last executing test programs:

5m2.036118347s ago: executing program 2 (id=291):
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4, 0x50, 0xffffffffffffffff, 0x7cacd000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(&(0x7f0000002e80), r0)
sendmsg$GTP_CMD_ECHOREQ(r0, &(0x7f0000002f80)={&(0x7f0000002e40)={0x10, 0x0, 0x0, 0x20180001}, 0xc, &(0x7f0000002f40)={&(0x7f0000002ec0)={0x50, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {}, [@GTPA_I_TEI={0x8, 0x8, 0x3}, @GTPA_I_TEI={0x8}, @GTPA_FAMILY={0x5, 0xd, 0x1a}, @GTPA_PEER_ADDRESS={0x8, 0x4, @initdev={0xac, 0x1e, 0x1, 0x0}}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x25}}, @GTPA_PEER_ADDR6={0x14, 0xb, @dev={0xfe, 0x80, '\x00', 0x36}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0xc000)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="9c"], 0x9c}, 0x1, 0xba01, 0x0, 0x20000000}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x0)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42400)
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(0xffffffffffffffff, 0x0, 0x6014)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0)
ioctl$AUTOFS_IOC_FAIL(r4, 0x4c80, 0x7000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000fbffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x14200, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000002380)={'syztnl2\x00', &(0x7f0000002300)={'erspan0\x00', <r6=>0x0, 0x8000, 0x80, 0x0, 0x9, {{0x16, 0x4, 0x3, 0x3e, 0x58, 0x65, 0x0, 0x2, 0x29, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x3d}, {[@timestamp_prespec={0x44, 0x44, 0xf3, 0x3, 0x7, [{@remote, 0x9}, {@broadcast, 0xa3d}, {@empty, 0x7}, {@multicast1, 0xfffffffa}, {@broadcast, 0x7f}, {@loopback, 0x800}, {@private=0xa010100}, {@loopback, 0x3}]}]}}}}})
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmmsg$inet6(r5, &(0x7f0000002d00)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0x101}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000200)="b601c594c667c8107c791f543bd7b1605b8a835463205816570efdd91a2347f7eb68e45c616d3b4d6696e0236f4e7d104e19d65388436daef0ed6f3d4503a90202fc7b5040fdc2aa965fa960db0ae59a0f83090af0d8c301d2be982b71d57f3b5bb10da4e9e86f7a6dbb7537ac11bd94014978cad56281830dcfe2fc9ec0db4fd4f06073b7ac5771b44e8e9a1d", 0x8d}, {&(0x7f00000002c0)="c6bd6e86e67424f5a7eadcfaab43b24e599b748b0fedb40147831f2b68923c47d08b9e8d4db50b61c1c6a8d843289d3577ed556bb525eabd164c3054aabe3a3185a8f60c18b09fe2d3f13d0c2e7c5d61888bb021bdc27a0aab11bb89db2e502c8e2134769b5a0fb710da8ad4ba303544400ecf5a2b06fb70853e", 0x7a}, {&(0x7f0000000340)="8d47a669321748bd8a017806aac300b2d6e4ca51acfea6212a87a96dcfb41ec6bc7fdc41cd5968fc2ea82af9885f1b9d97e9a681a1c456e3d68cddf9e0b876322f079e00e27adb977fdffca44de074d30416b82f3bc88c27d9985f7d8b9738d26a6b2ee67d81e74738c7a0c9a525c9ea5fc3b7df353c525c26621ca7cc285b165c54a19556d11f9a17b307c37a9f23f90fbf1500deb55cc23e95d91302d64e2f4963cdb59132c635b0b08ef7da8fb61d08857e0e4030e2fc026352aea84af01ff958c15507e36377f9abb94909dd63e230eae42b2fc90493551e33fd47f8183ded23615ee13af5d8da4165448cc6c78217d92828466f93045357e434c454", 0xfe}, {&(0x7f0000000580)="f96fc2ab1a59ed81e461141989386342e8cc953fd86bd7acbfd220f8ba04a7f6eec2d1b73149346411d723df7ec29b1df0cde03de0a093ae2e628547d3408dca1e119578dcce2749ee0521d16ab87595bdbda0c676404360905c75c3a11b4c85657243b28f2cad80f0ef6d7a64b15b1a625696cbdae35582862e36aac99517676f11d1b588c496cad5520a16096d5fbf5e569e11a6111c5dc14a666cda7a2edfaace980ae9a635853f6798ac2e4724af84bf7fc2361caea42b1e4a6c113cc7da9c86c7870b06447d85712191a5e9b1fa482cb1b57b9a10cf6b5f08d8a3fbb5fcaab1a199b6", 0xe5}], 0x4, &(0x7f0000000440)=[@rthdr={{0x78, 0x29, 0x39, {0x2f, 0xc, 0x2, 0x7, 0x0, [@private2, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x3e}, @private0, @private0]}}}], 0x78}}, {{&(0x7f00000004c0)={0xa, 0x4e23, 0x9, @mcast1, 0x6}, 0x1c, &(0x7f0000001a00)=[{&(0x7f0000000680)="f0ec497eef15b47bfaa2663f3d101c8d71c30f5e2064d207d522ba744313a96845bd3c26f0b70f34cb44d9960639c453f2304fb61e4159b15634295dbf22982a6edaf7a324f034d612fdad7fb696c6662c000df0b2950b6c9a23", 0x5a}, {&(0x7f0000000700)="c28d3c9d675e5f3818ed3e91fc59659746e1ad7f4598d9096197107fcee5bcf32fe400b28fdd6b3c00aa7e557644f4c47036fc", 0x33}, {&(0x7f0000000740)="7bbc03da682da69a2d3d4aedbb45059cde8282d516b2c4d62ed9a7fc9d0b7412ab8f57f678ee0e925ec8f42871edbfbdf00e2f99a2fb931bd363791ad537de3d6debe4a8d0c0ac6263c2f5cdbc9152457079407a8ec92a9188048ca84f63e1829f9e3e91df473aaa8cdabc7642d6a466b5588978b1ca4d14b449afa5eb71ca1571c55ea8b8cf52879a0391e202726b33d10a", 0x92}, {&(0x7f0000000800)="89ba84cf8dcd4c0daa2e89d166c923e6e08b17fa8fc13d6c49e0f3216d508a8d16670c4c3d3ee434485ea8d7e00591c785416033c789d653314a11a3698e6332b58928c9a09d7b02d25a25fe26af58309e2159cf2939622e32e4b7db8c998d459170bd533757e1401b14e6743717e4ff01dba47b9e8d054d630c9b633144c7703202f9a54447b74d7aa45b3af02994f273730e3c9bb4222b7cb543aab679fd2cfe2d752a0af63c4d20727e3cb3454b484726b2654075b5e1b0d46504f5f6ebec", 0xc0}, {&(0x7f0000000940)="84f567de7eb6da7ef626f4db8b5d348a9a61a8885e4c0e93243954ee0a979200c8671c61d23212206388c5d45b3ea7d6fe1800deffaad075c9389a1cf1c9846b3277a02adc868ddc90e9210a3e99c7b53214fa0043ab1f9cfe5eb2ba3f5c6f1eda5894aabe71a15742a34640963b8624f42ba798d42091dd97ed95818b6aeb809d44e317481640a831083c96395570fd6cdd4a06c0c00e8015b635e3237478b85f08ee8c545f829ad61de54ae479bace7d75d082501b12b70b656ceef6fdaf5b5b1164f4314e71fd4ef93db06293dad12c67d18355b4d9039352dd6725eecdd9a6837d62a170148f4d0c4d897dfae3ea695aeff7eedcfedebb3d5dc3a0be8c1a77d57771516c42502108cf5e1893e8735bcee223248353b90179fb0a8d4f346364415d4593d35eba237c30ccdd1829f0c9bc908e4e92f0022f922168cfef5a7b397733d615dee73e60aee16adc9e2ce72e28445cbb2ecbfe55d063b0d4692b50b9bfbd4a64252ebe3a3def91017906fcf997cfd68162d856b0cb1bf80ae3503a6da3d1930a9f3503a3f6954e51ddf286842f26e68ab34912b36cc7fc1ff3d9408a392957b0ee49dfe7ded91bc4ae8b724821455bd63452a30826a772614c86070bbb5904cbaec3ea9811f63473375de223e5e8b8267b5f1566dd5d7066ecbca372cae2d455afd9d72943ab0d0647479c03e0e5ab958527f01ce699921aeeb83621c03b2f1303c37216d2215cc47c6307b905dbc4d55d08a68166d03f911b8c8db7a2862f9dc8de8da92a0eed7e015e70ff196388c1481708709c7a5ccb0a8e53fbc0f9ddaec1112cb674dd6aaff5a1c0bbaf2c1486ea44ec335799ceb822bbb1dc9506c21396acc22449abee0d09f4c5b161471c9673b953f78f2cf928937ace6316f8a20993833bdf769f7737b1b94e536e81d13ddb14fe3b3d128617d54924fd2459036c1890d9fbd4770596e7a80c54853a6d03d08b483d9998187733cd66cbdccb04cc788c95474e663eaee7707a32b3542e255c8c5ad72d92819e5fb8fa2707fc31ce6724911da27496c5d7e92880bcd0a3946330ee8e5e27cf827e00a7a4f26d390a171ffd0d01317e0cd5bc35acf2438b4a25baced782c1185a73d8bf191ef90c12465a579fbf1732d36cedb9f58926dbe477cc72e0869133dc4bda04f47c7b04f9d6d76514be26f856aff5f7adeab7e7baac9fcd6a13377d283b10189533207e81c93a66f402b5b161a195177fbfb82b45664fae3c1f54393d426d58070fa6daf0f42edccf275c09115284438bf4a44735f995b2cd00de6f66922cf3c5864497af251975ac1ca7ef2444bd774c418015313716e5aa5f844b6fc13862cb11cf9f92318ec6862c2a9a927e30c6fe9ab34d66a5ce3d6063477121fe22dd1e04465ecd5b602f516c7be35f90e53c294eed86e51879d7fee49e948a9e177462aa148192de4317cd6879eb7e0ef148c8ea4d436e5dbb2724b57492ca92ddc8f105f60e3a0e0f52dfcdb63450b756fba402d61f88725bc034fc2f7e1f90106083d85d7b8bbe4ff6b68b93987b23e7dee5d928108a20c6f34bae5041e60fe517b8e91acbea7d1fb6a08c70fcfa8c43ca1d70f7f5dc8a70bccdc44247cdee2f4db906ef56f424f3f8d84a0dd23a9cb36c716a98682307fd9f7949842714a0a57f0384d1520946264b26ab6a8e640752e8a2f29bcb81f4114dcc46ea6011e0f5990d530493acdef93a2f564e92546387e9c4132e65134c858655b325532e0d4d94ddf73dbce0e9e0aeb300da7f23db4d764c9fd58439e2599b6d63f393b9a9b5e3608351599e75f175ac75ea357b33ab6bf99d1717511d2781b06680f11e4b74bc2594ee1abcfaf203768af3227a3a0d107b45341c6bc769e680724f559308b27e03a033a486ac047962a893f45609b8911c537cf2dfbbaddd54dd5a16177bcb8cd052123327aa1ed3f57d2c5d17a3459109fc7565f0a54cf73861a4ca6fd24b5ce8177d0a3c36e1107be5f716b3baa725d6dfe2d3cdc096d37e6a7de91d15a0a7e9ed6f913ffb6c125da042dbd60a98536abb6c8cffa914905f5d2993c97520e71bc3711d95bb5a065082f84c02a7f77459c57e49f9fb8c355a838f8cd5c1bc8ef96bee1e59412854aeb2bd37a5b251d988813e72b6769baeae916f40114fcf12fd913785aa535706b8155218d776200124e1988390b55a9cd431c059f7b495767dc93caa49dfe4adaedb0013704f127357d9e154bf8b385366befb15219c182b14c2a40277cbf7ba53fb56afe67945dcccf02718bd0084025d013c1d936d7d1b3b31d40ed023d37a45cec8d82408c494761e968090e3d142886a10f6eff46b3697ff0ab07300f82bc5ee95f482c6ceef5ebf37057d98f7150caa6316a6c31a2bfe345b6d911cb64c5e1202f80c05f3868011fdfab205efb8c0aee128eabc21503d848657091f5fb41ccf5a23200c403e5813b84da7057727cb92c9c53a32f4b17b481c736dedf4657f6755c928882e2ef991d3112556e1a29e32d9d2d84b32545e5ad447b9dcc2c159191fd44863387205985cb879bca1244ca27664f9cc102e55287545628af089f322c415bc7e9d5989ab2e4ff6ce663a61d42f2f21bde3ef6a9496c23e9f39eb53413d1ff06e1264cbea47dde5d167641e468f0f589b5da65f1d49c68daf7530784837b8503ed977b85348262cf8a484e0c6c0e62499c5e9286538527b83e648cd7c8d8a31fc04e77ccc1c7577dce6789e144429fd3444d1909263beb282115abea09fb9205f54377e7a273b293efa0b29b9281974d892c4d8934425a4d0d9e535ed0bf8cb304e2a4cb2ea77fd55169715c19ac9f56b692855d61ef4838815f30cc3a97c7fe258cb915d1ce93304c173cffd5073dec92f171b6922120c92683e42e00db0dc709e9d10cbe6d4f0cd6d211f82ade949694b543576b6f174d4c2f1a645ef790bf04169f3d4726e40eebf4a0d82af99d7780d96c578c988911f2214ec1e0bd4e272976c71a9074c38d94ee77dc2824f6ec0810ff5026ff1313dd71f7a715f6685799d8287f8a1da7be84b4a6239a12e6ce6b55741f4fd920610a5535fe1da3036360c1cc20ab9f7ddb3d74d06c891ae27492719aa20ce93416e973a74f4c32aa3421010c2b8aa21be36856f5bfbbd32279d7a90685389f75ffcb83fdaf2914d22386c09e26e14d5087612624f46e4faec3767e62a57625d77f581db86abb61c90c45bc8e78ddb9b8c7b9e229d70da4f409a0d5600eccbad06ea511f86d2f65d79d24fb0291863d418fc4a29ec2409f86dfdc1db229723f0f34f818af179a5cdf68aa7a468eec35df7ecfc8e846f0a29ab00a2bcb21047e05c35543fb2634cd72105a606289889efdf72c1c147c6f0e42014c7f5c645f1c029fa9ba7019d97cab2a73286a852bbe9add26124c2f0d5583296a7f2abfc3d03646b713f6d264f5dac0a403f026f44f4606c4b07278f10fbee192676b158ccf897169f2a8f44e7821d3aaef303f1feb364a8d3b58103041bc500e8702e0b7f38d03367fdb792b30e70011532e3b179b5ef048099069ad9b5e6e721956e1bc19059efbedfdedcd016f7f11ee3b246cdd93a5e6e20f0cad4b351d495ec5b4b4b8d1d9ed55dc23c2afaaf95d28cd02728f4ec00f67bd8aeeb6a350b9627446e3d07a4f1e18017f81cd428bc270d8e0c0f20460ae7964c8b439b3960b2fd7a86e347e60ddf09522dec8a0b03cb331acefa7ae41da8233c03d62ba0511dc16f4aab968147b104a15577cd55beb2d7c0ad1ae18d971bbb2aae86e134fdfc68fd5f442fbd70c30769b169e14973ff9bc71d6b7ef224b67fc11cbf26d6b9a005b7ccf8d613838137263363f26d85859820b8a405d2e5fe1ced119356429e4aa3f572e330f03cc74d27e0698a9463826f68cfe6fb201c7ec93758c120f425585627e14480c69557e07ae0cb0fecf203e4a027129e44303dc5a86f8af8601f0ac90480d90e48d199e315b4f478f561e557a4056c09c4a30d3158806f529829253adf591f87f0a540d06d6afc0da3a21479965843467db75330c6fbf2090b8fa25265f06a8616c8e66d4102a7d45f94289a8a552170c285307d792c7d2d24185acb20e57c0065363d2ef5326150fef00146dad31fc392cc719e28aa4de4ca169ad46fe39d0d310e210c35cf7c7d6bdba16457c0bd3b1cb9fe477774db15e1eb2fb2ab0efdc7b3466368e20ef3e02c7cc0c89e40bcd748d544c8fe17178307357a4cdd1178ceff6e8cffb985dc46fe7525f3f5b15c90025161893dfd389c203c562d6ca6d34b67925bebef86b66d2a34645bc66bd5a4ec119d7e6f8bdcba281369b43c6d20a9b4e35bcd0a90f1a8320e120eba02343eb61c871ae719d0ba78ddd21463243e3d3d2ca0c5c30b8edf53ae5c09ec590f0f8b713e476b4620e2f5c437829457e89d363c97310c9711eafb2a73549832caa4e584e8d73816b5f9a9f58084e6d5e33f0e97e2f2baa4272cc2f7a42bf248da68015bb116dde19d965b951846b418dac4b5734c8896457f76a0f22429e17e03e31819a56d98796bb5dd1ed81cea3a08a349fbc3507564fee618ad1f4980a589e2e45b6a9f6cb93a9431493e301349d63d1ffadae61d75e46c42b90c3bf9f8f305651b29b7ae40661043fade22523ae01900c659cb3ba7de820f20d71d4bd724c56f1d111d07aeac8d27cb3a1b27bf42e8276d49c3b1d37d4a3faeab896ce172f28fb2ff49de9de734467cb208809d33257a7e69affb51a3641efa4d3be44a1f5e59bbf5d71e852c8205ab0583ea30d9d5a4e251b92836550dd4f8a9d7aaa7f52ccd74013fa19790710906f477d5724013767e68fd8b2d8eab5a8e4d258953dea8e21cc83a7229f6bf56e832848411d0cb0d422c1f80d9ef4039700eae9ef85f587b08a31384894f8b05434489194b0519abfe86e770404dcb4906b863720caacb2979783c7df29223ff72783f2ffca6ee19228a5fd2cd09388533901803320d6909909802916b5aaf82dd8e7c1e9605241487285f872abed1ece55e35e30f75fdd3ff0ed13f16bcc06d3fd2822c489fd70cd286f42bfb8fd809e894d85ce3968bbe6c3647dbc856857fbafa899ae5b071601cb2b9cebbe4e5a96b70a8b9dd2e3577db08a7ac34edc3a07428bae1b79586f1b4a6e55dd4f256b76a06ccefc0d5c6e64261c14404f17e203eade544ca51aa0f29410bd0933fc2801c14ae7a0ab1f72ffe984f175be707892da3b149c8901cd583e18c460109496eb2f21ede94205b3c4c8a9766a0bbe40570f3a30687969594133ab0ab96734ab67998ddbbe4f0ea9e93d5bffd2639f6c1ca8a9f38564cb9630c6c33e1a41e551aa49d6b870965a74acb386741706465cd9d794531def6c2dc56192e4810e1fba1a7066ffb21791e3ebaf5c0d8f2df9befc402486febb3bff8965083363efdd56d8d895227b52b84337671f2ad6690c1214818a7213321b685985253bdbf35993e8cf5f3818eeb158d89d360fa34cb27e0878dc2e29af62ffcd0a7434f8ab6fce378927392067d04a403d1ae940a611a21f2862e8b31a9fd3330061294c24f312cccc81ac7b6bce15d0f7220a9b8c7853f3224954cad2f2b7699ad93a0bac00601d76887fb6927e9d8ca5bff1172840ff57335dc4fb869c53e8e06b2cebbae90ddae489e4bfcb4630a9653db483b087c50aaf16e4ffcf76768069161ec8cd194850ef014f317fe2fd52c46df5cd764743d4c29227c58d572ea76eab84030b09dd6dc4c183d903772cb806a9eb8979ce73fe53020", 0x1000}, {&(0x7f00000008c0)="251cc4a1650025be29a2a82874551ab6dc3871d3cd75c862fc47e5ccb84fcda445a6bdd644c0b69e15f5b1611cda2f9c2b471d9be4bf186eb876cc", 0x3b}, {&(0x7f0000001940)="87b3ff9db5e95a8bb806b70d3fbd71d15897ca2e0aa2e65a0b4a243bb6fabebc31de8ad62af7fda923e26b03b6cae21222bc67696a77e1dbeb47ceeb265663ff77281dfd10c940db8d9e71f1afdade727be3a6077e4159c78d7e617a2a914a3f91ef189e7eb0b9d404c93b79fc3f259c247e50089f4f4bb7bf39cece8a948d699da6c38c4ca2236f87", 0x89}], 0x7}}, {{&(0x7f0000001a80)={0xa, 0x4e20, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c, &(0x7f0000001ec0)=[{&(0x7f0000001ac0)="2f6b07b79db311bf740d5059fc15b60ec980529fd326cc85053015342be15260d7c3ec04abeada", 0x27}, {&(0x7f0000001b00)="9f8b3a1c7ff42d4860caa1d319e8a4a4b472941d7da1e55054c2b475ee10de2517b4241c6cb26ff792fbd1f17881604ce3f4a014105f7d3c033503a5f1ba9276c14d6b54f57c0f872c5d841790617f8dd82457e0b7b1c4092273e8b61100481da46339e504b41b5eec1634d84100bcbe35a11184865ae119d7f1ea8db5a7d071c375a7b5", 0x84}, {&(0x7f0000001bc0)="72bd7969aadf77aec290e47e8a62d90d9d2350bd95941b6f2d44c3361feb2e002acb564622b2810eb2e40d06f0669a96a45c44267e04d3ff6c4cdb360d3ebabef9a619a82d6ac11395f6637cda953229b0bca3036d0c9e0db5ca00647416465d0cbbbf2163f2a0c527db0c078df2655668cb4e53373062d8e179513ca832fc", 0x7f}, {&(0x7f0000001c40)="e8fc1252e04a53702b5ccea18ee5413b78c9d0", 0x13}, {&(0x7f0000001c80)="84018cd7095bcaca08cdac97276065fb97654865c1f248fe8734223244bcf9ebfe047b908753f58f9df7037128c2b6", 0x2f}, {&(0x7f0000001cc0)="e70b95f69ea583dd4613614f01344d03a18754289d7d7d58f0182d5dcfd78ddd5b024edab61538391bb25f1f5f9ca07d4d0fc9fb5363f5a35fa4ea2a6b902bfc7b7b5fc3bdb6f043151033d9ea19951d9c2fa2c518d3cb59552e476cbf126dd668a5a122a1f8e33ded12ad8b1cf9ef8ecf55d5dc8cf0", 0x76}, {&(0x7f0000001d40)="6d437b149d3f47da79a8ffee959c6c21fd4e35e9026d5d83e1dd54bfc473ef4d931c0c8b4fc68acfc9a0ee128682a9e03e716b92f010de9b46d65b7cf9e3d168f417c47c05fc500050c4419755bdbd14dd24785436f30f44bfb88fca4e1f1ebfac9c835efebd6467ada9308b35d1bf6b60a9e7d5724cf1625d1bcfbcc850270849fec9c22a0133305de3e82ab97ba2a2ee4be2b53afb82b0038b8923e6054e7e192d49f4a6e9bf97be04f50eeed1400d65063e3cf4ef4102786e0149ada7330a0d2be080ac7f951d612028788f672ba70495a4bc", 0xd4}, {&(0x7f0000002fc0)="68d070dcd345e24dc82ca1955978f2ba757de6548a21f53f410c4047b5dcb7d00f4daa563effe4f971c554ae47da2e919f54db2fbda6c8eb8e6122ea4c8560b4ef90f8a17e605215d5ccddc5e4ac9351db0d44b6625ce7c4ace327377bb8948ac0efb4ceee3d51d9ef02f1f37944d41ee48bac71f2205528", 0x78}], 0x8, &(0x7f0000001f40)=[@rthdr_2292={{0x58, 0x29, 0x39, {0x3c, 0x8, 0x1, 0x9, 0x0, [@mcast2, @dev={0xfe, 0x80, '\x00', 0x41}, @empty, @dev={0xfe, 0x80, '\x00', 0x2c}]}}}, @rthdr_2292={{0xb8, 0x29, 0x39, {0x2, 0x14, 0x2, 0xe, 0x0, [@private1={0xfc, 0x1, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0xd}, @private2={0xfc, 0x2, '\x00', 0x1}, @loopback, @private0, @empty, @private2, @loopback, @ipv4={'\x00', '\xff\xff', @remote}, @empty]}}}, @dstopts_2292={{0x40, 0x29, 0x4, {0x6c, 0x4, '\x00', [@pad1, @jumbo={0xc2, 0x4, 0x3}, @padn={0x1, 0x2, [0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7}, @enc_lim={0x4, 0x1, 0x6}, @pad1, @ra={0x5, 0x2, 0xe}, @ra={0x5, 0x2, 0xfdc}, @enc_lim={0x4, 0x1, 0x5}]}}}, @hopopts={{0x58, 0x29, 0x36, {0x73, 0x7, '\x00', [@enc_lim={0x4, 0x1, 0x33}, @hao={0xc9, 0x10, @empty}, @pad1, @pad1, @hao={0xc9, 0x10, @empty}, @generic={0x0, 0xf, "1f42ba13d25e28616b763800abd0e5"}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x81}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}], 0x1d8}}, {{&(0x7f0000002140)={0xa, 0x4e21, 0xfffffffc, @remote, 0xe}, 0x1c, &(0x7f00000022c0)=[{&(0x7f0000002180)="7ed35c8a2db63df2f34fe74ae88efc30621156c7d17b3feb9d8e0dec69d2a473b9683962ecc429953a620d8803312b512f0d7d159cfd1dd4b47631e8f946b038697313ae2d6a58573e38438a579e998769cad7761041d1d0523ae43abddaea9fcf4bcc7a0af5fd939304f6669ef4a3a3341a2736f72de042c32d95632018eee697", 0x81}, {&(0x7f0000002240)="8e84e129b4d1207236dd0f2340d1a50491d628de801c9bdf86c5bc95c293277f50f9eb1364198c4ecdb2e158098ddfcf34b8285ae9b27c85fb36093c0f87eaf687a5a1438f737149b365135245bfb572a348874c5eada6040e84bc8b415f710e13aa430dd6b16560", 0x68}], 0x2, &(0x7f00000023c0)=[@rthdrdstopts={{0xc0, 0x29, 0x37, {0x2e, 0x15, '\x00', [@generic={0x94, 0xa0, "2b26fb3abd6d94c79efe3fd1333eae68d25e7e806cf849333b04c402b99e4adab85055accbec05404bd5e81afa71f84fe926df2ad7528bb824af92e9b820bb49d18cde67b2d3e9b17a5add7c4b21bd7c20d57096f1163b7f76b4fb1fe15e883c38b915c8e931d4c145b4290edcbf754c403eecd032ece48c7fc8dfb7767cb232b41ab832ce93218aa8ba7e9076a50c3a82c8e97351a60ee2ef62353cf3a6ebe8"}, @pad1, @enc_lim={0x4, 0x1, 0xf7}]}}}, @pktinfo={{0x24, 0x29, 0x32, {@private0={0xfc, 0x0, '\x00', 0x1}, r6}}}, @hoplimit={{0x14, 0x29, 0x34, 0x6}}, @hopopts={{0x18, 0x29, 0x36, {0x87}}}, @flowinfo={{0x14, 0x29, 0xb, 0xfffffff8}}, @dstopts_2292={{0x380, 0x29, 0x4, {0x3b, 0x6c, '\x00', [@generic={0x9, 0xfc, "b24f79de86a32bb1fac826479908cb10e3c8acc0afc9b6b54fa34898bb91b3c440ae0e7f4e31f553cba8e546257abad3d57a10b5bfa7707fc6f4093115048673187f8ef7b1bec44111820830842b5a2595c356d40f1fbe7d7bdb1a0c3079ff9e1e09ad97509184d3fa2e70c1257522c6004d3d86121811a25700a0d8aea96d401bdbed141d78af3cdcf174ab64494b97f41eada773a67e976dc1657370f51933d041836e5da73323bea7ae0a81b41b0aceb7bbc7095f47af80b22215594768cb3ba1cd5ce44a3771d2ba4d6e5055603bb5755c6c103c79b91a7f8be860b56b17fe73899a36fa64b9f064a17a8db92b08e65a3471ef572b6f1f1d1846"}, @generic={0x3, 0xec, "79eae8ab567c0d161b37b84c186eaa9f630466cd030486804bf62bf184319e127d4c8d3169883855c2f3990dffe5fd2b2f54bfc7e76a07275cfb20999c325eb6486fd4705ab19bb64fe63f1362338ecbcf359e8ef72ef60f87f963e3d1a147f50aefc7518d109d65c3c6ae0976432a442f5f3a04d67a081060245ab1156dec356ee6500d35594e316ba146d74cffc7c031ce698c9eb1087e3a67953a6bb9ae06966ec24118ef4b5c7b52f6253c495823ac64adc038e0aeacb1f66ba645078223cf46d58e69cf3cc5ecfcd3a6aff6bc98c6bb283c1481649248ec356726dfcf0833b6ef81e035db73fb065d7c"}, @generic={0x80, 0xc8, "d887740ce23274907deeaf20155650913387d05ba0d7a8dae325d9289db17658cd3af70bb1f6f8e3b448f21ee1dd90206acf9ec6ea1d40b86ca0ae11a64810014265c8cf1cc741b9cb858f03da57e69bcc75928d1d99aab5aef3f84948fa65783080fd8581043bc5b2ad6c5272604f88bf543da88fc574c6994d07a5d4a57da131583621547a73492552aa9360558ed07e604f35dbdf2e87907da1f51656cfd4296380477027b9efcc8dbf72ef93ab9d20ba380266c1bad02f0f8316b62d40bdf40a578cf5519444"}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @jumbo={0xc2, 0x4, 0x7fffffff}, @generic={0x3, 0x92, "440836e75778e5696f1573956a13c18ae4d0b63e6a651805f610f79137cc5c448c777cda3586efa19b4fe4f11f914db20e5444e17ad7d76f8691f6c0fe3d424738b5b9805c05d044569d29a309a2e47bb181be73d42349121ba948601231ae5811b4035b5a96aaa0f6b8fe7c56343e2cf53be40c0a010165e3df558847cf271400f77e5b05c606b9e4bb22b7e1f0d21c9b6d"}]}}}], 0x4b0}}, {{0x0, 0x0, &(0x7f0000002a00)=[{&(0x7f0000002880)="479b353dcd1caa70521070b84064540e40a034d48149a665abcb5432050e06da871b29bb617959475081fe52283cf9d8a6bc4b56747c60e547c611ca86b1806fdfb36686838aec7d985df4107d8bd9932f42326649935c18251a72dd08bb515a59cd1e3bfec8d76f8a264fae42bffcc377b1952cd82e9f93c8b3ef86f58cd2339bdbb7b96d", 0x85}, {&(0x7f0000002940)="4b159e1fca0916218430778ccca3850a4b23e63f1b4d763afd17a1da175cdaa6d5bab9f2a1b3b8861c388761674445c56b08fc8f0ec6d40d094399fd49b898a013783de6afe9a4ada463957dc838107e61456bf2dd3acc8614f1be5cf9c7c024122f829824d2d988daefc288fcd84c16c3210cd4ab97fa8d893f5cfa60bbd3f7f5c30a95a84c1e1c7d", 0x89}], 0x2, &(0x7f0000002a40)=[@dstopts_2292={{0x70, 0x29, 0x4, {0x2c, 0xa, '\x00', [@calipso={0x7, 0x28, {0x1, 0x8, 0x6, 0x8, [0x8, 0x100, 0xd2, 0xb]}}, @pad1, @hao={0xc9, 0x10, @local}, @hao={0xc9, 0x10, @local}]}}}, @hopopts={{0x48, 0x29, 0x36, {0x11, 0x6, '\x00', [@pad1, @pad1, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x10, {0x2, 0x2, 0x5, 0x7, [0xd03]}}, @enc_lim={0x4, 0x1, 0xc}, @jumbo={0xc2, 0x4, 0xa}, @jumbo={0xc2, 0x4, 0x170}, @pad1]}}}, @dstopts_2292={{0x130, 0x29, 0x4, {0x87, 0x22, '\x00', [@ra={0x5, 0x2, 0x5}, @generic={0x8d, 0x59, "879739479cd2948e61d9147fd84180928a0cf36e5ba2d1954af8a2735b1a09f7ee5fa0930fd789cea1f05407f32f44227cd804110b437d70c9b6a74bc7ef9bbe9cf5cd49247d9df5dd1fa079ccdc68d5f8e3deee467ace7957"}, @generic={0xc8, 0xb0, "c1c63f2085cb7ca169d97bdb512ab3e3659c45378579b337dfb8f15e39c5c5b25f5ce409e2a867cc4de4f301c4dcab82e2875366ab82f7c97c9d446c344bf8de7fbf243045d654af611d3e7dec2a8decbcd4d346c6c1c1c2025d1184299ca1a201876db98faa59a210b9b4158bce06ac54408175d97674fdf327628373c5ba378412088f3eaa1870b0e037ebe4185e0401f1bb4506e346894ff7d63996e91a69ce6960da1bfd3dce82bda4fb5a138bed"}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x6ef486f2}}, @rthdr_2292={{0x68, 0x29, 0x39, {0x2c, 0xa, 0x1, 0x8, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev={0xfe, 0x80, '\x00', 0x42}, @loopback, @local, @private1]}}}, @hoplimit_2292={{0x14}}, @dontfrag={{0x14, 0x29, 0x3e, 0xe}}], 0x298}}], 0x5, 0x800)

4m58.978406529s ago: executing program 2 (id=296):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x60980, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0xd3283d036ae269b3, 0x8031, 0xffffffffffffffff, 0x99cf0000)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xd)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x80, 0x0, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
unshare(0x400)
setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, &(0x7f0000001240)={0x1, 0x64}, 0xc)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
read$FUSE(r3, 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000240)=0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r1)
recvmmsg(r1, &(0x7f0000002e40)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x27}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/177, 0xb1}, {&(0x7f0000000840)=""/235, 0xeb}, {&(0x7f0000000440)=""/84, 0x54}, {&(0x7f0000002fc0)=""/4096, 0x1000}, {&(0x7f0000000640)=""/68, 0x44}, {&(0x7f00000006c0)=""/243, 0xf3}], 0x6}, 0x80000000}, {{0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000000a40)=""/144, 0x90}, {&(0x7f0000000b00)=""/4096, 0x1000}, {&(0x7f0000000600)=""/57, 0x39}, {&(0x7f0000003fc0)=""/4096, 0x1000}], 0x4}, 0x1}], 0x5, 0x40000000, 0x0)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x1}}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000400)="1b5e", 0x2}], 0x1}, 0x20008040)
ioctl$EVIOCGPROP(r5, 0x40047438, &(0x7f0000000180)=""/246)
writev(r5, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1)

4m57.100823514s ago: executing program 2 (id=302):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
r1 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="ff0f0000000000020000010102"], 0x14)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000005c0)={r7, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
r8 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88000)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f0000001280)={r6, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}})
ioctl$LOOP_CHANGE_FD(r8, 0x4c06, r6)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r4, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="3103000000000000000009000000080003", @ANYRES32, @ANYBLOB="080006005d333473b5a3089db31732b940ffd5de05040b77d6d0e029f6420c089910327303d74cda385ffca916128f2161b8f228643c62fd17404e87b349ff0af481403252b590becb3f1028b075ad445b8c426241042babb7a49ed211fe67e6c00d017929dbd0cc8ca4bef9", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x0)
sendmsg$netlink(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000840)=ANY=[@ANYRES32=0xee01, @ANYBLOB="b7000000"], 0x1c}], 0x1}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001400070010000800130008000300080012"], 0x44}}, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000540)={@ipv4={""/10, ""/2, @multicast1}, <r11=>0x0}, 0x0)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000000600)={&(0x7f0000000040), 0xc, &(0x7f00000005c0)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES16=r10, @ANYBLOB="00086da29a44fcdbdf25060000007400018008000100", @ANYRES32, @ANYBLOB="14000200697036677265746170300000000000001400020064766d72703000000000000000000000080003000000000014000200766c616e3000000000000000000000001400020077673200000000000000000000000000080003000100000008000300020000001400018008000100", @ANYRES32=r11, @ANYBLOB="0800030002000000"], 0x9c}, 0x1, 0x0, 0x0, 0x20000880}, 0x40080)

4m54.011966788s ago: executing program 2 (id=307):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
syz_emit_ethernet(0x76, &(0x7f0000000080)=ANY=[@ANYRES16], 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x101100, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000e50003000000000085100000fcffffff250001000000000085100000faffffff9500000000000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x90)

4m51.887274041s ago: executing program 2 (id=310):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x40}}, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x58}}, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000880)={0x60, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x4c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xd52}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "6748138112c7d8502ef6280195185679dc3b98f6"}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x4001)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_team\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa0000080005", @ANYRES32=r1], 0x68}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000080))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, 0x0, 0x0)
listen(r2, 0x3)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f0000000600)={0x0, "126ebf7d9fdf9aec84c0fe4cb734f282d46938152a71b9399c8d590c79cfaf41", 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000})
syz_open_procfs(0x0, &(0x7f0000000440)='net/route\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4000}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [], {{0x5, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000200)={<r6=>0x41424344}, 0x1, 0x0)
syz_emit_ethernet(0x6a, &(0x7f00000005c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0xfffe, 0x0, 0xfd, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, r6, 0x0, 0x6, 0x12, 0x4, 0x2, 0x0, 0x932, {[@window={0x3, 0x3, 0x3}, @timestamp={0x8, 0xa, 0x200, 0xb}, @exp_smc={0xfe, 0x6}, @mptcp=@add_addr={0x1e, 0xa, 0x0, 0xa, 0x16, @broadcast, 0x1}, @sack={0x5, 0x16, [0x5, 0x9, 0x7f, 0x7723, 0x1]}]}}}}}}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x5c, 0x10, 0x49920d862a92153b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x180}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x480}}}}}}, @IFLA_MTU={0x8, 0x3}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}}]}, 0x5c}}, 0x0)

4m50.209801447s ago: executing program 2 (id=314):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0x28571a92}, [@call={0x85, 0x0, 0x0, 0x72}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000002c0)={0x3, 0x400, 0x1, {0x1, @raw_data="e633fff85780d1dfbb908a9e231e59c57e11ad598cbac5b9d55c0edcd61609f6ee00a7e0cec0403c14453327cd5f1ce7950ff8326ea18c463e6a0f92f98c8632562494a53441ebc314da441d87c930042a9b63a2d865cab222c300d79a8b1c7a244542ed10392c53d9bdfd3a9afbcdc579dfa7d5c8cac0466dc7ae6371152d110439cb27b3b434a532c10eb128ec497071ec66acc3ba7338c7349c067fe5352827546219efa250645526684be86084894ff430327127193549f828183be66ebf70c8ede95de14cf9"}, 0x200007f})
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000003c0)={0xc33, 0xa, 0x3, {0x1, @raw_data="32fbd2b7b10fed074d810c90b71490549102d0ac82888cbbd73df5cd25b7dfb4fa4c116795b08cece674cef41ec57011130e286eddb8c260b6f4a258076a27664f19d5df5cd0629100121be92cfe1bf197da73db6ebfd4f2bc1554e1615d485b19bb4a77b59d6d1f7866eaa0acd984c5d7ae54160c89b71dd07c2d9b231ee59bfad0b24e97460b68ff070e3a516002d11381ddae36e5ae36655da3ed68f1ec9d4686a4240e1a30abcc478c53e634ea0e30e3bf1132a19e9da2e68dda8190900600"}, 0x8})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="178d048604bf0bfb1945d7430008", 0x0, 0x501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x200001)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x10000, 0x4, 0x10000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

4m34.239408397s ago: executing program 32 (id=314):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0x28571a92}, [@call={0x85, 0x0, 0x0, 0x72}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000002c0)={0x3, 0x400, 0x1, {0x1, @raw_data="e633fff85780d1dfbb908a9e231e59c57e11ad598cbac5b9d55c0edcd61609f6ee00a7e0cec0403c14453327cd5f1ce7950ff8326ea18c463e6a0f92f98c8632562494a53441ebc314da441d87c930042a9b63a2d865cab222c300d79a8b1c7a244542ed10392c53d9bdfd3a9afbcdc579dfa7d5c8cac0466dc7ae6371152d110439cb27b3b434a532c10eb128ec497071ec66acc3ba7338c7349c067fe5352827546219efa250645526684be86084894ff430327127193549f828183be66ebf70c8ede95de14cf9"}, 0x200007f})
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000003c0)={0xc33, 0xa, 0x3, {0x1, @raw_data="32fbd2b7b10fed074d810c90b71490549102d0ac82888cbbd73df5cd25b7dfb4fa4c116795b08cece674cef41ec57011130e286eddb8c260b6f4a258076a27664f19d5df5cd0629100121be92cfe1bf197da73db6ebfd4f2bc1554e1615d485b19bb4a77b59d6d1f7866eaa0acd984c5d7ae54160c89b71dd07c2d9b231ee59bfad0b24e97460b68ff070e3a516002d11381ddae36e5ae36655da3ed68f1ec9d4686a4240e1a30abcc478c53e634ea0e30e3bf1132a19e9da2e68dda8190900600"}, 0x8})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="178d048604bf0bfb1945d7430008", 0x0, 0x501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x200001)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x10000, 0x4, 0x10000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

14.835795399s ago: executing program 0 (id=1074):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_EXPRESSIONS={0x24, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x20050800)

14.335680679s ago: executing program 0 (id=1079):
r0 = openat$ubi_ctrl(0xffffff9c, &(0x7f0000000280), 0x902, 0x0)
r1 = io_uring_setup(0x5695, &(0x7f0000000500)={0x0, 0xeb3, 0x10, 0x3, 0x8a, 0x0, r0})
r2 = syz_io_uring_setup(0xa07, &(0x7f0000000200)={0x0, 0xcc72, 0x8, 0x3, 0x2ae, 0x0, r1}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000180)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL)
io_uring_enter(r2, 0x7855, 0x0, 0x0, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$TIPC_NL_PEER_REMOVE(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000003c0)={0x14, r8, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r5, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x5c610040}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x20, r8, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000811}, 0x20000000)
writev(r6, &(0x7f0000000840)=[{0x0}], 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=@newlink={0x70, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x50, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0xfffa}, @IFLA_GRE_LINK={0x8}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}, @IFLA_GRE_FLOWINFO={0x8, 0xc, 0xfffffffc}, @IFLA_GRE_ERSPAN_DIR={0x5, 0x17, 0x1}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e22}]}}}]}, 0x70}}, 0x40000)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x1, 0x3, &(0x7f00000013c0)=@framed, &(0x7f0000001400)='syzkaller\x00'}, 0x80)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000180)={0x1ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r12, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000240)=ANY=[@ANYBLOB="cf00000000555c0000000000000000a79200000000080000ccf7ae7d55"])
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r12, 0x4138ae84, &(0x7f0000000100)={{0xeeeff002, 0x0, 0x9, 0xc, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7}, {0x10000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x2, 0x0, 0xff, 0x0, 0x8, 0x0, 0x4, 0x1}, {0xeeee8000, 0xffff1000, 0x9, 0x0, 0x6, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0xd9, 0x1, 0x2, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0xa, 0xfe, 0x0, 0x0, 0x3}, {0xeeee0000, 0x3000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0x4000, 0x2}, 0xddf8ffdb, 0x0, 0x0, 0x50, 0x0, 0xf801, 0x0, [0x0, 0x0, 0x1, 0xfffffffffffffffc]})
ioctl$KVM_RUN(r12, 0xae80, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r9, 0xe0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32, 0x8, 0x0, 0x0}}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

14.277876519s ago: executing program 4 (id=1080):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x3, 0x1c, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r2=>0x0})
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x8, &(0x7f00000001c0)={&(0x7f0000000380)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {}, {0x7, 0x2}, {0x0, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000}, 0x98)

13.562211803s ago: executing program 0 (id=1082):
r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x1, 0x0)
writev(r0, &(0x7f0000001380)=[{&(0x7f0000000180)="b1ff5cc982d34010b7cd6e11c50b9bd27a09463daa6ac6255411345692ea1f44220df660aec36c3da20cdf63882deea50aab4ae728b88be047e9c1de4d3428835edfece01a907acbebb734022a8738c0733177cf2bc7d61a3a791ad3e0972faf52b29d3476b8aff7e79275ad61b36971c0d2d8e1e242261dc50464a134b1a2e36243c3b5bb93a2e7a7087c254e0b5089100624eb5b273a62e5798cb0a4b96845ef45e0238d22062a8d5f43c3875d773c45e426dc162914e26ae112c5dfdef60f2f274ac96a6c77b37799cd03dc1c8ad69d1fcad1be379ad212ea51e0f272a3ec7bf0bdda2c7a15b3fb018cb2ce53c99b0af09b5c874cf4d79e13c7580d4ebc0669bb048863f28e8f00ea67d87e92c6fc4bc31a4a06b7344519d72e9662309dd51a02a7d295972dd1f63431968d9f5212daa47d49d85bf08190aef758e842da69375269c5f33bb0e60bb98abb2a51e8a89d7b4680185b9665d5da6254cb15392332b0e850169d90ac1374cf5346092b47f682c2f22c8cdcf98718bfa0ca4c5b50ebf8d6c53afa3830233a3e486a0d73fed67851403f72492feec1528cac329dd11f82cf149ec049e71b979ad055053dcf654f470f780f32b22dd6567401f94a94c592265a2dbdd3c5c88cfde1a6cc112231a5797e092a5040be19bde03dc2d9dc0078b42f27e168810770cd5b4c0f2073037e9a57e8148392a3063ee55ad9449fa6265189337777d7a605bb7cf51d682ac7823207343fa7328ce207029e7e9818d7fcff9b9e7ac731dc502ce7471cab17108e5614fdec649d35a6638928931f110d4608a9cf22868dd3bf764d5b09a5325bcf987546e3edf1df9f1866fa89fb99a7f945c853586b4e3344eb286067e7b42d79ed93baddc3e5bd47ca613d654d4d54ece371b699ca7f05677c48cdb8f265fb35e0ff7ec5da801ae4198c7d9290d2ddc3586bd1ba3e34e722c47c14e4f310029751fbdc75da8461356b7a6784b490810284bdc727061944a283b7276b6a0b679d74089c54db98c92c2e329248b07365f45b3511ac11f8483a3f0bec8e4ceae324640f5762444efa94207115b5550fb8e4a1277aee3f11f2e6cac543d2168a83cd0367b24859e1b8b9cb9a5beb2d9851124b9c74acf21ecb5ae5e31e29543638a1cebdd2384dda1b2d301e59ea092707cd68838f12a05f9ec25832ddf22e2a01a8a28ff5c4f925a09b18849c180f0fed6057fc68d473eddb467796f8c086475dc1444c7f879d842662da4e59fd3c02b6d54c822ae8aeb91aefde57008f7728f1d236bbcda61a5b2dfdc0648ba72229b764fbd43a2eabe639a49f44de663b2e4e244370c7681f130e4a7790924e0826c0ebe768996d22edf83088b18492ccaa1344f5b14aa4218e3204434e0483bb56043e63ae02d584fed308759840064686ebb7349aa85adc00ba9ac6ec3e895f6b6cb33902cfa04a5fe6946475775284ba5f00f31a37aca06ce7485acbbf8e66db1daa273025860d216eb69a71666c0e5e3dcb9054c7c5edb138893b22a6f80655aeecd0f59f3bba544ae9897d2e795d0ca5a124519712a54366dca8b20c2191d5515231d5066c9c9f2b5b180da10542d7911f688c3b0f07ffcfe249161590d95d445c5ce2c647b97ad45249226a04144d900de9496f8f85e4607e7907eb20a1856efa7b06de5334ed1ba34b1c6e30da7df850da42b728208b85510b9acdd9ffe22894ec97c832b65257fa72d7f77a02359fad7ea2465c53df34c391c617d2e02197f6b5ab4a152327f6ae4d1107f6e8b68ce43de174dd559fe3ec95f32bd1d9244943230654e68fc3237e17dbd131996202beaf1578a925ab94510fccfa2be306bce3bdbb413ec6e50e6b0081362999ce7991b2c384001fd74e9de82dba16df74529800a201d8bd35eb789527b1f2e2ea7a12fb2858e389b4e96b5a9e32838916f147c99e3fd723972930a2eb8422ac15a254bae41e604e5459f6f573f9ce9d94e9dcbcdd392e2ed35ab5c6673f69c711ff121a2f1b1421d4a70571a20c732b1c1af990795c10ee23a6b8b056f91a4aa32d118a71cad879d5883327e7347d3fc7de504d42162a16fcd2fde8035a54205da46ce06c1f66b6ddb43248cbd5347cb80aec30a88af4166dcf131b92568ffad2f3cdb2835264705025b612d8b82920a01b87b9781020c38f438330735966ff27488db4ea6e74fa9d0e9a0fa929d9585a4de92648839a971edb1d03945fc7d6f64bb194085f63ccf8ea52b90505f2809d0ddc40b59909fff3e0c3362934019dca2b8733a8fdddd978d0b264d4b0105d4f9db315cbc8a2426f494de1d2f1b73de816e561004be0430be083fc6179ebfdc9bfca85df6b2c81bc0bf4685cdf072ddb5f7a3183a226df665c95d86c6046be75fdd008b96ad5696cbd3182a01c6a80d1bd3f4a288c015355004e6bbc788aef9bf65fe691dd6777a531a040c9ec7754d0e746dd89521d2ae6df1b13fd9433b164ba014fa7b3d8e08b30fe54b3d0ea810cc5f436a0370fd976eb481a07b3f81469cd6ed490d687528bf470d3800893a718f1f6c970a130ab49e04e1dfe4d594927bb34247d1c25c75197807206242b0ff807cb8c6ca4d67acce16de41a663fe86eec015dde1d828ac3a63763c0fbeda90c824abeb593efa9e2df76b761fa0d25e70e4e8d888f8ca1fcf7e88d35064a73600d4cc98e75ed4dd7c05919dcfdd4bdfaccd4a0a33e11c55276e105338b13ba765b728d0ae08a03cf59f3212373be7c7f74601c325c605ccbdff2bd895f43303888f9f8609df38a52d718cfb423a580711886de8affaf997d85a23af0de249f92f0b04305f12cbbd19c271339988a0c3eada32416b880f1859ba58353675b45b177d4306bbbd4ad8890a1a06126fb069b06566d92b026337f2f9c9f1321fd9b427a57df9e68505cdbbe1c5807fe485a85693e39e09bb72c7e46c95277526db6ee949ba143e4d3027c84df4c483aa0e419e438741661bb4349dffd003baa6112db3c9f84b0438ed3af79b90f1cea1b8ec4943bc3ced5567eec6510e910c8f9346e74c338fcfc892aaf970691b60f5ea4c04a33954c280c0c28f5c4ed79a3d4cb09ac60dc00060b09afa42fe60a250bb0c7529b282714df7de4938f1c56241189a707a7091a1035d82c7d43c66e9abd92ceec9ec5c102df63d4a0b8eac16b618e97567a87296a42bb7a018204b3dcdcee5e5c758faf3172e8c6c50483f341c5656cb8df27c63c98e74d1b7312e49926d143817f8e9b4125406ab91242bdcba7ccc3db507ff994047b33ce9a59179d119991a161e8bd06e0f58d7bffe6457f531942cc46c88bfec69e0b995ac7e7ab04d270efe443541bc55f327ad8921c32bcadaa0e1ad8ac263a312f92f904b333becbdf4a102f5b379619c8204c3a18af91347fbb5eab64ff81a05f3b830f36691121f0a398405521c3dac1300a0db6e21e56ac8bd6a03923a3d8ed96d9df54b98b42b70a0a3ffa8291ceb0e607f0e2f8ce1832111051bb16bdc25d5a4af117634af898f5952f98a7b132cf140a79ccb80d1d9f1bb52c3aaf50b7232dba94e896295c5a6bf71ec63a2f95315b06b590c6965249d1ea7f7039344242bae628f7b1bd45d9ccd51183279863c640d8fd7127ca5e593d7ae02b8ecc77188389c766634b18e54ab9da7ea92e8101d6088a373c3da38941e566dae9c1b191b48f387ecf8b91c6e6f05c800cef4c39b11dad2e42f1b54a44204ffe29c84defd41a3ab9173957b3007cad89d259ba60cb320d26b1ce00453629af98ab9371d8e47854396009169ebef43f471c2b00e7298dfb61a42000b68c44dc2429233f5fa17c524856c6383ae4ffed02f566edb7eb961489b5cb677e568eba83885641486af623dafe8693ac6dd5df261294a9286e445bb91098b96d5b2e912c21d161c9d6a6c0882a5ccd68d3b0025546bb79ace81b3338bc613209bb48f725d144df39604111da9c775da5e5f911934fb719d5d2d73c4d083b644d81d5ef22b900c5e00a0646972fb9984bf8023be30af1a018d16e4a33c8f1e26f5fd1e344c164a88283dbbc66142b9cfffed194984dd288779638827a4435f749a50db79918f33d67adc4014754133437c9d2bb90246a33070216d80560e4fc33047f75418d4e8d88fb244aab374b60a2a71fe7b579a121edd7cabdd38c794ce3e486803d0eba379a41f074a7667790ef9acf99f7ea8856b9383498850404704655bdac133d26967fb1ef4a484780aab18e86e9f119a11e6195a40ed26b32054e0a1939dea8b2f3e5ab7d7bc5cb32895c069b84b2f0fc9291d4e35ca2a78108593e74ea25f81fa90f86c76fecc3fe193c13fb427ab6a0f5c540512309a9b4a96fb636b4275012157420c3efa09701d35ae2b06e96d4ebcfdaeb83d3ffa44c59b301243ceb33c115ced26656e15c244b4e677e981e7456950489396b83fd66746de97e41cecc8f14435ebe2f3437890fc31eb790df327cba7d40aa352911b36d71b2aafe495c9b82b790c97d3b5179ca47eddffe1f700f506491865c86e8dad4a2870efad0772b32d67d10498d5f1d4032d341078d2d5af3e9b7ef1fb7981cc1d50fe9cec2c037782ad472edb0be5cb870c203477e6df78762b1be15fb1648c6e1da3d1f95858b7a03dae9dd6fdc82d0c4434961550aa8991c73a6df1fe5cbe815a1e2c0add62f5b340e262bb369dfbced592b77df8ce5d694a59a5125b72a7d70cbcd7fcad1f8e85fbc632c21903c611744955dc7bcfa3a83b87c7dff38516e2e8974dd8f6835b5a681ab0cfe5b72b42d63047983a6ac6efeea069e12428f2d07965ea369635390f6459b1407fa5a0c5967fb119186e665e71b9b0b386f9cd690990eda4adff85cc484874265e2a9ff6573ee8d083bfdb45325dbfc452c33e92a19d024c0841892d43f4dec71b185dad3731ca647a2ffa2c80e008a8dc25667e63f8bda20806bc1a1adb93674cbcc548ba8ca7af22df43f7a41ad774e95bb8fbcf03845d5cdfb808387fc6a4d4676ea6e01c2f39836a77852ce97bd69e92865b54bc4876f0f4243db0de84d469676bb82e43bdaaa362ce99368a7ab30b8d92611ab053fb40523658884efe299a562dc0cf6b5bf996cf05a7e03ca369754968b6c317e740679b0dfe60133414932c1ae75ca0d26cd8cfbc78989de4eb37f64cbf3a14d2a72a24fbcf4c559f261115ccb4002d8d9590a5819d04869a5bebca4cac2901c2262a49b5a86ab0a3ba33942f7b94107a5ae35afd247485786e7b23c5d008ab0d9c1ca51cc86ba7bbc596a788251a8b1ef9817191c1c0dabd1e9d826f3c451b5ea73d6b74300873e34c216d21a869ed06a0d9c3be9024be3e24828393e0635a614d78eb0abcf44bfe8c8c860027c9cee58b5e41d5f1209e48253281b18727dfb926ac3687df56217241c872a5a39f65251b5ca032bfaca2c9fe662584bcb6cb3fe9be2ae57be0655586a8c704ae915f284adac8d85174799ebf9e16c43b74a154a4524e6f33467e13a121a255acfb592d47eaf13cd538de15327151ad74f578bbbfdfde82fd6afb592b7933b52241f182cb65778e3628f177eaa8c8ecc970e82a2aa52f3b7d534748b35fa1dbc0f58ede3df5ddf1f1202290a74f4a871802d1f970de3ea5553f35456e2596669c00404337f6d394fb68c588effe8987f18b04b1b52eca71062b722b2cc44e4805abf6347715a3c9e5e9b9376a45fed63b494781a4905f9ff6d898e48c5f1279fb2f4c3af50d54204d0ab410415fcb28a1b4dc0afdcce76f19f60f65534d802ee8c", 0x1000}, {&(0x7f0000001240)="0f65649800", 0x5}], 0x2)

13.399989788s ago: executing program 0 (id=1084):
socket$l2tp6(0xa, 0x2, 0x73)
socket$pppoe(0x18, 0x1, 0x0)
syz_emit_ethernet(0x46, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
write$binfmt_register(r0, &(0x7f0000000380)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0xa, 0x3a, 'U]\xc5$\xe4\x92p\xa2ay\xf6\x1f\xc7\x18Z\xefU\xf7\x14<t\'@U\xdf\xf0\xbb\xb81C\x1e=\xc8\x9a\x0e\xcc\r\xec\xec\xe6W\x02\x8b\x05\xdf*<\xda\xbf\x93\xef8\x911]{\xed\xcc\x85\"pN\xb4\xcdG\xc2\x1d\x7f9\xf0\x0fZ\xecx\xbb13|\xdcI4`\xe5\xaf\xb0g\xfc\xb6\xeeQ\xb0{dX.\x9d=\xccV\xf4\xa4g\x89\x01\x1f\xd1\xcc\x9d,?\xf4\x9af\xa4!\x84\x10\x16@fi\x1dRL\x86g\xaf\xa5\x03j\xc2P\xbaR\xc2I\x88\xc4N\xac\xfb\a]\xb4\xa4\x95\xb8-\xfa\xa8\x1b\xe6\xdfg\a\xfb\'\xd27\xec\xde\xc7n(\tx\xfb\x91%\xee*\xe8\xe8\xcdzU~\xbb\xe7\x11\x18?I5\x1f\xbbD\x92s@\xf5\xb2\xe4x\t\x00\xf9\xda\xd4\x1e`\f\x9a-\x91\xe9\xc2\xcaIx\x98\xc7x\x99\x9aeP#\x89\xe4o\xc1-\x13\xd8\x8a\xcf\x18\xa4ba\x90C\xd4I\xed\x9d\xdc\x82f\xe2\xce\x1b\xba', 0x3a, '!&)%.}+!/\xe1', 0x3a, './file0'}, 0x125)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10)

12.995984055s ago: executing program 0 (id=1087):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000640)={'veth1_to_bridge\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x2, 0x0, {}, [@NHA_OIF={0x8, 0x5, r2}]}, 0x20}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x1, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x6, 0x20000000}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)

12.660235477s ago: executing program 4 (id=1088):
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
set_mempolicy(0x4005, &(0x7f0000000080)=0x7, 0x2)
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0xd, 0x2)
fdatasync(r0)
socket$packet(0x11, 0x2, 0x300)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x2b, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r2, 0x0, 0x0)
connect$pppl2tp(r1, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x4, 0x0, 0x0, 0x0, {0xa, 0x4e21, 0xb0, @mcast2, 0xffff}}}, 0x3a)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000001c0), 0x280, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000240)={0x1d, r6, 0x2, {0x1, 0xf0, 0x1}, 0xff}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x0, 0x0, 0x0, 0x2000004, 0x0, 0x0, 0x1f00, 0x39, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x2, 0x200008, 0x5, 0x20000}, 0x10}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r4], 0x4c}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000010000108000000000000000002000000", @ANYRES32=0x0, @ANYBLOB="b40200000000000008001b"], 0x28}}, 0x0)

12.448706048s ago: executing program 0 (id=1089):
r0 = syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x2, 0x18}, &(0x7f0000000100), &(0x7f00000000c0))
io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x22, &(0x7f0000000200)={&(0x7f0000001000)={[{0x0, 0x80000, 0x1}]}, 0x1}, 0x1)

10.24027475s ago: executing program 3 (id=1092):
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$dlm_monitor(0xffffff9c, &(0x7f00000000c0), 0x1, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$kcm(0x29, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_sctp(0x2, 0x5, 0x84)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8)
syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2)
r1 = socket$inet6(0xa, 0x802, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000780)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x2, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000380)="06", 0x1}], 0x1}}], 0x1, 0x3404c8d4)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES16=r0, @ANYRES16=r1], 0x1000f)

9.973830369s ago: executing program 3 (id=1094):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
writev(r0, 0x0, 0x0)

9.622734869s ago: executing program 3 (id=1095):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc)
sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r5=>0x0})
mlockall(0x6)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r8, 0x0)
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x9, 0x7, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x6, 0x1, 0x5], 0x8000000, 0x8340})
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r7, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@ptr]}}, 0x0, 0x26, 0x0, 0x1}, 0x28)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, r5}, 0x18)
connect$can_j1939(r4, &(0x7f0000000140)={0x1d, r5, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18)
sendmmsg(r4, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5)

7.722445864s ago: executing program 3 (id=1098):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000600)={0x2, 0x3, 0x0, 0x2, 0x10, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, 'f'}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfd}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}]}, 0x80}, 0x1, 0x7}, 0x0)
landlock_create_ruleset(&(0x7f00000000c0)={0x5463, 0x0, 0x3}, 0x18, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000500)={'team0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r4, &(0x7f0000000340)='\x00', 0x1, 0x4c001, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0x7, &(0x7f0000000040)={0x6, 0x0, 0x593, 0x4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
openat$6lowpan_enable(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x68, 0x24, 0xf0b, 0x70bd2c, 0x0, {0x0, 0x0, 0x12, r2, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x38, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x100000000}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x28, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x9}]}, {0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x7f}]}, {0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xc10}]}]}]}}]}, 0x68}}, 0x20000004)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r6, 0x84, 0x83, &(0x7f0000000000)=""/4087, &(0x7f0000001080)=0xff7)
r7 = syz_usb_connect$hid(0x4, 0x36, &(0x7f0000001000)=ANY=[], 0x0)
syz_usb_control_io(r7, 0x0, 0x0)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
rt_sigaction(0x1, &(0x7f00000000c0)={&(0x7f0000000040)="f30f1efc66420f38021df5000000c482adbcaf07000000c4e1fd5aa13c9c4371c48279594bcbc4c2e93be7f2262e669f8f88a4a2e100430f12957b280000653ed9fa", 0x8000000, 0x0, {[0x9]}}, 0x0, 0x8, &(0x7f0000000200))
read$FUSE(r8, &(0x7f0000006980)={0x2020}, 0x2020)
syz_usb_control_io(r7, &(0x7f0000000000)={0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="200617", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
execveat$binfmt(0xffffffffffffffff, 0x0, &(0x7f0000000200)={[0x0, 0x0]}, &(0x7f0000000280)={[0x0]}, 0x1000)
r9 = openat$dsp(0xffffffffffffff9c, 0x0, 0x8841, 0x0)
write$dsp(r9, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000080), 0x7, 0x48200)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})

6.216254666s ago: executing program 4 (id=1101):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
r1 = syz_open_dev$vim2m(0x0, 0x1, 0x2)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x8, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x1, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$nbd(0xffffffffffffffff, 0x0, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000240)=0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
syz_open_dev$vcsu(0x0, 0x0, 0x0)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)

4.915360881s ago: executing program 5 (id=1107):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg$unix(r2, &(0x7f0000001040)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000140)=""/109, 0x6d}, {&(0x7f00000002c0)=""/177, 0xb1}, {&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/170, 0xaa}], 0x4}}, {{&(0x7f0000000200), 0x6e, &(0x7f0000000940)=[{&(0x7f0000000480)=""/191, 0xbf}, {&(0x7f0000000540)=""/152, 0x98}, {&(0x7f0000000600)=""/74, 0x4a}, {&(0x7f0000000680)=""/31, 0x1f}, {&(0x7f00000006c0)=""/202, 0xca}, {&(0x7f00000007c0)=""/218, 0xda}, {&(0x7f00000008c0)=""/109, 0x6d}], 0x7, &(0x7f0000000980)=[@cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xc0}}, {{&(0x7f0000000a80), 0x6e, &(0x7f0000000c80)=[{&(0x7f0000000b00)=""/51, 0x33}, {&(0x7f0000000b40)=""/203, 0xcb}, {&(0x7f0000002200)=""/4096, 0x1000}, {&(0x7f0000000c40)=""/43, 0x2b}], 0x4, &(0x7f0000000d00)=[@cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x100}}, {{&(0x7f0000000e40)=@abs, 0x6e, &(0x7f0000000f80)=[{&(0x7f0000000ec0)=""/135, 0x87}], 0x1, &(0x7f0000000fc0)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}], 0x50}}], 0x4, 0x2163, &(0x7f00000010c0)={0x0, 0x3938700})
r3 = syz_io_uring_setup(0x24f7, &(0x7f0000000b80)={0x0, 0x0, 0x10100, 0x0, 0x33a}, &(0x7f0000000100), &(0x7f0000000140))
io_uring_enter(r3, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x3f36, &(0x7f0000001100)={0x0, 0xdcde, 0x8, 0x1, 0x35, 0x0, r3}, &(0x7f0000003200), &(0x7f0000003240))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendfile(r6, r5, 0x0, 0x17)
r7 = fsmount(r0, 0x0, 0x0)
fchdir(r7)
setrlimit(0x1, &(0x7f0000000000))
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x20401, 0x30)
writev(r8, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x56000}], 0x1)

4.464507816s ago: executing program 3 (id=1109):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000400620180100000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000380)={0x18, &(0x7f0000000780)=ANY=[@ANYBLOB=' 1\b\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0)

3.407561758s ago: executing program 4 (id=1111):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000300)={r1, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r2, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000dfff00"}})

2.91287545s ago: executing program 5 (id=1112):
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x23})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478e"])
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ff"], 0x15)
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x5, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffffffffffe, 0x0, 0x8d], 0x10000, 0x2071c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$tun(0xffffff9c, &(0x7f0000000000), 0x4000, 0x0)

2.875892964s ago: executing program 4 (id=1113):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
removexattr(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x80086601, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000100)="16000000", 0x4}], 0x1)
fsopen(&(0x7f0000000000)='ufs\x00', 0x1)
r4 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
r6 = openat$cgroup_pressure(r5, &(0x7f0000000080)='cpu.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r6, &(0x7f0000000040)={'some', 0x20, 0x17e, 0x20, 0x100002}, 0x2f)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
write$cgroup_int(r7, &(0x7f0000000040)=0x900, 0x12)
sendmmsg$inet6(r0, &(0x7f0000000580)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}, {{&(0x7f0000000180)={0xa, 0x4e24, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, 0x1c, &(0x7f0000000400)=[{&(0x7f00000001c0)='f', 0x1}], 0x1}}], 0x2, 0x0)

2.487835098s ago: executing program 1 (id=1114):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x9c}}, 0x0)

2.382417115s ago: executing program 5 (id=1115):
r0 = io_uring_setup(0x664c, &(0x7f0000000500))
r1 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r1, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
close_range(r0, 0xffffffffffffffff, 0x0)

2.260322448s ago: executing program 5 (id=1116):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, 0x0, 0x0, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000180)=0x682, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

2.257005996s ago: executing program 1 (id=1117):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
write$6lowpan_control(0xffffffffffffffff, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00')

2.224266642s ago: executing program 3 (id=1118):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x24, &(0x7f00000000c0)={0x0, 0x13}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

2.187630235s ago: executing program 5 (id=1119):
timer_create(0x1, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0)

2.060414367s ago: executing program 1 (id=1120):
r0 = syz_open_dev$sg(&(0x7f0000000500), 0x0, 0x60603)
ioctl$SG_IO(r0, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffd, 0x6, 0x9, @buffer={0x0, 0x84, &(0x7f0000000000)=""/132}, &(0x7f0000000540)="9edf55168046", 0x0, 0x0, 0x14, 0x0, 0x0})

2.015471379s ago: executing program 1 (id=1121):
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$dlm_monitor(0xffffff9c, &(0x7f00000000c0), 0x1, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$kcm(0x29, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_sctp(0x2, 0x5, 0x84)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8)
syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x7}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000780)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x2, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000380)="06", 0x1}], 0x1}}], 0x1, 0x3404c8d4)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES16=r0, @ANYRES16], 0x1000f)

1.959362675s ago: executing program 5 (id=1122):
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$cuse(0xffffff9c, 0x0, 0x2, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10)
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmmsg$unix(r3, &(0x7f0000005100)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=""/94, 0x5e}], 0x1}}], 0x1, 0x10101, 0x0)
close(0x3)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r6 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r6, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000340)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@mcast2, 0x0, 0x0, 0x1, 0x4, 0xa, 0xb0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0xbd1, 0x0, 0x3}, {0x81, 0x2}, 0x1fffffc, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8000, 0x2b}, 0x0, @in6=@empty, 0x1, 0x0, 0x0, 0x7, 0x7, 0x0, 0x2}}, 0xe4)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x101a02, 0x0)

1.918688484s ago: executing program 1 (id=1123):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, 0x0, 0x8040)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_open_dev$dri(0x0, 0xd21, 0x4000)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_open_dev$usbmon(0x0, 0x0, 0x0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r3 = epoll_create(0x3)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000080)={0x40000002})
write$P9_RSTATu(r2, &(0x7f0000000580)=ANY=[], 0x21e)
syz_open_dev$vbi(0x0, 0x0, 0x2)
r4 = openat$sequencer(0xffffff9c, &(0x7f0000001bc0), 0x88302, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r4, 0x4004510d, &(0x7f0000000000))
ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
gettid()
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r5, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x200}, {{0x0, 0x0, 0x0}, 0x401}, {{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, 0x0}, 0x8}], 0x7, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
timer_create(0x2, &(0x7f0000000080)={0x0, 0x3c, 0x0, @thr={0x0, &(0x7f0000000100)="8700ce0bc89e8283082ccc47363814fc9bcc0e7522b190110bc257698a1f9d0981016b437d04d98d5c0f4b5dcf4c3565673606dc2d1f6e1382cddb7d0c788767f677caeaa1f8a7a37bdb7f7dc7ef27350a1f4a3a2e9e0db56a"}}, 0x0)
sendfile(r7, r6, &(0x7f0000002080)=0x64, 0x21c)

128.334351ms ago: executing program 4 (id=1124):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000004d80), 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r2, 0x1, 0x0, 0x4000000, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x28}}, 0x10)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000)

0s ago: executing program 1 (id=1125):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x200, 0x0, 'queue1\x00'})
poll(&(0x7f0000000080)=[{r0, 0x81}], 0x1, 0x2000009d)
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8)

kernel console output (not intermixed with test programs):

125]  __sock_sendmsg+0x21c/0x270
[  209.494792][ T7125]  ____sys_sendmsg+0x505/0x830
[  209.494826][ T7125]  ? __pfx_____sys_sendmsg+0x10/0x10
[  209.494864][ T7125]  ? import_iovec+0x74/0xa0
[  209.494894][ T7125]  ___sys_sendmsg+0x21f/0x2a0
[  209.494926][ T7125]  ? __pfx____sys_sendmsg+0x10/0x10
[  209.494992][ T7125]  ? __fget_files+0x2a/0x420
[  209.495012][ T7125]  ? __fget_files+0x3a0/0x420
[  209.495045][ T7125]  __x64_sys_sendmsg+0x19b/0x260
[  209.495077][ T7125]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  209.495116][ T7125]  ? __pfx_ksys_write+0x10/0x10
[  209.495131][ T7125]  ? rcu_is_watching+0x15/0xb0
[  209.495175][ T7125]  ? do_syscall_64+0xbe/0x3b0
[  209.495207][ T7125]  do_syscall_64+0xfa/0x3b0
[  209.495226][ T7125]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.495246][ T7125]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.495264][ T7125]  ? clear_bhb_loop+0x60/0xb0
[  209.495288][ T7125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.495307][ T7125] RIP: 0033:0x7f6f35d8ebe9
[  209.495324][ T7125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.495339][ T7125] RSP: 002b:00007f6f36c09038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  209.495360][ T7125] RAX: ffffffffffffffda RBX: 00007f6f35fb5fa0 RCX: 00007f6f35d8ebe9
[  209.495374][ T7125] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 000000000000001d
[  209.495385][ T7125] RBP: 00007f6f36c09090 R08: 0000000000000000 R09: 0000000000000000
[  209.495397][ T7125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.495408][ T7125] R13: 00007f6f35fb6038 R14: 00007f6f35fb5fa0 R15: 00007fffe8baea78
[  209.495438][ T7125]  </TASK>
[  212.419226][ T5857] Bluetooth: hci4: command 0x0406 tx timeout
[  212.426915][ T5841] Bluetooth: hci2: command 0x0406 tx timeout
[  212.433905][ T5837] Bluetooth: hci3: command 0x0406 tx timeout
[  212.659171][ T7155] overlay: ./file0 is not a directory
[  213.632694][ T7159] Process accounting resumed
[  214.708314][ T7176] FAULT_INJECTION: forcing a failure.
[  214.708314][ T7176] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  214.809545][ T7176] CPU: 1 UID: 0 PID: 7176 Comm: syz.0.297 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  214.809571][ T7176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  214.809582][ T7176] Call Trace:
[  214.809590][ T7176]  <TASK>
[  214.809598][ T7176]  dump_stack_lvl+0x189/0x250
[  214.809621][ T7176]  ? __pfx____ratelimit+0x10/0x10
[  214.809642][ T7176]  ? __pfx_dump_stack_lvl+0x10/0x10
[  214.809663][ T7176]  ? __pfx__printk+0x10/0x10
[  214.809686][ T7176]  ? __might_fault+0xb0/0x130
[  214.809715][ T7176]  should_fail_ex+0x414/0x560
[  214.809751][ T7176]  _copy_from_user+0x2d/0xb0
[  214.809787][ T7176]  autofs_dev_ioctl+0x136/0xb30
[  214.809818][ T7176]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[  214.809836][ T7176]  ? __fget_files+0x2a/0x420
[  214.809856][ T7176]  ? __fget_files+0x2a/0x420
[  214.809877][ T7176]  ? bpf_lsm_file_ioctl+0x9/0x20
[  214.809898][ T7176]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[  214.809918][ T7176]  __se_sys_ioctl+0xfc/0x170
[  214.809948][ T7176]  do_syscall_64+0xfa/0x3b0
[  214.809967][ T7176]  ? lockdep_hardirqs_on+0x9c/0x150
[  214.809986][ T7176]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.810004][ T7176]  ? clear_bhb_loop+0x60/0xb0
[  214.810026][ T7176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.810044][ T7176] RIP: 0033:0x7f8a6af8ebe9
[  214.810061][ T7176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.810076][ T7176] RSP: 002b:00007f8a6be4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  214.810095][ T7176] RAX: ffffffffffffffda RBX: 00007f8a6b1b5fa0 RCX: 00007f8a6af8ebe9
[  214.810106][ T7176] RDX: 0000200000000200 RSI: 00000000c018937e RDI: 0000000000000004
[  214.810123][ T7176] RBP: 00007f8a6be4f090 R08: 0000000000000000 R09: 0000000000000000
[  214.810132][ T7176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  214.810143][ T7176] R13: 00007f8a6b1b6038 R14: 00007f8a6b1b5fa0 R15: 00007ffd3346a458
[  214.810171][ T7176]  </TASK>
[  215.077613][ T7168] syz.1.295 (7168): drop_caches: 2
[  217.969255][ T5850] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  218.589774][ T5850] usb 2-1: unable to get BOS descriptor or descriptor too short
[  218.656124][ T5850] usb 2-1: not running at top speed; connect to a high speed hub
[  219.082086][ T5850] usb 2-1: config 1 interface 0 has no altsetting 0
[  219.120724][ T5850] usb 2-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  219.149206][ T5850] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.158706][ T5850] usb 2-1: Product: syz
[  219.168052][ T5850] usb 2-1: Manufacturer: syz
[  219.190444][ T5850] usb 2-1: SerialNumber: syz
[  220.622518][ T7221] fuse: Unknown parameter 'user_id00000000000000000000'
[  221.127388][ T5850] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input10
[  221.213483][ T5192] bcm5974 2-1:1.0: could not read from device
[  221.361019][ T5192] bcm5974 2-1:1.0: could not read from device
[  222.039575][ T5192] bcm5974 2-1:1.0: could not read from device
[  222.380398][ T5850] usb 2-1: USB disconnect, device number 7
[  222.381482][ T5192] bcm5974 2-1:1.0: could not read from device
[  223.100147][   T30] audit: type=1326 audit(1754590557.887:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7242 comm="syz.3.316" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc8f0b8ebe9 code=0x0
[  224.378177][ T7258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.320'.
[  224.408767][ T7258] netlink: 'syz.1.320': attribute type 32 has an invalid length.
[  224.418323][ T7258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.320'.
[  224.430196][ T7258] netlink: 'syz.1.320': attribute type 32 has an invalid length.
[  224.460994][ T5157] Bluetooth: hci4: unexpected event for opcode 0x0c1a
[  225.869662][ T5953] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  225.945136][ T7275] tipc: Started in network mode
[  225.954506][ T7275] tipc: Node identity dee8bf02997, cluster identity 4711
[  226.142776][ T7275] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  226.278173][ T5953] usb 2-1: unable to get BOS descriptor or descriptor too short
[  226.497438][ T7278] syzkaller0: entered promiscuous mode
[  226.507307][ T5953] usb 2-1: not running at top speed; connect to a high speed hub
[  226.518790][ T7278] syzkaller0: entered allmulticast mode
[  226.579971][ T5953] usb 2-1: config 1 interface 0 has no altsetting 0
[  226.613619][ T5953] usb 2-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  226.623112][ T5953] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.671239][ T7275] tipc: Resetting bearer <eth:syzkaller0>
[  226.678969][ T5953] usb 2-1: Product: syz
[  226.720688][ T5953] usb 2-1: Manufacturer: syz
[  226.727175][ T5953] usb 2-1: SerialNumber: syz
[  227.001672][ T7274] tipc: Resetting bearer <eth:syzkaller0>
[  227.207850][ T5911] tipc: Node number set to 1201192706
[  227.225537][ T7286] Invalid option length (0) for dns_resolver key
[  227.645544][ T7274] tipc: Disabling bearer <eth:syzkaller0>
[  227.671639][ T5953] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input11
[  227.745127][ T5192] bcm5974 2-1:1.0: could not read from device
[  227.834448][ T5192] bcm5974 2-1:1.0: could not read from device
[  227.888215][ T5953] usb 2-1: USB disconnect, device number 8
[  227.894671][ T5192] bcm5974 2-1:1.0: could not read from device
[  228.069327][   T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  228.144613][   T30] audit: type=1326 audit(1754590562.937:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7292 comm="syz.3.331" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc8f0b8ebe9 code=0x0
[  228.279361][   T10] usb 5-1: Using ep0 maxpacket: 32
[  228.690457][   T10] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  228.713081][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.748950][   T10] usb 5-1: Product: syz
[  228.757165][   T10] usb 5-1: Manufacturer: syz
[  228.768968][   T10] usb 5-1: SerialNumber: syz
[  228.791241][   T10] usb 5-1: config 0 descriptor??
[  228.856973][ T7303] kvm: pic: non byte write
[  229.025487][   T10] airspy 5-1:0.0: usb_control_msg() failed -32 request 09
[  229.039933][   T10] airspy 5-1:0.0: Could not detect board
[  229.042667][ T7310] (unnamed net_device) (uninitialized): up delay (7) is not a multiple of miimon (3), value rounded to 6 ms
[  229.066764][   T10] airspy 5-1:0.0: probe with driver airspy failed with error -32
[  229.077338][ T7310] (unnamed net_device) (uninitialized): down delay (7) is not a multiple of miimon (3), value rounded to 6 ms
[  229.152401][ T7310] 8021q: adding VLAN 0 to HW filter on device bond2
[  232.362198][   T10] usb 5-1: USB disconnect, device number 8
[  232.634220][ T7344] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[  232.672710][ T7344] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  233.569050][   T10] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  233.754477][ T7357] syz.3.346: attempt to access beyond end of device
[  233.754477][ T7357] loop7: rw=0, sector=0, nr_sectors = 1 limit=0
[  233.768448][ T7357] FAT-fs (loop7): unable to read boot sector
[  234.069163][ T5937] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  234.296991][ T7233] syz.2.314: vmalloc error: size 6090752, failed to allocated page array size 11896, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  234.319579][ T7233] CPU: 1 UID: 0 PID: 7233 Comm: syz.2.314 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  234.319606][ T7233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  234.319618][ T7233] Call Trace:
[  234.319626][ T7233]  <TASK>
[  234.319634][ T7233]  dump_stack_lvl+0x189/0x250
[  234.319665][ T7233]  ? __pfx_dump_stack_lvl+0x10/0x10
[  234.319694][ T7233]  ? __pfx__printk+0x10/0x10
[  234.319720][ T7233]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  234.319745][ T7233]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  234.319772][ T7233]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  234.319799][ T7233]  warn_alloc+0x214/0x310
[  234.319830][ T7233]  ? __pfx_warn_alloc+0x10/0x10
[  234.319863][ T7233]  ? __get_vm_area_node+0x28f/0x300
[  234.319884][ T7233]  ? vb2_vmalloc_alloc+0xef/0x340
[  234.319918][ T7233]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  234.319973][ T7233]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  234.320000][ T7233]  ? vb2_vmalloc_alloc+0xef/0x340
[  234.320030][ T7233]  ? __get_vm_area_node+0x28f/0x300
[  234.320052][ T7233]  ? vb2_vmalloc_alloc+0xef/0x340
[  234.320081][ T7233]  __vmalloc_node_range_noprof+0x56a/0x12f0
[  234.320104][ T7233]  ? vb2_vmalloc_alloc+0xef/0x340
[  234.320164][ T7233]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  234.320187][ T7233]  ? vb2_vmalloc_alloc+0xb2/0x340
[  234.320218][ T7233]  ? __kasan_kmalloc+0x93/0xb0
[  234.320241][ T7233]  vmalloc_user_noprof+0xad/0xf0
[  234.320263][ T7233]  ? vb2_vmalloc_alloc+0xef/0x340
[  234.320292][ T7233]  vb2_vmalloc_alloc+0xef/0x340
[  234.320321][ T7233]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  234.320349][ T7233]  __vb2_queue_alloc+0x9c2/0x15a0
[  234.320404][ T7233]  vb2_core_create_bufs+0x765/0xde0
[  234.320464][ T7233]  ? __pfx_vb2_core_create_bufs+0x10/0x10
[  234.320499][ T7233]  ? vb2_set_flags_and_caps+0x309/0x5f0
[  234.320531][ T7233]  vb2_create_bufs+0x5b9/0xae0
[  234.320564][ T7233]  ? __pfx_vb2_create_bufs+0x10/0x10
[  234.320592][ T7233]  ? v4l_sanitize_format+0x5d6/0x9f0
[  234.320628][ T7233]  v4l_create_bufs+0x193/0x2a0
[  234.320659][ T7233]  __video_do_ioctl+0xc9b/0xdb0
[  234.320705][ T7233]  ? __pfx___video_do_ioctl+0x10/0x10
[  234.320750][ T7233]  video_usercopy+0x871/0x14f0
[  234.320791][ T7233]  ? __pfx___video_do_ioctl+0x10/0x10
[  234.320819][ T7233]  ? __pfx_video_usercopy+0x10/0x10
[  234.320846][ T7233]  ? smack_file_ioctl+0x2a9/0x340
[  234.320884][ T7233]  ? __fget_files+0x2a/0x420
[  234.320905][ T7233]  ? __fget_files+0x3a0/0x420
[  234.320931][ T7233]  v4l2_ioctl+0x18a/0x1e0
[  234.320960][ T7233]  ? __pfx_v4l2_ioctl+0x10/0x10
[  234.320988][ T7233]  __se_sys_ioctl+0xfc/0x170
[  234.321019][ T7233]  do_syscall_64+0xfa/0x3b0
[  234.321041][ T7233]  ? lockdep_hardirqs_on+0x9c/0x150
[  234.321062][ T7233]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.321081][ T7233]  ? clear_bhb_loop+0x60/0xb0
[  234.321106][ T7233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.321124][ T7233] RIP: 0033:0x7fbb07f8ebe9
[  234.321143][ T7233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.321159][ T7233] RSP: 002b:00007fbb061f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  234.321179][ T7233] RAX: ffffffffffffffda RBX: 00007fbb081b5fa0 RCX: 00007fbb07f8ebe9
[  234.321194][ T7233] RDX: 00002000000002c0 RSI: 00000000c100565c RDI: 0000000000000003
[  234.321207][ T7233] RBP: 00007fbb08011e19 R08: 0000000000000000 R09: 0000000000000000
[  234.321217][ T7233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  234.321225][ T7233] R13: 00007fbb081b6038 R14: 00007fbb081b5fa0 R15: 00007ffdaeff20f8
[  234.321254][ T7233]  </TASK>
[  234.321359][ T7233] Mem-Info:
[  234.484127][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  234.485758][ T5937] usb 4-1: Using ep0 maxpacket: 16
[  234.494924][   T10] usb 2-1: not running at top speed; connect to a high speed hub
[  234.496335][ T7233] active_anon:2178 inactive_anon:8528 isolated_anon:0
[  234.496335][ T7233]  active_file:8089 inactive_file:37680 isolated_file:0
[  234.496335][ T7233]  unevictable:768 dirty:385 writeback:0
[  234.496335][ T7233]  slab_reclaimable:10094 slab_unreclaimable:99660
[  234.496335][ T7233]  mapped:33393 shmem:6127 pagetables:1412
[  234.496335][ T7233]  sec_pagetables:0 bounce:0
[  234.496335][ T7233]  kernel_misc_reclaimable:0
[  234.496335][ T7233]  free:1212825 free_pcp:26531 free_cma:0
[  234.772978][ T7233] Node 0 active_anon:8212kB inactive_anon:34112kB active_file:32152kB inactive_file:150720kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:133572kB dirty:1540kB writeback:0kB shmem:22572kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12592kB pagetables:5508kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  234.773535][   T10] usb 2-1: config 1 interface 0 has no altsetting 0
[  234.815169][ T7233] Node 1 active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  234.815361][ T5937] usb 4-1: config 0 has an invalid interface number: 48 but max is 0
[  234.856544][ T7233] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  234.885757][ T5937] usb 4-1: config 0 has no interface number 0
[  234.885802][ T5937] usb 4-1: config 0 interface 48 has no altsetting 0
[  234.898341][ T5937] usb 4-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98
[  234.902293][ T7233] lowmem_reserve[]: 0 2500
[  234.912841][   T10] usb 2-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  234.928963][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.937290][ T7233]  2502 2502 2502
[  234.942241][   T10] usb 2-1: Product: syz
[  234.946456][   T10] usb 2-1: Manufacturer: syz
[  234.952075][ T7233] Node 0 DMA32 free:936188kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1108kB inactive_anon:33872kB active_file:30388kB inactive_file:150652kB unevictable:1536kB writepending:1540kB present:3129332kB managed:2560996kB mlocked:0kB bounce:0kB free_pcp:92320kB local_pcp:55584kB free_cma:0kB
[  234.952344][ T5937] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.995625][   T10] usb 2-1: SerialNumber: syz
[  235.232965][ T7233] lowmem_reserve[]: 0 0 1 1 1
[  235.242376][ T7233] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1764kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  235.260493][ T5937] usb 4-1: Product: syz
[  235.276606][ T5937] usb 4-1: Manufacturer: syz
[  235.283236][ T5937] usb 4-1: SerialNumber: syz
[  235.315045][ T5937] usb 4-1: config 0 descriptor??
[  235.330299][ T7233] lowmem_reserve[]: 0 0 0 0 0
[  235.336759][ T7233] Node 1 Normal free:3899932kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21132kB local_pcp:3296kB free_cma:0kB
[  235.511698][   T10] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input12
[  235.519922][ T7233] lowmem_reserve[]: 0 0 0 0 0
[  235.584486][ T7233] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  235.741712][ T7233] Node 0 DMA32: 2*4kB (UM) 3*8kB (UME) 9*16kB (UME) 7*32kB (E) 5*64kB (UME) 5*128kB (UME) 1*256kB (U) 3*512kB (UME) 0*1024kB 3*2048kB (UME) 226*4096kB (M) = 934992kB
[  235.765705][ T5192] bcm5974 2-1:1.0: could not read from device
[  235.776140][ T5192] bcm5974 2-1:1.0: could not read from device
[  235.801973][ T7233] Node 0 
[  235.803746][   T10] usb 2-1: USB disconnect, device number 9
[  235.817773][ T7233] Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  235.839099][ T5192] bcm5974 2-1:1.0: could not read from device
[  235.841248][ T7233] Node 1 Normal: 182*4kB (UME) 51*8kB (UME) 36*16kB (UME) 101*32kB (UME) 30*64kB (UME) 9*128kB (UME) 3*256kB (ME) 2*512kB (ME) 1*1024kB (M) 1*2048kB (E) 949*4096kB (UM) = 3899984kB
[  235.866105][ T7233] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  235.878307][ T7233] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  235.918973][ T7233] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  235.967362][ T7233] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  236.034932][ T7233] 50001 total pagecache pages
[  236.049296][ T7233] 0 pages in swap cache
[  236.053584][ T7233] Free swap  = 124996kB
[  236.058028][ T7233] Total swap = 124996kB
[  236.068394][ T7233] 2097051 pages RAM
[  236.073094][ T7233] 0 pages HighMem/MovableOnly
[  236.077981][ T7233] 424695 pages reserved
[  236.088461][ T7233] 0 pages cma reserved
[  236.667451][ T5937] usb 4-1: USB disconnect, device number 7
[  237.274776][ T7385] netlink: 28 bytes leftover after parsing attributes in process `syz.0.350'.
[  238.448064][ T7044] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 0
[  240.755440][ T5157] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  240.755454][   T51] Bluetooth: hci5: command 0x1003 tx timeout
[  241.041258][ T7410] FAULT_INJECTION: forcing a failure.
[  241.041258][ T7410] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  241.089193][ T7410] CPU: 1 UID: 0 PID: 7410 Comm: syz.1.360 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  241.089222][ T7410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  241.089233][ T7410] Call Trace:
[  241.089240][ T7410]  <TASK>
[  241.089248][ T7410]  dump_stack_lvl+0x189/0x250
[  241.089275][ T7410]  ? __pfx____ratelimit+0x10/0x10
[  241.089295][ T7410]  ? __pfx_dump_stack_lvl+0x10/0x10
[  241.089316][ T7410]  ? __pfx__printk+0x10/0x10
[  241.089339][ T7410]  ? __might_fault+0xb0/0x130
[  241.089369][ T7410]  should_fail_ex+0x414/0x560
[  241.089394][ T7410]  _copy_from_iter+0x1db/0x16f0
[  241.089422][ T7410]  ? rcu_is_watching+0x15/0xb0
[  241.089445][ T7410]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  241.089466][ T7410]  ? __pfx__copy_from_iter+0x10/0x10
[  241.089491][ T7410]  ? __build_skb_around+0x257/0x3e0
[  241.089521][ T7410]  ? netlink_sendmsg+0x642/0xb30
[  241.089546][ T7410]  ? skb_put+0x11b/0x210
[  241.089576][ T7410]  netlink_sendmsg+0x6b2/0xb30
[  241.089611][ T7410]  ? __pfx_netlink_sendmsg+0x10/0x10
[  241.089645][ T7410]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  241.089662][ T7410]  ? __pfx_netlink_sendmsg+0x10/0x10
[  241.089689][ T7410]  __sock_sendmsg+0x21c/0x270
[  241.089715][ T7410]  ____sys_sendmsg+0x505/0x830
[  241.089749][ T7410]  ? __pfx_____sys_sendmsg+0x10/0x10
[  241.089787][ T7410]  ? import_iovec+0x74/0xa0
[  241.089816][ T7410]  ___sys_sendmsg+0x21f/0x2a0
[  241.089845][ T7410]  ? __pfx____sys_sendmsg+0x10/0x10
[  241.089911][ T7410]  ? __fget_files+0x2a/0x420
[  241.089932][ T7410]  ? __fget_files+0x3a0/0x420
[  241.089964][ T7410]  __x64_sys_sendmsg+0x19b/0x260
[  241.089995][ T7410]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  241.090033][ T7410]  ? __pfx_ksys_write+0x10/0x10
[  241.090050][ T7410]  ? rcu_is_watching+0x15/0xb0
[  241.090075][ T7410]  ? do_syscall_64+0xbe/0x3b0
[  241.090107][ T7410]  do_syscall_64+0xfa/0x3b0
[  241.090127][ T7410]  ? lockdep_hardirqs_on+0x9c/0x150
[  241.090146][ T7410]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.090165][ T7410]  ? clear_bhb_loop+0x60/0xb0
[  241.090188][ T7410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.090206][ T7410] RIP: 0033:0x7f6f35d8ebe9
[  241.090222][ T7410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  241.090240][ T7410] RSP: 002b:00007f6f36c09038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  241.090261][ T7410] RAX: ffffffffffffffda RBX: 00007f6f35fb5fa0 RCX: 00007f6f35d8ebe9
[  241.090275][ T7410] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003
[  241.090287][ T7410] RBP: 00007f6f36c09090 R08: 0000000000000000 R09: 0000000000000000
[  241.090300][ T7410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  241.090311][ T7410] R13: 00007f6f35fb6038 R14: 00007f6f35fb5fa0 R15: 00007fffe8baea78
[  241.090342][ T7410]  </TASK>
[  242.213075][   T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  242.231660][   T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  242.243770][   T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  242.271095][   T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  242.290327][   T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  242.434570][ T5850] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  242.559156][ T5953] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  242.631128][ T5850] usb 2-1: Using ep0 maxpacket: 32
[  242.654550][ T5850] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  242.669416][ T5850] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.684039][ T5850] usb 2-1: Product: syz
[  242.688446][ T5850] usb 2-1: Manufacturer: syz
[  242.694191][ T5850] usb 2-1: SerialNumber: syz
[  242.832520][ T5953] usb 1-1: unable to get BOS descriptor or descriptor too short
[  242.932713][ T5953] usb 1-1: not running at top speed; connect to a high speed hub
[  243.040323][ T5850] usb 2-1: config 0 descriptor??
[  243.138082][ T5953] usb 1-1: config 1 interface 0 has no altsetting 0
[  243.152571][ T5953] usb 1-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  243.172972][ T5953] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.199563][ T5953] usb 1-1: Product: syz
[  243.207504][ T5953] usb 1-1: Manufacturer: syz
[  243.251418][ T5953] usb 1-1: SerialNumber: syz
[  243.491586][ T5850] airspy 2-1:0.0: Board ID: 00
[  243.496548][ T5850] airspy 2-1:0.0: Firmware version: 
[  243.555420][ T5953] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input13
[  243.720818][ T5192] bcm5974 1-1:1.0: could not read from device
[  243.730425][ T5192] bcm5974 1-1:1.0: could not read from device
[  243.762301][ T5953] usb 1-1: USB disconnect, device number 5
[  244.297506][ T5192] bcm5974 1-1:1.0: could not read from device
[  244.475537][   T51] Bluetooth: hci5: command tx timeout
[  244.521602][ T7413] chnl_net:caif_netlink_parms(): no params data found
[  245.061976][ T5937] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  245.110782][ T7413] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.146461][ T7413] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.179249][ T7413] bridge_slave_0: entered allmulticast mode
[  245.210417][ T7413] bridge_slave_0: entered promiscuous mode
[  245.248439][ T5937] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  245.943511][ T5850] airspy 2-1:0.0: usb_control_msg() failed -110 request 0f
[  246.334005][ T7413] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.376990][ T7449] syz.0.369 (7449) used greatest stack depth: 19680 bytes left
[  246.377875][ T7413] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.393850][ T7413] bridge_slave_1: entered allmulticast mode
[  246.401194][ T5937] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  246.410710][ T5937] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.412229][ T5850] airspy 2-1:0.0: Registered as swradio24
[  246.419237][ T5937] usb 5-1: Product: syz
[  246.426831][ T7413] bridge_slave_1: entered promiscuous mode
[  246.430011][ T5937] usb 5-1: Manufacturer: syz
[  246.440993][ T5937] usb 5-1: SerialNumber: syz
[  246.449358][ T5937] usb 5-1: config 0 descriptor??
[  246.457989][ T5937] ims_pcu 5-1:0.0: Missing CDC union descriptor
[  246.464878][ T5937] ims_pcu 5-1:0.0: probe with driver ims_pcu failed with error -22
[  246.507557][   T51] Bluetooth: hci5: command tx timeout
[  246.546719][ T5850] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  246.854166][ T7413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  246.879306][ T7453] capability: warning: `syz.3.370' uses deprecated v2 capabilities in a way that may be insecure
[  246.890504][ T7453] netlink: 156 bytes leftover after parsing attributes in process `syz.3.370'.
[  247.013838][ T7413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  247.454349][ T7413] team0: Port device team_slave_0 added
[  247.527536][ T5856] usb 5-1: USB disconnect, device number 9
[  247.620976][ T7413] team0: Port device team_slave_1 added
[  247.636433][ T5937] usb 2-1: USB disconnect, device number 10
[  247.645025][ T5911] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  247.809957][ T7413] batman_adv: batadv0: Adding interface: batadv_slave_0
[  247.826255][ T7413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  247.839531][ T5911] usb 1-1: Using ep0 maxpacket: 32
[  247.867200][ T7413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  247.889926][ T5911] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  247.905662][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.932163][ T5911] usb 1-1: Product: syz
[  247.964337][ T5911] usb 1-1: Manufacturer: syz
[  247.985665][ T5911] usb 1-1: SerialNumber: syz
[  248.006444][ T5911] usb 1-1: config 0 descriptor??
[  248.015009][ T7044] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.579299][   T51] Bluetooth: hci5: command tx timeout
[  248.599533][ T5911] airspy 1-1:0.0: usb_control_msg() failed -32 request 09
[  248.609387][ T7413] batman_adv: batadv0: Adding interface: batadv_slave_1
[  248.703204][ T7413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  248.730664][ T5911] airspy 1-1:0.0: Could not detect board
[  248.737812][ T5911] airspy 1-1:0.0: probe with driver airspy failed with error -32
[  248.748662][ T7413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  249.060216][ T7044] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.344626][ T7044] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.378314][ T7482] overlay: Bad value for 'workdir'
[  250.659099][   T51] Bluetooth: hci5: command tx timeout
[  251.067848][ T7413] hsr_slave_0: entered promiscuous mode
[  251.112125][ T7413] hsr_slave_1: entered promiscuous mode
[  251.156302][ T7413] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  251.207834][ T7413] Cannot create hsr debugfs directory
[  251.435540][ T5856] usb 1-1: USB disconnect, device number 6
[  251.814872][ T7044] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.828090][ T7511] ubi31: attaching mtd0
[  252.835965][ T7511] ubi31: scanning is finished
[  252.841822][ T7511] ubi31: empty MTD device detected
[  253.109863][ T7511] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  253.110039][ T7044] bridge_slave_1: left allmulticast mode
[  253.118529][ T7511] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  253.118573][ T7511] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  253.118588][ T7511] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  253.118604][ T7511] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  253.118621][ T7511] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  253.118636][ T7511] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 135015621
[  253.186620][ T7511] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  253.211469][ T7516] ubi31: background thread "ubi_bgt31d" started, PID 7516
[  253.951869][ T7044] bridge_slave_1: left promiscuous mode
[  254.156999][ T7044] bridge0: port 2(bridge_slave_1) entered disabled state
[  254.389044][ T7044] bridge_slave_0: left allmulticast mode
[  254.417784][ T7044] bridge_slave_0: left promiscuous mode
[  254.438414][ T7044] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.969381][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  255.978044][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  256.439977][ T7525] netlink: 268 bytes leftover after parsing attributes in process `syz.1.385'.
[  256.539333][   T43] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  256.589992][ T7044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  256.604316][ T7044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  256.614885][ T7044] bond0 (unregistering): Released all slaves
[  256.671238][ T7525] netlink: 12 bytes leftover after parsing attributes in process `syz.1.385'.
[  256.718987][   T43] usb 4-1: Using ep0 maxpacket: 32
[  256.772013][   T43] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  256.787484][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.815339][   T43] usb 4-1: Product: syz
[  256.820131][   T43] usb 4-1: Manufacturer: syz
[  256.829442][   T43] usb 4-1: SerialNumber: syz
[  256.892399][   T43] usb 4-1: config 0 descriptor??
[  258.065455][   T43] airspy 4-1:0.0: Board ID: 00
[  258.135806][   T43] airspy 4-1:0.0: Firmware version: 
[  260.390350][ T7413] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  260.578531][ T7413] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  261.062281][   T43] airspy 4-1:0.0: usb_control_msg() failed -110 request 0f
[  261.506534][   T43] airspy 4-1:0.0: Registered as swradio24
[  261.519003][   T43] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  261.611016][ T7413] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  261.646001][   T43] usb 4-1: USB disconnect, device number 8
[  261.948755][ T7413] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  262.062056][ T7044] hsr_slave_0: left promiscuous mode
[  262.091457][ T7044] hsr_slave_1: left promiscuous mode
[  262.097863][ T7044] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  262.136964][ T7044] batman_adv: batadv0: Removing interface: batadv_slave_0
[  262.245983][ T7044] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  262.295318][ T7044] batman_adv: batadv0: Removing interface: batadv_slave_1
[  262.412391][ T7044] veth1_macvtap: left promiscuous mode
[  262.447293][ T7044] veth0_macvtap: left promiscuous mode
[  262.466213][ T7044] veth1_vlan: left promiscuous mode
[  262.475382][ T7044] veth0_vlan: left promiscuous mode
[  263.662424][   T51] Bluetooth: hci2: unexpected event for opcode 0x0c1a
[  265.481239][ T7044] team0 (unregistering): Port device team_slave_1 removed
[  266.219872][ T7044] team0 (unregistering): Port device team_slave_0 removed
[  267.057411][   T51] Bluetooth: hci2: unexpected event for opcode 0x0c1a
[  268.507189][ T7413] 8021q: adding VLAN 0 to HW filter on device bond0
[  268.613846][ T7413] 8021q: adding VLAN 0 to HW filter on device team0
[  268.642772][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.650004][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  268.722053][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.729333][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  269.117199][ T7650] syz.0.407: attempt to access beyond end of device
[  269.117199][ T7650] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[  269.131811][ T7650] FAT-fs (loop1): unable to read boot sector
[  269.664946][ T1210] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  269.849192][ T1210] usb 1-1: Using ep0 maxpacket: 16
[  269.922509][ T1210] usb 1-1: config 0 has an invalid interface number: 48 but max is 0
[  269.973478][ T1210] usb 1-1: config 0 has no interface number 0
[  270.233302][ T1210] usb 1-1: config 0 interface 48 has no altsetting 0
[  270.471451][ T1210] usb 1-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98
[  270.923881][ T1162] Bluetooth: hci1: received HCILL_GO_TO_SLEEP_ACK in state 1
[  270.929161][ T1210] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.979220][ T1102] Bluetooth: hci1: Frame reassembly failed (-84)
[  270.986792][ T1210] usb 1-1: Product: syz
[  271.027179][ T1210] usb 1-1: Manufacturer: syz
[  271.044180][ T1210] usb 1-1: SerialNumber: syz
[  271.087542][ T1210] usb 1-1: config 0 descriptor??
[  271.126986][ T7413] 8021q: adding VLAN 0 to HW filter on device batadv0
[  272.670201][ T5157] Bluetooth: hci1: command 0x1003 tx timeout
[  272.677010][   T51] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  272.799774][ T5850] usb 1-1: USB disconnect, device number 7
[  273.066452][   T10] kernel write not supported for file bpf-prog (pid: 10 comm: kworker/0:1)
[  273.139968][ T5937] kernel write not supported for file bpf-prog (pid: 5937 comm: kworker/1:6)
[  273.198144][ T5850] kernel write not supported for file bpf-prog (pid: 5850 comm: kworker/0:4)
[  273.251009][ T5850] kernel write not supported for file bpf-prog (pid: 5850 comm: kworker/0:4)
[  273.319322][ T5850] kernel write not supported for file bpf-prog (pid: 5850 comm: kworker/0:4)
[  273.373179][ T5850] kernel write not supported for file bpf-prog (pid: 5850 comm: kworker/0:4)
[  273.421638][ T5850] kernel write not supported for file bpf-prog (pid: 5850 comm: kworker/0:4)
[  273.556346][ T5850] kernel write not supported for file bpf-prog (pid: 5850 comm: kworker/0:4)
[  274.873971][ T7413] veth0_vlan: entered promiscuous mode
[  275.380286][ T7413] veth1_vlan: entered promiscuous mode
[  275.439296][ T7707] netlink: 28 bytes leftover after parsing attributes in process `syz.4.420'.
[  275.565818][ T7413] veth0_macvtap: entered promiscuous mode
[  275.652684][ T7413] veth1_macvtap: entered promiscuous mode
[  275.770209][ T7413] batman_adv: batadv0: Interface activated: batadv_slave_0
[  275.803871][ T7413] batman_adv: batadv0: Interface activated: batadv_slave_1
[  275.866479][ T7413] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  276.404908][ T7413] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  276.415476][ T7413] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  276.439176][ T7413] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  279.101549][ T2948] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  279.285449][ T2948] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  279.530794][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  279.999076][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  281.404734][ T7768] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  281.932550][ T7771] netlink: 20 bytes leftover after parsing attributes in process `syz.5.356'.
[  284.521364][ T7803] FAULT_INJECTION: forcing a failure.
[  284.521364][ T7803] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  284.535973][ T7803] CPU: 0 UID: 0 PID: 7803 Comm: syz.5.437 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  284.535999][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  284.536011][ T7803] Call Trace:
[  284.536020][ T7803]  <TASK>
[  284.536028][ T7803]  dump_stack_lvl+0x189/0x250
[  284.536055][ T7803]  ? __pfx____ratelimit+0x10/0x10
[  284.536076][ T7803]  ? __pfx_dump_stack_lvl+0x10/0x10
[  284.536097][ T7803]  ? __pfx__printk+0x10/0x10
[  284.536125][ T7803]  ? __pfx_migrate_enable+0x10/0x10
[  284.536156][ T7803]  should_fail_ex+0x414/0x560
[  284.536182][ T7803]  _copy_to_user+0x31/0xb0
[  284.536211][ T7803]  generic_map_lookup_batch+0x896/0xcc0
[  284.536253][ T7803]  ? __pfx_generic_map_lookup_batch+0x10/0x10
[  284.536277][ T7803]  ? __fget_files+0x2a/0x420
[  284.536304][ T7803]  ? __pfx_generic_map_lookup_batch+0x10/0x10
[  284.536330][ T7803]  bpf_map_do_batch+0x25b/0x5f0
[  284.536348][ T7803]  ? security_bpf+0x7e/0x300
[  284.536374][ T7803]  __sys_bpf+0x70c/0x860
[  284.536403][ T7803]  ? __pfx___sys_bpf+0x10/0x10
[  284.536462][ T7803]  __x64_sys_bpf+0x7c/0x90
[  284.536487][ T7803]  do_syscall_64+0xfa/0x3b0
[  284.536511][ T7803]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.536530][ T7803]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  284.536548][ T7803]  ? clear_bhb_loop+0x60/0xb0
[  284.536572][ T7803]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.536590][ T7803] RIP: 0033:0x7f2923d8ebe9
[  284.536608][ T7803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  284.536625][ T7803] RSP: 002b:00007f2924c76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  284.536646][ T7803] RAX: ffffffffffffffda RBX: 00007f2923fb6180 RCX: 00007f2923d8ebe9
[  284.536669][ T7803] RDX: 0000000000000038 RSI: 00002000000003c0 RDI: 0000000000000018
[  284.536682][ T7803] RBP: 00007f2924c76090 R08: 0000000000000000 R09: 0000000000000000
[  284.536695][ T7803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  284.536707][ T7803] R13: 00007f2923fb6218 R14: 00007f2923fb6180 R15: 00007ffd85b7d7d8
[  284.536739][ T7803]  </TASK>
[  286.815567][ T7826] syz.4.442: attempt to access beyond end of device
[  286.815567][ T7826] loop9: rw=0, sector=0, nr_sectors = 1 limit=0
[  286.828587][ T7826] FAT-fs (loop9): unable to read boot sector
[  287.309107][   T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  287.569479][   T24] usb 5-1: Using ep0 maxpacket: 16
[  287.618030][   T24] usb 5-1: config 0 has an invalid interface number: 48 but max is 0
[  287.648411][   T24] usb 5-1: config 0 has no interface number 0
[  287.665106][   T24] usb 5-1: config 0 interface 48 has no altsetting 0
[  287.677338][   T24] usb 5-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98
[  287.677370][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.677390][   T24] usb 5-1: Product: syz
[  287.677404][   T24] usb 5-1: Manufacturer: syz
[  287.677418][   T24] usb 5-1: SerialNumber: syz
[  287.680643][   T24] usb 5-1: config 0 descriptor??
[  289.386590][ T1162] Bluetooth: hci1: received HCILL_GO_TO_SLEEP_ACK in state 0
[  289.540138][ T5904] usb 5-1: USB disconnect, device number 10
[  291.509402][   T51] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  292.614337][ T5157] Bluetooth: hci4: unexpected event for opcode 0x0c1a
[  294.295961][ T7908] FAULT_INJECTION: forcing a failure.
[  294.295961][ T7908] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  294.309192][ T7908] CPU: 0 UID: 0 PID: 7908 Comm: syz.3.459 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  294.309217][ T7908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  294.309229][ T7908] Call Trace:
[  294.309237][ T7908]  <TASK>
[  294.309245][ T7908]  dump_stack_lvl+0x189/0x250
[  294.309280][ T7908]  ? __pfx____ratelimit+0x10/0x10
[  294.309301][ T7908]  ? __pfx_dump_stack_lvl+0x10/0x10
[  294.309323][ T7908]  ? __pfx__printk+0x10/0x10
[  294.309351][ T7908]  ? __might_fault+0xb0/0x130
[  294.309379][ T7908]  should_fail_ex+0x414/0x560
[  294.309405][ T7908]  _copy_from_user+0x2d/0xb0
[  294.309432][ T7908]  ___sys_sendmsg+0x158/0x2a0
[  294.309465][ T7908]  ? __pfx____sys_sendmsg+0x10/0x10
[  294.309532][ T7908]  ? __fget_files+0x2a/0x420
[  294.309553][ T7908]  ? __fget_files+0x3a0/0x420
[  294.309586][ T7908]  __x64_sys_sendmsg+0x19b/0x260
[  294.309618][ T7908]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  294.309666][ T7908]  ? do_syscall_64+0xbe/0x3b0
[  294.309692][ T7908]  do_syscall_64+0xfa/0x3b0
[  294.309714][ T7908]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.309733][ T7908]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  294.309752][ T7908]  ? clear_bhb_loop+0x60/0xb0
[  294.309775][ T7908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.309794][ T7908] RIP: 0033:0x7fc8f0b8ebe9
[  294.309811][ T7908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  294.309828][ T7908] RSP: 002b:00007fc8f19b8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  294.309849][ T7908] RAX: ffffffffffffffda RBX: 00007fc8f0db6180 RCX: 00007fc8f0b8ebe9
[  294.309864][ T7908] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000008
[  294.309876][ T7908] RBP: 00007fc8f19b8090 R08: 0000000000000000 R09: 0000000000000000
[  294.309888][ T7908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  294.309900][ T7908] R13: 00007fc8f0db6218 R14: 00007fc8f0db6180 R15: 00007ffee32e59e8
[  294.309932][ T7908]  </TASK>
[  295.701404][ T7923] overlayfs: failed to resolve './file0': -2
[  299.765591][ T5157] Bluetooth: hci3: unexpected event for opcode 0x0c1a
[  302.987515][ T7990] syz.0.473: attempt to access beyond end of device
[  302.987515][ T7990] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[  303.000640][ T7990] FAT-fs (loop1): unable to read boot sector
[  303.945560][   T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  304.199382][ T7997] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  304.206197][ T7997] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  304.222838][ T8000] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(6)
[  304.229505][ T8000] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  304.242424][ T8000] vhci_hcd vhci_hcd.0: Device attached
[  304.274391][ T7997] vhci_hcd vhci_hcd.0: Device attached
[  304.283307][   T10] usb 1-1: Using ep0 maxpacket: 16
[  304.311300][   T10] usb 1-1: config 0 has an invalid interface number: 48 but max is 0
[  304.329010][   T10] usb 1-1: config 0 has no interface number 0
[  304.352150][ T7997] i2c i2c-0: Invalid block write size 35
[  304.358687][ T7998] vhci_hcd: connection closed
[  304.359799][   T10] usb 1-1: config 0 interface 48 has no altsetting 0
[  304.379055][   T12] vhci_hcd: stop threads
[  304.384752][   T12] vhci_hcd: release socket
[  304.385814][ T8002] vhci_hcd: connection closed
[  304.406033][   T12] vhci_hcd: disconnect device
[  304.432021][   T10] usb 1-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98
[  304.459395][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.467456][   T10] usb 1-1: Product: syz
[  304.518720][   T12] vhci_hcd: stop threads
[  304.522867][   T10] usb 1-1: Manufacturer: syz
[  304.523195][   T12] vhci_hcd: release socket
[  304.527757][   T10] usb 1-1: SerialNumber: syz
[  304.565684][   T12] vhci_hcd: disconnect device
[  304.587911][   T10] usb 1-1: config 0 descriptor??
[  304.835308][ T8016] netlink: 28 bytes leftover after parsing attributes in process `syz.1.480'.
[  306.059399][ T5904] usb 1-1: USB disconnect, device number 8
[  307.808105][ T5157] Bluetooth: hci3: unexpected event for opcode 0x0c1a
[  308.758947][   T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  309.493538][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  309.504833][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  309.515314][   T10] usb 6-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  310.170081][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.178179][   T10] usb 6-1: Product: syz
[  310.183978][   T10] usb 6-1: Manufacturer: syz
[  310.188621][   T10] usb 6-1: SerialNumber: syz
[  310.336576][   T10] usb 6-1: config 0 descriptor??
[  310.350319][   T10] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  310.370264][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  310.402925][   T10] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  310.506149][   T10] usb 6-1: media controller created
[  310.657936][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  310.925543][   T10] DVB: Unable to find symbol tda10046_attach()
[  310.948120][   T10] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  310.983376][   T10] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  311.382014][ T8100] netlink: 'syz.3.495': attribute type 10 has an invalid length.
[  311.393493][ T8100] netlink: 40 bytes leftover after parsing attributes in process `syz.3.495'.
[  311.404133][ T8100] bond0: entered promiscuous mode
[  311.411848][ T8100] bond_slave_0: entered promiscuous mode
[  311.422445][ T8100] bond_slave_1: entered promiscuous mode
[  311.449825][ T8100] bond0: entered allmulticast mode
[  311.456662][ T8100] bond_slave_0: entered allmulticast mode
[  311.467315][ T8100] bond_slave_1: entered allmulticast mode
[  311.519016][ T8100] bridge0: port 3(bond0) entered blocking state
[  311.536945][ T8100] bridge0: port 3(bond0) entered disabled state
[  311.709339][ T8100] bridge0: port 3(bond0) entered blocking state
[  311.716117][ T8100] bridge0: port 3(bond0) entered forwarding state
[  312.130128][ T8107] overlayfs: missing 'lowerdir'
[  313.035155][   T10] dvb_usb_m920x 6-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  313.119906][   T10] usb 6-1: USB disconnect, device number 2
[  313.232676][ T8119] netlink: 28 bytes leftover after parsing attributes in process `syz.0.499'.
[  313.582331][   T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  313.829674][   T24] usb 4-1: Using ep0 maxpacket: 8
[  313.902426][   T24] usb 4-1: config 0 has an invalid interface number: 97 but max is 0
[  314.085059][   T24] usb 4-1: config 0 has no interface number 0
[  314.095624][   T24] usb 4-1: New USB device found, idVendor=17cc, idProduct=1000, bcdDevice=17.22
[  314.107016][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.115655][   T24] usb 4-1: Product: syz
[  314.120649][   T24] usb 4-1: Manufacturer: syz
[  314.125530][   T24] usb 4-1: SerialNumber: syz
[  314.139602][   T24] usb 4-1: config 0 descriptor??
[  314.517771][ T8137] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  314.542886][ T8137] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  315.309046][   T24] snd-usb-audio 4-1:0.97: probe with driver snd-usb-audio failed with error -110
[  315.466645][ T5157] Bluetooth: hci2: unexpected event for opcode 0x0c1a
[  316.525662][   T24] usb 4-1: USB disconnect, device number 9
[  317.387348][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  317.870365][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  320.399507][ T8177] overlayfs: missing 'lowerdir'
[  322.941951][ T8214] netlink: 28 bytes leftover after parsing attributes in process `syz.0.517'.
[  324.939920][ T5157] Bluetooth: hci4: command 0x0406 tx timeout
[  325.851756][ T5157] Bluetooth: hci2: unexpected event for opcode 0x0c1a
[  327.761368][   T30] audit: type=1326 audit(1754590662.557:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8273 comm="syz.5.528" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2923d8ebe9 code=0x0
[  329.637641][ T8299] netlink: 28 bytes leftover after parsing attributes in process `syz.5.532'.
[  330.709474][ T5937] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  330.999000][ T5937] usb 4-1: Using ep0 maxpacket: 16
[  331.078557][ T5937] usb 4-1: config 0 has no interfaces?
[  331.129072][ T5937] usb 4-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  331.268954][ T5937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.411020][ T5937] usb 4-1: config 0 descriptor??
[  331.477113][ T8317] kvm: pic: non byte write
[  331.640052][ T8322] netlink: 20 bytes leftover after parsing attributes in process `syz.0.538'.
[  331.650108][ T8322] netlink: 152 bytes leftover after parsing attributes in process `syz.0.538'.
[  331.749032][ T5904] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  331.761509][ T8322] A link change request failed with some changes committed already. Interface macvlan1 may have been left with an inconsistent configuration, please check.
[  332.119077][ T5904] usb 2-1: Using ep0 maxpacket: 32
[  332.130784][ T5904] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  332.142264][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.199234][ T5904] usb 2-1: Product: syz
[  332.216457][ T5904] usb 2-1: Manufacturer: syz
[  332.244314][ T5904] usb 2-1: SerialNumber: syz
[  332.275595][ T5904] usb 2-1: config 0 descriptor??
[  332.500558][ T5904] airspy 2-1:0.0: usb_control_msg() failed -32 request 09
[  332.507714][ T5904] airspy 2-1:0.0: Could not detect board
[  332.541490][ T5904] airspy 2-1:0.0: probe with driver airspy failed with error -32
[  334.599341][ T5856] usb 4-1: USB disconnect, device number 10
[  334.965837][   T30] audit: type=1326 audit(1754590669.737:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8340 comm="syz.5.542" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2923d8ebe9 code=0x0
[  335.561508][ T1210] usb 2-1: USB disconnect, device number 11
[  338.441354][ T8374] netlink: 28 bytes leftover after parsing attributes in process `syz.1.547'.
[  339.409182][   T43] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  339.592487][   T43] usb 6-1: Using ep0 maxpacket: 8
[  339.667027][   T43] usb 6-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=a8.17
[  339.679466][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.697862][   T43] usb 6-1: Product: syz
[  339.708251][   T43] usb 6-1: Manufacturer: syz
[  339.718155][   T43] usb 6-1: SerialNumber: syz
[  339.749794][   T43] usb 6-1: config 0 descriptor??
[  339.770027][   T43] gspca_main: jeilinj-2.14.0 probing 0979:0270
[  340.018450][   T43] usb 6-1: USB disconnect, device number 3
[  340.170157][ T5856] usb 4-1: new low-speed USB device number 11 using dummy_hcd
[  340.329226][ T5856] usb 4-1: device descriptor read/64, error -71
[  340.640572][   T30] audit: type=1326 audit(1754590675.357:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8407 comm="syz.1.554" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6f35d8ebe9 code=0x0
[  340.748988][ T5856] usb 4-1: new low-speed USB device number 12 using dummy_hcd
[  340.870863][   T30] audit: type=1326 audit(1754590675.667:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8409 comm="syz.0.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6af8ebe9 code=0x7ffc0000
[  340.914070][   T30] audit: type=1326 audit(1754590675.667:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8409 comm="syz.0.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6af8ebe9 code=0x7ffc0000
[  340.964078][   T30] audit: type=1326 audit(1754590675.667:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8409 comm="syz.0.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f8a6af8ebe9 code=0x7ffc0000
[  340.986344][ T5856] usb 4-1: device descriptor read/64, error -71
[  341.015438][   T30] audit: type=1326 audit(1754590675.667:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8409 comm="syz.0.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6af8ebe9 code=0x7ffc0000
[  341.075515][   T30] audit: type=1326 audit(1754590675.667:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8409 comm="syz.0.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6af8ebe9 code=0x7ffc0000
[  341.104489][ T5856] usb usb4-port1: attempt power cycle
[  341.126995][   T30] audit: type=1326 audit(1754590675.687:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8409 comm="syz.0.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f8a6af8ebe9 code=0x7ffc0000
[  341.207908][   T30] audit: type=1326 audit(1754590675.687:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8409 comm="syz.0.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6af8ebe9 code=0x7ffc0000
[  341.328096][   T30] audit: type=1326 audit(1754590675.687:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8409 comm="syz.0.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6af8ebe9 code=0x7ffc0000
[  341.459224][ T5856] usb 4-1: new low-speed USB device number 13 using dummy_hcd
[  341.488374][   T30] audit: type=1326 audit(1754590675.687:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8409 comm="syz.0.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f8a6af8ebe9 code=0x7ffc0000
[  341.543283][ T5856] usb 4-1: device descriptor read/8, error -71
[  341.618830][ T8418] overlayfs: missing 'workdir'
[  341.809283][ T5856] usb 4-1: new low-speed USB device number 14 using dummy_hcd
[  341.871038][ T5856] usb 4-1: device descriptor read/8, error -71
[  342.009441][ T5856] usb usb4-port1: unable to enumerate USB device
[  342.112106][ T8430] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3095845638 (6191691276 ns) > initial count (2153350536 ns). Using initial count to start timer.
[  342.158768][ T8433] kvm: pic: non byte write
[  346.498440][ T8486] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[  347.010912][ T8499] ubi: mtd0 is already attached to ubi31
[  347.746929][ T8502] FAULT_INJECTION: forcing a failure.
[  347.746929][ T8502] name failslab, interval 1, probability 0, space 0, times 0
[  347.760389][ T8502] CPU: 0 UID: 0 PID: 8502 Comm: syz.5.575 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  347.760413][ T8502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  347.760426][ T8502] Call Trace:
[  347.760434][ T8502]  <TASK>
[  347.760443][ T8502]  dump_stack_lvl+0x189/0x250
[  347.760464][ T8502]  ? __pfx____ratelimit+0x10/0x10
[  347.760476][ T8502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  347.760488][ T8502]  ? __pfx__printk+0x10/0x10
[  347.760504][ T8502]  ? __pfx___might_resched+0x10/0x10
[  347.760515][ T8502]  ? fs_reclaim_acquire+0x7d/0x100
[  347.760530][ T8502]  should_fail_ex+0x414/0x560
[  347.760544][ T8502]  should_failslab+0xa8/0x100
[  347.760556][ T8502]  __kmalloc_cache_noprof+0x70/0x3d0
[  347.760566][ T8502]  ? drm_atomic_state_alloc+0xa9/0x100
[  347.760579][ T8502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.760591][ T8502]  drm_atomic_state_alloc+0xa9/0x100
[  347.760605][ T8502]  drm_mode_atomic_ioctl+0x437/0xcb0
[  347.760630][ T8502]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  347.760657][ T8502]  ? do_raw_spin_unlock+0x122/0x240
[  347.760673][ T8502]  ? _raw_spin_unlock+0x28/0x50
[  347.760689][ T8502]  ? drm_is_current_master+0x19f/0x200
[  347.760700][ T8502]  drm_ioctl_kernel+0x2cf/0x390
[  347.760712][ T8502]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  347.760727][ T8502]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  347.760743][ T8502]  drm_ioctl+0x67f/0xb10
[  347.760753][ T8502]  ? smk_tskacc+0x2fc/0x370
[  347.760769][ T8502]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  347.760788][ T8502]  ? __pfx_drm_ioctl+0x10/0x10
[  347.760805][ T8502]  ? tomoyo_path_number_perm+0xc/0x5a0
[  347.760818][ T8502]  ? bpf_lsm_file_ioctl+0x9/0x20
[  347.760830][ T8502]  ? __pfx_drm_ioctl+0x10/0x10
[  347.760841][ T8502]  __se_sys_ioctl+0xfc/0x170
[  347.760857][ T8502]  do_syscall_64+0xfa/0x3b0
[  347.760870][ T8502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.760879][ T8502]  ? asm_sysvec_call_function_single+0x1a/0x20
[  347.760889][ T8502]  ? clear_bhb_loop+0x60/0xb0
[  347.760901][ T8502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.760910][ T8502] RIP: 0033:0x7f2923d8ebe9
[  347.760920][ T8502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.760930][ T8502] RSP: 002b:00007f2924c97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  347.760941][ T8502] RAX: ffffffffffffffda RBX: 00007f2923fb6090 RCX: 00007f2923d8ebe9
[  347.760949][ T8502] RDX: 0000200000000380 RSI: 00000000c03864bc RDI: 0000000000000007
[  347.760956][ T8502] RBP: 00007f2924c97090 R08: 0000000000000000 R09: 0000000000000000
[  347.760962][ T8502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  347.760968][ T8502] R13: 00007f2923fb6128 R14: 00007f2923fb6090 R15: 00007ffd85b7d7d8
[  347.760984][ T8502]  </TASK>
[  348.401056][ T8496] loop8: detected capacity change from 0 to 16384
[  348.641606][ T8496] loop8: detected capacity change from 16384 to 16383
[  351.029079][ T5904] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  351.254652][ T5904] usb 6-1: Using ep0 maxpacket: 32
[  351.281014][ T5904] usb 6-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  351.290993][ T5904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.550936][ T5904] usb 6-1: Product: syz
[  351.555937][ T5904] usb 6-1: Manufacturer: syz
[  351.561100][ T5904] usb 6-1: SerialNumber: syz
[  351.577335][ T5904] usb 6-1: config 0 descriptor??
[  351.739087][ T5850] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  351.919120][ T5850] usb 4-1: device descriptor read/64, error -71
[  351.997754][ T5904] airspy 6-1:0.0: Board ID: 00
[  352.004246][ T5904] airspy 6-1:0.0: Firmware version: 
[  352.238977][ T5850] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  352.268712][ T8565] FAULT_INJECTION: forcing a failure.
[  352.268712][ T8565] name failslab, interval 1, probability 0, space 0, times 0
[  352.281664][ T8565] CPU: 0 UID: 0 PID: 8565 Comm: syz.0.586 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  352.281679][ T8565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  352.281686][ T8565] Call Trace:
[  352.281691][ T8565]  <TASK>
[  352.281695][ T8565]  dump_stack_lvl+0x189/0x250
[  352.281778][ T8565]  ? __pfx____ratelimit+0x10/0x10
[  352.281790][ T8565]  ? __pfx_dump_stack_lvl+0x10/0x10
[  352.281802][ T8565]  ? __pfx__printk+0x10/0x10
[  352.281818][ T8565]  ? __pfx___might_resched+0x10/0x10
[  352.281829][ T8565]  ? fs_reclaim_acquire+0x7d/0x100
[  352.281844][ T8565]  should_fail_ex+0x414/0x560
[  352.281865][ T8565]  should_failslab+0xa8/0x100
[  352.281878][ T8565]  __kmalloc_noprof+0xcb/0x4f0
[  352.281886][ T8565]  ? kfree+0x4d/0x440
[  352.281900][ T8565]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  352.281917][ T8565]  tomoyo_realpath_from_path+0xe3/0x5d0
[  352.281931][ T8565]  ? tomoyo_domain+0xda/0x130
[  352.281948][ T8565]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  352.281960][ T8565]  tomoyo_path_number_perm+0x1e8/0x5a0
[  352.281974][ T8565]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  352.281994][ T8565]  ? __lock_acquire+0xab9/0xd20
[  352.282015][ T8565]  ? __fget_files+0x2a/0x420
[  352.282029][ T8565]  ? __fget_files+0x2a/0x420
[  352.282039][ T8565]  ? __fget_files+0x3a0/0x420
[  352.282049][ T8565]  ? __fget_files+0x2a/0x420
[  352.282062][ T8565]  security_file_ioctl+0xcb/0x2d0
[  352.282075][ T8565]  __se_sys_ioctl+0x47/0x170
[  352.282092][ T8565]  do_syscall_64+0xfa/0x3b0
[  352.282103][ T8565]  ? lockdep_hardirqs_on+0x9c/0x150
[  352.282114][ T8565]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.282124][ T8565]  ? clear_bhb_loop+0x60/0xb0
[  352.282136][ T8565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.282146][ T8565] RIP: 0033:0x7f8a6af8ebe9
[  352.282156][ T8565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.282165][ T8565] RSP: 002b:00007f8a6be0d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  352.282177][ T8565] RAX: ffffffffffffffda RBX: 00007f8a6b1b6180 RCX: 00007f8a6af8ebe9
[  352.282185][ T8565] RDX: 0000200000000040 RSI: 000000008028640c RDI: 0000000000000006
[  352.282192][ T8565] RBP: 00007f8a6be0d090 R08: 0000000000000000 R09: 0000000000000000
[  352.282198][ T8565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  352.282204][ T8565] R13: 00007f8a6b1b6218 R14: 00007f8a6b1b6180 R15: 00007ffd3346a458
[  352.282221][ T8565]  </TASK>
[  352.282247][ T8565] ERROR: Out of memory at tomoyo_realpath_from_path.
[  352.669802][ T5850] usb 4-1: device descriptor read/64, error -71
[  352.981362][ T5850] usb usb4-port1: attempt power cycle
[  353.450363][ T5904] airspy 6-1:0.0: usb_control_msg() failed -71 request 0f
[  353.480297][ T5904] airspy 6-1:0.0: Registered as swradio24
[  353.509425][ T5904] airspy 6-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  353.559398][ T5904] usb 6-1: USB disconnect, device number 4
[  353.709330][ T5850] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  353.756465][ T5850] usb 4-1: device descriptor read/8, error -71
[  354.102585][ T5850] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  354.544652][ T5850] usb 4-1: device descriptor read/8, error -71
[  354.683066][ T5850] usb usb4-port1: unable to enumerate USB device
[  358.619018][ T5954] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  358.714190][ T8647] FAULT_INJECTION: forcing a failure.
[  358.714190][ T8647] name failslab, interval 1, probability 0, space 0, times 0
[  358.761460][ T8647] CPU: 1 UID: 0 PID: 8647 Comm: syz.3.603 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  358.761477][ T8647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  358.761484][ T8647] Call Trace:
[  358.761489][ T8647]  <TASK>
[  358.761493][ T8647]  dump_stack_lvl+0x189/0x250
[  358.761510][ T8647]  ? __pfx____ratelimit+0x10/0x10
[  358.761521][ T8647]  ? __pfx_dump_stack_lvl+0x10/0x10
[  358.761535][ T8647]  ? __pfx__printk+0x10/0x10
[  358.761555][ T8647]  ? __pfx___might_resched+0x10/0x10
[  358.761566][ T8647]  ? fs_reclaim_acquire+0x7d/0x100
[  358.761581][ T8647]  should_fail_ex+0x414/0x560
[  358.761595][ T8647]  should_failslab+0xa8/0x100
[  358.761607][ T8647]  kmem_cache_alloc_noprof+0x73/0x3c0
[  358.761616][ T8647]  ? alloc_empty_file+0x55/0x1d0
[  358.761632][ T8647]  alloc_empty_file+0x55/0x1d0
[  358.761645][ T8647]  alloc_file_pseudo+0x13d/0x210
[  358.761660][ T8647]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  358.761671][ T8647]  ? evm_inode_alloc_security+0x40/0xb0
[  358.761684][ T8647]  ? security_inode_alloc+0xd5/0x330
[  358.761705][ T8647]  sock_alloc_file+0xb8/0x2e0
[  358.761719][ T8647]  do_accept+0x34b/0x680
[  358.761735][ T8647]  ? __pfx_do_accept+0x10/0x10
[  358.761760][ T8647]  __sys_accept4+0x11c/0x1c0
[  358.761775][ T8647]  ? __pfx___sys_accept4+0x10/0x10
[  358.761788][ T8647]  ? __pfx_ksys_write+0x10/0x10
[  358.761801][ T8647]  __x64_sys_accept4+0x9a/0xb0
[  358.761816][ T8647]  do_syscall_64+0xfa/0x3b0
[  358.761828][ T8647]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.761837][ T8647]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  358.761848][ T8647]  ? clear_bhb_loop+0x60/0xb0
[  358.761859][ T8647]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.761873][ T8647] RIP: 0033:0x7fc8f0b8ebe9
[  358.761888][ T8647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  358.761904][ T8647] RSP: 002b:00007fc8f19d9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  358.761924][ T8647] RAX: ffffffffffffffda RBX: 00007fc8f0db6090 RCX: 00007fc8f0b8ebe9
[  358.761935][ T8647] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[  358.761941][ T8647] RBP: 00007fc8f19d9090 R08: 0000000000000000 R09: 0000000000000000
[  358.761947][ T8647] R10: 0000000000080800 R11: 0000000000000246 R12: 0000000000000001
[  358.761953][ T8647] R13: 00007fc8f0db6128 R14: 00007fc8f0db6090 R15: 00007ffee32e59e8
[  358.761969][ T8647]  </TASK>
[  358.819481][ T5954] usb 6-1: device descriptor read/64, error -71
[  359.659047][ T5954] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  359.800107][ T5954] usb 6-1: device descriptor read/64, error -71
[  360.410405][ T5954] usb usb6-port1: attempt power cycle
[  360.929017][ T5954] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  360.989284][ T5954] usb 6-1: device descriptor read/8, error -71
[  361.122164][ T8677] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[  362.017517][ T8693] fuse: Bad value for 'fd'
[  363.669668][ T8704] syz.5.616: attempt to access beyond end of device
[  363.669668][ T8704] loop11: rw=0, sector=0, nr_sectors = 1 limit=0
[  363.799006][ T8704] FAT-fs (loop11): unable to read boot sector
[  364.827929][ T5904] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  365.078969][ T5904] usb 6-1: Using ep0 maxpacket: 16
[  365.086944][ T5904] usb 6-1: config 0 has an invalid interface number: 48 but max is 0
[  365.095934][ T5904] usb 6-1: config 0 has no interface number 0
[  365.102806][ T5904] usb 6-1: config 0 interface 48 has no altsetting 0
[  365.172070][ T5904] usb 6-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98
[  365.181960][ T5904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.229668][ T5904] usb 6-1: Product: syz
[  365.237517][ T5904] usb 6-1: Manufacturer: syz
[  365.267764][ T5904] usb 6-1: SerialNumber: syz
[  365.395219][ T5904] usb 6-1: config 0 descriptor??
[  365.539057][   T51] Bluetooth: hci5: command 0x0406 tx timeout
[  367.137926][ T8738] team_slave_0: entered promiscuous mode
[  367.144792][ T8738] team_slave_1: entered promiscuous mode
[  367.395790][ T8745] netlink: 20 bytes leftover after parsing attributes in process `syz.1.626'.
[  367.522626][ T8745] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  367.531781][ T8745] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  367.540651][ T8745] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  367.549568][ T8745] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  368.310391][ T8745] vxlan0: entered promiscuous mode
[  369.268167][ T8754] syz.4.628 (8754) used greatest stack depth: 18904 bytes left
[  369.282919][ T8719] syz.0.619 (8719): drop_caches: 2
[  369.509670][ T8758] netlink: 32 bytes leftover after parsing attributes in process `syz.4.630'.
[  369.853327][ T5856] usb 6-1: USB disconnect, device number 9
[  371.294760][ T8780] netlink: 28 bytes leftover after parsing attributes in process `syz.0.635'.
[  371.303810][ T8780] netlink: 28 bytes leftover after parsing attributes in process `syz.0.635'.
[  371.687122][ T8784] netlink: 29 bytes leftover after parsing attributes in process `syz.0.636'.
[  372.019822][ T8794] ubi: mtd0 is already attached to ubi31
[  373.217766][ T8798] vivid-007: disconnect
[  374.113277][ T8797] vivid-007: reconnect
[  375.191298][ T5937] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  376.125239][ T5937] usb 4-1: Using ep0 maxpacket: 32
[  376.450687][ T5937] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  376.461125][ T5937] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.479083][ T5937] usb 4-1: Product: syz
[  376.489292][ T5937] usb 4-1: Manufacturer: syz
[  376.494046][ T5937] usb 4-1: SerialNumber: syz
[  376.503690][ T5937] usb 4-1: config 0 descriptor??
[  377.713127][ T8843] ubi: mtd0 is already attached to ubi31
[  378.159559][ T5937] airspy 4-1:0.0: usb_control_msg() failed -71 request 09
[  378.720548][ T5937] airspy 4-1:0.0: Could not detect board
[  378.737322][ T5937] airspy 4-1:0.0: probe with driver airspy failed with error -71
[  378.776540][ T5937] usb 4-1: USB disconnect, device number 19
[  378.824049][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  378.832493][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  379.419351][ T5937] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  379.628272][ T8870] tmpfs: Unknown parameter 'hugways'
[  380.169221][ T5937] usb 4-1: Using ep0 maxpacket: 8
[  380.192227][ T5937] usb 4-1: unable to read config index 0 descriptor/start: -61
[  380.213509][ T5937] usb 4-1: can't read configurations, error -61
[  380.479271][ T5937] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  380.743480][ T5937] usb 4-1: Using ep0 maxpacket: 8
[  380.804204][ T5937] usb 4-1: unable to read config index 0 descriptor/start: -61
[  380.862735][ T5937] usb 4-1: can't read configurations, error -61
[  380.890827][ T5937] usb usb4-port1: attempt power cycle
[  381.782731][ T5937] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  381.809723][ T5937] usb 4-1: Using ep0 maxpacket: 8
[  381.840894][ T5937] usb 4-1: unable to read config index 0 descriptor/start: -61
[  382.439066][ T5937] usb 4-1: can't read configurations, error -61
[  382.968759][ T5954] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  383.539507][ T5954] usb 2-1: Using ep0 maxpacket: 32
[  383.575697][ T5954] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  383.586960][ T5954] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.602867][ T5954] usb 2-1: Product: syz
[  383.617481][ T5954] usb 2-1: Manufacturer: syz
[  383.626163][ T5954] usb 2-1: SerialNumber: syz
[  383.677320][ T5954] usb 2-1: config 0 descriptor??
[  383.795290][ T8923] netlink: 'syz.4.669': attribute type 8 has an invalid length.
[  384.119095][   T51] Bluetooth: hci5: command 0x0406 tx timeout
[  384.689194][ T5954] airspy 2-1:0.0: Board ID: 00
[  384.699022][ T5954] airspy 2-1:0.0: Firmware version: 
[  386.740551][ T5954] airspy 2-1:0.0: usb_control_msg() failed -110 request 0f
[  386.755090][ T5954] airspy 2-1:0.0: Registered as swradio24
[  386.777156][ T5954] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  386.904454][ T8951] FAULT_INJECTION: forcing a failure.
[  386.904454][ T8951] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.917786][ T8951] CPU: 0 UID: 0 PID: 8951 Comm: syz.4.675 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  386.917802][ T8951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  386.917809][ T8951] Call Trace:
[  386.917813][ T8951]  <TASK>
[  386.917818][ T8951]  dump_stack_lvl+0x189/0x250
[  386.917834][ T8951]  ? __pfx____ratelimit+0x10/0x10
[  386.917846][ T8951]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.917858][ T8951]  ? __pfx__printk+0x10/0x10
[  386.917875][ T8951]  ? __might_fault+0xb0/0x130
[  386.917892][ T8951]  should_fail_ex+0x414/0x560
[  386.917905][ T8951]  _copy_from_iter+0x1db/0x16f0
[  386.917921][ T8951]  ? rcu_is_watching+0x15/0xb0
[  386.917933][ T8951]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  386.917945][ T8951]  ? __pfx__copy_from_iter+0x10/0x10
[  386.917958][ T8951]  ? __build_skb_around+0x257/0x3e0
[  386.917975][ T8951]  ? netlink_sendmsg+0x642/0xb30
[  386.917990][ T8951]  ? skb_put+0x11b/0x210
[  386.918006][ T8951]  netlink_sendmsg+0x6b2/0xb30
[  386.918025][ T8951]  ? __pfx_netlink_sendmsg+0x10/0x10
[  386.918044][ T8951]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  386.918054][ T8951]  ? __pfx_netlink_sendmsg+0x10/0x10
[  386.918069][ T8951]  __sock_sendmsg+0x21c/0x270
[  386.918083][ T8951]  ____sys_sendmsg+0x505/0x830
[  386.918102][ T8951]  ? __pfx_____sys_sendmsg+0x10/0x10
[  386.918122][ T8951]  ? import_iovec+0x74/0xa0
[  386.918138][ T8951]  ___sys_sendmsg+0x21f/0x2a0
[  386.918154][ T8951]  ? __pfx____sys_sendmsg+0x10/0x10
[  386.918190][ T8951]  ? __fget_files+0x2a/0x420
[  386.918201][ T8951]  ? __fget_files+0x3a0/0x420
[  386.918218][ T8951]  __x64_sys_sendmsg+0x19b/0x260
[  386.918235][ T8951]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  386.918256][ T8951]  ? __pfx_ksys_write+0x10/0x10
[  386.918264][ T8951]  ? rcu_is_watching+0x15/0xb0
[  386.918277][ T8951]  ? do_syscall_64+0xbe/0x3b0
[  386.918291][ T8951]  do_syscall_64+0xfa/0x3b0
[  386.918301][ T8951]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.918311][ T8951]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.918322][ T8951]  ? clear_bhb_loop+0x60/0xb0
[  386.918334][ T8951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.918343][ T8951] RIP: 0033:0x7f6541b8ebe9
[  386.918354][ T8951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.918363][ T8951] RSP: 002b:00007f654298d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  386.918374][ T8951] RAX: ffffffffffffffda RBX: 00007f6541db6180 RCX: 00007f6541b8ebe9
[  386.918382][ T8951] RDX: 0000000000008004 RSI: 0000200000000180 RDI: 0000000000000005
[  386.918391][ T8951] RBP: 00007f654298d090 R08: 0000000000000000 R09: 0000000000000000
[  386.918397][ T8951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.918403][ T8951] R13: 00007f6541db6218 R14: 00007f6541db6180 R15: 00007ffe3b6fafb8
[  386.918419][ T8951]  </TASK>
[  387.269937][ T8952] fuse: Bad value for 'fd'
[  387.274848][ T5911] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  387.423874][ T5856] usb 2-1: USB disconnect, device number 12
[  387.567464][ T5911] usb 1-1: Using ep0 maxpacket: 32
[  387.576887][ T5911] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  387.591168][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.607325][ T5911] usb 1-1: Product: syz
[  387.626227][ T5911] usb 1-1: Manufacturer: syz
[  387.638722][ T5911] usb 1-1: SerialNumber: syz
[  387.660503][ T5911] usb 1-1: config 0 descriptor??
[  388.013110][ T1162] Bluetooth: hci1: Frame reassembly failed (-84)
[  388.248026][ T5911] airspy 1-1:0.0: usb_control_msg() failed -32 request 09
[  388.255391][ T5911] airspy 1-1:0.0: Could not detect board
[  388.261736][ T5911] airspy 1-1:0.0: probe with driver airspy failed with error -32
[  389.326393][   T51] Bluetooth: hci4: unexpected event for opcode 0x0c1a
[  389.826904][ T5856] usb 1-1: USB disconnect, device number 9
[  390.031202][ T5157] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  390.031305][   T51] Bluetooth: hci1: command 0x1003 tx timeout
[  390.138495][ T8982] overlay: Unknown parameter 'euid>00000000000000000000'
[  390.403395][ T8979] FAULT_INJECTION: forcing a failure.
[  390.403395][ T8979] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  390.430226][ T8979] CPU: 1 UID: 0 PID: 8979 Comm: syz.0.683 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  390.430256][ T8979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  390.430267][ T8979] Call Trace:
[  390.430274][ T8979]  <TASK>
[  390.430282][ T8979]  dump_stack_lvl+0x189/0x250
[  390.430308][ T8979]  ? __pfx____ratelimit+0x10/0x10
[  390.430327][ T8979]  ? __pfx_dump_stack_lvl+0x10/0x10
[  390.430348][ T8979]  ? __pfx__printk+0x10/0x10
[  390.430372][ T8979]  ? __might_fault+0xb0/0x130
[  390.430402][ T8979]  should_fail_ex+0x414/0x560
[  390.430429][ T8979]  _copy_from_iter+0x1db/0x16f0
[  390.430454][ T8979]  ? rcu_is_watching+0x15/0xb0
[  390.430475][ T8979]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  390.430495][ T8979]  ? __pfx__copy_from_iter+0x10/0x10
[  390.430519][ T8979]  ? __build_skb_around+0x257/0x3e0
[  390.430547][ T8979]  ? netlink_sendmsg+0x642/0xb30
[  390.430572][ T8979]  ? skb_put+0x11b/0x210
[  390.430599][ T8979]  netlink_sendmsg+0x6b2/0xb30
[  390.430631][ T8979]  ? __pfx_netlink_sendmsg+0x10/0x10
[  390.430661][ T8979]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  390.430678][ T8979]  ? __pfx_netlink_sendmsg+0x10/0x10
[  390.430702][ T8979]  __sock_sendmsg+0x21c/0x270
[  390.430725][ T8979]  ____sys_sendmsg+0x505/0x830
[  390.430751][ T8979]  ? __pfx_____sys_sendmsg+0x10/0x10
[  390.430772][ T8979]  ? import_iovec+0x74/0xa0
[  390.430788][ T8979]  ___sys_sendmsg+0x21f/0x2a0
[  390.430805][ T8979]  ? __pfx____sys_sendmsg+0x10/0x10
[  390.430840][ T8979]  ? __fget_files+0x2a/0x420
[  390.430851][ T8979]  ? __fget_files+0x3a0/0x420
[  390.430868][ T8979]  __x64_sys_sendmsg+0x19b/0x260
[  390.430885][ T8979]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  390.430906][ T8979]  ? __pfx_ksys_write+0x10/0x10
[  390.430915][ T8979]  ? rcu_is_watching+0x15/0xb0
[  390.430928][ T8979]  ? do_syscall_64+0xbe/0x3b0
[  390.430942][ T8979]  do_syscall_64+0xfa/0x3b0
[  390.430954][ T8979]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.430963][ T8979]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  390.430973][ T8979]  ? clear_bhb_loop+0x60/0xb0
[  390.430985][ T8979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.430995][ T8979] RIP: 0033:0x7f8a6af8ebe9
[  390.431006][ T8979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.431023][ T8979] RSP: 002b:00007f8a6be4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  390.431035][ T8979] RAX: ffffffffffffffda RBX: 00007f8a6b1b5fa0 RCX: 00007f8a6af8ebe9
[  390.431042][ T8979] RDX: 0000000024000840 RSI: 0000200000000380 RDI: 0000000000000003
[  390.431049][ T8979] RBP: 00007f8a6be4f090 R08: 0000000000000000 R09: 0000000000000000
[  390.431055][ T8979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  390.431061][ T8979] R13: 00007f8a6b1b6038 R14: 00007f8a6b1b5fa0 R15: 00007ffd3346a458
[  390.431078][ T8979]  </TASK>
[  390.789044][ T5954] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  390.808115][ T8976] 8021q: adding VLAN 0 to HW filter on device bond0
[  390.860971][ T8976] bond0: (slave rose0): Enslaving as an active interface with an up link
[  391.003002][ T5954] usb 6-1: config 0 has an invalid interface number: 50 but max is 0
[  391.029903][ T5954] usb 6-1: config 0 has no interface number 0
[  391.096404][ T5954] usb 6-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  391.458280][ T5954] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  391.495642][ T5954] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.516527][ T5954] usb 6-1: Product: syz
[  391.546085][ T5954] usb 6-1: Manufacturer: syz
[  391.565274][ T5954] usb 6-1: SerialNumber: syz
[  391.590496][ T5954] usb 6-1: config 0 descriptor??
[  391.955269][ T5911] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  392.076665][ T5954] yurex 6-1:0.50: Could not find endpoints
[  392.259918][ T5911] usb 1-1: Using ep0 maxpacket: 32
[  392.292914][ T5911] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  392.418940][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.501492][ T5911] usb 1-1: Product: syz
[  392.505754][ T5911] usb 1-1: Manufacturer: syz
[  392.511410][ T5911] usb 1-1: SerialNumber: syz
[  392.527744][ T5911] usb 1-1: config 0 descriptor??
[  392.626935][ T5856] usb 6-1: USB disconnect, device number 10
[  393.539836][ T5911] airspy 1-1:0.0: Board ID: 00
[  393.544738][ T5911] airspy 1-1:0.0: Firmware version: 
[  393.949502][   T43] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  394.803014][   T43] usb 4-1: Using ep0 maxpacket: 32
[  394.854826][   T43] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  394.922774][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.979886][   T43] usb 4-1: Product: syz
[  394.996879][   T43] usb 4-1: Manufacturer: syz
[  395.021238][   T43] usb 4-1: SerialNumber: syz
[  395.505473][ T1162] Bluetooth: hci1: received HCILL_GO_TO_SLEEP_ACK in state 1
[  395.591754][   T43] usb 4-1: config 0 descriptor??
[  395.615212][ T2948] Bluetooth: hci1: Frame reassembly failed (-84)
[  395.624141][ T5911] airspy 1-1:0.0: usb_control_msg() failed -110 request 0f
[  395.786181][ T5911] airspy 1-1:0.0: Registered as swradio24
[  395.924156][ T5911] airspy 1-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  395.941945][   T43] airspy 4-1:0.0: usb_control_msg() failed -32 request 09
[  396.097577][   T43] airspy 4-1:0.0: Could not detect board
[  396.269983][ T5911] usb 1-1: USB disconnect, device number 10
[  396.280921][   T43] airspy 4-1:0.0: probe with driver airspy failed with error -32
[  397.602201][   T51] Bluetooth: hci1: command 0x1003 tx timeout
[  397.611718][ T5157] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  398.950940][ T5904] usb 4-1: USB disconnect, device number 24
[  399.641631][ T5904] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  400.639032][ T5904] usb 1-1: Using ep0 maxpacket: 8
[  401.058074][ T5904] usb 1-1: New USB device found, idVendor=046d, idProduct=08b3, bcdDevice=6d.2a
[  401.069653][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  401.127529][ T5904] usb 1-1: config 0 descriptor??
[  401.139104][ T5904] pwc: Logitech QuickCam Zoom USB webcam detected.
[  401.145673][ T5904] pwc: Warning: more than 1 configuration available.
[  401.285995][ T9103] netlink: 4 bytes leftover after parsing attributes in process `syz.5.706'.
[  401.377272][ T9071] netlink: 'syz.0.702': attribute type 10 has an invalid length.
[  401.548115][ T9071] 8021q: adding VLAN 0 to HW filter on device bond0
[  401.617000][ T9071] team0: Port device bond0 added
[  401.644687][ T5904] pwc: Failed to set LED on/off time (-71)
[  401.663512][ T5904] pwc: send_video_command error -71
[  401.672712][ T5904] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  401.694362][ T5904] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71
[  402.372983][ T5904] usb 1-1: USB disconnect, device number 11
[  405.033447][ T9153] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[  405.255098][ T9157] netlink: 4 bytes leftover after parsing attributes in process `syz.4.717'.
[  406.205944][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  406.205982][   T30] audit: type=1326 audit(1754590740.867:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9163 comm="syz.0.720" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8a6af8ebe9 code=0x0
[  408.016334][ T9191] Invalid option length (0) for dns_resolver key
[  408.649427][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'.
[  408.658396][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'.
[  408.667865][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'.
[  408.677054][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'.
[  408.686210][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'.
[  408.695186][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'.
[  408.704193][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'.
[  408.713161][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'.
[  408.722101][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'.
[  408.731075][ T9198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'.
[  410.074418][ T9209] tc_dump_action: action bad kind
[  411.109159][ T7052] Bluetooth: hci1: Frame reassembly failed (-84)
[  411.242894][ T3484] Bluetooth: hci1: Frame reassembly failed (-84)
[  411.273000][ T3484] Bluetooth: hci1: received HCILL_GO_TO_SLEEP_ACK in state 0
[  412.612791][   T43] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  412.679171][ T5839] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  412.799047][   T43] usb 2-1: Using ep0 maxpacket: 32
[  413.552343][ T5157] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  413.560514][   T51] Bluetooth: hci1: command 0x1003 tx timeout
[  413.614299][   T43] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  413.633550][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.647082][   T43] usb 2-1: Product: syz
[  413.653912][   T43] usb 2-1: Manufacturer: syz
[  413.661003][   T43] usb 2-1: SerialNumber: syz
[  413.668622][   T43] usb 2-1: config 0 descriptor??
[  413.674496][ T5839] usb 6-1: Using ep0 maxpacket: 32
[  413.686034][ T5839] usb 6-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  413.696421][ T5839] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.705016][ T5839] usb 6-1: Product: syz
[  413.709735][ T5839] usb 6-1: Manufacturer: syz
[  413.714993][ T5839] usb 6-1: SerialNumber: syz
[  413.725380][ T5839] usb 6-1: config 0 descriptor??
[  413.940035][   T43] airspy 2-1:0.0: usb_control_msg() failed -32 request 09
[  413.947684][ T5839] airspy 6-1:0.0: usb_control_msg() failed -32 request 09
[  413.955003][   T43] airspy 2-1:0.0: Could not detect board
[  413.971786][   T43] airspy 2-1:0.0: probe with driver airspy failed with error -32
[  413.979893][ T5839] airspy 6-1:0.0: Could not detect board
[  414.160352][ T5839] airspy 6-1:0.0: probe with driver airspy failed with error -32
[  414.604495][ T9255] fuse: Bad value for 'fd'
[  416.163059][ T9263] __nla_validate_parse: 45 callbacks suppressed
[  416.163080][ T9263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.742'.
[  416.178547][ T9263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.742'.
[  416.187849][ T9263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.742'.
[  416.197403][ T9263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.742'.
[  416.206680][ T9263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.742'.
[  416.215672][ T9263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.742'.
[  416.226749][ T9263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.742'.
[  416.236180][ T9263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.742'.
[  416.245346][ T9263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.742'.
[  416.254310][ T9263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.742'.
[  416.400282][   T10] usb 2-1: USB disconnect, device number 13
[  417.153476][ T9284] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=149 (298 ns) > initial count (48 ns). Using initial count to start timer.
[  417.435869][ T5904] usb 6-1: USB disconnect, device number 11
[  418.592772][ T5157] Bluetooth: hci3: unexpected event for opcode 0x0c1a
[  419.088257][ T9301] netlink: 'syz.5.749': attribute type 1 has an invalid length.
[  419.153904][ T9301] erspan0: entered allmulticast mode
[  423.438987][ T5904] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  423.621345][ T5904] usb 1-1: unable to get BOS descriptor or descriptor too short
[  423.632311][ T5904] usb 1-1: not running at top speed; connect to a high speed hub
[  423.653189][ T5904] usb 1-1: config 1 interface 0 has no altsetting 0
[  423.678042][ T5904] usb 1-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  423.691773][ T9350] macvlan2: entered promiscuous mode
[  423.708430][ T9350] macvlan2: entered allmulticast mode
[  423.712556][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.719607][ T9350] syz_tun: entered promiscuous mode
[  423.735716][ T5904] usb 1-1: Product: syz
[  423.738833][ T9350] syz_tun: entered allmulticast mode
[  423.779970][ T5904] usb 1-1: Manufacturer: syz
[  423.786631][ T9350] team0: Port device macvlan2 added
[  423.789437][ T5904] usb 1-1: SerialNumber: syz
[  424.734801][ T9369] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  425.649587][ T5904] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input15
[  425.710351][ T5192] bcm5974 1-1:1.0: could not read from device
[  425.789503][ T5904] usb 1-1: USB disconnect, device number 12
[  425.802519][ T5192] bcm5974 1-1:1.0: could not read from device
[  427.062025][ T9375] Invalid option length (0) for dns_resolver key
[  427.389968][   T30] audit: type=1400 audit(1754590762.187:61): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=5502 comm="dhcpcd" daddr=ff02::2
[  429.132534][ T9411] FAULT_INJECTION: forcing a failure.
[  429.132534][ T9411] name failslab, interval 1, probability 0, space 0, times 0
[  429.148032][ T9411] CPU: 0 UID: 0 PID: 9411 Comm: syz.1.775 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  429.148050][ T9411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  429.148061][ T9411] Call Trace:
[  429.148068][ T9411]  <TASK>
[  429.148074][ T9411]  dump_stack_lvl+0x189/0x250
[  429.148098][ T9411]  ? irqentry_exit+0x74/0x90
[  429.148110][ T9411]  ? __pfx_dump_stack_lvl+0x10/0x10
[  429.148132][ T9411]  should_fail_ex+0x414/0x560
[  429.148146][ T9411]  should_failslab+0xa8/0x100
[  429.148159][ T9411]  __kmalloc_noprof+0xcb/0x4f0
[  429.148170][ T9411]  ? ioctl_standard_iw_point+0x4d5/0xd40
[  429.148187][ T9411]  ioctl_standard_iw_point+0x4d5/0xd40
[  429.148209][ T9411]  ? __pfx_cfg80211_wext_giwscan+0x10/0x10
[  429.148221][ T9411]  ? __pfx_ioctl_standard_iw_point+0x10/0x10
[  429.148236][ T9411]  ? __pfx___mutex_lock+0x10/0x10
[  429.148251][ T9411]  ? full_name_hash+0x92/0xe0
[  429.148265][ T9411]  ? __pfx_cfg80211_wext_giwscan+0x10/0x10
[  429.148276][ T9411]  ioctl_standard_call+0xaf/0x1b0
[  429.148292][ T9411]  ? __pfx_cfg80211_wext_giwscan+0x10/0x10
[  429.148302][ T9411]  wext_ioctl_dispatch+0xee/0x410
[  429.148315][ T9411]  ? __pfx_ioctl_standard_call+0x10/0x10
[  429.148330][ T9411]  wext_handle_ioctl+0x100/0x1c0
[  429.148349][ T9411]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  429.148366][ T9411]  ? __lock_acquire+0xab9/0xd20
[  429.148382][ T9411]  ? __asan_memset+0x22/0x50
[  429.148396][ T9411]  ? smack_file_ioctl+0x24a/0x340
[  429.148410][ T9411]  sock_ioctl+0x15f/0x790
[  429.148423][ T9411]  ? __pfx_sock_ioctl+0x10/0x10
[  429.148434][ T9411]  ? __fget_files+0x2a/0x420
[  429.148445][ T9411]  ? __fget_files+0x3a0/0x420
[  429.148456][ T9411]  ? __fget_files+0x2a/0x420
[  429.148469][ T9411]  ? bpf_lsm_file_ioctl+0x9/0x20
[  429.148481][ T9411]  ? __pfx_sock_ioctl+0x10/0x10
[  429.148492][ T9411]  __se_sys_ioctl+0xfc/0x170
[  429.148509][ T9411]  do_syscall_64+0xfa/0x3b0
[  429.148520][ T9411]  ? lockdep_hardirqs_on+0x9c/0x150
[  429.148530][ T9411]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.148540][ T9411]  ? clear_bhb_loop+0x60/0xb0
[  429.148553][ T9411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.148562][ T9411] RIP: 0033:0x7f6f35d8ebe9
[  429.148573][ T9411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  429.148582][ T9411] RSP: 002b:00007f6f36c09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  429.148595][ T9411] RAX: ffffffffffffffda RBX: 00007f6f35fb5fa0 RCX: 00007f6f35d8ebe9
[  429.148603][ T9411] RDX: 0000200000000000 RSI: 0000000000008b19 RDI: 0000000000000004
[  429.148610][ T9411] RBP: 00007f6f36c09090 R08: 0000000000000000 R09: 0000000000000000
[  429.148616][ T9411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  429.148622][ T9411] R13: 00007f6f35fb6038 R14: 00007f6f35fb5fa0 R15: 00007fffe8baea78
[  429.148638][ T9411]  </TASK>
[  430.099085][   T30] audit: type=1400 audit(1754590764.567:62): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9412 comm="syz.1.776" daddr=fe80::31
[  432.482052][ T9438] Invalid option length (0) for dns_resolver key
[  432.644372][ T9443] __nla_validate_parse: 44 callbacks suppressed
[  432.644412][ T9443] netlink: 32 bytes leftover after parsing attributes in process `syz.3.783'.
[  432.735226][ T9443] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  439.460796][ T9456] FAULT_INJECTION: forcing a failure.
[  439.460796][ T9456] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  439.491871][ T9456] CPU: 0 UID: 0 PID: 9456 Comm: syz.4.787 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  439.491899][ T9456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  439.491910][ T9456] Call Trace:
[  439.491918][ T9456]  <TASK>
[  439.491927][ T9456]  dump_stack_lvl+0x189/0x250
[  439.491955][ T9456]  ? __pfx____ratelimit+0x10/0x10
[  439.491977][ T9456]  ? __pfx_dump_stack_lvl+0x10/0x10
[  439.491999][ T9456]  ? __pfx__printk+0x10/0x10
[  439.492023][ T9456]  ? __might_fault+0xb0/0x130
[  439.492055][ T9456]  should_fail_ex+0x414/0x560
[  439.492081][ T9456]  _copy_from_iter+0x1db/0x16f0
[  439.492110][ T9456]  ? rcu_is_watching+0x15/0xb0
[  439.492133][ T9456]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  439.492154][ T9456]  ? __pfx__copy_from_iter+0x10/0x10
[  439.492181][ T9456]  ? __build_skb_around+0x257/0x3e0
[  439.492212][ T9456]  ? skb_put+0x11b/0x210
[  439.492243][ T9456]  pfkey_sendmsg+0x230/0x1090
[  439.492275][ T9456]  ? __lock_acquire+0xab9/0xd20
[  439.492293][ T9456]  ? smack_socket_sendmsg+0x1a7/0x520
[  439.492321][ T9456]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  439.492354][ T9456]  ? is_bpf_text_address+0x26/0x2b0
[  439.492379][ T9456]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  439.492417][ T9456]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  439.492436][ T9456]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  439.492461][ T9456]  __sock_sendmsg+0x21c/0x270
[  439.492487][ T9456]  ____sys_sendmsg+0x505/0x830
[  439.492523][ T9456]  ? __pfx_____sys_sendmsg+0x10/0x10
[  439.492561][ T9456]  ? import_iovec+0x74/0xa0
[  439.492592][ T9456]  ___sys_sendmsg+0x21f/0x2a0
[  439.492630][ T9456]  ? __pfx____sys_sendmsg+0x10/0x10
[  439.492694][ T9456]  ? __fget_files+0x2a/0x420
[  439.492715][ T9456]  ? __fget_files+0x3a0/0x420
[  439.492748][ T9456]  __x64_sys_sendmsg+0x19b/0x260
[  439.492780][ T9456]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  439.492820][ T9456]  ? __pfx_ksys_write+0x10/0x10
[  439.492836][ T9456]  ? rcu_is_watching+0x15/0xb0
[  439.492863][ T9456]  ? do_syscall_64+0xbe/0x3b0
[  439.492889][ T9456]  do_syscall_64+0xfa/0x3b0
[  439.492908][ T9456]  ? lockdep_hardirqs_on+0x9c/0x150
[  439.492929][ T9456]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.492948][ T9456]  ? clear_bhb_loop+0x60/0xb0
[  439.492972][ T9456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.492991][ T9456] RIP: 0033:0x7f6541b8ebe9
[  439.493009][ T9456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  439.493027][ T9456] RSP: 002b:00007f65429cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  439.493048][ T9456] RAX: ffffffffffffffda RBX: 00007f6541db5fa0 RCX: 00007f6541b8ebe9
[  439.493063][ T9456] RDX: 0000000000000014 RSI: 0000200000000040 RDI: 0000000000000003
[  439.493076][ T9456] RBP: 00007f65429cf090 R08: 0000000000000000 R09: 0000000000000000
[  439.493089][ T9456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  439.493100][ T9456] R13: 00007f6541db6038 R14: 00007f6541db5fa0 R15: 00007ffe3b6fafb8
[  439.493133][ T9456]  </TASK>
[  439.824231][    C0] vkms_vblank_simulate: vblank timer overrun
[  440.276115][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  440.284586][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  440.310639][ T9463] netlink: 268 bytes leftover after parsing attributes in process `syz.4.790'.
[  440.320947][ T9463] netlink: 20 bytes leftover after parsing attributes in process `syz.4.790'.
[  441.945254][   T30] audit: type=1400 audit(1754590776.717:63): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9459 comm="syz.3.788" daddr=fe80::31
[  443.019625][ T9494] netlink: 36 bytes leftover after parsing attributes in process `syz.3.795'.
[  443.029629][ T5954] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  443.650490][ T5954] usb 6-1: not running at top speed; connect to a high speed hub
[  444.640191][ T5954] usb 6-1: config 1 interface 0 has no altsetting 0
[  444.696771][ T5954] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  444.734362][ T5954] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.765331][ T9500] sock: sock_timestamping_bind_phc: sock not bind to device
[  444.779178][ T5954] usb 6-1: Product: ခ
[  444.798939][ T5954] usb 6-1: Manufacturer: Ы
[  444.842989][ T5954] usb 6-1: SerialNumber: ⠉
[  445.115407][ T9505] kvm: pic: non byte write
[  445.123105][ T9505] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=149 (298 ns) > initial count (48 ns). Using initial count to start timer.
[  445.169002][ T5911] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  445.170005][ T9486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  445.193591][ T9486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  445.231840][ T5954] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71
[  445.252067][ T5954] usb 6-1: USB disconnect, device number 12
[  445.320863][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  445.333001][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  445.343176][ T5911] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  445.357003][ T5911] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  445.366474][ T5911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.408668][ T5911] usb 1-1: config 0 descriptor??
[  445.836977][   T30] audit: type=1326 audit(1754590780.597:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9508 comm="syz.1.800" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6f35d8ebe9 code=0x0
[  446.045244][ T9516] ubi: mtd0 is already attached to ubi31
[  446.775309][ T5911] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  447.541892][ T5157] Bluetooth: hci3: command 0x0406 tx timeout
[  447.879996][ T9530] netlink: 4 bytes leftover after parsing attributes in process `syz.3.804'.
[  448.289991][ T9536] netlink: 'syz.5.806': attribute type 83 has an invalid length.
[  449.045128][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.5.807'.
[  449.058814][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.5.807'.
[  449.072166][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.5.807'.
[  449.083286][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.5.807'.
[  449.095794][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.5.807'.
[  449.110374][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.5.807'.
[  449.125066][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.5.807'.
[  449.141122][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.5.807'.
[  449.155679][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.5.807'.
[  449.334541][   T30] audit: type=1400 audit(1754590783.807:65): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9537 comm="syz.5.807" daddr=fe80::aa dest=3
[  449.558124][   T30] audit: type=1400 audit(1754590784.307:66): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9540 comm="syz.4.809" daddr=fe80::31
[  450.302765][ T5911] usb 1-1: USB disconnect, device number 13
[  450.647156][   T30] audit: type=1400 audit(1754590785.287:67): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9551 comm="syz.5.812" daddr=fe80::aa dest=3
[  451.468765][   T30] audit: type=1400 audit(1754590786.257:68): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9561 comm="syz.5.814" dest=20004
[  452.117697][   T30] audit: type=1400 audit(1754590786.907:69): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9572 comm="syz.0.817" daddr=fc01::1 dest=20004
[  452.713728][ T9585] openvswitch: netlink: Message has 8 unknown bytes.
[  454.233665][   T30] audit: type=1326 audit(1754590788.897:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9597 comm="syz.3.825" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc8f0b8ebe9 code=0x0
[  455.944345][ T9617] netlink: 'syz.5.831': attribute type 11 has an invalid length.
[  456.929171][   T10] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  457.690604][   T10] usb 4-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  457.710037][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.990419][   T10] usb 4-1: config 0 descriptor??
[  459.850393][ T5839] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  459.865713][   T10] kaweth 4-1:0.0: Firmware present in device.
[  460.402652][   T10] kaweth 4-1:0.0: Statistics collection: 0
[  460.408713][   T10] kaweth 4-1:0.0: Multicast filter limit: 0
[  460.473931][   T10] kaweth 4-1:0.0: MTU: 0
[  460.479186][   T10] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00
[  460.899313][ T9657] netlink: 'syz.4.840': attribute type 11 has an invalid length.
[  460.907672][ T9657] __nla_validate_parse: 95 callbacks suppressed
[  460.907726][ T9657] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.840'.
[  461.074315][ T9646] netlink: 'syz.3.833': attribute type 10 has an invalid length.
[  461.136827][ T9657] netlink: 'syz.4.840': attribute type 5 has an invalid length.
[  461.145042][ T9657] netlink: 7 bytes leftover after parsing attributes in process `syz.4.840'.
[  461.283724][ T5839] usb 1-1: unable to get BOS descriptor or descriptor too short
[  461.306903][ T5839] usb 1-1: unable to read config index 0 descriptor/start: -71
[  461.506783][ T9646] bridge0: port 2(bridge_slave_1) entered disabled state
[  461.557379][ T5839] usb 1-1: can't read configurations, error -71
[  461.585122][ T9646] bridge_slave_1: left allmulticast mode
[  461.648067][ T9646] bridge_slave_1: left promiscuous mode
[  462.129882][ T9646] bridge0: port 2(bridge_slave_1) entered disabled state
[  462.202992][ T9646] bridge_slave_1: entered promiscuous mode
[  462.228248][ T9646] bridge_slave_1: entered allmulticast mode
[  462.249964][ T9646] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  462.909047][ T5850] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  462.937241][   T10] kaweth 4-1:0.0: Error setting receive filter
[  462.949654][   T10] kaweth 4-1:0.0: probe with driver kaweth failed with error -5
[  462.979182][   T10] usb 4-1: USB disconnect, device number 25
[  464.339664][ T9657] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.360845][ T5850] usb 5-1: device descriptor read/all, error -71
[  465.215265][ T9689] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  466.218295][ T5157] Bluetooth: hci5: unexpected event for opcode 0x0c1a
[  468.331859][ T9707] kvm: pic: non byte write
[  469.391457][   T30] audit: type=1400 audit(1754590804.187:71): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9727 comm="syz.3.857" daddr=2001::2 dest=20001
[  469.392850][ T9728] loop3: detected capacity change from 0 to 1
[  469.531140][ T6106] Dev loop3: unable to read RDB block 1
[  469.662136][ T6106]  loop3: unable to read partition table
[  470.333243][ T6106] loop3: partition table beyond EOD, truncated
[  470.358795][ T9728] Dev loop3: unable to read RDB block 1
[  470.358829][ T9728]  loop3: unable to read partition table
[  470.359232][ T9728] loop3: partition table beyond EOD, truncated
[  470.359254][ T9728] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  472.102592][ T9757] netlink: 'syz.4.865': attribute type 10 has an invalid length.
[  472.265728][   T30] audit: type=1326 audit(1754590807.047:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9758 comm="syz.5.868" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2923d8ebe9 code=0x0
[  472.327904][    C0] vkms_vblank_simulate: vblank timer overrun
[  472.445755][ T9757] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  472.481324][ T9765] netlink: 12 bytes leftover after parsing attributes in process `syz.3.869'.
[  473.654880][ T9778] random: crng reseeded on system resumption
[  473.945355][ T9785] netlink: 12 bytes leftover after parsing attributes in process `syz.5.874'.
[  474.213126][   T30] audit: type=1400 audit(1754590809.007:73): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9784 comm="syz.3.875" daddr=ff02::1 dest=20000
[  475.313689][ T5157] Bluetooth: hci5: Invalid handle: 0x6e73 > 0x0eff
[  475.322638][ T9807] binder: 9805:9807 ioctl c0306201 2000000002c0 returned -14
[  475.635606][   T30] audit: type=1400 audit(1754590810.427:74): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9812 comm="syz.3.885" daddr=ff02::1 dest=20000
[  475.742842][ T9817] tipc: Started in network mode
[  475.748090][ T9817] tipc: Node identity 8ec8374da447, cluster identity 4711
[  475.757745][ T9817] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  475.772534][ T9817] tipc: Disabling bearer <eth:syzkaller0>
[  475.971721][ T9820] usb usb1: usbfs: interface 0 claimed by hub while 'syz.5.887' sets config #10
[  476.520407][   T30] audit: type=1400 audit(1754590811.317:75): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9824 comm="syz.5.889" daddr=fe80::aa dest=20003
[  480.707209][ T9878] @: renamed from vlan0 (while UP)
[  481.790455][ T9906] netlink: 12 bytes leftover after parsing attributes in process `syz.5.916'.
[  482.759159][   T30] audit: type=1400 audit(1754853217.533:76): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9929 comm="syz.4.926" daddr=::ffff:172.20.20.0
[  483.557148][   T30] audit: type=1400 audit(1754853218.353:77): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9944 comm="syz.0.932" daddr=::ffff:0.0.0.0 dest=20002
[  483.689614][ T9950] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  483.915542][ T9958] netlink: 4 bytes leftover after parsing attributes in process `syz.1.939'.
[  483.931811][ T9958] macsec1: entered promiscuous mode
[  483.937305][ T9958] macsec1: entered allmulticast mode
[  483.945040][ T9958] team0: Device macsec1 is already an upper device of the team interface
[  483.975567][ T9959] loop6: detected capacity change from 0 to 7
[  484.002089][ T9959]  loop6: [POWERTEC] p1 p2 p3 p4 p5 p6
[  484.011967][ T9959] loop6: p1 size 1680801792 extends beyond EOD, truncated
[  484.043139][ T9959] loop6: p2 start 2602905181 is beyond EOD, truncated
[  484.050874][ T9959] loop6: p3 start 1745589262 is beyond EOD, truncated
[  484.058123][ T9959] loop6: p4 start 325178268 is beyond EOD, truncated
[  484.067003][ T9959] loop6: p5 start 2326339850 is beyond EOD, truncated
[  484.085193][ T9959] loop6: p6 start 2562259694 is beyond EOD, truncated
[  484.168814][ T9967] sctp: [Deprecated]: syz.0.941 (pid 9967) Use of int in max_burst socket option deprecated.
[  484.168814][ T9967] Use struct sctp_assoc_value instead
[  484.215480][ T6106] udevd[6106]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory
[  484.362083][ T9973] netlink: 16 bytes leftover after parsing attributes in process `syz.1.945'.
[  484.393173][ T9973] bridge0: entered promiscuous mode
[  484.399016][   T30] audit: type=1400 audit(1754853219.193:78): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9969 comm="syz.4.944" dest=20000
[  484.415439][ T9973] bridge0: port 3(macvlan2) entered blocking state
[  484.415610][ T9973] bridge0: port 3(macvlan2) entered disabled state
[  484.415767][ T9973] macvlan2: entered allmulticast mode
[  484.415785][ T9973] bridge0: entered allmulticast mode
[  484.447043][ T9973] macvlan2: left allmulticast mode
[  484.453729][ T9973] bridge0: left allmulticast mode
[  484.467243][ T9973] bridge0: left promiscuous mode
[  484.719640][ T9981] tipc: Started in network mode
[  484.734170][ T9981] tipc: Node identity 4, cluster identity 3
[  484.745693][ T9981] tipc: Node number set to 4
[  484.975616][   T30] audit: type=1400 audit(1754853219.773:79): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9991 comm="syz.3.953" daddr=fe80::c dest=20002
[  486.215570][   T30] audit: type=1326 audit(1754853221.013:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10012 comm="syz.5.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2923d8ebe9 code=0x7ffc0000
[  486.264639][   T30] audit: type=1326 audit(1754853221.013:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10012 comm="syz.5.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2923d8ebe9 code=0x7ffc0000
[  486.332548][T10020] syzkaller0: entered promiscuous mode
[  486.349947][   T30] audit: type=1326 audit(1754853221.043:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10012 comm="syz.5.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7f2923d8ebe9 code=0x7ffc0000
[  486.375166][T10020] syzkaller0: entered allmulticast mode
[  486.408739][   T30] audit: type=1326 audit(1754853221.043:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10012 comm="syz.5.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2923d8ebe9 code=0x7ffc0000
[  486.477965][   T30] audit: type=1326 audit(1754853221.043:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10012 comm="syz.5.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2923d8ebe9 code=0x7ffc0000
[  486.500998][ T5856] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  486.511813][   T30] audit: type=1326 audit(1754853221.043:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10012 comm="syz.5.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f2923d8ebe9 code=0x7ffc0000
[  486.660934][ T5856] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.685665][ T5856] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  486.705907][ T5856] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  486.724830][ T5856] usb 4-1: config 0 descriptor??
[  486.766137][ T5856] pwc: Askey VC010 type 2 USB webcam detected.
[  486.808953][ T5953] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  486.986332][ T5953] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  487.002252][ T5953] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.014743][ T5953] usb 5-1: Product: syz
[  487.021290][ T5953] usb 5-1: Manufacturer: syz
[  487.029668][ T5953] usb 5-1: SerialNumber: syz
[  487.071326][ T5953] usb 5-1: config 0 descriptor??
[  487.161627][ T5856] pwc: recv_control_msg error -32 req 02 val 2b00
[  487.170177][ T5856] pwc: recv_control_msg error -32 req 02 val 2700
[  487.191044][ T5856] pwc: recv_control_msg error -32 req 02 val 2c00
[  487.203894][ T5856] pwc: recv_control_msg error -32 req 04 val 1000
[  487.216689][ T5856] pwc: recv_control_msg error -32 req 04 val 1300
[  487.225804][ T5856] pwc: recv_control_msg error -32 req 04 val 1400
[  487.242999][ T5856] pwc: recv_control_msg error -32 req 02 val 2000
[  487.263308][ T5856] pwc: recv_control_msg error -32 req 02 val 2100
[  487.273393][ T5856] pwc: recv_control_msg error -32 req 04 val 1500
[  487.285891][ T5856] pwc: recv_control_msg error -32 req 02 val 2500
[  487.288506][ T5953] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  487.294696][ T5856] pwc: recv_control_msg error -32 req 02 val 2400
[  487.313536][ T5856] pwc: recv_control_msg error -32 req 02 val 2600
[  487.325252][ T5856] pwc: recv_control_msg error -32 req 02 val 2900
[  487.336898][ T5856] pwc: recv_control_msg error -32 req 02 val 2800
[  487.346127][ T5856] pwc: recv_control_msg error -32 req 04 val 1100
[  487.364512][ T5856] pwc: Registered as video103.
[  487.384490][ T5856] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input17
[  487.573622][ T5856] usb 4-1: USB disconnect, device number 26
[  487.809168][ T5850] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  487.989057][ T5850] usb 1-1: Using ep0 maxpacket: 8
[  487.998189][ T5850] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  488.008836][ T5850] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.017845][ T5850] usb 1-1: Product: syz
[  488.022398][ T5850] usb 1-1: Manufacturer: syz
[  488.027167][ T5850] usb 1-1: SerialNumber: syz
[  488.035562][ T5850] usb 1-1: config 0 descriptor??
[  488.253973][ T5850] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  488.764214][T10069] random: crng reseeded on system resumption
[  489.393313][ T5850] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  489.441205][ T5850] usb 1-1: USB disconnect, device number 16
[  489.561696][ T5953] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  489.608053][ T5953] usb 5-1: USB disconnect, device number 13
[  489.908839][T10086] smc: net device bond0 applied user defined pnetid SYZ2
[  490.355386][T10096] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  490.448316][T10104] netlink: 12 bytes leftover after parsing attributes in process `syz.1.994'.
[  490.611572][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  490.612253][   T30] audit: type=1400 audit(1754853225.413:91): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10110 comm="syz.1.998" dest=20000
[  493.195323][T10168] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1011' sets config #10
[  493.309310][T10171] random: crng reseeded on system resumption
[  493.380668][T10171] Unrecognized hibernate image header format!
[  493.387005][T10171] PM: hibernation: Image mismatch: architecture specific data
[  497.543545][   T30] audit: type=1400 audit(1754853232.343:92): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10307 comm="syz.4.1073" daddr=fe80::14
[  497.582094][T10311] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1073'.
[  497.609192][T10311] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1073'.
[  497.791592][T10313] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1071'.
[  498.470507][T10335] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1080'.
[  498.888947][ T5850] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  499.161035][ T5850] usb 6-1: Using ep0 maxpacket: 16
[  499.169804][T10343] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1083'.
[  499.174612][ T5850] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  499.199030][ T5850] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  499.201081][T10343] IPVS: Error connecting to the multicast addr
[  499.255557][ T5850] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  499.268950][ T5850] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.288940][ T5850] usb 6-1: Product: syz
[  499.293255][ T5850] usb 6-1: Manufacturer: syz
[  499.327870][ T5850] usb 6-1: SerialNumber: syz
[  499.353692][ T5850] usb 6-1: config 0 descriptor??
[  499.649538][T10351] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1085'.
[  499.717911][T10351] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  499.726382][T10351] batadv_slave_0: entered promiscuous mode
[  499.780976][ T5157] Bluetooth: hci3: unknown advertising packet type: 0x14
[  499.781039][ T5157] Bluetooth: hci3: unknown advertising packet type: 0x08
[  499.792456][ T5157] Bluetooth: hci3: unknown advertising packet type: 0xff
[  499.814351][ T5157] Bluetooth: hci3: Dropping invalid advertising data
[  499.870739][ T5157] Bluetooth: hci3: Malformed LE Event: 0x02
[  500.143437][T10359] lo: entered allmulticast mode
[  500.165104][T10359] tunl0: entered allmulticast mode
[  500.225665][T10359] gre0: entered allmulticast mode
[  500.253371][T10359] gretap0: entered allmulticast mode
[  500.673544][T10359] erspan0: entered allmulticast mode
[  500.754271][T10359] ip_vti0: entered allmulticast mode
[  500.869991][T10359] ip6_vti0: entered allmulticast mode
[  501.023183][T10359] sit0: entered allmulticast mode
[  501.238321][T10359] ip6tnl0: entered allmulticast mode
[  502.138617][T10359] ip6gre0: entered allmulticast mode
[  502.185010][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  502.191646][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  502.199581][T10359] syz_tun: entered allmulticast mode
[  502.229951][ T5850] usb 6-1: USB disconnect, device number 13
[  502.291132][T10359] ip6gretap0: entered allmulticast mode
[  502.339808][T10359] bridge0: port 2(bridge_slave_1) entered disabled state
[  502.347337][T10359] bridge0: port 1(bridge_slave_0) entered disabled state
[  502.403601][T10371] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1093'.
[  502.423146][T10359] bridge0: entered allmulticast mode
[  502.472167][T10359] vcan0: entered allmulticast mode
[  502.611258][T10359] bond0: entered allmulticast mode
[  502.616454][T10359] bond_slave_0: entered allmulticast mode
[  502.661499][T10375] random: crng reseeded on system resumption
[  502.682049][T10359] bond_slave_1: entered allmulticast mode
[  502.742148][T10359] mac80211_hwsim hwsim10 wlan1: entered allmulticast mode
[  502.777059][   T30] audit: type=1400 audit(1754853237.573:93): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10366 comm="syz.5.1093" daddr=ff00::1
[  502.852216][T10359] team0: entered allmulticast mode
[  502.858357][T10359] team_slave_0: entered allmulticast mode
[  502.871106][T10359] team_slave_1: entered allmulticast mode
[  502.947854][T10359] dummy0: entered allmulticast mode
[  503.013139][T10359] nlmon0: entered allmulticast mode
[  503.060807][T10359] caif0: entered allmulticast mode
[  503.084618][T10359] batadv0: entered allmulticast mode
[  503.622037][T10359] veth0: entered allmulticast mode
[  503.679030][T10359] veth1: entered allmulticast mode
[  503.728064][T10359] wg0: entered allmulticast mode
[  503.796447][T10359] wg1: entered allmulticast mode
[  503.876156][T10359] wg2: entered allmulticast mode
[  503.921608][T10359] veth0_to_bridge: entered allmulticast mode
[  504.011700][T10359] veth1_to_bridge: entered allmulticast mode
[  504.100804][T10359] veth0_to_bond: entered allmulticast mode
[  504.289916][T10359] veth1_to_bond: entered allmulticast mode
[  504.512414][T10359] veth0_to_team: entered allmulticast mode
[  504.615387][T10359] veth1_to_team: entered allmulticast mode
[  504.758221][T10359] veth0_to_batadv: entered allmulticast mode
[  504.831194][T10359] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  504.879641][T10359] batadv_slave_0: entered allmulticast mode
[  504.941815][T10359] veth1_to_batadv: entered allmulticast mode
[  505.031776][T10359] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  505.069628][T10359] batadv_slave_1: entered allmulticast mode
[  505.152202][T10359] xfrm0: entered allmulticast mode
[  505.248487][T10359] veth0_to_hsr: entered allmulticast mode
[  505.249532][T10399] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1100'.
[  505.266854][T10359] hsr_slave_0: entered allmulticast mode
[  505.284448][T10359] veth1_to_hsr: entered allmulticast mode
[  505.303730][T10359] hsr_slave_1: entered allmulticast mode
[  505.325009][T10359] hsr0: entered allmulticast mode
[  505.346187][T10359] veth1_virt_wifi: entered allmulticast mode
[  505.371362][T10359] veth0_virt_wifi: entered allmulticast mode
[  505.387239][T10359] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  505.397240][T10359] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  505.424559][T10359] veth1_vlan: entered allmulticast mode
[  505.571118][T10359] veth0_vlan: entered allmulticast mode
[  505.659800][T10359] vlan0: entered allmulticast mode
[  505.672987][T10359] vlan1: entered allmulticast mode
[  505.694229][T10359] macvlan0: entered allmulticast mode
[  505.730931][T10359] macvlan1: entered allmulticast mode
[  505.745874][T10359] ipvlan0: entered allmulticast mode
[  505.755446][T10359] ipvlan1: entered allmulticast mode
[  505.762267][T10359] veth1_macvtap: entered allmulticast mode
[  505.780793][T10359] veth0_macvtap: entered allmulticast mode
[  505.813423][T10359] macvtap0: entered allmulticast mode
[  505.853080][T10359] macsec0: entered allmulticast mode
[  505.891949][T10359] geneve0: entered allmulticast mode
[  505.927379][T10359] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  505.946667][T10359] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  505.965663][T10359] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  505.977677][T10359] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  505.987326][T10359] geneve1: entered allmulticast mode
[  506.004128][T10359] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  506.049036][T10359] netdevsim netdevsim4 netdevsim1: entered allmulticast mode
[  506.073000][T10359] netdevsim netdevsim4 netdevsim2: entered allmulticast mode
[  506.109101][T10359] netdevsim netdevsim4 netdevsim3: entered allmulticast mode
[  506.148242][T10359] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode
[  506.181055][T10359] gre1: entered allmulticast mode
[  507.969088][   T30] audit: type=1804 audit(1754853242.753:94): pid=10434 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.5.1107" name="file0" dev="ramfs" ino=25181 res=1 errno=0
[  508.329392][   T10] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  508.575784][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  508.598721][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  508.808981][   T10] usb 4-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  508.869475][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  508.919531][   T10] usb 4-1: config 0 descriptor??
[  509.499596][   T10] hkems 0003:2006:0118.0005: unknown main item tag 0x0
[  509.601817][   T10] hkems 0003:2006:0118.0005: unknown main item tag 0x0
[  509.618777][   T10] hkems 0003:2006:0118.0005: unknown main item tag 0x0
[  509.648985][   T10] hkems 0003:2006:0118.0005: unknown main item tag 0x0
[  509.658656][   T10] hkems 0003:2006:0118.0005: unknown main item tag 0x0
[  509.702909][   T10] hkems 0003:2006:0118.0005: unknown main item tag 0x0
[  509.718933][   T10] hkems 0003:2006:0118.0005: unknown main item tag 0x0
[  509.736485][   T10] hkems 0003:2006:0118.0005: hidraw0: USB HID v0.00 Device [HID 2006:0118] on usb-dummy_hcd.3-1/input0
[  509.768060][   T10] hkems 0003:2006:0118.0005: no inputs found
[  509.778948][   T10] hkems 0003:2006:0118.0005: force feedback init failed
[  509.839296][   T10] usb 4-1: USB disconnect, device number 27
[  510.022622][T10453] block device autoloading is deprecated and will be removed.
[  510.035659][T10453] syz.4.1113: attempt to access beyond end of device
[  510.035659][T10453] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  510.079859][   T30] audit: type=1400 audit(1754853244.823:95): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10448 comm="syz.4.1113" daddr=fc02::1 dest=20000
[  510.649000][T10040] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  511.022532][T10040] usb 4-1: Using ep0 maxpacket: 8
[  511.119739][T10040] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  511.133586][T10040] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.526288][T10040] usb 4-1: Product: syz
[  511.530818][T10040] usb 4-1: Manufacturer: syz
[  511.535493][T10040] usb 4-1: SerialNumber: syz
[  511.611396][T10040] usb 4-1: config 0 descriptor??
[  511.692698][T10040] gspca_main: sq930x-2.14.0 probing 2770:930c
[  512.342263][T10479] syz.1.1123 (10479): drop_caches: 2
[  512.969337][T10040] gspca_sq930x: reg_w 0105 0c00 failed -71
[  513.074091][T10358] ------------[ cut here ]------------
[  513.080239][T10358] WARNING: CPU: 1 PID: 10358 at mm/vmalloc.c:542 __vmap_pages_range_noflush+0xd4e/0xe10
[  513.090884][T10358] Modules linked in:
[  513.095058][T10358] CPU: 1 UID: 0 PID: 10358 Comm: syz.0.1089 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  513.105703][T10358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  513.116235][T10358] RIP: 0010:__vmap_pages_range_noflush+0xd4e/0xe10
[  513.123049][T10358] Code: b0 ff eb 2f e8 93 f0 b0 ff 45 31 e4 eb 25 e8 89 f0 b0 ff 90 0f 0b 90 eb 14 e8 7e f0 b0 ff 90 0f 0b 90 eb 09 e8 73 f0 b0 ff 90 <0f> 0b 90 41 bc f4 ff ff ff 44 89 e0 48 81 c4 e0 00 00 00 5b 41 5c
[  513.143272][T10358] RSP: 0018:ffffc9001302f8d8 EFLAGS: 00010246
[  513.150078][T10358] RAX: ffffffff820f354d RBX: ffff88808c6ed3d8 RCX: 0000000000080000
[  513.158070][T10358] RDX: ffffc90004912000 RSI: 000000000007ffff RDI: 0000000000080000
[  513.166230][T10358] RBP: ffffea0003000000 R08: 0000000000000000 R09: ffffffff820f3745
[  513.174661][T10358] R10: dffffc0000000000 R11: fffffbfff1c48c9f R12: ffffc90145c7c000
[  513.183090][T10358] R13: 1ffff110118dda7b R14: 0000000000000000 R15: dffffc0000000000
[  513.191230][T10358] FS:  00007f8a6be4f6c0(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  513.200715][T10358] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  513.207648][T10358] CR2: 00002000001e4030 CR3: 0000000026b7c000 CR4: 00000000003526f0
[  513.216192][T10358] Call Trace:
[  513.219909][T10358]  <TASK>
[  513.223266][T10358]  vmap+0x1ca/0x310
[  513.227110][T10358]  io_region_init_ptr+0x24d/0x350
[  513.232623][T10358]  ? __pfx_io_region_init_ptr+0x10/0x10
[  513.238266][T10358]  ? io_region_allocate_pages+0x3aa/0x4b0
[  513.244140][T10358]  io_create_region+0x3a4/0x480
[  513.249155][T10358]  io_create_region_mmap_safe+0xc0/0x160
[  513.254844][T10358]  ? __pfx_io_create_region_mmap_safe+0x10/0x10
[  513.261300][T10358]  io_register_mem_region+0x27a/0x3c0
[  513.266941][T10358]  ? __pfx_io_register_mem_region+0x10/0x10
[  513.275490][T10358]  ? __fget_files+0x2a/0x420
[  513.281710][T10358]  ? __fget_files+0x2a/0x420
[  513.287063][T10358]  ? io_is_uring_fops+0xd/0x50
[  513.292364][T10358]  __se_sys_io_uring_register+0x3b1/0x11b0
[  513.298795][T10358]  ? __se_sys_futex+0x36f/0x400
[  513.304264][T10358]  ? __pfx___se_sys_io_uring_register+0x10/0x10
[  513.310937][T10358]  ? rcu_is_watching+0x15/0xb0
[  513.316092][T10358]  ? do_syscall_64+0xbe/0x3b0
[  513.321067][T10358]  do_syscall_64+0xfa/0x3b0
[  513.325695][T10358]  ? lockdep_hardirqs_on+0x9c/0x150
[  513.331159][T10358]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.337267][T10358]  ? clear_bhb_loop+0x60/0xb0
[  513.342088][T10358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.348088][T10358] RIP: 0033:0x7f8a6af8ebe9
[  513.352547][T10358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  513.372335][T10358] RSP: 002b:00007f8a6be4f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  513.380910][T10358] RAX: ffffffffffffffda RBX: 00007f8a6b1b5fa0 RCX: 00007f8a6af8ebe9
[  513.388973][T10358] RDX: 0000200000000200 RSI: 0000000000000022 RDI: 0000000000000003
[  513.397634][T10358] RBP: 00007f8a6b011e19 R08: 0000000000000000 R09: 0000000000000000
[  513.406158][T10358] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  513.414400][T10358] R13: 00007f8a6b1b6038 R14: 00007f8a6b1b5fa0 R15: 00007ffd3346a458
[  513.422726][T10358]  </TASK>
[  513.425768][T10358] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  513.433234][T10358] CPU: 1 UID: 0 PID: 10358 Comm: syz.0.1089 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  513.443483][T10358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  513.453806][T10358] Call Trace:
[  513.457104][T10358]  <TASK>
[  513.460077][T10358]  dump_stack_lvl+0x99/0x250
[  513.464665][T10358]  ? __asan_memcpy+0x40/0x70
[  513.469424][T10358]  ? __pfx_dump_stack_lvl+0x10/0x10
[  513.474858][T10358]  ? __pfx__printk+0x10/0x10
[  513.479480][T10358]  panic+0x2db/0x790
[  513.483398][T10358]  ? __pfx_panic+0x10/0x10
[  513.487843][T10358]  __warn+0x31b/0x4b0
[  513.491824][T10358]  ? __vmap_pages_range_noflush+0xd4e/0xe10
[  513.497808][T10358]  ? __vmap_pages_range_noflush+0xd4e/0xe10
[  513.503739][T10358]  report_bug+0x2be/0x4f0
[  513.508082][T10358]  ? __vmap_pages_range_noflush+0xd4e/0xe10
[  513.513997][T10358]  ? __vmap_pages_range_noflush+0xd4e/0xe10
[  513.519894][T10358]  ? __vmap_pages_range_noflush+0xd50/0xe10
[  513.525789][T10358]  handle_bug+0x84/0x160
[  513.530033][T10358]  exc_invalid_op+0x1a/0x50
[  513.534538][T10358]  asm_exc_invalid_op+0x1a/0x20
[  513.539389][T10358] RIP: 0010:__vmap_pages_range_noflush+0xd4e/0xe10
[  513.545990][T10358] Code: b0 ff eb 2f e8 93 f0 b0 ff 45 31 e4 eb 25 e8 89 f0 b0 ff 90 0f 0b 90 eb 14 e8 7e f0 b0 ff 90 0f 0b 90 eb 09 e8 73 f0 b0 ff 90 <0f> 0b 90 41 bc f4 ff ff ff 44 89 e0 48 81 c4 e0 00 00 00 5b 41 5c
[  513.565889][T10358] RSP: 0018:ffffc9001302f8d8 EFLAGS: 00010246
[  513.571973][T10358] RAX: ffffffff820f354d RBX: ffff88808c6ed3d8 RCX: 0000000000080000
[  513.580043][T10358] RDX: ffffc90004912000 RSI: 000000000007ffff RDI: 0000000000080000
[  513.588116][T10358] RBP: ffffea0003000000 R08: 0000000000000000 R09: ffffffff820f3745
[  513.596113][T10358] R10: dffffc0000000000 R11: fffffbfff1c48c9f R12: ffffc90145c7c000
[  513.604446][T10358] R13: 1ffff110118dda7b R14: 0000000000000000 R15: dffffc0000000000
[  513.612532][T10358]  ? pfn_valid+0x125/0x4d0
[  513.617075][T10358]  ? __vmap_pages_range_noflush+0xd4d/0xe10
[  513.623364][T10358]  ? __vmap_pages_range_noflush+0xd4d/0xe10
[  513.629564][T10358]  vmap+0x1ca/0x310
[  513.633576][T10358]  io_region_init_ptr+0x24d/0x350
[  513.638635][T10358]  ? __pfx_io_region_init_ptr+0x10/0x10
[  513.644223][T10358]  ? io_region_allocate_pages+0x3aa/0x4b0
[  513.650258][T10358]  io_create_region+0x3a4/0x480
[  513.655214][T10358]  io_create_region_mmap_safe+0xc0/0x160
[  513.660940][T10358]  ? __pfx_io_create_region_mmap_safe+0x10/0x10
[  513.667211][T10358]  io_register_mem_region+0x27a/0x3c0
[  513.672597][T10358]  ? __pfx_io_register_mem_region+0x10/0x10
[  513.678679][T10358]  ? __fget_files+0x2a/0x420
[  513.683285][T10358]  ? __fget_files+0x2a/0x420
[  513.687885][T10358]  ? io_is_uring_fops+0xd/0x50
[  513.692680][T10358]  __se_sys_io_uring_register+0x3b1/0x11b0
[  513.698523][T10358]  ? __se_sys_futex+0x36f/0x400
[  513.703405][T10358]  ? __pfx___se_sys_io_uring_register+0x10/0x10
[  513.709674][T10358]  ? rcu_is_watching+0x15/0xb0
[  513.714462][T10358]  ? do_syscall_64+0xbe/0x3b0
[  513.719164][T10358]  do_syscall_64+0xfa/0x3b0
[  513.723675][T10358]  ? lockdep_hardirqs_on+0x9c/0x150
[  513.728974][T10358]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.735063][T10358]  ? clear_bhb_loop+0x60/0xb0
[  513.739844][T10358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.745823][T10358] RIP: 0033:0x7f8a6af8ebe9
[  513.750347][T10358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  513.770151][T10358] RSP: 002b:00007f8a6be4f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  513.778588][T10358] RAX: ffffffffffffffda RBX: 00007f8a6b1b5fa0 RCX: 00007f8a6af8ebe9
[  513.786653][T10358] RDX: 0000200000000200 RSI: 0000000000000022 RDI: 0000000000000003
[  513.794643][T10358] RBP: 00007f8a6b011e19 R08: 0000000000000000 R09: 0000000000000000
[  513.802726][T10358] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  513.810705][T10358] R13: 00007f8a6b1b6038 R14: 00007f8a6b1b5fa0 R15: 00007ffd3346a458
[  513.818713][T10358]  </TASK>
[  513.822102][T10358] Kernel Offset: disabled
[  513.826616][T10358] Rebooting in 86400 seconds..