6dd2bba99f7abf184902cff3c095d84bfd9d9fa92706cac0841654ca51e128d247651363440bf9a8e4e41fab7d9d3c387df57f8b9c251197dec3abe1a10361871f3067f3f3f33b8152dd64525dd264a62b0fe594897216ee3ba82b6551f26246a254e17f0f18e83cd7437f51014d0dd88cf58903efca0d9883456acf9b15d166ca5a8625cfaf4e780d46c482209a067cd3afd62b84873c14a269afbced88d250d96c3ecc5600629071dbedae399a86ba32edcdde50a717bc762031c1503102feaf45f2245d61e3f74afc56c6c0bb41aced5e1f6c74e293c0a23e5132a0c1827f89b8457b9c1bc7e541786f0748324d488d174530a5389feceed39ecfb95bd7e340cd3e96f2271b15119703e5c80bf91c6418fd323275af002cd93cf93698d5ff6ad4d9bbcf0cfe4dd133eaf3562c8157c3d0590751515ba3afbc624c83f4aedf101b0dbb88e09975f3b196238ac5ffae8e2766acaf58718279bf6147530b7b6da9fb65804c25bd0e7095b0c69d58a7ba6befc5ab1995e5c04f68ee18ca36df3bfa742ebf4a9a9e4a0e0a5a0181eefe7379a29cba7089df205b35d986b2cbc116019ea4338ff94e0df2b93699179884bef7f15bf85813be9b41de4725cedddcc921b2007e4be17ec4452be669c16b65031e834d605b2400d9c789a08da906ca6cb321b8026ebfb800d8fe7d40d7620b7c109a70aaad76944dfe0f673fe34df794a3a0e4656f8308c266e9c47e9c6305a774d573ede8440d069e212e5208ec679a5cf8d775598c14440563851b7986ec1e4617830cfdcde3c039d038c0ef8c68e2fd28be45d495148fe0ab946a5ac33e54657d87038a5fed505aa710f49579646d804ad106276f71bb8449b321dc2b57790b49a58c8617e64124c46001a8c62aef1f7e5309b6123dcaa56e146cb5066f5c317affcbe55c317c0ebaebfc05e2761ea4e19590aeac0a32fdc08837591671ed26e6322ea5a6e889b51d1f878c7adf2712d9716a11415096dfc1304872dbb568beabb6ef495979020ab0fb817f92d2305da4a81c0faa9d0d1f8c0cc027af829e1c894d3c89aad45b6a88bb6bc8aab3e4e94f66c7aa0f060629ecbda1da69072a82717e350c863f7fe298aa14b09f62b4ec67fad14fcb3c5803f4e7ee0e499854f97c644b57ed4db683569526dcfc0575d78c922028c4b22438a9d780f33cd5f5f94359637d748102627f7b4dc531a77f21a313792ba574ffe75e8cd8ff8e95c8857e7d037bd66f9d94c042e9b9b22bc24ee50574988464b8750fb7b62d2a1deec07986a45b11b6ec8607bb976064e680783e3688ac7ed1252da4dd76c1059105450a8d45e81f2e84f15f07db42d4841ae98b667f5462b5591f65e4bde033344a16d7848afff602a0ffcdd9fa7f5117b0dded6b0089e7a3880c64b27c707d064bd2fa5f19a6eecaf943f913be8be9c6833cc1bcdd36d7b8c615a021d3034c68aad64447bfdb69ab48e470128b7eb63329dc82f0ca168a4b85abc9026b8015a3813839c755f64fa403e2a38190f5d9b54c75b17ed30b10ee25b501966d88e879160f47364097bc11b134a0e8baceebd17895dea8c8e78636e8ec26fd18b1cad81b549591fcbe39ac122016b195c46729f2c05df3d68f901b74001adcbc70a6d072dad1f102427c449e88aed0a743950c1b177ebf5a396fa096981b72155b9fb84cfdff41c0e799ce2ccc3e9972ef2672114f1610b4b459dab3cea581e4079a4e90648e18ec973aa4da1e7f678c830b2353c969e13b9c3dc0a80f13398f01eeae482bdcb8505dbb64b143f760b75fe69baa2c678a0dc5b120c8b9cc306cd5fdd6ec6a6fef62831f606de33528ad4de3737b8447ae59002b008a0a14b88467341ff1d592723923908d5635a64a81fe52450126e056d6ff935dc48fee64a93f7777d2d6c2ee077edf6c58ad716c5f173ccc6265760fe14f9ec23a9ef142c224d51553ea1413b44f26061981963baeb8147fc5824e66e1c7fb91af070704bfde5dbb226e25a84ac4dc479ecb9640b9b9751ca8fe6df21ac6f5a17d475f2ec3e3188a065e70e23dcfbb72031513693747021edaf011796d665c99b68b5916980185eff890cc198c8a23f76f74108e3a96325d9c766903b071fcf21aead63694b6a1f9e3cd4f0e3d4c522a47b0caab9af3e86f2787616565cf2fe09256206e22bcf0ebe1b5baac732df4361227c1a873415a17bf78d1ef43c539787fd3c7f208e1812e8a5308d1ae4f02cbff57e40f37d67fe5fcdf4093fc20c61999bbe722bbff059e18fc85f9fdc5c98da0bea3adf09206fbb493939f24de36a581f9cf446fab7fe6a2a7ac35ea4afbe6a7aab07dc17957fff2d6dade2a3f9aabb1e28302bbc45b95b7ff49a45c306cfe74538998f99894aa31d4ecf8b45bb202fc9f6203c9a1338b2cf035ad89d6d8a6d51e301afcaeb49120e40739c9c305a45e29132b1b02201d736f820e38a6126fb9cc3ceedb002b77b05583a3a91da698f88a50ccfee167a4376e676b452cb69a7ac8ba7d792ac3bc11628caa47adede9c26322e0063aac346d26c9224dfe9e5cadd0ef935d492f023bf7c66e61cd07a704b7a8a5af0e8fea7c4e90be877e691497fe3a54751304d5f7f334436eec10aada139173112685c711d99790f1b785785c911c9f82a29bb0ca808793bfaee692476cee0f83ed69f2662482f523443fa389b7227c91531ffa6bea560636154b85f0bc6334e5f69849d484481402bbccf1e0582d04010e0a5cbb985620a3f08d318e63b733d871106680f3c2f47793c70baf6d0bc11a056d96f0a2ff16fd27991244c760f33ed2c4087b34f8bb88efca1f25f565c2e32f82e6a0c2d563d53338c277c1d1fccd39bb4de6d5fece67866444648fca098674fe0fa3a46081313acd33e1daf67e6092b5c91b8244c97a031ff1ffd6cc5a27085986247e9f3688a99754e706e68895e3382792071153f985c4771b1446e33ce26b2b60e551402f837084fe6d35cf0b170de8a247027290c116585aa5be2b67f995ac4f723efd5f209817ce7dff3f5b728d7c65852dfac0b3e4f8ba08146150dd05296a3713c5ba5dbcbe7650a92a5e1381aa4d73bc045538e14adcd4cb9b0b64db952815184534c8d465acc87ae80307ac2258419253e66d7e2def3111a7c6de6cc4f91393e7d2ad3849057fb27b6d9aec103d9dd8e961f80e40bdf445216c96d2b6de561322fb229b7c01a8f721863fc53ae5ea6632934232ac150059cb9562e3ec22d2ceb2291a8861e4c69294aab9002affd852ea5809e1a35111f5f32d1523d6ad23bb0d8d7fa87e1b1302e75d4725ccf5a68cd8dc9a19512124f5c288c05ae87d16abba709f1ebd016ce145c5a486a29ac850976de51deb4cb9eaaff9ced31e4b2ff2491f7eabd9bb7d85c465132e02d318948bfbfd7d45e7bd115d888a75c9732cf48ec7c85ae8b062aec470e0c88177fbf59a43247154bdb1a51e3e63e9799e82b72af166e3bc5e6d48dcc1912ced6fc0a609fdb94131f7c867fc8b9fb777a2dfd45101ccffc59add4194942fd1d2e87b09b72b1151c20027fc44cf8c9457fa93a30effac7dfffc21292a1705dfa63b276a15ddc7147cd42fadf92f909b81d23c0a0a232173c00fcc33323da5c863e0e4c64545f12638cff087ad9a184ff0cdffee4f12f11c266ab20533c6f11d9f0aa6de43fd579ecd7380d5e617df2dc58fcb09620b145d9012f320c3fb430e40be7be41241d4e4824ccc7567b9c3b32947fb4a82d13b19ffc643374b41af97efa18ff86c4d3f6faab087d7adccbe995281734e", 0x1000}, {&(0x7f0000004a80)="52644cce45a640c0b208d0857fed148c3f76fdf646eba6db0c2966c93b251eb4a86fc1f280b0354b4c8bc1a0f447ec08be3e611c99afd6563e7b5fadbd062a95d10faff607c36f181b1dfccfda9504e6c5baceaf3f917299583b0afc41c314e8d0c812a9515a575037e2cbb698f947e1f75ad4c7bc358ef39a08bc536c9fdeb22dc0454f17b100dcb2f3c2648ff177a14f63f2", 0x93}, {&(0x7f0000004b40)="10aa6ac27774cb99f37e3b2bb7816cf44887288d8ea5e84f472131da1bafd471ca98a8fcf61ec8da6699d4a0766ba15c25dc1913b0f6fe9da53dc172906cbeb525de3030138c2e0e2dca36c948df611f21b9edb30299e6a28bb3de6b11bb376561658545125c9d86ecf5bd8abeb26f34f5f28b8ff90e4b2bb84ee474884290ce679ba92f1e7b40ef8d324941e2de3b0b8f2c7ea6f1b760a90b3b9ff529aca1797e096a97bbb3e914c697e27abce7e1fec204591194f439b904a7dab8cdc154904de5e28f49f05ea15d5fcf751c7d73b0713b1ad037009785e8863c8d79b8c890be40cad56482e18a602a9d55c81ca47dc7bbe00ac8625d6959", 0xf9}, {&(0x7f0000004c40)="89ac4ca350b75355d397b591bd7766e94033b50829e17c533e802bf6ab44413b52b4c53b", 0x24}], 0x8}}], 0x5, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, &(0x7f0000000240)=ANY=[@ANYBLOB="5c9d83891700"], 0x0, &(0x7f0000000340)={0x0, 0x8, 0x1, 0xd7}, &(0x7f0000000380)={0x20, 0x0, 0x4, {0x0, 0x3}}, &(0x7f0000000080)=ANY=[@ANYBLOB="200004000000e041451e", @ANYBLOB="52f3bf7009d4d71309f0c7942b9ea656d59dacbac2ca7c328af2589f9bf4d0cda3e521cbd8fd563d387fc2feb2df3346066fc8486f8ae1316ff6bd958cabcb1ee139b8f456066e9cf5dc4357bbc0b8284ca1e84a21c7e07251ddc2e3fd21429a6b03b05a8a42924a68bdef9a9ef5131c6ef3cd90f400aafdeb96d3ab870f6928daee6763fe153cdcf5eb550aad0f6d5d65747dfd8f721c3c"], 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x40, 0x13, 0x6, @remote}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x0, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x6}}}, 0xfffffffffffffd50}}, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00')
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
preadv(r7, &(0x7f0000000140)=[{0x0}], 0x1, 0x0, 0x0)

8.112736127s ago: executing program 1 (id=621):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a000000020000000200000004"], 0x2d)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r2=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000002c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r4, 0x707, &(0x7f0000000300)={&(0x7f00000002c0)=[{0x6, 0x10, 0x0, 0x0}, {0x3, 0x4001, 0x0, 0x0}, {0x2, 0x4000, 0x20, 0x0}], 0x3})

7.884501495s ago: executing program 0 (id=622):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setrlimit(0xf, &(0x7f0000000280)={0xa000, 0x4})
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x3, 0x20000004, 0x0, 'queue0\x00', 0xcc57})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x2, 0x3, 0x200, 0x0, 0x80000}, 0x2})
getrlimit(0x5, &(0x7f00000003c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x5)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
read$FUSE(0xffffffffffffffff, &(0x7f0000001f80)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f00000004c0)={0x60, 0xfffffffffffffff5, r2, {{0x2, 0x8, 0xe10c, 0x6, 0x1, 0x0, 0x3, 0x5}}}, 0x60)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f00000002c0)=<r4=>0x0)
prlimit64(r4, 0xf, 0x0, &(0x7f0000000300))
socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket$kcm(0x29, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r8 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r8, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000040)={r8, r7})
setsockopt$sock_int(r8, 0x1, 0x20, &(0x7f0000000440)=0x9, 0x1a)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000540)=ANY=[@ANYBLOB="fc0000001900010027bd700000000000fe8000000000000000000000000000aaac1414aa00000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a90000000000000000000000000000000b000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000fcffffffff7f4000feffffffffffff070000000000000000000100020000000044000500ac1414aa000000000000000000000000000000003c00000000000000ffffffff0000000000000800000000000240000004030000000000000000000000000000ba7bd5107f8f8ce1007cf3adcc1fd22fc9a34eca06e19d310be2fc79dc4d18dcc05cd279785d96b3692169f39f539f12873757d8920fc4ebbf153d2abaaab3a6d2208e7e44c78d5fb2c1d2d1034d291c86d75c6d0ec2c86df3d7f780bc52093b6cbae902274e88ebdf2d7ceede9b39bd4090040f25becf006aff2e0ff0f904a3a3943292bbc79ef42c87334193e0710cfc327e9a92753a2c9a2b62"], 0xfc}}, 0x0)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000380)={0x0, 0x20, &(0x7f0000000340)={&(0x7f0000001100)=ANY=[@ANYBLOB="a0000000210001000000000000000000fc0200000000000000000000000000006401010200000000000200000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="040000000000000050001100ac1414aa000000000000000000000000ffffffff000000000000000000000000e0000002000000000000000000000000fe8000000000000000000000000000aa3c040000020000000a000a00"], 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b9376000000000000000000000000000000000000f26e0991dbe791999d292d817368ceee3dcf110580ac1c347b8cf97cf54cea0f1a025796dc93b41ae696034d8bfc4ea008a5a42ba3207997c58946af1e418047937885e174b392d8398fa1a28c48c6cc30e5c616a9040eae27e2f825f7892512ab920703aa4b91d487e01a2c6650b654948dc83de54081fa23cb7f"], 0xfc}, 0x1, 0x0, 0x0, 0x20048841}, 0x20040000)

7.80437953s ago: executing program 1 (id=623):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
syz_open_dev$I2C(&(0x7f0000000240), 0x0, 0x2a041)
socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_io_uring_setup(0x74f, &(0x7f0000000440)={0x0, 0x59c2, 0x8, 0x1000, 0x5cc}, &(0x7f00000002c0)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r7, 0xc048aec8, &(0x7f00000005c0)={0x20000005})
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x3, &(0x7f0000000280)=[{0x30, 0x2, 0xfe, 0x10004}, {0xe5d, 0x6, 0x2, 0x1}, {0x1, 0xc, 0xd, 0x7fff}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x10, 0x0, @fd_index=0x7, 0x3, 0x0, 0x7, 0x5})
io_uring_enter(r3, 0x47bc, 0xc9f7, 0x1, 0x0, 0x0)
r8 = inotify_init1(0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r9 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080)
close(r8)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b14, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r9, 0xc0045516, &(0x7f0000000000)=0x639)
read$FUSE(r2, &(0x7f0000002500)={0x2020}, 0x2020)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x2b2540, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000491000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f00000001c0)="f018a03c472094f2f20f01190f09660f382bb000100000640f32640f01c58fc868854b0c4e36650fc7b100000000640f01ca0f30", 0x34}], 0x1, 0x54, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r2, 0x0, 0x30, 0x10, @void}, 0x10)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

6.576723309s ago: executing program 5 (id=624):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x85, 0x11cfa, 0x0, 0x8010008, 0x9, 0x4, 0x4, 0x0, 0x7cce8c743ee810df})
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x40)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x40505330, &(0x7f00000000c0)={0x800080, 0xdf1a, 0xffffffbc, 0x7, 0x0, 0x55a})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
geteuid()
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)

6.24415807s ago: executing program 5 (id=625):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095", @ANYRES16], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x3, 0x8, 0x2, 0xb}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x400d, 0x0, 0x9, 0x466}, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='attr/current\x00')
write$cgroup_int(r3, &(0x7f0000000080)=0x101, 0x12)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x80010, 0xffffffffffffffff, 0x2c9da000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
r5 = openat$smackfs_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r6, 0x0)
lsm_get_self_attr(0x64, 0x0, &(0x7f00000000c0), 0x1)
write$smackfs_load(r5, 0x0, 0x18)
recvmmsg(0xffffffffffffffff, &(0x7f0000000440), 0x0, 0x2002, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x6)

6.198387426s ago: executing program 0 (id=626):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
open(&(0x7f0000000300)='.\x00', 0x0, 0xbd)
open(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='.\x00', &(0x7f0000000080)='adfs\x00', 0x218800, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
io_setup(0x3ff, &(0x7f0000000500)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000d40)=[&(0x7f0000000880)={0x0, 0x0, 0x0, 0x7, 0x7ff, r3, &(0x7f0000000080)="450603f05a847ace37", 0x9, 0x6}])
mount$bind(&(0x7f0000000100)='.\x00', 0x0, 0x0, 0x201008, 0x0)
chdir(&(0x7f0000001180)='./bus\x00')
r5 = open(0x0, 0x0, 0x0)
renameat2(r5, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r5, &(0x7f00000002c0)='./file0\x00', 0x2)

5.684607887s ago: executing program 5 (id=627):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000001340)=<r2=>0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000001380)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x8, 0x2)
sendmsg$nl_generic(r1, 0x0, 0x20000000)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000100))
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x20000)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000300)={{0x2, 0x2, 0x10, 0x0, 'syz0\x00', 0xfffffffd}, 0x3, 0x0, 0x3e, 0x0, 0x1, 0x0, 'syz1\x00', &(0x7f0000000440)=['\xbb\xf6x\x06\x00\x17\xd6\xb7b\x94\'\x00\x00\x00\x00\x91\xdf\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x11\x00\x00\xeez\xbd\x8f;5)\x00\b\x10H\xf0\xf9\x93\xe1\xe8y0-B\xed\xe6&\x95\x8f\n\x1e#\xa7\xd6i\x96\xdd\xaf\xd9\x91\xb5\xfd\n\x1a\xc1\x96\x8ea\rMj\xc2\x02\xceE\xc9\x81x\xd2\xc7\xfbp'], 0x58})
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001280)=ANY=[@ANYBLOB="1400000000010104966f0c99442071c7560000000000000000000000003f6ed847604a94a0b20ff6f7f6eca2111244386533ec0b4f0ee2606e6a0e67f2297df003b62ea20f5976ac2ca37e48d4fafb183f7051ddd4bba4bb7e0c68f354746dd9198111da225cac0cbca1d12ff6e81031ae"], 0x14}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100007add15204505808001030000000109021200"], 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r5 = io_uring_setup(0x1612, &(0x7f0000000200)={0x0, 0x1, 0x3040})
io_uring_register$IORING_REGISTER_BUFFERS2(r5, 0xf, &(0x7f0000001580)={0x3, 0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000040)=""/168, 0xa8}, {0x0}, {&(0x7f0000000280)=""/4086, 0xff6}], &(0x7f0000001540)=[0x2, 0x0, 0x4]}, 0x20)
socket$inet_sctp(0x2, 0x1, 0x84)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r5, 0x10, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a80)=[{0x0}, {0x0}], 0x0, 0x2}, 0x20)

3.824025732s ago: executing program 4 (id=628):
socketpair(0x1, 0x80001, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x4010)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000080)})
ptrace$setregs(0xd, r2, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r2, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000005c0)={'ip_vti0\x00', &(0x7f0000000040)={'syztnl0\x00', <r3=>0x0, 0x0, 0x7800, 0x0, 0xf7d, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x3ff, 0x0, 0x0, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f00000003c0)={'ip6gre0\x00', r3, 0x4, 0x7, 0x6, 0x9, 0x9, @private2, @private1, 0x10, 0x8, 0x8, 0x1}})

3.64080196s ago: executing program 0 (id=629):
r0 = syz_open_procfs(0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newpolicy={0x108, 0x13, 0x1, 0x0, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x28}, @in=@multicast2, 0x0, 0x0, 0x4e23, 0x9, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x2, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x4}, {0x0, 0xfffffffffffffffc}, 0xfffffffe, 0x0, 0x0, 0x0, 0x2}, [@tmpl={0x44, 0x5, [{{@in=@remote, 0x0, 0x2b}, 0x2, @in=@empty, 0x0, 0x1, 0x0, 0x0, 0x4}]}, @sec_ctx={0xc, 0x8, {0x8}}]}, 0x108}}, 0x0)
getdents(r0, &(0x7f0000000240)=""/24, 0x18)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r4}, 0x10)
sync()
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="44000000190001090000010000000000000000000002fd010000000008000100ac14140008000500ac14142f1000e3d99d1d32325b3e6d10405928a0b80916800c000880d514f52cf87ae2bab4fdf9d32df458fe238586003e6e9971d3c63b6ab12ab3964723e524450ad41568f7ebdec45f2210992695ab2d5d67d2dd9713e31bba108636ec765998d252ded442a178e46fa2b91ec1184897b6fc08baa3c33fbd08003edcb21980bf611805e9ea02fb671c150714602ac7c8908eac4b870d66ab8d9c6c0545c93777fed3d4758d865477527b33b2b6bcce00b8b6fb7cb072b252d69b2e1391bdb49cc6e91f9d205761c8ba10ad9f80882b56aba9287ae43bf504fa7087396c412dd09721a731"], 0x44}}, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x10, 0x3}, @TCA_FQ_QUANTUM={0x8, 0x2, 0x10272710}]}}]}, 0x40}}, 0x0)

3.520462712s ago: executing program 1 (id=630):
mmap(&(0x7f000015a000/0x2000)=nil, 0x2000, 0xe, 0x31, 0xffffffffffffffff, 0x7d992000)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0xfffffffffffffa8a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r3 = fanotify_init(0xf00, 0x40000)
r4 = io_uring_setup(0xab1, 0x0)
io_uring_register$IORING_REGISTER_PBUF_STATUS(r4, 0x1a, &(0x7f0000000040), 0x1)
readv(r3, &(0x7f0000000940)=[{&(0x7f0000001080)=""/4096, 0x1000}], 0x1)
fanotify_mark(r3, 0x105, 0x4000997d, r2, 0x0)
mkdirat(r2, &(0x7f0000000000)='./file0\x00', 0x100)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
connect$inet6(r1, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000002c0), 0x220, 0x100, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="41d8edff000000001009000084000000050100", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000240), 0x800, r5}, 0x38)
setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e21, @multicast2}}}, 0x84)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000001080)=@mangle={'mangle\x00', 0x64, 0x6, 0x6a0, 0x2d8, 0xd0, 0x0, 0x3f0, 0x2d8, 0x5d0, 0x5d0, 0x5d0, 0x5d0, 0x5d0, 0x6, 0x0, {[{{@uncond, 0x11e, 0xa8, 0xd0, 0x1f000000, {0x0, 0x7}}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x400, 0x5}}}, {{@ipv6={@rand_addr=' \x01\x00', @dev, [0x0, 0x0, 0x0, 0xff], [], 'batadv_slave_0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x1e0, 0x208, 0x7400, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@dev, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @private2, @private1, @dev={0xfe, 0x80, '\x00', 0x39}, @loopback, @mcast2, @local, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, @loopback, @local, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3f0}}, {{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x68}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @inet=@TOS={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x700)
socket$inet_udp(0x2, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)

3.487666126s ago: executing program 2 (id=631):
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=""/156, 0x9c}], 0x1}, 0x0)
set_mempolicy(0x6, &(0x7f0000000080)=0x9, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = fsopen(&(0x7f00000002c0)='gadgetfs\x00', 0x1)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x10c, 0x0, 0x0, 0x4)
r2 = socket$kcm(0x10, 0x8, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4000044)
socket$key(0xf, 0x3, 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x10040104)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000015000103000000", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, 0x0, 0x24000010)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
fsmount(r0, 0x0, 0x0)

2.770315002s ago: executing program 0 (id=632):
syz_emit_ethernet(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={0x0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x17, 0x8, 0x40, 0x42, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x1000, r1}, 0x38)

2.556366673s ago: executing program 4 (id=633):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a000000020000000200000004"], 0x2d)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r2=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000002c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000a17000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000b70800000000", @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r4, 0x707, &(0x7f0000000300)={&(0x7f00000002c0)=[{0x6, 0x10, 0x0, 0x0}, {0x3, 0x4001, 0x0, 0x0}, {0x2, 0x4000, 0x20, 0x0}], 0x3})

2.434392157s ago: executing program 5 (id=634):
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x204900)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000900, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000021c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000040}, 0xc, &(0x7f0000002280)={&(0x7f0000000040)={0x34, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)
memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002200)='/proc/consoles\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000180)={0x2020}, 0x2024)
socket$netlink(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000002240)={0x0, 0x44}, 0x5, 0x0, 0x0, 0x200408c1}, 0x20000040)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x8041, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r3})
syz_open_dev$dri(0x0, 0x1, 0x11f1c0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x10000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x92)
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140))
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r7, 0x0, 0x24, &(0x7f0000005e40)="17000000010001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000008afc5ad9485bbb6a880000d6c8db0000dba67e060180140a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea0000000000000000ff07000000000000ba0008400200000000e90554062a80e605007f71174aa951f3c6", 0xa1)

1.931896703s ago: executing program 0 (id=635):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x101002)
sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, 0x0, 0x4000001)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)={0xa8, 0x0, 0x1, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x8c, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7}, @broadcast, @device_b, @initial, {0x2}, @value=@ver_80211n={0x0, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}}, @tdls_teardown={0xc, 0x3, {0x30, {0x37, 0x52, {0xe, 0x0, "f6ceeb793f39166ea234caa48754ae31", "fd67506e7a0070638655ad406988e2a30be547caacdf6395f157b4ac243c2ff1", "65af9432bfb7c479e8024717f8bf5867a6cfdcf700"}}, {0x65, 0x12, {@initial, @device_a, @broadcast}}}}}}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4}, 0x44050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01f71800000000000000240000002400000002000000000000000000000400000003000000000000000000000000000000000000000d0200000000000006"], 0xffffffffffffffff, 0x3e, 0x0, 0xa}, 0x28)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="68000000100003050000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e0030000280080006"], 0x68}}, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)
ioctl$FICLONERANGE(r0, 0x4020940d, 0x0)
r5 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000140)='asymmetric\x00', &(0x7f0000000000)=@secondary)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, r5) (fail_nth: 5)

1.868753493s ago: executing program 4 (id=636):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r1 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
read$midi(r1, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f00000023c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002400)={0x1c, 0x7, 0x6, 0x101, 0x0, 0x0, {0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x4000890)

1.856641301s ago: executing program 2 (id=637):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x90}, [@ldst={0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffff0}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xcab5, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x90}, [@ldst={0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffff0}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xcab5, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)
socket$packet(0x11, 0x3, 0x300) (async)
r0 = socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r2) (async)
close(r2)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r3)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) (async)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000640)={0x2020}, 0x2020) (async)
read$FUSE(r1, &(0x7f0000000640)={0x2020}, 0x2020)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000a40)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']}) (async)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000a40)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})
connect$packet(r0, 0x0, 0x0) (async)
connect$packet(r0, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$PTP_PIN_SETFUNC(r4, 0x40603d07, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r5, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)={0x28, 0x0, 0x2, 0x801, 0x0, 0x0, {0x7, 0x0, 0xa}, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x3c3444c6}, @CTA_EXPECT_TUPLE={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4020}, 0x4000000)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000000)={r6, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r6, {}, {}, {0x13}}}, 0x24}}, 0x20044810)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r6, 0x1, 0x6, @broadcast}, 0x10)

818.420775ms ago: executing program 0 (id=638):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_begin\x00', r0, 0x0, 0x5}, 0x18)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x80800, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r1, 0x8002f515, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611934000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f0000002d00)=[{{0x0, 0x0, &(0x7f0000004940)=[{0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000003740)=""/4096, 0x1000}], 0x5}, 0x2}], 0x1, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000001600)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001098b7500090583"], 0x0)
syz_usb_disconnect(0xffffffffffffffff)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)

728.747089ms ago: executing program 4 (id=639):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r0)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r0)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r2, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040800}, 0x804)
sendmsg$NET_DM_CMD_STOP(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x4040004)
r3 = socket$inet6(0xa, 0x1, 0x0)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_QBUF(r4, 0xc058565d, &(0x7f0000000200)=@multiplanar_overlay={0xffbfd3fb, 0x6, 0x4, 0x4, 0x81, {0x0, 0xea60}, {0x5, 0x0, 0x8, 0xe, 0x10, 0x8, "e535b585"}, 0xfff, 0x3, {0x0}, 0x5})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xcc}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000004c0)={'ip6_vti0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x3, 0x2, 0x4e, @local, @loopback, 0x10, 0x40, 0x0, 0x4}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000680)={'syztnl1\x00', 0x0})

299.340325ms ago: executing program 4 (id=640):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000c00)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00\b', 0x28, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_redir={0x87, 0x0, 0x0, '\x00', @local, @mcast2={0xe}}}}}}}, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x900, 0x1a4)
preadv(r0, &(0x7f0000000bc0)=[{&(0x7f0000000c80)=""/143, 0x8f}, {0x0}], 0x2, 0x0, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000b00), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000020000002400018008000700", @ANYRES32=0x0, @ANYBLOB="0600010000080003007668f60000000006000500001ee0896b4e0f05f1949b9277fcd6cb2cb13ed5773404e25b79d19ee3ff8a1665cd52d09e8e869ff55cf820b21f1a5e5ee680663782fdb5ecbdcb872671964d648a89ad3d10b626f74d98d3b76e51dd68b593dd5e797c54ce1ff704388a5b2777475cf9d2c28a"], 0x38}}, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r3, &(0x7f0000001640)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdir(&(0x7f0000000140)='./file1\x00', 0xd3)
linkat(r3, &(0x7f0000000100)='./file1\x00', r4, &(0x7f0000000240)='./file0\x00', 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)

0s ago: executing program 2 (id=641):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r1, 0x3)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c900"], 0x16)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4054)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8982, &(0x7f00000001c0)={0x6, 'syz_tun\x00', {0x7}, 0x8001})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x4}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0)
sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
close_range(r0, 0xffffffffffffffff, 0x0)
r7 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0)
connect$x25(r7, &(0x7f0000000080)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x2}}, 0x12)

kernel console output (not intermixed with test programs):

etdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.430921][ T5832] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.444544][ T5935] netlink: 'syz.2.3': attribute type 10 has an invalid length.
[   92.447036][ T5822] veth0_vlan: entered promiscuous mode
[   92.463506][ T5935] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3'.
[   92.500381][ T5936] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   92.507834][ T5935] team0: Port device geneve0 added
[   92.526770][ T5838] veth0_macvtap: entered promiscuous mode
[   92.560014][ T5838] veth1_macvtap: entered promiscuous mode
[   92.610648][ T5822] veth1_vlan: entered promiscuous mode
[   92.702276][ T5937] syz.2.3: attempt to access beyond end of device
[   92.702276][ T5937] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[   92.715080][ T5937] ADFS-fs (nbd2): error: unable to read block 3, try 0
[   92.723814][ T5829] Bluetooth: hci2: command tx timeout
[   92.729295][ T5834] Bluetooth: hci1: command tx timeout
[   92.748413][ T5836] veth0_vlan: entered promiscuous mode
[   92.764105][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.786864][ T5836] veth1_vlan: entered promiscuous mode
[   92.799311][ T5834] Bluetooth: hci0: command tx timeout
[   92.822156][   T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.854160][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.874571][   T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.884311][ T5834] Bluetooth: hci3: command tx timeout
[   92.890781][ T5834] Bluetooth: hci4: command tx timeout
[   92.946398][ T5838] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.965975][ T5838] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.979254][ T5838] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.991207][ T5838] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.047184][ T5822] veth0_macvtap: entered promiscuous mode
[   93.059613][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.069418][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.096795][ T5822] veth1_macvtap: entered promiscuous mode
[   93.160357][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.178126][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.195151][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.224025][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.257890][ T5836] veth0_macvtap: entered promiscuous mode
[   93.408323][ T5940] FAULT_INJECTION: forcing a failure.
[   93.408323][ T5940] name failslab, interval 1, probability 0, space 0, times 1
[   93.423323][ T5940] CPU: 0 UID: 0 PID: 5940 Comm: syz.3.4 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[   93.423344][ T5940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   93.423358][ T5940] Call Trace:
[   93.423369][ T5940]  <TASK>
[   93.423376][ T5940]  dump_stack_lvl+0x189/0x250
[   93.423413][ T5940]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.423439][ T5940]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.423479][ T5940]  should_fail_ex+0x414/0x560
[   93.423504][ T5940]  should_failslab+0xa8/0x100
[   93.423527][ T5940]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[   93.423549][ T5940]  ? __alloc_skb+0x112/0x2d0
[   93.423570][ T5940]  __alloc_skb+0x112/0x2d0
[   93.423590][ T5940]  netlink_sendmsg+0x5c6/0xb30
[   93.423614][ T5940]  ? __pfx_netlink_sendmsg+0x10/0x10
[   93.423632][ T5940]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   93.423647][ T5940]  ? __pfx_netlink_sendmsg+0x10/0x10
[   93.423660][ T5940]  __sock_sendmsg+0x219/0x270
[   93.423680][ T5940]  ____sys_sendmsg+0x505/0x830
[   93.423698][ T5940]  ? __pfx_____sys_sendmsg+0x10/0x10
[   93.423717][ T5940]  ? import_iovec+0x74/0xa0
[   93.423739][ T5940]  ___sys_sendmsg+0x21f/0x2a0
[   93.423754][ T5940]  ? __pfx____sys_sendmsg+0x10/0x10
[   93.423790][ T5940]  ? __fget_files+0x2a/0x420
[   93.423806][ T5940]  ? __fget_files+0x3a0/0x420
[   93.423828][ T5940]  __x64_sys_sendmsg+0x19b/0x260
[   93.423843][ T5940]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   93.423872][ T5940]  do_syscall_64+0xfa/0x3b0
[   93.423891][ T5940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.423902][ T5940]  ? asm_sysvec_call_function_single+0x1a/0x20
[   93.423914][ T5940]  ? clear_bhb_loop+0x60/0xb0
[   93.423928][ T5940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.423940][ T5940] RIP: 0033:0x7f405338e929
[   93.423955][ T5940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.423965][ T5940] RSP: 002b:00007f405414a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   93.423978][ T5940] RAX: ffffffffffffffda RBX: 00007f40535b6080 RCX: 00007f405338e929
[   93.423986][ T5940] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[   93.423994][ T5940] RBP: 00007f405414a090 R08: 0000000000000000 R09: 0000000000000000
[   93.424001][ T5940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.424008][ T5940] R13: 0000000000000000 R14: 00007f40535b6080 R15: 00007ffd8fbd5af8
[   93.424025][ T5940]  </TASK>
[   93.448801][ T5822] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.515765][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   93.740741][ T5822] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.750092][ T5822] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.759776][ T5822] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.885783][ T5836] veth1_macvtap: entered promiscuous mode
[   94.007140][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.040540][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.058787][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.183519][ T5943] FAULT_INJECTION: forcing a failure.
[   94.183519][ T5943] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   94.202710][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.209245][ T5943] CPU: 0 UID: 0 PID: 5943 Comm: syz.3.7 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[   94.209271][ T5943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   94.209284][ T5943] Call Trace:
[   94.209293][ T5943]  <TASK>
[   94.209302][ T5943]  dump_stack_lvl+0x189/0x250
[   94.209337][ T5943]  ? __pfx____ratelimit+0x10/0x10
[   94.209367][ T5943]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.209396][ T5943]  ? __pfx__printk+0x10/0x10
[   94.209417][ T5943]  ? __might_fault+0xb0/0x130
[   94.209453][ T5943]  should_fail_ex+0x414/0x560
[   94.209483][ T5943]  _copy_from_user+0x2d/0xb0
[   94.209517][ T5943]  do_sys_poll+0x242/0x1070
[   94.209561][ T5943]  ? __pfx_do_sys_poll+0x10/0x10
[   94.209663][ T5943]  ? rcu_read_lock_any_held+0xb3/0x120
[   94.209695][ T5943]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   94.209730][ T5943]  ? vfs_write+0x8d8/0xa90
[   94.209792][ T5943]  ? set_user_sigmask+0xc7/0x1b0
[   94.209821][ T5943]  ? __pfx_set_user_sigmask+0x10/0x10
[   94.209862][ T5943]  __se_sys_ppoll+0x1ff/0x260
[   94.209891][ T5943]  ? __pfx___se_sys_ppoll+0x10/0x10
[   94.209916][ T5943]  ? __pfx_ksys_write+0x10/0x10
[   94.209933][ T5943]  ? rcu_is_watching+0x15/0xb0
[   94.209963][ T5943]  ? do_syscall_64+0xbe/0x3b0
[   94.209987][ T5943]  ? __x64_sys_ppoll+0x20/0xc0
[   94.210012][ T5943]  do_syscall_64+0xfa/0x3b0
[   94.210036][ T5943]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.210061][ T5943]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.210078][ T5943]  ? clear_bhb_loop+0x60/0xb0
[   94.210101][ T5943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.210118][ T5943] RIP: 0033:0x7f405338e929
[   94.210141][ T5943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.210166][ T5943] RSP: 002b:00007f405416b038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   94.210184][ T5943] RAX: ffffffffffffffda RBX: 00007f40535b5fa0 RCX: 00007f405338e929
[   94.210196][ T5943] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[   94.210208][ T5943] RBP: 00007f405416b090 R08: 0000000000000000 R09: 0000000000000000
[   94.210218][ T5943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.210228][ T5943] R13: 0000000000000000 R14: 00007f40535b5fa0 R15: 00007ffd8fbd5af8
[   94.210254][ T5943]  </TASK>
[   94.524169][ T5836] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.543453][ T5836] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.555646][ T5946] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8'.
[   94.574665][ T5836] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.603981][ T5836] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.653647][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.672028][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.735459][ T5953] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   94.799997][ T5834] Bluetooth: hci1: command tx timeout
[   94.805468][ T5829] Bluetooth: hci2: command tx timeout
[   94.833005][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.875213][ T5834] Bluetooth: hci0: command tx timeout
[   94.888886][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.954969][ T5834] Bluetooth: hci4: command tx timeout
[   94.960645][ T5829] Bluetooth: hci3: command tx timeout
[   95.042804][ T5877] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   95.051880][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.215350][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.215362][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[   95.216709][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[   95.256885][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   95.359120][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.425704][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.563977][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   95.621530][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.637083][ T5877] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   95.669256][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.677699][ T5877] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   95.717961][ T5877] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[   95.736687][ T5877] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   95.919569][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.934876][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.964456][ T5877] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   96.645605][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   96.653640][ T5877] usb 2-1: Product: syz
[   96.674866][ T5877] usb 2-1: Manufacturer: syz
[   96.697452][ T5877] cdc_wdm 2-1:1.0: skipping garbage
[   96.705569][ T5877] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[   97.115797][   T10] usb 2-1: USB disconnect, device number 2
[   97.305056][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   98.038552][ T5975] netlink: 830 bytes leftover after parsing attributes in process `syz.3.12'.
[   98.047738][ T5975] bond_slave_0: entered promiscuous mode
[   98.053530][ T5975] bond_slave_1: entered promiscuous mode
[   98.874683][ T5973] syz.2.13 (5973) used greatest stack depth: 19304 bytes left
[   99.244161][ T5991] libceph: resolve '.
[   99.244161][ T5991] #)|.زf͹Ç�²a×ïÅ2sˆoÖw¿úÕ?£'Ê%Ð�KAq‰f»�CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM�¤¨ìó¤h‡E$
[   99.244161][ T5991] ' (ret=-3): failed
[   99.269687][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   99.546219][ T5877] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   99.591077][   T10] usb 5-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   99.707531][   T10] usb 5-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.733716][   T10] usb 5-1: config 0 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   99.870868][ T5877] usb 3-1: device descriptor read/64, error -71
[   99.882327][   T10] usb 5-1: config 0 interface 0 has no altsetting 0
[   99.889295][   T10] usb 5-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[   99.898508][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.941563][   T10] usb 5-1: config 0 descriptor??
[  100.002609][ T5996] syz.3.18 uses obsolete (PF_INET,SOCK_PACKET)
[  100.146666][ T5877] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  100.354893][ T5877] usb 3-1: device descriptor read/64, error -71
[  100.471896][ T5877] usb usb3-port1: attempt power cycle
[  100.792625][ T6006] overlayfs: missing 'lowerdir'
[  100.823274][ T6006] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  100.847723][   T10] hid (null): unknown global tag 0xc
[  100.865064][ T5877] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  100.872633][ T6006] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  100.891509][   T10] uclogic 0003:28BD:0042.0001: interface is invalid, ignoring
[  100.910259][ T6006] overlayfs: missing 'lowerdir'
[  100.915860][ T5877] usb 3-1: device descriptor read/8, error -71
[  101.036554][ T5905] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  101.191238][ T5877] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  101.200637][ T5905] usb 2-1: Using ep0 maxpacket: 16
[  101.219924][   T10] usb 5-1: USB disconnect, device number 2
[  101.225336][ T3572] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  101.235390][ T5905] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  101.239052][ T5877] usb 3-1: device descriptor read/8, error -71
[  101.256676][ T5905] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  101.268961][ T6011] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  101.280756][ T5905] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  101.294862][ T5905] usb 2-1: config 0 interface 0 has no altsetting 0
[  101.313698][ T5905] usb 2-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00
[  101.323920][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.341759][ T5905] usb 2-1: config 0 descriptor??
[  101.366099][ T5877] usb usb3-port1: unable to enumerate USB device
[  101.399296][ T3572] usb 4-1: config 0 has an invalid interface number: 87 but max is 0
[  101.408792][ T3572] usb 4-1: config 0 has no interface number 0
[  101.415106][ T3572] usb 4-1: too many endpoints for config 0 interface 87 altsetting 28: 204, using maximum allowed: 30
[  101.428083][ T3572] usb 4-1: config 0 interface 87 altsetting 28 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  101.454870][ T3572] usb 4-1: config 0 interface 87 altsetting 28 has 1 endpoint descriptor, different from the interface descriptor's value: 204
[  101.468693][ T3572] usb 4-1: config 0 interface 87 has no altsetting 0
[  101.481558][ T3572] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=8c.f4
[  101.492182][ T3572] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.517807][ T3572] usb 4-1: Product: syz
[  101.522470][ T3572] usb 4-1: Manufacturer: syz
[  101.527357][ T3572] usb 4-1: SerialNumber: syz
[  101.543346][ T3572] usb 4-1: config 0 descriptor??
[  101.564264][ T3572] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  101.763081][ T5905] hid (null): report_id 404721927 is invalid
[  101.796353][ T5905] hid-generic 0003:045E:05DA.0002: unknown main item tag 0x6
[  101.807978][ T5905] hid-generic 0003:045E:05DA.0002: report_id 404721927 is invalid
[  101.819978][ T5905] hid-generic 0003:045E:05DA.0002: item 0 4 1 8 parsing failed
[  101.831673][ T5905] hid-generic 0003:045E:05DA.0002: probe with driver hid-generic failed with error -22
[  101.923667][ T5877] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  101.980935][ T3572] usb 2-1: USB disconnect, device number 3
[  102.107990][ T5877] usb 1-1: Using ep0 maxpacket: 8
[  102.168377][ T5877] usb 1-1: config 0 has an invalid interface number: 186 but max is 0
[  102.271715][ T5877] usb 1-1: config 0 has no interface number 0
[  102.364059][   T10] usb 4-1: USB disconnect, device number 2
[  102.376900][   T69] usb 4-1: Failed to submit usb control message: -71
[  102.456861][ T5877] usb 1-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  102.512530][   T69] usb 4-1: unable to send the bmi data to the device: -71
[  102.519726][   T69] usb 4-1: unable to get target info from device
[  102.526107][   T69] usb 4-1: could not get target info (-71)
[  102.532798][   T69] usb 4-1: could not probe fw (-71)
[  102.678209][ T5877] usb 1-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  102.693100][ T5877] usb 1-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  102.709138][ T5877] usb 1-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  102.728967][ T5877] usb 1-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  102.741173][ T5877] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.765039][ T5877] usb 1-1: Product: syz
[  102.769228][ T5877] usb 1-1: Manufacturer: syz
[  102.773833][ T5877] usb 1-1: SerialNumber: syz
[  102.784479][ T5877] usb 1-1: config 0 descriptor??
[  104.011829][ T6018] netlink: 'syz.0.25': attribute type 4 has an invalid length.
[  104.155575][ T5877] iowarrior 1-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[  104.539185][ T6047] netlink: 830 bytes leftover after parsing attributes in process `syz.3.31'.
[  105.388321][ T5877] usb 1-1: USB disconnect, device number 2
[  105.404679][ T6053] Zero length message leads to an empty skb
[  105.456014][ T6053] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  105.477402][ T6029] block device autoloading is deprecated and will be removed.
[  105.485894][ T6029] syz.1.28: attempt to access beyond end of device
[  105.485894][ T6029] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  105.695014][ T5928] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  105.938717][ T6063] syz.3.37 uses old SIOCAX25GETINFO
[  106.251868][ T5928] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  106.292667][ T5928] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  106.453033][ T5928] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  106.869735][ T6066] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  107.095447][ T5928] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  107.144934][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.153142][ T5928] usb 3-1: Product: syz
[  107.157762][ T5928] usb 3-1: Manufacturer: syz
[  107.162446][ T5928] usb 3-1: SerialNumber: syz
[  107.765362][ T3572] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  107.772886][ T6051] netlink: 4 bytes leftover after parsing attributes in process `syz.2.34'.
[  107.795839][ T6051] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  108.144944][ T5928] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found
[  108.151815][ T5928] cdc_ncm 3-1:1.0: bind() failure
[  108.248949][ T5928] usb 3-1: USB disconnect, device number 6
[  108.316206][ T3572] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  108.358867][ T3572] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  108.409413][ T3572] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  108.419063][ T3572] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.486196][ T3572] usb 4-1: usb_control_msg returned -32
[  109.513951][ T3572] usbtmc 4-1:16.0: can't read capabilities
[  110.999478][ T6102] netlink: 'syz.4.47': attribute type 7 has an invalid length.
[  111.034994][ T6102] netlink: 'syz.4.47': attribute type 8 has an invalid length.
[  111.047766][ T5928] usb 4-1: USB disconnect, device number 3
[  111.213796][ T6106] FAULT_INJECTION: forcing a failure.
[  111.213796][ T6106] name failslab, interval 1, probability 0, space 0, times 0
[  111.316132][ T6106] CPU: 1 UID: 0 PID: 6106 Comm: syz.1.50 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  111.316157][ T6106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  111.316168][ T6106] Call Trace:
[  111.316176][ T6106]  <TASK>
[  111.316183][ T6106]  dump_stack_lvl+0x189/0x250
[  111.316214][ T6106]  ? __pfx____ratelimit+0x10/0x10
[  111.316238][ T6106]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.316264][ T6106]  ? __pfx__printk+0x10/0x10
[  111.316287][ T6106]  ? __pfx___might_resched+0x10/0x10
[  111.316316][ T6106]  should_fail_ex+0x414/0x560
[  111.316341][ T6106]  should_failslab+0xa8/0x100
[  111.316366][ T6106]  kmem_cache_alloc_noprof+0x73/0x3c0
[  111.316386][ T6106]  ? getname_flags+0xb8/0x540
[  111.316414][ T6106]  getname_flags+0xb8/0x540
[  111.316441][ T6106]  user_path_at+0x24/0x60
[  111.316459][ T6106]  __se_sys_mount+0x2d3/0x410
[  111.316487][ T6106]  ? __pfx___se_sys_mount+0x10/0x10
[  111.316508][ T6106]  ? rcu_is_watching+0x15/0xb0
[  111.316539][ T6106]  ? do_syscall_64+0xbe/0x3b0
[  111.316563][ T6106]  ? __x64_sys_mount+0x20/0xc0
[  111.316587][ T6106]  do_syscall_64+0xfa/0x3b0
[  111.316611][ T6106]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.316635][ T6106]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.316652][ T6106]  ? clear_bhb_loop+0x60/0xb0
[  111.316673][ T6106]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.316690][ T6106] RIP: 0033:0x7faf1238e929
[  111.316706][ T6106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.316738][ T6106] RSP: 002b:00007faf1318c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  111.316759][ T6106] RAX: ffffffffffffffda RBX: 00007faf125b5fa0 RCX: 00007faf1238e929
[  111.316774][ T6106] RDX: 0000200000004380 RSI: 0000200000000180 RDI: 0000000000000000
[  111.316787][ T6106] RBP: 00007faf1318c090 R08: 00002000000003c0 R09: 0000000000000000
[  111.316801][ T6106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  111.316812][ T6106] R13: 0000000000000000 R14: 00007faf125b5fa0 R15: 00007ffe4b53ec98
[  111.316851][ T6106]  </TASK>
[  111.785794][   T30] audit: type=1326 audit(1751297165.404:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6107 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f405338e929 code=0x7ffc0000
[  112.164869][   T30] audit: type=1326 audit(1751297165.404:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6107 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f405338e929 code=0x7ffc0000
[  112.721153][   T30] audit: type=1326 audit(1751297165.404:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6107 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f405338e929 code=0x7ffc0000
[  112.742295][   T30] audit: type=1326 audit(1751297165.414:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6107 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f405338e929 code=0x7ffc0000
[  112.763800][   T30] audit: type=1326 audit(1751297165.414:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6107 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f405338e929 code=0x7ffc0000
[  112.785457][   T30] audit: type=1326 audit(1751297165.414:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6107 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f405338e929 code=0x7ffc0000
[  112.807016][   T30] audit: type=1326 audit(1751297165.414:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6107 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f405338e929 code=0x7ffc0000
[  112.828519][   T30] audit: type=1326 audit(1751297165.414:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6107 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f405338e929 code=0x7ffc0000
[  112.849651][    C1] vkms_vblank_simulate: vblank timer overrun
[  112.855933][   T30] audit: type=1326 audit(1751297165.414:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6107 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f405338e929 code=0x7ffc0000
[  113.152255][   T30] audit: type=1326 audit(1751297165.414:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6107 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f405338e929 code=0x7ffc0000
[  113.549351][ T6125] netlink: 12 bytes leftover after parsing attributes in process `syz.3.54'.
[  117.185091][ T6160] netlink: 32 bytes leftover after parsing attributes in process `syz.2.60'.
[  117.198182][ T6145] Bluetooth: MGMT ver 1.23
[  117.203062][ T6145] Bluetooth: hci0: invalid length 0, exp 2 for type 5
[  117.293723][ T6161] bridge0: port 3(team0) entered blocking state
[  117.300657][ T6161] bridge0: port 3(team0) entered disabled state
[  117.308543][ T6161] team0: entered allmulticast mode
[  117.313794][ T6161] team_slave_0: entered allmulticast mode
[  117.319723][ T6161] team_slave_1: entered allmulticast mode
[  117.339743][ T6161] team0: entered promiscuous mode
[  117.344894][ T6161] team_slave_0: entered promiscuous mode
[  117.351907][ T6161] team_slave_1: entered promiscuous mode
[  117.364692][ T6161] bridge0: port 3(team0) entered blocking state
[  117.371188][ T6161] bridge0: port 3(team0) entered forwarding state
[  118.190014][ T6167] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  118.377656][ T6177] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  118.394742][ T6177] random: crng reseeded on system resumption
[  119.494943][ T5877] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  119.691434][ T6190] syz.4.70 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  120.144863][ T5877] usb 4-1: Using ep0 maxpacket: 8
[  120.164523][ T5877] usb 4-1: unable to get BOS descriptor or descriptor too short
[  120.185436][ T5877] usb 4-1: config 11 has an invalid interface number: 102 but max is 0
[  120.594882][ T5877] usb 4-1: config 11 has an invalid descriptor of length 0, skipping remainder of the config
[  120.606191][ T5877] usb 4-1: config 11 has no interface number 0
[  120.612450][ T5877] usb 4-1: config 11 interface 102 altsetting 11 endpoint 0xD has an invalid bInterval 0, changing to 7
[  120.639383][ T5877] usb 4-1: config 11 interface 102 altsetting 11 endpoint 0xD has invalid wMaxPacketSize 0
[  120.745613][ T5877] usb 4-1: config 11 interface 102 altsetting 11 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  120.796087][ T5877] usb 4-1: config 11 interface 102 has no altsetting 0
[  120.836581][ T5877] usb 4-1: New USB device found, idVendor=e615, idProduct=613a, bcdDevice=fd.23
[  120.884843][ T5877] usb 4-1: New USB device strings: Mfr=47, Product=71, SerialNumber=3
[  120.923684][ T5877] usb 4-1: Product: syz
[  120.928889][ T5877] usb 4-1: Manufacturer: syz
[  120.933526][ T5877] usb 4-1: SerialNumber: syz
[  121.194169][ T6181] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  121.223727][ T6181] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  121.255003][ T5905] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  121.285258][ T5877] usbhid 4-1:11.102: couldn't find an input interrupt endpoint
[  121.306451][ T5877] usb 4-1: USB disconnect, device number 4
[  121.416124][ T5905] usb 2-1: device descriptor read/64, error -71
[  121.492882][ T6215] sctp: [Deprecated]: syz.2.77 (pid 6215) Use of int in max_burst socket option deprecated.
[  121.492882][ T6215] Use struct sctp_assoc_value instead
[  121.665079][ T5905] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  121.815070][ T5905] usb 2-1: device descriptor read/64, error -71
[  121.974211][ T5905] usb usb2-port1: attempt power cycle
[  122.086926][ T6221] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  122.493731][ T5905] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  122.577778][ T6234] netlink: 4 bytes leftover after parsing attributes in process `syz.0.80'.
[  122.619415][ T5905] usb 2-1: device descriptor read/8, error -71
[  122.945211][ T5905] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  123.525504][ T5905] usb 2-1: device descriptor read/8, error -71
[  123.751978][ T5905] usb usb2-port1: unable to enumerate USB device
[  124.801354][   T30] kauditd_printk_skb: 49 callbacks suppressed
[  124.801366][   T30] audit: type=1326 audit(1751297178.664:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6253 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f405338e929 code=0x7ffc0000
[  124.840146][   T30] audit: type=1326 audit(1751297178.694:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6253 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f405338e929 code=0x7ffc0000
[  125.074883][ T5877] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  126.538781][   T30] audit: type=1326 audit(1751297178.704:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6253 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f405338d290 code=0x7ffc0000
[  126.561087][   T30] audit: type=1326 audit(1751297178.704:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6253 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f405338e52b code=0x7ffc0000
[  126.583496][   T30] audit: type=1326 audit(1751297178.704:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6253 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f405338e52b code=0x7ffc0000
[  126.606090][   T30] audit: type=1326 audit(1751297178.704:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6253 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f405338e52b code=0x7ffc0000
[  126.627683][ T5877] usb 4-1: Using ep0 maxpacket: 8
[  126.632907][   T30] audit: type=1326 audit(1751297178.704:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6253 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f405338e52b code=0x7ffc0000
[  126.674960][   T30] audit: type=1326 audit(1751297179.494:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6253 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f405338e52b code=0x7ffc0000
[  126.714476][   T30] audit: type=1326 audit(1751297179.494:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6253 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f405338e52b code=0x7ffc0000
[  126.746055][ T5877] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  126.759836][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.785611][   T30] audit: type=1326 audit(1751297179.494:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6253 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f405338e52b code=0x7ffc0000
[  126.820643][ T5877] usb 4-1: Product: syz
[  126.831893][ T5877] usb 4-1: Manufacturer: syz
[  126.848268][ T5877] usb 4-1: SerialNumber: syz
[  126.877044][ T5877] usb 4-1: config 0 descriptor??
[  126.940605][ T5877] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  127.087218][ T5877] usb 4-1: setting power ON
[  127.095482][ T5877] dvb-usb: bulk message failed: -22 (2/0)
[  127.425167][ T5877] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  127.436757][ T5877] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  127.482393][ T5877] usb 4-1: media controller created
[  127.508459][ T5877] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  127.549795][ T5877] usb 4-1: selecting invalid altsetting 6
[  127.559302][ T5877] usb 4-1: digital interface selection failed (-22)
[  127.574508][ T5877] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  127.589154][ T5877] usb 4-1: setting power OFF
[  127.600642][ T5877] dvb-usb: bulk message failed: -22 (2/0)
[  127.613449][ T5877] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  127.642623][ T5877] (NULL device *): no alternate interface
[  127.739471][ T5877] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  128.259081][ T5877] usb 4-1: USB disconnect, device number 5
[  128.386942][ T6271] netlink: 28 bytes leftover after parsing attributes in process `syz.1.91'.
[  129.221175][ T6271] vlan1: entered promiscuous mode
[  129.232238][ T6271] vlan1: entered allmulticast mode
[  129.264948][ T6271] veth0_vlan: entered allmulticast mode
[  131.810380][ T6296] netlink: 4 bytes leftover after parsing attributes in process `syz.4.95'.
[  132.745542][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  132.752040][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  133.899896][ T6309] fuse: Unknown parameter '}EÚ0x0000000000000004'
[  133.944857][ T5927] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  134.159431][ T5927] usb 5-1: Using ep0 maxpacket: 8
[  135.058469][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  135.359858][   T43] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  135.611077][   T43] usb 4-1: Using ep0 maxpacket: 32
[  135.660834][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  135.741423][   T43] usb 4-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  135.792545][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.282344][   T43] usb 4-1: config 0 descriptor??
[  137.359609][ T5927] usb 5-1: string descriptor 0 read error: -71
[  137.452605][ T5927] usb 5-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  137.461882][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.477447][ T5927] usb 5-1: config 0 descriptor??
[  137.485266][ T5927] usb 5-1: can't set config #0, error -71
[  137.492571][ T5927] usb 5-1: USB disconnect, device number 3
[  137.590528][   T43] usbhid 4-1:0.0: can't add hid device: -71
[  137.602318][ T6324] netlink: 28 bytes leftover after parsing attributes in process `syz.2.104'.
[  137.637178][   T43] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  137.866331][ T6328] veth1_macvtap: left promiscuous mode
[  137.975794][   T43] usb 4-1: USB disconnect, device number 6
[  137.986343][ T6328] macsec0: entered promiscuous mode
[  138.456665][ T6328] macsec0: entered allmulticast mode
[  138.488988][ T6321] delete_channel: no stack
[  140.313857][ T6348] overlayfs: conflicting lowerdir path
[  141.077765][ T6353] netlink: 4 bytes leftover after parsing attributes in process `syz.2.109'.
[  142.504033][ T6360] netlink: 12 bytes leftover after parsing attributes in process `syz.4.112'.
[  142.520765][ T6360] smc: net device bond0 applied user defined pnetid S
[  144.128568][ T6365] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  145.161173][ T6374] netlink: 32 bytes leftover after parsing attributes in process `syz.4.117'.
[  145.633011][ T3572] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  146.150981][ T3572] usb 3-1: Using ep0 maxpacket: 16
[  146.370861][ T6384] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  146.485959][ T3572] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  146.545256][ T3572] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 170, changing to 11
[  146.631085][ T3572] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 34661, setting to 1024
[  146.736259][ T3572] usb 3-1: config 0 interface 0 has no altsetting 0
[  146.872677][ T3572] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  146.982843][ T3572] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.279452][ T3572] usb 3-1: Product: syz
[  147.565437][ T3572] usb 3-1: Manufacturer: syz
[  147.621949][ T3572] usb 3-1: SerialNumber: syz
[  147.963747][ T6389] FAULT_INJECTION: forcing a failure.
[  147.963747][ T6389] name failslab, interval 1, probability 0, space 0, times 0
[  147.976609][ T6389] CPU: 1 UID: 0 PID: 6389 Comm: syz.0.119 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  147.976630][ T6389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  147.976641][ T6389] Call Trace:
[  147.976648][ T6389]  <TASK>
[  147.976655][ T6389]  dump_stack_lvl+0x189/0x250
[  147.976689][ T6389]  ? __pfx____ratelimit+0x10/0x10
[  147.976715][ T6389]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.976759][ T6389]  ? __pfx__printk+0x10/0x10
[  147.976786][ T6389]  ? __pfx___might_resched+0x10/0x10
[  147.976823][ T6389]  should_fail_ex+0x414/0x560
[  147.976853][ T6389]  should_failslab+0xa8/0x100
[  147.976882][ T6389]  __kmalloc_noprof+0xcb/0x4f0
[  147.976905][ T6389]  ? kfree+0x4d/0x440
[  147.976924][ T6389]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  147.976959][ T6389]  tomoyo_realpath_from_path+0xe3/0x5d0
[  147.977000][ T6389]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  147.977025][ T6389]  tomoyo_path_number_perm+0x1e8/0x5a0
[  147.977060][ T6389]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  147.977085][ T6389]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  147.977113][ T6389]  ? irqentry_exit+0x74/0x90
[  147.977153][ T6389]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  147.977204][ T6389]  ? __rcu_read_unlock+0x84/0xe0
[  147.977228][ T6389]  ? __fget_files+0x2a/0x420
[  147.977260][ T6389]  ? __fget_files+0x3a0/0x420
[  147.977286][ T6389]  ? __fget_files+0x2a/0x420
[  147.977317][ T6389]  security_file_ioctl+0xcb/0x2d0
[  147.977346][ T6389]  __se_sys_ioctl+0x47/0x170
[  147.977371][ T6389]  do_syscall_64+0xfa/0x3b0
[  147.977402][ T6389]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.977421][ T6389]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  147.977441][ T6389]  ? clear_bhb_loop+0x60/0xb0
[  147.977466][ T6389]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.977486][ T6389] RIP: 0033:0x7f70b378e929
[  147.977505][ T6389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.977521][ T6389] RSP: 002b:00007f70b451d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  147.977542][ T6389] RAX: ffffffffffffffda RBX: 00007f70b39b6080 RCX: 00007f70b378e929
[  147.977557][ T6389] RDX: 0000200000000100 RSI: 0000000000008943 RDI: 0000000000000008
[  147.977570][ T6389] RBP: 00007f70b451d090 R08: 0000000000000000 R09: 0000000000000000
[  147.977582][ T6389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.977593][ T6389] R13: 0000000000000000 R14: 00007f70b39b6080 R15: 00007fff1121ee28
[  147.977626][ T6389]  </TASK>
[  148.224883][ T6389] ERROR: Out of memory at tomoyo_realpath_from_path.
[  148.556637][ T5834] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  148.682431][ T3572] usb 3-1: config 0 descriptor??
[  148.830632][ T3572] usb 3-1: can't set config #0, error -71
[  148.872030][ T6391] netlink: 28 bytes leftover after parsing attributes in process `syz.3.120'.
[  148.927530][ T3572] usb 3-1: USB disconnect, device number 7
[  150.140612][ T6411] loop2: detected capacity change from 0 to 7
[  150.198881][ T6411] Dev loop2: unable to read RDB block 7
[  150.211367][ T6411]  loop2: unable to read partition table
[  150.234547][ T6411] loop2: partition table beyond EOD, truncated
[  150.262253][ T6411] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  150.924914][ T5927] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  151.715139][ T5927] usb 4-1: Using ep0 maxpacket: 16
[  151.735259][ T5927] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  151.768200][ T5927] usb 4-1: config 0 descriptor has 1 excess byte, ignoring
[  151.794834][ T5927] usb 4-1: config 0 has no interface number 0
[  151.813450][ T5927] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  152.134828][ T5927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.146517][ T5927] usb 4-1: Product: syz
[  152.150720][ T5927] usb 4-1: Manufacturer: syz
[  152.157509][ T5927] usb 4-1: SerialNumber: syz
[  152.166020][ T5927] usb 4-1: config 0 descriptor??
[  152.180974][ T5927] usb 4-1: Found UVC 0.00 device syz (046d:08f3)
[  152.333659][ T5927] usb 4-1: No valid video chain found.
[  152.382759][ T5927] usb 4-1: USB disconnect, device number 7
[  152.400322][ T6438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.136'.
[  152.726069][ T6438] syz_tun: entered promiscuous mode
[  152.740256][ T6438] macvtap1: entered promiscuous mode
[  152.755099][ T6438] macvtap1: entered allmulticast mode
[  152.760719][ T6438] syz_tun: entered allmulticast mode
[  152.899541][   T30] kauditd_printk_skb: 36 callbacks suppressed
[  152.899557][   T30] audit: type=1326 audit(1751297206.764:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6442 comm="syz.2.137" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f72b6f8e929 code=0x0
[  152.953660][ T6450] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967295 (34359738360 ns) > initial count (16800 ns). Using initial count to start timer.
[  153.018503][ T6449] block device autoloading is deprecated and will be removed.
[  153.037601][ T6453] netlink: 'syz.1.139': attribute type 1 has an invalid length.
[  153.584471][ T6460] netlink: 4 bytes leftover after parsing attributes in process `syz.4.141'.
[  154.704119][ T6476] ntfs3(nullb0): Primary boot signature is not NTFS.
[  154.712034][ T6476] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  156.029280][ T6474] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  156.075993][ T6480] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  156.111343][ T6478] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  159.434872][ T6510] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  159.448646][ T6510] random: crng reseeded on system resumption
[  160.665649][ T6522] fuse: Bad value for 'user_id'
[  160.733489][ T6522] fuse: Bad value for 'user_id'
[  163.258283][ T6544] netlink: 830 bytes leftover after parsing attributes in process `syz.4.164'.
[  163.267497][ T6544] bond_slave_0: entered promiscuous mode
[  163.273177][ T6544] bond_slave_1: entered promiscuous mode
[  164.072946][ T6540] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  164.349051][ T6549] ntfs3(nullb0): Primary boot signature is not NTFS.
[  164.356542][ T6549] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  166.179645][ T6562] netlink: 'syz.2.170': attribute type 1 has an invalid length.
[  166.368789][ T6562] netlink: 224 bytes leftover after parsing attributes in process `syz.2.170'.
[  166.515082][   T43] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  166.587661][ T6562] netlink: 8 bytes leftover after parsing attributes in process `syz.2.170'.
[  166.764906][   T43] usb 4-1: Using ep0 maxpacket: 16
[  166.860738][   T43] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  167.145123][ T3572] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  167.416046][   T43] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  168.496624][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.959484][   T43] usb 4-1: config 0 descriptor??
[  169.002466][   T43] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input5
[  169.071209][ T3572] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11
[  169.139452][ T3572] usb 5-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  169.141567][ T5174] bcm5974 4-1:0.0: could not read from device
[  169.159747][ T3572] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.214571][ T6578] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  169.267427][ T3572] usb 5-1: config 0 descriptor??
[  169.279358][ T5174] bcm5974 4-1:0.0: could not read from device
[  169.468914][   T43] bcm5974 4-1:0.0: could not read from device
[  170.021721][ T5174] bcm5974 4-1:0.0: could not read from device
[  170.409152][ T6588] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  170.675007][   T43] input: failed to attach handler mousedev to device input5, error: -5
[  170.707944][ T3572] usbhid 5-1:0.0: can't add hid device: -71
[  170.713973][ T3572] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  170.732184][ T5174] bcm5974 4-1:0.0: could not read from device
[  170.737739][   T43] usb 4-1: USB disconnect, device number 8
[  170.754401][ T3572] usb 5-1: USB disconnect, device number 4
[  170.833784][ T6591] capability: warning: `syz.0.177' uses deprecated v2 capabilities in a way that may be insecure
[  174.692301][ T6624] syz.0.186: attempt to access beyond end of device
[  174.692301][ T6624] loop0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  174.807772][ T6624] gfs2: error -5 reading superblock
[  174.888377][ T6624] netlink: 8 bytes leftover after parsing attributes in process `syz.0.186'.
[  175.166008][ T6633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  175.407257][ T6633] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  175.414522][ T6637] netlink: 40 bytes leftover after parsing attributes in process `syz.2.191'.
[  175.475007][ T5927] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  175.694068][ T6634] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  175.840273][ T6646] netlink: 8 bytes leftover after parsing attributes in process `syz.2.193'.
[  175.879782][ T6646] SET target dimension over the limit!
[  176.460882][ T6650] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(13)
[  176.467736][ T6650] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  176.565946][ T6650] vhci_hcd vhci_hcd.0: Device attached
[  176.594674][ T6667] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  176.621196][ T6667] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  176.679685][ T6657] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(16)
[  176.686332][ T6657] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  176.821416][ T6661] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(19)
[  176.828060][ T6661] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  176.842380][ T6657] vhci_hcd vhci_hcd.0: Device attached
[  176.848786][ T6661] vhci_hcd vhci_hcd.0: Device attached
[  176.903955][ T6670] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(15)
[  176.910593][ T6670] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  176.918248][ T5885] vhci_hcd: vhci_device speed not set
[  177.158040][ T5885] usb 35-1: new full-speed USB device number 2 using vhci_hcd
[  177.514516][ T6670] vhci_hcd vhci_hcd.0: Device attached
[  177.570172][ T6657] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  177.632715][ T6657] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  177.638900][ T6650] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  177.659509][ T6679] netlink: 'syz.4.201': attribute type 1 has an invalid length.
[  177.677401][ T6679] netlink: 224 bytes leftover after parsing attributes in process `syz.4.201'.
[  177.702701][ T6679] netlink: 8 bytes leftover after parsing attributes in process `syz.4.201'.
[  177.722989][ T6650] vhci_hcd vhci_hcd.0: pdev(1) rhport(6) sockfd(25)
[  177.729626][ T6650] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  177.785283][ T6650] vhci_hcd vhci_hcd.0: Device attached
[  177.938526][ T6675] syz.3.200 (6675) used greatest stack depth: 18944 bytes left
[  177.941466][ T6672] vhci_hcd: connection closed
[  177.946244][ T6663] vhci_hcd: connection closed
[  177.948467][ T6660] vhci_hcd: connection closed
[  177.959498][   T13] vhci_hcd: stop threads
[  178.524830][   T13] vhci_hcd: release socket
[  178.530176][   T13] vhci_hcd: disconnect device
[  178.553215][   T13] vhci_hcd: stop threads
[  178.567955][ T6655] vhci_hcd: connection reset by peer
[  178.893046][   T13] vhci_hcd: release socket
[  179.046812][ T6682] vhci_hcd: connection closed
[  179.056844][   T13] vhci_hcd: disconnect device
[  179.248320][   T13] vhci_hcd: stop threads
[  179.252665][   T13] vhci_hcd: release socket
[  179.279508][ T6689] autofs: Unknown parameter './file1'
[  179.294902][   T13] vhci_hcd: disconnect device
[  179.305621][   T13] vhci_hcd: stop threads
[  179.319840][   T13] vhci_hcd: release socket
[  179.358725][   T13] vhci_hcd: disconnect device
[  179.375944][   T13] vhci_hcd: stop threads
[  179.394855][   T13] vhci_hcd: release socket
[  179.409879][   T13] vhci_hcd: disconnect device
[  180.774952][ T6724] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  181.256154][ T6732] netlink: 'syz.4.214': attribute type 1 has an invalid length.
[  181.267061][ T6732] netlink: 224 bytes leftover after parsing attributes in process `syz.4.214'.
[  181.318430][ T6732] netlink: 8 bytes leftover after parsing attributes in process `syz.4.214'.
[  182.274993][ T5877] usb 1-1: new low-speed USB device number 4 using dummy_hcd
[  182.488782][   T30] audit: type=1326 audit(1751297236.344:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6736 comm="syz.1.215" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faf1238e929 code=0x0
[  182.554921][ T5885] vhci_hcd: vhci_device speed not set
[  182.580587][ T6750] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  182.926762][ T5877] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  183.643721][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.685088][ T5877] usb 1-1: config 0 descriptor??
[  184.737329][   T43] usb usb36-port1: attempt power cycle
[  184.969990][ T6759] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  184.990503][ T6759] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.410104][   T43] usb usb36-port1: unable to enumerate USB device
[  186.880980][ T5877] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  186.925792][ T5877] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  187.075050][ T5877] asix 1-1:0.0: probe with driver asix failed with error -71
[  187.275627][ T5885] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  187.419873][ T5877] usb 1-1: USB disconnect, device number 4
[  187.464884][ T6782] netlink: 'syz.0.227': attribute type 1 has an invalid length.
[  187.503438][ T6782] netlink: 224 bytes leftover after parsing attributes in process `syz.0.227'.
[  187.528773][ T6782] netlink: 8 bytes leftover after parsing attributes in process `syz.0.227'.
[  187.569063][ T5885] usb 2-1: too many configurations: 151, using maximum allowed: 8
[  187.898877][ T5885] usb 2-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7
[  187.969127][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130
[  188.064907][ T5885] usb 2-1: Product: syz
[  188.069118][ T5885] usb 2-1: Manufacturer: syz
[  188.093254][ T5885] usb 2-1: SerialNumber: syz
[  188.103054][ T5885] usb 2-1: config 0 descriptor??
[  189.454843][ T5927] usb 2-1: USB disconnect, device number 8
[  189.560443][ T6806] netlink: 830 bytes leftover after parsing attributes in process `syz.0.232'.
[  189.570126][ T6806] bond_slave_0: entered promiscuous mode
[  189.575913][ T6806] bond_slave_1: entered promiscuous mode
[  191.953275][   T30] audit: type=1326 audit(1751297245.814:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6808 comm="syz.2.233" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f72b6f8e929 code=0x0
[  191.974155][    C1] vkms_vblank_simulate: vblank timer overrun
[  192.966060][ T6831] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  192.973582][ T6831] IPv6: NLM_F_CREATE should be set when creating new route
[  192.980915][ T6831] IPv6: NLM_F_CREATE should be set when creating new route
[  192.988185][ T6831] IPv6: NLM_F_CREATE should be set when creating new route
[  194.189545][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  194.195939][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  194.245447][ T6845] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  194.579240][ T6852] netlink: 830 bytes leftover after parsing attributes in process `syz.4.244'.
[  195.817367][ T6862] overlay: Unknown parameter '/dev/cpu/#/msr'
[  196.917149][ T5892] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  197.068954][ T5892] usb 3-1: device descriptor read/64, error -71
[  198.058045][ T5892] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  198.244937][ T5892] usb 3-1: device descriptor read/64, error -71
[  198.331927][   T30] audit: type=1326 audit(1751297252.194:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6888 comm="syz.1.256" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faf1238e929 code=0x0
[  198.772049][ T5892] usb usb3-port1: attempt power cycle
[  200.194413][ T6910] syz_tun: entered allmulticast mode
[  200.212935][ T6910] syz_tun: left allmulticast mode
[  200.991165][ T6922] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  201.443902][ T6925] netlink: 8 bytes leftover after parsing attributes in process `syz.1.268'.
[  201.531582][ T6925] =======================================================
[  201.531582][ T6925] WARNING: The mand mount option has been deprecated and
[  201.531582][ T6925]          and is ignored by this kernel. Remove the mand
[  201.531582][ T6925]          option from the mount to silence this warning.
[  201.531582][ T6925] =======================================================
[  201.566532][    C0] vkms_vblank_simulate: vblank timer overrun
[  201.886964][ T6940] FAULT_INJECTION: forcing a failure.
[  201.886964][ T6940] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  201.900104][ T6940] CPU: 1 UID: 0 PID: 6940 Comm: syz.2.272 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  201.900127][ T6940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  201.900138][ T6940] Call Trace:
[  201.900146][ T6940]  <TASK>
[  201.900155][ T6940]  dump_stack_lvl+0x189/0x250
[  201.900199][ T6940]  ? __pfx____ratelimit+0x10/0x10
[  201.900226][ T6940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  201.900263][ T6940]  ? __pfx__printk+0x10/0x10
[  201.900280][ T6940]  ? __might_fault+0xb0/0x130
[  201.900312][ T6940]  should_fail_ex+0x414/0x560
[  201.900338][ T6940]  _copy_from_user+0x2d/0xb0
[  201.900373][ T6940]  kvm_arch_vcpu_ioctl+0x1129/0x2a40
[  201.900396][ T6940]  ? __lock_acquire+0xab9/0xd20
[  201.900423][ T6940]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  201.900448][ T6940]  ? __lock_acquire+0xab9/0xd20
[  201.900489][ T6940]  ? is_bpf_text_address+0x26/0x2b0
[  201.900518][ T6940]  ? is_bpf_text_address+0x292/0x2b0
[  201.900542][ T6940]  ? is_bpf_text_address+0x26/0x2b0
[  201.900569][ T6940]  ? kernel_text_address+0xa5/0xe0
[  201.900590][ T6940]  ? __kernel_text_address+0xd/0x40
[  201.900609][ T6940]  ? unwind_get_return_address+0x4d/0x90
[  201.900634][ T6940]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  201.900652][ T6940]  ? arch_stack_walk+0xfc/0x150
[  201.900690][ T6940]  ? stack_trace_save+0x9c/0xe0
[  201.900710][ T6940]  ? stack_depot_save_flags+0x40/0x900
[  201.900739][ T6940]  ? kasan_save_track+0x4f/0x80
[  201.900756][ T6940]  ? kasan_save_track+0x3e/0x80
[  201.900791][ T6940]  ? __lock_acquire+0xab9/0xd20
[  201.900820][ T6940]  ? __mutex_trylock_common+0x153/0x260
[  201.900851][ T6940]  ? __pfx___mutex_trylock_common+0x10/0x10
[  201.900882][ T6940]  ? rcu_is_watching+0x15/0xb0
[  201.900913][ T6940]  ? trace_contention_end+0x39/0x120
[  201.900929][ T6940]  ? __mutex_lock+0x330/0xe80
[  201.900956][ T6940]  ? kasan_quarantine_put+0xdd/0x220
[  201.900979][ T6940]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  201.900997][ T6940]  ? __pfx___mutex_lock+0x10/0x10
[  201.901028][ T6940]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  201.901050][ T6940]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  201.901094][ T6940]  kvm_vcpu_ioctl+0x74d/0xe90
[  201.901118][ T6940]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  201.901144][ T6940]  ? __lock_acquire+0xab9/0xd20
[  201.901171][ T6940]  ? __asan_memset+0x22/0x50
[  201.901188][ T6940]  ? smack_file_ioctl+0x302/0x340
[  201.901218][ T6940]  ? __pfx_smack_file_ioctl+0x10/0x10
[  201.901245][ T6940]  ? __fget_files+0x2a/0x420
[  201.901266][ T6940]  ? __fget_files+0x3a0/0x420
[  201.901285][ T6940]  ? __fget_files+0x2a/0x420
[  201.901309][ T6940]  ? bpf_lsm_file_ioctl+0x9/0x20
[  201.901330][ T6940]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  201.901364][ T6940]  __se_sys_ioctl+0xfc/0x170
[  201.901385][ T6940]  do_syscall_64+0xfa/0x3b0
[  201.901408][ T6940]  ? lockdep_hardirqs_on+0x9c/0x150
[  201.901431][ T6940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.901447][ T6940]  ? clear_bhb_loop+0x60/0xb0
[  201.901467][ T6940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.901483][ T6940] RIP: 0033:0x7f72b6f8e929
[  201.901504][ T6940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.901517][ T6940] RSP: 002b:00007f72b7d73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  201.901537][ T6940] RAX: ffffffffffffffda RBX: 00007f72b71b6080 RCX: 00007f72b6f8e929
[  201.901549][ T6940] RDX: 0000200000000000 RSI: 000000004048aecb RDI: 000000000000000a
[  201.901560][ T6940] RBP: 00007f72b7d73090 R08: 0000000000000000 R09: 0000000000000000
[  201.901570][ T6940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  201.901580][ T6940] R13: 0000000000000000 R14: 00007f72b71b6080 R15: 00007fffed38db38
[  201.901606][ T6940]  </TASK>
[  204.533062][ T6962] netlink: 8 bytes leftover after parsing attributes in process `syz.0.276'.
[  211.602927][ T7012] Bluetooth: hci1: command 0x0406 tx timeout
[  211.609220][ T7012] Bluetooth: hci2: command 0x0406 tx timeout
[  211.617942][ T7012] Bluetooth: hci3: command 0x0406 tx timeout
[  211.623990][ T7012] Bluetooth: hci4: command 0x0406 tx timeout
[  212.644938][ T5826] Bluetooth: hci0: command 0x0406 tx timeout
[  215.649071][ T7062] netlink: 'syz.0.304': attribute type 1 has an invalid length.
[  215.862019][ T7062] netlink: 224 bytes leftover after parsing attributes in process `syz.0.304'.
[  216.069996][ T7062] netlink: 8 bytes leftover after parsing attributes in process `syz.0.304'.
[  217.945833][ T7079] netlink: 4 bytes leftover after parsing attributes in process `syz.1.310'.
[  218.573133][ T6677] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  218.774897][ T3572] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  219.054875][ T6677] usb 2-1: Using ep0 maxpacket: 16
[  219.085504][ T6677] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  219.102099][ T6677] usb 2-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=8b.57
[  219.121219][ T6677] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.242213][ T6677] usb 2-1: Product: syz
[  219.248804][ T6677] usb 2-1: Manufacturer: syz
[  219.253435][ T6677] usb 2-1: SerialNumber: syz
[  219.276333][ T6677] usb 2-1: config 0 descriptor??
[  219.306163][ T6677] port100 2-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  219.387125][ T3572] usb 4-1: device descriptor read/all, error -71
[  219.556960][ T7110] IPv6: Can't replace route, no match found
[  219.832499][ T7085] 8021q: adding VLAN 0 to HW filter on device bond0
[  219.965125][ T6677] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  220.192489][ T7085] bond0: (slave rose0): Enslaving as an active interface with an up link
[  220.574913][ T6677] usb 3-1: Using ep0 maxpacket: 8
[  220.633996][   T43] usb 2-1: USB disconnect, device number 9
[  220.941255][ T6677] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  221.024059][ T6677] usb 3-1: config 179 has no interface number 0
[  221.093444][ T6677] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  221.312884][ T6677] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  221.480175][ T6677] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 134, changing to 11
[  221.614599][ T6677] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  221.638896][ T7122] netlink: 'syz.3.319': attribute type 10 has an invalid length.
[  221.869792][ T6677] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  222.152390][ T6677] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  222.276864][ T6677] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.388801][ T7122] syz_tun: entered promiscuous mode
[  222.412959][ T7122] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  222.428619][ T7112] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  223.451321][ T6677] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input6
[  223.763731][ T7136] syz.0.322 (7136) used greatest stack depth: 15976 bytes left
[  224.028658][ T5877] usb 3-1: USB disconnect, device number 11
[  224.028680][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  224.043093][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  224.061680][ T5877] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  224.119507][ T7143] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  224.130028][ T7143] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  224.154620][ T7143] FAULT_INJECTION: forcing a failure.
[  224.154620][ T7143] name failslab, interval 1, probability 0, space 0, times 0
[  224.198693][ T7143] CPU: 0 UID: 0 PID: 7143 Comm: syz.1.323 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  224.198716][ T7143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  224.198727][ T7143] Call Trace:
[  224.198734][ T7143]  <TASK>
[  224.198741][ T7143]  dump_stack_lvl+0x189/0x250
[  224.198771][ T7143]  ? __pfx____ratelimit+0x10/0x10
[  224.198796][ T7143]  ? __pfx_dump_stack_lvl+0x10/0x10
[  224.198822][ T7143]  ? __pfx__printk+0x10/0x10
[  224.198844][ T7143]  ? __pfx___might_resched+0x10/0x10
[  224.198868][ T7143]  ? fs_reclaim_acquire+0x7d/0x100
[  224.198898][ T7143]  should_fail_ex+0x414/0x560
[  224.198923][ T7143]  should_failslab+0xa8/0x100
[  224.198948][ T7143]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  224.198970][ T7143]  ? __alloc_skb+0x112/0x2d0
[  224.198991][ T7143]  __alloc_skb+0x112/0x2d0
[  224.199013][ T7143]  inet_ifmcaddr_notify+0x7e/0x150
[  224.199038][ T7143]  __ip_mc_dec_group+0x40b/0x690
[  224.199060][ T7143]  inetdev_event+0x2a7/0x15b0
[  224.199089][ T7143]  ? __pfx_inetdev_event+0x10/0x10
[  224.199121][ T7143]  notifier_call_chain+0x1b6/0x3e0
[  224.199154][ T7143]  __dev_notify_flags+0x18d/0x2e0
[  224.199177][ T7143]  ? __pfx___dev_notify_flags+0x10/0x10
[  224.199193][ T7143]  ? __dev_change_flags+0x52e/0x6d0
[  224.199217][ T7143]  ? __pfx___dev_change_flags+0x10/0x10
[  224.199248][ T7143]  netif_change_flags+0xe8/0x1a0
[  224.199272][ T7143]  do_setlink+0xc55/0x41c0
[  224.199295][ T7143]  ? __kernel_text_address+0xd/0x40
[  224.199318][ T7143]  ? arch_stack_walk+0xfc/0x150
[  224.199349][ T7143]  ? __pfx_do_setlink+0x10/0x10
[  224.199385][ T7143]  ? __lock_acquire+0xab9/0xd20
[  224.199416][ T7143]  ? __mutex_trylock_common+0x153/0x260
[  224.199446][ T7143]  ? __pfx___mutex_trylock_common+0x10/0x10
[  224.199477][ T7143]  ? rcu_is_watching+0x15/0xb0
[  224.199503][ T7143]  ? trace_contention_end+0x39/0x120
[  224.199519][ T7143]  ? __mutex_lock+0x330/0xe80
[  224.199554][ T7143]  ? rtnl_newlink+0x8db/0x1c70
[  224.199569][ T7143]  ? rcu_is_watching+0x15/0xb0
[  224.199601][ T7143]  ? __pfx___mutex_lock+0x10/0x10
[  224.199631][ T7143]  ? full_name_hash+0x92/0xe0
[  224.199661][ T7143]  ? netdev_name_node_lookup+0xdf/0x120
[  224.199689][ T7143]  rtnl_newlink+0x160b/0x1c70
[  224.199704][ T7143]  ? netlink_sendmsg+0x805/0xb30
[  224.199739][ T7143]  ? __pfx_rtnl_newlink+0x10/0x10
[  224.199777][ T7143]  ? kasan_quarantine_put+0xdd/0x220
[  224.199796][ T7143]  ? lockdep_hardirqs_on+0x9c/0x150
[  224.199826][ T7143]  ? nlmon_xmit+0xb0/0x100
[  224.199848][ T7143]  ? kmem_cache_free+0x18f/0x400
[  224.199875][ T7143]  ? __local_bh_enable_ip+0x12d/0x1c0
[  224.199906][ T7143]  ? lockdep_hardirqs_on+0x9c/0x150
[  224.199930][ T7143]  ? __local_bh_enable_ip+0x12d/0x1c0
[  224.199954][ T7143]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  224.199982][ T7143]  ? __dev_queue_xmit+0x27e/0x3a70
[  224.200004][ T7143]  ? __dev_queue_xmit+0x27e/0x3a70
[  224.200023][ T7143]  ? __dev_queue_xmit+0x27e/0x3a70
[  224.200046][ T7143]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  224.200073][ T7143]  ? __lock_acquire+0xab9/0xd20
[  224.200119][ T7143]  ? __pfx_rtnl_newlink+0x10/0x10
[  224.200135][ T7143]  rtnetlink_rcv_msg+0x7cc/0xb70
[  224.200166][ T7143]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  224.200191][ T7143]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  224.200216][ T7143]  ? ref_tracker_free+0x63a/0x7d0
[  224.200235][ T7143]  ? __copy_skb_header+0xa7/0x550
[  224.200275][ T7143]  ? __pfx_ref_tracker_free+0x10/0x10
[  224.200297][ T7143]  ? __skb_clone+0x63/0x7a0
[  224.200326][ T7143]  netlink_rcv_skb+0x205/0x470
[  224.200347][ T7143]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  224.200377][ T7143]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  224.200409][ T7143]  ? netlink_deliver_tap+0x2e/0x1b0
[  224.200428][ T7143]  ? netlink_deliver_tap+0x2e/0x1b0
[  224.200453][ T7143]  netlink_unicast+0x758/0x8d0
[  224.200493][ T7143]  netlink_sendmsg+0x805/0xb30
[  224.200522][ T7143]  ? __pfx_netlink_sendmsg+0x10/0x10
[  224.200551][ T7143]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  224.200579][ T7143]  ? __pfx_netlink_sendmsg+0x10/0x10
[  224.200600][ T7143]  __sock_sendmsg+0x219/0x270
[  224.200630][ T7143]  ____sys_sendmsg+0x505/0x830
[  224.200658][ T7143]  ? __pfx_____sys_sendmsg+0x10/0x10
[  224.200689][ T7143]  ? import_iovec+0x74/0xa0
[  224.200721][ T7143]  ___sys_sendmsg+0x21f/0x2a0
[  224.200745][ T7143]  ? __pfx____sys_sendmsg+0x10/0x10
[  224.200804][ T7143]  ? __fget_files+0x2a/0x420
[  224.200828][ T7143]  ? __fget_files+0x3a0/0x420
[  224.200863][ T7143]  __x64_sys_sendmsg+0x19b/0x260
[  224.200887][ T7143]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  224.200919][ T7143]  ? __pfx_ksys_write+0x10/0x10
[  224.200938][ T7143]  ? rcu_is_watching+0x15/0xb0
[  224.200969][ T7143]  ? do_syscall_64+0xbe/0x3b0
[  224.201000][ T7143]  do_syscall_64+0xfa/0x3b0
[  224.201025][ T7143]  ? lockdep_hardirqs_on+0x9c/0x150
[  224.201050][ T7143]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.201067][ T7143]  ? clear_bhb_loop+0x60/0xb0
[  224.201090][ T7143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.201108][ T7143] RIP: 0033:0x7faf1238e929
[  224.201124][ T7143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.201139][ T7143] RSP: 002b:00007faf1318c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  224.201158][ T7143] RAX: ffffffffffffffda RBX: 00007faf125b5fa0 RCX: 00007faf1238e929
[  224.201172][ T7143] RDX: 0000000000004800 RSI: 0000200000000280 RDI: 0000000000000003
[  224.201183][ T7143] RBP: 00007faf1318c090 R08: 0000000000000000 R09: 0000000000000000
[  224.201194][ T7143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  224.201205][ T7143] R13: 0000000000000000 R14: 00007faf125b5fa0 R15: 00007ffe4b53ec98
[  224.201234][ T7143]  </TASK>
[  224.748328][    C0] vkms_vblank_simulate: vblank timer overrun
[  224.881837][ T7150] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  225.338466][ T7151] syz.0.326: attempt to access beyond end of device
[  225.338466][ T7151] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  225.385621][ T7151] (syz.0.326,7151,0):ocfs2_get_sector:1714 ERROR: status = -5
[  225.394045][ T7151] (syz.0.326,7151,1):ocfs2_sb_probe:753 ERROR: status = -5
[  225.424873][ T7151] (syz.0.326,7151,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  225.434840][   T92] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  225.450801][ T7158] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  225.474884][ T7151] (syz.0.326,7151,1):ocfs2_fill_super:1177 ERROR: status = -5
[  225.657909][   T92] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.687651][   T92] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.708323][   T92] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  225.724892][   T92] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.747064][   T92] usb 5-1: config 0 descriptor??
[  226.028563][   T43] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  226.187107][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[  226.194079][   T43] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  226.247201][   T92] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  226.262637][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.275264][   T92] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  226.317167][   T43] usb 2-1: config 0 descriptor??
[  226.336782][   T92] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0003/input/input7
[  226.458813][   T92] cm6533_jd 0003:0D8C:0022.0003: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  226.549347][   T92] usb 5-1: USB disconnect, device number 5
[  226.562831][ T7158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  226.607378][ T7158] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  226.670083][   T43]  (null): keene_cmd_main failed (-71)
[  226.711201][   T43] video4linux radio48: keene_cmd_main failed (-71)
[  226.745026][   T43] radio-keene 2-1:0.0: V4L2 device registered as radio48
[  226.782870][   T43] usb 2-1: USB disconnect, device number 10
[  226.832512][ T7172] fido_id[7172]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  227.768930][ T7195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.333'.
[  229.794651][ T7226] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  230.447206][ T7242] netlink: 'syz.2.344': attribute type 4 has an invalid length.
[  231.307573][ T7251] netlink: 20 bytes leftover after parsing attributes in process `syz.1.348'.
[  231.317233][ T7251] 9pnet_fd: Insufficient options for proto=fd
[  231.607642][ T7256] ntfs3(nullb0): Primary boot signature is not NTFS.
[  231.608354][ T7256] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  233.180665][ T7275] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  233.674881][ T5927] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  233.835034][ T5927] usb 2-1: Using ep0 maxpacket: 32
[  233.843256][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  233.864365][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  233.923893][ T5927] usb 2-1: New USB device found, idVendor=0925, idProduct=8866, bcdDevice= 0.00
[  233.961166][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.028201][ T5927] usb 2-1: config 0 descriptor??
[  234.521776][ T5927] smartjoyplus 0003:0925:8866.0004: hidraw0: USB HID v0.00 Device [HID 0925:8866] on usb-dummy_hcd.1-1/input0
[  234.662422][ T5927] smartjoyplus 0003:0925:8866.0004: Force feedback for SmartJoy PLUS PS2/USB adapter
[  234.677328][ T5927] usb 2-1: USB disconnect, device number 11
[  234.973545][ T7303] fido_id[7303]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  236.967792][ T7320] ntfs3(nullb0): Primary boot signature is not NTFS.
[  236.975348][ T7320] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  238.064911][ T5885] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  238.263277][ T5885] usb 2-1: Using ep0 maxpacket: 32
[  238.293831][ T5885] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  238.328666][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.368923][ T5885] usb 2-1: Product: syz
[  238.373118][ T5885] usb 2-1: Manufacturer: syz
[  238.487731][ T5885] usb 2-1: SerialNumber: syz
[  238.519606][ T5885] usb 2-1: config 0 descriptor??
[  238.569947][ T5885] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  239.286204][ T5885] gspca_ov534_9: reg_w failed -110
[  239.735095][ T5885] gspca_ov534_9: Unknown sensor 0000
[  239.735185][ T5885] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[  239.800379][ T5885] usb 2-1: USB disconnect, device number 12
[  239.905311][   T43] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  240.400811][   T43] usb 5-1: Using ep0 maxpacket: 32
[  240.511683][   T43] usb 5-1: too many endpoints for config 0 interface 0 altsetting 32: 253, using maximum allowed: 30
[  240.538044][   T43] usb 5-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  240.616250][   T43] usb 5-1: config 0 interface 0 altsetting 32 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  240.888459][   T43] usb 5-1: config 0 interface 0 has no altsetting 0
[  240.904834][   T43] usb 5-1: New USB device found, idVendor=0c12, idProduct=0030, bcdDevice= 0.00
[  240.913907][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.954364][   T43] usb 5-1: config 0 descriptor??
[  241.186478][ T7371] ntfs3(nullb0): Primary boot signature is not NTFS.
[  241.193891][ T7371] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  241.862366][ T7356] netlink: 56 bytes leftover after parsing attributes in process `syz.4.369'.
[  241.973554][   T43] zeroplus 0003:0C12:0030.0005: hidraw0: USB HID v0.03 Device [HID 0c12:0030] on usb-dummy_hcd.4-1/input0
[  242.054776][   T43] zeroplus 0003:0C12:0030.0005: no inputs found
[  242.137840][   T92] usb 5-1: USB disconnect, device number 6
[  242.542744][ T7378] fido_id[7378]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  242.630208][ T7380] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  242.961948][   T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  243.018216][   T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  243.041499][   T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  243.052204][   T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  243.061248][   T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  243.458229][ T5832] bond0: (slave syz_tun): Releasing backup interface
[  243.474834][   T92] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  243.663034][   T92] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  243.847734][   T92] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.873117][   T92] usb 2-1: config 0 descriptor??
[  244.875128][   T92] cp210x 2-1:0.0: cp210x converter detected
[  245.225375][ T5826] Bluetooth: hci5: command tx timeout
[  246.406741][ T6038] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.668232][ T6038] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.679476][   T92] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  246.814530][   T92] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -121
[  246.822382][ T7411] netlink: 830 bytes leftover after parsing attributes in process `syz.1.379'.
[  246.863769][ T6038] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.880537][   T92] cp210x 2-1:0.0: GPIO initialisation failed: -121
[  246.929795][   T92] usb 2-1: cp210x converter now attached to ttyUSB0
[  247.276551][ T5826] Bluetooth: hci5: command tx timeout
[  247.371078][ T6038] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.010623][ T7386] chnl_net:caif_netlink_parms(): no params data found
[  248.392337][ T7434] netlink: 8 bytes leftover after parsing attributes in process `syz.2.389'.
[  248.410791][ T6038] bridge_slave_1: left allmulticast mode
[  248.423028][ T5885] usb 2-1: USB disconnect, device number 13
[  248.433095][ T6038] bridge_slave_1: left promiscuous mode
[  248.445038][ T6038] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.461866][ T5885] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  248.470979][ T5885] cp210x 2-1:0.0: device disconnected
[  248.520094][ T6038] bridge_slave_0: left allmulticast mode
[  248.829148][ T7441] mmap: syz.0.388 (7441) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  248.876667][ T6038] bridge_slave_0: left promiscuous mode
[  248.895403][ T6038] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.355171][ T5826] Bluetooth: hci5: command tx timeout
[  249.970949][ T6038] bond_slave_0: left promiscuous mode
[  249.990270][ T6038] bond_slave_1: left promiscuous mode
[  251.423184][ T7473] netlink: 8 bytes leftover after parsing attributes in process `syz.0.394'.
[  251.440592][ T5826] Bluetooth: hci5: command tx timeout
[  251.490022][ T6038] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  251.508805][ T6038] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  251.529580][ T6038] bond0 (unregistering): Released all slaves
[  251.801759][ T7386] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.809387][ T5885] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  251.848067][ T7386] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.877093][ T7386] bridge_slave_0: entered allmulticast mode
[  251.885158][ T7386] bridge_slave_0: entered promiscuous mode
[  252.004833][ T5885] usb 3-1: Using ep0 maxpacket: 32
[  252.049331][ T5885] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=88.ea
[  252.078968][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.129335][ T5885] usb 3-1: Product: syz
[  252.138282][ T5928] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  252.141331][ T5885] usb 3-1: Manufacturer: syz
[  252.152172][ T5885] usb 3-1: SerialNumber: syz
[  252.273190][ T5885] usb 3-1: config 0 descriptor??
[  252.355565][ T7386] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.363157][ T7386] bridge0: port 2(bridge_slave_1) entered disabled state
[  252.466388][ T7386] bridge_slave_1: entered allmulticast mode
[  252.591974][ T5928] usb 5-1: Using ep0 maxpacket: 8
[  252.601914][ T5928] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  252.607908][ T5885] ati_remote 3-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints
[  252.612058][ T7386] bridge_slave_1: entered promiscuous mode
[  252.640061][ T5928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.663200][ T5928] usb 5-1: Product: syz
[  252.679995][ T5928] usb 5-1: Manufacturer: syz
[  252.690768][ T5928] usb 5-1: SerialNumber: syz
[  252.775715][ T5928] usb 5-1: config 0 descriptor??
[  252.815348][ T7386] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  252.858057][ T7386] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  253.766179][ T5928] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  254.424108][ T5885] usb 3-1: USB disconnect, device number 12
[  254.618122][ T7386] team0: Port device team_slave_0 added
[  255.159782][ T6038] hsr_slave_0: left promiscuous mode
[  255.221298][ T7490] openvswitch: netlink: EtherType 0 is less than min 600
[  255.295090][ T6038] hsr_slave_1: left promiscuous mode
[  255.331954][ T6038] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  255.411762][ T6038] batman_adv: batadv0: Removing interface: batadv_slave_0
[  255.609784][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  255.619298][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  255.620854][ T6038] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  255.709299][ T6038] batman_adv: batadv0: Removing interface: batadv_slave_1
[  255.761309][ T7480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  255.815979][ T7480] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  255.862956][ T6038] veth1_macvtap: left promiscuous mode
[  255.872750][ T6038] veth0_macvtap: left promiscuous mode
[  255.890136][ T6038] veth1_vlan: left promiscuous mode
[  255.896207][ T6038] veth0_vlan: left promiscuous mode
[  255.913060][ T5928] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  256.000774][ T5928] usb 5-1: USB disconnect, device number 7
[  257.629535][ T6038] team0 (unregistering): Port device team_slave_1 removed
[  257.664314][ T6038] team0 (unregistering): Port device team_slave_0 removed
[  257.971036][ T7386] team0: Port device team_slave_1 added
[  257.978418][ T7490] IPVS: Error connecting to the multicast addr
[  258.115962][ T7386] batman_adv: batadv0: Adding interface: batadv_slave_0
[  258.136691][ T7386] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  258.176403][ T7386] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  258.191488][ T7386] batman_adv: batadv0: Adding interface: batadv_slave_1
[  258.207628][ T7386] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  258.262429][ T7386] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  258.470870][ T7539] netlink: 830 bytes leftover after parsing attributes in process `syz.0.407'.
[  259.063519][ T7558] netlink: 4 bytes leftover after parsing attributes in process `syz.2.411'.
[  259.592101][ T7386] hsr_slave_0: entered promiscuous mode
[  259.638534][ T7386] hsr_slave_1: entered promiscuous mode
[  259.644950][ T7386] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  259.663657][ T7386] Cannot create hsr debugfs directory
[  259.930344][ T7574] random: crng reseeded on system resumption
[  260.110030][ T7581] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  263.558121][ T7588] netlink: 830 bytes leftover after parsing attributes in process `syz.1.419'.
[  263.567185][ T7588] bond_slave_0: entered promiscuous mode
[  263.572849][ T7588] bond_slave_1: entered promiscuous mode
[  264.098382][ T5885] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  264.694829][ T5885] usb 5-1: Using ep0 maxpacket: 16
[  264.706405][ T5885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  264.723674][ T5885] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  264.738166][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.746988][ T5885] usb 5-1: Product: syz
[  264.751328][ T5885] usb 5-1: Manufacturer: syz
[  264.763193][ T5885] usb 5-1: SerialNumber: syz
[  264.808110][ T5885] usb 5-1: config 0 descriptor??
[  264.827497][ T5885] hub 5-1:0.0: bad descriptor, ignoring hub
[  264.834575][ T5885] hub 5-1:0.0: probe with driver hub failed with error -5
[  264.848126][ T7386] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  264.872746][ T5885] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input8
[  264.903793][ T7386] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  264.976192][ T7386] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  265.053872][ T7386] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  265.423524][ T7628] ieee802154 phy0 wpan0: encryption failed: -22
[  266.049363][ T7386] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.072591][   T30] audit: type=1326 audit(1751297319.924:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7589 comm="syz.4.421" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f76e438e929 code=0x0
[  266.155440][ T7386] 8021q: adding VLAN 0 to HW filter on device team0
[  266.246697][ T1337] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.254327][ T1337] bridge0: port 1(bridge_slave_0) entered forwarding state
[  266.328735][ T1337] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.335920][ T1337] bridge0: port 2(bridge_slave_1) entered forwarding state
[  266.969263][ T7386] 8021q: adding VLAN 0 to HW filter on device batadv0
[  267.576273][   T43] usb 5-1: USB disconnect, device number 8
[  268.996534][ T7670] netlink: 4 bytes leftover after parsing attributes in process `syz.1.430'.
[  269.280705][ T7672] netlink: 830 bytes leftover after parsing attributes in process `syz.4.432'.
[  269.511608][ T7386] veth0_vlan: entered promiscuous mode
[  269.717075][ T7386] veth1_vlan: entered promiscuous mode
[  270.096620][ T7386] veth0_macvtap: entered promiscuous mode
[  270.135697][ T7386] veth1_macvtap: entered promiscuous mode
[  270.202532][ T7386] batman_adv: batadv0: Interface activated: batadv_slave_0
[  270.309881][ T7386] batman_adv: batadv0: Interface activated: batadv_slave_1
[  270.734314][ T7386] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  270.743540][ T7386] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  270.752707][ T7386] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  270.761813][ T7386] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  271.507364][   T24] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  271.574233][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.613266][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  271.704871][   T24] usb 2-1: Using ep0 maxpacket: 32
[  271.722280][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  271.782262][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  271.833729][ T6038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.850347][   T24] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  271.884040][ T6038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  271.907447][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.950503][   T24] usb 2-1: config 0 descriptor??
[  272.240459][ T7714] FAULT_INJECTION: forcing a failure.
[  272.240459][ T7714] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  272.281593][ T7717] netlink: 27 bytes leftover after parsing attributes in process `syz.5.372'.
[  272.301791][ T7714] CPU: 0 UID: 0 PID: 7714 Comm: syz.2.441 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  272.301813][ T7714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  272.301832][ T7714] Call Trace:
[  272.301839][ T7714]  <TASK>
[  272.301847][ T7714]  dump_stack_lvl+0x189/0x250
[  272.301878][ T7714]  ? __pfx____ratelimit+0x10/0x10
[  272.301903][ T7714]  ? __pfx_dump_stack_lvl+0x10/0x10
[  272.301928][ T7714]  ? __pfx__printk+0x10/0x10
[  272.301965][ T7714]  should_fail_ex+0x414/0x560
[  272.301991][ T7714]  _copy_to_user+0x31/0xb0
[  272.302019][ T7714]  simple_read_from_buffer+0xe1/0x170
[  272.302046][ T7714]  proc_fail_nth_read+0x1df/0x250
[  272.302075][ T7714]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  272.302102][ T7714]  ? rw_verify_area+0x258/0x650
[  272.302120][ T7714]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  272.302146][ T7714]  vfs_read+0x1fd/0x980
[  272.302170][ T7714]  ? __pfx___mutex_lock+0x10/0x10
[  272.302197][ T7714]  ? __pfx_vfs_read+0x10/0x10
[  272.302217][ T7714]  ? __fget_files+0x2a/0x420
[  272.302245][ T7714]  ? __fget_files+0x3a0/0x420
[  272.302266][ T7714]  ? __fget_files+0x2a/0x420
[  272.302297][ T7714]  ksys_read+0x145/0x250
[  272.302319][ T7714]  ? __pfx_ksys_read+0x10/0x10
[  272.302335][ T7714]  ? rcu_is_watching+0x15/0xb0
[  272.302366][ T7714]  ? do_syscall_64+0xbe/0x3b0
[  272.302395][ T7714]  do_syscall_64+0xfa/0x3b0
[  272.302419][ T7714]  ? lockdep_hardirqs_on+0x9c/0x150
[  272.302442][ T7714]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.302459][ T7714]  ? clear_bhb_loop+0x60/0xb0
[  272.302480][ T7714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.302496][ T7714] RIP: 0033:0x7f72b6f8d33c
[  272.302512][ T7714] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  272.302526][ T7714] RSP: 002b:00007f72b7d94030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  272.302544][ T7714] RAX: ffffffffffffffda RBX: 00007f72b71b5fa0 RCX: 00007f72b6f8d33c
[  272.302556][ T7714] RDX: 000000000000000f RSI: 00007f72b7d940a0 RDI: 0000000000000004
[  272.302567][ T7714] RBP: 00007f72b7d94090 R08: 0000000000000000 R09: 0000000000000000
[  272.302577][ T7714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  272.302587][ T7714] R13: 0000000000000000 R14: 00007f72b71b5fa0 R15: 00007fffed38db38
[  272.302614][ T7714]  </TASK>
[  272.470412][   T24] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  272.848357][ T7725] netlink: 92 bytes leftover after parsing attributes in process `syz.1.438'.
[  273.049887][ T7731] netlink: 830 bytes leftover after parsing attributes in process `syz.5.443'.
[  273.059129][ T7731] bond_slave_0: entered promiscuous mode
[  273.064904][ T7731] bond_slave_1: entered promiscuous mode
[  273.782927][ T7749] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  273.792064][ T7749] batman_adv: batadv0: Removing interface: batadv_slave_0
[  273.826110][ T7749] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  273.860752][ T7749] batman_adv: batadv0: Removing interface: batadv_slave_1
[  273.875464][   T43] usb 2-1: reset high-speed USB device number 14 using dummy_hcd
[  275.678227][   T43] usb 2-1: device descriptor read/64, error -71
[  275.955107][   T43] usb 2-1: reset high-speed USB device number 14 using dummy_hcd
[  276.043569][   T43] usb 2-1: device reset changed ep0 maxpacket size!
[  276.200674][   T24] usb 2-1: USB disconnect, device number 14
[  276.400923][ T7771] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  276.501742][   T24] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  276.506112][ T7781] FAULT_INJECTION: forcing a failure.
[  276.506112][ T7781] name failslab, interval 1, probability 0, space 0, times 0
[  276.522279][ T7781] CPU: 0 UID: 0 PID: 7781 Comm: syz.4.453 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  276.522301][ T7781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  276.522311][ T7781] Call Trace:
[  276.522320][ T7781]  <TASK>
[  276.522326][ T7781]  dump_stack_lvl+0x189/0x250
[  276.522348][ T7781]  ? __pfx____ratelimit+0x10/0x10
[  276.522366][ T7781]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.522384][ T7781]  ? __pfx__printk+0x10/0x10
[  276.522398][ T7781]  ? __pfx___might_resched+0x10/0x10
[  276.522415][ T7781]  ? fs_reclaim_acquire+0x7d/0x100
[  276.522436][ T7781]  should_fail_ex+0x414/0x560
[  276.522453][ T7781]  should_failslab+0xa8/0x100
[  276.522488][ T7781]  __kmalloc_noprof+0xcb/0x4f0
[  276.522503][ T7781]  ? tomoyo_encode+0x28b/0x550
[  276.522524][ T7781]  tomoyo_encode+0x28b/0x550
[  276.522546][ T7781]  tomoyo_realpath_from_path+0x58d/0x5d0
[  276.522578][ T7781]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  276.522594][ T7781]  tomoyo_path_number_perm+0x1e8/0x5a0
[  276.522611][ T7781]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  276.522638][ T7781]  ? __lock_acquire+0xab9/0xd20
[  276.522669][ T7781]  ? __fget_files+0x2a/0x420
[  276.522702][ T7781]  ? __fget_files+0x2a/0x420
[  276.522717][ T7781]  ? __fget_files+0x3a0/0x420
[  276.522732][ T7781]  ? __fget_files+0x2a/0x420
[  276.522751][ T7781]  security_file_ioctl+0xcb/0x2d0
[  276.522768][ T7781]  __se_sys_ioctl+0x47/0x170
[  276.522783][ T7781]  do_syscall_64+0xfa/0x3b0
[  276.522800][ T7781]  ? lockdep_hardirqs_on+0x9c/0x150
[  276.522819][ T7781]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.522833][ T7781]  ? clear_bhb_loop+0x60/0xb0
[  276.522848][ T7781]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.522860][ T7781] RIP: 0033:0x7f76e438e929
[  276.522871][ T7781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.522882][ T7781] RSP: 002b:00007f76e51b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  276.522894][ T7781] RAX: ffffffffffffffda RBX: 00007f76e45b6080 RCX: 00007f76e438e929
[  276.522903][ T7781] RDX: 0000200000000040 RSI: 0000000040045730 RDI: 0000000000000007
[  276.522911][ T7781] RBP: 00007f76e51b2090 R08: 0000000000000000 R09: 0000000000000000
[  276.522918][ T7781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  276.522925][ T7781] R13: 0000000000000000 R14: 00007f76e45b6080 R15: 00007ffd3f76bab8
[  276.522944][ T7781]  </TASK>
[  276.522985][ T7781] ERROR: Out of memory at tomoyo_realpath_from_path.
[  276.994920][   T24] usb 2-1: Using ep0 maxpacket: 16
[  277.011876][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  277.012042][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  277.179346][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  277.179375][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.179393][   T24] usb 2-1: Product: syz
[  277.179406][   T24] usb 2-1: Manufacturer: syz
[  277.179419][   T24] usb 2-1: SerialNumber: syz
[  277.460075][ T7788] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode
[  277.525329][ T7790] wg2: entered promiscuous mode
[  277.531038][ T7790] wg2: entered allmulticast mode
[  279.419090][   T24] usb 2-1: 0:2 : does not exist
[  279.501433][   T24] usb 2-1: 5:0: cannot get min/max values for control 8 (id 5)
[  279.586398][   T24] usb 2-1: USB disconnect, device number 15
[  279.869128][ T7847] binder: 7834:7847 ioctl c0306201 200000000240 returned -11
[  280.391777][ T7838] udevd[7838]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  280.655310][ T7840] netlink: 28 bytes leftover after parsing attributes in process `syz.4.470'.
[  280.697017][ T7840] Cannot find del_set index 0 as target
[  281.543108][ T7856] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  281.700428][ T7869] netlink: 'syz.0.475': attribute type 4 has an invalid length.
[  281.751680][ T7875] netlink: 'syz.0.475': attribute type 4 has an invalid length.
[  282.339229][ T7894] netlink: 4 bytes leftover after parsing attributes in process `syz.1.483'.
[  282.479960][ T7894] syz_tun (unregistering): left allmulticast mode
[  282.566222][   T30] audit: type=1326 audit(1751297336.404:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7905 comm="syz.4.488" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f76e438e929 code=0x0
[  282.590502][ T7904] loop4: detected capacity change from 0 to 7
[  282.602459][ T7904] Dev loop4: unable to read RDB block 7
[  282.631537][ T7904]  loop4: unable to read partition table
[  282.638874][ T7904] loop4: partition table beyond EOD, truncated
[  282.655322][ T7904] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[  282.712465][ T5484] veth0_vlan: left promiscuous mode
[  282.741096][ T5484] veth0_vlan: entered promiscuous mode
[  283.862944][ T7883] pim6reg0: tun_chr_ioctl cmd 1074025677
[  283.904565][ T7883] pim6reg0: linktype set to 0
[  283.960225][   T30] audit: type=1326 audit(1751297337.824:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7905 comm="syz.4.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76e438e929 code=0x7ffc0000
[  284.332098][   T30] audit: type=1326 audit(1751297337.824:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7905 comm="syz.4.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76e438e929 code=0x7ffc0000
[  284.499488][   T30] audit: type=1326 audit(1751297337.824:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7905 comm="syz.4.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f76e438e929 code=0x7ffc0000
[  284.846129][   T30] audit: type=1326 audit(1751297337.824:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7905 comm="syz.4.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76e438e929 code=0x7ffc0000
[  284.869498][   T30] audit: type=1326 audit(1751297337.824:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7905 comm="syz.4.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76e438e929 code=0x7ffc0000
[  284.895698][   T30] audit: type=1326 audit(1751297337.824:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7905 comm="syz.4.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f76e438e929 code=0x7ffc0000
[  284.918641][   T30] audit: type=1326 audit(1751297337.824:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7905 comm="syz.4.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76e438e929 code=0x7ffc0000
[  285.448648][   T30] audit: type=1326 audit(1751297337.824:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7905 comm="syz.4.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76e438e929 code=0x7ffc0000
[  285.651673][ T7941] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  286.162246][ T7951] capability: warning: `syz.4.497' uses 32-bit capabilities (legacy support in use)
[  286.398439][ T3572] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  286.635919][ T7954] netlink: 'syz.0.498': attribute type 1 has an invalid length.
[  286.795037][ T3572] usb 2-1: Using ep0 maxpacket: 8
[  286.802501][ T3572] usb 2-1: config 0 has an invalid interface number: 126 but max is 0
[  286.844026][ T3572] usb 2-1: config 0 has no interface number 0
[  286.884537][ T3572] usb 2-1: config 0 interface 126 has no altsetting 0
[  287.007291][ T3572] usb 2-1: New USB device found, idVendor=0547, idProduct=7303, bcdDevice=fa.3e
[  287.028223][ T3572] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.040163][ T3572] usb 2-1: Product: syz
[  287.212341][ T3572] usb 2-1: Manufacturer: syz
[  287.218183][ T3572] usb 2-1: SerialNumber: syz
[  287.230516][ T3572] usb 2-1: config 0 descriptor??
[  287.779700][ T3572] gspca_main: dtcs033-2.14.0 probing 0547:7303
[  287.825210][ T3572] usb 2-1: USB disconnect, device number 16
[  288.218156][ T7983] netlink: 12 bytes leftover after parsing attributes in process `syz.4.504'.
[  288.222687][ T7984] fuse: Bad value for 'group_id'
[  288.234102][ T7984] fuse: Bad value for 'group_id'
[  288.692395][ T7993] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  290.216597][ T8028] trusted_key: syz.4.515 sent an empty control message without MSG_MORE.
[  290.979570][ T8043] netlink: 24 bytes leftover after parsing attributes in process `syz.1.518'.
[  291.285105][ T5928] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  291.538772][ T8054] overlayfs: overlapping lowerdir path
[  291.601707][ T8055] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  291.625265][ T5928] usb 3-1: Using ep0 maxpacket: 8
[  291.635507][ T5928] usb 3-1: unable to get BOS descriptor or descriptor too short
[  291.698127][ T5928] usb 3-1: config 4 interface 0 has no altsetting 0
[  291.794859][ T5928] usb 3-1: string descriptor 0 read error: -22
[  291.820227][ T5928] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  291.857623][ T8064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.524'.
[  291.918069][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.098434][ T5928] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  292.163693][ T5928] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  292.324878][ T3572] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  292.616284][ T5928] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  292.623599][ T5928] usb 3-1: media controller created
[  292.786410][ T3572] usb 2-1: Using ep0 maxpacket: 32
[  292.810023][ T3572] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  292.881313][ T5928] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  292.912987][ T5928] zl10353_read_register: readreg error (reg=127, ret==0)
[  292.937108][ T3572] usb 2-1: too many endpoints for config 0 interface 0 altsetting 5: 69, using maximum allowed: 30
[  293.071450][ T3572] usb 2-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 69
[  293.317538][ T3572] usb 2-1: config 0 interface 0 has no altsetting 1
[  293.486429][ T3572] usb 2-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00
[  293.543730][ T3572] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  293.563061][ T3572] usb 2-1: SerialNumber: syz
[  293.599518][ T3572] usb 2-1: config 0 descriptor??
[  293.656481][ T3572] usb-storage 2-1:0.0: USB Mass Storage device detected
[  293.816566][ T5928] usb 3-1: USB disconnect, device number 13
[  293.888148][ T8068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  293.901050][ T3572] usb-storage 2-1:0.0: Quirks match for vid 152d pid 0539: 4000000
[  293.917642][   T30] audit: type=1326 audit(1751297347.744:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8088 comm="syz.0.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70b378e929 code=0x7ffc0000
[  293.964221][ T8068] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  294.201569][ T8068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  294.237007][ T8068] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  294.252600][ T8068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  294.313546][   T30] audit: type=1326 audit(1751297347.764:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8088 comm="syz.0.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f70b378e929 code=0x7ffc0000
[  294.336054][   T30] audit: type=1326 audit(1751297347.814:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8088 comm="syz.0.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70b378e929 code=0x7ffc0000
[  294.357578][   T30] audit: type=1326 audit(1751297347.844:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8088 comm="syz.0.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70b378e929 code=0x7ffc0000
[  294.388339][   T30] audit: type=1326 audit(1751297347.844:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8088 comm="syz.0.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=76 compat=0 ip=0x7f70b378e929 code=0x7ffc0000
[  294.404449][ T8068] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  294.409924][   T30] audit: type=1326 audit(1751297347.844:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8088 comm="syz.0.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70b378e929 code=0x7ffc0000
[  294.450651][   T30] audit: type=1326 audit(1751297347.854:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8088 comm="syz.0.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70b378e929 code=0x7ffc0000
[  294.484787][   T30] audit: type=1326 audit(1751297347.854:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8088 comm="syz.0.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f70b378e929 code=0x7ffc0000
[  294.636629][ T8068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  294.681744][   T30] audit: type=1326 audit(1751297347.854:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8088 comm="syz.0.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70b378e929 code=0x7ffc0000
[  294.704496][   T30] audit: type=1326 audit(1751297347.864:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8088 comm="syz.0.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70b378e929 code=0x7ffc0000
[  294.780363][ T8068] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  294.883082][ T8094] ceph: No mds server is up or the cluster is laggy
[  295.376648][ T5877] libceph: connect (1)[c::]:6789 error -101
[  296.601902][ T5877] libceph: mon0 (1)[c::]:6789 connect error
[  297.927389][ T5877] libceph: connect (1)[c::]:6789 error -101
[  297.933494][ T5877] libceph: mon0 (1)[c::]:6789 connect error
[  298.210350][   T43] usb 2-1: USB disconnect, device number 17
[  298.254239][ T5877] libceph: connect (1)[c::]:6789 error -101
[  298.296115][ T5877] libceph: mon0 (1)[c::]:6789 connect error
[  298.742493][ T8122] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  298.951675][ T8129] netlink: 8 bytes leftover after parsing attributes in process `syz.0.539'.
[  299.965150][ T8129] netlink: 68 bytes leftover after parsing attributes in process `syz.0.539'.
[  300.304802][   T43] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  300.485194][   T43] usb 6-1: Using ep0 maxpacket: 32
[  300.498463][   T43] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  300.524329][   T43] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  300.550532][ T8152] /dev/sg0: Can't lookup blockdev
[  300.553882][   T43] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  300.712504][ T8154] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  301.166915][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.229017][   T43] hub 6-1:4.0: USB hub found
[  301.294802][ T5928] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  301.594822][ T5928] usb 5-1: Using ep0 maxpacket: 32
[  301.606239][ T5928] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  301.621909][ T5928] usb 5-1: config 0 has no interfaces?
[  301.635484][ T5928] usb 5-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[  301.667706][ T5928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.020390][ T5928] usb 5-1: config 0 descriptor??
[  302.404918][   T24] IPVS: starting estimator thread 0...
[  302.416112][ T8162] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  302.446050][ T8162] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  302.535002][ T8166] IPVS: using max 29 ests per chain, 69600 per kthread
[  302.574441][ T5928] usb 5-1: string descriptor 0 read error: -71
[  302.593384][   T43] hub 6-1:4.0: config failed, can't read hub descriptor (err -22)
[  302.617452][ T5928] usb 5-1: USB disconnect, device number 9
[  302.687741][   T43] usb 6-1: USB disconnect, device number 2
[  302.803270][ T8172] netlink: 56 bytes leftover after parsing attributes in process `syz.2.547'.
[  303.409562][ T8185] netlink: 4 bytes leftover after parsing attributes in process `syz.5.549'.
[  303.544932][ T8189] FAULT_INJECTION: forcing a failure.
[  303.544932][ T8189] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  303.945974][ T8189] CPU: 1 UID: 0 PID: 8189 Comm: syz.5.549 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  303.946000][ T8189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  303.946011][ T8189] Call Trace:
[  303.946018][ T8189]  <TASK>
[  303.946026][ T8189]  dump_stack_lvl+0x189/0x250
[  303.946057][ T8189]  ? __pfx____ratelimit+0x10/0x10
[  303.946081][ T8189]  ? __pfx_dump_stack_lvl+0x10/0x10
[  303.946107][ T8189]  ? __pfx__printk+0x10/0x10
[  303.946136][ T8189]  should_fail_ex+0x414/0x560
[  303.946162][ T8189]  _copy_to_user+0x31/0xb0
[  303.946191][ T8189]  simple_read_from_buffer+0xe1/0x170
[  303.946218][ T8189]  proc_fail_nth_read+0x1df/0x250
[  303.946246][ T8189]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  303.946274][ T8189]  ? rw_verify_area+0x258/0x650
[  303.946292][ T8189]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  303.946318][ T8189]  vfs_read+0x1fd/0x980
[  303.946348][ T8189]  ? __pfx___mutex_lock+0x10/0x10
[  303.946375][ T8189]  ? __pfx_vfs_read+0x10/0x10
[  303.946396][ T8189]  ? __fget_files+0x2a/0x420
[  303.946422][ T8189]  ? __fget_files+0x3a0/0x420
[  303.946444][ T8189]  ? __fget_files+0x2a/0x420
[  303.946476][ T8189]  ksys_read+0x145/0x250
[  303.946497][ T8189]  ? __pfx_ksys_read+0x10/0x10
[  303.946514][ T8189]  ? rcu_is_watching+0x15/0xb0
[  303.946545][ T8189]  ? do_syscall_64+0xbe/0x3b0
[  303.946573][ T8189]  do_syscall_64+0xfa/0x3b0
[  303.946597][ T8189]  ? lockdep_hardirqs_on+0x9c/0x150
[  303.946620][ T8189]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.946638][ T8189]  ? clear_bhb_loop+0x60/0xb0
[  303.946660][ T8189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.946676][ T8189] RIP: 0033:0x7f483858d33c
[  303.946692][ T8189] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  303.946708][ T8189] RSP: 002b:00007f483940d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  303.946727][ T8189] RAX: ffffffffffffffda RBX: 00007f48387b6160 RCX: 00007f483858d33c
[  303.946740][ T8189] RDX: 000000000000000f RSI: 00007f483940d0a0 RDI: 0000000000000004
[  303.946750][ T8189] RBP: 00007f483940d090 R08: 0000000000000000 R09: 0000000000000000
[  303.946760][ T8189] R10: 0000000040018042 R11: 0000000000000246 R12: 0000000000000001
[  303.946771][ T8189] R13: 0000000000000000 R14: 00007f48387b6160 R15: 00007ffc7ff85528
[  303.946798][ T8189]  </TASK>
[  305.103301][ T8202] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  305.710852][ T8211] netlink: 4 bytes leftover after parsing attributes in process `syz.1.553'.
[  306.025405][ T8223] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  306.510657][ T8215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.556'.
[  306.585060][ T5928] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  306.844786][ T5928] usb 3-1: Using ep0 maxpacket: 32
[  307.063438][ T5928] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  307.165082][ T5928] usb 3-1: config 0 has no interfaces?
[  307.212823][ T5928] usb 3-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[  307.322359][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.401380][ T5928] usb 3-1: config 0 descriptor??
[  307.858137][ T8232] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  308.146872][ T5928] usb 3-1: string descriptor 0 read error: -71
[  308.243037][ T5928] usb 3-1: USB disconnect, device number 14
[  308.504773][ T8256] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  308.552738][ T8261] warning: `syz.1.566' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  309.865970][ T8277] ieee802154 phy0 wpan0: encryption failed: -22
[  310.639747][ T8282] netlink: 4 bytes leftover after parsing attributes in process `syz.5.571'.
[  311.494450][ T8299] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  313.031357][ T8315] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  313.042520][ T8315] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  314.074315][ T8332] netlink: 8 bytes leftover after parsing attributes in process `syz.0.584'.
[  314.924165][ T8341] netlink: 4 bytes leftover after parsing attributes in process `syz.2.587'.
[  315.504041][ T8344] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  316.016487][ T8356] netlink: 48 bytes leftover after parsing attributes in process `syz.2.590'.
[  316.164883][   T43] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  316.284853][ T8363] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  316.356723][   T43] usb 6-1: Using ep0 maxpacket: 16
[  316.382723][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  316.409495][   T43] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  316.441522][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.476794][   T43] usb 6-1: Product: syz
[  316.487262][   T43] usb 6-1: Manufacturer: syz
[  316.502424][   T43] usb 6-1: SerialNumber: syz
[  316.527254][   T43] usb 6-1: config 0 descriptor??
[  316.549240][   T43] hub 6-1:0.0: bad descriptor, ignoring hub
[  316.565304][   T43] hub 6-1:0.0: probe with driver hub failed with error -5
[  316.641594][   T43] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input10
[  316.753941][ T5927] usb 5-1: new low-speed USB device number 10 using dummy_hcd
[  317.060397][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  317.071387][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  317.214510][ T5927] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  317.291361][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.362508][ T8383] netlink: 56 bytes leftover after parsing attributes in process `syz.0.599'.
[  317.385537][ T5927] usb 5-1: config 0 descriptor??
[  317.875695][ T8394] netlink: 4 bytes leftover after parsing attributes in process `syz.0.600'.
[  318.403393][ T8393] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  318.425061][ T5927] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  318.461593][ T5927] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[  318.609528][ T5927] asix 5-1:0.0: probe with driver asix failed with error -71
[  319.195852][ T5927] usb 5-1: USB disconnect, device number 10
[  319.378919][   T24] usb 6-1: USB disconnect, device number 3
[  321.497707][ T8409] binder: 8407:8409 ioctl c0306201 200000000640 returned -14
[  322.336821][ T8458] program syz.4.615 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  323.654970][ T6677] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  323.755198][   T24] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  323.879950][ T6677] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  323.931691][ T6677] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.971496][ T6677] usb 3-1: config 0 descriptor??
[  323.976630][   T24] usb 5-1: Using ep0 maxpacket: 16
[  324.005898][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  324.116403][ T6677] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  324.154921][   T24] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  324.227887][ T8487] netlink: 68 bytes leftover after parsing attributes in process `syz.0.622'.
[  324.233117][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.247124][   T24] usb 5-1: Product: syz
[  324.251442][   T24] usb 5-1: Manufacturer: syz
[  324.277124][   T24] usb 5-1: SerialNumber: syz
[  324.466612][   T24] usb 5-1: config 0 descriptor??
[  324.782155][   T24] hub 5-1:0.0: bad descriptor, ignoring hub
[  324.820651][   T24] hub 5-1:0.0: probe with driver hub failed with error -5
[  325.067321][   T24] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input11
[  325.575111][   T24] input: failed to attach handler mousedev to device input11, error: -5
[  326.325347][ T8507] /dev/nullb0: Can't open blockdev
[  327.216588][ T6677] gp8psk: usb in 128 operation failed.
[  327.223097][ T6677] gp8psk: usb in 137 operation failed.
[  327.232743][ T6677] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  327.243173][ T6677] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  327.946455][ T8506] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  328.196869][   T10] usb 3-1: USB disconnect, device number 15
[  328.223983][   T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  328.399944][   T24] usb 6-1: Using ep0 maxpacket: 32
[  328.441688][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  328.951088][ T8527] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  328.962880][   T24] usb 6-1: config 0 has no interfaces?
[  329.018572][   T24] usb 6-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[  329.066200][ T5927] usb 5-1: USB disconnect, device number 11
[  329.082367][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.247036][   T24] usb 6-1: config 0 descriptor??
[  329.291153][   T24] usb 6-1: can't set config #0, error -71
[  329.747822][   T24] usb 6-1: USB disconnect, device number 4
[  330.188189][ T8551] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.635'.
[  330.206139][ T8551] FAULT_INJECTION: forcing a failure.
[  330.206139][ T8551] name failslab, interval 1, probability 0, space 0, times 0
[  330.219004][ T8551] CPU: 0 UID: 0 PID: 8551 Comm: syz.0.635 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  330.219027][ T8551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  330.219039][ T8551] Call Trace:
[  330.219047][ T8551]  <TASK>
[  330.219055][ T8551]  dump_stack_lvl+0x189/0x250
[  330.219087][ T8551]  ? __pfx____ratelimit+0x10/0x10
[  330.219114][ T8551]  ? __pfx_dump_stack_lvl+0x10/0x10
[  330.219142][ T8551]  ? __pfx__printk+0x10/0x10
[  330.219164][ T8551]  ? fs_reclaim_acquire+0x7d/0x100
[  330.219201][ T8551]  should_fail_ex+0x414/0x560
[  330.219228][ T8551]  should_failslab+0xa8/0x100
[  330.219254][ T8551]  __kmalloc_cache_noprof+0x70/0x3d0
[  330.219276][ T8551]  ? assoc_array_insert+0x43d/0x2f90
[  330.219310][ T8551]  assoc_array_insert+0x43d/0x2f90
[  330.219341][ T8551]  ? key_set_index_key+0x381/0x540
[  330.219360][ T8551]  ? __pfx___mutex_lock+0x10/0x10
[  330.219395][ T8551]  ? __pfx_down_write+0x10/0x10
[  330.219421][ T8551]  __key_link_begin+0xd6/0x1f0
[  330.219443][ T8551]  __key_create_or_update+0x41a/0xa30
[  330.219482][ T8551]  ? __pfx___key_create_or_update+0x10/0x10
[  330.219532][ T8551]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  330.219560][ T8551]  ? __pfx_keyring_search_iterator+0x10/0x10
[  330.219585][ T8551]  key_create_or_update+0x42/0x60
[  330.219618][ T8551]  __se_sys_add_key+0x329/0x400
[  330.219643][ T8551]  ? __pfx___se_sys_add_key+0x10/0x10
[  330.219674][ T8551]  ? do_syscall_64+0xbe/0x3b0
[  330.219699][ T8551]  ? __x64_sys_add_key+0x20/0xc0
[  330.219722][ T8551]  do_syscall_64+0xfa/0x3b0
[  330.219761][ T8551]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.219778][ T8551]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  330.219795][ T8551]  ? clear_bhb_loop+0x60/0xb0
[  330.219816][ T8551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.219833][ T8551] RIP: 0033:0x7f70b378e929
[  330.219849][ T8551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  330.219864][ T8551] RSP: 002b:00007f70b15f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  330.219883][ T8551] RAX: ffffffffffffffda RBX: 00007f70b39b6160 RCX: 00007f70b378e929
[  330.219896][ T8551] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000200000000000
[  330.219908][ T8551] RBP: 00007f70b15f6090 R08: 0000000028502d68 R09: 0000000000000000
[  330.219919][ T8551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  330.219929][ T8551] R13: 0000000000000000 R14: 00007f70b39b6160 R15: 00007fff1121ee28
[  330.219958][ T8551]  </TASK>
[  330.735638][ T8552] process 'syz.2.637' launched './file1' with NULL argv: empty string added
[  330.805947][ T8552] hsr0: entered promiscuous mode
[  330.835150][ T8552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.637'.
[  330.904268][ T8552] hsr_slave_0: left promiscuous mode
[  330.983590][ T8552] hsr_slave_1: left promiscuous mode
[  331.666448][ T8574] netlink: 16 bytes leftover after parsing attributes in process `syz.4.640'.
[  331.707939][ T8574] netlink: 16 bytes leftover after parsing attributes in process `syz.4.640'.
[  331.793351][ T8574] overlayfs: failed to get inode (-116)
[  331.825557][ T8574] overlayfs: failed to get inode (-116)
[  331.856346][ T8574] overlayfs: failed to get inode (-116)
[  331.879046][ T5826] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  331.889558][ T5826] CPU: 1 UID: 0 PID: 5826 Comm: kworker/u9:2 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  331.889582][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  331.889594][ T5826] Workqueue: hci0 hci_rx_work
[  331.889623][ T5826] Call Trace:
[  331.889630][ T5826]  <TASK>
[  331.889638][ T5826]  dump_stack_lvl+0x189/0x250
[  331.889668][ T5826]  ? kernfs_path_from_node+0x2c/0x260
[  331.889695][ T5826]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.889719][ T5826]  ? __pfx__printk+0x10/0x10
[  331.889735][ T5826]  ? kernfs_path_from_node+0x2c/0x260
[  331.889755][ T5826]  ? kernfs_path_from_node+0x2c/0x260
[  331.889777][ T5826]  ? kernfs_path_from_node+0x22c/0x260
[  331.889795][ T5826]  ? kernfs_path_from_node+0x2c/0x260
[  331.889828][ T5826]  sysfs_create_dir_ns+0x259/0x280
[  331.889850][ T5826]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  331.889872][ T5826]  ? do_raw_spin_unlock+0x122/0x240
[  331.889895][ T5826]  kobject_add_internal+0x59f/0xb40
[  331.889918][ T5826]  kobject_add+0x155/0x220
[  331.889944][ T5826]  ? __pfx_kobject_add+0x10/0x10
[  331.889968][ T5826]  ? _raw_spin_unlock+0x28/0x50
[  331.889990][ T5826]  ? get_device_parent+0x366/0x3a0
[  331.890017][ T5826]  device_add+0x408/0xb50
[  331.890043][ T5826]  hci_conn_add_sysfs+0xd5/0x1e0
[  331.890064][ T5826]  le_conn_complete_evt+0xc3a/0x1220
[  331.890089][ T5826]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  331.890105][ T5826]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  331.890135][ T5826]  ? __asan_memcpy+0x40/0x70
[  331.890150][ T5826]  ? __pfx___mutex_lock+0x10/0x10
[  331.890170][ T5826]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  331.890189][ T5826]  ? skb_pull_data+0xfb/0x200
[  331.890212][ T5826]  hci_le_conn_complete_evt+0x187/0x450
[  331.890241][ T5826]  hci_event_packet+0x78c/0x1200
[  331.890263][ T5826]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  331.890287][ T5826]  ? __pfx_hci_event_packet+0x10/0x10
[  331.890308][ T5826]  ? kcov_remote_start+0x4d3/0x7f0
[  331.890325][ T5826]  ? warn_bogus_irq_restore+0x10/0x40
[  331.890347][ T5826]  ? hci_send_to_monitor+0xe2/0x570
[  331.890364][ T5826]  hci_rx_work+0x46a/0xe80
[  331.890389][ T5826]  ? process_scheduled_works+0x9ef/0x17b0
[  331.890410][ T5826]  process_scheduled_works+0xae1/0x17b0
[  331.890451][ T5826]  ? __pfx_process_scheduled_works+0x10/0x10
[  331.890482][ T5826]  worker_thread+0x8a0/0xda0
[  331.890521][ T5826]  kthread+0x711/0x8a0
[  331.890538][ T5826]  ? __pfx_worker_thread+0x10/0x10
[  331.890575][ T5826]  ? __pfx_kthread+0x10/0x10
[  331.890591][ T5826]  ? _raw_spin_unlock_irq+0x23/0x50
[  331.890608][ T5826]  ? lockdep_hardirqs_on+0x9c/0x150
[  331.890626][ T5826]  ? __pfx_kthread+0x10/0x10
[  331.890641][ T5826]  ret_from_fork+0x3fc/0x770
[  331.890662][ T5826]  ? __pfx_ret_from_fork+0x10/0x10
[  331.890686][ T5826]  ? __switch_to_asm+0x39/0x70
[  331.890698][ T5826]  ? __switch_to_asm+0x33/0x70
[  331.890710][ T5826]  ? __pfx_kthread+0x10/0x10
[  331.890726][ T5826]  ret_from_fork_asm+0x1a/0x30
[  331.890752][ T5826]  </TASK>
[  331.890778][ T5826] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  332.130062][ T8574] overlayfs: failed to get inode (-116)
[  332.224856][ T5826] Bluetooth: hci0: failed to register connection device
[  332.238400][ T5826] ==================================================================
[  332.246484][ T5826] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x6e4/0x1040
[  332.254471][ T5826] Read of size 8 at addr ffff88807c104480 by task kworker/u9:2/5826
[  332.262448][ T5826] 
[  332.264782][ T5826] CPU: 0 UID: 0 PID: 5826 Comm: kworker/u9:2 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  332.264803][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  332.264816][ T5826] Workqueue: hci0 hci_rx_work
[  332.264843][ T5826] Call Trace:
[  332.264850][ T5826]  <TASK>
[  332.264856][ T5826]  dump_stack_lvl+0x189/0x250
[  332.264876][ T5826]  ? __virt_addr_valid+0x1c8/0x5c0
[  332.264888][ T5826]  ? rcu_is_watching+0x15/0xb0
[  332.264906][ T5826]  ? __kasan_check_byte+0x12/0x40
[  332.264923][ T5826]  ? __pfx_dump_stack_lvl+0x10/0x10
[  332.264941][ T5826]  ? rcu_is_watching+0x15/0xb0
[  332.264959][ T5826]  ? lock_release+0x4b/0x3e0
[  332.264977][ T5826]  ? __virt_addr_valid+0x1c8/0x5c0
[  332.264989][ T5826]  ? __virt_addr_valid+0x4a5/0x5c0
[  332.265001][ T5826]  print_report+0xd2/0x2b0
[  332.265016][ T5826]  ? l2cap_connect_cfm+0x6e4/0x1040
[  332.265029][ T5826]  kasan_report+0x118/0x150
[  332.265046][ T5826]  ? l2cap_connect_cfm+0x6e4/0x1040
[  332.265062][ T5826]  l2cap_connect_cfm+0x6e4/0x1040
[  332.265079][ T5826]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  332.265096][ T5826]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  332.265110][ T5826]  hci_connect_cfm+0x95/0x140
[  332.265123][ T5826]  le_conn_complete_evt+0xcd3/0x1220
[  332.265140][ T5826]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  332.265153][ T5826]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  332.265176][ T5826]  ? __asan_memcpy+0x40/0x70
[  332.265189][ T5826]  ? __pfx___mutex_lock+0x10/0x10
[  332.265208][ T5826]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  332.265226][ T5826]  ? skb_pull_data+0xfb/0x200
[  332.265246][ T5826]  hci_le_conn_complete_evt+0x187/0x450
[  332.265269][ T5826]  hci_event_packet+0x78c/0x1200
[  332.265287][ T5826]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  332.265308][ T5826]  ? __pfx_hci_event_packet+0x10/0x10
[  332.265326][ T5826]  ? kcov_remote_start+0x4d3/0x7f0
[  332.265341][ T5826]  ? warn_bogus_irq_restore+0x10/0x40
[  332.265360][ T5826]  ? hci_send_to_monitor+0xe2/0x570
[  332.265374][ T5826]  hci_rx_work+0x46a/0xe80
[  332.265394][ T5826]  ? process_scheduled_works+0x9ef/0x17b0
[  332.265413][ T5826]  process_scheduled_works+0xae1/0x17b0
[  332.265441][ T5826]  ? __pfx_process_scheduled_works+0x10/0x10
[  332.265465][ T5826]  worker_thread+0x8a0/0xda0
[  332.265492][ T5826]  kthread+0x711/0x8a0
[  332.265510][ T5826]  ? __pfx_worker_thread+0x10/0x10
[  332.265528][ T5826]  ? __pfx_kthread+0x10/0x10
[  332.265541][ T5826]  ? _raw_spin_unlock_irq+0x23/0x50
[  332.265557][ T5826]  ? lockdep_hardirqs_on+0x9c/0x150
[  332.265574][ T5826]  ? __pfx_kthread+0x10/0x10
[  332.265587][ T5826]  ret_from_fork+0x3fc/0x770
[  332.265605][ T5826]  ? __pfx_ret_from_fork+0x10/0x10
[  332.265624][ T5826]  ? __switch_to_asm+0x39/0x70
[  332.265636][ T5826]  ? __switch_to_asm+0x33/0x70
[  332.265647][ T5826]  ? __pfx_kthread+0x10/0x10
[  332.265660][ T5826]  ret_from_fork_asm+0x1a/0x30
[  332.265677][ T5826]  </TASK>
[  332.265682][ T5826] 
[  332.543056][ T5826] Allocated by task 5826:
[  332.547396][ T5826]  kasan_save_track+0x3e/0x80
[  332.552077][ T5826]  __kasan_kmalloc+0x93/0xb0
[  332.556668][ T5826]  __kmalloc_cache_noprof+0x230/0x3d0
[  332.562045][ T5826]  l2cap_chan_create+0x50/0x760
[  332.566943][ T5826]  l2cap_sock_new_connection_cb+0x182/0x2b0
[  332.572843][ T5826]  l2cap_connect_cfm+0x37a/0x1040
[  332.577863][ T5826]  hci_connect_cfm+0x95/0x140
[  332.582544][ T5826]  le_conn_complete_evt+0xcd3/0x1220
[  332.587826][ T5826]  hci_le_conn_complete_evt+0x187/0x450
[  332.593401][ T5826]  hci_event_packet+0x78c/0x1200
[  332.598336][ T5826]  hci_rx_work+0x46a/0xe80
[  332.602751][ T5826]  process_scheduled_works+0xae1/0x17b0
[  332.608291][ T5826]  worker_thread+0x8a0/0xda0
[  332.612879][ T5826]  kthread+0x711/0x8a0
[  332.616958][ T5826]  ret_from_fork+0x3fc/0x770
[  332.621579][ T5826]  ret_from_fork_asm+0x1a/0x30
[  332.626338][ T5826] 
[  332.628656][ T5826] Freed by task 8581:
[  332.632639][ T5826]  kasan_save_track+0x3e/0x80
[  332.637316][ T5826]  kasan_save_free_info+0x46/0x50
[  332.642345][ T5826]  __kasan_slab_free+0x62/0x70
[  332.647106][ T5826]  kfree+0x18e/0x440
[  332.650998][ T5826]  l2cap_sock_cleanup_listen+0xea/0x3e0
[  332.656546][ T5826]  l2cap_sock_release+0x5d/0x1d0
[  332.661499][ T5826]  sock_close+0xc0/0x240
[  332.665748][ T5826]  __fput+0x44c/0xa70
[  332.669744][ T5826]  task_work_run+0x1d4/0x260
[  332.674332][ T5826]  exit_to_user_mode_loop+0xec/0x110
[  332.679617][ T5826]  do_syscall_64+0x2bd/0x3b0
[  332.684211][ T5826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.690106][ T5826] 
[  332.692420][ T5826] The buggy address belongs to the object at ffff88807c104000
[  332.692420][ T5826]  which belongs to the cache kmalloc-2k of size 2048
[  332.706463][ T5826] The buggy address is located 1152 bytes inside of
[  332.706463][ T5826]  freed 2048-byte region [ffff88807c104000, ffff88807c104800)
[  332.720427][ T5826] 
[  332.722746][ T5826] The buggy address belongs to the physical page:
[  332.729145][ T5826] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c100
[  332.737898][ T5826] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  332.746408][ T5826] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  332.753951][ T5826] page_type: f5(slab)
[  332.757929][ T5826] raw: 00fff00000000040 ffff88801a442000 ffffea0000924a00 dead000000000002
[  332.766535][ T5826] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  332.775108][ T5826] head: 00fff00000000040 ffff88801a442000 ffffea0000924a00 dead000000000002
[  332.783764][ T5826] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  332.792423][ T5826] head: 00fff00000000003 ffffea0001f04001 00000000ffffffff 00000000ffffffff
[  332.801082][ T5826] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  332.809738][ T5826] page dumped because: kasan: bad access detected
[  332.816142][ T5826] page_owner tracks the page as allocated
[  332.821842][ T5826] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5838, tgid 5838 (syz-executor), ts 93093533449, free_ts 93089115583
[  332.843187][ T5826]  post_alloc_hook+0x240/0x2a0
[  332.847950][ T5826]  get_page_from_freelist+0x21d5/0x22b0
[  332.853516][ T5826]  __alloc_frozen_pages_noprof+0x181/0x370
[  332.859316][ T5826]  alloc_pages_mpol+0x232/0x4a0
[  332.864164][ T5826]  allocate_slab+0x8a/0x3b0
[  332.868672][ T5826]  ___slab_alloc+0xbfc/0x1480
[  332.873347][ T5826]  __kmalloc_noprof+0x305/0x4f0
[  332.878190][ T5826]  sk_prot_alloc+0xe7/0x220
[  332.882684][ T5826]  sk_alloc+0x3a/0x370
[  332.886742][ T5826]  __netlink_create+0x65/0x260
[  332.891498][ T5826]  netlink_create+0x3ca/0x590
[  332.896166][ T5826]  __sock_create+0x4b0/0x9f0
[  332.900749][ T5826]  __sys_socket+0xd7/0x1b0
[  332.905159][ T5826]  __x64_sys_socket+0x7a/0x90
[  332.909830][ T5826]  do_syscall_64+0xfa/0x3b0
[  332.914330][ T5826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.920214][ T5826] page last free pid 5838 tgid 5838 stack trace:
[  332.926534][ T5826]  __free_frozen_pages+0xc65/0xe60
[  332.931662][ T5826]  __slab_free+0x326/0x400
[  332.936084][ T5826]  qlist_free_all+0x97/0x140
[  332.940662][ T5826]  kasan_quarantine_reduce+0x148/0x160
[  332.946111][ T5826]  __kasan_slab_alloc+0x22/0x80
[  332.950951][ T5826]  __kmalloc_node_noprof+0x21b/0x4e0
[  332.956224][ T5826]  qdisc_alloc+0x97/0xaa0
[  332.960563][ T5826]  qdisc_create_dflt+0x8e/0x4e0
[  332.965404][ T5826]  dev_activate+0x378/0x1150
[  332.969983][ T5826]  __dev_open+0x69c/0x880
[  332.974307][ T5826]  __dev_change_flags+0x1ea/0x6d0
[  332.979329][ T5826]  netif_change_flags+0x88/0x1a0
[  332.984259][ T5826]  do_setlink+0xc55/0x41c0
[  332.988668][ T5826]  rtnl_newlink+0x160b/0x1c70
[  332.993330][ T5826]  rtnetlink_rcv_msg+0x7cc/0xb70
[  332.998263][ T5826]  netlink_rcv_skb+0x205/0x470
[  333.003015][ T5826] 
[  333.005331][ T5826] Memory state around the buggy address:
[  333.010945][ T5826]  ffff88807c104380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  333.018992][ T5826]  ffff88807c104400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  333.027047][ T5826] >ffff88807c104480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  333.035121][ T5826]                    ^
[  333.039192][ T5826]  ffff88807c104500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  333.047249][ T5826]  ffff88807c104580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  333.055304][ T5826] ==================================================================
[  333.149484][ T5826] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  333.156721][ T5826] CPU: 1 UID: 0 PID: 5826 Comm: kworker/u9:2 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  333.167153][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  333.177221][ T5826] Workqueue: hci0 hci_rx_work
[  333.181916][ T5826] Call Trace:
[  333.185194][ T5826]  <TASK>
[  333.188134][ T5826]  dump_stack_lvl+0x99/0x250
[  333.192739][ T5826]  ? __asan_memcpy+0x40/0x70
[  333.197334][ T5826]  ? __pfx_dump_stack_lvl+0x10/0x10
[  333.202543][ T5826]  ? __pfx__printk+0x10/0x10
[  333.207142][ T5826]  panic+0x2db/0x790
[  333.211056][ T5826]  ? __pfx_panic+0x10/0x10
[  333.215480][ T5826]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  333.221373][ T5826]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  333.227703][ T5826]  ? print_memory_metadata+0x314/0x400
[  333.233171][ T5826]  ? l2cap_connect_cfm+0x6e4/0x1040
[  333.238372][ T5826]  check_panic_on_warn+0x89/0xb0
[  333.243320][ T5826]  ? l2cap_connect_cfm+0x6e4/0x1040
[  333.248539][ T5826]  end_report+0x78/0x160
[  333.252792][ T5826]  kasan_report+0x129/0x150
[  333.257318][ T5826]  ? l2cap_connect_cfm+0x6e4/0x1040
[  333.262525][ T5826]  l2cap_connect_cfm+0x6e4/0x1040
[  333.267559][ T5826]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  333.273032][ T5826]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  333.278496][ T5826]  hci_connect_cfm+0x95/0x140
[  333.283170][ T5826]  le_conn_complete_evt+0xcd3/0x1220
[  333.288462][ T5826]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  333.294180][ T5826]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  333.299815][ T5826]  ? __asan_memcpy+0x40/0x70
[  333.304406][ T5826]  ? __pfx___mutex_lock+0x10/0x10
[  333.309453][ T5826]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  333.315456][ T5826]  ? skb_pull_data+0xfb/0x200
[  333.320139][ T5826]  hci_le_conn_complete_evt+0x187/0x450
[  333.325694][ T5826]  hci_event_packet+0x78c/0x1200
[  333.330636][ T5826]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  333.335931][ T5826]  ? __pfx_hci_event_packet+0x10/0x10
[  333.341311][ T5826]  ? kcov_remote_start+0x4d3/0x7f0
[  333.346425][ T5826]  ? warn_bogus_irq_restore+0x10/0x40
[  333.351800][ T5826]  ? hci_send_to_monitor+0xe2/0x570
[  333.357006][ T5826]  hci_rx_work+0x46a/0xe80
[  333.361438][ T5826]  ? process_scheduled_works+0x9ef/0x17b0
[  333.367171][ T5826]  process_scheduled_works+0xae1/0x17b0
[  333.372743][ T5826]  ? __pfx_process_scheduled_works+0x10/0x10
[  333.378731][ T5826]  worker_thread+0x8a0/0xda0
[  333.383336][ T5826]  kthread+0x711/0x8a0
[  333.387410][ T5826]  ? __pfx_worker_thread+0x10/0x10
[  333.392536][ T5826]  ? __pfx_kthread+0x10/0x10
[  333.397130][ T5826]  ? _raw_spin_unlock_irq+0x23/0x50
[  333.402335][ T5826]  ? lockdep_hardirqs_on+0x9c/0x150
[  333.407541][ T5826]  ? __pfx_kthread+0x10/0x10
[  333.412139][ T5826]  ret_from_fork+0x3fc/0x770
[  333.416730][ T5826]  ? __pfx_ret_from_fork+0x10/0x10
[  333.421846][ T5826]  ? __switch_to_asm+0x39/0x70
[  333.426605][ T5826]  ? __switch_to_asm+0x33/0x70
[  333.431365][ T5826]  ? __pfx_kthread+0x10/0x10
[  333.435955][ T5826]  ret_from_fork_asm+0x1a/0x30
[  333.440720][ T5826]  </TASK>
[  333.444050][ T5826] Kernel Offset: disabled
[  333.448385][ T5826] Rebooting in 86400 seconds..