last executing test programs:

2m41.126021351s ago: executing program 3 (id=1061):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="6479eb77275569e31eefdbd3e8cf2c6e2c00"])
fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)

2m40.933217853s ago: executing program 3 (id=1062):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000400)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x2, 0x4, 0x0, 0x3, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6}, @sadb_sa={0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}]}, 0x50}, 0x1, 0x7}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0xf8, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="540100001800010000000000000000001d010000150003000000000000000000dd5f392602cc30570500000008000500f80800001e0106"], 0x154}}, 0x0)

2m40.152170498s ago: executing program 3 (id=1063):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x2000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000580))
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x8, 0x3, 0x204, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x6, 0x70, 0xa4}, @common=@inet=@SET3={0x34, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x0, 0x1}, {0xffff}, {0xffffffffffffffff, 0x8}, 0x4}}}, {{@ip={@loopback, @remote, 0x0, 0x0, 'veth0_to_team\x00', 'bond_slave_1\x00'}, 0x0, 0xa8, 0xcc, 0x0, {}, [@common=@unspec=@statistic={{0x38}, {0x2e02, 0x0, 0x0, 0x0, 0x3, {0xac6}}}]}, @common=@unspec=@NFQUEUE1={0x24, 'NFQUEUE\x00', 0x1, {0x4, 0x8}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x260)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r3, 0x5453, 0x0)
ioctl$TIOCMBIC(r3, 0x5417, &(0x7f0000000000)=0x4)

2m38.979502787s ago: executing program 3 (id=1065):
socket$inet_smc(0x2b, 0x1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$inet6(0xa, 0x2, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x4}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
ppoll(&(0x7f0000000200)=[{r0}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x1}, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x24, 0x12, 0xa01, 0x70bd28, 0x25dfdbfd, {0x80, 0x0, 0x300}, [@generic="54fcc321cb8eecf1f10fbb832b75"]}, 0x24}, 0x1, 0x0, 0x0, 0x8840}, 0x0)

2m37.01344646s ago: executing program 3 (id=1072):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="6479eb77275569e31eefdbd3e8cf2c6e2c00"])
fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)

2m35.441350615s ago: executing program 3 (id=1077):
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x0, 0xdaa7}, 'syz0\x00'})
ioctl$UI_DEV_CREATE(r0, 0x5501)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002540)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r2, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000001400)}, 0x4000000)
setsockopt$sock_attach_bpf(r2, 0x84, 0x1e, &(0x7f0000000240), 0x4)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0)
syz_open_dev$sg(0x0, 0xfffffffffffffffe, 0x30882)
r5 = syz_open_dev$loop(&(0x7f00000000c0), 0x1054c3b7, 0x40801)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(0xffffffffffffffff, 0x0, 0x20040004)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000140)={'\x00', 0xfff8, 0x807f, 0x10000, 0x0, 0x6})
ioctl$BLKTRACETEARDOWN(r5, 0x1276, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x4a)
r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x7ff, 0x530, 0xc, 0xfffffffffffffffd, 0x59c, 0xffffffffffffffff})
r7 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x103a02, 0x0)
ioctl$RTC_RD_TIME(r7, 0x80247009, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r8, &(0x7f0000000000)={0x2, 0x4e21, @loopback}, 0x10)
r9 = socket$inet6(0x10, 0x2, 0x0)
sendmsg(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)}, 0x9004)
write(r8, &(0x7f00000003c0)="1c00000165ff00fc020200020003100f000ee1000c8295f124163c5cbc919867a2b87ae7a4e8661eff1ffa22ff4a10022f40ab6e9337fff7cbace08beaabce960b934cecb366c76e358c4fa9e1e0f3d377f70c5405bf0136c32621b1f6fcfded7213f987755749f11b9c2d519f9d727a7a325cbf477edebf8d72acbea5b72e92ec227e00004429ce4863d380a9b8bb7cad36c968e26f87a6ba76869c4e224fb1a77ab902fb6b21a49d8fc755ff05f972f727a2b99d7c4f6efd68981fd8f892573f", 0xc1)
connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)

2m19.891403639s ago: executing program 32 (id=1077):
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x0, 0xdaa7}, 'syz0\x00'})
ioctl$UI_DEV_CREATE(r0, 0x5501)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002540)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r2, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000001400)}, 0x4000000)
setsockopt$sock_attach_bpf(r2, 0x84, 0x1e, &(0x7f0000000240), 0x4)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0)
syz_open_dev$sg(0x0, 0xfffffffffffffffe, 0x30882)
r5 = syz_open_dev$loop(&(0x7f00000000c0), 0x1054c3b7, 0x40801)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(0xffffffffffffffff, 0x0, 0x20040004)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000140)={'\x00', 0xfff8, 0x807f, 0x10000, 0x0, 0x6})
ioctl$BLKTRACETEARDOWN(r5, 0x1276, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x4a)
r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x7ff, 0x530, 0xc, 0xfffffffffffffffd, 0x59c, 0xffffffffffffffff})
r7 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x103a02, 0x0)
ioctl$RTC_RD_TIME(r7, 0x80247009, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r8, &(0x7f0000000000)={0x2, 0x4e21, @loopback}, 0x10)
r9 = socket$inet6(0x10, 0x2, 0x0)
sendmsg(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)}, 0x9004)
write(r8, &(0x7f00000003c0)="1c00000165ff00fc020200020003100f000ee1000c8295f124163c5cbc919867a2b87ae7a4e8661eff1ffa22ff4a10022f40ab6e9337fff7cbace08beaabce960b934cecb366c76e358c4fa9e1e0f3d377f70c5405bf0136c32621b1f6fcfded7213f987755749f11b9c2d519f9d727a7a325cbf477edebf8d72acbea5b72e92ec227e00004429ce4863d380a9b8bb7cad36c968e26f87a6ba76869c4e224fb1a77ab902fb6b21a49d8fc755ff05f972f727a2b99d7c4f6efd68981fd8f892573f", 0xc1)
connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)

2m13.149891445s ago: executing program 0 (id=1126):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'bond_slave_0\x00'})
pipe(&(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r1)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r3, @ANYBLOB="000024000000000024001200140001006272696467655f736c617665800000000c000500080005"], 0x3}}, 0x0)
splice(r0, 0x0, r2, 0x0, 0x9, 0xf)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x240)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00')
fchdir(r5)
write$cgroup_int(r4, &(0x7f0000000000)=0xfe8e, 0x12)
socket$inet6_udplite(0xa, 0x2, 0x88)

2m12.869341871s ago: executing program 0 (id=1128):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x20044000)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
mmap(&(0x7f0000063000/0x1000)=nil, 0x1000, 0x0, 0x10010, 0xffffffffffffffff, 0xc5c52000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r6, 0x3ba0, &(0x7f0000000280)={0x48, 0x12, r7})

2m11.742859157s ago: executing program 0 (id=1130):
r0 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth0_vlan\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@newlink={0x34, 0x10, 0x1, 0xf0bd28, 0x0, {0x0, 0x0, 0x0, r1, 0x2, 0x8a2}, [@IFLA_CARRIER={0x5, 0x21, 0xd}, @IFLA_BROADCAST={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x34}, 0x1, 0x0, 0x0, 0x18000}, 0x20000084)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000002c0)=@assoc_value, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000180)={<r4=>0x0, 0x7, 0x0, 0x7f, 0x3}, &(0x7f00000001c0)=0x18)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000200)=@assoc_value={r4, 0x1}, 0x8)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r7, 0xc040aed5, &(0x7f0000000240)={0x8000000000000, 0x314000})
r8 = socket$inet6(0xa, 0x3, 0x8000000003c)
pipe(&(0x7f0000000000)={<r9=>0xffffffffffffffff})
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_RTHDR(r10, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880)
sendmmsg$inet6(r9, &(0x7f0000000900)=[{{&(0x7f0000000380)={0xa, 0x4e21, 0xffff1988, @dev={0xfe, 0x80, '\x00', 0xa}, 0x9}, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000440)="aff61938da15205044d74ab23226cdf490e9a3ff1c8be2c72201e325de11de76583aa33987ab45aa1ddd74c8f0176d8c446596f8da1bf7a8336ef4a0457734067f00ae905c5726f3d078c2b7cb9f"}], 0x0, &(0x7f0000000600)}}, {{&(0x7f0000000640)={0xa, 0x4e21, 0x4, @remote, 0x3000000}, 0x0, &(0x7f0000000880)=[{&(0x7f0000000680)="e13bf6f29697dad59ebd30d17fe1da9f18913c969b88fc29fdd5079d7b74b5fd7739d1eecb9ed064f884a1346356aa35f9a5048e71fa611966c3d0001da5ecc8ee1b20aa51981c515d"}, {&(0x7f0000000fc0)="6a9243b20042ce821b65f779a3877e19ac6442bda58aa671d7c7c53deec09643c65b83cde32ac0f5373c2be19b61a25f615de0e15c6b8e406d3ed704fa2487767f015603a4368c9b247df3e69d207e6f61d71c8ce7138b83b69bb4dc8594a7cb42a17654b30ac6e3ebbe438dc241fdf367390bff556be0113a904d7c87bcd244a05462a1a719ab57c6d644bebb93e53cb690c7950c20477c75554f2323eace61c5d734dd91863a027627607bb09351904e57acadbea217425b6a73b1e897b9cc92edf879f7f357d7fb6890dba55a35603086ced6312abbbf923462795301dcd70782a9be109480c21e1605dded32b6fc7ee37c46800c791c05f1e9167568855d37172f56cb5c6b9d4dacb20c477540fc3605fe9bf20249eb7ba350273558ae1228c50efe254061f6be0e7d50a92db9dbb7d774edc1d901a2586a9aab1e25712df15a34456ba0b946f41eeb1665b4344ad0329f31bea282149ef9140a951b89a714da14a81826f61c6b3c35aebbb18efc58254814e71bdf9ba2c28e2da250628a67be12769783afe4cf2eb0fceee19b8f7d846e97ecf9d7c0cbabcc65d0988cb1cb7953e68f7461efca244c685bfdffefb10aae7f8fc4ac07f70611037bcd1f3357715990d39cb4f6b8b4a516ea6f43ff76afcb6d42e80ac56340ce26d37f752d0963f4c37676a1efc51234100ab05803cbd7fb6c76db342986ff55cde6a0a522fa48f97924f0c771221f94ca3a8d4c13fe79601192c24e0235288250c97747bfdd11a5162d2f98e57478cc4efd3df62a87ddc28637f62f2d948f7375d44b611c32610d6e92c568729dba83016fef268ed3dd2322608b4b0bde107049f9bb1f9edc13e4a0738d259d799673b7911334360b5798ba33bf97cee43179246f52f45458dcf22c3fa81017d8cea32a8f44afc4e748a06fe226c41c23a733ab2075571a90d38812ce7895fc3ebf916a854f08ee88e8053af91af7188b7f01d1fd03c84290285f628a56a797c63a94d34479c0866c6371aefcb3aeee8606312dd3bdb4e454d8517287ed3fd19ba8ff89b9b8bb2bbdd0f801e4bef31745143558fbd9121eda00b58df3b0deaa51e67a06603731f37aa7f5b71c3c3323dc95d17c61f359de00f7f25704e9994a6bc50327abffd77846ace7d741e8ef2b1ad6f2204fd915fdac319cd31bb7b94d43996c60a88a47e000aea88e7a0ce16d6486d0f869f54c5ea60234ee7fcc2999b8911cb7bf3ab855a4dbafd7a2bd78a141cabda91040265cfb1a55bdfa94b556dc61812351292dac2bcccab306404a68817379c2500072a11f1b8d0c109c6cb83a0ebe985f55bf274d300446b5518c33f552c926850ff61cc89d901d60f0376354c02dbc838bff2167d93d477d69f24a5a55673624a70328457fd90931ab987e1d37021f0e6e4d3268c2703e6c5ead0b7c680dcf21466a87a510b7877545aebe3b917d9055fac8c328897f44519fb8d5b062eaf6d37f6a8964d337c854d032ecd782acbceca4f3d08ecc6435400eaefd8a39ecd6a7202ce0db3a705e4ee3d8b43d4fe7fcd1a7dde1d5a89d12ae4fe1404c996653014dad4228fa28cd7f417d048df9510a86b6084ad70613c6b0cdce5ec13ae2e52e06f9956649f1dd073aa2ed190e18bbe7076aad39bea08cb429c24ae550d7566eb245600d393b5d796eb3e7220474e8b1768f457e423eed975ca74bc8ab58b8547ff39c3b32d077d4daef06c9690a5b3ab94501736058c3ddf8be1b94cee59c0e78df58fe59057cef8e81ca18fe7ff77bd46ceb70e6efbc2ff6c7bb2650e323956689de05f1d53fb6015becca0ed2931e2a34f36faa4ab1a26d5e393d3c637a931d3c58ec88eb099bf9377f0f44362e6f9306d7ecd682347c03beb9f208b07f7aa18947a9e03eec2280df4aa58ac2a68f634ce9b0d43c541d41fa1dc973a7e3d5e3c5b7e18a3590c38cf93227c79fc78a324127e91db24409b2645a995f75b2fde0950941ca5e18af4a183924c4628de4067e3f424e2132c5f666bcc30b2f6795fc0417ded691bb446d7706e452b07fe0b692460fb6c8b5695adc186df2fddeddfed43548b231beb9c0f560dce56217f20cd49877eb0a72344d7c30d087121a9b6015411bc81e5258934e9b7d16f236c53c240b24c80d0cbd39f6023e91c0cff8ed758b06fdf200599bae02cae4e94279558dd60e09388b904334503e943557a21446fd9000c8aba1d9d0b2fa6af9e605933ea4322acf69738d4391d5777a5ad673bb4b57c6dfb4df1481dbf1f528bfeec7d3f10a1a1eaa4ad08b5cb2b259e4edf9eaf2fa685cb19acbff35ae4704fcde9da7ee4060cf86307c62aa9411bd7346f5bba6fb21e506143c9e3cdc461c6257f0b024d5a6ff9e265e47a372109b0aae11e65a7ab2ac6f169eaba30bab07010f72dddabf7ce8400b25adc39f4ba5b1cd8df8ba40378447f7e75f6a11befc8495e648ac3c5c79e28b881fb69bbfcb911eeba23be269c811add73a953fe942f922060d4fffbc55d27c1bdd34eb546c61e90b9c32455f26867a70211907b27a72468732f4cd45eb8a5c01e677ad229c3dc16df2c909de810c667f4afdb948ef6f10e816ba5ee8c4a6a35ff56581df07075ee5eb3dfe37a7bef8f4585c90556ef52e425e2b3247820eaaa6cfa72cd419bd2577a6d9e3e059d5aba6bc566a8445780e21ed5a9d4519ff1ff8043c7212c1981a1bf694762c696a8068fb71efcb402d074ccda87c7d556209d3f591448dc59604e0385a041392221f06a8ed2d35b62b6dfbfa972fb607c9b010bb7517b28edde5d529be65f40dabcd0557d48b3f1230e40eb5e2d8f27b8df95b41f8c98771fa642aef8a769a74282ca4c1437bfd4cb0979d2be589039c8e081393fea06f50d7f6261dec2590789a3ff421c2869bd44d177c52abe80d158fe156898f0c059158701bbd7ba6fe03a54b5161c35d0f3a8f4a960569b41351b659e2b01b85cc638bcf262932837d3b1d39f2fa727b7315cd4382f110050b4364f8eef796ee502566e3a4cd65292447dbaa59a99a8c15179213b24eb4e21b6bea18e0f6fbeba0dce88d541f7d5a65f0bad9efabffa76bf8c72b59bf28be4695ddf8c3fad0e8692516a0c298246e5b3235768bafe6866d4cb35ed7d2427422beddf3aa625aa08719a32558edf4ff8c68a294af466abc1baf6c7b8cc3691e347b3d272fafece549b25925a0b5b003bef990ca98981e3ee6e9c9eb154ec43076399b87744734541708fbc17df8a6983572b22cb4b79fa9a8705f49d301dc690ed183c0edb8c10d2c4da2db103793e26d540c7740c09a4e0989263eb9c7f9d720e08f2d6a08fc8228a0597bedd2e7d37c25fe8d9377f004c7c68591dd7628eed84fb8381726e6c7e8d4ffd9dfb536702b92bed51908fe4969c36bed16989baa14aea4dd91d156bd2953d9ff057c57936427d16a63ddb044da0fecd0a40f7e661e0b941ace552cdeaf7356ad1796bd6065048dd150208a25565f5459feeeca6cf169dcdc4633dbbba02b712b04b0b522cef86983b001cddfe60028c512b28a39188b879b99ecb97c7eb4c98771203a95889ffba523a09eb82576b9a6f248312e59200364bf29ddab047cedaa237053d8c39958a12f6175690b4275f6bc15275ca0ff22c2e82ace5238855535739266d176ba9e8818c14300205c31b090f20f855efb4d68b8398a21c003ee512d433e934c490d34efae84facfd938f6a6d25bea6f0a2e112191175f549fbcacaec99bb967738fac5ad9ac819b35eb7b2c8b9e4385bb73145ea91404dac13486ab913f9aaeb9f9f63e542e66f7b89d6f046f306be41a81b31b7e637ca866df13f9d692fba13b45861540d19ff47db6d99e279bc9a4c9fd7cc9e70edb4abc43f9276317efb3cd133685e1bff0d2323e247ab993d08eb811497aabec6dbbce8d7ce58f0cf02ad36477479894247445df22479adf812b6597bf9ff48808de3c167c3f17b68c608e978e13a6b04af7b8dbc57d66e47696a08c02048a01fc82af67cee4b114b4c54293d20952e7ea01a501e2f9dcb19a4cb3e2cd3804a78cb27a82d26640f5ce7fefc5e600d778710b89ef04a0f274b5cde7d0817b23029b02ca9ab5ef4c6a915c2236e3c8c03bc0cfb4e890ad8b33aa8aea337d641be7d8cf3d11fbb2bf6d0b989232b4d5f8f71d8d01ffee4ea4695f7a3ee664fe3ad7570750348a41ec42ac90e2a7142a0b822a432ef7bc8922c56b4b5a735cacfb08b973f357968ed598c75b629e1784c730779eb6aa5991c20e2c9e58aaa407db9ee943ab3243a0d14cf8f85f2274272aefc77da79f328c63f62bfcbeed32cc73774398cbf2f7b804fa4486b937e8e0291adf683295156b0a83a8f63c6adec1ee61507569e4e0763389b36e00243c04d269e8fcaa7579806eeb2d3f4cde2dbfc2cf659ecb2d72033472393a4859056ed6bccc026b20751a976f4fee8253850fde837deef9341374f3ca374e2589ffe3f08c0ddd78c157cb17a90a907fe41f0d9713744625e95b22145ca96428734b3ea71b073501eea1eec145cc06e6faebee601ab7217c522d328c38b5a88872d5128335a6303f47db5d9dd6b2b7bff4c8a6426ad6caffdaa68624dc2ddedb06ce35597da3ef5f6e83222c191d83cf77fdc099cc0b39d23d56ead05cbce5984ee8f9364295a2e11b36b2d03d311279133ef28aa7982d5cba98081e5f9866414403739d136bc14fa4911f54ce9f0e833600cfee04649cab2cbd7882f937750a73efbf81df3482b38d5e990903176b7f499ee8f04024b68a275a088d5e1500a3c425c653e744ab7eed740de2b59e9fd208f9f9f7de9b0919e85f8dd123cfdd8610662cbf287b35c9bfb179596a61d8db288e89e5ed0fbc4446a508dfcb6f4d2452ee72f48114194707e238d3afa95d46f6ab50e534cd81b7d354e2e48fc4bbcbccfbc267d126411081f320a641059d7909edf8151e3771cbf53727c72e33d4eea2bc89e2033a8bb38f8831b9cf661712586ae91c324ce1005b20438f37b1afb6844df5b7b6590d38c18bfa5430d7facbfc4c23d08d49e6d66c5c22f57dce13ba8e3e4974b5eac6251944bbce89aaf2da9df1fe7b57875f18e63366b71c2901ac9abbc80066a31b4604bd7f86af97901faf7acb5d6a23dfb4f72d30e502fc778ef371c9d8b8bdcc55bcb3beffb85bd3eed690993d977f109e76a67908263b58d7bae82313d647ce9e2e536910791a0c4764d2558e109ee419a935e4030cd861fc172c61f3cde9ba32bdc614f30d0abc2b5212b0415a20e047b90a16ab0de9f1b64c64820db23739a22deeec51337e460e50dbd946e4bf1f7523f5e6eade902b2778edde8522fcaf3222c04ed1d2bfb3b90db0549c57495f740fb29d8d62338f8b5d96120424674dd0a149e2885c3d97aaa172ad106ed7d65f66f317330ad85f6da10fd05876be882eb1c9faf9a7348d08823580b34a7feaa1cba06997fb6785f8a8d34a7b1f46e7cd9c085f7fd59ff978aa5a54940b9f76589cef8ddc43942fde07a8b10df30c05fbebaafe6d1714758acce5fc7070e51a87eec5d21d971f9c18f14a2eaca958ceb52f95fb47a734be8ed78ad6277872f2fa5ca7d66348ef247f37245435c293527177433fe81b7858ab9a001da1178373e28cc65473090eae805018669886059fcebbc7eccb49adbbf9af465b60a8bb502102bac00f20100457757c9b02c11a89de279c4f514cb66b53b602d2cb95df40f5d82ba0194020e306a77fa5d5b17190665747864c36bf7a8636ae7c47d2a51f2124842d714c"}, {&(0x7f0000000700)="a564da7f36afe7575386995939a851695a9a24ee8fe88a7e65d991282c7b2230c50c1884eed6337a2afc5938fe1379dd6392ef7dc8014642eddf97973084557dc5a0110bee18d837e39744beb43e602c2b2b793e57dae371570e9f7b3b2bce04c8155ab1"}, {&(0x7f0000000780)="34cbaa935bc889fa3a0a"}, {&(0x7f0000001fc0)="340871b4e8964d1771a8e15849a08a3dcb93b9f7b7dc2e85fad80ed3fa0381be58a248499fa82941e592074c1c64d8d55fe4d930964bc50ccedcfc8510e956fd1796a4157535cf1307a28476e1d25a32a8765a7f746ccb3a2a2d58692aca0aaca0a53433140ca05c29adb3837f17f69fb54f11febcec1fad24fc4b351858c100f691b84a716ef393352876c6eab8bb2f7e0b484c0f10d561f0932659407eaabe3f56250b4d3a7178ea64cfca56392046ea3f1aac3eb3ab64e7e0342fe119a86fcd4d4a422cc78abc6c8d9ed774759613e416d1e88cd067f4d5c82ef7f073b080e2c5783f2afbcb4e9614ab023bfb83f0fde008943a510847afc933513949c9a53146d8d5d434418fc34e81a30d556ce6cb1bd60dbc481522b76a218cb39e3595dd41eb56e745b871192ab6167cab1175cb5e9d33f49d1540565a1dd43218d449ba7a6bc8f568695d2c6af5eed03e960056e64bd4aa707c7648c5305c00b8fad2a59b70b6264acf13294eac908d7effcd3ff217ab7653f4bbd582584e839cb90d2228329ec4105f28bbd27c9c4e7ef04706956073115e3a3d41f122260c461964ebcf2d4a06d020f672f5ea9bd6dc806bd8c9354ca89d8bbd2f55b885cd2804b5262b34f3d8decdeb84cbe6dbaf87ef5ae05db4a28ab213c17ce614d585f1bd68b90437f66cba42b30bde2dd45bcaf3e630ca1ccbc5c45505f6e87e069c5fea13d8875e6e6ecc7a35c2d2faf85e51cdb77b64c002d22e6c3fa33d2ce535fdd234e7125ec4ec54df46a60de8e72cc5a923aeb679cfee2b036db07a56e241f5ea684fafcff5429318516b255fe6ea8cca3080c5ae377288c431e627a500de96c4ca09c79b336af788ed1f2a1e7afc8af6c5665f93279354cfcaec3722a7930f3d586f873cb6549f95d94ddcce74b25c7219f2fc58c8ea8a1d2d04b8588d86a57c08ddaaaad5a8e07241dfc56704f86778c2da454fa1b6d10a4b24cb5e1466e18821110cfc495848f9b56ae2d8379cc3c8b9053829f0dff78cf1e8d001fe347087e5eb98a726117d4649eaf3adff8e41203b7401504707421b324732376d530589333d55d56905373c3f6ac5b3d43fbca6d452f3349d2219306215f702dc1106c09a05c6a7ecc95dead9cd4114a05bcc11b74ab8fbea945349b40fd504d95bdc458ce826f5a3caba7a9a815c7c91ddc5e5e74858440a474adac81b9e77982fb331fc76589b826cb318878068cab2554a7c8fe6dfd5587c801a3f5841b6d118311fd30752b57a6d4bc6e9f4a34e9f52a48509b60cbb305369e0eb346ab0008d87a52c935ec44e3153e74998faa628cc1ca5d2ef287e55452557ba070f2167bcf3391e5d4bfc75ec86e5339ad05bec9265aec71328b8729d4d03ce37c3305cd456d1ebe237d7ee013f1f48c4656d4f7d24b78d7a4b0cb8844bba873a0c19ba45a7a50b0ba14c571828398d2731cd0e49d37162fc72a27e0791f46c94224b80fd4472cd0087e60c7bef05b52dfbd3b1630060a1f8ba68319edd1e67bfe2179a921835cabb82ae68a5d60754933ca960a44ec3765705f2bb6820c07082ff6218f1c7d8be6ea7c6b2d6c17f9d9a1597d5eafd6bac61365a6db0d8f3bbc4ac4d00af287f63a244a3c1ad5bc7c04d4128e296c255cd898021a4a670b977634b8590943c0dd5b88602fdc36cbb4b1093519a8d57b725f2429536d7f585cd703dfb85be90e7ae9a8b5ce94dcd1377e5258a1ef1b2b9a07df0738fcabc50d26bbc78effcd0be1d4e4fde0c12322751aa0638e3b8466fc3e73b00c1781e6c24011df3f3f5f92d95382520b599f68d9a4ca1101221be6a80515a43032822735d59864634efd1f5826ff8bbfbc600465f4e6d5ae844c5fe77052977c60408e1ed852efa0722eae64c399fe079aee526085a6de1a5dbb254a9cc0ccab6aac0084e87caaafc662d8100cc2d6ff8f2a55f2a3636d4a2d5979c2ab1a344e8cb072495949cf2a8dbab987172082323ca9bb1c1fdd94da8ccc1dfca1c9d2f3714f610d696521a84bfdc4f3ef47e24ec5f200b3ad3e0dd63557a24562dfc9049489e34d6ea872c804ebe532e7d8dc501eaef7d05363bf050cf3b20cd8e6fe3d869670d6cb89cf6a34f1186c1f2336be0db91a64575b95cca9481d9752a0a7f3276f21e5bbc5b07c56a5d730222ac8931145f68051fa845c0109acc1cbdb67b66daf1b194aa6e09cc065bdcc7cb4ed030890e550d2eb473d99a9d9909aa286b5948cacf7d227fc92e3e16b0e1afdc1779052351a553f37e782cd9786198455864c5696c60147427264d81be5f4b1863e2dee44e308054d9f4d0d7907e726eab7689e711f44d82b7d1e647649cb197afc0d8d0bc5190674e55a93c4c902bdb39c200e90371a31474dfc0018b9b4ccb05d40e1c4ba3133fb2bed38252a643e63a8d0c1f918e3a35f9ce2a2d3893fdf4ae670bc83cceec815d167eb96ab565d7fb76dadeab42b1833ba0794f9fc3123131913430285bade17e8d65a5df0f4214d8115194080a91fb49f007a15691fb2c08439e313e2fef0df5941c22826544b7e26027992dd9431a2d0451f74967a71aa0c934ee6897b9348cfa7fbffb5ab83edd9becdae0c1caa7a46fa958bae85889357e8c6f1b7a845a628275adda981daf9d9097724752c246e67371596fb086b9faf25b5203b902258649e5b7010fba8e1c8c045142a7b7c688c8c5c55a00762e6a7176cf476062a86afc97e5bf6ac6295eb3c8b9be42808b6f7040908985300b54e8a727f15edf84ba509215ab58a71781b094176ad26ebd3c18ec55821ed3b2de2d326c4ac8c40fd7ce66c757e93641dc7a6e2f5dd16bde2a38c2172addbd88fbc5118ca0a81cfe2c08615919bb60416945884507beadc7653d69b4e3d38e660137325ccfdcea6e5e9e6b2cf8848e8c7550e2d30828b71b8e4353705000f20ab9cd50a49f6314336bfd3f71c5d7d78bf20930425a2133b0d7dc0c0581ee8d231fb92d9220567b267138f182cde5f2d8bcab71abcbd7d58b20ccdfe8b0fc44a6e1b2f0007766fa0806f60e3e752c67021fd5e30de6ad270bf28ca4c27fcd5e8abea59b5a5f715c2a9f22655fce0528e288b23b454d6adf2bd7a91248c66e47dda263d71a5f1135ff039b4ab8f121cb89701a51148706d207ab07d15074f6710bf96095e347ea2747b10df07dd3f58d7e2868144460984a7be1be16cb640981e502b54b2b81ee39b933d4750ea856b8f74afcae15fe44bd90deed09edf4668766157761d3e81afe5f8638c0bc5a26bac8f40e57c4ea0a11e33d89cca3bff5783df380191fa2f4a914320cfdbe25b6d7ed8094acfbe751e750d3e44cdf35d709081c2639599d0702b13e3d81eb15c3036535704e359cb251c41779da4814c911fa1c5addafdabbe5ca203def624ef5b42707084c1dd9bb81280c57ee57a51d4607cb54c34ca5a0e2b406724ca01c370b3b25ab807b1c29180099497b2047278f5d60142257bfd2c541ad4c57ece0e31de56e3ad61e6c22571c7375f4b96878dac67bcc6c55cd892c585091bfd3602e848d98feb2d78bfeb1b01077d34a7d4924f7f09f375ba4c240b57778a3d6362a33e099cb6e096d0279a8297464fe94d8610ddff223a073ddc977e17002b4459c7d0817aa8ecca557d83b78728d42da2ed899f5267aa18caf19e9b2a450248df53755b762b076f00dd2d44df524289be33ed3b392204ca4034f1358343d659b9618724da46b41184acf68efa7f164bfa32a059d68cd1e128720af6382a5d2cca255864bff2ee5d792d7730e73ae3f6241ff6df458adeb81edeeec254cc9b32f7ca93910fc961e6ed851b9911277cd8faa5a2bf5533ea1d197508a388acb490539004b09d1bfee2f955de50e8d3408e8248aff975e3a4e85672a5d1281b36ae5d07afa9c5fda5303f5951ee4f5533ea0beb9433333591149e72850d376d7a150a52cacaa2be585c683ee175e8ac06a447d08d54470e5cd1aa3017c44732c55206061d2273106aaa745e4747fb2c076abb6a87769ac8dd6b7cd9f8a4868ef603867ac01010a6adb3ad72bfaa7c86fb42d0fda390a038d326429c606a8c304cc7e54da89cf62a71f9161932e01622132cb22fc2deaaf78545b16aa55a1af644c8b7a6c1e13f42cb828236a5e39302664c744df4807641ed0d981a60a800c31d3f53a2e7f01a153943c693ec1d0722bfe8b3884c65f4a563426718a8ff712fe8d9092108f9b4388da53225c670412d2e01217341da6e7809aa914607e22fdf083fd9c4b9207e37b1409068f36b501d959882cd7464f60ac7ff4e5aa9b9030966f75acfadeeeb4ae753b61e8c2994e971ec9df038cc0cc83a5578bc59c64b676a04d626276101a8f51ef72bf75f2382d95cdfb27dd9e9486d434d39d35053f8621a5304440761b8418d5687daf021bb36caa5c5e9da139660e9e7a8ca3734b9fa5df60ef7405780cfb34ddd1f07a0cc298a5e061b97bf2031afc5ad9749e031667ce492b13d7797c1eac345222c82ef23e7b641462448e96b867420d1c028954b359ff9a97aab8da0eddac56f4ffa434cdb7340de21122eef7978c7d96f60dd8c694a3abd26bcb8b6e7ff5d97a37e877be31ba97adf769619b6274d2c0eaa9e49f82679e7f1cd4cc582c80886ef1d03d52c4fd0a40eab5cefd02f7f2b5837eb508d63165e743e67e1a57459f3bad08fe251ad0d7ef312c55800d8cec204d65979c58ca2a0d5e80bbb23ab570d42a99be5ec5d862f9d44b6815b91ad0d2f6a5a3126548f6c33c78e78ac9c9f1822a597d26df5e737773cf2ccd00feb85026d9bd0312d70908c986bf2c928c92eb2d34b5e422e73633e4ea46279e365a1664a762e2f907b288eb819daa60e1cf58275f7ac21e76c094bf654f33eb4bbe9a8bb88f2ba62866166daf69d08f923db5e5713e82c33439a49b38ea3f38a4b3feb70371b32191bddd45b9417f592bba7ef81840a3e990d19582e320e785294b7a299b3503389dd8aba224218abeccd20cf0100eace462b0a6e43ba5a6dad38a097a23a4338df37d0be13e4a0b6740b9c327af7c40415bf7c532991aa48be1d4964dac958eb82a5f7333ba07a8a369f3f0332046aab48ce8d0f4de1a64c79a3392d11a1cbbfb106a69dd505f721b485185d3d0ff2b3f3c8e4523e8f7db6f746582b3c1c8f3d3da3d622b2245682fe8c0529fbdf787e21563c9d54c2b17b75729f6a1a3d50346855e474e743c369a5dab4c4e913c30dd20e4511d7256d27dfd16d597ae801ff262b736af447d259b69fbc0b53e253a8805c50750d3be084b1c35b10085171de3b3a93e1da7331f1d0a952d0b799c1693824b39cf48d33ed932a058810f7f0eed14a4a80eff01cc1bd74c14a91cd9b0674d001d3938dc88cdcce9d49644c368ab7efa5b5ebe4a835330c889aeaff05b679bd58f2ecf36e297e4d6afd1ff7511e4ec2e6291bd07999a645b0b7fc56ac64850d857dc9555691c7629dd9a18bfc812520c05a5c13746e44f0925630f6ce0b90550551fac4e616a0efdd40488d8d65ca524d22ba2034f210faf138ab1e6e3c3aac96f8f81a253f41b090eb8375a50510d22c14a90fe66cd282c538f5f029adba87e3292b789f5506b2fa2f2f2a4a178d3e421c904fc209b6f80412e15d4607d65da2b06dc117d2354ba219a72413811910e8e8d0f005195dd0762e5b5693a0519e78d2864cfd2557720f9d46e5c961e460b36ba6df2331fa88bc8b8fbd19d85ada8640d5e32ed17d971d7cc394880d8cd636dcda3086c1b0a81cf46d4c7879de5"}, {&(0x7f00000007c0)="49fe8227062f7f8d1f6211ed25781a486f4e8f0e5262cfc811a35ea2b581b145b1a58cc3e5df85a6b4c8a36421fb7a7bfd1f1436ef821aeda8c5a32bc2f8f0404a67111a6f5884480742fad33611329469b7b5a123d2248381c91a31546b566b46478e31f5a5fdbf203f9e0d231dfd29972946bce80b3c2efee10edd39de17a064f5c50000bbfd6dac1bfdab46125c83f129a5"}], 0x0, &(0x7f0000002fc0)=[@hopopts_2292={{0x0, 0x29, 0x36, {0x5e, 0x0, '\x00', [@generic={0x5, 0x0, "01f23302f709a83abac8064d4b444066e4a759de92fa244d755be3dab827b8a9bed4a806bab8afbf63603502649a6a2f01c46e8a119e39b6029728a8113f7031367e2376381ac3003de458a88b83ce56129a2715f273d0859dd4b3418cac548950bb81545ef2aa3a4623403dc7681b8cbc343bf92936f694395e48631cad28c2aeabe4de47209073465e8fb0477dc06410f988a2"}, @generic={0x4, 0x0, "b25886ece120c3185fb1117121261e56af8acdbb42e2f907333963aa95a8c53f01cb4c4f9978d3a324f992ad0660b6fc1473e0e1f3"}, @calipso={0x7, 0x0, {0x1, 0x0, 0x7, 0x8, [0x4, 0x3ff, 0x100000001, 0x9, 0x8e93, 0x8, 0x10000, 0xb51, 0x34, 0x6]}}, @pad1, @enc_lim={0x4, 0x1, 0x1d}, @generic={0x6, 0x0, "74d91ff4e0d5126407085594583e96f3ec8b5aebd55fa3b7612eb2160d9b24612da531dbe0b178ac384b989829da68ea34ba09a6221034359a572a8561932c61c341dd413190b3a137bd98f8c421d44ba50d99bd92acb608a956bf543d9f7019b55650cdd14d7763e0b0e5a53d1cab6cede235959ad5e7c6c1ea003efd53d20dd9bbc5a1f762ef0aed2638af5645bcb19fad0cf5c171628626964b51d00dc30daf505a5aa1"}, @jumbo={0xc2, 0x4, 0x2}, @generic={0x1, 0x0, "b900a3c6d213a8da8bcd4caaea5ff6f7b29437353e00b34e1a91f3b658da7fcd40eac5496e8e6f2650d55f0a142e309cbf87f5b78660fa765565facff459458af29b42f82141d39e2487e7f0700153efb1365b2167ab215e7247bf850f87d70a699f1ff59bd38010220600da6b9b1ae51630978dc66316a97f12911e26a32d220e11c5dcd3e57ba442f3d253f1e0b53679fb6f8bca6a13c7947b78fabd77071aeaf986000638b95bf06d585b24"}, @hao={0xc9, 0x0, @private2}, @generic={0x1, 0x0, "c8192af4c681044f70ed9bfb74e5e3227454f771b08ca835fdfdb835ba85dcd2061399850f4ef2b2e34468dfd073f57985fa7907c899b2f5ad5cb05d8ddf8a2e56262a5c781d084ce026e2d458cb7cc117c1442b7a64b3c05bb5293fbbbdb1ea1f124f7d9f7558f95760655f8bb319d5af890a9bfb2ca84375c1a88afb6a08d05430fbe80e216d8a2984f309036c5b85f06eb86ad38ecff94604fd85ad76cd6c6a93d3f0f7f342e70c010e2667a7a9c4935fb0b544b5291bbae05b9df709fc779da3eb38aae5d304bbef6172fa9b93f86a4e3a33"}]}}}]}}], 0x1, 0x4c040)
name_to_handle_at(r9, &(0x7f0000000040)='\x00', &(0x7f0000000140)=@FILEID_NILFS_WITH_PARENT={0x20, 0x62, {0xfffffffffffffc01, 0xfffffffffffffff7, 0x7, 0xfffffff7, 0x5}}, &(0x7f00000000c0), 0x1200)
socket$igmp6(0xa, 0x3, 0x2)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4001)
r12 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r12, 0x0, 0x0)
syz_usb_control_io(r12, &(0x7f0000000340)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="00068d0000008d0946ff4490130a1e0ab42eff40f3c390ebf8df59b57888860b96fafa197e1fa49df6d158e7cd55eafa56c8436630a36a5c6f771cf6d6e263325e803d890f318d32c2ddd590c88e7eb1b30416dd5a2170e7be2705856fc99339e59321a05ba3fcf010cc0d3a3795299fb2f2d27e151ed3827c5b62b2a77a42f6b028835d15c6962f8bc1255abcae7d689f09b9"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r13 = syz_open_dev$hidraw(&(0x7f0000000280), 0x80000082, 0x212040)
ioctl$HIDIOCSFEATURE(r13, 0xc0404806, 0x0)
sendmsg(r8, &(0x7f00000000c0)={0x0, 0x9506, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

2m8.635827464s ago: executing program 0 (id=1136):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x40000000015, 0x5, 0x4)
fspick(0xffffffffffffff9c, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_io_uring_setup(0x18d6, &(0x7f0000000040)={0x0, 0x3}, &(0x7f0000ffe000), &(0x7f0000ffe000))
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r3, 0x2, &(0x7f0000000180), 0xfe) (fail_nth: 2)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[], 0x18}}], 0x1, 0x2400c8d0)
io_uring_setup(0x7d9b, &(0x7f0000000140)={0x0, 0xfdcd, 0x40, 0x1, 0x24})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000140)={0x0})

2m7.25334548s ago: executing program 0 (id=1139):
inotify_init1(0x800)
syz_usb_connect(0x1, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058da203002a00000905050200", @ANYRES32=0x0], 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) (async)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setaffinity(r0, 0x8, &(0x7f00000005c0)=0x8) (async)
sched_setaffinity(r0, 0x8, &(0x7f00000005c0)=0x8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x3, 0x5, &(0x7f0000000b40)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000850000000e00000095"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_connect(0x6, 0x483, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0xe1, 0x2b, 0x13, 0x20, 0x1199, 0x90d3, 0x1e90, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x471, 0x2, 0x5, 0xe5, 0xa0, 0x40, [{{0x9, 0x4, 0x74, 0xf8, 0x7, 0xff, 0xff, 0x30, 0x8, [], [{{0x9, 0x5, 0x6, 0x0, 0x20, 0x2, 0xda, 0x3}}, {{0x9, 0x5, 0x9, 0x1, 0x10, 0x10, 0xe, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x100, 0x0, 0x8000}, @generic={0xe, 0x10, "114c5384f8ab6b94d064aec4"}]}}, {{0x9, 0x5, 0xf, 0x2, 0x10, 0x0, 0x8}}, {{0x9, 0x5, 0xd, 0x10, 0x400, 0x7f, 0x5, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x4, 0xfff4}, @generic={0x92, 0x23, "dfec12789cea99962951086de679ce480fb6ebeabb3ad6b13cc27a30665c49b95bd99dd0e7d1dbb427f2a5274b8c95bb5d07ee38b656627ee9daed2b02923b9673bb94539d5c49291740c4be5f68aad822d5c362346c84f27d27228d9edef5b3e80fde0dcc7f6a8f1864c3619df18e3f99ea7b25b3c48655cee71ea4dffd64c81078411a0b71d5a93e7bdde99dd23ba3"}]}}, {{0x9, 0x5, 0x6, 0x1, 0x400, 0x2, 0x3c, 0x94, [@generic={0x93, 0x1, "ea89c6d76470c667ea6700b850d981f244b757652131da3d5046ff6175f8c5532b48159ae98c9bd45f94111d7f55687d85d222c24b91ee80e88b90ddae491762126f36cb0b9e80ba958a362ff578d01c418e185e65a865175616d5b5a5c317a350a7ed8f397747d4581361b3fbd883e7ad6e2c933ccd3a174dcd1cc3f54e5a9460ee127a5b805b8eeda99b1572cdfe8b5b"}]}}, {{0x9, 0x5, 0xa, 0x10, 0x40, 0x7, 0xff, 0x7, [@generic={0x34, 0xd, "d5ebc07855094fcbe10aaf41ea823de115eb8ea979ea7e8b5b432da240eed34c3f0c910abad155eb4605a6ca60ac8871cca3"}, @generic={0x2d, 0x30, "88557bdf62afcb2515406d62775f414fd4772aa9a4fb03795f6eef0cc8e0ae8e11422e1e0e75195e2635c4"}]}}, {{0x9, 0x5, 0x80, 0x0, 0x400, 0x40, 0x40, 0x3, [@generic={0xb5, 0x10, "186db41173ece3dba9d4797744923802bb8fdb7f5d3caeaa2311f93da680564148d4b0ea1b8a2011b2f8f8d81f7300d6297da91a1c616f39564dcdeeda82a1296476c244e5fe41c8c030b4c8686f5f99f7ebe1d6ab27117ed699d94fb05f8698e8eda93f38f873ae9663b86378e419095fb763f70b7059088b8cf21582d41194bc4129a521f93d30c55d493cda2b7f09fc5468350fd39c72f37ce13040e00a441e1ace43810fe3b2c8265d572d9e155d456a88"}, @uac_iso={0x7, 0x25, 0x1, 0x180, 0x0, 0x6}]}}]}}, {{0x9, 0x4, 0xf8, 0x4, 0x5, 0x2e, 0xa6, 0x5, 0xd1, [@hid_hid={0x9, 0x21, 0x8, 0xfb, 0x1, {0x22, 0xc1a}}], [{{0x9, 0x5, 0x5, 0x8, 0x3ff, 0xac, 0x0, 0x81, [@generic={0xa3, 0xf, "ef483fd780e8f99b7da9f12fb74bfcd42bac6100f801f691e2fb9467a74ad3b640194059461da8b159fe500d7733b0ff902f6386df54fe68052e3857965e1c13aebacf392d8add2002070be59baad04f5fe4057635d0ea17a3ef98d1b4360a6bdcab16599e21ce6490b55747892e1dce81698acc5652d843a9756d8c50b934f28fb3a8db0eadc55357fc2bd00e08ebf6d323cd447f5f182e6e6f929d9343232d8a"}]}}, {{0x9, 0x5, 0xe, 0x3, 0x20, 0x15, 0x9, 0x6}}, {{0x9, 0x5, 0xd, 0x10, 0x200, 0x3, 0x80, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x0, 0x9}]}}, {{0x9, 0x5, 0xb, 0x0, 0x40, 0xb, 0x56, 0xbf}}, {{0x9, 0x5, 0xee14c49b61a7cb7, 0x10, 0x10, 0x6, 0x4, 0x5, [@generic={0xd9, 0x22, "f4a72fb85ed29248d9388cd95c8dbc2156c1f9ced6e4dc219dd318ef4ac277a710140c86da433904b35aca1d246d54d4001e1c4ebf88185f3460d9e8d497137cf63b1fa51485b83818ba4567607e590804b6a8d11aea52ee3bc5ede9ad6500ff4f98abf32c8cf4170c7cb74f079b29169378e8e8a5a256131b5a5714908bdac4088176c7d7c985cde8f204d32ae946231245270e06f23871b07deefa9fc93d0d48f591e96644d192b8dd8d9af54c5431a4c13da7ee2e292bf229034bfd9872d5caa4f37b426ede3dd1fe49e9185792495e8d3b3d3d504c"}]}}]}}]}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000500)={0xa, 0x6, 0x341, 0x0, 0x5b, 0xa, 0x10, 0x9}, 0x2b, &(0x7f0000000540)=ANY=[@ANYBLOB="050f2b00030b100108240006110000060710021a9300011410040a545fff5ba261e972b89675d7b10a0795"]})

2m4.831535493s ago: executing program 0 (id=1144):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x50)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = syz_open_dev$loop(0x0, 0xd72, 0x0)
openat$cgroup_ro(r0, &(0x7f0000000180)='cpuacct.stat\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(r4, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x1010, r3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(&(0x7f000000cffc), 0x6, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000a82000/0x2000)=nil, 0x2000, 0x1000002, 0x10, r2, 0xe66ee000)
r7 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000017c0)=ANY=[@ANYBLOB="38000000031401002cbd7000000000000900020073797a30000000000800410072786500140033006c6f000000000000000000000000000053ba7e51e01af97d5cf8b865c0eeeedba39fe89294dc1087a6701be6233abdae943d6a386d40a690daff344e94ebff093cd615e1acec107c8c5744a545f809acf6bccb2e6765a5b00a920bd6"], 0x38}, 0x1, 0x0, 0x0, 0x20854}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x0, 0x0}, 0xfc2c)
sendmsg$nl_route_sched(r7, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000540)=@delqdisc={0x24, 0x25, 0x20, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x6, 0xd}, {0x480bd72125a0c189, 0xfff2}, {0xffe0, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x400400c}, 0xc0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100002e00010000000000fcdbdf250401f2800c00180008ac0f00000000001400010000000000000000000600ffffac14141650bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae640b1086cda40e00aec58754734be31d750351dc076eb43d9828149d6cb0c729c193838da5d02621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337847eb640dc5061dc35817c8a66c29be820400e900e61d81503d3b557f0ec28da23c001579400564c728c9bd0a1c93b5820867184b0c8d3600000000"], 0x114}], 0x1, 0x0, 0x0, 0x4001}, 0x80)
syz_open_dev$tty20(0xc, 0x4, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000007c0)=@mangle={'mangle\x00', 0x64, 0x6, 0x720, 0x508, 0x508, 0x438, 0x0, 0x438, 0x650, 0x650, 0x650, 0x650, 0x650, 0x6, 0x0, {[{{@ipv6={@private2, @loopback, [0xff000000, 0xffffffff, 0xffffff00, 0xff000000], [0xff000000, 0xffffff00, 0x0, 0xffffff00], 'vlan1\x00', 'veth1\x00', {0xff}, {0xff}, 0x6, 0x3, 0x3, 0x14}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1, 0x1, 0x5}}}, {{@ipv6={@remote, @local, [0x0, 0xffffffff], [0x0, 0xff000000], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x11, 0x0, 0x0, 0x4}, 0x0, 0x198, 0x1d8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}, @common=@unspec=@conntrack3={{0xc8}, {{@ipv6=@remote, [], @ipv6=@private1, [0x0, 0xff000000, 0xffffffff], @ipv4=@multicast2, [0x0, 0xffffffff, 0xffffffff, 0xffffffff], @ipv4=@empty, [0x0, 0x0, 0xff000000, 0xff], 0x0, 0x0, 0x42, 0x4e22, 0x4e24, 0x4e20, 0x4e24, 0x0, 0x23ccf3e9fd2b5143}, 0x0, 0x80, 0x0, 0x4e20, 0x4e24, 0x4e23}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@empty, @ipv6=@private2, 0x2c, 0xfe}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0xc}}}, {{@uncond, 0x0, 0x100, 0x148, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@frag={{0x30}, {[0x3, 0x8], 0xa, 0x0, 0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@dev, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x780)

1m49.194371356s ago: executing program 33 (id=1144):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x50)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = syz_open_dev$loop(0x0, 0xd72, 0x0)
openat$cgroup_ro(r0, &(0x7f0000000180)='cpuacct.stat\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(r4, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x1010, r3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(&(0x7f000000cffc), 0x6, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000a82000/0x2000)=nil, 0x2000, 0x1000002, 0x10, r2, 0xe66ee000)
r7 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000017c0)=ANY=[@ANYBLOB="38000000031401002cbd7000000000000900020073797a30000000000800410072786500140033006c6f000000000000000000000000000053ba7e51e01af97d5cf8b865c0eeeedba39fe89294dc1087a6701be6233abdae943d6a386d40a690daff344e94ebff093cd615e1acec107c8c5744a545f809acf6bccb2e6765a5b00a920bd6"], 0x38}, 0x1, 0x0, 0x0, 0x20854}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x0, 0x0}, 0xfc2c)
sendmsg$nl_route_sched(r7, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000540)=@delqdisc={0x24, 0x25, 0x20, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x6, 0xd}, {0x480bd72125a0c189, 0xfff2}, {0xffe0, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x400400c}, 0xc0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100002e00010000000000fcdbdf250401f2800c00180008ac0f00000000001400010000000000000000000600ffffac14141650bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae640b1086cda40e00aec58754734be31d750351dc076eb43d9828149d6cb0c729c193838da5d02621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337847eb640dc5061dc35817c8a66c29be820400e900e61d81503d3b557f0ec28da23c001579400564c728c9bd0a1c93b5820867184b0c8d3600000000"], 0x114}], 0x1, 0x0, 0x0, 0x4001}, 0x80)
syz_open_dev$tty20(0xc, 0x4, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000007c0)=@mangle={'mangle\x00', 0x64, 0x6, 0x720, 0x508, 0x508, 0x438, 0x0, 0x438, 0x650, 0x650, 0x650, 0x650, 0x650, 0x6, 0x0, {[{{@ipv6={@private2, @loopback, [0xff000000, 0xffffffff, 0xffffff00, 0xff000000], [0xff000000, 0xffffff00, 0x0, 0xffffff00], 'vlan1\x00', 'veth1\x00', {0xff}, {0xff}, 0x6, 0x3, 0x3, 0x14}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1, 0x1, 0x5}}}, {{@ipv6={@remote, @local, [0x0, 0xffffffff], [0x0, 0xff000000], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x11, 0x0, 0x0, 0x4}, 0x0, 0x198, 0x1d8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}, @common=@unspec=@conntrack3={{0xc8}, {{@ipv6=@remote, [], @ipv6=@private1, [0x0, 0xff000000, 0xffffffff], @ipv4=@multicast2, [0x0, 0xffffffff, 0xffffffff, 0xffffffff], @ipv4=@empty, [0x0, 0x0, 0xff000000, 0xff], 0x0, 0x0, 0x42, 0x4e22, 0x4e24, 0x4e20, 0x4e24, 0x0, 0x23ccf3e9fd2b5143}, 0x0, 0x80, 0x0, 0x4e20, 0x4e24, 0x4e23}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@empty, @ipv6=@private2, 0x2c, 0xfe}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0xc}}}, {{@uncond, 0x0, 0x100, 0x148, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@frag={{0x30}, {[0x3, 0x8], 0xa, 0x0, 0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@dev, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x780)

19.698684735s ago: executing program 2 (id=1340):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340))
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0xd0f, 0x70bd2d, 0x20, {0x60, 0x0, 0x0, 0x0, {}, {0x9, 0xffff}, {0xc, 0x6}}, [@TCA_RATE={0x6, 0x5, {0x80, 0x2}}]}, 0x2c}}, 0x44080)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCGPKT(r2, 0x40045431, &(0x7f00000001c0))
syz_genetlink_get_family_id$nl80211(0x0, r1)
r3 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r3, &(0x7f00000003c0)={0x18, 0x0, {0x2, @local, 'geneve0\x00'}}, 0x1e)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, {0x4, @broadcast, 'ip6tnl0\x00'}}, 0x1e)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r5 = socket$inet(0x2, 0x3, 0x6)
ioctl$sock_inet_SIOCSARP(r5, 0x8940, &(0x7f0000000180)={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3}}, {0x6, @local}, 0x4a, {0x2, 0x4e23, @private=0xa010101}, 'ip6tnl0\x00'})
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r6 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r6, &(0x7f0000002700)=""/102392, 0x18ff8)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r7, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x10)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='devtmpfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

16.784315924s ago: executing program 1 (id=1343):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = accept4$tipc(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000240)=0x10, 0x0)
connect$tipc(r3, &(0x7f00000002c0)=@name={0x1e, 0x2, 0x1, {{0x2, 0x3}, 0x3}}, 0x10)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
r6 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
shmget$private(0x0, 0x1000, 0x4, &(0x7f0000cac000/0x1000)=nil)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = gettid()
r8 = fsmount(r6, 0x0, 0x0)
tkill(r7, 0xb)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='msdos\x00', 0x5, 0x0)
mmap$xdp(&(0x7f000097f000/0x1000)=nil, 0x1000, 0x6, 0x10, r8, 0x100000000)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x9, 0x8, 0x47524247, 0x3, 0x6, 0x2, 0x6, 0xa6e, 0x0, 0x4, 0x1, 0x5}})
syz_open_dev$vim2m(0x0, 0x3, 0x2)
prctl$PR_SET_MM_AUXV(0x23, 0xc, 0x0, 0x1a0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000000)={0x2, @pix_mp={0x4, 0x0, 0x33565348, 0x0, 0xa, [{0x1000, 0x7fff}, {0x83, 0x8}, {0x2, 0x9}, {0x7, 0xaed}, {0x8, 0x3}, {0xf0000000, 0x80000001}, {0x4, 0x8}, {0xa2, 0xfffffffe}], 0x3, 0xe, 0x7}})

15.424483928s ago: executing program 1 (id=1344):
r0 = socket$packet(0x11, 0x2, 0x300)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@mpls_delroute={0x1c, 0x18, 0x9, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x8}}, 0x1c}, 0x1, 0x0, 0x0, 0x8080}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, 0x0, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000280)={0x7, 0x38b, 0x9, 0x0, 0x0, 0x0, 0x1}, 0xc)
r5 = syz_open_dev$vbi(&(0x7f0000000100), 0x3, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r5, 0xc0485630, &(0x7f0000000240)={0x6, "5ee0d94a6f1646ef4c87e025f92cdd9affc86859aecc1b4a2ff819ca24d92d0e", 0x1, 0x47b, 0x80, 0x10, 0x8})
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r7 = fcntl$dupfd(r6, 0x0, r6)
write$sndseq(r7, &(0x7f0000000380)=[{0xff, 0x0, 0x3, 0x0, @time={0x977, 0x2}, {}, {0xfe}, @quote={{0xfd, 0x42}, 0x3}}, {0x0, 0x7, 0xff, 0x3, @time={0x8001, 0x8}, {0x8, 0x12}, {}, @addr={0x2a, 0x2}}], 0x38)
ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0x40103e05, &(0x7f0000000000)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0})
prctl$PR_SET_PDEATHSIG(0x21, 0x1)
add_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, 0x0, 0x0)

12.650232049s ago: executing program 1 (id=1347):
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$inet(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000500eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000", 0x51}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

12.522104503s ago: executing program 2 (id=1349):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xa0, 0x2e}, {0x0, 0x7, 0x0, 0x0, 0x1ff, 0x2}, {0x200, 0x0, 0x1, 0x4}, 0x0, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x20044800}, 0x0)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$DRM_IOCTL_MODE_ADDFB(0xffffffffffffffff, 0xc01c64ae, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x13)
mknod$loop(&(0x7f0000000480)='./file0\x00', 0x6000, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000000)=0x10000)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)

12.243165006s ago: executing program 1 (id=1350):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0)
r1 = getpid()
bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[], 0x50)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
fsopen(&(0x7f00000002c0)='romfs\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(0xffffffffffffffff, 0x4020aed2, &(0x7f0000000080)={0x4, 0x10000, 0x8})
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="0206000002"], 0x10}}, 0x890)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
sync_file_range(r5, 0x4, 0x0, 0x1)
epoll_create1(0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmmsg$inet(r0, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000040)='v', 0x1}, {0x0}], 0x2}}], 0x1, 0x84)

11.362846648s ago: executing program 2 (id=1351):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000280)=@usbdevfs_driver={0x0, 0x4, 0x0})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000001300)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a0300fef0ffffff79a4f0ff00000000b7060000ffffffff2e640500000000007502faff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000026000000b70000000000002995000000000000001da5ad3548ebb63d18db6a1c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6d5b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8c18119a6926083f4a2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa387a8077927a1ad367c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f20002b35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8c367d1bfd1aea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82dc568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = getpid()
r6 = syz_pidfd_open(r5, 0x0)
process_madvise(r6, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000240)}], 0x2, 0xf, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_X86_SETUP_MCE(r8, 0x4008ae9c, &(0x7f0000000000)={0x4, 0x5, 0xd})
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r9, &(0x7f0000000140), 0x6)
ioctl$sock_bt_hci(r9, 0x800448d5, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYRES8=r5, @ANYRES32=r3, @ANYBLOB])
sendmsg$nl_route_sched(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newtaction={0x1cc, 0x32, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x1b8, 0x1, [@m_connmark={0x34, 0x2, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_bpf={0x13c, 0x4, 0x0, 0x0, {{0x8}, {0x48, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x6e9, 0x4, 0x1, 0x6, 0xa70}}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x5, 0x3, 0x5, 0x2, 0x7}}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_FD={0x8, 0x5, r7}]}, {0xce, 0x6, "53ca07dbd9902dc42a7332f81b096e927f9d45c3d46877a464255a14677305ccdf799f1b556d93ebae1c78470a5b729e2e840f00fbcb3243ad7c9ce919b163eefd4795ee4682c5da5cb95e4b7a69606d00da6a06c7fea705e1c04c739b2feae4b43dd5d7297e6638c6c56bf95407e8281232dd88bb374688e771280cec5cb5699fb5f985aa0ccf4ce9e41188b96295757cbbeaeae8e586ee0065d2bfd995f519aedff280df58732deec715793e5d308cb2f8d5a14a391d8af69ee73482ef5300650d4203bdac1733b7a1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x1cc}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x1})

9.337976241s ago: executing program 2 (id=1353):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
personality(0x5000004)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$dri(&(0x7f0000000300), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f00000002c0)={0x0, 0x0, 0x0, r6})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, 0x0)
r7 = socket$inet(0x2, 0x1, 0x100)
setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa0)
setsockopt$sock_int(r7, 0x1, 0x8, 0x0, 0x0)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x24040000)
syz_usb_connect(0x3, 0x36, &(0x7f0000000580)={{0x12, 0x1, 0x201, 0xb7, 0x6a, 0x56, 0x40, 0x6f8, 0x1, 0x6585, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x2, 0x40, 0x40, 0xb, [{{0x9, 0x4, 0xb5, 0x9, 0x2, 0xb0, 0x71, 0x40, 0xd, [], [{{0x9, 0x5, 0x5, 0x3, 0x400, 0x1, 0x4, 0x9}}, {{0x9, 0x5, 0xd, 0x3, 0x400, 0xad, 0x7, 0x5}}]}}]}}]}}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0})

9.072807561s ago: executing program 4 (id=1354):
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = getpgrp(0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0xda)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000080)={0xc0, 0x0, 0x0, 0x0, 0x80})
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
syz_emit_ethernet(0x205, &(0x7f0000001540)={@random="cebf901584bc", @random="6a177a00", @void, {@x25={0x805, {0x3, 0x6, 0xff, "3cc2cf9cf258fc60ac5471863cf8b24d9b27d4ca85c99d06f224f11d7b012645cb9e98a4fa8cd538193c47527256f8cd50b0ba8084979e2c835ff1b163c44dd8a66a5b8f4c550c94e434840efb1f51e7ca106bdb43dd9d7a2bebe70f8c773761f78485101c785ebfeacbb541c517818800d95d252717eb649cb32da44d2ab02230b3f5329e480a5a88a4733aca11daa8ae84507906dce585c1411a918580bec2dbe0ca0407387dd118772e70a3e068f975e92688393bda5f985507ddc9e7077e5f4cd0ac323d6d959f2633f7731c976f350535de4062cf334afc9182ffda77c5000552cafcd5fa1a84fd5e18e5dc04404a8f3d818c966819cb4a1ca4ad13c82410234172bb3d395814821a49b313a94d163e2fc5a4dfc657fb34ca9580c66ce81cc88a8e9a8847ddbaf527a88efe9b281192f33b9480e98b8d9b8829be6727d21996c581f950a881f64f55c82c23368884ac4f8a70dac647ad12485dc5685b1f8519ebcedeaa7c54615bce25ccd2aa9f47df03addc7f1505d1e8c62ca1f9fe05193f5cc58195c05e9d1511ead462de2e888b0bbe4e27167063c6f749094ac5c81c354cc91f9cb6eb35c7084e62849c8101f0b5bddca4244451236540dd86799d0d3da8cf1be1f0cfaf52d905649e942203b60a0e84760df492c0095abcd725eea03377382ea50a417626c7d4c9993830a7485622"}}}}, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0)
ptrace(0x10, r4)
ptrace$getregset(0x4205, r4, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
write$bt_hci(0xffffffffffffffff, &(0x7f00000005c0)=ANY=[], 0x8)

8.956625174s ago: executing program 1 (id=1355):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x34f}, &(0x7f00000002c0), 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xfffffffffffffffe}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x48)
getpid()
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000003080002000300010004000200eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x300)
r7 = dup(r1)
r8 = syz_open_dev$vim2m(0x0, 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r8, 0xc008561c, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000))

6.877271757s ago: executing program 5 (id=1356):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000280)=""/202, 0xca}], 0x1)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

6.811290089s ago: executing program 4 (id=1357):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x1000, 0x3f2f0fde)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default '], 0x2a, 0xfffffffffffffffc)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000080)={0x0, 0x4, 0x20a})
fcntl$getownex(r1, 0x10, &(0x7f0000000300))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0/../file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@nfs_export_on}]})

6.673237979s ago: executing program 1 (id=1358):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$audio(0xffffffffffffff9c, 0x0, 0x109842, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
fsopen(&(0x7f00000000c0)='bpf\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d70300000000000000d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df6c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8a9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2a9e99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8be1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaa072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a3ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a98838156ff00000000000000cdbf91f7582ab314be3e67b8c9459564c856339a80919ecf839560c62e69df8667b274cc53f83f2086cfd2664252471fad9081824d60741d663ee258705c364e162b84a09870acd0a19399103474444f4fa12dcbd10b40195b6088513029b60a34e4161fe48c092693eb07dc8ddcba2eac2efe30b285a877c862c73ff8a60cf73f1b17da0000000000005664181c1f28cd2880e6872bae932eaf4b0000000000007b662c0fe22cfd6d4bd7b851ae928cebeec6375b16af342e93c39d97e5d74d5a8e96c15fdcde7526b0af54b145e61b042c1e600390"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r5, &(0x7f0000003500)=[{{&(0x7f0000000140)={0xa, 0x0, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4}, 0x1c, 0x0}}, {{&(0x7f0000000080)={0xa, 0x4e22, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x5}, 0x1c, &(0x7f0000000780)}}], 0x2, 0x4004851)
setsockopt(r5, 0x84, 0x14, &(0x7f0000000040)="020000000980ffff", 0x8)
setsockopt$inet6_mreq(r2, 0x29, 0x1b, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000080)=0x2)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000009, 0x8012, r1, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x286, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, 0x0)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000040))

6.281392502s ago: executing program 4 (id=1359):
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$inet(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000500eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000", 0x51}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

6.197817206s ago: executing program 5 (id=1360):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xa0, 0x2e}, {0x0, 0x7, 0x0, 0x0, 0x1ff, 0x2}, {0x200, 0x0, 0x1, 0x4}, 0x0, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x20044800}, 0x0)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB(0xffffffffffffffff, 0xc01c64ae, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x13)
mknod$loop(&(0x7f0000000480)='./file0\x00', 0x6000, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000000)=0x10000)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)

5.684157031s ago: executing program 4 (id=1361):
r0 = syz_io_uring_setup(0x6042, &(0x7f00000000c0)={0x0, 0xa9ee, 0x1, 0x3, 0x8002ae}, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0x9, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x4c, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x3516, 0x2, 0x0, 0x0, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000180)={0x8, {"d1347423facc5d1c40c9990badb12af40568dcf49f9a8810b8b798247df29281d071fae787e8ef6eb83481d5060be1bd1d5f4221ee4951277e25aac97f5e4b7765b0408038c6ba8f6fd9c57f3b4ffb6b2762c807cccd0d63c8b7b4e5c66e65bf436355d47d0b07e3afe376c4796d06d228507a9b36640ea5e90f393a5b251138781833fed0b6c3df77ffd6c4d0ce481977b27e84359a45d225231ce0ab05985b65c524dfaf90433e5dc08e663015d86270ce0b7b87a1d7fac3d02279d75b4928bf043317cadd8146b5e3dded47f5f74e7b0cb026dbeacb11eb7001a9e3a974e76e8ae491db04e5e060af7e956306168cb1afed82be4b2e66fc7a47117b49274747d23367c2d65f1b8d7a2b8c28e3b3115bbb90ec09f2add68bad5f9f125572d00249173c1046f043ee0aaadab9700cfc8910820cdd9ff89fbc21b37c708228104471e1b5414b87b3113d6e24d2b5b2515e4aa305cfe4aa0e30a75d682ededddcf5c5df45c1e113eeacba8104313959644fbc8c1813dac5c77314bd35981fdd95b3d46fc3f65e98b8b80c50064cd24e6d99a808cb7573755f97a4f1e771a362b41b2c1383603207c004fbf9e16db9f8fe71f9be9752c496be52bbaafd0722bb0013e33209d56557d5d3c3e76d4d3d2b4c27b0b800691291f31798fe0bf9efc57b83d5444dbcaae41f40ee4944d5b6c5b53ddf03fe6c81cf31809023765bdac31076e91864db9a73b654e7f53375a063ed3a3ca8aba998cddc9e5f9973e0ee8084388f5b8497fa33ff843dbceae13e8ef9e549252aa30d081c11951253f8d8e3b578b3ad02e2ea168c7c9e54f71a8755d7f83e0ad9a3fabb85e3c12a45f3beb48385d26d9dd22c00ead8c9b30a1959d3e345d1ba7ee049f1cba644defff7c3ba2ad549a3130103497efcf5e9c44079dcfaf4f6f55d0c488616de63d6cf659749b31dda2940923002e4395c232d376d0e8917e433e0506e96d078b9e1c050d3783b61c6ce3ba25aa745a2c97f246a0df5e4518d7e696de40b41e50dfe42935f76a4655aaf89b62df109f3ee5cced942083c2e015979e8017d0a435ccef44a6d122a7a61beb38fb0bf2cf20ff6538b343d33de81649f06b29536867760cd8fbec922f26d5373882bdf82bf7b4ce169d73cfb90e9b5366e630b1e6f86e79f935625fc84c9da002f89ed69cc902a755a0f65946466356c4d10501306c4afd04042cf9caa2ba5cdaf021549ff0f4e5329a6cf103e16be76907f038b983768c6608c29d52d5c0ecbc4d18de0d6511f976f03bf433a575680b3faa3069fb0725a46688a206cd6ac37a993fb98534c87a88517e8a8fdc1dff9243c3f328c96c5520c1549044ff729f4c1645d438afabd12f9a937c7f7eedfe11668211b595ffe174347a3a8b8c05175c8069dc44d35144a15e2cc0f4d6d2625fc2b8c89ade5d5ce723bf624694284baacefc181053d3e3cad426c832438f81177256f12e89c0cfe7647355017118a3a055e8869fa6de5ae0aba0bf0d3aa6dbc861a1ff61bbe8746d02f52c0d0d43671e153824c0db8cbbc56590b63dc87c84782ffbb6ef9ef0686501d1fdb7d7dcb1106c0c6a5fafcf82470a33009d953d64f657ddeb3a899822e41a92a089f9a9a5670c37e87c954214a05ee850e1f5387b2d8cdee9f75e8a4187053b838f7e759386bca861fa4f3a78de19c40825f77af4f316519df5a7e927b66399a6e7a6a5eb226252717fc40a1deabdff88ed50a760a3eb330038869f9b5d5b3d30c119b02e0e55fe61e1042243e912042989eae1e5ebd4e1c7b27230479e25f95eae977adb855ff10c5e6d0130d3b80c50e089c22d52943bf3a3ae6fd8f0f257ece4af2749b6c1f6b11db67c0770c6b2b86de957af81f10a06d76f9af780e805f704b823424e9782412e5788d6188d96c80c12a4e1e725e5dc6a9dbad152a688485c49b3b58f8412cad7ef04392bb8d51fe5de21dd2c49cf74c1d5bca87e339c522762cc65f7b45009e2ff57aeb067ea5bbf155d009b97ce1ee0eb0f4b5a02beb09d8fa54b63bc636ba2fa05dfe27d6e71d9f2c54a748bcdd8de453c3e7cfb039eaae05445f5146ae19eea8d1bc21364ad98439e1ee3229b1bf4e6506016ad5b526eae3d53adbcc930654a70169b895f70e64671cb5db886686ce829d6ba71c41ae6f4be6c7f2b8e770c8aecc8991ca0793abc970d2f595329d5cab231f22848415053290e33a87874a34f8f9f63847ed75bc29d48b038e3bc471da7e04bfaf14e447300a42febcd4eda28a44c45ada90acdd71a7314f7602d1f8bb46ff9d7ffdd5c246e5fb0e34df6303e7185a5897eca8bebdadb27d6754144a8aeeb9d9f0dd680fe81d22304c05f2b9020ad442ee2a98cde4e94c7a9a3c1c5db63c4b1b583e768f28c6b15d3cc8efa7d96d4a0eab8ec891a141d6b6f63530a93527ad1b47b2659a6a3d5a680f62d78adc78348affba123d8554aadd30f956b371d713654c3ee9731f9052b2b0b17a1470af0bf0f0e4d4797295ae08c96b09eef9c071bc71cdeef6bea0877f61a80a7975107f07e79fa0261f9a172c0c9841ee5a2a32c32b3882fd0a7c96f71cac2fddfd8acfff1b135a1f7b3ccf966b8b0fb32eadcfaa0c54ff11bf0abaebeaac4b0795180f240148b393668ec8911b38fb11a7042623f0c57a248b2afd30603ce8a20bc88180638d0571e51c0e3fce6f194a01762880d665369b335819d1e879307b0b01fb250577bbfe8ae03d33d0b97ceb697a1855a15f761a0108d3c59ead2194ea18c42487d900a0de473910bb0271cb54ee98b293305263ccf93a18e2a4b320ecc8e23b6d450f48b83d01f75f5b7f3354635b6e5022313f04e4cfefddcf284c2e5dde920a07303f442949ce949fbf2b08264f36dcfabdcece29d1743f839aa94cf7e747a48e6d1a4a65e9445def8c5e3d5ddf3040d24da56a7eec5edb2687eabf174b690d05bdbcdff9aec0a8dcfb94e4fff5a5b441fe3ef5b6189b2971dfb7b4976564a11bb8672d74e54251707acea501c02b66b0b7fe792e8180788b00aade3195f12b837144945e1f9263fd9894c52bea060578933702c85796c618a31243f7af6f6d4c22606fbe5ca70dadea0afa10c0ab3ae9beec09cddffa07be5b072f2dd5f3e54e3de8c232584ac76fa5dcdaeab544225c9c4786d9566eef1f0659e3ae462f9f3bef10117f77a26cf6ef3d0fa6a1d218d555f866da6e4efd5215813d28a54a98e8ef1529515f6a2bfa2cdf88797837d181965905f6878597834699995335fac5a58b5e10a4dfc8a96f2dcfd0fa122ffa0929d858a5cdf8a6347968d672e7dfea5210d2fa145c1d5731d9f8c1d37c97a8f779dc4c31ab5e7123f06c44f0efe58989bb70d4a3bfe2063360d9772653d7328f117607b5f447ea5beaf0df2408a8cb06d6d698915b8d19b9795bd411f4c129ad817bc02b563b3f92da951f952a05195f980e74d15ec221d5ccd1bf13a1bcc36d5de16b29a9465359b580230a34c2f3ed7c247ad15ffa3203d0020b5651c6b85f72c912c063b886b012b1a45c6a19d228cd8164951825de096a07d00b2e1d95d6d622682b515f1b9c72fb3f0acba749d4d4e0d8a30e3f07793d7efc567e47a90f03f01efc16fe174c8e16f84d9eff10d12175a13f064288094e9a873106c82b170858574bbcc16c5d901997b2357f750952e1155a9c2d542668cdcc31e038011b9214b7ca033aec807e07559f65879ed836be06950040fe314ff9939426ccdf47578999a517fe66a1dcadd05f6ef7659faa5cdbf0f9513677b9284dbe54497b18ac415585ef36b4a0a33972207a02c7e76960756eecff183a27be94143adf47179d8dc58c6d8834018d8169257743d77cd48a56516cfab7ce275a81e3359b72aaecf653fc52d88532adae33a1477c492aa307273252c7b61e44d7dc8e6270926560cf4abb2bdf3e821badfe807b9c69b73646e1c5d25e0d06a66c0b00b5069008c0ddaeb89d15fe63816dacd2496395e7f7c6237647dd6ebc286801ae91c05bad19a84ff8aef6628e633249ce60a5041b271ad8ceed29b75c9b9fc039854e55cb01b8bc83a89a7f69a7a6f6717c7920f030bb6617342e3418600681ced7360835323cb58d1b98c344cae84cc88fec716ba5682e786dc16e9370ada8e38e68018f770302a9e8a086b0e08f9a359d3e9c8beba655b1a247688e98650cefb822fa40c4b69221cd5e2208a76cae84fac46802887230846f74bb95da04a7bdfcaad2e9f2db404a985756a1be077e8a8c01a149818487ae896b91ff8d82bf2863712acaa564337d6e925a90b4646d06947ccf2a74d4a1a97d4cb50a53dac0a03c3e09c699a1708a0c26b7c386c97640c2a8f30d2d3bae0db2d018ce658dc3fd9802c308b00a86872fcd8d806dccc46bc763e8292f7d3d681d8cffcc95333e78ebf67bda3e90452a2e08c52957daa98ce0cf2329abda5ccac2b013bde8a4fc75b8258824e14fb87c154b7ac22f58531fcde7082aabd47cbbd0a3a112df521a5391bb047ac4fdb3ea39da1efead0860de63037253708d5e9fd63dc6ee7eacc17b6d9f5a2ea0a27059ec8ec7e696ee05727756fb31ffca4c9261cb8f72023a00d551da0bc08c21174882d5159842aa6316b4624a7d46cecc399bcfce0fca0cc5d3d307194e8bd60a76e43e0b3539ffa23a2b2a58942b1bd21f7c86cd824f4878a7e6dc946db839610f31b24d428cbd0038e314badd51f0f3dc85c3f5df1d08adacdb3553df04803700e53802c67d992e0b7ae12c660fd83cd84fe5ebd2584a5b27db59c948f9793868475b0e1b7a94b4b91555aeb2211f5518883c0f6c9662da5e9271d8e4075a92fae0c013952a947646d84e0d80ea05c6ff5a8308a32b3106e5e0299521d3facc2ab23331054429207bf895d62c949dcca014f136b99d6d42e62cb8ce740c2d10073956a66e95751d3df58e8f8be906baa58720a728ec17bcdca87f8c2e6eb458672b24105a5b4f028fc1c245b129ba99850af1688646eb8df27eb6f1c2804878b5da2280ae9f65416311709304f5e088acbd4ccca49b46ef5a5c256b1c4abd3ca07d9f8f74eefecd736b4fdf1cdfe9bdd084ed472746337afce3b6feadb9923a8b34db65b4e69c933aad7d7fd5648b2ec16c773890483dc2917ca4acd2cb4356aa6ba9769f37c550f0a3ab843d1d9b22b6b4fc6662f63b35f0f81f1b475491aa613f40ff96360ca29d07857f061fb66745caf98f7922ee920f499b56bd8a708df5cce704766ff09dcd49c952c49e1062e9b7b1ffc73982a20c71747015bcdac7fba9da1b8d9447f923b550e27a4e68f8d3b74c138e1291ead6637db271daa182cff002e3d78040378ac4b1aa3802ea70290bcd36efac75a2944ac63d0aaedca5d35f29ef168fa6c9f1f6f00a624fdee74ef2a110fe5b61e0af026b9e33a76639753b85326292a1b866b158576ae797509d6b0d1292afeed41e4d770f6b3df73140a699868ad2aa492f5f2d33447c86cbd65b02ea2fc0ac6f6741c6cb0aab6e0213ff77ad7290eb77edbcd538d7ee9d62d231382cc6e8af6d37cc37193c777faa5468023ef21ff6741905b3fd6d37476e2f2535201d9ee4b87ed35b65838757b74d7eccc00c1351fa0cf076026695c749dcdbb8ba5cc0cb17792712124b3ed779a945c5cd795ced3bb7611f26913512f34f38b946b1f06fa68c948d34ead4e162d893cae23e2389d8c22570fe9c76a0a1dc53f8a50f08872517b459d27e32ce15225c3dd27b19cdf09a2921f2d2a77b7db9c595e38d84d18cf5aac564168f", 0x1000}}, 0x1006)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001c40)={0xd, 0x4, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB="1e0000000c000000ffffffff0000000040100000", @ANYRES32, @ANYBLOB='\t\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000000100000000ffe7000300000000003a138fad000000000000d47fb14a5bde4914e63db2d04dc6ee3b7f1f47e7f5f90237c1deac62b239a3d06fdd0209c38dfc73c599986c9721c5c4ca4ddbbe83984a6a778b4e95bbe18fc2c84d9aa54b65c3e2d8"], 0x50)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00')
mq_open(&(0x7f00000000c0)='oom_adj\x00', 0x40, 0x40, &(0x7f0000000100)={0x5, 0x0, 0xcb, 0x2})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r5, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB], 0x25c}}, 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x114, 0x1f, 0x1, 0x0, 0x80000, "", [@nested={0x102, 0x0, 0x0, 0x1, [@typed={0x14, 0x3, 0x0, 0x0, @ipv6=@loopback}, @typed={0xfffffffffffffe78, 0x1, 0x0, 0x0, @ipv6=@dev}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b504681000000000000009ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817"]}]}, 0x114}], 0x1}, 0x140000c4)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

4.987919793s ago: executing program 5 (id=1362):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000280)=@usbdevfs_driver={0x0, 0x4, 0x0})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000001300)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a0300fef0ffffff79a4f0ff00000000b7060000ffffffff2e640500000000007502faff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000026000000b70000000000002995000000000000001da5ad3548ebb63d18db6a1c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6d5b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8c18119a6926083f4a2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa387a8077927a1ad367c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f20002b35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8c367d1bfd1aea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82dc568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = getpid()
r6 = syz_pidfd_open(r5, 0x0)
process_madvise(r6, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000240)}], 0x2, 0xf, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_X86_SETUP_MCE(r8, 0x4008ae9c, &(0x7f0000000000)={0x4, 0x5, 0xd})
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r9, &(0x7f0000000140), 0x6)
ioctl$sock_bt_hci(r9, 0x800448d5, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYRES8=r5, @ANYRES32=r3, @ANYBLOB])
sendmsg$nl_route_sched(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newtaction={0x1cc, 0x32, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x1b8, 0x1, [@m_connmark={0x34, 0x2, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_bpf={0x13c, 0x4, 0x0, 0x0, {{0x8}, {0x48, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x6e9, 0x4, 0x1, 0x6, 0xa70}}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x5, 0x3, 0x5, 0x2, 0x7}}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_FD={0x8, 0x5, r7}]}, {0xce, 0x6, "53ca07dbd9902dc42a7332f81b096e927f9d45c3d46877a464255a14677305ccdf799f1b556d93ebae1c78470a5b729e2e840f00fbcb3243ad7c9ce919b163eefd4795ee4682c5da5cb95e4b7a69606d00da6a06c7fea705e1c04c739b2feae4b43dd5d7297e6638c6c56bf95407e8281232dd88bb374688e771280cec5cb5699fb5f985aa0ccf4ce9e41188b96295757cbbeaeae8e586ee0065d2bfd995f519aedff280df58732deec715793e5d308cb2f8d5a14a391d8af69ee73482ef5300650d4203bdac1733b7a1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x1cc}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x1})

4.790705153s ago: executing program 2 (id=1363):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0bc5310, &(0x7f0000000040)={0xc7, @time={0x4, 0xc}, 0x0, {0x71, 0x6}, 0x6, 0x1, 0x1})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000580)=ANY=[], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xf, {[@global=@item_4={0x3, 0x1, 0x2, "2f007f9e"}, @local=@item_4={0x3, 0x2, 0x0, "af13a13f"}, @main=@item_4={0x3, 0x0, 0x8, "b775e7cd"}]}}, 0x0}, 0x0)
r4 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
read$hiddev(r4, 0x0, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0xc048aeca, &(0x7f00000001c0))
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000078000000090a010400000000000000000100fffd08000a40000000000900020073797a31000000000900010073797a300000000008000540000000253c0011800a0001006c696d69740000002c0002800c000240000000000000000308000440000000010c0001"], 0xc0}, 0x1, 0x0, 0x0, 0x40c0}, 0xc4)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r6, &(0x7f00000007c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @bcast]}, 0x40)

3.573366098s ago: executing program 5 (id=1364):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r3=>r2}, './file1\x00'})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f00000000c0)={0x0, 0x3, r1, 0x6})
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000280)={0x77359400}, &(0x7f0000048000)=0x2, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r4 = dup(0xffffffffffffffff)
r5 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000400)={0xf0f016, 0x2})
write$UHID_INPUT(r4, 0x0, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007000b00000000000c000180060006008e"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="71756f74612c0076803d1ef1e21d15ecae5550b872972cd5fd8e642f1e64ccb6bbcfe6ba65a7cf4fdbc772c2977e319ff8f2cc885c06cc0d16a110373fa6cff7b62d0d527d078b3154bfe4913a1a66b19475a0a4d0c5831d8f2c3697d547a24e519af5b610225e5ed819cdd7c1676f08c149c1769b8d66861e3aeddb1cfbce19e76c1b822025d12ad2d4c98f62c117e2b3a0681f7893eeef0f20e8f7c2f8a903b3d0a783c57a9c7ac98e6c5543386319ed2da8a82aeae272314d6303856667"])
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

2.008993754s ago: executing program 5 (id=1365):
signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x20, &(0x7f0000000040)=0xfffffff8, 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e24, 0x8, @local, 0x6}, 0x32)
setsockopt$inet6_int(r2, 0x29, 0x10, &(0x7f0000000140)=0x8, 0x4)
sendto$inet6(r2, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
mmap(&(0x7f0000087000/0x4000)=nil, 0x4000, 0x200000d, 0x12, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="0000d63f9a8eecdeb60ddb0700000000", 0x20)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, 0x0, 0x731, 0x0, 0x0, {0x38}}, 0x14}, 0x1, 0x2}, 0x0)

1.772798241s ago: executing program 4 (id=1366):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
bpf$MAP_DELETE_ELEM(0x4, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$TCFLSH(r5, 0x400455c8, 0x20000000009) (fail_nth: 4)

1.002285124s ago: executing program 2 (id=1367):
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = getpgrp(0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0xda)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000080)={0xc0, 0x0, 0x0, 0x0, 0x80})
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
syz_emit_ethernet(0x205, &(0x7f0000001540)={@random="cebf901584bc", @random="6a177a00", @void, {@x25={0x805, {0x3, 0x6, 0xff, "3cc2cf9cf258fc60ac5471863cf8b24d9b27d4ca85c99d06f224f11d7b012645cb9e98a4fa8cd538193c47527256f8cd50b0ba8084979e2c835ff1b163c44dd8a66a5b8f4c550c94e434840efb1f51e7ca106bdb43dd9d7a2bebe70f8c773761f78485101c785ebfeacbb541c517818800d95d252717eb649cb32da44d2ab02230b3f5329e480a5a88a4733aca11daa8ae84507906dce585c1411a918580bec2dbe0ca0407387dd118772e70a3e068f975e92688393bda5f985507ddc9e7077e5f4cd0ac323d6d959f2633f7731c976f350535de4062cf334afc9182ffda77c5000552cafcd5fa1a84fd5e18e5dc04404a8f3d818c966819cb4a1ca4ad13c82410234172bb3d395814821a49b313a94d163e2fc5a4dfc657fb34ca9580c66ce81cc88a8e9a8847ddbaf527a88efe9b281192f33b9480e98b8d9b8829be6727d21996c581f950a881f64f55c82c23368884ac4f8a70dac647ad12485dc5685b1f8519ebcedeaa7c54615bce25ccd2aa9f47df03addc7f1505d1e8c62ca1f9fe05193f5cc58195c05e9d1511ead462de2e888b0bbe4e27167063c6f749094ac5c81c354cc91f9cb6eb35c7084e62849c8101f0b5bddca4244451236540dd86799d0d3da8cf1be1f0cfaf52d905649e942203b60a0e84760df492c0095abcd725eea03377382ea50a417626c7d4c9993830a7485622"}}}}, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0)
ptrace(0x10, r4)
ptrace$getregset(0x4205, r4, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
write$bt_hci(0xffffffffffffffff, &(0x7f00000005c0)=ANY=[], 0x8)

229.391175ms ago: executing program 4 (id=1368):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x1000, 0x3f2f0fde)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:s'], 0x2a, 0xfffffffffffffffc)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000080)={0x0, 0x4, 0x20a})
fcntl$getownex(r1, 0x10, &(0x7f0000000300))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0/../file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@nfs_export_on}]})

0s ago: executing program 5 (id=1369):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000200)=[{0x0}, {0x0}], 0x2)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) (fail_nth: 4)

kernel console output (not intermixed with test programs):

hcd
[  538.600101][ T5866] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  539.143457][ T9856] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  539.239940][ T5866] usb 1-1: New USB device found, idVendor=0979, idProduct=0227, bcdDevice=6d.4d
[  539.272351][ T5866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.285504][ T5866] usb 1-1: config 0 descriptor??
[  539.295767][ T5866] gspca_main: jl2005bcd-2.14.0 probing 0979:0227
[  539.331268][ T5866] command write [95] error -22
[  539.857903][ T5866] usb 1-1: USB disconnect, device number 13
[  541.565067][ T9885] netlink: 56 bytes leftover after parsing attributes in process `syz.4.984'.
[  541.576720][ T9885] netlink: 8 bytes leftover after parsing attributes in process `syz.4.984'.
[  541.826558][ T9893] loop6: detected capacity change from 0 to 63
[  541.884161][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  541.970633][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  541.996485][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  542.035280][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  542.067643][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  542.251365][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  542.273382][ T5917] Buffer I/O error on dev loop6, logical block 3, async page read
[  542.565112][ T5921] libceph: connect (1)[c::]:6789 error -101
[  542.577511][ T5921] libceph: mon0 (1)[c::]:6789 connect error
[  542.627423][ T9912] loop8: detected capacity change from 0 to 1
[  542.643080][ T9912] Dev loop8: unable to read RDB block 1
[  542.648910][ T9912]  loop8: unable to read partition table
[  542.656252][ T9912] loop8: partition table beyond EOD, truncated
[  542.662769][ T9912] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  543.041227][ T9909] ceph: No mds server is up or the cluster is laggy
[  544.444031][    T9] libceph: connect (1)[c::]:6789 error -101
[  544.458724][ T9918] FAT-fs (nullb0): bogus number of reserved sectors
[  544.465549][ T9918] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  544.470238][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  544.637002][ T9919] ceph: No mds server is up or the cluster is laggy
[  544.759839][    T9] libceph: connect (1)[c::]:6789 error -101
[  544.800146][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  545.349522][   T30] audit: type=1326 audit(1747699601.031:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9931 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e8f8e969 code=0x7ffc0000
[  545.504581][   T30] audit: type=1326 audit(1747699601.031:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9931 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb7e8f8e969 code=0x7ffc0000
[  545.532671][   T30] audit: type=1326 audit(1747699601.031:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9931 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e8f8e969 code=0x7ffc0000
[  545.554383][   T30] audit: type=1326 audit(1747699601.031:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9931 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7fb7e8f8e969 code=0x7ffc0000
[  545.576050][   T30] audit: type=1326 audit(1747699601.031:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9931 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e8f8e969 code=0x7ffc0000
[  545.615295][   T30] audit: type=1326 audit(1747699601.031:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9931 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb7e8f8e56b code=0x7ffc0000
[  545.734654][   T30] audit: type=1326 audit(1747699601.031:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9931 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb7e8f8d2d0 code=0x7ffc0000
[  545.816593][   T30] audit: type=1326 audit(1747699601.031:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9931 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e8f8e969 code=0x7ffc0000
[  545.899060][   T30] audit: type=1326 audit(1747699601.031:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9931 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb7e8f8e969 code=0x7ffc0000
[  545.921935][ T9945] netlink: 'syz.0.995': attribute type 1 has an invalid length.
[  545.958030][   T30] audit: type=1326 audit(1747699601.031:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9931 comm="syz.4.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e8f8e969 code=0x7ffc0000
[  546.053330][ T9946] syz.0.995: attempt to access beyond end of device
[  546.053330][ T9946] nbd0: rw=0, sector=2, nr_sectors = 1 limit=0
[  546.081505][ T9946] hfs: can't find a HFS filesystem on dev nbd0
[  548.370592][ T9968] loop6: detected capacity change from 0 to 63
[  548.427582][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  548.468606][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  548.517806][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  548.542555][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  548.565068][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  548.585117][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  548.614878][ T5917] Buffer I/O error on dev loop6, logical block 3, async page read
[  548.660089][ T5910] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  549.174157][ T9977] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1004'.
[  549.180266][ T5910] usb 5-1: Using ep0 maxpacket: 8
[  549.198932][ T9977] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1004'.
[  549.219619][ T9977] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1004'.
[  549.240675][ T5910] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  549.249791][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  549.330140][ T5910] usb 5-1: Product: syz
[  549.636579][ T5910] usb 5-1: Manufacturer: syz
[  549.802944][ T5910] usb 5-1: SerialNumber: syz
[  549.841342][ T5910] usb 5-1: config 0 descriptor??
[  549.854978][ T5910] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  549.867433][ T5910] usb 5-1: setting power ON
[  549.876960][ T5910] dvb-usb: bulk message failed: -22 (2/0)
[  549.887390][ T5910] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  549.907782][ T5910] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  549.923053][ T5910] usb 5-1: media controller created
[  550.397193][ T9969] dvb-usb: bulk message failed: -22 (3/0)
[  550.406774][ T9969] usb 5-1: gpio_write failed.
[  550.413444][ T9969] cxusb: i2c rd: len=8192 is too big!
[  550.413444][ T9969] 
[  550.498701][ T5910] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  550.507212][ T5873] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  550.552981][ T5910] usb 5-1: selecting invalid altsetting 6
[  550.564430][ T5910] usb 5-1: digital interface selection failed (-22)
[  550.567518][ T9990] FAULT_INJECTION: forcing a failure.
[  550.567518][ T9990] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  550.574657][ T5910] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  550.592036][ T9990] CPU: 1 UID: 0 PID: 9990 Comm: syz.0.1008 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  550.592081][ T9990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  550.592095][ T9990] Call Trace:
[  550.592104][ T9990]  <TASK>
[  550.592113][ T9990]  dump_stack_lvl+0x189/0x250
[  550.592152][ T9990]  ? __pfx_dump_stack_lvl+0x10/0x10
[  550.592181][ T9990]  ? __pfx__printk+0x10/0x10
[  550.592226][ T9990]  should_fail_ex+0x414/0x560
[  550.592254][ T9990]  _copy_to_user+0x31/0xb0
[  550.592286][ T9990]  simple_read_from_buffer+0xe1/0x170
[  550.592323][ T9990]  proc_fail_nth_read+0x1df/0x250
[  550.592349][ T9990]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  550.592374][ T9990]  ? rw_verify_area+0x258/0x650
[  550.592401][ T9990]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  550.592425][ T9990]  vfs_read+0x200/0x980
[  550.592458][ T9990]  ? __pfx___mutex_lock+0x10/0x10
[  550.592487][ T9990]  ? __pfx_vfs_read+0x10/0x10
[  550.592517][ T9990]  ? __fget_files+0x2a/0x420
[  550.592541][ T9990]  ? __fget_files+0x3a0/0x420
[  550.592568][ T9990]  ? __fget_files+0x2a/0x420
[  550.592596][ T9990]  ksys_read+0x145/0x250
[  550.592623][ T9990]  ? rcu_is_watching+0x15/0xb0
[  550.592655][ T9990]  ? __pfx_ksys_read+0x10/0x10
[  550.592688][ T9990]  ? do_syscall_64+0xba/0x210
[  550.592723][ T9990]  do_syscall_64+0xf6/0x210
[  550.592751][ T9990]  ? clear_bhb_loop+0x60/0xb0
[  550.592777][ T9990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.592797][ T9990] RIP: 0033:0x7fb71e98d37c
[  550.592817][ T9990] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  550.592835][ T9990] RSP: 002b:00007fb71f741030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  550.592858][ T9990] RAX: ffffffffffffffda RBX: 00007fb71ebb5fa0 RCX: 00007fb71e98d37c
[  550.592873][ T9990] RDX: 000000000000000f RSI: 00007fb71f7410a0 RDI: 0000000000000004
[  550.592886][ T9990] RBP: 00007fb71f741090 R08: 0000000000000000 R09: 0000000000000000
[  550.592899][ T9990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  550.592911][ T9990] R13: 0000000000000000 R14: 00007fb71ebb5fa0 R15: 00007ffe88ec5028
[  550.592944][ T9990]  </TASK>
[  550.934658][ T5910] usb 5-1: setting power OFF
[  550.947166][ T5910] dvb-usb: bulk message failed: -22 (2/0)
[  550.953952][ T5910] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  550.967914][ T5910] (NULL device *): no alternate interface
[  550.970391][ T5873] usb 2-1: device descriptor read/64, error -71
[  551.623707][ T5910] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  551.650120][ T5873] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  551.740716][ T5910] usb 5-1: USB disconnect, device number 19
[  551.790360][ T5873] usb 2-1: device descriptor read/64, error -71
[  551.958829][ T5873] usb usb2-port1: attempt power cycle
[  552.060569][T10012] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  553.350150][ T5873] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  553.392793][ T5873] usb 2-1: device descriptor read/8, error -71
[  553.968088][T10023] loop6: detected capacity change from 0 to 63
[  554.007648][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  554.090361][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  554.691587][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  554.726840][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  554.749740][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  554.796477][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  554.823869][ T5917] Buffer I/O error on dev loop6, logical block 3, async page read
[  556.255157][T10044] overlayfs: overlapping lowerdir path
[  557.544393][T10060] netlink: 'syz.1.1026': attribute type 29 has an invalid length.
[  557.565554][T10060] netlink: 'syz.1.1026': attribute type 29 has an invalid length.
[  558.052326][T10060] netlink: 500 bytes leftover after parsing attributes in process `syz.1.1026'.
[  558.341483][T10067] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1029'.
[  558.546314][T10069] FAULT_INJECTION: forcing a failure.
[  558.546314][T10069] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  558.588873][T10069] CPU: 0 UID: 0 PID: 10069 Comm: syz.1.1030 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  558.588905][T10069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  558.588918][T10069] Call Trace:
[  558.588927][T10069]  <TASK>
[  558.588936][T10069]  dump_stack_lvl+0x189/0x250
[  558.588967][T10069]  ? __lock_acquire+0xaac/0xd20
[  558.588998][T10069]  ? __pfx_dump_stack_lvl+0x10/0x10
[  558.589025][T10069]  ? __pfx__printk+0x10/0x10
[  558.589057][T10069]  ? __might_fault+0xb0/0x130
[  558.589099][T10069]  should_fail_ex+0x414/0x560
[  558.589125][T10069]  _copy_from_iter+0x1db/0x15a0
[  558.589159][T10069]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  558.589187][T10069]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  558.589219][T10069]  ? __pfx__copy_from_iter+0x10/0x10
[  558.589247][T10069]  ? __build_skb_around+0x257/0x3e0
[  558.589283][T10069]  ? netlink_sendmsg+0x642/0xb30
[  558.589306][T10069]  ? skb_put+0x11b/0x210
[  558.589334][T10069]  netlink_sendmsg+0x6b2/0xb30
[  558.589357][T10069]  ? is_bpf_text_address+0x26/0x2b0
[  558.589393][T10069]  ? __pfx_netlink_sendmsg+0x10/0x10
[  558.589426][T10069]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  558.589448][T10069]  ? __pfx_netlink_sendmsg+0x10/0x10
[  558.589472][T10069]  __sock_sendmsg+0x219/0x270
[  558.589496][T10069]  ____sys_sendmsg+0x505/0x830
[  558.589530][T10069]  ? __pfx_____sys_sendmsg+0x10/0x10
[  558.589567][T10069]  ? import_iovec+0x74/0xa0
[  558.589600][T10069]  ___sys_sendmsg+0x21f/0x2a0
[  558.589629][T10069]  ? __pfx____sys_sendmsg+0x10/0x10
[  558.589695][T10069]  ? __fget_files+0x2a/0x420
[  558.589713][T10069]  ? __fget_files+0x3a0/0x420
[  558.589742][T10069]  __x64_sys_sendmsg+0x19b/0x260
[  558.589773][T10069]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  558.589819][T10069]  ? do_syscall_64+0xba/0x210
[  558.589850][T10069]  do_syscall_64+0xf6/0x210
[  558.589877][T10069]  ? clear_bhb_loop+0x60/0xb0
[  558.589902][T10069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.589922][T10069] RIP: 0033:0x7effdf78e969
[  558.589944][T10069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  558.589962][T10069] RSP: 002b:00007effe058a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  558.589984][T10069] RAX: ffffffffffffffda RBX: 00007effdf9b5fa0 RCX: 00007effdf78e969
[  558.589998][T10069] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  558.590010][T10069] RBP: 00007effe058a090 R08: 0000000000000000 R09: 0000000000000000
[  558.590022][T10069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  558.590034][T10069] R13: 0000000000000000 R14: 00007effdf9b5fa0 R15: 00007ffc6293ae08
[  558.590064][T10069]  </TASK>
[  558.914995][T10070] mmap: syz.3.1023 (10070) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  559.375780][T10082] afs: Unknown parameter 'dyëw'UiãïÛÓèÏ'
[  559.607261][T10078] input: syz1 as /devices/virtual/input/input47
[  559.660299][T10080] netlink: 'syz.0.1034': attribute type 10 has an invalid length.
[  559.747096][T10080] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.755221][T10080] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.840809][T10082] netlink: 260 bytes leftover after parsing attributes in process `syz.1.1032'.
[  560.202524][T10080] bridge0: port 2(bridge_slave_1) entered blocking state
[  560.209786][T10080] bridge0: port 2(bridge_slave_1) entered forwarding state
[  560.218291][T10080] bridge0: port 1(bridge_slave_0) entered blocking state
[  560.225543][T10080] bridge0: port 1(bridge_slave_0) entered forwarding state
[  560.326129][T10080] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  560.396386][T10095] ntfs3(nullb0): Primary boot signature is not NTFS.
[  560.403590][T10095] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  560.423760][T10089] syz.3.1035: attempt to access beyond end of device
[  560.423760][T10089] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0
[  562.954447][T10119] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  563.022574][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  563.029024][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  563.820188][T10129] netlink: 'syz.3.1046': attribute type 1 has an invalid length.
[  563.830161][T10129] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1046'.
[  564.650199][ T5910] libceph: connect (1)[c::]:6789 error -101
[  564.657216][ T5910] libceph: mon0 (1)[c::]:6789 connect error
[  564.713121][T10135] loop8: detected capacity change from 0 to 1
[  564.810856][T10135] Dev loop8: unable to read RDB block 1
[  564.816532][T10135]  loop8: unable to read partition table
[  564.822474][T10135] loop8: partition table beyond EOD, truncated
[  564.828677][T10135] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  565.212456][T10133] ceph: No mds server is up or the cluster is laggy
[  565.225445][ T5910] libceph: connect (1)[c::]:6789 error -101
[  565.251431][ T5910] libceph: mon0 (1)[c::]:6789 connect error
[  565.351325][T10141] afs: Unknown parameter 'dyëw'UiãïÛÓèÏ'
[  566.011741][T10144] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1049'.
[  566.053569][T10144] openvswitch: netlink: Flow key attr not present in new flow.
[  566.758277][T10155] loop6: detected capacity change from 0 to 63
[  566.794480][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  566.824862][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  566.845165][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  567.021538][T10164] FAULT_INJECTION: forcing a failure.
[  567.021538][T10164] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  567.058813][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  567.067431][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  567.076582][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  567.085387][ T5917] Buffer I/O error on dev loop6, logical block 3, async page read
[  567.097355][T10164] CPU: 0 UID: 0 PID: 10164 Comm: syz.0.1055 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  567.097379][T10164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  567.097392][T10164] Call Trace:
[  567.097400][T10164]  <TASK>
[  567.097408][T10164]  dump_stack_lvl+0x189/0x250
[  567.097436][T10164]  ? __lock_acquire+0xaac/0xd20
[  567.097465][T10164]  ? __pfx_dump_stack_lvl+0x10/0x10
[  567.097491][T10164]  ? __pfx__printk+0x10/0x10
[  567.097520][T10164]  ? __might_fault+0xb0/0x130
[  567.097561][T10164]  should_fail_ex+0x414/0x560
[  567.097586][T10164]  _copy_from_user+0x2d/0xb0
[  567.097614][T10164]  ____sys_sendmsg+0x2fe/0x830
[  567.097647][T10164]  ? __pfx_____sys_sendmsg+0x10/0x10
[  567.097681][T10164]  ? import_iovec+0x74/0xa0
[  567.097712][T10164]  ___sys_sendmsg+0x21f/0x2a0
[  567.097749][T10164]  ? __pfx____sys_sendmsg+0x10/0x10
[  567.097813][T10164]  ? __fget_files+0x2a/0x420
[  567.097831][T10164]  ? __fget_files+0x3a0/0x420
[  567.097860][T10164]  __sys_sendmmsg+0x227/0x430
[  567.097897][T10164]  ? __pfx___sys_sendmmsg+0x10/0x10
[  567.097933][T10164]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  567.097976][T10164]  ? ksys_write+0x1f0/0x250
[  567.098002][T10164]  ? rcu_is_watching+0x15/0xb0
[  567.098040][T10164]  __x64_sys_sendmmsg+0xa0/0xc0
[  567.098070][T10164]  do_syscall_64+0xf6/0x210
[  567.098097][T10164]  ? clear_bhb_loop+0x60/0xb0
[  567.098121][T10164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.098139][T10164] RIP: 0033:0x7fb71e98e969
[  567.098156][T10164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  567.098173][T10164] RSP: 002b:00007fb71f741038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  567.098194][T10164] RAX: ffffffffffffffda RBX: 00007fb71ebb5fa0 RCX: 00007fb71e98e969
[  567.098208][T10164] RDX: 0000000000000001 RSI: 0000200000004580 RDI: 0000000000000003
[  567.098220][T10164] RBP: 00007fb71f741090 R08: 0000000000000000 R09: 0000000000000000
[  567.098231][T10164] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000001
[  567.098243][T10164] R13: 0000000000000000 R14: 00007fb71ebb5fa0 R15: 00007ffe88ec5028
[  567.098273][T10164]  </TASK>
[  568.841223][   T30] kauditd_printk_skb: 41 callbacks suppressed
[  568.841243][   T30] audit: type=1326 audit(1747699624.521:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10183 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4cd58e969 code=0x7ffc0000
[  568.920268][T10161] sg_write: data in/out 2387/14 bytes for SCSI command 0x8-- guessing data in;
[  568.920268][T10161]    program syz.1.1053 not setting count and/or reply_len properly
[  568.964930][T10189] afs: Unknown parameter 'dyëw'UiãïÛÓèÏ'
[  569.073519][   T30] audit: type=1326 audit(1747699624.521:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10183 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4cd58e969 code=0x7ffc0000
[  569.275339][   T30] audit: type=1326 audit(1747699624.521:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10183 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7fa4cd58e969 code=0x7ffc0000
[  569.495497][   T30] audit: type=1326 audit(1747699624.521:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10183 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4cd58e969 code=0x7ffc0000
[  569.526226][T10192] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1059'.
[  569.543577][T10192] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1059'.
[  569.693121][   T30] audit: type=1326 audit(1747699624.521:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10183 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa4cd58e969 code=0x7ffc0000
[  569.722829][   T30] audit: type=1326 audit(1747699624.521:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10183 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4cd58e969 code=0x7ffc0000
[  569.800107][   T30] audit: type=1326 audit(1747699624.521:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10183 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fa4cd58e969 code=0x7ffc0000
[  569.900025][   T30] audit: type=1326 audit(1747699625.371:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10183 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4cd58e969 code=0x7ffc0000
[  571.623058][T10213] loop6: detected capacity change from 0 to 63
[  571.688775][ T9261] Buffer I/O error on dev loop6, logical block 0, async page read
[  571.756171][ T9261] Buffer I/O error on dev loop6, logical block 0, async page read
[  571.781758][T10216] FAULT_INJECTION: forcing a failure.
[  571.781758][T10216] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  571.795698][ T9261] Buffer I/O error on dev loop6, logical block 0, async page read
[  571.804906][ T9261] Buffer I/O error on dev loop6, logical block 0, async page read
[  571.814722][ T9261] Buffer I/O error on dev loop6, logical block 0, async page read
[  571.823315][ T9261] Buffer I/O error on dev loop6, logical block 0, async page read
[  571.834073][ T9261] Buffer I/O error on dev loop6, logical block 3, async page read
[  571.852263][T10216] CPU: 1 UID: 0 PID: 10216 Comm: syz.2.1069 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  571.852291][T10216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  571.852304][T10216] Call Trace:
[  571.852312][T10216]  <TASK>
[  571.852320][T10216]  dump_stack_lvl+0x189/0x250
[  571.852350][T10216]  ? __lock_acquire+0xaac/0xd20
[  571.852380][T10216]  ? __pfx_dump_stack_lvl+0x10/0x10
[  571.852406][T10216]  ? __pfx__printk+0x10/0x10
[  571.852447][T10216]  ? __might_fault+0xb0/0x130
[  571.852489][T10216]  should_fail_ex+0x414/0x560
[  571.852515][T10216]  _copy_from_iter+0x1db/0x15a0
[  571.852548][T10216]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  571.852575][T10216]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  571.852606][T10216]  ? __pfx__copy_from_iter+0x10/0x10
[  571.852632][T10216]  ? __build_skb_around+0x257/0x3e0
[  571.852661][T10216]  ? netlink_sendmsg+0x642/0xb30
[  571.852683][T10216]  ? skb_put+0x11b/0x210
[  571.852712][T10216]  netlink_sendmsg+0x6b2/0xb30
[  571.852733][T10216]  ? is_bpf_text_address+0x26/0x2b0
[  571.852768][T10216]  ? __pfx_netlink_sendmsg+0x10/0x10
[  571.852799][T10216]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  571.852819][T10216]  ? __pfx_netlink_sendmsg+0x10/0x10
[  571.852844][T10216]  __sock_sendmsg+0x219/0x270
[  571.852867][T10216]  ____sys_sendmsg+0x505/0x830
[  571.852919][T10216]  ? __pfx_____sys_sendmsg+0x10/0x10
[  571.852956][T10216]  ? import_iovec+0x74/0xa0
[  571.852988][T10216]  ___sys_sendmsg+0x21f/0x2a0
[  571.853018][T10216]  ? __pfx____sys_sendmsg+0x10/0x10
[  571.853096][T10216]  ? __fget_files+0x2a/0x420
[  571.853113][T10216]  ? __fget_files+0x3a0/0x420
[  571.853141][T10216]  __x64_sys_sendmsg+0x19b/0x260
[  571.853170][T10216]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  571.853213][T10216]  ? do_syscall_64+0xba/0x210
[  571.853242][T10216]  do_syscall_64+0xf6/0x210
[  571.853267][T10216]  ? clear_bhb_loop+0x60/0xb0
[  571.853291][T10216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.853308][T10216] RIP: 0033:0x7fa4cd58e969
[  571.853325][T10216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  571.853339][T10216] RSP: 002b:00007fa4ce3f2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  571.853358][T10216] RAX: ffffffffffffffda RBX: 00007fa4cd7b5fa0 RCX: 00007fa4cd58e969
[  571.853370][T10216] RDX: 0000000020004000 RSI: 0000200000000040 RDI: 0000000000000004
[  571.853382][T10216] RBP: 00007fa4ce3f2090 R08: 0000000000000000 R09: 0000000000000000
[  571.853392][T10216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  571.853402][T10216] R13: 0000000000000000 R14: 00007fa4cd7b5fa0 R15: 00007ffd517a77d8
[  571.853439][T10216]  </TASK>
[  572.999919][T10226] afs: Unknown parameter 'dyëw'UiãïÛÓèÏ'
[  573.963461][T10232] adf_ctl_ioctl: 15 callbacks suppressed
[  573.963570][T10232] QAT: Invalid ioctl 1075883590
[  573.975984][T10232] QAT: Invalid ioctl 1075883590
[  573.982707][T10232] QAT: Invalid ioctl 1075883590
[  573.988073][T10232] QAT: Invalid ioctl 1075883590
[  573.993532][T10232] QAT: Invalid ioctl 1075883590
[  573.998865][T10232] QAT: Invalid ioctl 1075883590
[  574.004461][T10232] QAT: Invalid ioctl 1075883590
[  574.009831][T10232] QAT: Invalid ioctl 1075883590
[  574.015212][T10232] QAT: Invalid ioctl 1075883590
[  574.020671][T10232] QAT: Invalid ioctl 1075883590
[  574.621629][T10240] input: syz0 as /devices/virtual/input/input48
[  575.150857][T10240] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1077'.
[  575.664027][T10255] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1081'.
[  576.661492][T10267] loop6: detected capacity change from 0 to 63
[  576.695490][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  576.725306][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  576.739637][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  576.759730][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  576.784521][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  576.807207][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  576.830715][ T5917] Buffer I/O error on dev loop6, logical block 3, async page read
[  577.207449][T10269] sg_write: data in/out 2387/14 bytes for SCSI command 0x8-- guessing data in;
[  577.207449][T10269]    program syz.1.1083 not setting count and/or reply_len properly
[  577.720603][ T5921] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  578.205525][ T5921] usb 3-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice=31.00
[  578.234443][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.276627][ T5921] usb 3-1: Product: syz
[  578.307752][T10277] afs: Unknown parameter 'dyëw'UiãïÛÓèÏ'
[  578.315180][ T5921] usb 3-1: Manufacturer: syz
[  578.319827][ T5921] usb 3-1: SerialNumber: syz
[  578.356243][ T5921] usb 3-1: config 0 descriptor??
[  578.378365][ T5921] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  578.418450][ T5921] usb 3-1: Detected FT4232HP
[  578.815755][T10288] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  578.978564][ T5921] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  579.018148][ T5921] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  579.048663][ T5921] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  579.116773][ T5921] usb 3-1: USB disconnect, device number 13
[  579.144445][ T5921] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  579.338111][ T5921] ftdi_sio 3-1:0.0: device disconnected
[  579.939137][   T30] audit: type=1326 audit(1747699635.621:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10296 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb71e98e969 code=0x7ffc0000
[  580.001051][T10299] warning: `syz.4.1093' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  580.014129][   T30] audit: type=1326 audit(1747699635.651:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10296 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb71e98e969 code=0x7ffc0000
[  580.045528][   T30] audit: type=1326 audit(1747699635.651:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10296 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7fb71e98e969 code=0x7ffc0000
[  580.098070][   T30] audit: type=1326 audit(1747699635.651:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10296 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb71e98e969 code=0x7ffc0000
[  580.172955][T10299] netlink: 'syz.4.1093': attribute type 10 has an invalid length.
[  580.215926][   T30] audit: type=1326 audit(1747699635.651:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10296 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb71e98e969 code=0x7ffc0000
[  580.263337][   T30] audit: type=1326 audit(1747699635.651:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10296 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb71e98e969 code=0x7ffc0000
[  580.394160][   T30] audit: type=1326 audit(1747699635.651:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10296 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb71e98e969 code=0x7ffc0000
[  581.008718][   T30] audit: type=1326 audit(1747699635.661:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10296 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb71e98e969 code=0x7ffc0000
[  581.030774][   T30] audit: type=1326 audit(1747699635.671:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10296 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fb71e98e969 code=0x7ffc0000
[  581.170074][   T30] audit: type=1326 audit(1747699635.681:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10296 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb71e98e969 code=0x7ffc0000
[  581.220966][T10299] bond0: (slave wlan1): Releasing backup interface
[  581.295939][T10299] team0: Port device wlan1 added
[  581.509559][T10313] loop6: detected capacity change from 0 to 63
[  581.515894][ T5873] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  581.685803][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  581.780405][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  582.446366][ T5873] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  582.456135][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  582.464222][ T5873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  582.473596][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  582.485227][ T5873] usb 2-1: Product: syz
[  582.491053][ T5873] usb 2-1: Manufacturer: syz
[  582.495661][ T5873] usb 2-1: SerialNumber: syz
[  582.501255][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  582.509802][ T5917] Buffer I/O error on dev loop6, logical block 0, async page read
[  582.523315][ T5873] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  582.559624][ T5917] Buffer I/O error on dev loop6, logical block 3, async page read
[  582.640766][ T5910] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  583.790131][ T8967] wlan1: Trigger new scan to find an IBSS to join
[  583.832557][  T975] usb 2-1: USB disconnect, device number 14
[  584.683115][ T5873] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  585.010058][ T5910] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  585.017342][ T5910] ath9k_htc: Failed to initialize the device
[  585.054135][  T975] usb 2-1: ath9k_htc: USB layer deinitialized
[  585.069820][T10328] overlayfs: overlapping lowerdir path
[  585.182382][ T5873] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  585.210323][ T5873] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  585.224445][T10333] xt_CT: No such helper "netbios-ns"
[  585.272654][ T5873] usb 5-1: config 220 has no interface number 2
[  585.297421][ T5873] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  585.337655][ T5873] usb 5-1: config 220 interface 0 has no altsetting 0
[  585.358210][ T5873] usb 5-1: config 220 interface 76 has no altsetting 0
[  585.392055][ T5873] usb 5-1: config 220 interface 1 has no altsetting 0
[  585.418129][ T5873] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  585.455752][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  585.498040][ T5873] usb 5-1: Product: syz
[  585.540721][ T5873] usb 5-1: Manufacturer: syz
[  585.560015][ T5873] usb 5-1: SerialNumber: syz
[  585.657807][T10346] netlink: 'syz.0.1103': attribute type 1 has an invalid length.
[  585.699901][T10346] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  585.757381][T10346] netlink: 'syz.0.1103': attribute type 1 has an invalid length.
[  585.953238][T10348] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1103'.
[  586.264664][T10346] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  588.418008][ T5873] usb 5-1: selecting invalid altsetting 0
[  588.434427][ T5873] usb 5-1: Found UVC 7.01 device syz (8086:0b07)
[  588.448001][ T5873] usb 5-1: No valid video chain found.
[  588.448955][ T6388] wlan1: Trigger new scan to find an IBSS to join
[  588.575274][T10355] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1106'.
[  588.587031][T10358] sg_write: data in/out 2387/14 bytes for SCSI command 0x8-- guessing data in;
[  588.587031][T10358]    program syz.2.1104 not setting count and/or reply_len properly
[  588.644131][ T5873] usb 5-1: selecting invalid altsetting 0
[  588.661873][ T5873] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[  588.775344][ T5873] usb 5-1: USB disconnect, device number 20
[  589.704046][ T3481] wlan1: Creating new IBSS network, BSSID 62:fa:bd:ee:66:4c
[  591.566694][T10380] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1114'.
[  591.589660][T10380] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  592.349573][ T5921] libceph: connect (1)[c::]:6789 error -101
[  592.364287][ T5921] libceph: mon0 (1)[c::]:6789 connect error
[  592.389100][T10391] FAULT_INJECTION: forcing a failure.
[  592.389100][T10391] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  592.457335][T10391] CPU: 1 UID: 0 PID: 10391 Comm: syz.1.1116 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  592.457366][T10391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  592.457379][T10391] Call Trace:
[  592.457387][T10391]  <TASK>
[  592.457396][T10391]  dump_stack_lvl+0x189/0x250
[  592.457427][T10391]  ? __lock_acquire+0xaac/0xd20
[  592.457458][T10391]  ? __pfx_dump_stack_lvl+0x10/0x10
[  592.457485][T10391]  ? __pfx__printk+0x10/0x10
[  592.457516][T10391]  ? __might_fault+0xb0/0x130
[  592.457559][T10391]  should_fail_ex+0x414/0x560
[  592.457586][T10391]  _copy_from_iter+0x1db/0x15a0
[  592.457619][T10391]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  592.457647][T10391]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  592.457680][T10391]  ? __pfx__copy_from_iter+0x10/0x10
[  592.457708][T10391]  ? __build_skb_around+0x257/0x3e0
[  592.457737][T10391]  ? netlink_sendmsg+0x642/0xb30
[  592.457760][T10391]  ? skb_put+0x11b/0x210
[  592.457796][T10391]  netlink_sendmsg+0x6b2/0xb30
[  592.457820][T10391]  ? is_bpf_text_address+0x26/0x2b0
[  592.457857][T10391]  ? __pfx_netlink_sendmsg+0x10/0x10
[  592.457890][T10391]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  592.457911][T10391]  ? __pfx_netlink_sendmsg+0x10/0x10
[  592.457934][T10391]  __sock_sendmsg+0x219/0x270
[  592.457959][T10391]  ____sys_sendmsg+0x505/0x830
[  592.457992][T10391]  ? __pfx_____sys_sendmsg+0x10/0x10
[  592.458030][T10391]  ? import_iovec+0x74/0xa0
[  592.458062][T10391]  ___sys_sendmsg+0x21f/0x2a0
[  592.458092][T10391]  ? __pfx____sys_sendmsg+0x10/0x10
[  592.458158][T10391]  ? __fget_files+0x2a/0x420
[  592.458176][T10391]  ? __fget_files+0x3a0/0x420
[  592.458205][T10391]  __x64_sys_sendmsg+0x19b/0x260
[  592.458237][T10391]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  592.458283][T10391]  ? do_syscall_64+0xba/0x210
[  592.458314][T10391]  do_syscall_64+0xf6/0x210
[  592.458341][T10391]  ? clear_bhb_loop+0x60/0xb0
[  592.458371][T10391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.458391][T10391] RIP: 0033:0x7effdf78e969
[  592.458409][T10391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  592.458427][T10391] RSP: 002b:00007effe058a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  592.458448][T10391] RAX: ffffffffffffffda RBX: 00007effdf9b5fa0 RCX: 00007effdf78e969
[  592.458463][T10391] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000007
[  592.458475][T10391] RBP: 00007effe058a090 R08: 0000000000000000 R09: 0000000000000000
[  592.458488][T10391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  592.458500][T10391] R13: 0000000000000000 R14: 00007effdf9b5fa0 R15: 00007ffc6293ae08
[  592.458531][T10391]  </TASK>
[  592.487556][T10393] netlink: 'syz.4.1117': attribute type 29 has an invalid length.
[  592.650650][ T5866] libceph: connect (1)[c::]:6789 error -101
[  592.700175][T10385] ceph: No mds server is up or the cluster is laggy
[  592.910335][ T5866] libceph: mon0 (1)[c::]:6789 connect error
[  592.925588][T10393] netlink: 'syz.4.1117': attribute type 29 has an invalid length.
[  592.934271][T10393] netlink: 'syz.4.1117': attribute type 29 has an invalid length.
[  592.960765][T10393] netlink: 'syz.4.1117': attribute type 29 has an invalid length.
[  593.139287][T10398] loop8: detected capacity change from 0 to 1
[  593.720134][T10397] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  593.739698][T10398] Dev loop8: unable to read RDB block 1
[  593.755736][T10398]  loop8: unable to read partition table
[  593.761539][T10398] loop8: partition table beyond EOD, truncated
[  593.767699][T10398] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  595.640385][T10416] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  595.651966][T10416] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  595.664184][T10416] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  595.715688][T10416] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  595.736217][T10416] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  595.969341][T10421] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1123'.
[  596.648091][T10424] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  597.110070][ T5866] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  597.347759][T10437] sg_write: data in/out 2387/14 bytes for SCSI command 0x8-- guessing data in;
[  597.347759][T10437]    program syz.4.1121 not setting count and/or reply_len properly
[  597.459177][T10440] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  597.801223][   T55] Bluetooth: hci5: command tx timeout
[  597.808550][ T5866] usb 3-1: Using ep0 maxpacket: 16
[  597.936834][ T5866] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  598.004952][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.036470][ T5866] usb 3-1: Product: syz
[  598.050237][ T5866] usb 3-1: Manufacturer: syz
[  598.065087][ T5866] usb 3-1: SerialNumber: syz
[  598.202828][ T5866] usb 3-1: config 0 descriptor??
[  598.272525][T10413] chnl_net:caif_netlink_parms(): no params data found
[  598.295800][T10444] netlink: 'syz.1.1129': attribute type 12 has an invalid length.
[  598.476521][T10447] ip6t_rpfilter: unknown options
[  598.629615][ T5866] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  598.650233][T10335] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  598.659689][ T5866] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  598.698436][ T5866] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  598.720694][ T5866] usb 3-1: media controller created
[  598.727033][T10413] bridge0: port 1(bridge_slave_0) entered blocking state
[  598.748841][T10413] bridge0: port 1(bridge_slave_0) entered disabled state
[  598.774664][T10413] bridge_slave_0: entered allmulticast mode
[  598.801133][T10413] bridge_slave_0: entered promiscuous mode
[  598.801227][ T5866] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  598.812924][T10335] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  598.837739][T10413] bridge0: port 2(bridge_slave_1) entered blocking state
[  598.846216][T10335] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  598.866166][T10413] bridge0: port 2(bridge_slave_1) entered disabled state
[  598.876153][T10335] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.890433][T10413] bridge_slave_1: entered allmulticast mode
[  598.916710][T10335] usb 1-1: config 0 descriptor??
[  598.931465][T10413] bridge_slave_1: entered promiscuous mode
[  598.948402][T10446] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  599.145796][T10413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  599.198291][T10413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  599.413291][T10335] elan 0003:04F3:0755.0007: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0
[  599.440315][ T5866] zl10353_read_register: readreg error (reg=127, ret==0)
[  599.475617][ T5866] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  599.495396][T10413] team0: Port device team_slave_0 added
[  599.510193][ T5866] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  599.539664][T10413] team0: Port device team_slave_1 added
[  599.604748][T10335] usb 1-1: USB disconnect, device number 14
[  600.520479][   T55] Bluetooth: hci5: command tx timeout
[  600.658458][T10463] fido_id[10463]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  600.831990][T10413] batman_adv: batadv0: Adding interface: batadv_slave_0
[  600.863070][T10413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  600.930058][T10413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  600.950267][   T30] kauditd_printk_skb: 38 callbacks suppressed
[  600.950284][   T30] audit: type=1326 audit(1747699656.631:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10474 comm="syz.1.1135" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7effdf78e969 code=0x0
[  600.953360][T10413] batman_adv: batadv0: Adding interface: batadv_slave_1
[  601.008638][T10413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  601.042265][T10413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  601.239035][T10413] hsr_slave_0: entered promiscuous mode
[  601.278970][T10413] hsr_slave_1: entered promiscuous mode
[  601.300900][T10413] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  601.348954][T10413] Cannot create hsr debugfs directory
[  601.959548][T10481] FAULT_INJECTION: forcing a failure.
[  601.959548][T10481] name failslab, interval 1, probability 0, space 0, times 0
[  601.972738][T10481] CPU: 1 UID: 0 PID: 10481 Comm: syz.0.1136 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  601.972764][T10481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  601.972777][T10481] Call Trace:
[  601.972785][T10481]  <TASK>
[  601.972793][T10481]  dump_stack_lvl+0x189/0x250
[  601.972828][T10481]  ? __pfx_dump_stack_lvl+0x10/0x10
[  601.972855][T10481]  ? __pfx__printk+0x10/0x10
[  601.972892][T10481]  ? __pfx___might_resched+0x10/0x10
[  601.972928][T10481]  should_fail_ex+0x414/0x560
[  601.972954][T10481]  should_failslab+0xa8/0x100
[  601.972976][T10481]  __kmalloc_noprof+0xcb/0x4f0
[  601.973005][T10481]  ? io_alloc_file_tables+0x49/0xa0
[  601.973041][T10481]  io_alloc_file_tables+0x49/0xa0
[  601.973074][T10481]  io_sqe_files_register+0x1ee/0x7c0
[  601.973112][T10481]  ? __pfx_io_sqe_files_register+0x10/0x10
[  601.973139][T10481]  ? __fget_files+0x2a/0x420
[  601.973156][T10481]  ? __fget_files+0x3a0/0x420
[  601.973173][T10481]  ? __fget_files+0x2a/0x420
[  601.973194][T10481]  ? io_is_uring_fops+0xd/0x50
[  601.973227][T10481]  __se_sys_io_uring_register+0xbef/0x11b0
[  601.973263][T10481]  ? __pfx___se_sys_io_uring_register+0x10/0x10
[  601.973289][T10481]  ? ksys_write+0x1f0/0x250
[  601.973314][T10481]  ? rcu_is_watching+0x15/0xb0
[  601.973353][T10481]  ? do_syscall_64+0xba/0x210
[  601.973383][T10481]  do_syscall_64+0xf6/0x210
[  601.973416][T10481]  ? asm_sysvec_call_function_single+0x1a/0x20
[  601.973447][T10481]  ? clear_bhb_loop+0x60/0xb0
[  601.973470][T10481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.973488][T10481] RIP: 0033:0x7fb71e98e969
[  601.973504][T10481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  601.973520][T10481] RSP: 002b:00007fb71c7f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  601.973539][T10481] RAX: ffffffffffffffda RBX: 00007fb71ebb6160 RCX: 00007fb71e98e969
[  601.973553][T10481] RDX: 0000200000000180 RSI: 0000000000000002 RDI: 0000000000000005
[  601.973564][T10481] RBP: 00007fb71c7f6090 R08: 0000000000000000 R09: 0000000000000000
[  601.973575][T10481] R10: 00000000000000fe R11: 0000000000000246 R12: 0000000000000001
[  601.973586][T10481] R13: 0000000000000000 R14: 00007fb71ebb6160 R15: 00007ffe88ec5028
[  601.973616][T10481]  </TASK>
[  602.453637][T10335] usb 3-1: USB disconnect, device number 14
[  602.600376][T10416] Bluetooth: hci5: command tx timeout
[  603.250874][T10335] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  603.313736][ T5866] usb 1-1: new low-speed USB device number 15 using dummy_hcd
[  603.501310][T10487] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1138'.
[  603.510457][T10487] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1138'.
[  603.525581][ T5866] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  603.555305][ T5866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D is Bulk; changing to Interrupt
[  603.586207][ T5866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt
[  603.612887][ T5866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  603.657226][ T5866] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  603.701852][T10413] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  603.708727][ T5866] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  603.736791][ T5866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.763969][T10413] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  603.771603][ T5866] usb 1-1: config 0 descriptor??
[  603.780389][T10489] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  604.004584][T10413] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  604.033263][T10413] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  604.311834][ T5873] usb 1-1: USB disconnect, device number 15
[  604.697973][T10416] Bluetooth: hci5: command tx timeout
[  607.076635][T10522] loop8: detected capacity change from 0 to 1
[  607.685553][T10512] lo speed is unknown, defaulting to 1000
[  607.723334][T10512] lo speed is unknown, defaulting to 1000
[  607.750118][T10522] Dev loop8: unable to read RDB block 1
[  607.755766][T10522]  loop8: unable to read partition table
[  607.761673][T10522] loop8: partition table beyond EOD, truncated
[  607.767888][T10522] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  607.794518][T10413] 8021q: adding VLAN 0 to HW filter on device bond0
[  607.822440][T10510] netlink: 'syz.0.1144': attribute type 1 has an invalid length.
[  607.830310][T10510] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1144'.
[  608.230893][T10413] 8021q: adding VLAN 0 to HW filter on device team0
[  608.241090][T10512] lo speed is unknown, defaulting to 1000
[  608.344294][ T5963] bridge0: port 1(bridge_slave_0) entered blocking state
[  608.351545][ T5963] bridge0: port 1(bridge_slave_0) entered forwarding state
[  608.463423][T10532] openvswitch: netlink: Actions may not be safe on all matching packets
[  608.645616][ T5921] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  609.353379][ T5963] bridge0: port 2(bridge_slave_1) entered blocking state
[  609.360624][ T5963] bridge0: port 2(bridge_slave_1) entered forwarding state
[  609.374734][ T5921] usb 3-1: Using ep0 maxpacket: 16
[  609.422592][ T5921] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  609.468869][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.701462][T10413] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  609.719665][ T5921] usb 3-1: Product: syz
[  609.746380][ T5921] usb 3-1: Manufacturer: syz
[  610.518831][T10413] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  610.530366][ T5921] usb 3-1: SerialNumber: syz
[  610.541397][ T5921] usb 3-1: config 0 descriptor??
[  611.007654][ T5921] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  611.030582][ T5866] lo speed is unknown, defaulting to 1000
[  611.044223][T10512] infiniband syz0: set active
[  611.050832][ T5921] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  611.064644][T10512] infiniband syz0: added lo
[  611.072912][ T5921] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  611.088133][T10512] syz0: rxe_create_cq: returned err = -12
[  611.099544][ T5921] usb 3-1: media controller created
[  611.106363][T10512] infiniband syz0: Couldn't create ib_mad CQ
[  611.137172][T10512] infiniband syz0: Couldn't open port 1
[  611.194285][ T5921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  611.294895][T10512] RDS/IB: syz0: added
[  611.436874][T10512] smc: adding ib device syz0 with port count 1
[  611.607040][T10512] smc:    ib device syz0 port 1 has pnetid 
[  611.658458][ T5873] lo speed is unknown, defaulting to 1000
[  611.698259][T10554] input: syz0 as /devices/virtual/input/input49
[  611.781192][T10555] tmpfs: Group quota block hardlimit too large.
[  612.435193][ T5921] zl10353_read_register: readreg error (reg=127, ret==0)
[  612.460884][ T5921] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  612.558685][T10512] lo speed is unknown, defaulting to 1000
[  612.781176][ T5921] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  613.030537][T10413] 8021q: adding VLAN 0 to HW filter on device batadv0
[  613.203174][ T5921] usb 3-1: USB disconnect, device number 15
[  613.408094][ T5921] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  613.434993][T10563] netlink: 'syz.4.1155': attribute type 29 has an invalid length.
[  613.444683][T10563] netlink: 'syz.4.1155': attribute type 29 has an invalid length.
[  613.466601][T10563] netlink: 'syz.4.1155': attribute type 29 has an invalid length.
[  613.778697][T10567] netlink: 'syz.4.1155': attribute type 29 has an invalid length.
[  614.341420][T10577] FAULT_INJECTION: forcing a failure.
[  614.341420][T10577] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  614.415250][T10577] CPU: 0 UID: 0 PID: 10577 Comm: syz.4.1158 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  614.415279][T10577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  614.415292][T10577] Call Trace:
[  614.415300][T10577]  <TASK>
[  614.415309][T10577]  dump_stack_lvl+0x189/0x250
[  614.415341][T10577]  ? __lock_acquire+0xaac/0xd20
[  614.415373][T10577]  ? __pfx_dump_stack_lvl+0x10/0x10
[  614.415400][T10577]  ? __pfx__printk+0x10/0x10
[  614.415431][T10577]  ? __might_fault+0xb0/0x130
[  614.415475][T10577]  should_fail_ex+0x414/0x560
[  614.415502][T10577]  _copy_from_user+0x2d/0xb0
[  614.415532][T10577]  smc_setsockopt+0x3b8/0xab0
[  614.415564][T10577]  ? __pfx_smc_setsockopt+0x10/0x10
[  614.415594][T10577]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  614.415622][T10577]  ? __pfx_smc_setsockopt+0x10/0x10
[  614.415648][T10577]  do_sock_setsockopt+0x257/0x3e0
[  614.415679][T10577]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  614.415703][T10577]  ? __fget_files+0x2a/0x420
[  614.415726][T10577]  ? __fget_files+0x3a0/0x420
[  614.415744][T10577]  ? __fget_files+0x2a/0x420
[  614.415771][T10577]  __x64_sys_setsockopt+0x18b/0x220
[  614.415805][T10577]  do_syscall_64+0xf6/0x210
[  614.415833][T10577]  ? clear_bhb_loop+0x60/0xb0
[  614.415858][T10577]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.415877][T10577] RIP: 0033:0x7fb7e8f8e969
[  614.415895][T10577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  614.415912][T10577] RSP: 002b:00007fb7e9d72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  614.415934][T10577] RAX: ffffffffffffffda RBX: 00007fb7e91b5fa0 RCX: 00007fb7e8f8e969
[  614.415948][T10577] RDX: 0000000000000007 RSI: 0000000000000006 RDI: 0000000000000003
[  614.415960][T10577] RBP: 00007fb7e9d72090 R08: 0000000000000004 R09: 0000000000000000
[  614.415973][T10577] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  614.415986][T10577] R13: 0000000000000000 R14: 00007fb7e91b5fa0 R15: 00007fffc1a17be8
[  614.416017][T10577]  </TASK>
[  615.487281][T10512] lo speed is unknown, defaulting to 1000
[  617.082330][T10413] veth0_vlan: entered promiscuous mode
[  617.168288][T10413] veth1_vlan: entered promiscuous mode
[  617.484737][T10601] process 'syz.1.1163' launched './file0' with NULL argv: empty string added
[  618.573564][T10413] veth0_macvtap: entered promiscuous mode
[  618.605745][T10413] veth1_macvtap: entered promiscuous mode
[  618.763601][T10413] batman_adv: batadv0: Interface activated: batadv_slave_0
[  619.008821][T10413] batman_adv: batadv0: Interface activated: batadv_slave_1
[  619.039295][T10413] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  619.082467][T10413] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  619.100578][T10413] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  619.147635][T10413] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  619.431475][T10613] tmpfs: Group quota block hardlimit too large.
[  619.636811][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  619.689989][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  619.719531][T10512] lo speed is unknown, defaulting to 1000
[  619.752540][   T53] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  619.801793][ T6052] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  619.826630][ T6052] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  620.115149][   T30] audit: type=1326 audit(1747699675.791:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  620.191107][   T30] audit: type=1326 audit(1747699675.791:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  620.310040][   T30] audit: type=1326 audit(1747699675.801:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  620.405123][   T30] audit: type=1326 audit(1747699675.801:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  620.499587][   T30] audit: type=1326 audit(1747699675.801:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  620.611084][   T30] audit: type=1326 audit(1747699675.801:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  620.656786][T10512] lo speed is unknown, defaulting to 1000
[  620.760695][   T30] audit: type=1326 audit(1747699675.801:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  620.860020][   T30] audit: type=1326 audit(1747699675.801:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  621.052103][   T30] audit: type=1326 audit(1747699675.801:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  621.074345][   T30] audit: type=1326 audit(1747699675.801:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  621.225199][T10625] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  623.656006][T10642] sg_write: data in/out 2387/14 bytes for SCSI command 0x8-- guessing data in;
[  623.656006][T10642]    program syz.4.1172 not setting count and/or reply_len properly
[  624.234646][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  624.395840][T10643] overlayfs: overlapping lowerdir path
[  626.169008][T10512] lo speed is unknown, defaulting to 1000
[  626.707573][T10669] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  626.724556][T10669] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  626.773064][T10669] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  626.796425][T10669] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  626.807034][T10669] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  626.858536][T10672] FAT-fs (nullb0): bogus number of reserved sectors
[  626.865295][T10672] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  627.418003][ T5921] libceph: connect (1)[c::]:6789 error -101
[  627.435275][ T5921] libceph: mon0 (1)[c::]:6789 connect error
[  627.524674][T10671] ceph: No mds server is up or the cluster is laggy
[  628.205472][   T55] Bluetooth: hci6: command 0x1003 tx timeout
[  628.211845][T10416] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  628.232598][T10667] lo speed is unknown, defaulting to 1000
[  629.013598][T10693] overlayfs: overlapping lowerdir path
[  629.481190][T10416] Bluetooth: hci7: command tx timeout
[  630.210517][ T5873] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  630.606216][   T30] kauditd_printk_skb: 62 callbacks suppressed
[  630.606234][   T30] audit: type=1326 audit(1747699686.291:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10701 comm="syz.5.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  630.640745][ T5873] usb 2-1: unable to get BOS descriptor or descriptor too short
[  630.692078][ T5873] usb 2-1: config 2 has an invalid interface number: 181 but max is 0
[  630.735166][ T5873] usb 2-1: config 2 has no interface number 0
[  630.755084][   T30] audit: type=1326 audit(1747699686.291:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10701 comm="syz.5.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  630.781930][   T30] audit: type=1326 audit(1747699686.291:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10701 comm="syz.5.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  630.803688][   T30] audit: type=1326 audit(1747699686.291:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10701 comm="syz.5.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  630.946853][T10707] netlink: 'syz.4.1188': attribute type 1 has an invalid length.
[  631.033219][T10707] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  631.261440][T10707] netlink: 'syz.4.1188': attribute type 1 has an invalid length.
[  631.421395][ T5873] usb 2-1: config 2 interface 181 altsetting 9 endpoint 0xD has an invalid bInterval 173, changing to 11
[  631.436081][ T5873] usb 2-1: config 2 interface 181 has no altsetting 0
[  631.443079][T10706] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1188'.
[  631.456364][ T5873] usb 2-1: New USB device found, idVendor=06f8, idProduct=0001, bcdDevice=65.85
[  631.470503][ T5873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  631.478550][ T5873] usb 2-1: Product: syz
[  631.517350][T10708] bond1: (slave gretap1): making interface the new active one
[  631.531094][T10708] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  631.560182][T10416] Bluetooth: hci7: command tx timeout
[  631.562170][T10708] syz.4.1188 (10708) used greatest stack depth: 19040 bytes left
[  631.570166][ T5873] usb 2-1: Manufacturer: syz
[  631.578293][ T5873] usb 2-1: SerialNumber: syz
[  631.690071][   T30] audit: type=1326 audit(1747699686.291:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10701 comm="syz.5.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  631.718415][T10512] lo speed is unknown, defaulting to 1000
[  631.737001][   T30] audit: type=1326 audit(1747699686.321:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10701 comm="syz.5.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  631.919660][   T30] audit: type=1326 audit(1747699686.321:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10701 comm="syz.5.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  632.008433][   T30] audit: type=1326 audit(1747699686.321:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10701 comm="syz.5.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  632.068905][   T30] audit: type=1326 audit(1747699686.341:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10701 comm="syz.5.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  632.091052][   T30] audit: type=1326 audit(1747699686.341:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10701 comm="syz.5.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e9d8e969 code=0x7ffc0000
[  632.669156][  T975] hid-generic C990:0003:0000.0008: unknown main item tag 0x0
[  632.679090][  T975] hid-generic C990:0003:0000.0008: unknown main item tag 0x0
[  632.981543][  T975] hid-generic C990:0003:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  633.113694][ T5873] usb 2-1: USB disconnect, device number 16
[  634.200202][T10416] Bluetooth: hci7: command tx timeout
[  634.377959][T10725] fido_id[10725]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  634.594538][T10735] block device autoloading is deprecated and will be removed.
[  634.729796][T10416] Bluetooth: hci5: unknown advertising packet type: 0x7f
[  634.729861][T10416] Bluetooth: hci5: Dropping invalid advertising data
[  634.747062][T10416] Bluetooth: hci5: Dropping invalid advertising data
[  634.755158][T10416] Bluetooth: hci5: Malformed LE Event: 0x02
[  634.764552][T10735] syz.5.1195: attempt to access beyond end of device
[  634.764552][T10735] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  634.777031][T10736] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1195'.
[  635.286912][T10667] chnl_net:caif_netlink_parms(): no params data found
[  635.303869][T10740] netlink: 'syz.4.1197': attribute type 3 has an invalid length.
[  635.311901][T10740] netlink: 236 bytes leftover after parsing attributes in process `syz.4.1197'.
[  635.810082][T10749] FAT-fs (nullb0): bogus number of reserved sectors
[  635.816960][T10749] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  635.910456][T10335] libceph: connect (1)[c::]:6789 error -101
[  636.195957][T10748] ceph: No mds server is up or the cluster is laggy
[  636.222155][T10335] libceph: mon0 (1)[c::]:6789 connect error
[  636.280220][T10416] Bluetooth: hci7: command tx timeout
[  636.730441][T10667] bridge0: port 1(bridge_slave_0) entered blocking state
[  636.778250][T10667] bridge0: port 1(bridge_slave_0) entered disabled state
[  636.808772][T10667] bridge_slave_0: entered allmulticast mode
[  636.812842][T10760] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  636.854150][T10667] bridge_slave_0: entered promiscuous mode
[  636.885546][T10667] bridge0: port 2(bridge_slave_1) entered blocking state
[  636.930279][T10667] bridge0: port 2(bridge_slave_1) entered disabled state
[  636.971026][T10667] bridge_slave_1: entered allmulticast mode
[  636.978868][T10667] bridge_slave_1: entered promiscuous mode
[  637.110717][ T5866] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  637.262527][T10667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  637.282562][ T5866] usb 3-1: Using ep0 maxpacket: 8
[  637.304793][T10667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  637.306426][ T5866] usb 3-1: config 0 has an invalid interface number: 239 but max is 0
[  637.359431][ T5866] usb 3-1: config 0 has no interface number 0
[  637.359486][ T5866] usb 3-1: config 0 interface 239 altsetting 0 has an endpoint descriptor with address 0x64, changing to 0x4
[  637.359515][ T5866] usb 3-1: config 0 interface 239 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 8
[  637.363760][ T5866] usb 3-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=99.1a
[  637.363788][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.363808][ T5866] usb 3-1: Product: syz
[  637.363821][ T5866] usb 3-1: Manufacturer: syz
[  637.363842][ T5866] usb 3-1: SerialNumber: syz
[  637.367358][ T5866] usb 3-1: config 0 descriptor??
[  637.370062][T10764] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  637.495510][T10667] team0: Port device team_slave_0 added
[  637.530238][T10667] team0: Port device team_slave_1 added
[  637.591934][T10760] PM: Enabling pm_trace changes system date and time during resume.
[  637.591934][T10760] PM: Correct system time has to be restored manually after resume.
[  637.744238][ T5866] ath6kl: Failed to submit usb control message: -71
[  637.863154][T10667] batman_adv: batadv0: Adding interface: batadv_slave_0
[  637.863173][T10667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  637.863217][T10667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  637.863393][ T5866] ath6kl: unable to send the bmi data to the device: -71
[  637.863414][ T5866] ath6kl: Unable to send get target info: -71
[  637.865034][T10667] batman_adv: batadv0: Adding interface: batadv_slave_1
[  637.865050][T10667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  637.865100][T10667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  637.882153][ T5866] ath6kl: Failed to init ath6kl core: -71
[  637.896386][ T5866] ath6kl_usb 3-1:0.239: probe with driver ath6kl_usb failed with error -71
[  637.921140][ T5866] usb 3-1: USB disconnect, device number 16
[  638.402973][T10667] hsr_slave_0: entered promiscuous mode
[  639.165983][T10667] hsr_slave_1: entered promiscuous mode
[  639.173486][T10667] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  639.181541][T10667] Cannot create hsr debugfs directory
[  639.299331][T10787] FAULT_INJECTION: forcing a failure.
[  639.299331][T10787] name failslab, interval 1, probability 0, space 0, times 0
[  639.346067][T10787] CPU: 0 UID: 0 PID: 10787 Comm: syz.2.1209 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  639.346099][T10787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  639.346111][T10787] Call Trace:
[  639.346120][T10787]  <TASK>
[  639.346129][T10787]  dump_stack_lvl+0x189/0x250
[  639.346165][T10787]  ? __pfx_dump_stack_lvl+0x10/0x10
[  639.346193][T10787]  ? __pfx__printk+0x10/0x10
[  639.346230][T10787]  ? __pfx___might_resched+0x10/0x10
[  639.346266][T10787]  should_fail_ex+0x414/0x560
[  639.346294][T10787]  should_failslab+0xa8/0x100
[  639.346315][T10787]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  639.346347][T10787]  ? __alloc_skb+0x112/0x2d0
[  639.346377][T10787]  __alloc_skb+0x112/0x2d0
[  639.346407][T10787]  netlink_sendmsg+0x5c6/0xb30
[  639.346430][T10787]  ? is_bpf_text_address+0x26/0x2b0
[  639.346479][T10787]  ? __pfx_netlink_sendmsg+0x10/0x10
[  639.346511][T10787]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  639.346532][T10787]  ? __pfx_netlink_sendmsg+0x10/0x10
[  639.346556][T10787]  __sock_sendmsg+0x219/0x270
[  639.346580][T10787]  ____sys_sendmsg+0x505/0x830
[  639.346612][T10787]  ? __pfx_____sys_sendmsg+0x10/0x10
[  639.346648][T10787]  ? import_iovec+0x74/0xa0
[  639.346679][T10787]  ___sys_sendmsg+0x21f/0x2a0
[  639.346707][T10787]  ? __pfx____sys_sendmsg+0x10/0x10
[  639.346800][T10787]  ? __fget_files+0x2a/0x420
[  639.346819][T10787]  ? __fget_files+0x3a0/0x420
[  639.346848][T10787]  __x64_sys_sendmsg+0x19b/0x260
[  639.346879][T10787]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  639.346925][T10787]  ? do_syscall_64+0xba/0x210
[  639.346962][T10787]  do_syscall_64+0xf6/0x210
[  639.346990][T10787]  ? clear_bhb_loop+0x60/0xb0
[  639.347015][T10787]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.347034][T10787] RIP: 0033:0x7fa4cd58e969
[  639.347053][T10787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  639.347071][T10787] RSP: 002b:00007fa4ce3d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  639.347093][T10787] RAX: ffffffffffffffda RBX: 00007fa4cd7b6080 RCX: 00007fa4cd58e969
[  639.347107][T10787] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 000000000000000d
[  639.347120][T10787] RBP: 00007fa4ce3d1090 R08: 0000000000000000 R09: 0000000000000000
[  639.347132][T10787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  639.347145][T10787] R13: 0000000000000000 R14: 00007fa4cd7b6080 R15: 00007ffd517a77d8
[  639.347176][T10787]  </TASK>
[  639.681924][  T993] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.914361][T10791] netlink: 'syz.5.1208': attribute type 1 has an invalid length.
[  639.947455][T10791] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  640.080607][T10791] netlink: 'syz.5.1208': attribute type 1 has an invalid length.
[  640.719812][T10795] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1208'.
[  641.171897][T10793] slcan: can't register candev
[  641.178136][T10793] Falling back ldisc for pty22.
[  641.714477][  T993] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  642.038995][  T993] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  644.884998][ T5933] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  644.896823][  T993] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  644.917875][T10831] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1220'.
[  645.060087][ T5933] usb 3-1: device descriptor read/64, error -71
[  645.282096][T10835] program syz.5.1222 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  645.617055][T10840] FAT-fs (nullb0): bogus number of reserved sectors
[  645.623805][T10840] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  646.007056][T10838] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  646.171451][ T5933] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  646.668758][T10667] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  646.760569][T10667] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  646.780569][T10852] FAULT_INJECTION: forcing a failure.
[  646.780569][T10852] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  646.820051][T10852] CPU: 0 UID: 0 PID: 10852 Comm: syz.4.1226 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  646.820087][T10852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  646.820105][T10852] Call Trace:
[  646.820117][T10852]  <TASK>
[  646.820128][T10852]  dump_stack_lvl+0x189/0x250
[  646.820168][T10852]  ? __lock_acquire+0xaac/0xd20
[  646.820205][T10852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  646.820233][T10852]  ? __pfx__printk+0x10/0x10
[  646.820262][T10852]  ? __might_fault+0xb0/0x130
[  646.820302][T10852]  should_fail_ex+0x414/0x560
[  646.820327][T10852]  _copy_from_iter+0x1db/0x15a0
[  646.820359][T10852]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  646.820384][T10852]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  646.820413][T10852]  ? __pfx__copy_from_iter+0x10/0x10
[  646.820439][T10852]  ? __build_skb_around+0x257/0x3e0
[  646.820475][T10852]  ? netlink_sendmsg+0x642/0xb30
[  646.820496][T10852]  ? skb_put+0x11b/0x210
[  646.820524][T10852]  netlink_sendmsg+0x6b2/0xb30
[  646.820545][T10852]  ? is_bpf_text_address+0x26/0x2b0
[  646.820580][T10852]  ? __pfx_netlink_sendmsg+0x10/0x10
[  646.820611][T10852]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  646.820631][T10852]  ? __pfx_netlink_sendmsg+0x10/0x10
[  646.820655][T10852]  __sock_sendmsg+0x219/0x270
[  646.820677][T10852]  ____sys_sendmsg+0x505/0x830
[  646.820709][T10852]  ? __pfx_____sys_sendmsg+0x10/0x10
[  646.820745][T10852]  ? import_iovec+0x74/0xa0
[  646.820775][T10852]  ___sys_sendmsg+0x21f/0x2a0
[  646.820804][T10852]  ? __pfx____sys_sendmsg+0x10/0x10
[  646.820867][T10852]  ? __fget_files+0x2a/0x420
[  646.820884][T10852]  ? __fget_files+0x3a0/0x420
[  646.820908][T10852]  __x64_sys_sendmsg+0x19b/0x260
[  646.820937][T10852]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  646.820981][T10852]  ? do_syscall_64+0xba/0x210
[  646.821010][T10852]  do_syscall_64+0xf6/0x210
[  646.821036][T10852]  ? clear_bhb_loop+0x60/0xb0
[  646.821060][T10852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.821078][T10852] RIP: 0033:0x7fb7e8f8e969
[  646.821095][T10852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  646.821112][T10852] RSP: 002b:00007fb7e9d72038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  646.821133][T10852] RAX: ffffffffffffffda RBX: 00007fb7e91b5fa0 RCX: 00007fb7e8f8e969
[  646.821147][T10852] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  646.821160][T10852] RBP: 00007fb7e9d72090 R08: 0000000000000000 R09: 0000000000000000
[  646.821172][T10852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  646.821183][T10852] R13: 0000000000000000 R14: 00007fb7e91b5fa0 R15: 00007fffc1a17be8
[  646.821212][T10852]  </TASK>
[  646.823670][T10667] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  647.931553][T10865] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  648.197422][T10667] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  648.497733][  T993] bridge_slave_1: left allmulticast mode
[  648.504698][  T993] bridge_slave_1: left promiscuous mode
[  648.540144][  T993] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.631136][  T993] bridge_slave_0: left allmulticast mode
[  648.636868][  T993] bridge_slave_0: left promiscuous mode
[  648.731198][  T993] bridge0: port 1(bridge_slave_0) entered disabled state
[  648.887395][T10880] FAULT_INJECTION: forcing a failure.
[  648.887395][T10880] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.900671][T10880] CPU: 1 UID: 0 PID: 10880 Comm: syz.4.1232 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  648.900697][T10880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  648.900711][T10880] Call Trace:
[  648.900719][T10880]  <TASK>
[  648.900727][T10880]  dump_stack_lvl+0x189/0x250
[  648.900758][T10880]  ? __lock_acquire+0xaac/0xd20
[  648.900789][T10880]  ? __pfx_dump_stack_lvl+0x10/0x10
[  648.900816][T10880]  ? __pfx__printk+0x10/0x10
[  648.900847][T10880]  ? __might_fault+0xb0/0x130
[  648.900890][T10880]  should_fail_ex+0x414/0x560
[  648.900917][T10880]  _copy_from_iter+0x1db/0x15a0
[  648.900951][T10880]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  648.900979][T10880]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  648.901024][T10880]  ? __pfx__copy_from_iter+0x10/0x10
[  648.901050][T10880]  ? __build_skb_around+0x257/0x3e0
[  648.901078][T10880]  ? netlink_sendmsg+0x642/0xb30
[  648.901107][T10880]  ? skb_put+0x11b/0x210
[  648.901136][T10880]  netlink_sendmsg+0x6b2/0xb30
[  648.901187][T10880]  ? __pfx_netlink_sendmsg+0x10/0x10
[  648.901214][T10880]  ? trace_irq_disable+0x37/0x110
[  648.901240][T10880]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  648.901262][T10880]  ? __pfx_netlink_sendmsg+0x10/0x10
[  648.901287][T10880]  __sock_sendmsg+0x219/0x270
[  648.901311][T10880]  ____sys_sendmsg+0x505/0x830
[  648.901344][T10880]  ? __pfx_____sys_sendmsg+0x10/0x10
[  648.901382][T10880]  ? import_iovec+0x74/0xa0
[  648.901415][T10880]  ___sys_sendmsg+0x21f/0x2a0
[  648.901445][T10880]  ? __pfx____sys_sendmsg+0x10/0x10
[  648.901510][T10880]  ? __fget_files+0x2a/0x420
[  648.901528][T10880]  ? __fget_files+0x3a0/0x420
[  648.901559][T10880]  __x64_sys_sendmsg+0x19b/0x260
[  648.901590][T10880]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  648.901636][T10880]  ? do_syscall_64+0xba/0x210
[  648.901667][T10880]  do_syscall_64+0xf6/0x210
[  648.901693][T10880]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  648.901714][T10880]  ? clear_bhb_loop+0x60/0xb0
[  648.901739][T10880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.901759][T10880] RIP: 0033:0x7fb7e8f8e969
[  648.901776][T10880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  648.901795][T10880] RSP: 002b:00007fb7e9d30038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  648.901816][T10880] RAX: ffffffffffffffda RBX: 00007fb7e91b6160 RCX: 00007fb7e8f8e969
[  648.901836][T10880] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  648.901849][T10880] RBP: 00007fb7e9d30090 R08: 0000000000000000 R09: 0000000000000000
[  648.901862][T10880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  648.901874][T10880] R13: 0000000000000001 R14: 00007fb7e91b6160 R15: 00007fffc1a17be8
[  648.901905][T10880]  </TASK>
[  650.201850][T10895] input: syz0 as /devices/virtual/input/input52
[  650.294145][T10896] tmpfs: Group quota block hardlimit too large.
[  650.922423][ T6052] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  651.190568][ T5873] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  651.340814][ T5873] usb 6-1: device descriptor read/64, error -71
[  651.580100][ T5873] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  651.780098][ T5873] usb 6-1: device descriptor read/64, error -71
[  651.906147][ T5873] usb usb6-port1: attempt power cycle
[  651.993293][  T993] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  652.380129][ T5873] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  652.468939][T10910] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1236'.
[  652.765091][  T993] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  652.808878][  T993] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  652.853566][  T993] bond0 (unregistering): Released all slaves
[  653.204356][ T5873] usb 6-1: device descriptor read/8, error -71
[  653.410608][T10919] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1240'.
[  654.437493][T10919] bond1: entered allmulticast mode
[  654.485255][T10919] 8021q: adding VLAN 0 to HW filter on device bond1
[  654.531170][T10920] hsr0: entered promiscuous mode
[  654.579238][T10920] hsr0: entered allmulticast mode
[  654.656406][T10920] hsr_slave_0: entered allmulticast mode
[  654.678525][T10920] hsr_slave_1: entered allmulticast mode
[  654.735130][T10920] bond1: (slave hsr0): The slave device specified does not support setting the MAC address
[  654.790826][T10920] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  654.896132][T10920] bond1: (slave hsr0): Error -22 calling dev_set_mtu
[  655.831979][T10940] loop9: detected capacity change from 0 to 8
[  655.866137][T10940] Dev loop9: unable to read RDB block 8
[  655.875380][T10940]  loop9: unable to read partition table
[  655.898521][T10940] loop9: partition table beyond EOD, truncated
[  655.905389][T10940] loop_reread_partitions: partition scan of loop9 (þ被xüÿÿÿÿÿÿÿ ) failed (rc=-5)
[  657.409268][T10927] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1241'.
[  657.484517][T10927] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1241'.
[  657.816261][T10667] 8021q: adding VLAN 0 to HW filter on device bond0
[  658.291493][T10667] 8021q: adding VLAN 0 to HW filter on device team0
[  658.325533][ T8169] bridge0: port 1(bridge_slave_0) entered blocking state
[  658.332761][ T8169] bridge0: port 1(bridge_slave_0) entered forwarding state
[  658.351869][T10966] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1249'.
[  658.380170][T10335] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  658.423632][T10971] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1250'.
[  658.438789][ T6388] bridge0: port 2(bridge_slave_1) entered blocking state
[  658.445994][ T6388] bridge0: port 2(bridge_slave_1) entered forwarding state
[  658.563433][T10335] usb 6-1: device descriptor read/64, error -71
[  658.789365][  T993] hsr_slave_0: left promiscuous mode
[  658.903638][  T993] hsr_slave_1: left promiscuous mode
[  658.909780][  T993] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  658.927300][T10978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1253'.
[  658.965176][  T993] batman_adv: batadv0: Removing interface: batadv_slave_0
[  658.996907][  T993] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  659.017043][T10335] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  659.058528][  T993] batman_adv: batadv0: Removing interface: batadv_slave_1
[  659.780048][T10335] usb 6-1: device descriptor read/64, error -71
[  659.845800][  T993] veth1_macvtap: left promiscuous mode
[  659.851592][  T993] veth0_macvtap: left promiscuous mode
[  659.857291][  T993] veth1_vlan: left promiscuous mode
[  659.910028][T10335] usb usb6-port1: attempt power cycle
[  659.940106][  T993] veth0_vlan: left promiscuous mode
[  660.490088][T10335] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  660.521121][T10989] FAULT_INJECTION: forcing a failure.
[  660.521121][T10989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  660.590735][T10989] CPU: 0 UID: 0 PID: 10989 Comm: syz.5.1255 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  660.590763][T10989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  660.590775][T10989] Call Trace:
[  660.590783][T10989]  <TASK>
[  660.590792][T10989]  dump_stack_lvl+0x189/0x250
[  660.590826][T10989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  660.590871][T10989]  ? __pfx__printk+0x10/0x10
[  660.590916][T10989]  should_fail_ex+0x414/0x560
[  660.590942][T10989]  _copy_to_user+0x31/0xb0
[  660.590973][T10989]  simple_read_from_buffer+0xe1/0x170
[  660.591009][T10989]  proc_fail_nth_read+0x1df/0x250
[  660.591045][T10989]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  660.591069][T10989]  ? rw_verify_area+0x258/0x650
[  660.591095][T10989]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  660.591116][T10989]  vfs_read+0x200/0x980
[  660.591148][T10989]  ? __pfx___mutex_lock+0x10/0x10
[  660.591175][T10989]  ? __pfx_vfs_read+0x10/0x10
[  660.591202][T10989]  ? __fget_files+0x2a/0x420
[  660.591224][T10989]  ? __fget_files+0x3a0/0x420
[  660.591241][T10989]  ? __fget_files+0x2a/0x420
[  660.591268][T10989]  ksys_read+0x145/0x250
[  660.591297][T10989]  ? __pfx_ksys_read+0x10/0x10
[  660.591334][T10989]  ? do_syscall_64+0xba/0x210
[  660.591364][T10989]  do_syscall_64+0xf6/0x210
[  660.591390][T10989]  ? clear_bhb_loop+0x60/0xb0
[  660.591414][T10989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.591432][T10989] RIP: 0033:0x7f92e9d8d37c
[  660.591449][T10989] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  660.591466][T10989] RSP: 002b:00007f92eac62030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  660.591486][T10989] RAX: ffffffffffffffda RBX: 00007f92e9fb5fa0 RCX: 00007f92e9d8d37c
[  660.591500][T10989] RDX: 000000000000000f RSI: 00007f92eac620a0 RDI: 0000000000000003
[  660.591512][T10989] RBP: 00007f92eac62090 R08: 0000000000000000 R09: 0000000000000000
[  660.591524][T10989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  660.591536][T10989] R13: 0000000000000001 R14: 00007f92e9fb5fa0 R15: 00007fffe2bd5558
[  660.591566][T10989]  </TASK>
[  661.094973][T10335] usb 6-1: device not accepting address 8, error -71
[  662.073157][   T30] kauditd_printk_skb: 63 callbacks suppressed
[  662.073175][   T30] audit: type=1326 audit(1747699717.761:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11001 comm="syz.1.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdf78e969 code=0x7ffc0000
[  662.111281][T11002] FAULT_INJECTION: forcing a failure.
[  662.111281][T11002] name failslab, interval 1, probability 0, space 0, times 0
[  662.134466][T11002] CPU: 1 UID: 0 PID: 11002 Comm: syz.1.1260 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  662.134493][T11002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  662.134506][T11002] Call Trace:
[  662.134514][T11002]  <TASK>
[  662.134523][T11002]  dump_stack_lvl+0x189/0x250
[  662.134557][T11002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  662.134584][T11002]  ? __pfx__printk+0x10/0x10
[  662.134620][T11002]  ? __pfx___might_resched+0x10/0x10
[  662.134648][T11002]  ? fs_reclaim_acquire+0x7d/0x100
[  662.134674][T11002]  should_fail_ex+0x414/0x560
[  662.134700][T11002]  should_failslab+0xa8/0x100
[  662.134720][T11002]  __kmalloc_cache_noprof+0x70/0x3d0
[  662.134749][T11002]  ? audit_log_d_path+0xb5/0x190
[  662.134772][T11002]  audit_log_d_path+0xb5/0x190
[  662.134792][T11002]  audit_log_d_path_exe+0x42/0x70
[  662.134812][T11002]  audit_log_task+0x2b3/0x3c0
[  662.134843][T11002]  ? __pfx_audit_log_task+0x10/0x10
[  662.134874][T11002]  ? __pfx_migrate_enable+0x10/0x10
[  662.134899][T11002]  audit_seccomp+0x86/0x190
[  662.134932][T11002]  __seccomp_filter+0x9aa/0x1a40
[  662.134969][T11002]  ? ksys_write+0x1cb/0x250
[  662.134997][T11002]  ? __pfx___seccomp_filter+0x10/0x10
[  662.135025][T11002]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  662.135051][T11002]  ? __pfx_vfs_write+0x10/0x10
[  662.135081][T11002]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  662.135111][T11002]  ? __fget_files+0x3a0/0x420
[  662.135139][T11002]  ? ksys_write+0x1f0/0x250
[  662.135164][T11002]  ? rcu_is_watching+0x15/0xb0
[  662.135195][T11002]  ? __secure_computing+0xe2/0x2a0
[  662.135232][T11002]  syscall_trace_enter+0xaa/0x160
[  662.135260][T11002]  do_syscall_64+0xcf/0x210
[  662.135286][T11002]  ? clear_bhb_loop+0x60/0xb0
[  662.135338][T11002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.135357][T11002] RIP: 0033:0x7effdf78e969
[  662.135375][T11002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  662.135392][T11002] RSP: 002b:00007effe058a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ee
[  662.135413][T11002] RAX: ffffffffffffffda RBX: 00007effdf9b5fa0 RCX: 00007effdf78e969
[  662.135428][T11002] RDX: 0000000000000f6d RSI: 0000000000000000 RDI: 0000000000000002
[  662.135440][T11002] RBP: 00007effe058a090 R08: 0000000000000000 R09: 0000000000000000
[  662.135453][T11002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  662.135464][T11002] R13: 0000000000000000 R14: 00007effdf9b5fa0 R15: 00007ffc6293ae08
[  662.135496][T11002]  </TASK>
[  662.399818][   T30] audit: type=1326 audit(1747699717.801:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11001 comm="syz.1.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdf78e969 code=0x7ffc0000
[  662.422167][   T30] audit: type=1326 audit(1747699717.801:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11001 comm="syz.1.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7effdf78d2d0 code=0x7ffc0000
[  662.444239][   T30] audit: type=1326 audit(1747699717.801:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11001 comm="syz.1.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7effdf78d41f code=0x7ffc0000
[  662.468271][   T30] audit: type=1326 audit(1747699717.801:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11001 comm="syz.1.1260" exe="<no_memory>" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7effdf78e969 code=0x7ffc0000
[  662.688501][   T30] audit: type=1326 audit(1747699717.821:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11001 comm="syz.1.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7effdf78d37c code=0x7ffc0000
[  662.731209][T11004] random: crng reseeded on system resumption
[  662.767462][   T30] audit: type=1326 audit(1747699717.821:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11001 comm="syz.1.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7effdf78d41f code=0x7ffc0000
[  662.830192][   T30] audit: type=1326 audit(1747699717.821:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11001 comm="syz.1.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7effdf78d5ca code=0x7ffc0000
[  662.890072][   T30] audit: type=1326 audit(1747699717.821:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11001 comm="syz.1.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdf78e969 code=0x7ffc0000
[  664.064044][  T993] team0 (unregistering): Port device team_slave_1 removed
[  664.139644][  T993] team0 (unregistering): Port device team_slave_0 removed
[  665.272713][ T8967] smc: removing ib device syz0
[  665.365195][ T5933] lo speed is unknown, defaulting to 1000
[  665.371926][ T5933] syz0: Port: 1 Link DOWN
[  665.515004][T11014] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1263'.
[  666.213758][T11021] FAT-fs (nullb0): bogus number of reserved sectors
[  666.220539][T11021] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  666.567286][T11023] netlink: 'syz.4.1264': attribute type 1 has an invalid length.
[  666.579154][T11023] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  666.591971][T11023] netlink: 'syz.4.1264': attribute type 1 has an invalid length.
[  666.614751][T11020] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  667.076022][T11027] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1264'.
[  667.580328][T11032] IPVS: length: 24 != 12312
[  667.608367][T10667] 8021q: adding VLAN 0 to HW filter on device batadv0
[  667.996463][  T975] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  668.012981][T11040] netlink: 'syz.4.1267': attribute type 3 has an invalid length.
[  668.020984][T11040] netlink: 236 bytes leftover after parsing attributes in process `syz.4.1267'.
[  668.207281][   T30] audit: type=1804 audit(1747699723.721:933): pid=11040 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.1267" name="/newroot/266/file0/file0" dev="ramfs" ino=30618 res=1 errno=0
[  669.040541][  T975] usb 2-1: Using ep0 maxpacket: 8
[  669.065253][  T975] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  669.115851][  T975] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  669.212188][  T975] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  669.260115][  T975] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  669.300159][  T975] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  669.385309][  T975] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  669.470326][  T975] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.687978][T11054] xt_TPROXY: Can be used only with -p tcp or -p udp
[  671.234913][T11060] loop8: detected capacity change from 0 to 1
[  671.242393][T11060] Dev loop8: unable to read RDB block 1
[  671.248116][T11060]  loop8: unable to read partition table
[  671.254124][T11060] loop8: partition table beyond EOD, truncated
[  671.261681][T11060] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  671.298446][T11062] adf_ctl_ioctl: 15 callbacks suppressed
[  671.298467][T11062] QAT: Invalid ioctl 1075883590
[  671.309739][T11062] QAT: Invalid ioctl 1075883590
[  671.314831][T11062] QAT: Invalid ioctl 1075883590
[  671.319754][T11062] QAT: Invalid ioctl 1075883590
[  671.325160][T11062] QAT: Invalid ioctl 1075883590
[  671.330325][T11062] QAT: Invalid ioctl 1075883590
[  671.335294][T11062] QAT: Invalid ioctl 1075883590
[  671.340324][T11062] QAT: Invalid ioctl 1075883590
[  671.345242][T11062] QAT: Invalid ioctl 1075883590
[  671.350392][T11062] QAT: Invalid ioctl 1075883590
[  671.377415][  T975] usb 2-1: can't set config #16, error -71
[  671.646324][  T975] usb 2-1: USB disconnect, device number 17
[  671.841213][T11071] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1274'.
[  673.089425][T11083] 9pnet_virtio: no channels available for device 127.0.0.1
[  673.349110][T11084] loop6: detected capacity change from 0 to 524287999
[  674.111884][T11069] bond2 (unregistering): Released all slaves
[  674.420290][T11086] netlink: 'syz.4.1277': attribute type 3 has an invalid length.
[  674.428387][T11086] netlink: 236 bytes leftover after parsing attributes in process `syz.4.1277'.
[  674.447477][   T30] audit: type=1804 audit(1747699730.131:934): pid=11086 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.1277" name="/newroot/270/file0/file0" dev="ramfs" ino=30936 res=1 errno=0
[  675.674532][T10667] veth0_vlan: entered promiscuous mode
[  675.864779][T10667] veth1_vlan: entered promiscuous mode
[  676.697718][T10667] veth0_macvtap: entered promiscuous mode
[  676.820137][T11121] overlayfs: overlapping lowerdir path
[  677.369282][T10667] veth1_macvtap: entered promiscuous mode
[  677.985302][T11122] netlink: 'syz.4.1282': attribute type 3 has an invalid length.
[  678.014944][T10667] batman_adv: batadv0: Interface activated: batadv_slave_0
[  678.035402][T11122] netlink: 236 bytes leftover after parsing attributes in process `syz.4.1282'.
[  678.113177][T10667] batman_adv: batadv0: Interface activated: batadv_slave_1
[  678.368674][T11127] netlink: 'syz.1.1284': attribute type 1 has an invalid length.
[  678.399655][T11127] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  678.518619][T11127] netlink: 'syz.1.1284': attribute type 1 has an invalid length.
[  679.010882][T11127] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  679.112495][T11132] adf_ctl_ioctl: 15 callbacks suppressed
[  679.112509][T11132] QAT: Invalid ioctl 1075883590
[  679.134458][T11132] QAT: Invalid ioctl 1075883590
[  679.139360][T11132] QAT: Invalid ioctl 1075883590
[  679.145179][T11132] QAT: Invalid ioctl 1075883590
[  679.150239][T11132] QAT: Invalid ioctl 1075883590
[  679.155155][T11132] QAT: Invalid ioctl 1075883590
[  679.160249][T11132] QAT: Invalid ioctl 1075883590
[  679.165171][T11132] QAT: Invalid ioctl 1075883590
[  679.170134][T11132] QAT: Invalid ioctl 1075883590
[  679.175037][T11132] QAT: Invalid ioctl 1075883590
[  679.192905][T10667] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  679.255715][T10667] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  679.291082][T10667] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  679.299846][T10667] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  680.587679][ T3481] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  680.854665][   T30] audit: type=1804 audit(1747699736.521:935): pid=11145 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.1288" name="/newroot/287/file0/file0" dev="ramfs" ino=31846 res=1 errno=0
[  681.140036][ T3481] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  681.410070][T11143] netlink: 'syz.1.1288': attribute type 3 has an invalid length.
[  681.480040][T11143] netlink: 236 bytes leftover after parsing attributes in process `syz.1.1288'.
[  682.740729][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  685.654802][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  686.860580][T11194] openvswitch: netlink: Actions may not be safe on all matching packets
[  687.704418][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  687.723228][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  687.736648][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  687.784128][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  687.801665][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  687.807180][T11204] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1299'.
[  688.391218][T11216] input: syz1 as /devices/virtual/input/input53
[  689.150914][T11204] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1299'.
[  689.444642][   T12] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.104958][   T55] Bluetooth: hci0: command tx timeout
[  691.734622][T11226] loop8: detected capacity change from 0 to 1
[  691.919635][T11226] Dev loop8: unable to read RDB block 1
[  691.925380][T11226]  loop8: unable to read partition table
[  691.931329][T11226] loop8: partition table beyond EOD, truncated
[  691.937571][T11226] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  692.254754][   T12] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  692.840046][   T55] Bluetooth: hci0: command tx timeout
[  692.849358][   T12] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.377762][T11247] Can't find a SQUASHFS superblock on nullb0
[  694.903471][   T12] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.930067][T10416] Bluetooth: hci0: command tx timeout
[  695.215910][T11240] openvswitch: netlink: Actions may not be safe on all matching packets
[  695.640236][   T55] Bluetooth: hci6: Entering manufacturer mode failed (-110)
[  697.046084][   T55] Bluetooth: hci0: command tx timeout
[  697.708681][   T12] bridge_slave_1: left allmulticast mode
[  697.738856][   T12] bridge_slave_1: left promiscuous mode
[  697.759283][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  697.811409][T11280] FAULT_INJECTION: forcing a failure.
[  697.811409][T11280] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  697.824543][T11280] CPU: 1 UID: 0 PID: 11280 Comm: syz.4.1319 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  697.824567][T11280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  697.824580][T11280] Call Trace:
[  697.824588][T11280]  <TASK>
[  697.824596][T11280]  dump_stack_lvl+0x189/0x250
[  697.824631][T11280]  ? __pfx_dump_stack_lvl+0x10/0x10
[  697.824658][T11280]  ? __pfx__printk+0x10/0x10
[  697.824701][T11280]  should_fail_ex+0x414/0x560
[  697.824728][T11280]  _copy_to_user+0x31/0xb0
[  697.824758][T11280]  simple_read_from_buffer+0xe1/0x170
[  697.824793][T11280]  proc_fail_nth_read+0x1df/0x250
[  697.824818][T11280]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  697.824842][T11280]  ? rw_verify_area+0x258/0x650
[  697.824869][T11280]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  697.824891][T11280]  vfs_read+0x200/0x980
[  697.824924][T11280]  ? __pfx___mutex_lock+0x10/0x10
[  697.824958][T11280]  ? __pfx_vfs_read+0x10/0x10
[  697.824986][T11280]  ? __fget_files+0x2a/0x420
[  697.825009][T11280]  ? __fget_files+0x3a0/0x420
[  697.825026][T11280]  ? __fget_files+0x2a/0x420
[  697.825054][T11280]  ksys_read+0x145/0x250
[  697.825084][T11280]  ? __pfx_ksys_read+0x10/0x10
[  697.825115][T11280]  ? do_syscall_64+0xba/0x210
[  697.825145][T11280]  do_syscall_64+0xf6/0x210
[  697.825171][T11280]  ? clear_bhb_loop+0x60/0xb0
[  697.825196][T11280]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.825215][T11280] RIP: 0033:0x7fb7e8f8d37c
[  697.825233][T11280] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  697.825250][T11280] RSP: 002b:00007fb7e9d30030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  697.825270][T11280] RAX: ffffffffffffffda RBX: 00007fb7e91b6160 RCX: 00007fb7e8f8d37c
[  697.825285][T11280] RDX: 000000000000000f RSI: 00007fb7e9d300a0 RDI: 0000000000000009
[  697.825297][T11280] RBP: 00007fb7e9d30090 R08: 0000000000000000 R09: 0000000000000000
[  697.825309][T11280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  697.825320][T11280] R13: 0000000000000000 R14: 00007fb7e91b6160 R15: 00007fffc1a17be8
[  697.825370][T11280]  </TASK>
[  698.215999][   T12] bridge_slave_0: left allmulticast mode
[  698.229953][   T12] bridge_slave_0: left promiscuous mode
[  698.240255][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  698.650039][T11289] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1321'.
[  699.658335][T11298] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  700.425752][T10335] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  700.891481][T10335] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  700.905428][T10335] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  700.915893][T10335] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.168194][T10335] usb 5-1: config 0 descriptor??
[  701.258977][T11304] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  702.491921][T10335] elan 0003:04F3:0755.0009: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0
[  703.409509][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  703.488243][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  703.535597][   T12] bond0 (unregistering): Released all slaves
[  703.761478][  T975] usb 5-1: reset full-speed USB device number 21 using dummy_hcd
[  705.402615][T11207] chnl_net:caif_netlink_parms(): no params data found
[  706.042104][T10335] usb 5-1: USB disconnect, device number 21
[  706.498244][T11324] fido_id[11324]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  707.535051][T11347] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1333'.
[  708.537292][T11353] FAULT_INJECTION: forcing a failure.
[  708.537292][T11353] name failslab, interval 1, probability 0, space 0, times 0
[  708.596806][T11353] CPU: 1 UID: 0 PID: 11353 Comm: syz.4.1334 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  708.596835][T11353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  708.596848][T11353] Call Trace:
[  708.596855][T11353]  <TASK>
[  708.596864][T11353]  dump_stack_lvl+0x189/0x250
[  708.596899][T11353]  ? __pfx_dump_stack_lvl+0x10/0x10
[  708.596924][T11353]  ? __pfx__printk+0x10/0x10
[  708.596958][T11353]  ? __pfx___might_resched+0x10/0x10
[  708.596993][T11353]  should_fail_ex+0x414/0x560
[  708.597018][T11353]  should_failslab+0xa8/0x100
[  708.597037][T11353]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  708.597068][T11353]  ? __alloc_skb+0x112/0x2d0
[  708.597097][T11353]  __alloc_skb+0x112/0x2d0
[  708.597126][T11353]  netlink_sendmsg+0x5c6/0xb30
[  708.597149][T11353]  ? is_bpf_text_address+0x26/0x2b0
[  708.597186][T11353]  ? __pfx_netlink_sendmsg+0x10/0x10
[  708.597219][T11353]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  708.597241][T11353]  ? __pfx_netlink_sendmsg+0x10/0x10
[  708.597266][T11353]  __sock_sendmsg+0x219/0x270
[  708.597290][T11353]  ____sys_sendmsg+0x505/0x830
[  708.597324][T11353]  ? __pfx_____sys_sendmsg+0x10/0x10
[  708.597362][T11353]  ? import_iovec+0x74/0xa0
[  708.597394][T11353]  ___sys_sendmsg+0x21f/0x2a0
[  708.597440][T11353]  ? __pfx____sys_sendmsg+0x10/0x10
[  708.597505][T11353]  ? __fget_files+0x2a/0x420
[  708.597523][T11353]  ? __fget_files+0x3a0/0x420
[  708.597553][T11353]  __x64_sys_sendmsg+0x19b/0x260
[  708.597584][T11353]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  708.597630][T11353]  ? do_syscall_64+0xba/0x210
[  708.597661][T11353]  do_syscall_64+0xf6/0x210
[  708.597687][T11353]  ? clear_bhb_loop+0x60/0xb0
[  708.597711][T11353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.597730][T11353] RIP: 0033:0x7fb7e8f8e969
[  708.597747][T11353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  708.597764][T11353] RSP: 002b:00007fb7e9d51038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  708.597785][T11353] RAX: ffffffffffffffda RBX: 00007fb7e91b6080 RCX: 00007fb7e8f8e969
[  708.597798][T11353] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006
[  708.597810][T11353] RBP: 00007fb7e9d51090 R08: 0000000000000000 R09: 0000000000000000
[  708.597822][T11353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  708.597845][T11353] R13: 0000000000000000 R14: 00007fb7e91b6080 R15: 00007fffc1a17be8
[  708.597879][T11353]  </TASK>
[  710.907160][T11378] random: crng reseeded on system resumption
[  711.522216][   T12] hsr_slave_0: left promiscuous mode
[  711.544286][   T12] hsr_slave_1: left promiscuous mode
[  711.583928][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  711.760088][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  712.264565][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  712.324679][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  712.411961][   T12] veth1_macvtap: left promiscuous mode
[  712.428069][   T12] veth0_macvtap: left promiscuous mode
[  712.444123][   T12] veth1_vlan: left promiscuous mode
[  712.464364][   T12] veth0_vlan: left promiscuous mode
[  712.840258][   T24] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  713.049994][   T24] usb 5-1: Using ep0 maxpacket: 16
[  713.090478][   T24] usb 5-1: config 0 has no interfaces?
[  713.096329][   T24] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40
[  713.140561][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.197614][   T24] usb 5-1: config 0 descriptor??
[  713.776879][T11407] /dev/nullb0: Can't open blockdev
[  714.212330][ T5910] libceph: connect (1)[c::]:6789 error -101
[  714.218457][ T5910] libceph: mon0 (1)[c::]:6789 connect error
[  714.227148][ T6388] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  714.322172][T11404] ceph: No mds server is up or the cluster is laggy
[  714.330641][ T5933] usb 5-1: USB disconnect, device number 22
[  714.664807][T10243] syz.3.1077: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  714.702277][T10243] CPU: 1 UID: 0 PID: 10243 Comm: syz.3.1077 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  714.702303][T10243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  714.702315][T10243] Call Trace:
[  714.702322][T10243]  <TASK>
[  714.702330][T10243]  dump_stack_lvl+0x189/0x250
[  714.702364][T10243]  ? __pfx_dump_stack_lvl+0x10/0x10
[  714.702388][T10243]  ? __pfx__printk+0x10/0x10
[  714.702416][T10243]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  714.702444][T10243]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  714.702473][T10243]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  714.702503][T10243]  warn_alloc+0x214/0x310
[  714.702528][T10243]  ? __pfx_warn_alloc+0x10/0x10
[  714.702555][T10243]  ? __get_vm_area_node+0x28f/0x300
[  714.702579][T10243]  __vmalloc_node_range_noprof+0x5f2/0x12c0
[  714.702599][T10243]  ? __asan_memset+0x22/0x50
[  714.702645][T10243]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  714.702661][T10243]  ? __kasan_kmalloc_large+0x1a/0xa0
[  714.702700][T10243]  ? rcu_is_watching+0x15/0xb0
[  714.702726][T10243]  ? relay_open_buf+0x217/0xd40
[  714.702739][T10243]  ? relay_open_buf+0x217/0xd40
[  714.702751][T10243]  __kvmalloc_node_noprof+0x3a0/0x5e0
[  714.702770][T10243]  ? relay_open_buf+0x217/0xd40
[  714.702782][T10243]  ? trace_kmalloc+0x1f/0xd0
[  714.702804][T10243]  ? relay_open_buf+0x17c/0xd40
[  714.702822][T10243]  relay_open_buf+0x217/0xd40
[  714.702847][T10243]  relay_open+0x427/0x920
[  714.702867][T10243]  do_blk_trace_setup+0x591/0x9d0
[  714.702896][T10243]  blk_trace_setup+0x116/0x1f0
[  714.702921][T10243]  ? __pfx_blk_trace_setup+0x10/0x10
[  714.702948][T10243]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  714.702974][T10243]  blk_trace_ioctl+0x181/0x430
[  714.702993][T10243]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  714.703020][T10243]  ? __pfx_blk_trace_ioctl+0x10/0x10
[  714.703040][T10243]  ? __pfx_smack_log+0x10/0x10
[  714.703064][T10243]  ? smk_access+0x14c/0x4e0
[  714.703093][T10243]  ? smk_tskacc+0x2fc/0x370
[  714.703121][T10243]  ? smack_file_ioctl+0x2a9/0x340
[  714.703140][T10243]  ? __pfx_smack_file_ioctl+0x10/0x10
[  714.703160][T10243]  blkdev_ioctl+0x416/0x6d0
[  714.703183][T10243]  ? __pfx_blkdev_ioctl+0x10/0x10
[  714.703200][T10243]  ? __fget_files+0x3a0/0x420
[  714.703214][T10243]  ? __fget_files+0x2a/0x420
[  714.703232][T10243]  ? bpf_lsm_file_ioctl+0x9/0x20
[  714.703252][T10243]  ? __pfx_blkdev_ioctl+0x10/0x10
[  714.703271][T10243]  __se_sys_ioctl+0xf9/0x170
[  714.703295][T10243]  do_syscall_64+0xf6/0x210
[  714.703318][T10243]  ? clear_bhb_loop+0x60/0xb0
[  714.703339][T10243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  714.703354][T10243] RIP: 0033:0x7fe26018e969
[  714.703370][T10243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  714.703384][T10243] RSP: 002b:00007fe2610ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  714.703402][T10243] RAX: ffffffffffffffda RBX: 00007fe2603b6080 RCX: 00007fe26018e969
[  714.703414][T10243] RDX: 0000200000000140 RSI: 00000000c0481273 RDI: 0000000000000008
[  714.703424][T10243] RBP: 00007fe260210ab1 R08: 0000000000000000 R09: 0000000000000000
[  714.703434][T10243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  714.703443][T10243] R13: 0000000000000000 R14: 00007fe2603b6080 R15: 00007ffe483be4f8
[  714.703469][T10243]  </TASK>
[  714.703487][T10243] Mem-Info:
[  715.041116][T10243] active_anon:903 inactive_anon:2035 isolated_anon:0
[  715.041116][T10243]  active_file:4601 inactive_file:1981 isolated_file:20
[  715.041116][T10243]  unevictable:768 dirty:30 writeback:0
[  715.041116][T10243]  slab_reclaimable:6368 slab_unreclaimable:103110
[  715.041116][T10243]  mapped:40292 shmem:1806 pagetables:1241
[  715.041116][T10243]  sec_pagetables:0 bounce:0
[  715.041116][T10243]  kernel_misc_reclaimable:0
[  715.041116][T10243]  free:772964 free_pcp:509 free_cma:0
[  715.126133][T10243] Node 0 active_anon:3228kB inactive_anon:6144kB active_file:3888kB inactive_file:1212kB unevictable:1536kB isolated(anon):0kB isolated(file):80kB mapped:139212kB dirty:88kB writeback:0kB shmem:5584kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11272kB pagetables:4652kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  715.228850][T10243] Node 1 active_anon:384kB inactive_anon:6796kB active_file:14516kB inactive_file:6712kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:26856kB dirty:32kB writeback:0kB shmem:6540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:448kB pagetables:312kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  715.307900][T10243] Node 0 DMA free:10236kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:104kB local_pcp:80kB free_cma:0kB
[  715.395159][T10243] lowmem_reserve[]: 0 2504 2504 2504 2504
[  715.459441][T10243] Node 0 DMA32 free:42828kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:3628kB inactive_anon:6840kB active_file:3224kB inactive_file:1696kB unevictable:1536kB writepending:88kB present:3129332kB managed:2564568kB mlocked:0kB bounce:0kB free_pcp:1440kB local_pcp:508kB free_cma:0kB
[  715.761293][T10243] lowmem_reserve[]: 0 0 0 0 0
[  715.863519][T10243] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:8kB active_file:32kB inactive_file:64kB unevictable:0kB writepending:0kB present:1048580kB managed:112kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB
[  716.058209][T10243] lowmem_reserve[]: 0 0 0 0 0
[  716.070300][T10243] Node 1 Normal free:3014448kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:384kB inactive_anon:20540kB active_file:14528kB inactive_file:6700kB unevictable:1536kB writepending:48kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:5060kB local_pcp:4820kB free_cma:0kB
[  716.104934][T11419] sg_write: data in/out 2387/14 bytes for SCSI command 0x8-- guessing data in;
[  716.104934][T11419]    program syz.1.1344 not setting count and/or reply_len properly
[  716.110234][T10243] lowmem_reserve[]: 0 0 0 0 0
[  716.133871][T10243] Node 0 DMA: 3*4kB (UM) 1*8kB (U) 1*16kB (M) 1*32kB (M) 3*64kB (UM) 2*128kB (UM) 2*256kB (UM) 2*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 1*4096kB (M) = 10244kB
[  716.160855][T10243] Node 0 DMA32: 112*4kB (UME) 472*8kB (UME) 559*16kB (UME) 280*32kB (UME) 148*64kB (UME) 68*128kB (UME) 12*256kB (UME) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 43376kB
[  716.186870][T10243] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  716.201030][T10243] Node 1 Normal: 15*4kB (UM) 5*8kB (UME) 12*16kB (UME) 18*32kB (UM) 40*64kB (UME) 33*128kB (UME) 21*256kB (UM) 17*512kB (UM) 13*1024kB (UME) 3*2048kB (ME) 726*4096kB (UM) = 3014884kB
[  716.236426][T10243] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  716.269830][T10243] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  716.287013][   T12] team0 (unregistering): Port device team_slave_1 removed
[  716.292974][T10243] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  716.304487][T10243] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  716.338239][T10243] 13226 total pagecache pages
[  716.348640][T10243] 244 pages in swap cache
[  716.362131][T10243] Free swap  = 105860kB
[  716.366333][T10243] Total swap = 124996kB
[  716.377107][T10243] 2097051 pages RAM
[  716.381031][T10243] 0 pages HighMem/MovableOnly
[  716.385730][T10243] 424250 pages reserved
[  716.397723][T10243] 0 pages cma reserved
[  716.409632][   T12] team0 (unregistering): Port device team_slave_0 removed
[  717.301154][T11207] bridge0: port 1(bridge_slave_0) entered blocking state
[  717.377388][T11207] bridge0: port 1(bridge_slave_0) entered disabled state
[  717.410868][T11207] bridge_slave_0: entered allmulticast mode
[  717.573263][T11427] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1348'.
[  717.601441][T11207] bridge_slave_0: entered promiscuous mode
[  717.902840][T10335] libceph: connect (1)[c::]:6789 error -101
[  717.910906][T10335] libceph: mon0 (1)[c::]:6789 connect error
[  717.986088][T11436] loop8: detected capacity change from 0 to 1
[  718.006317][T11436] Dev loop8: unable to read RDB block 1
[  718.012260][T11436]  loop8: unable to read partition table
[  718.018930][T11436] loop8: partition table beyond EOD, truncated
[  718.025273][T11436] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  718.194550][ T5910] libceph: connect (1)[c::]:6789 error -101
[  718.255081][T11207] bridge0: port 2(bridge_slave_1) entered blocking state
[  718.282835][ T5910] libceph: mon0 (1)[c::]:6789 connect error
[  718.309089][T11433] ceph: No mds server is up or the cluster is laggy
[  718.380614][T11207] bridge0: port 2(bridge_slave_1) entered disabled state
[  718.387882][T11207] bridge_slave_1: entered allmulticast mode
[  718.403986][T11207] bridge_slave_1: entered promiscuous mode
[  718.443493][T10416] Bluetooth: hci5: command 0x0406 tx timeout
[  718.789605][T11443] netlink: 156 bytes leftover after parsing attributes in process `syz.5.1352'.
[  719.060002][T11207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  720.917755][T11207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  723.031541][ T5921] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  723.101829][T11207] team0: Port device team_slave_0 added
[  723.192981][ T5921] usb 3-1: unable to get BOS descriptor or descriptor too short
[  723.295409][T11207] team0: Port device team_slave_1 added
[  723.305576][ T5921] usb 3-1: config 2 has an invalid interface number: 181 but max is 0
[  723.335597][T11469] loop2: detected capacity change from 0 to 7
[  723.350011][ T5921] usb 3-1: config 2 has no interface number 0
[  723.374011][ T5921] usb 3-1: config 2 interface 181 altsetting 9 endpoint 0xD has an invalid bInterval 173, changing to 11
[  723.462444][T11469] Dev loop2: unable to read RDB block 7
[  723.515671][T11471] overlayfs: workdir and upperdir must be separate subtrees
[  723.523278][T11469]  loop2: unable to read partition table
[  723.529179][T11469] loop2: partition table beyond EOD, truncated
[  723.543760][ T5921] usb 3-1: config 2 interface 181 has no altsetting 0
[  723.560498][T11469] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  723.622821][ T5921] usb 3-1: New USB device found, idVendor=06f8, idProduct=0001, bcdDevice=65.85
[  723.660047][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.692407][ T5921] usb 3-1: Product: syz
[  723.696625][ T5921] usb 3-1: Manufacturer: syz
[  723.701760][ T5921] usb 3-1: SerialNumber: syz
[  723.886746][T11207] batman_adv: batadv0: Adding interface: batadv_slave_0
[  723.939946][T11207] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  724.870168][T11207] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  725.102928][ T5921] usb 3-1: USB disconnect, device number 19
[  725.122368][T11207] batman_adv: batadv0: Adding interface: batadv_slave_1
[  725.150036][T11207] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  726.212353][T11207] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  726.489365][T11496] netlink: 'syz.4.1361': attribute type 3 has an invalid length.
[  726.497277][T11496] netlink: 236 bytes leftover after parsing attributes in process `syz.4.1361'.
[  726.853795][   T30] audit: type=1804 audit(1747699782.371:936): pid=11496 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.1361" name="/newroot/293/file0/file0" dev="ramfs" ino=33907 res=1 errno=0
[  727.003830][T11493] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1363'.
[  727.231934][T11502] openvswitch: netlink: Actions may not be safe on all matching packets
[  728.111398][T11207] hsr_slave_0: entered promiscuous mode
[  728.155298][T11207] hsr_slave_1: entered promiscuous mode
[  728.186623][T11207] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  728.700891][T11207] Cannot create hsr debugfs directory
[  728.929607][T11510] FAULT_INJECTION: forcing a failure.
[  728.929607][T11510] name failslab, interval 1, probability 0, space 0, times 0
[  728.942415][T11510] CPU: 1 UID: 0 PID: 11510 Comm: syz.4.1366 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  728.942441][T11510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  728.942453][T11510] Call Trace:
[  728.942461][T11510]  <TASK>
[  728.942470][T11510]  dump_stack_lvl+0x189/0x250
[  728.942504][T11510]  ? __pfx_dump_stack_lvl+0x10/0x10
[  728.942532][T11510]  ? __pfx__printk+0x10/0x10
[  728.942569][T11510]  ? __pfx___might_resched+0x10/0x10
[  728.942598][T11510]  ? fs_reclaim_acquire+0x7d/0x100
[  728.942627][T11510]  should_fail_ex+0x414/0x560
[  728.942654][T11510]  should_failslab+0xa8/0x100
[  728.942687][T11510]  __kmalloc_cache_noprof+0x70/0x3d0
[  728.942716][T11510]  ? ag6xx_open+0x5d/0x160
[  728.942749][T11510]  ag6xx_open+0x5d/0x160
[  728.942773][T11510]  hci_uart_tty_ioctl+0x793/0xa00
[  728.942810][T11510]  ? __pfx_hci_uart_tty_ioctl+0x10/0x10
[  728.942836][T11510]  tty_ioctl+0x9c3/0xde0
[  728.942857][T11510]  ? __pfx_tty_ioctl+0x10/0x10
[  728.942878][T11510]  __se_sys_ioctl+0xf9/0x170
[  728.942907][T11510]  do_syscall_64+0xf6/0x210
[  728.942934][T11510]  ? clear_bhb_loop+0x60/0xb0
[  728.942958][T11510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  728.942977][T11510] RIP: 0033:0x7fb7e8f8e969
[  728.942994][T11510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  728.943011][T11510] RSP: 002b:00007fb7e9d51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  728.943031][T11510] RAX: ffffffffffffffda RBX: 00007fb7e91b6080 RCX: 00007fb7e8f8e969
[  728.943045][T11510] RDX: 0000020000000009 RSI: 00000000400455c8 RDI: 0000000000000008
[  728.943058][T11510] RBP: 00007fb7e9d51090 R08: 0000000000000000 R09: 0000000000000000
[  728.943071][T11510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  728.943082][T11510] R13: 0000000000000000 R14: 00007fb7e91b6080 R15: 00007fffc1a17be8
[  728.943113][T11510]  </TASK>
[  729.132185][    C1] vkms_vblank_simulate: vblank timer overrun
[  730.360898][T11523] overlayfs: workdir and upperdir must be separate subtrees
[  730.565563][   T31] INFO: task syz.3.1077:10249 blocked for more than 143 seconds.
[  730.761133][   T31]       Not tainted 6.15.0-rc7-syzkaller #0
[  730.776047][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  730.791577][T11522] FAULT_INJECTION: forcing a failure.
[  730.791577][T11522] name failslab, interval 1, probability 0, space 0, times 0
[  730.832438][   T31] task:syz.3.1077      state:D stack:28952 pid:10249 tgid:10238 ppid:5828   task_flags:0x400040 flags:0x00000004
[  730.850986][T11522] CPU: 1 UID: 0 PID: 11522 Comm: syz.5.1369 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  730.851012][T11522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  730.851025][T11522] Call Trace:
[  730.851034][T11522]  <TASK>
[  730.851042][T11522]  dump_stack_lvl+0x189/0x250
[  730.851077][T11522]  ? __pfx_dump_stack_lvl+0x10/0x10
[  730.851104][T11522]  ? __pfx__printk+0x10/0x10
[  730.851146][T11522]  ? __pfx___might_resched+0x10/0x10
[  730.851176][T11522]  ? fs_reclaim_acquire+0x7d/0x100
[  730.851203][T11522]  should_fail_ex+0x414/0x560
[  730.851230][T11522]  should_failslab+0xa8/0x100
[  730.851250][T11522]  __kmalloc_noprof+0xcb/0x4f0
[  730.851278][T11522]  ? kfree+0x4d/0x440
[  730.851302][T11522]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  730.851335][T11522]  tomoyo_realpath_from_path+0xe3/0x5d0
[  730.851364][T11522]  ? tomoyo_domain+0xda/0x130
[  730.851401][T11522]  tomoyo_path_perm+0x213/0x4b0
[  730.851424][T11522]  ? tomoyo_path_perm+0x1e3/0x4b0
[  730.851444][T11522]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  730.851476][T11522]  ? filemap_check_errors+0xd2/0x120
[  730.851529][T11522]  ? bdev_mark_dead+0x9f/0x170
[  730.851566][T11522]  security_inode_getattr+0x12f/0x330
[  730.851590][T11522]  vfs_getattr+0x23/0x70
[  730.851612][T11522]  loop_assign_backing_file+0x227/0x410
[  730.851644][T11522]  ? __pfx_loop_assign_backing_file+0x10/0x10
[  730.851669][T11522]  ? bd_prepare_to_claim+0x3f1/0x490
[  730.851717][T11522]  ? __asan_memcpy+0x40/0x70
[  730.851743][T11522]  ? loop_set_status_from_info+0x185/0x250
[  730.851781][T11522]  loop_configure+0x8e7/0x1010
[  730.851821][T11522]  ? __pfx_loop_configure+0x10/0x10
[  730.851881][T11522]  lo_ioctl+0x79a/0x2410
[  730.851918][T11522]  ? __pfx_lo_ioctl+0x10/0x10
[  730.851942][T11522]  ? ima_match_policy+0x10b/0x2150
[  730.851969][T11522]  ? look_up_lock_class+0x74/0x170
[  730.851996][T11522]  ? register_lock_class+0x51/0x320
[  730.852029][T11522]  ? __lock_acquire+0xaac/0xd20
[  730.852064][T11522]  ? process_measurement+0x3d8/0x1a40
[  730.852090][T11522]  ? ima_match_policy+0x10b/0x2150
[  730.852124][T11522]  ? __lock_acquire+0xaac/0xd20
[  730.852157][T11522]  ? __lock_acquire+0xaac/0xd20
[  730.852196][T11522]  ? __lock_acquire+0xaac/0xd20
[  730.852235][T11522]  ? __lock_acquire+0xaac/0xd20
[  730.852280][T11522]  ? is_bpf_text_address+0x26/0x2b0
[  730.852312][T11522]  ? is_bpf_text_address+0x292/0x2b0
[  730.852337][T11522]  ? is_bpf_text_address+0x26/0x2b0
[  730.852368][T11522]  ? kernel_text_address+0xa5/0xe0
[  730.852395][T11522]  ? __kernel_text_address+0xd/0x40
[  730.852419][T11522]  ? unwind_get_return_address+0x4d/0x90
[  730.852442][T11522]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  730.852462][T11522]  ? arch_stack_walk+0xfc/0x150
[  730.852499][T11522]  ? stack_trace_save+0x9c/0xe0
[  730.852523][T11522]  ? stack_depot_save_flags+0x40/0x910
[  730.852552][T11522]  ? kasan_save_track+0x4f/0x80
[  730.852576][T11522]  ? kasan_save_track+0x3e/0x80
[  730.852603][T11522]  ? do_vfs_ioctl+0xf36/0x1eb0
[  730.852626][T11522]  ? __se_sys_ioctl+0x47/0x170
[  730.852647][T11522]  ? do_syscall_64+0xf6/0x210
[  730.852691][T11522]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  730.852779][T11522]  ? kasan_quarantine_put+0xdd/0x220
[  730.852810][T11522]  ? blkdev_common_ioctl+0xfc3/0x2450
[  730.852838][T11522]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  730.852861][T11522]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  730.852884][T11522]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  730.852906][T11522]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  730.852960][T11522]  ? __asan_memset+0x22/0x50
[  730.852985][T11522]  ? smack_file_ioctl+0x24a/0x340
[  730.853010][T11522]  ? __pfx_smack_file_ioctl+0x10/0x10
[  730.853030][T11522]  ? __pfx_lo_ioctl+0x10/0x10
[  730.853059][T11522]  blkdev_ioctl+0x5a5/0x6d0
[  730.853086][T11522]  ? __pfx_blkdev_ioctl+0x10/0x10
[  730.853108][T11522]  ? __fget_files+0x3a0/0x420
[  730.853125][T11522]  ? __fget_files+0x2a/0x420
[  730.853148][T11522]  ? bpf_lsm_file_ioctl+0x9/0x20
[  730.853173][T11522]  ? __pfx_blkdev_ioctl+0x10/0x10
[  730.853198][T11522]  __se_sys_ioctl+0xf9/0x170
[  730.853227][T11522]  do_syscall_64+0xf6/0x210
[  730.853254][T11522]  ? clear_bhb_loop+0x60/0xb0
[  730.853280][T11522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  730.853300][T11522] RIP: 0033:0x7f92e9d8e969
[  730.853318][T11522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  730.853335][T11522] RSP: 002b:00007f92eac62038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  730.853356][T11522] RAX: ffffffffffffffda RBX: 00007f92e9fb5fa0 RCX: 00007f92e9d8e969
[  730.853371][T11522] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000003
[  730.853384][T11522] RBP: 00007f92eac62090 R08: 0000000000000000 R09: 0000000000000000
[  730.853395][T11522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  730.853406][T11522] R13: 0000000000000000 R14: 00007f92e9fb5fa0 R15: 00007fffe2bd5558
[  730.853438][T11522]  </TASK>
[  730.853564][T11522] ERROR: Out of memory at tomoyo_realpath_from_path.
[  731.130103][   T31] Call Trace:
[  731.374967][T11522] loop2: detected capacity change from 0 to 7
[  731.413959][ T5816] Dev loop2: unable to read RDB block 7
[  731.439688][ T5816]  loop2: unable to read partition table
[  731.456837][ T5816] loop2: partition table beyond EOD, truncated
[  731.768699][   T31]  <TASK>
[  731.787325][   T31]  __schedule+0x168f/0x4c70
[  731.810053][   T31]  ? schedule+0x165/0x360
[  731.814470][   T31]  ? __pfx___schedule+0x10/0x10
[  731.819379][   T31]  ? schedule+0x91/0x360
[  731.829935][   T31]  schedule+0x165/0x360
[  731.834153][   T31]  schedule_preempt_disabled+0x13/0x30
[  731.839647][   T31]  __mutex_lock+0x724/0xe80
[  731.859952][   T31]  ? __mutex_lock+0x51b/0xe80
[  731.864709][   T31]  ? blk_trace_ioctl+0x1b9/0x430
[  731.869686][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  731.889923][   T31]  ? stack_depot_save_flags+0x40/0x910
[  731.895460][   T31]  ? kasan_save_track+0x4f/0x80
[  731.919997][   T31]  ? kasan_save_track+0x3e/0x80
[  731.924934][   T31]  blk_trace_ioctl+0x1b9/0x430
[  731.929737][   T31]  ? __pfx_blk_trace_ioctl+0x10/0x10
[  731.969957][   T31]  ? kasan_quarantine_put+0xdd/0x220
[  731.975328][   T31]  blkdev_common_ioctl+0xdce/0x2450
[  731.999940][   T31]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  732.005652][   T31]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  732.017119][   T31]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  732.022857][   T31]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  732.028525][   T31]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  732.036409][   T31]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  732.042906][   T31]  ? count_memcg_event_mm+0x92/0x3b0
[  732.048247][   T31]  ? __lock_acquire+0xaac/0xd20
[  732.072970][   T31]  ? __asan_memset+0x22/0x50
[  732.077633][   T31]  ? smack_file_ioctl+0x24a/0x340
[  732.100048][   T31]  ? __pfx_smack_file_ioctl+0x10/0x10
[  732.105497][   T31]  blkdev_ioctl+0x4ef/0x6d0
[  732.119943][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[  732.126382][   T31]  ? __fget_files+0x3a0/0x420
[  732.132463][   T31]  ? __fget_files+0x2a/0x420
[  732.137095][   T31]  ? bpf_lsm_file_ioctl+0x9/0x20
[  732.144351][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[  732.149429][   T31]  __se_sys_ioctl+0xf9/0x170
[  732.154300][   T31]  do_syscall_64+0xf6/0x210
[  732.158850][   T31]  ? clear_bhb_loop+0x60/0xb0
[  732.168050][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.178483][   T31] RIP: 0033:0x7fe26018e969
[  732.183123][   T31] RSP: 002b:00007fe26108d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  732.194257][   T31] RAX: ffffffffffffffda RBX: 00007fe2603b6160 RCX: 00007fe26018e969
[  732.202602][   T31] RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000008
[  732.210906][   T31] RBP: 00007fe260210ab1 R08: 0000000000000000 R09: 0000000000000000
[  732.218913][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  732.227156][   T31] R13: 0000000000000001 R14: 00007fe2603b6160 R15: 00007ffe483be4f8
[  732.236314][   T31]  </TASK>
[  732.239402][   T31] INFO: task syz.3.1077:10253 blocked for more than 145 seconds.
[  732.248547][   T31]       Not tainted 6.15.0-rc7-syzkaller #0
[  732.254717][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  732.263632][   T31] task:syz.3.1077      state:D stack:27512 pid:10253 tgid:10238 ppid:5828   task_flags:0x400040 flags:0x00004004
[  732.281329][   T31] Call Trace:
[  732.284661][   T31]  <TASK>
[  732.289771][   T31]  __schedule+0x168f/0x4c70
[  732.297756][   T31]  ? schedule+0x165/0x360
[  732.303808][   T31]  ? __pfx___schedule+0x10/0x10
[  732.308715][   T31]  ? schedule+0x91/0x360
[  732.316208][   T31]  schedule+0x165/0x360
[  732.321962][   T31]  schedule_preempt_disabled+0x13/0x30
[  732.327457][   T31]  __mutex_lock+0x724/0xe80
[  732.335986][   T31]  ? __mutex_lock+0x51b/0xe80
[  732.343455][   T31]  ? relay_open+0x3b8/0x920
[  732.347999][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  732.356292][   T31]  relay_open+0x3b8/0x920
[  732.363789][   T31]  do_blk_trace_setup+0x591/0x9d0
[  732.368871][   T31]  blk_trace_setup+0x116/0x1f0
[  732.378273][   T31]  ? __pfx_blk_trace_setup+0x10/0x10
[  732.386620][   T31]  ? smack_log+0xef/0x3f0
[  732.398180][   T31]  ? smk_access+0x14c/0x4e0
[  732.404357][   T31]  sg_ioctl+0xaf3/0x2230
[  732.408655][   T31]  ? smack_file_ioctl+0x2a9/0x340
[  732.417528][   T31]  ? __pfx_sg_ioctl+0x10/0x10
[  732.423956][   T31]  ? __fget_files+0x3a0/0x420
[  732.428667][   T31]  ? __fget_files+0x2a/0x420
[  732.436500][   T31]  ? bpf_lsm_file_ioctl+0x9/0x20
[  732.449626][   T31]  ? __pfx_sg_ioctl+0x10/0x10
[  732.458509][   T31]  __se_sys_ioctl+0xf9/0x170
[  732.464896][   T31]  do_syscall_64+0xf6/0x210
[  732.469447][   T31]  ? clear_bhb_loop+0x60/0xb0
[  732.478510][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.486213][   T31] RIP: 0033:0x7fe26018e969
[  732.496394][   T31] RSP: 002b:00007fe26106c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  732.505750][   T31] RAX: ffffffffffffffda RBX: 00007fe2603b6240 RCX: 00007fe26018e969
[  732.513989][   T31] RDX: 0000200000000b40 RSI: 00000000c0481273 RDI: 000000000000000a
[  732.522344][   T31] RBP: 00007fe260210ab1 R08: 0000000000000000 R09: 0000000000000000
[  732.530535][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  732.538540][   T31] R13: 0000000000000000 R14: 00007fe2603b6240 R15: 00007ffe483be4f8
[  732.546952][   T31]  </TASK>
[  732.550329][   T31] 
[  732.550329][   T31] Showing all locks held in the system:
[  732.605149][   T31] 4 locks held by kworker/u8:0/12:
[  732.634779][   T31]  #0: ffff8880b88399d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  732.649050][   T31]  #1: ffff8880b8923b08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39e/0x6d0
[  732.680225][   T31]  #2: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: batadv_nc_worker+0xd2/0x610
[  732.689816][   T31]  #3: ffffffff99a29af0 (&obj_hash[i].lock){-.-.}-{2:2}, at: xa_find+0x8c/0x2b0
[  732.730240][   T31] 1 lock held by khungtaskd/31:
[  732.735139][   T31]  #0: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  732.754624][   T31] 2 locks held by dhcpcd/5482:
[  732.759449][   T31]  #0: ffff88805be126d0 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0
[  732.774666][   T31]  #1: ffffffff8f2e8588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x92/0x200
[  732.784768][   T31] 2 locks held by getty/5582:
[  732.789477][   T31]  #0: ffff888030d860a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  732.805564][   T31]  #1: ffffc90002ffe2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  732.818024][   T31] 3 locks held by syz.3.1077/10243:
[  732.838102][   T31] 1 lock held by syz.3.1077/10249:
[  732.844937][   T31]  #0: ffff888024922658 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x1b9/0x430
[  732.859525][   T31] 2 locks held by syz.3.1077/10253:
[  732.865032][   T31]  #0: ffff8880264392d8 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xfb/0x1f0
[  732.879641][   T31]  #1: ffffffff8df91448 (relay_channels_mutex){+.+.}-{4:4}, at: relay_open+0x3b8/0x920
[  732.890756][   T31] 3 locks held by syz-executor/11207:
[  732.896164][   T31]  #0: ffffffff8ea81fe0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  732.913949][   T31]  #1: ffffffff8f2e8588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  732.926613][   T31]  #2: ffffffff8df439b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b7/0x730
[  732.943088][   T31] 2 locks held by dhcpcd/11530:
[  732.947979][   T31]  #0: ffff888011d62258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  732.970046][   T31]  #1: ffffffff8df439b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f4/0x730
[  732.989948][   T31] 
[  732.992317][   T31] =============================================
[  732.992317][   T31] 
[  733.010774][   T31] NMI backtrace for cpu 0
[  733.010789][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  733.010811][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  733.010823][   T31] Call Trace:
[  733.010831][   T31]  <TASK>
[  733.010839][   T31]  dump_stack_lvl+0x189/0x250
[  733.010867][   T31]  ? __wake_up_klogd+0xd9/0x110
[  733.010891][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  733.010917][   T31]  ? __pfx__printk+0x10/0x10
[  733.010959][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  733.010983][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  733.011000][   T31]  ? _printk+0xcf/0x120
[  733.011033][   T31]  ? __pfx__printk+0x10/0x10
[  733.011064][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  733.011085][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  733.011108][   T31]  watchdog+0xfee/0x1030
[  733.011134][   T31]  ? watchdog+0x1de/0x1030
[  733.011183][   T31]  kthread+0x711/0x8a0
[  733.011210][   T31]  ? __pfx_watchdog+0x10/0x10
[  733.011232][   T31]  ? __pfx_kthread+0x10/0x10
[  733.011256][   T31]  ? __pfx_kthread+0x10/0x10
[  733.011277][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  733.011300][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  733.011325][   T31]  ? __pfx_kthread+0x10/0x10
[  733.011346][   T31]  ret_from_fork+0x4b/0x80
[  733.011364][   T31]  ? __pfx_kthread+0x10/0x10
[  733.011385][   T31]  ret_from_fork_asm+0x1a/0x30
[  733.011431][   T31]  </TASK>
[  733.011443][   T31] Sending NMI from CPU 0 to CPUs 1:
[  733.158818][    C1] NMI backtrace for cpu 1
[  733.158834][    C1] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  733.158854][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  733.158871][    C1] Workqueue: bat_events batadv_nc_worker
[  733.158895][    C1] RIP: 0010:lock_acquire+0xb9/0x360
[  733.158920][    C1] Code: 7c f9 df 0d 00 0f 84 fa 00 00 00 65 8b 05 5f 9d d4 10 85 c0 0f 85 eb 00 00 00 65 48 8b 04 25 08 a0 72 92 83 b8 ec 0a 00 00 00 <0f> 85 d5 00 00 00 48 c7 44 24 30 00 00 00 00 9c 8f 44 24 30 4c 89
[  733.158934][    C1] RSP: 0018:ffffc90000117970 EFLAGS: 00000246
[  733.158948][    C1] RAX: ffff88801b2fda00 RBX: 0000000000000000 RCX: fd04c0cc9a88e400
[  733.158961][    C1] RDX: 0000000000000000 RSI: ffffffff8b51f926 RDI: 1ffff1100fb4e03b
[  733.158972][    C1] RBP: ffffffff8b1ddf87 R08: 0000000000000001 R09: 0000000000000000
[  733.158983][    C1] R10: dffffc0000000000 R11: fffffbfff1efc12f R12: 0000000000000000
[  733.158994][    C1] R13: ffff88807da701d8 R14: 0000000000000000 R15: 0000000000000001
[  733.159005][    C1] FS:  0000000000000000(0000) GS:ffff8881261f6000(0000) knlGS:0000000000000000
[  733.159019][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  733.159030][    C1] CR2: 00007fff2519ccc0 CR3: 0000000011f40000 CR4: 00000000003526f0
[  733.159045][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  733.159055][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  733.159065][    C1] Call Trace:
[  733.159071][    C1]  <TASK>
[  733.159078][    C1]  ? __local_bh_enable_ip+0x12d/0x1c0
[  733.159104][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  733.159133][    C1]  ? batadv_nc_purge_paths+0xe7/0x3b0
[  733.159153][    C1]  _raw_spin_lock_bh+0x36/0x50
[  733.159170][    C1]  ? batadv_nc_purge_paths+0xe7/0x3b0
[  733.159188][    C1]  ? __pfx_batadv_nc_to_purge_nc_path_decoding+0x10/0x10
[  733.159209][    C1]  batadv_nc_purge_paths+0xe7/0x3b0
[  733.159235][    C1]  batadv_nc_worker+0x369/0x610
[  733.159255][    C1]  ? process_scheduled_works+0x9ec/0x17a0
[  733.159281][    C1]  process_scheduled_works+0xade/0x17a0
[  733.159320][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  733.159354][    C1]  worker_thread+0x8a0/0xda0
[  733.159381][    C1]  kthread+0x711/0x8a0
[  733.159401][    C1]  ? __pfx_worker_thread+0x10/0x10
[  733.159416][    C1]  ? __pfx_kthread+0x10/0x10
[  733.159434][    C1]  ? __pfx_kthread+0x10/0x10
[  733.159452][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  733.159473][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  733.159493][    C1]  ? __pfx_kthread+0x10/0x10
[  733.159511][    C1]  ret_from_fork+0x4b/0x80
[  733.159527][    C1]  ? __pfx_kthread+0x10/0x10
[  733.159545][    C1]  ret_from_fork_asm+0x1a/0x30
[  733.159578][    C1]  </TASK>
[  733.444956][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  733.451866][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  733.461952][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  733.472035][   T31] Call Trace:
[  733.475328][   T31]  <TASK>
[  733.478272][   T31]  dump_stack_lvl+0x99/0x250
[  733.482892][   T31]  ? __asan_memcpy+0x40/0x70
[  733.487525][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  733.492756][   T31]  ? __pfx__printk+0x10/0x10
[  733.497391][   T31]  panic+0x2db/0x790
[  733.501319][   T31]  ? __pfx_panic+0x10/0x10
[  733.505753][   T31]  ? tick_nohz_tick_stopped+0x86/0xb0
[  733.511160][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  733.516567][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  733.522757][   T31]  watchdog+0x102d/0x1030
[  733.527113][   T31]  ? watchdog+0x1de/0x1030
[  733.531579][   T31]  kthread+0x711/0x8a0
[  733.535673][   T31]  ? __pfx_watchdog+0x10/0x10
[  733.540370][   T31]  ? __pfx_kthread+0x10/0x10
[  733.544982][   T31]  ? __pfx_kthread+0x10/0x10
[  733.549591][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  733.554806][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  733.560024][   T31]  ? __pfx_kthread+0x10/0x10
[  733.564635][   T31]  ret_from_fork+0x4b/0x80
[  733.569074][   T31]  ? __pfx_kthread+0x10/0x10
[  733.573691][   T31]  ret_from_fork_asm+0x1a/0x30
[  733.578499][   T31]  </TASK>
[  733.581867][   T31] Kernel Offset: disabled
[  733.586194][   T31] Rebooting in 86400 seconds..