last executing test programs:

3m20.56626211s ago: executing program 3 (id=1117):
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0x3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x18)
prlimit64(0x0, 0xe, 0x0, 0x0)
r2 = creat(0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r2, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x14, 0x7, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x3}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x4000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', 0x0})
preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
getpeername$packet(r6, 0x0, &(0x7f0000000040))
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x3, 'dh\x00', 0x1, 0x7, 0x49}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r7, 0x0, 0x485, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x54}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4, 0xf}, {0xe, 0xfff3}, {0x9, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_DQ_RATE_ESTIMATOR={0x8, 0xc, 0x4}, @TCA_FQ_PIE_BYTEMODE={0x8, 0xb, 0x1}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)

3m18.080487154s ago: executing program 3 (id=1128):
syz_io_uring_setup(0x4aec, 0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f00000080c0)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0xc19, @remote}, 0x1c, 0x0}}, {{&(0x7f00000004c0)={0xa, 0x4, 0x3, @loopback, 0x6d}, 0x1c, 0x0, 0x0, &(0x7f0000001d00)=[@rthdr_2292={{0x18, 0x29, 0x39, {0x2f, 0x0, 0x0, 0x1}}}], 0x18}}], 0x2, 0x4000080)
socket$pppl2tp(0x18, 0x1, 0x1)
syz_usb_connect(0x4, 0x24, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x56b1fc1e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000004340)=""/102376, 0x18fe8)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140)=0x7ffd)
write$ppp(r2, &(0x7f0000000500)="3aebd037495fc3c52f1c60074cd33eb953cc3365788ee0265743abbb1d3c", 0xffffff16)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)

3m15.143417823s ago: executing program 3 (id=1140):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x1}, 0x94)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'geneve1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r1, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000400010000001c001a8018000a80140007"], 0x58}, 0x1, 0x2}, 0x80)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
unshare(0x26020480)
socket(0x26, 0x2, 0xfffffffc)
r6 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r7 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x3)
ioctl$TCSETSF2(r7, 0x402c542d, &(0x7f0000000180)={0xfffffffc, 0xe7, 0x6, 0x2, 0x7, "ea7174ddb80fc70000020000000000d3a2d975", 0x2, 0x4})
ioctl$TIOCSTI(r7, 0x5412, &(0x7f00000000c0))
syz_usb_control_io$printer(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TCSETSW2(r5, 0x80047456, &(0x7f0000000040)={0x3, 0xb, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0xffffffff})
socket$inet6(0xa, 0x3, 0x7)
socket$netlink(0x10, 0x3, 0x0)
r8 = fsopen(&(0x7f0000000200)='ecryptfs\x00', 0x0)
close_range(r8, 0xffffffffffffffff, 0x0)

3m9.545463311s ago: executing program 3 (id=1156):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000100ffff000000000000004085000000d00000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000003f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x15)
r2 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xc, 0x86}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r4, &(0x7f00000001c0)='X', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, 0x0, 0x0)
shutdown(r4, 0x1)
ioctl$SIOCGSTAMPNS(r4, 0x8907, 0x0)
recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='X'], 0x58}, 0x1, 0x0, 0x0, 0x90}, 0x0)
r5 = syz_io_uring_setup(0x5c59, &(0x7f0000000140)={0x0, 0xa438, 0x2, 0x0, 0xee}, &(0x7f0000000400), &(0x7f00000001c0))
unshare(0x26020400)
syz_io_uring_setup(0x5c5c, &(0x7f0000000840)={0x0, 0xb8da, 0x186a, 0x40000000, 0x0, 0x0, r5}, 0x0, 0x0)

3m7.757300296s ago: executing program 3 (id=1159):
syz_io_uring_setup(0x4aec, 0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f00000080c0)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0xc19, @remote}, 0x1c, 0x0}}, {{&(0x7f00000004c0)={0xa, 0x4, 0x3, @loopback, 0x6d}, 0x1c, 0x0, 0x0, &(0x7f0000001d00)=[@rthdr_2292={{0x18, 0x29, 0x39, {0x2f, 0x0, 0x0, 0x1}}}], 0x18}}], 0x2, 0x4000080)
socket$pppl2tp(0x18, 0x1, 0x1)
syz_usb_connect(0x4, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8a}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x56b1fc1e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000004340)=""/102376, 0x18fe8)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140)=0x7ffd)
write$ppp(r2, &(0x7f0000000500)="3aebd037495fc3c52f1c60074cd33eb953cc3365788ee0265743abbb1d3c", 0xffffff16)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)

3m4.505099657s ago: executing program 3 (id=1170):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) (async)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xa0740, 0x0)
ioctl$TIOCSIG(r0, 0x80045430, 0x3) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) (async)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prlimit64(0x0, 0xe, 0x0, 0x0) (async)
add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe)
r2 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r2, r2, r2}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'streebog512-generic\x00'}})

2m47.823086244s ago: executing program 32 (id=1170):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) (async)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xa0740, 0x0)
ioctl$TIOCSIG(r0, 0x80045430, 0x3) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) (async)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prlimit64(0x0, 0xe, 0x0, 0x0) (async)
add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe)
r2 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r2, r2, r2}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'streebog512-generic\x00'}})

1m15.334744868s ago: executing program 5 (id=1202):
accept4$ax25(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000efffffffffffff120200040000005f00"], 0x0, 0x28}, 0x28)
r4 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r5 = dup(r4)
read$FUSE(r5, &(0x7f0000005540)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000000)={0xf0f046})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000114000000b7030000000080008500000083000000bf09000000000000550901000000e1ff9400000000000000bf91000000000000b7008500000000000000b70000000000000095000000000000008852230b73ea30cbd792eaec6a344663f469d048e5bd6a43feffa03e5d610cf26c6b8e73a233ddd06d4b6619482a5a9a5715817a625c0830e6560400000075e6c070dc6874a70454de000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x401}, 0x10}, 0x94)
ioctl$KVM_SMI(r5, 0xaeb7)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)

1m8.145282599s ago: executing program 2 (id=1191):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@generic={0x9, 0x6, 0x0, 0xff, 0x8}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x6000}, 0x94)

1m4.295753052s ago: executing program 5 (id=1202):
accept4$ax25(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000efffffffffffff120200040000005f00"], 0x0, 0x28}, 0x28)
r4 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r5 = dup(r4)
read$FUSE(r5, &(0x7f0000005540)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000000)={0xf0f046})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000114000000b7030000000080008500000083000000bf09000000000000550901000000e1ff9400000000000000bf91000000000000b7008500000000000000b70000000000000095000000000000008852230b73ea30cbd792eaec6a344663f469d048e5bd6a43feffa03e5d610cf26c6b8e73a233ddd06d4b6619482a5a9a5715817a625c0830e6560400000075e6c070dc6874a70454de000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x401}, 0x10}, 0x94)
ioctl$KVM_SMI(r5, 0xaeb7)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)

57.33222577s ago: executing program 2 (id=1191):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@generic={0x9, 0x6, 0x0, 0xff, 0x8}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x6000}, 0x94)

52.477124513s ago: executing program 5 (id=1202):
accept4$ax25(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000efffffffffffff120200040000005f00"], 0x0, 0x28}, 0x28)
r4 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r5 = dup(r4)
read$FUSE(r5, &(0x7f0000005540)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000000)={0xf0f046})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000114000000b7030000000080008500000083000000bf09000000000000550901000000e1ff9400000000000000bf91000000000000b7008500000000000000b70000000000000095000000000000008852230b73ea30cbd792eaec6a344663f469d048e5bd6a43feffa03e5d610cf26c6b8e73a233ddd06d4b6619482a5a9a5715817a625c0830e6560400000075e6c070dc6874a70454de000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x401}, 0x10}, 0x94)
ioctl$KVM_SMI(r5, 0xaeb7)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)

45.00483192s ago: executing program 2 (id=1191):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@generic={0x9, 0x6, 0x0, 0xff, 0x8}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x6000}, 0x94)

42.131299703s ago: executing program 5 (id=1202):
accept4$ax25(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000efffffffffffff120200040000005f00"], 0x0, 0x28}, 0x28)
r4 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r5 = dup(r4)
read$FUSE(r5, &(0x7f0000005540)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000000)={0xf0f046})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000114000000b7030000000080008500000083000000bf09000000000000550901000000e1ff9400000000000000bf91000000000000b7008500000000000000b70000000000000095000000000000008852230b73ea30cbd792eaec6a344663f469d048e5bd6a43feffa03e5d610cf26c6b8e73a233ddd06d4b6619482a5a9a5715817a625c0830e6560400000075e6c070dc6874a70454de000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x401}, 0x10}, 0x94)
ioctl$KVM_SMI(r5, 0xaeb7)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)

30.578459352s ago: executing program 2 (id=1191):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@generic={0x9, 0x6, 0x0, 0xff, 0x8}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x6000}, 0x94)

22.974650072s ago: executing program 5 (id=1202):
accept4$ax25(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000efffffffffffff120200040000005f00"], 0x0, 0x28}, 0x28)
r4 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r5 = dup(r4)
read$FUSE(r5, &(0x7f0000005540)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000000)={0xf0f046})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000114000000b7030000000080008500000083000000bf09000000000000550901000000e1ff9400000000000000bf91000000000000b7008500000000000000b70000000000000095000000000000008852230b73ea30cbd792eaec6a344663f469d048e5bd6a43feffa03e5d610cf26c6b8e73a233ddd06d4b6619482a5a9a5715817a625c0830e6560400000075e6c070dc6874a70454de000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x401}, 0x10}, 0x94)
ioctl$KVM_SMI(r5, 0xaeb7)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)

15.514169999s ago: executing program 2 (id=1191):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@generic={0x9, 0x6, 0x0, 0xff, 0x8}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x6000}, 0x94)

12.186290709s ago: executing program 0 (id=1464):
syz_io_uring_setup(0x4aec, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000080)
socket$pppl2tp(0x18, 0x1, 0x1)
syz_usb_connect(0x4, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x56b1fc1e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000004340)=""/102376, 0x18fe8)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)=0x7ffd)
write$ppp(r1, &(0x7f0000000500)="3aebd037495fc3c52f1c60074cd33eb953cc3365788ee0265743abbb1d3c", 0xffffff16)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)

11.133096836s ago: executing program 5 (id=1202):
accept4$ax25(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000efffffffffffff120200040000005f00"], 0x0, 0x28}, 0x28)
r4 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r5 = dup(r4)
read$FUSE(r5, &(0x7f0000005540)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000000)={0xf0f046})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000114000000b7030000000080008500000083000000bf09000000000000550901000000e1ff9400000000000000bf91000000000000b7008500000000000000b70000000000000095000000000000008852230b73ea30cbd792eaec6a344663f469d048e5bd6a43feffa03e5d610cf26c6b8e73a233ddd06d4b6619482a5a9a5715817a625c0830e6560400000075e6c070dc6874a70454de000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x401}, 0x10}, 0x94)
ioctl$KVM_SMI(r5, 0xaeb7)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)

8.795676182s ago: executing program 0 (id=1466):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x3, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fff7fb8}, {0x4, 0xfd, 0x5, 0x5}, {0x4, 0xdc, 0x9, 0x7}]})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYRES8=r1], 0x154}}, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10)
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x12143, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000180)={r2, 0x1, 0xfffffffffffff282, 0x1})
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r3, 0x3a, 0x1, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x1e, 0x4, 0x0)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
gettid()
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
writev(r5, &(0x7f0000000100)=[{&(0x7f00000003c0)="8c", 0x1}, {&(0x7f0000001080)="f67b7f1913e6967a98ecaf5be467c8b030ca9595aaa09c5a568727a0fbdf7ac1d00c78f66451a1ef58ff30f9ba22ca4806ea3a3a8de1c31d1fe6e11358b1246d0a0a9ab3ca18afc7dfc2f2e94cfec33045940020ed9e9aba429ab858ae4fca51c44dc874e8b47852346e7b9d6d2a0bb8", 0x70}], 0x2)
close_range(r1, 0xffffffffffffffff, 0x0)

8.777481136s ago: executing program 1 (id=1467):
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x2180, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
r2 = socket(0x1d, 0x2, 0x6)
r3 = socket(0x1, 0x1, 0x0)
ioctl$SIOCGETSGCNT(r3, 0x89a0, &(0x7f0000000200)={@dev={0xac, 0x14, 0x14, 0x25}, @rand_addr=0x64010125})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_procfs(0x0, 0x0)
fchdir(r4)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x4, 0x0, 0x9})
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB], 0x50)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe04}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

6.880607593s ago: executing program 1 (id=1470):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
socket$can_j1939(0x1d, 0x2, 0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
r1 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
symlinkat(&(0x7f0000000100)='./file0\x00', r2, &(0x7f0000000580)='./file0\x00')
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x109000, 0x191)
lseek(r3, 0x9, 0x4)
socket$inet_mptcp(0x2, 0x1, 0x106)
write$proc_mixer(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0xb8)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000080)=""/54, 0x36, 0x0)
getpgrp(0x0)
mkdir(0x0, 0x82)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r4, &(0x7f0000000000), 0x8)

5.363597007s ago: executing program 0 (id=1473):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video4linux(0x0, 0x8, 0x0)
r2 = syz_open_dev$evdev(0x0, 0x0, 0x0)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty}, 0x20)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000001000500050007000000000008000900000000001400200000000000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0)
ioctl$EVIOCRMFF(r2, 0x4004550e, 0x0)
mremap(&(0x7f0000890000/0x4000)=nil, 0x4000, 0xd000, 0x3, &(0x7f0000ff1000/0xd000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
sendfile(r6, 0xffffffffffffffff, 0x0, 0x20000023896)
close(r6)
r7 = syz_open_procfs(0xffffffffffffffff, 0x0)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
writev(r7, 0x0, 0x0)

5.352388301s ago: executing program 1 (id=1474):
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x2180, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
r2 = socket(0x1d, 0x2, 0x6)
r3 = socket(0x1, 0x1, 0x0)
ioctl$SIOCGETSGCNT(r3, 0x89a0, &(0x7f0000000200)={@dev={0xac, 0x14, 0x14, 0x25}, @rand_addr=0x64010125})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r4)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01022ccd8b00fedbdf252800000005002b000000000006000400a1aa000006000600020000000a0001007770616e30"], 0x38}, 0x1, 0x0, 0x0, 0x4002080}, 0x4000)
bind$can_j1939(r2, 0x0, 0x0)
r6 = syz_open_procfs(0x0, 0x0)
fchdir(r6)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x4, 0x0, 0x9})
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB], 0x50)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe04}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r7}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5.178806374s ago: executing program 4 (id=1475):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x3c, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x100000000, 0xca8}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@mcast1, 0x0, 0x32}, 0xa, @in6=@private1, 0x0, 0x4, 0x1, 0x2}]}]}, 0xfc}}, 0xffffff80)

4.800083552s ago: executing program 4 (id=1476):
syz_io_uring_setup(0x4aec, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000080)
socket$pppl2tp(0x18, 0x1, 0x1)
syz_usb_connect(0x4, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x56b1fc1e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000004340)=""/102376, 0x18fe8)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)=0x7ffd)
write$ppp(r1, &(0x7f0000000500)="3aebd037495fc3c52f1c60074cd33eb953cc3365788ee0265743abbb1d3c", 0xffffff16)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)

3.976084535s ago: executing program 1 (id=1477):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000814)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
listen(r0, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000240)={0x7625, 0x0, 0xffffffffffffffff, 0x0, 0x10}, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000280)=ANY=[@ANYRES16=r0], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(0xffffffffffffffff, 0xc, 0x0, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x13, 0x0, 0x2)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
mount(&(0x7f0000000100)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000180)='nilfs2\x00', 0x2208004, 0x0)

3.205109361s ago: executing program 4 (id=1478):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYBLOB], 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) (async)
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
read$watch_queue(r0, 0x0, 0x0)
io_uring_setup(0x61f9, &(0x7f00000002c0)={0x0, 0x7c85, 0x400, 0x2, 0x10d, 0x0, r0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) (async, rerun: 64)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r2)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2c, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}]}, 0x2c}}, 0x0) (async)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r1, 0x800442d3, &(0x7f0000000000)={0x8, 0xe, 0x508, @empty, 'nicvf0\x00'}) (async, rerun: 64)
syz_fuse_handle_req(r1, &(0x7f00000020c0)="5b095762e4ceba7d280612b7511913c90df9e94f4e38e6e5dd2dac0bd4683a92d758ad90f9e2842073d15a2d5baa4db0b69c47e278e3f50f394189dd7fce63890ce3ed1f24e67a79c1cbc5eae3984e9d3e8759a9229593ad412b129b68928ed908711b6d1213f9355ff80c2579fa58ced926b267a2264063dd3fdea384c58f4ac5bf66c361e8ec046ddf824495c5b6947ebab4e24257d117313fd45b6873262073e64e3da2431276466d75447ae3eb562d00423b8edb3729fa059a5f004010d551edb43813821d27006eb0eefa536590139123f218b3b0e2d994953269636885ffa849a905e62cfe5f64cd04940568809738ed7306e2430d382667d87f54013a5cee43dae2ee75111ed33350d86c757a8362a81375befca2d0f555cfcc58af87c184bf154694ebb8f0b6ef09f13370833a44cedd5b3091768bbbbfa1d0859a114ea6b4d9f25c11d9f3f45db19fa5586d36bb6a8a15f9d55210caaeb983f1d2e6688e107b6de6cca9d9c640afab7620dc440e93f9d5e920e8fe7e74bbf8754a7195110fedcd8269be84a945305ee09de4997a5a2796f5090d2f9ee3bc0b2228c389ecb6468c24d2c5699dc30e2c9ad71ab272e16a4a645516458bb1f2a92b6ff06bf697503a43205473baf112ffe468a9c727ace967ad603d335ac634db4534540ef15611f113ca28c3a3cbc7f6c96945bdf291cf39a5bae0277b51e959dcd26d1117ff63f1bf748c845b7641905f83f6a0e468c75f88fd74d36ca638e5fb055dbd55c14fe30813e2518e390dc65db7372755306779d7fb13fb9403578fe91422cdb8dc8db0cbbc986369ff7780afab5755a039b37364347d73835c96389288b3768e1d4e59cf77fd58228100d397badfdf52dd5eb453ccaad785d21418e509f734f19e8cdb5a0993ba59abcf654625000eddf387d0c291a3000e87c4fec269a9c787997e0d106fcbd9f488c75559c0664be295d8dc20d214f17c392ba0bb73df8bcde0f47e449ab40f51b02bec01fa48171e5e39777aa7fd94525e76d78e2f2e692eea0ed254b2ce1db59e5cfa91d9b30ec2d39868c32afc6797ff333b1ce9dd2c0b3034124b1c004d9dc0cbcd4432006d54528e3e28e96e911eba7681a035d4e4551c7b497cb0fde2845ba18c4b8b19efe147d90394ebed77e7c0a3702fe2b6df71ff354ea5d55a77c899975df86aab5abb2ce370f3d8f4bfcb417ecb82ea0746997a1ca1e9765251a6d33402ad0c0c151fa1930d557248f2aef24e59821f7c649f6824f3a00cbc60c78fc3478969443b03cff9bd6dd1944f79fa7b55005874a7c3b6e6e4e19c84975dbf266a572fa0653111af78e2637f9588ae0cb8283f29f55b5e03bfa9caabdb322be5a2c097b8ed1fc6b5de9e2d9833840da9a036738f5a260b2bbbe0392ba7d982bd567573c9a8c3558103dc62e16c0072a97e2355629fc50960bc3b89949a2aa52bce12379c500e767a986762628cff8f69f73d359ef604a48dd15e7d5c298330ba5be94afcfc913f8329aabae358a9b936e6c19f9a0a45f239eccebcae9143aeb66dda74a0a9714038db0986fcd6c8b2f27330657cc35a1e1da3e4805d4f360cd2de4f798bebaf60daa49e5e4abef7dfb930080bc962d66f859c2138c3d72cbbb8ab11ba47d19406e2fbefb30751631e1fad5cab36fc18907fc4790534fe4ef07b2b0058ae14e0762a4a185f1008f4f4f7b8f30aa62f83806a7ff0e0bca2178981a472071f7bd2ba12578b53a131ad4643caacb8cba98caca210e732e7f2df5373f0c637826c4daedcee4d8439392e9e817fc01f3b504142639273a73cd6f5c8c8033e8aa145359ee6808e4f7b10d35646e642f1c2693002f4bf321c72b33d2a7c6bf1864cbc543d1b07785c12ae87f908498a18b32be69f11d8db79d899f605b4c8bf74ae5cdedd5bfd17cb24469076e9d357b7a0abd9a55384f70ad49997948037a630d2d016e85d468c53127b09ac8d7314245ee0082aaa56559c41ce1a986b04bc21fbabaab0731a870eb0aa98d02ce78ec899b8d1ca5488d0492ad0eafb7c17170806f229fb01739d6ec50040cdbcfe16089e478ffc1713c06bb0b7db29f6a5c5ff20c5d1168ec0f138d36a9465e304c3ef6bbee4f6adb26348b469c0718ecd34f0f4ce7886690fe17c8160ec5ba873483ade45233392be8ad11c97f95509d8ae60846c62f0ba45f5f23cc4840280f043677ffda3385d8f4a3a2bad3bb8f9077dfadfe230e6e093eccb4ff6c0e7cab3df81e073c880f9fc41a404ec3144507ebc53c0778068a3ed3abce5d90ba084d71d221373663e9a9686ab654eecbc45fb0bf308ae22543ebbe65996d329018bbd6d4426d774a4babcc3e97c95acc40877bd1120f0208b54541138f4eb88517e2ca4562b409de39c41d636a0f3594f3d065c2e710af90aa55d0ecd20f383dd6fac7c93cc6011469fe5f4fabefc0c12ac0b77a1f44da769a1b6720a29a7969459feb18f61f73457b2aff8b410ff264d10f4be0ac000c4c6f29d656b9a1887df1eeb786bed0c5ff84be315167ad0506786a9cbf64fbebb4d7eab1d9bd9108bf10dfce2559007edcd6fab26b195534e06a6f3f862e351b7b68fe9e3eb6bd9f47f83a6bf49a36c8ed2f6c8c5d3bd2f4a33d791ea61ee2e21a46e46807add328bb3c3109ef7a402b9e3fa16957693dba1d4a4c361bf6848114cbe29e601bb38a532a387edcd5c39b1171471d8590dd4fda56c7d43b9007b1490ab3219d598048fb50d9290713c079031642fcee9d2ebf03c193ea152b30a1ef9e1b30cfb7c3069432295befdd94bb04c8e9d67e367b787031515dc4f64e3496e8c2c390676c7a89a85c02fd681fc7851c0f652b3d9444002991620ac3a0ba7a77139bea95fa8d053359fbc58c392cb194ec3e6903b841404f735f37e5d1608606be851db16bb9d0d659cb16a3edebbd3613f16cd52b5398196d3fc031a611e7b8d61e4f91c2ab9310a6ae26321c7486568f23298552b4a824cb797b3171bf2f7e2d8444734aa8af3a720cbc8a61161b462f9189c11d687948b7271226406f37429ef09d13b17dd21c4e72be1bc0b816fdc096312aff7f19f3a2181ccb08d1f92aa003c284fcebcc8584cfe242dc8fb0e8cedd71dc2ca48df33c9e650e8bc6f331f9eecb4c2de8b75133760b4c51948b990675e724a68ecae3f2d88c7abfc9bee0875f7feb691b813c1825a0326d887032b5016b69c228cb01243d150c6a188cca6d22f469e6195bf2f3d6d4cedd8ef43e9486f5e9cb9f70e5a92cd2e62bd9c70775d900784bf6283b074c9c0df6e5da7465fe30fd723cd4918dd3da6b7e5475c89d34a4075e94a938047625efa4fb8d02b8616f4f84378ca26c875a364e68e3a02ce5dccb0dc0b686ec52384c076133ddbf7eebf178411109c72171a87625ee0607f94f1ad9dc795906ec7012a51d3621f4fa19f25891d8415bc4a0e3273c21159bff5ceeba3767445fa6a24383e5f165a6fd4fa579a02935943aded524f6d6a540d67b44f4d7d0cefd1c08a53a1a06a4ab5157f8f64b22f3875f6c9fdd76507e277691aaaef9a90352cfbe5005d13b35fe0ce04d3b3362590053c5a7e3b6932364426aeba2bd79943a2b50d5856d3ecfc74bc02318f9eaffdd08f20560bd1d0f7f643ec8e05fc19a3188fa77913092b0ddf40f8be0cc278998dc32da328ddead37f6659d780bd530a48b4bfa230370853db872385b5ece3a9a1f39c69a2f7290ae92f769cc996ad69e22038352fffddfde95f9951c4e0029e6244809bc8d77f262cd3057ab49277ad4edc55f94235c01f774de6a7e61f5e688d71e26348cd61c30348bdc9debb28eff7206bd67bd92b038b584afa3526c32cdcad81402b3642ee9fb608a4e18da9b4250c54feb404cf636caa798bd7e1087f60f424904616c959548650976d8577176356b2d47f46417f00000000000000b1b7f9ac7220efbdb49c081dd38f7c8f718f2969237a49f6200d62e879030b0b6229f39dcac78af38be9287fe0bd04b2e65e8555399ec5613856688d547bb43b472ce03ba3190112a004def789771f83faf390ea062a2b093aea35027c6331d097db997a612bfddeda832226851a751b2116ede07459e6e1717a47cb2f93d7f140361183f5d2a0773b8ef0e458b3489176672223eff9701ddf0a3caa2848feaa54ebf4943b409fbe9369b8c2d0f27a9fa6caeb6c321b19f9e7daf7410142a8e1f1649a855165b6dbfa61570926069d94894f616ef85469113add5fce8db6f22a1bcc3f93b75d94644ff75e5716536c727747621e7664a93519faf3acdab5f29b346172892697909f01051474bb8811d4cf1bdb32ead2364a2d89965fb7d523d5d31f7c7bb891e49d0387c2b235f610fadc23b4463f6a31d4a8a068b8e392ed3d27dd27832c9fa6a7d9a170137cef0bea684311e098b6cc60f36e09b1abc09cb089364e0e256f5d624e6098f02e53fc74724ce9f1d13517fa53968554b523c973ecb03643ec452addd7b566d6d12cad7a0acfdd8a97fffeae567c87aff01b2be11e3a95c54bcce3449c4564132be69c08f309ab97c57349f29a1b8d3d78bcd623409966550e294523e21750930b97f012c4129dd0b55142b4c559fba8cd07083cf6cdd0fd36cfd38f3e0de2da821f2d9f79f82239d6ec1db4dc9dde063e35b1d5ffe929c56744c56c3862b8bd8b95dee19254cd480500c2942b594f0eaae14c3eb07d9d1c5d201425e9e3923b41457fd7fbdf747b2fbc61480aad014d8917ff8f5bd048458c55348b292ff00026690a04a07e90fc0373e1b6ed62ba81af0bc4bda161ef8400887481fcfb8cdc4127500e3fb2a071896f657d6fb04912f3395e5f9e66eab3b85c28a2e37b156511bad5b0d2720670e2b1a762333f42ba528668fda6ea0a80a398129eb3347310260f9f26d5ae249bef77d51d2ed248e0775cb634e48c830cc2c2512376bc411258edd8f73a2d7adbaef40ab79d2ae37f27e2893048d59693a355c87e43b53d545c16997fa318f1bff6a7edb29a7ab80a2381ca828b6d8c5d7976abb11d955faef8b8d5589fea555be1803eac4730a4b9ff3477cf462dda1fadbbdbbcf6826276144875d58e12eb9670c6324f0249b220f1336f9ba43b732bd8c421b040680417a1f68977d6beefbfa9358a4d861cdbcab618043e661208b6939313e2bb01d77509c1df93d87d94da5737d2a10a935b44b264fd232dbc2e59036e0d690431627e0903343b8352ac291eea31d1424c34f9f8fff7fd8df9f6330f88598004a353bfaa5e71d039b8caa33770f9050dbce61ed1c2c0285d23bd4a0b4cd9237ec7c2773474d02881cd7d5541dabca4bafb11f7362160c4a871716720d8d2e26c0400b4abd45c93ff25602d93a1031ffaca642d6f88f8b7ba38de3d8cdaeb89f8fe8de3f0c089bd8b360552d1c26845ccabd2d86acedb16f20640648527a420c497c4af51ef463ce1e3fd8f70f06fa016f12b307e1d846ca35e0f22654456705ce42334401fd2e993c6744918f578fe4d1e6e434d53cb8960008357036ea2c3b03ed9676094fa9693345b0db656273e350b10815755ff9010769af2fb6c5cbc859cce9c8a313cf802a2375d1664b61716067fec9609928f0ccb97397f52765a00334c5a620203977c1df6f9a6f13e46e3be2503ca6e1b1332293dcb2babf2f6019a99274621d0ffdafd9447ba70c948d4c8d9b5b093d36f8e6b8136b16a7da020cf6022b10cd13237aee15319c83b0522aebf523b13ca037d0aa604c5a53fb6536edb8a3d0fafcd66dfd4cdb461f8195c41df043fa6f46e490f43c71422e6de020dbe2ac543c516446ce1ee5890df424ba716eb91da1f8e127777a0e4396fb35654468747179d2884951e06c952f7f1ea15ee46b60aa15e562023eebfc3a79693adcd67fb23ab6b74b55b65d8421be9f454f8d89bd76340c46d5309c892121dc19f8124cacd2b8da3fc0c0ab92dbb5e0537bdbfcffacce03376cd10223815f7801b1e20e32080694dfc8a416e0aa0fc76dcfd037366406aaa84d48a8cbad3fa48ba342ec4aa02f391c6039403fd4dfd8a5cdf4b8c4345febc085798b5c7dace7a3646e2b9e4cf57c13b959f21e33bbfec54c85922a8095f2c2de1f1db72493fa9756d69b0ace403bc48adde75bfaa4d723a8dac4dfd370cf02329df1a8e8576e11fb8137910cf753cc76585a2d1c7a0da1304f44c26076d87b5d402c72a724b464b5cc2c0ee6d1fb472a40a41e858697dbb82b6103fce576063d2aae0b4dcefef78f8de0640c82d955c72f5b1280973410100000000000000b419e18c7c62e080b8034ac7e1134524c1fcc4f93833280fecd0ff424e39cfecb21e714e0f9e1843296cfddea2e35fa6a7bfe6069b366316ef5e6b73aea9e069d1538eaf11cd503b50435e976dfdd39e05918be1b4f91005583c8b84c33b13692bb8ff005fb9d29958f9697cc83c48a0f3666dfc6cdff0d5f923ddeb4c74db22597414f1973d3cf339af2b5b2640857c232788e21ab92cfecf7938d7ccc0162cf913d88967b5abe80c61d3ce1efd120a856ae450e4d7593ebad568a74c7f5ee1bdfd17ef1f72e7703b36b5001e593f1c6908edcb023095fa059e97d68af2ea295b766aaf819eacd85946bfc5bf0c35363530870cd8ce3931ce7c3885fbae123dd924871797070b80ff914b7bfaed7d0a54a372716bbead8797a49524e77025bd9b62e1fd69ec8a7d55741716df76be640ab8e7c44600882d316f220780013a80ca957fa9ad31c910e3565a8e1e1a1e96c5362bd0cbfac2a53328df35fbadc141f10e5a1ef3d1bbaf877d0659b051de0f7636712cbbbebf095718c96349a96fbe6e0389a511635f0cf31906fd6bb6c2d7ad9be31e9293b418f13c22929c90eb0950aeb343b61401e632fe3de3dabf51dd308d17d6d6643f08c757ee17131cb91b611d20ab2ab35190859d8e4d76a44199765c1efa2bdf5e3c3994585e0a7d866dfe5be4601442da0b686f4f44ba8dae33d639ec2a5acf11e6650593bdfdcbfc5860144a15734eaf58e9e2f5495471ead9a25ec659df37e11e84f4dd7283687533de576a9de4b705f9e35964849206259862a5a4c956d26945ff0b8456e536d72136b4989ca135f00026107662cfae9696f2bf46a8b3207330961c8b31c8bb8dd2b0a6c3a833ab7b7aa97df0c14941d1833db60892511ce0a77f87bf54927f3d912de88581cbd301e87554f76b46a850177e550924db74794f6b5f8db5a74c1f932b3b4bf4ece2cf045c4fd490906f2ff09bdc8f683cc61a5923be82011fed297c962f8d7690a9fe980130d4b6545cbdad82ce198c8a1b884bb36288dac252c69b0d8a4eb53767d297eb64ef7e9f90faa994863efe194040a984a1461b04d1baa746afc353e006b71d4839d4b2ba10d681c344642fedeb8d6a2d518a42c9b252a7d6ba4ee5cbc7a81d543af5fccbc284df3ccc226dcd79b20b987b30ef767d2f810fcc55266802abc38cbed144621a6c0c52bec0706bda66bf7d5e957210e2eb6fba79d7deafbea073c1e298861f46c6e17523182f67e133121f3ea2d8316ffe6de51fb3717edc99361c979e9ecb51e3474a15accb8254003358975b786d81281bacfdffb655a5855da5c5edabcfc5e3e5ca570c16efae87032d3b85cf3d52b020fef5fa8339f776a2d629173252fefc9fb2085b49354fb255b0ca941d60c41a2cb10c742af0ea277b65b960f49184297336f1a8e049eb80c3d40ef78b0e8a9a4b5848caf5131b2773a7c18421db56afea355d869ab81f0f7e753651e8ce742c379ee4f08fe23e7c1307bb9f00e60a4cc804f4b47ac42903e1b1ad99ff795130833a202c36afa8851a7ae7c0eb7d25b006bafbf6b0f579e910c9207bce105f73cd219dd352af1b3250a273a7eae3fbbb8ece80d2b61591dd25679e541bef9579a538e0c0fde66ddb176c84c235de570860128ae90a44e8219841a1ed84d5a3721afce3b24e0173542644cffa2b2603171bdbf3a5b2d7c9d51b7a31f7b6675d98938c8e003fc26a2931811dfcce100fd5eed707884c9f1a9ff629967eaab2908f2988378a271c373828a9a836dbc6b1db9881bb30509f693a92daf26f0741b01855af81e594c318f0dd13a89e87fb3d7b3527e7b007bb2e744a322ac3a40e05d24619c3d41643b6b811af49eda5448c21af06b8707baa6b8a2f7690966152ada65a5253aaece296c1ef46a12b399074fbc40a791f4677f05109bbc103c5bd37ccf7b67e4fd6b6ad97314a9dd236dee6e1371186ccc03d4d8560a22cb6709c35a391481d659d7ebeae325f5c9a20de7374b6715b4d8e77997873929d7339b20ed8172d68b0510defabae5712e5509e41afc5d8bc531e296832d285d9410a0d1173d194b3d15571773c97fd12b817fc2d3e0eb6a4bd6720f57d487023f52e3e0f7dbb0e8a7807283951bc8dc7344afb95d8d93f34020d7b1d6b90bf0520a35cefcc8895807286f624c7df58c89d3fcc2495e3acbb98d4424b1c1d199878dcd9ac5e7a2b216aeaff32d04b74495d16a20aa5854e750c0a66f60c69db44674d695eb8d3bb7ae36065d1e6efe9d68527e57c21dc4bfb33f4d8625a95fe3d2d3ac42abf540dd46e32619e63f9cb40e2de1b6c2102553c1907f6c62c0c689c85a1aa0b1e801b0115aeffb9618d1b412d9d7be9fda786fc9729c6819f60dff95c14720ef7afd69e92fd36fcb3f25b5388f15e621593132418a5caf60074ced3e1f6b0120fd162ac0e13395cb8d4462dc32406c9a04252666ae7e74e9da335522da7ac76d377ee77a1a4d4fb0ceacc3259d486466f8f45f795bcf04ad2935d7a4b0aed6eafd4bcf1830480d044af5fba3146a7730aa87b3b33494fcc3f4111507f059c65b82171acfb5a3f6c7c9d3b156788ecaf9b3581b36d0a059e28fae2f3f40fa631342dbdd89c28429e1eb511121f2dff45f73a8eebca82caa064c1e158dec6d8fed2d05e3090f70cc8406d3d9cc429783f60e63bbddb2a61d6e995238ee4f0e3eeb23bc529535dbdafd7db565541ca2dccba24388c7cbf1989e9d71eb2a3804b224350fa30e979c08871e5010a32ec886ed30128f6e509ed87056fb45e1845282b5acb1262fbcf5361284a12a009c0dc914a20572e6c4c61bfbc5a01fd9e605aa95ae85fb704e8a59580fc00d0720c1b212c44d33c05193d4c6f9f87406c0be25e5d9cf7f548a2ab9cf829a543cbea4c9d338790100fac6cb3a3c989a1c53f581b459e5b4d90a4c08b633d54c9687b33da736ec62f141b50bcb4ecc13044a598696ba9c0f9bb9644565ab5c2163df0a47f0b7362c0e51746ad2fdebb31b57c1ccbcd8dbb0071c0a69280bd8a7e97abeb6ee17e8cf704d24229e55905b5799ed5d7b98b08a6a7da5c31225edf80a487fb897301b0d134b953c918b320bda3ab29e69f759f1bece2910079d3aea3da89fd6cff8e4c2e24c1dc1a1d6f222f45f61747c2e0d5962846a85180d0b0963d33b24a2daf082b69f2957f6e90e69841b4cbfa1166226cdd6c06c24dd89c2e9b1a495851e1e5f7e1cb6944f660f65ce5e41b12d003e365393b15f13fcaf21031ca6ef8f270c0109b1298ac11c6fc87397bfd5b6e96339f2449082488e9f74cc5cb08f85d9705c53477f25d2f988f817014f2065261e568d3e8175da7811f1a05cbeb07f9b0a156b6abe016e9b8300e212b5e5453c765e5c466e88a5d8f98ec785df0267349c8ee49c18de6d3910d09843310a390522b8751433ebfc6206f6c3e654e710d3a3f76b1ac79842c0451d4904bb82fb631d94dfa7658727f2ac53feaa2f120202d616a9db782f5c25a2b8c6ab387cf3c5dbfdc2631891d875a0ce758bd35772efd9eb1c18a1d92e7a45f958721216585f2d85b8826a16c5bc4e528626e80851f49f29e2cf7f6ef9a6b8b3faee63c8da84b12ce71a153db2af86b29496e52ef13f9f9c86f05001b61f3290b565af6c8c404d2bbdfee74c1f623660647150d487bc5c4a0ec8509c47e89e795ad207463e1bd4f0aadda0d735a2f69028e8b361e4b259eeb81113587fc2fc28c26e82949a3f0a6e9f86247d8408ffbfbf96dc892dce4d8759130198b54e6305d2cd07835c5cf9659920a4cf024285b7584b70e831256813fa3a200f3ab8851b411d6cfb91bce34fb0cf503d439ee1b8fc434cac3a318f1bf65402487503b5c7bbb076ebeaddb2ed22b444902b24cd9c3375621684dc854c4af685b6f768c1085862e94ef0337a4458b1dbb3ff0c724041c82aa956636c40d15dbf0ba1f7b8188d48b5520fbbe65df81bdf86fc2480f65c8ac523b1cf57a37904ebb704b4c27b01f60b514cfe990220f187943ec138a673e08a52477cc2f3cad746ee251ddbba7ba13101eae9d32a20df248569d1ab882aff778c544c7b530d5171f04d3518b4ee6a99e07212f8bd72697037551ef3ff35794e01cba640041fc910e599e3d163577f6c837280f84fdbf9a54a1744b32f62834c9d5cdcb94cbd184687b89b3a9cb8a76be61e5f8bf5528baffa774cba2577ffddec869bc24eaa6ec0cec8c6afc3cba22891e8b09fdb5254dca8117e927d4d8ac2ee20775ca7793b82a1d94c0555df748fab1ba794fa608ed282190e5f84eebd49fa12943ad56f205a2e843429bb550d5b160c74083be846d4d70e4e5bb6c2bc5ac764e5c29029604b2bac9eed579184f7b8f98dbd1a168196b42cb57347f6e55d8e4126e9a51ac2daa61e74ba71188606e2a175028b8634fe1c9a636061e163b993068a13c5e9904e1e2c128596768eb842111569526d128f249fc3f7ad4bc3999b1001af8faffe9b264697bfa964e4d5ca4218d1fe0307052057c04435e4a853f44fdedb07083c85fd32a5ce0e0179d97ab921cd541a5def8c3aaf2b63857c195098783e340675e41fbd73657c83fa94781b910a61d4ceec44d7b8865f5a983b56503647f8fe63fd81f67484753a550e1f3b19ecf5c82e0a84e45ef36da1506cb0c083cb8f24808e1d4a9e2990a25ba8dbb6f5d3eb94bf5d9dcd65ed15fea1a995578b8ffe8ffa8f59eab41607774998459527c2f5447e0076506a3b10dd03ab7c858ed9f800ac489e1cedbddbaae0245dc1bb7b3256e686c9b280c50c49333f6d461db5d3e945309014528bfdbaa6b5c94efce80be1b9174a42bd08d2113bb26a0168c8d25758c993e9623ef9a35724e689a903c0712792d9e76f3e2399ff371d47151c9cd559f53a3e338acfe715ba3ede12f8fbe62cb1ffceee3de90d78f63db72474caa58c4e2cc1436419de2f6c8b738125b0ad76ad393eb162aae5d1fc501e6ba51a2ae5a47628a92bdddec71bbde7587613e293be04d6a9a3e6f886f25aebf4569a0e1ea5b3102efbbc051d368b005c791e0ad48b0569f4c3918080383f7789447e5a658e26646d39a8c827339255e766e2535ca2a0c87d3153823a27b8ccf1cf4c30c71fd9b265b00a955caeb7241a894a86e32e51ac7c729c98f4ea46e1fc90da62b1150afdec4c1a0994594bd14e59ae2abe2c4eee60194eba156e1aaf118d017c2ce4b3e92004aa6718e4abf7ce72df63fe0ce6496cba35df00d5760d634e1e934bd", 0x2000, &(0x7f0000006e40)={&(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x772d42, 0x0, 0x400, 0x200, 0x0, 0x0, 0x0, 0x12}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 64)
setxattr$system_posix_acl(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="02000000010001000000000002000200", @ANYRES32=0x0, @ANYBLOB="040006000000000010000000"], 0x2c, 0x2) (async, rerun: 64)
syz_fuse_handle_req(r1, &(0x7f0000004300)="e05acff62a41134e0f28a6ba227995b05776c837ab3a066a329e33b775d4586b7a0c48f3471ede96c5e03e1f347acdb576b1b8c75ad4fe76f3ceb2331adb9676968ebcc8bc70b50acd984f9067e2499ec9e28061d978efb1ebbb90d82d973c7b4bdadf6dcf1cd1ba8a4b8882779ab3c5a956791fcf5097ee4b0da8d910938b1edf34fbb493d106ad0270110e14f0c94d02e722ba66bc7e3d90197f4fc676d18723513482dbaa39e68b3a4c0d23f9706f67f76202f16de2f3a40b48a2de184a15f89b2935a65017dbd8783a3d9153c275b72470d0fc15920a659c531d6ca85c36012deb6bf650f9d0a598707c1798a3636b7339a0a5b0a3a62073dbc94eaeecccc58722b8d76d0a447fe0ec7c122ee5d028f5dd17813e62da599f209c621c06c98e0440c008b8678dd65ec6ae2b0b659d6883ff1170ff904db86d0748e8dd1e870c6255ddfc90cbb5aba594c593f64f518d69ab7e02425299303d7d37d5ed28afde8fa2daa4627855dba7c4ab12209d5a836ea0c4592cba568dabd5453382eb5f7e6ce5bd0489b876d4d1dabe18f0440190f5898675bff139d7e8c953abb31383b932a67808cc2a2f67cb714b9a2c8e75f68c21fbe56ecb49f39136b7a0b7b6a53a93f33f9987fb7e7437a0852b9194cb75bb84f3b40f4617ae8ce9a8da6ca74d4e7c737bbc5126b0b8bd0c86f4fb861fea02fd7b8649fb1c0523b30f28a24bd7f58495f29cd2e092f5b6ff29f4de5ce56894fbd9fa78df0fb93efe2192e966e14bc9bd4671b0a2c6873d7750773a8aef7f1d35cad742e64664dcd277b2d604f564fdc519911c0749575c7136226cd68f2ec02a1563c727c1eac916cc426da130ac5c5fd6c0169161c2d7f79fb16b9d8025a6c74e14abccaaf30e5e39806a8b1866cc62e8e238c38036cbcb0abf003861103634409202ffac458605f599ae67db8f4cbd45f72ac9bfd126783135f552dd6639937ff0f77e15ebf8a49fe3d6a7da4fd6faf018b62956957c13ae52537c5ffbb4b2c28f3076468b1d11b018b6afd86f706f17c4babd4987bf9afe98a4b9aa357137d9383b8fb6ca370dd2fdc582aa701e85d926bf3087565231d6089911b2cf578786607ec5849d3d58dd423ff4558092c9a22a1153b787f37c9075555e1d06bc99b95b03bb0862da5be4f8d4718b1c6b892c1ad1138cded558e910553a70699e9d6ac935c227bd3326bfe40f389b16517801826d0ba7a1d74528fa273eca268a74e11423f0ea00e2745abbb7342c846566cf067b38a308babc8a45e607f39b66ddd2e772867cee3e14b3e7dd8844c3651330d15db8aa51d94c98ece900f4443bcbbf8849c3fafd4e5d4e1e5ea4306c081438e1694c59bdafa3b6bf80302b48f09a541dd30db6026ac247303db3facce171b64b48a74a1865db29a15db73f6989f7e5d6b6f39431511246b2ac2873dcdbea3fa5636af6813c83a7fe8b3b7936911a6a47f10823188d0ad18dbf3e4c45c296210e5bfc3abc3dc3836fd60a691005857db271290243709c57fc1ca3ad9a7938550b81b473c66e614fdf7ff35b8e19e60f7616ed19af91e4818c5b2c30f5ff903a3da9c7b7debc5d1b9e41f4a12f122a727a627cc5e6a0f8d81161088a93e4d0e592b7e977287833ec9446a6b44aba303e12ecc19c7fda316f6049db6bf1617f6fefeebcded95f75371fbd6db605ed7b77f8f91ea27468a68e068d1aad50a4118bd619aa85d1f5ee0eb9bbdfcad7335628e3ae1340681ce824204a9997f8aad87c8ce0534482cd748148689ec331002203b94af4ecd11d5b75d80838478c26cfee0fa076c5baaa82483b04898ead705bdb37247956ee25db667ea6668a4f3082332070489da02c3b5d25091e3a00f884265185a28757cdeedb3a1e4a0ada801d4a386fbab0c1de6f35fbb6c7d81fd15370909a387eabd3415f146129647a13f20ccfa69e436ce067ed1a9e0dfb877c85f0b8032e64f5379a9f5a92967533f9b45584ce1a04b962306d2d707e0e462d9d2ce94dbf4c52835c2bc005d1c21fd4e64b0f2578a072d8c442c49bb9450a8fcb49a4b2167912ff1f5946585983087deffee403a0c079ba90a0b644584137c58626afc604ab684650aac5ede8632f3e035da41c511bfb25a62d0a283e35fdd67dc0ef135d428297805b5fd0ad62294531f46171f546c61eb6475fd9fc7c8357e65737d39a741417f8a0a7e035f696c1a83d44837e360592db9ae7afd2ae7be9859f062d274b0862746c9ad804eb1c72aecf6ef9cfbbed33f68f38f25eb493d165f3012c04ec02d42421e2232aa4b30910f9d4fb91b9ba2e7b40ea4fdb60f6957e3afed8cab6d076b2f5ac59ea53bd1e9d944cb53deaa2b8ba097664fca77ab97666c6add05e7556b92d8ad11d19887e83a8ae9dc086bbb4d23cabb3615fdc05e35c61fc3e28315659509df1cbaf449ac909f36c69f5366f1bbe9b3bf9899533f06a6161c986607292a202bfcfeb2508aa18dd993d2d239b32e4f06ba1321d607c154965b9d1f52c940777e69430967d456cafabf236a2f8cea019cc87b350a5bc2aed7f1469ae6cadbcd579864d2194e3bc71e2596c690226b15c86aa0c2aede98cec57c4e752edb6fbe58046ca59546511805a71aa187ce4bcd5399c36eb3f76681a63e5a1d948a9cf98703aebda62c0759477f1be96841d60256bb2d7140fe4481d4d5180df9595fae750da2a9178c89fab47766ae30cd3d8ffcb94eb4b4245ef19ee3d95b89094f528c16ed7289703afd5805e923ce48bb5e451a93ceadbef1443e61b6b59fc13e79ed418dc73cf12b302ff40aa09994374eeabec532bc98b820c21d15f2cd10f755132b12c824a8875387c6682e991dfc01280ce1619c23593659de590b080c7f2eac12ec00704ab8b3bc2052ba9ba6f59a2312b9ebf62c6ea1ec5250435c25215f87350903140a4a12d8e3f8e233f0d63002dbbbd12a7ba9282768dc2b2b9aceb9e45e9da4a2d4a8da83e72bf0cf91bc12324b544a1d6145525dd9cf44199d7448d839bc67b1d33d7da10a9abc08f8f08a894edbd42c1baf8482feb06d68f25c4405a624998bd4c28cb9b845712ba307ca9b9ff56131617ceccd2927ecd57796eb103b6b15dfa12b3e8e9aa2ac8af20cde7877501a98d8b04dbd96d606661066dd80ef55d45fbd5c410d4a0d59ad53cfe3779350e71f109118bccb61121bb8eefced8feaa72c95ed737490c7318e7db86d94eda2ce5f9b04f2308dadbd8a2be6991309a56959c6be4312623a04483bd72a64c210bc6ea600d887aeb3781030a0c4a6ee06f38896bb95688ba5c735180ed50f1fce6c321aa0503f714a000b6e10f22d019e0c5bdbf982bc0a3b15ee59e9c573f77073ac64394f3610f68eca10092a7b7544bc1e643c30017133fec103af1111536ec6b37472157ef7a57186d4b64812ee20f51257d2cdaa19b5508fc40824aeb678c368149387f9083d645c9b616fdf08459aa792897293e7dabfab1144ea74d39a2f0d3632d16ce1b1973717eb83d217250646903207ccd9804e584c12bd98be5096c2a43f21161547f6b2fcf244f12a3c6863a90b45901379a1df5948dba63c34aedb7b877c675dec404acdc0348482502c3e9a886d0829a17c06457a2bb3b6c843285b1aecb4c917d9d586b5b47be2895dad99e620cc824f4d0c577f8b737c20c39c40b77db27e8e72d83c6d220011e7e304c97e281697afe31e077f490f0e632a3fb5125351051543125d7895e86007e0be5527f57f98db8235bfaa3c4d25514ae88d06289261b49013f25326461a5672c0fd975af977d9e9725d14c923decf5b60cb800a267644e0fb5e8dfc734c5b1ba810ff276f24f8fd0608bda3ab335252fbfce4e75c533bf44d2f6a2d14314b5bf24ab3d3dc0794a120379264d2bdfb4111e614b4f68d36f930b4802863bd47dc7b8520f8e95b9673a9bac79dd4e68b7dd9e095d87eb8004f19763459171142145ff6ba160709fa7732579c48bbd4ace904fed83603de20179c6d230b1b098b2800749c1836b222b52da56a2d47dcd9a87e4ea2a2fc3da46b05fb446d1b6e134d5979c43c1e79b00ce0909a020fa2e0377e19bbbeb5c4453a0f04a09242a477bcf0fdf824b58b196d7ee987ed68092c6696cf2dbf942310ed22d674512a4428e9e194127eb44828f9a812c762460486889d715dc6dc4377e557834f31cab1db1b276a5e3c14618c233ae523f1e3f3c0078fe150354855b3c31d0f333928efff70c7383cf65880420cf7ec307b708307fed0745032cb81891b85d67fb55303a30da8f4b3bedeabddc6bd38d92edeec80aff10f0d29f116cfe31f1b1a96962a713300635329c04977ab606e50b93cb1305f5a82c826febf41318f1ddb7e6fd0eaf37936f6950f841c8853bf1acbb96ba04dcc4fa5a23d8eb8e5b22fea5b5784453d51799442c665df83b45ed6fa99401ceec8e0f62b89fab9fadaa0d51e845fcf2ec20676b3d867304b7f893054490af7a0080bdaacfddd54fee4349e03dff156c9f08ceffa31e3701d333251f7cd4b07c52a9901d4fd32bb01261544c7842df78b420b99645e7c2695fcc6dc4e402ddc0ac039bdaf4129a4ae70b37b1c61ebd47e6cb7d6dfde13e7e972c74b706e8a3ad7fddd50cf581d2055ff5b127695d6f5c8fc67df49aaa56afb789a9fa384125f13d928feea35139cd9153b254c6b39f838c0f0367c5efa13c5fbdcbec5c9f88d7d2ff54aaf8d0c4db4cada8b74ea780d32aa0e66942e936061692182be3c5b21fcd99dfbfd22467d4d3ce3d78e88f1481bc2ed388f0dc3f262a079bdcf41d2f21f1de75202fac6b4f8f9f8a7ee0bdb646ce582f6fd358461fc4266f980f33138c41daa3c8a82088eccb8a2944b6dc432f8149414115f209282945e51e5d0a999d518a32fec37e64e8618879f7d65e088514efed5104ead3fab91c017447a645575a50dba5f28a3a6359a9d591ee2c7eadd08b86e733a6a8723880890d3158e527b4d9a676b02ef0faabff71865c487641c6c104c15178106d878c6cd588b2c6f834a4a2ebb9d129ab28eb7dc6a556f3d868e2765034bb146c7be493d19302b31881a11257ed202bd20d53f05d7b5c96954b55cfb933fcf0945a10b460bf7e276ddb6fa313225b7bee647e8e6d5c1ef68dae19d4cca98f00d3a860602b66b09a1392ad01739a5ddb7117dcb0053e9c31602727101225c627225674aa1e49f3c3abeffada9f5ac76b5f10a2de55951de24b1fb144f4c1eae80e27bc36e5da70e01ff37ca465190180644a27eb9a96a15d6fb4eace5e652176a02d4ef8228bd72df5142351a6f1b08981a5c66eeab943983277c1bb192b668ff25cecae19229da67e2d8e3655c409f597b68260c70c47c5843082d94a94e72fc42ed11eed5a0cc5c9eb57de53947d2823cedbd9e417682b7b19ed3be8d27b3a887795b062c88317a0dc04bd6a62cf05fb78b2955af0514a99e3fe0e0f382c9fc2ff820af6451e0915722162c53b060250890c381ebe2edbb63359643ebd780a32770e78c6af810f341f3e07781ee25c92275ab427de063326239514c6623c9a3a2ee2c80da4c77404607cd208e2e9a273cfff2cf9c6cac6ed4cd6641d8890ce82f229cec11b483db0e4fe70161829bebcdc65351e75eef29d4ec70495415927aa6be603dfb8c5c34f4d2a0afe0bd0700540b8ccd9e0421efb4d449225fe38cf4ea8145e7e1ecdcfda0c1b8a6439b3535a7c853065f665cd28c86fcf4b47ce321edc9ba1bed1a6e4160e62819cc8f9d0914ca7c8f54c6392d9b8d8a9e23e6877e240cf50208b5dc085cbf5932d730dde94314d269f8e4730e72c62ebf1100b423e7c02c0c7b3d579fe738a75bf3d29264bc27009673ebc5fd0d777e2b43d4b738addf5e1c1d084270f5ad6441d10e723331ef5d41d1da2597817968e3c33324fd876bb2c4829921fb5c835ed01e78d0fa88d1f4043693a5cbf592f350505d37efd84845feb77ed38a25df0e98678047f320080972ae011d5ecc9b9cb1aa519fc661c3c909ccf1002844a4f3a9ff21dcb3e861cec427cea26eb765e3d30c532f3c67aead616cca4ed0ef627e3edec6a98e0f0866af49b0019ef8c50104b4e21c17b17b36b0bd5d785c0a46dd5e84dc7327d46c73637602f159900ddc1e6bd3f9afddf45ca54cc7958a6fc0a7e9b93c7e91da8afba0a63238f3847860ebe9403ff3b80e067493d34c55e7562b8b0fb06a2f8c1ddc9cd0f785aa9814cd40aa66ded541de15e647303864b27b5cb7631666f4166b6daf929fbff41fd95bf16994a6f9bc8ce579da13442357cd500f10c392ec78b0c161c99742c03b4d745262d86500e2a981586627350cfe1bcf4710b0824070abca21e1a53a36bfbc12ea7fe8336f741784746abef46f52ad131eafd02ac24c1d1636fa30337251a5f169cdb8c57fa214f2a900af0ee866748661f1a67a6c2c6a6e49ce1939139e45a456c7dbbec8a09be48853cd9b1feeefc6729740dde9de04dd1e0f9c774d387a902174274729e6349a7effd237e63c40bdbccb72e44dab5ac1eab96eb75a6ea8f2f7dd362159131072dd8d733fe9c54d1ea4771e85e7cc0b0455dae0a5c8ece44aeff7e2d247e94639c9a74f48e690c02e89d0377fe3afce5d6abc706dd3e23d19809dfa948b010b6d66556ea81ca3690c3322478dfa1e9ef6de5e4d21b6e9867c611fc4e78abc94bd3c9f112739f8d2996834f54d1137f34ff5442c2432746c37031bc7e9201fdeb7d73a24163fe423fdf3e8e22b655ec159664e905675d8bb80d651d4dda22dfed198d02c2b8ff5b0760fd2aea35e519619393cb66b048b59d4e6cf398652a4726925c8a1936ee29cde1bd70fdeeec0aa1e9289711c57ab8ba170c427173fada71e9a1f0fc4cbe23c248f5340db3f9ba4f8c23da230ef4c1013ba0ffaaf5bfc58cc2eb5084f96bcdce7c1ce76c4206189bfbc9d8f1238aed641c39693363762f2cbb1b3433cb01fba42dfbc7b1aa6a46cb9bfcc98a8d8f46cde8a5dc9d74de7fc73aa22420acd949a26c2bd0c8c6f05fcac03a88e622c851454f583623b35f825038ab1aaa3091d05018c2179f473a889219e3414bbbf4eb62333df13ca9eef4dd987358c90d6bdc113aa2972cbff9b7d7e5a76fa182609401567889febe7f2443b338982c3be4328caa199f4b14652ff609b3012fc66cd7a02d8e837bf85f7d2ee7f5061b359104a90e5a74179f6fe7ea44acaf2e8531b05875e041a7f42f6551e89518dd06f04ceaa5140fee9535cc3de18ca42721661d395e23828b07d449e4e09614c8aa753d28215608a56dbb66a929a47fe1beddc6123afad8d4f64cc5602138a289ef1287548d914647d144c3010cb5e3a90753aafebb70703a4f0eb4edbb991f47ed529b219a9fd421782a8a9d73d18e9ac69768791f408ee65af8f78ca3986e878276993c8dc140949f7410c8aee7b57739ffd57e5096ef3c1edc9d242d8ed7d0b5c8f7d4ff37b4ef76a6d4ca8960793508313c751a194ce0dcd0b08e3c3b91f06cb9f158347af1689fa86e9229970ab49bd44bf99da76818f7deb102bffbc575cf53966e247ce3558f77937d822ab74a437c5575dbcbd907199d5b645ee6ee122dc77090960302f8fce044fcb5d19a803b92a95950c262ea117522e6cbe44f5c277d6d7e36890eb7702136dc78abfdc5105f138b9415ee6ed0b4e1f805b3bdb5d0e7aba7d0aaf7c6c100edae89b8496804a7cc9e61d002ba42abb6ada2fdb12f672a15f2f3ef7d23330a5d411195bd2e3caf54d7c29a4ac9e13db64d88c35587059465e59507acd1ed7393f3557b8991116fdbb675f7f4a30acfa0cce3e31b817834a3037a18479aa764a83820f7186460fb96e07adcd529cdf66d0f6dad80260f51d3a9a1ebe213d03b9b71c9c522b4b8bdfe40b06a9da4c722f9a73d43423b456b2464bbb546b0527f71cbe600478169bab6caab15b98d4383552cf0dbf3c4b5208d901873f79901d174410ccd887073c1c9c6091f01c1772123f8354efdd6646d1e5373ef0e7750406b2c9acc1315c9fe1e9b0dba050717ee4f1ed17fc73357150921e5092c8edeb79f25a5b5e142e6813f20871252ebf52752d643a2965058509271b370bf98ef0fe8983a4725d39685647416757b85f87cef3ed7265d67a479d7752dcb3fb78447e6dff107a51365cba79fdf6edba21db2d3b52bf70579a398c36847bb3ec5e8ced0ad82c68c22d422335f73ea5297a95c5263d2403e06b7fb1d30804efd4d535894e0e0fb4747bd77caf3e92fd23d0bc8c73e08374ca42b52fa8c02f1ff3d19d8eaa78ef2ba7b3b1bea75faabf2658cf0a49f59bdd1fc49618fb60260053033184ede8c6a10fbf5f295a8a96553d469b160b17d9dbef52a651afd41fa87a169e5b34c8f3f0299aab066bcfadb07055502432b285f42e369606c4217f10f947fab6bd24889ca0aafad8be5ecbf11462b3a1cfd0c93c80e0a5611d6248a0a4fcc3a2307a7de22d1e301aae233155bd10d11f6b37d89a34c5104049bfe242ceba72e5968ead5ec6ec6b7056c8a1c390f6c6640ec92afbd76fb1072784ad7349ca30b605d6e755f0a21703724394a7681709f7b73aa34f6f44dea15264ef10e86a1079d64f98f6f7bb50bd2e0caca18df8b09a51ca436834ddc235d60fa9500bfb09fbb1dba93c95e1406086f83f6950a0cb9a4cd8ba97333b0de1e658d42469ac93529c596712231f8e0410992d789d326a127bc8c0d901f4dc99b36948c782410052229769f5177b328a6ca68df9e4fc4638cf090d17a4704cf142271418c5a85c7cd292b6fe1ac9e1f2a1858d17e5318d4d75cad3c4e7f2b3d3da458e4581217a07b28ca94043cd0d31d1af5264b8170ef325855a5b5863f01541dd1428cac12793e9080919f6d4b6f9f1255032b44daf64d2ae7b1084384d0d9eb76b7aa18c70b8ce5a174f2a3f73b31f98a9dc329c3f5e1a4ff04c6b85ab3e2eb95f8e265915937b5bad0088c7ab15e2c9cc97707039045758b56f613f58d8100ab0a829c2672e99624494ae81983c23dced6381e718454e714c00d6df6d76f502bc2bc7dd8dd67279418cc4855e33d9250dfd9eff61c98fb06d578d92d1510c1589025dc2bba8208b8d4554d9718bc846666c984ecd7442c60c3437dc9adb4a8bb671cb828ae0a1be34a4db662ef440fce64a6194a296726e7fd6c2b0d2dd52c785d01b26c66b363c6be384471c0e5e60aacb8c1c47751f8c689892ea1ead15f157dc7b567243cc298583e5f37a6bd4ff9d947e2ae56a466f0c27408cdb8b2b7036598aaef45c995b4b1bcb7f110b5c5aa87fdd652e30998796982fcfa0911558395ec8f63e7fc898221d6a9b904951600f1caf077870db43f5e1c59907e4d5c50c9b51e365cf82f4a77c5bccbfaf90b1ce51aef03675e7c45e2bf46f98bfc0d140273dc2ad2e1c25c74ca2edd2efca89aa1432d1c5450125b8a0c19326b0a8c845e657bf69481918a75502de4fff5db8c706fb0e6d0d7263f3b213171f478b71a67257924a8f5ffbf29215783d21d379f50722972cd7c96c4577dfd958155d15214fe704e73effd98092f640b4e376804013028539422407156de850d0cf7797383d0c9c7e7a0c79718003d5748b5393eb3cd8c18f314cd94139f432f4bc82f908533cdaa7c80d0d6d26e1228f8d00a8882b9b07fc6a177d20231e7f42eb40eaa029a1576cd0cd32d7da652d01824077bcf175d7f9540522f38a815aa0e2267588d9ddca13bbc0e45decb68c93091a3607c0d8f158387e0e152bb4a8da4e66fc3c6fde1fb8f4d00f03885b7822a8587abd72c36d10c77e1c7222d24e2bf1992a17c07d586540a0ae2631687cb9197a655fb66690c3b0a0de8808945ba66ffa1e60e0d9623d067fc6f8a233ab53332478d538597fd798f0abfcc97182ff22249f95bce4a07d9f410ae919fd3e0d313a5b12c03f58de66ff5d211e25c791c108ff82ade5be2d59cdb15c6a4759dca915ddf3c07bda00b13018bdb95caea0bf170a15b6cf53a230ef717e1c90233735b9693379e7ef711a367ce42fd7c3ffe25496789342517332a68350a46a3a8da15bfbb63c45f8dc7c5d25db7ab473da177398443857e81bb58d9aa6d97e0bc685e1b40a0704c330e1c0850b9e799207be79508f927fcd5df193b929e0aad5a426990f7c19c50c50427c66a73347fc0937f091c98668f1ece95fa029dcce72977d51a836b6d7e5c93084968ffbca70619eee8700b1a9cc5056b5485ae3d5440b4711b8600fd10fd814cadde2ed11cc6b241464a002fb06ade3ceb7e89fb74462c9abdeb3d88eb9e57eb4f9abbabd23fea5f970417a7fa8a0e78f96b233ec75c6ff89c0068dac52bbafbdc1636f8156a1681acc405b52c65960ad32bac32189c074390c11385dec2b6bad34e95de5e848845adab92a7edf2e60f3c70fda609cb76662a4b98b187b93a739bbe139054b09f5488428b2c8b462e8f5cea5df40290f2dab5ed51cf9e719688ecec4ab1c72b8497efa1746d1bc9b3dff2dabfcb1092f1856f17c2a9a7c37656eb3ec485ffdb0f51149391d6131dd1d8554310c60598e49afad834f5e5255f21c432abb377f54cdf2ea82148d73475214e28346785d797bc4e657d9a2f1f4ce54da741f8caf8262335e284e2f8a04a823de564e553474c39ec1e763700bce1bf030eacaedd345fbe3c3af2120f3fa962ceb2b1427663d791b5936a80b336941c6079f468f92d5c10deab0dfefe9593b76b673a71ad499c5d0fff4a9db2a5f5a0caa0c2c5620abf503deb905d8cb7b6c66865ee69bf31982ef6d9ae8834d361dce14d535a2025db065f5429f3945d5628886163892e1e41fd34c44949cd97592f1a378027de0e81637c11594609c1808da0cdb64de43a871b2b2640f2642d6c1aae34d83b0b0eb73aedf94ce7c1daeddf8cf684672edaf1ce0c7757f163dae3a4350cef5803a60f1e1f3d5eb277a17d38cc32ca8b6fdf536720ce186e7be6507d720810ce8801be2cc5488c7a6f0e398878ebb2ee530d62b61bf67fd4a7fdc811ecb119e4a6e7c6555685850656cf52dbc2a1da93d8550a7941a8a7716fa348f2cbcd6f58489051bf01c0ad0745b8a1e9a10fb748a9ae9f7897dfa81efc7fe240959a3857385f8be3a8102efb0791e1e01e539b370b8ea57d3b7b747bfce3a206612410c0a9aa9130320d80a912434c5a47048c1ab6901e7806c72fef1f4f59322bbf5a79f444a0eec2397a76ae63a22c5bc76a98c4e65212258f963709c07c54dc36ac15d16d7f34c6becd2de54a3ca98babdbe1068275e18585abd3a1fb4e889ea087d918ce2e791098a3e337926a408e9301f2e8f681c50b700cfc240d2a692516e491b7f4774309953b34372fc5425832d4206079872e4387f2343de66525c63c71b1c9625e7649adcc92f279d51d55fc771f7c8b81c02e8a7a6b2bb6f0170d6e5552882434382163f07ea5e4c5971bff35f530e04ca0247f5bdd27929eee90e2078141cfd2d45a1cc2a1bf47012025fa808b9e849978011e482fb7e851e5efcb02796b6a4ce2b72e8e83bba54670b912668723803b", 0x2000, &(0x7f00000003c0)={&(0x7f0000000740)={0x50, 0x0, 0x0, {0x7, 0x29, 0x25c17c22, 0x0, 0x2, 0x3, 0x9, 0x0, 0x0, 0x0, 0x0, 0x6838}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (rerun: 64)

2.957527022s ago: executing program 4 (id=1479):
syz_io_uring_setup(0x4aec, 0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f00000080c0)=[{{&(0x7f00000004c0)={0xa, 0x4, 0x3, @loopback, 0x6d}, 0x1c, 0x0, 0x0, &(0x7f0000001d00)=[@rthdr_2292={{0x18, 0x29, 0x39, {0x2f, 0x0, 0x0, 0x1}}}], 0x18}}], 0x1, 0x4000080)
syz_usb_connect(0x4, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x56b1fc1e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000004340)=""/102376, 0x18fe8)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140)=0x7ffd)
write$ppp(r2, &(0x7f0000000500)="3aebd037495fc3c52f1c60074cd33eb953cc3365788ee0265743abbb1d3c", 0xffffff16)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)

2.953634946s ago: executing program 0 (id=1480):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x60000000}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0)

2.825060073s ago: executing program 2 (id=1191):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@generic={0x9, 0x6, 0x0, 0xff, 0x8}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x6000}, 0x94)

2.673014084s ago: executing program 0 (id=1481):
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x2180, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
r2 = socket(0x1d, 0x2, 0x6)
r3 = socket(0x1, 0x1, 0x0)
ioctl$SIOCGETSGCNT(r3, 0x89a0, &(0x7f0000000200)={@dev={0xac, 0x14, 0x14, 0x25}, @rand_addr=0x64010125})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_procfs(0x0, 0x0)
fchdir(r4)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x4, 0x0, 0x9})
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB], 0x50)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe04}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.660435161s ago: executing program 1 (id=1482):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000814)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="202617000000172329330dc778e7a4cadf8b92a100000000000000e9"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000f8ffffff00000000000000010000000000000000"], &(0x7f0000000300)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
sendmsg$netlink(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000014000100000080000000000002000080080002"], 0x1c}], 0x1}, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000380), 0x40c001, 0x0)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
listen(r2, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000240)={0x7625, 0x0, 0xffffffffffffffff, 0x0, 0x10, 0x0, 0xfffffffffffffffd}, 0x0, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x4b)
openat$urandom(0xffffffffffffff9c, 0x0, 0x40142, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80400, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000000080)={'syzkaller1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}})
connect$bt_sco(r3, &(0x7f0000000340)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r6, &(0x7f0000000080)={0x2, 0x4a20, @multicast2}, 0x10)
read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8)
syz_clone(0x21000011, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_emit_vhci(0x0, 0x22)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

128.799258ms ago: executing program 0 (id=1483):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000200)=<r0=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x2c, &(0x7f0000000080)=[@in6={0xa, 0x4e21, 0x9, @private1={0xfc, 0x1, '\x00', 0x1}, 0x10}, @in={0x2, 0x4e23, @rand_addr=0x640100fc}]}, &(0x7f0000000180)=0x10)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d00028422fb564500006e23e3f58e76110165f450e71bfc74e3002500028d459e37000f0000000000bf9367a17e51f60a64c9f4d4938037e786a6d0bdd700000000000000000051fd1f33597225", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x40000)
sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="5800000011000d040000b013ff6960f48ec30d7556500634c700", @ANYBLOB="5b10e90252cc1f1b5f5782a1229ceeaf49a94a2f03c22e6ec207f07711325dc42dcfdaab9288252119cc8f847455fc6f769d8e4a37f80445a9ef8f60721b5c720b030347f4e321d72142ef0ded86b6ed50b4c30e69bd86b34a6dd193fe9ea3f6d569f3b9bef79327eacc61382b288a8c90557c8b5dec8cc40ae3de41c27d7c3dd04a50f67a2cae43bb295d8a78ebc58f378c831228cf9d831e4efc546cd17126ac312e149ac88a91c5dc95f4d68cdcfe0a17b5f6e53149953cac99debcc4855b032b234273709a51e06abe8dc3a8c1d36c42331149810f14c15136b95584b5cb7ae76e2fcd9242aea35f831b61fb5531acd50944", @ANYBLOB="0000000009000000240012800c0001006d6163766c616e0014000280080001000400000008000900ffffffff140035006d6163766c616e300000000000000000"], 0x58}}, 0x8000)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r5, &(0x7f0000000100)={0x1f, 0x0, @none, 0x24}, 0xe)
socket$nl_generic(0x10, 0x3, 0x10)
connect$bt_l2cap(r5, &(0x7f00000000c0)={0x1f, 0x80, @any, 0x0, 0x2}, 0xe)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000005e80)={'#! ', './file0'}, 0xb)
r6 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r6, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10)
ioctl$sock_qrtr_TIOCINQ(r6, 0x541b, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000880)=@newtaction={0x170, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}, {0x10c, 0x1, [@m_ct={0x108, 0x1, 0x0, 0x0, {{0x7}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @loopback}, @TCA_CT_ACTION={0x6, 0x3, 0x11}, @TCA_CT_PARMS={0x18, 0x1, {0x9921, 0xdd, 0x6, 0x4, 0x2}}, @TCA_CT_ACTION={0x6, 0x3, 0x26}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @dev={0xac, 0x14, 0x14, 0xc}}]}, {0xa7, 0x6, "587dbf7cfbd23d9bf16b117dc4f5194b5ce950387b09375293a2842122c2972cc6444a3a29e2f188a778431c479a74bda37f5fd47664d63f053a313ff067b6421a3f4f73cba85af8bae502474fab9822a1556f99597f8a8d13a974e617720378512c21df0dd78edfa56c84bc02afcbaf633d95981ac156516cfccd9a78a6c14e43470b03728e90387b29cf05148b1d5debc21be1d8106a2901e4a4da4e7452217a0dc4"}, {0xc}, {0xc, 0x8, {0x1}}}}]}]}, 0x170}}, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r8, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r8, 0x3)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)

128.158034ms ago: executing program 1 (id=1484):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x2a0080, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r3, 0xc0d05604, &(0x7f0000000080)={0x9, @vbi={0x200, 0xe, 0xff, 0x4c314356, [0x3, 0x3], [0x9, 0x6], 0x1}})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4003, @dev={0xac, 0x14, 0x14, 0x4}}, 0x10, 0x0}, 0x30004081)
r5 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
read$FUSE(r5, &(0x7f0000004dc0)={0x2020}, 0x2020)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r5, 0x40505330, &(0x7f0000000200)={{0x9, 0x9}, {0x3, 0x79}, 0x7f, 0x6, 0x4})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000a40), 0xffffffffffffffff)
sched_setaffinity(0x0, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r7, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

126.175708ms ago: executing program 4 (id=1485):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000000c000000bca300000007ff002403000020feffff620af8fff8ffffff71a4f8ff000000001f03000000000000e5000200000000002604fdffff02000014010000033800001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)

0s ago: executing program 4 (id=1486):
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x2180, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
r2 = socket(0x1d, 0x2, 0x6)
r3 = socket(0x1, 0x1, 0x0)
ioctl$SIOCGETSGCNT(r3, 0x89a0, &(0x7f0000000200)={@dev={0xac, 0x14, 0x14, 0x25}, @rand_addr=0x64010125})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r4)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01022ccd8b00fedbdf252800000005002b000000000006000400a1aa000006000600020000000a0001007770616e30"], 0x38}, 0x1, 0x0, 0x0, 0x4002080}, 0x4000)
bind$can_j1939(r2, 0x0, 0x0)
r6 = syz_open_procfs(0x0, 0x0)
fchdir(r6)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB], 0x50)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe04}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r7}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

kernel console output (not intermixed with test programs):

-speed USB device number 26 using dummy_hcd
[  444.295904][ T5909] usb 4-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  445.238372][ T5853] usb 1-1: device descriptor read/64, error -71
[  445.274341][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.283053][ T5909] usb 4-1: Product: syz
[  445.289132][ T5909] usb 4-1: Manufacturer: syz
[  445.293794][ T5909] usb 4-1: SerialNumber: syz
[  445.361652][ T5853] usb usb1-port1: attempt power cycle
[  445.407880][   T10] usbhid 5-1:0.0: can't add hid device: -71
[  445.416075][   T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  445.776742][   T10] usb 5-1: USB disconnect, device number 31
[  445.842165][ T5853] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  445.875403][ T5909] usb 4-1: config 0 descriptor??
[  445.926006][ T5853] usb 1-1: device descriptor read/8, error -71
[  445.938485][   T43] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  446.140662][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  446.323843][   T43] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  446.324717][ T5853] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  446.333082][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.397939][T10103] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1070'.
[  446.534575][   T43] usb 2-1: config 0 descriptor??
[  446.664518][   T30] audit: type=1400 audit(1757050718.932:452): avc:  denied  { create } for  pid=10112 comm="syz.0.1078" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  446.798586][ T5853] usb 1-1: device not accepting address 28, error -71
[  446.816311][ T5853] usb usb1-port1: unable to enumerate USB device
[  446.872628][   T43] usbhid 2-1:0.0: can't add hid device: -71
[  446.936138][   T43] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  446.967390][   T43] usb 2-1: USB disconnect, device number 33
[  447.843135][    T9] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  447.972092][   T43] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  448.044456][    T9] usb 5-1: Using ep0 maxpacket: 32
[  448.065845][    T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  448.084567][    T9] usb 5-1: config 0 has no interface number 0
[  448.115245][    T9] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  448.138453][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.183390][   T43] usb 2-1: Using ep0 maxpacket: 16
[  448.192686][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  448.215589][    T9] usb 5-1: Product: syz
[  448.225390][   T43] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  448.234598][    T9] usb 5-1: Manufacturer: syz
[  448.234619][    T9] usb 5-1: SerialNumber: syz
[  448.248244][T10133] netlink: 'syz.0.1082': attribute type 10 has an invalid length.
[  448.280100][    T9] usb 5-1: config 0 descriptor??
[  448.284085][T10133] batman_adv: batadv0: Adding interface: team0
[  448.312085][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.317162][    T9] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  448.329514][T10133] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  448.367444][   T43] usb 2-1: config 0 descriptor??
[  448.383919][    T9] usb 5-1: selecting invalid altsetting 1
[  448.397243][T10135] random: crng reseeded on system resumption
[  448.401518][    T9] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  448.422290][T10133] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  448.441301][ T5909] usb 4-1: USB disconnect, device number 33
[  448.461690][    T9] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  448.473211][   T30] audit: type=1400 audit(1757050720.606:453): avc:  denied  { ioctl } for  pid=10134 comm="syz.2.1083" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x330e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  448.529626][   T43] usbhid 2-1:0.0: can't add hid device: -71
[  448.553865][    T9] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  448.573338][    T9] usb 5-1: media controller created
[  448.575402][T10138] comedi comedi0: comedi_config --init_data is deprecated
[  448.585814][   T30] audit: type=1400 audit(1757050720.719:454): avc:  denied  { write } for  pid=10134 comm="syz.2.1083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  448.616678][T10141] Failed to initialize the IGMP autojoin socket (err -2)
[  449.752739][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  450.052449][   T43] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  450.397310][   T43] usb 2-1: USB disconnect, device number 34
[  450.469858][   T30] audit: type=1326 audit(1757050722.486:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10147 comm="syz.1.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f828858ebe9 code=0x7ffc0000
[  450.523215][   T30] audit: type=1326 audit(1757050722.486:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10147 comm="syz.1.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f828858ebe9 code=0x7ffc0000
[  450.659996][T10126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  450.706865][T10126] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  450.719559][   T30] audit: type=1326 audit(1757050722.486:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10147 comm="syz.1.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f828858ebe9 code=0x7ffc0000
[  450.960790][   T30] audit: type=1326 audit(1757050722.674:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10147 comm="syz.1.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f828858ebe9 code=0x7ffc0000
[  451.060559][   T30] audit: type=1326 audit(1757050722.674:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10147 comm="syz.1.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f828858ebe9 code=0x7ffc0000
[  451.193413][   T30] audit: type=1326 audit(1757050722.683:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10147 comm="syz.1.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f828858ebe9 code=0x7ffc0000
[  451.258534][   T30] audit: type=1326 audit(1757050722.683:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10147 comm="syz.1.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f828858ebe9 code=0x7ffc0000
[  451.752221][T10158] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1090'.
[  452.462588][T10126] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  452.997751][    T9] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  454.170413][    T9] usb 5-1: USB disconnect, device number 32
[  454.399344][T10184] NILFS (loop1): device size too small
[  454.506416][T10191] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1095'.
[  454.649807][    T9] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  454.961251][ T5853] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  455.003844][    T9] usb 5-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  455.045412][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.153529][ T5853] usb 2-1: Using ep0 maxpacket: 32
[  455.168338][    T9] usb 5-1: Product: syz
[  455.175205][    T9] usb 5-1: Manufacturer: syz
[  455.186633][ T5853] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  455.201288][ T5853] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  455.211776][    T9] usb 5-1: SerialNumber: syz
[  455.375349][ T5853] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  455.385527][    T9] usb 5-1: config 0 descriptor??
[  455.420259][ T5853] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  455.454526][ T5853] usb 2-1: config 0 descriptor??
[  455.482434][ T5853] hub 2-1:0.0: USB hub found
[  455.702363][ T5853] hub 2-1:0.0: 1 port detected
[  455.718966][T10198] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1093'.
[  456.492018][T10207] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1101'.
[  456.601980][    T9] hub 2-1:0.0: activate --> -90
[  456.757900][    T9] hub 2-1:0.0: hub_ext_port_status failed (err = 0)
[  456.975495][T10189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  456.984378][T10189] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  456.993847][   T30] kauditd_printk_skb: 34 callbacks suppressed
[  456.993857][   T30] audit: type=1400 audit(1757050728.576:496): avc:  denied  { write } for  pid=10188 comm="syz.1.1098" name="usbmon7" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  457.230749][    T9] usb 5-1: USB disconnect, device number 33
[  457.525108][T10212] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1102'.
[  457.534159][T10212] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1102'.
[  457.543222][T10212] netlink: 'syz.4.1102': attribute type 12 has an invalid length.
[  457.551120][T10212] netlink: 'syz.4.1102': attribute type 11 has an invalid length.
[  458.244898][   T30] audit: type=1400 audit(1757050729.773:497): avc:  denied  { ioctl } for  pid=10217 comm="syz.0.1103" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  458.661123][ T5909] usb 2-1: USB disconnect, device number 35
[  459.336106][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  459.342856][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  460.073248][T10234] random: crng reseeded on system resumption
[  460.418419][T10234] comedi comedi0: comedi_config --init_data is deprecated
[  460.446982][T10246] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1113'.
[  461.647441][T10242] bond0: option mode: unable to set because the bond device has slaves
[  461.962074][T10268] IPv6: sit1: Disabled Multicast RS
[  461.986482][T10268] sit1: entered allmulticast mode
[  462.072345][T10270] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1117'.
[  462.081275][T10270] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1117'.
[  462.090137][T10270] netlink: 'syz.3.1117': attribute type 12 has an invalid length.
[  462.097996][T10270] netlink: 'syz.3.1117': attribute type 11 has an invalid length.
[  462.520716][T10275] binder: 10273:10275 ioctl c0306201 0 returned -14
[  462.913513][T10278] Failed to initialize the IGMP autojoin socket (err -2)
[  464.848754][T10294] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1126'.
[  465.536169][T10310] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  468.293153][T10344] FAULT_INJECTION: forcing a failure.
[  468.293153][T10344] name failslab, interval 1, probability 0, space 0, times 0
[  468.376842][T10344] CPU: 1 UID: 0 PID: 10344 Comm: syz.0.1143 Not tainted syzkaller #0 PREEMPT(full) 
[  468.376869][T10344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  468.376878][T10344] Call Trace:
[  468.376883][T10344]  <TASK>
[  468.376890][T10344]  dump_stack_lvl+0x16c/0x1f0
[  468.376914][T10344]  should_fail_ex+0x512/0x640
[  468.376933][T10344]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  468.376956][T10344]  should_failslab+0xc2/0x120
[  468.376977][T10344]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  468.376997][T10344]  ? find_held_lock+0x2b/0x80
[  468.377017][T10344]  ? kstrdup_const+0x63/0x80
[  468.377042][T10344]  kstrdup+0x53/0x100
[  468.377061][T10344]  kstrdup_const+0x63/0x80
[  468.377079][T10344]  __kernfs_new_node+0x9b/0x8e0
[  468.377114][T10344]  ? __pfx___kernfs_new_node+0x10/0x10
[  468.377143][T10344]  ? find_held_lock+0x2b/0x80
[  468.377165][T10344]  ? kernfs_root+0xee/0x2a0
[  468.377193][T10344]  kernfs_new_node+0x13c/0x1e0
[  468.377222][T10344]  kernfs_create_dir_ns+0x4c/0x1a0
[  468.377249][T10344]  sysfs_create_dir_ns+0x13a/0x2b0
[  468.377272][T10344]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  468.377292][T10344]  ? find_held_lock+0x2b/0x80
[  468.377316][T10344]  ? class_dir_child_ns_type+0xd/0x60
[  468.377340][T10344]  kobject_add_internal+0x2c4/0x9b0
[  468.377373][T10344]  kobject_add+0x16e/0x240
[  468.377395][T10344]  ? __pfx_kobject_add+0x10/0x10
[  468.377417][T10344]  ? get_device_parent+0x1c5/0x4e0
[  468.377438][T10344]  ? kobject_put+0xab/0x5a0
[  468.377459][T10344]  ? device_add+0xbff/0x1aa0
[  468.377484][T10344]  device_add+0x288/0x1aa0
[  468.377509][T10344]  ? __pfx_device_add+0x10/0x10
[  468.377529][T10344]  ? __pfx___mutex_lock+0x10/0x10
[  468.377560][T10344]  input_register_device+0x7e8/0x1180
[  468.377591][T10344]  uinput_ioctl_handler.isra.0+0x1357/0x1df0
[  468.377610][T10344]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  468.377637][T10344]  ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10
[  468.377655][T10344]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  468.377699][T10344]  ? selinux_file_ioctl+0x180/0x270
[  468.377721][T10344]  ? selinux_file_ioctl+0xb4/0x270
[  468.377744][T10344]  ? __pfx_uinput_ioctl+0x10/0x10
[  468.377763][T10344]  __x64_sys_ioctl+0x18e/0x210
[  468.377789][T10344]  do_syscall_64+0xcd/0x4c0
[  468.377813][T10344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  468.377830][T10344] RIP: 0033:0x7fe29af8ebe9
[  468.377844][T10344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  468.377861][T10344] RSP: 002b:00007fe29bea5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  468.377877][T10344] RAX: ffffffffffffffda RBX: 00007fe29b1c5fa0 RCX: 00007fe29af8ebe9
[  468.377887][T10344] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[  468.377896][T10344] RBP: 00007fe29bea5090 R08: 0000000000000000 R09: 0000000000000000
[  468.377904][T10344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  468.377910][T10344] R13: 00007fe29b1c6038 R14: 00007fe29b1c5fa0 R15: 00007ffeca9448b8
[  468.377924][T10344]  </TASK>
[  468.827442][T10344] kobject: kobject_add_internal failed for input34 (error: -12 parent: input)
[  469.136064][T10354] NILFS (loop1): device size too small
[  470.588323][   T30] audit: type=1400 audit(1757050741.307:498): avc:  denied  { write } for  pid=10372 comm="syz.0.1152" path="socket:[25930]" dev="sockfs" ino=25930 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  470.590233][T10373] io-wq is not configured for unbound workers
[  473.138345][T10392] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10392 comm=syz.3.1156
[  475.180621][T10409] vlan2: entered promiscuous mode
[  475.185715][T10409] gretap0: entered promiscuous mode
[  475.634310][T10417] NILFS (loop0): device size too small
[  476.342324][ T5974] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[  476.933746][ T5974] usb 2-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  476.979218][ T5974] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.005153][ T5974] usb 2-1: Product: syz
[  477.013262][ T5974] usb 2-1: Manufacturer: syz
[  477.040872][ T5974] usb 2-1: SerialNumber: syz
[  477.111264][ T5974] usb 2-1: config 0 descriptor??
[  477.659279][T10435] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1164'.
[  481.353025][   T24] usb 2-1: USB disconnect, device number 36
[  481.569069][   T30] audit: type=1400 audit(1757050751.568:499): avc:  denied  { mount } for  pid=10459 comm="syz.1.1175" name="/" dev="rpc_pipefs" ino=26954 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  481.815242][T10465] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1176'.
[  481.824330][T10465] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1176'.
[  481.833344][T10465] netlink: 'syz.4.1176': attribute type 12 has an invalid length.
[  481.841206][T10465] netlink: 'syz.4.1176': attribute type 11 has an invalid length.
[  482.222136][    T9] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  482.417436][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  482.559786][   T30] audit: type=1400 audit(1757050752.447:500): avc:  denied  { create } for  pid=10466 comm="syz.2.1177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  482.639636][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  482.683568][    T9] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  483.068835][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  483.103826][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.125415][    T9] usb 2-1: Product: syz
[  483.129620][    T9] usb 2-1: Manufacturer: syz
[  483.141805][    T9] usb 2-1: SerialNumber: syz
[  483.179576][    T9] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[  483.197161][    T9] cdc_ncm 2-1:1.0: bind() failure
[  483.371796][   T24] usb 2-1: USB disconnect, device number 37
[  483.949175][   T30] audit: type=1400 audit(1757050753.813:501): avc:  denied  { unmount } for  pid=5844 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  484.087088][T10487] capability: warning: `syz.0.1181' uses deprecated v2 capabilities in a way that may be insecure
[  484.104022][T10488] =======================================================
[  484.104022][T10488] WARNING: The mand mount option has been deprecated and
[  484.104022][T10488]          and is ignored by this kernel. Remove the mand
[  484.104022][T10488]          option from the mount to silence this warning.
[  484.104022][T10488] =======================================================
[  484.246290][T10487] 9pnet_fd: p9_fd_create_tcp (10487): problem creating socket
[  484.255518][T10488] 9pnet_fd: p9_fd_create_tcp (10488): problem creating socket
[  484.302362][   T30] audit: type=1400 audit(1757050754.140:502): avc:  denied  { relabelfrom } for  pid=10482 comm="syz.0.1181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  484.523664][   T30] audit: type=1400 audit(1757050754.140:503): avc:  denied  { relabelto } for  pid=10482 comm="syz.0.1181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  484.639606][   T30] audit: type=1400 audit(1757050754.159:504): avc:  denied  { ioctl } for  pid=10482 comm="syz.0.1181" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 ioctlcmd=0x6686 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  484.703229][ T5846] cgroup: fork rejected by pids controller in /syz2
[  486.380811][   T24] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  486.597584][   T24] usb 1-1: config 0 has an invalid descriptor of length 252, skipping remainder of the config
[  486.648089][   T24] usb 1-1: too many endpoints for config 0 interface 0 altsetting 138: 165, using maximum allowed: 30
[  486.701982][   T24] usb 1-1: config 0 interface 0 altsetting 138 has 0 endpoint descriptors, different from the interface descriptor's value: 165
[  486.842722][   T24] usb 1-1: config 0 interface 0 has no altsetting 0
[  487.250154][   T24] usb 1-1: New USB device found, idVendor=1c61, idProduct=4eff, bcdDevice= 0.00
[  487.261621][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  487.272600][   T24] usb 1-1: config 0 descriptor??
[  488.600624][   T30] audit: type=1400 audit(1757050758.163:505): avc:  denied  { bind } for  pid=10499 comm="syz.0.1186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  488.628955][T10510] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12
[  488.640524][T10510] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12
[  488.641766][   T30] audit: type=1400 audit(1757050758.191:506): avc:  denied  { listen } for  pid=10499 comm="syz.0.1186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  488.650386][T10510] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  488.805414][   T30] audit: type=1326 audit(1757050758.350:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10511 comm="syz.1.1189" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f828858ebe9 code=0x0
[  490.328363][   T24] usb 1-1: string descriptor 0 read error: -71
[  490.348902][   T24] usb 1-1: USB disconnect, device number 29
[  490.960811][T10531] RDS: rds_bind could not find a transport for fc01::, load rds_tcp or rds_rdma?
[  491.024583][T10531] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1194'.
[  491.193291][   T30] audit: type=1400 audit(1757050760.576:508): avc:  denied  { ioctl } for  pid=10528 comm="syz.0.1194" path="socket:[26253]" dev="sockfs" ino=26253 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  491.271728][   T49] bridge_slave_1: left allmulticast mode
[  491.288404][T10535] netlink: 'syz.1.1195': attribute type 2 has an invalid length.
[  491.292127][   T49] bridge_slave_1: left promiscuous mode
[  491.327112][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  491.396179][   T49] bridge_slave_0: left allmulticast mode
[  491.401828][   T49] bridge_slave_0: left promiscuous mode
[  491.453913][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  491.470311][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  491.489553][   T30] audit: type=1400 audit(1757050760.857:509): avc:  denied  { ioctl } for  pid=10538 comm="syz-executor" path="socket:[26277]" dev="sockfs" ino=26277 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  491.518091][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  491.533061][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  491.665260][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  491.737405][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  491.986458][T10546] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1196'.
[  493.045105][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  493.070454][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  493.084139][   T49] bond0 (unregistering): Released all slaves
[  493.133548][T10544] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=69 sclass=netlink_route_socket pid=10544 comm=syz.1.1197
[  493.151341][T10538] Failed to initialize the IGMP autojoin socket (err -2)
[  494.078976][ T5858] Bluetooth: hci2: command tx timeout
[  494.423581][T10564] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1200'.
[  495.716147][T10538] chnl_net:caif_netlink_parms(): no params data found
[  495.735336][   T24] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  495.916958][   T24] usb 5-1: Using ep0 maxpacket: 32
[  495.938719][ T5857] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  495.947099][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  495.960984][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  495.965080][ T5857] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  495.978172][   T24] usb 5-1: New USB device found, idVendor=046d, idProduct=c26e, bcdDevice= 0.00
[  495.990413][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.992088][ T5857] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  496.067590][ T5857] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  496.142226][ T5857] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  496.312469][ T5858] Bluetooth: hci2: command tx timeout
[  496.356028][   T24] usb 5-1: config 0 descriptor??
[  496.536581][   T49] hsr_slave_0: left promiscuous mode
[  496.542627][   T49] hsr_slave_1: left promiscuous mode
[  496.613125][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  496.716319][   T24] logitech-hidpp-device 0003:046D:C26E.0024: hidraw0: USB HID v0.00 Device [HID 046d:c26e] on usb-dummy_hcd.4-1/input0
[  496.737138][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  496.934104][T10576] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1203'.
[  497.991020][ T5853] usb 5-1: USB disconnect, device number 34
[  498.372549][ T5858] Bluetooth: hci5: command tx timeout
[  498.525430][ T5858] Bluetooth: hci2: command tx timeout
[  500.142796][   T49] team0 (unregistering): Port device team_slave_1 removed
[  500.267348][   T49] team0 (unregistering): Port device team_slave_0 removed
[  500.578069][ T5858] Bluetooth: hci5: command tx timeout
[  500.749017][ T5858] Bluetooth: hci2: command tx timeout
[  500.835631][T10607] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  500.950466][T10584] Failed to initialize the IGMP autojoin socket (err -2)
[  501.058460][T10538] bridge0: port 1(bridge_slave_0) entered blocking state
[  501.077157][T10538] bridge0: port 1(bridge_slave_0) entered disabled state
[  501.095810][T10538] bridge_slave_0: entered allmulticast mode
[  501.129256][T10538] bridge_slave_0: entered promiscuous mode
[  501.252801][T10538] bridge0: port 2(bridge_slave_1) entered blocking state
[  501.259899][T10538] bridge0: port 2(bridge_slave_1) entered disabled state
[  501.313961][T10538] bridge_slave_1: entered allmulticast mode
[  501.334417][T10538] bridge_slave_1: entered promiscuous mode
[  501.497722][T10633] NILFS (loop1): device size too small
[  501.681590][T10538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  501.880061][T10538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  502.134480][T10538] team0: Port device team_slave_0 added
[  502.227217][T10538] team0: Port device team_slave_1 added
[  502.410948][T10538] batman_adv: batadv0: Adding interface: batadv_slave_0
[  502.439864][T10538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  502.513188][T10538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  502.558234][T10538] batman_adv: batadv0: Adding interface: batadv_slave_1
[  502.580465][T10538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  502.697788][T10538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  502.746599][T10651] SELinux: failed to load policy
[  502.756602][T10645] Failed to initialize the IGMP autojoin socket (err -2)
[  502.917547][    T9] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  502.962469][T10538] hsr_slave_0: entered promiscuous mode
[  502.975429][T10538] hsr_slave_1: entered promiscuous mode
[  502.985850][T10538] debugfs: 'hsr0' already exists in 'hsr'
[  502.996467][T10538] Cannot create hsr debugfs directory
[  503.058788][ T5853] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  503.096396][    T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=b301, bcdDevice=e4.00
[  503.219339][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.256905][    T9] usb 2-1: Product: syz
[  503.275696][    T9] usb 2-1: Manufacturer: syz
[  503.283845][    T9] usb 2-1: SerialNumber: syz
[  503.304121][ T5853] usb 1-1: Using ep0 maxpacket: 8
[  503.310575][    T9] usb 2-1: config 0 descriptor??
[  503.341486][ T5853] usb 1-1: config 0 has an invalid interface number: 148 but max is 0
[  503.360885][ T5853] usb 1-1: config 0 has no interface number 0
[  503.382083][ T5853] usb 1-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=4d.36
[  503.411152][ T5853] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.420014][ T5857] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  503.429815][ T5857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  503.437934][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  503.446492][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  503.455390][ T5853] usb 1-1: Product: syz
[  503.459558][ T5853] usb 1-1: Manufacturer: syz
[  503.464850][ T5857] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  503.471875][ T5853] usb 1-1: SerialNumber: syz
[  503.490140][ T5853] usb 1-1: config 0 descriptor??
[  503.501753][ T5853] kobil_sct 1-1:0.148: KOBIL USB smart card terminal converter detected
[  503.588017][ T5853] usb 1-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  503.622488][   T30] audit: type=1400 audit(1757050772.212:510): avc:  denied  { bind } for  pid=10644 comm="syz.1.1216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  503.661017][T10656] Failed to initialize the IGMP autojoin socket (err -2)
[  503.733798][ T5853] usb 1-1: USB disconnect, device number 30
[  503.863447][ T5853] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  503.922637][ T5853] kobil_sct 1-1:0.148: device disconnected
[  504.420058][T10667] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1219'.
[  505.388263][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  505.397757][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  505.406324][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  505.414101][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  505.421687][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  505.440405][T10677] Failed to initialize the IGMP autojoin socket (err -2)
[  505.776032][T10645] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  505.821724][T10538] netdevsim netdevsim2 netdevsim0: renamed from eth1
[  505.886767][ T5853] usb 2-1: USB disconnect, device number 38
[  505.964269][T10538] netdevsim netdevsim2 netdevsim1: renamed from eth2
[  506.016496][T10538] netdevsim netdevsim2 netdevsim2: renamed from eth3
[  506.061551][T10538] netdevsim netdevsim2 netdevsim3: renamed from eth4
[  506.369631][T10697] loop2: detected capacity change from 0 to 7
[  506.381513][T10697] Dev loop2: unable to read RDB block 7
[  506.388089][T10697]  loop2: unable to read partition table
[  506.395798][T10697] loop2: partition table beyond EOD, truncated
[  506.402806][T10697] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  506.549153][ T5857] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  506.564050][ T5857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  506.575696][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  506.588658][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  506.596207][ T5857] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  506.782789][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.866813][T10699] Failed to initialize the IGMP autojoin socket (err -2)
[  507.225322][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  507.554087][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  507.651860][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  507.750591][T10538] 8021q: adding VLAN 0 to HW filter on device team0
[  507.806353][ T2967] bridge0: port 1(bridge_slave_0) entered blocking state
[  507.813440][ T2967] bridge0: port 1(bridge_slave_0) entered forwarding state
[  507.913567][ T2967] bridge0: port 2(bridge_slave_1) entered blocking state
[  507.920738][ T2967] bridge0: port 2(bridge_slave_1) entered forwarding state
[  508.560325][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  508.572249][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  508.583671][   T13] bond0 (unregistering): Released all slaves
[  508.965403][T10714] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1227'.
[  509.424381][   T13] hsr_slave_0: left promiscuous mode
[  509.561482][   T13] hsr_slave_1: left promiscuous mode
[  509.599237][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  509.621562][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  509.634753][T10722] input: syz1 as /devices/virtual/input/input35
[  509.698697][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  509.730610][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  510.257133][   T13] veth1_macvtap: left promiscuous mode
[  510.284315][   T13] veth0_macvtap: left promiscuous mode
[  510.360155][   T13] veth1_vlan: left promiscuous mode
[  510.380687][   T13] veth0_vlan: left promiscuous mode
[  510.469290][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  510.480432][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  510.492407][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  510.507891][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  510.515620][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  511.896134][   T13] team0 (unregistering): Port device team_slave_1 removed
[  511.963402][   T13] team0 (unregistering): Port device team_slave_0 removed
[  512.538207][T10723] Failed to initialize the IGMP autojoin socket (err -2)
[  512.539962][T10743] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1234'.
[  512.569494][T10743] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1234'.
[  512.578260][T10538] 8021q: adding VLAN 0 to HW filter on device batadv0
[  512.722824][ T5857] Bluetooth: hci3: command tx timeout
[  512.934322][T10538] veth0_vlan: entered promiscuous mode
[  512.993859][T10748] loop2: detected capacity change from 0 to 7
[  513.006088][T10748] Dev loop2: unable to read RDB block 7
[  513.013753][T10748]  loop2: unable to read partition table
[  513.024182][T10538] veth1_vlan: entered promiscuous mode
[  513.042729][T10748] loop2: partition table beyond EOD, truncated
[  513.064775][T10748] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  514.007461][T10538] veth0_macvtap: entered promiscuous mode
[  514.067262][T10538] veth1_macvtap: entered promiscuous mode
[  514.182619][   T13] IPVS: stop unused estimator thread 0...
[  514.261178][T10538] batman_adv: batadv0: Interface activated: batadv_slave_0
[  514.322345][T10538] batman_adv: batadv0: Interface activated: batadv_slave_1
[  514.366542][T10538] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  514.398331][T10538] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  514.432450][T10538] wireguard: wg0: Could not create IPv4 socket
[  514.442119][T10538] wireguard: wg1: Could not create IPv4 socket
[  514.451972][T10538] wireguard: wg2: Could not create IPv4 socket
[  514.731352][T10758] netlink: 'syz.4.1238': attribute type 1 has an invalid length.
[  515.707339][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  515.730247][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  515.741713][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  515.750082][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  515.758994][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  515.790911][T10762] Failed to initialize the IGMP autojoin socket (err -2)
[  516.808104][T10772] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=69 sclass=netlink_route_socket pid=10772 comm=syz.1.1240
[  517.088165][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  517.101168][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  517.112125][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  517.120632][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  517.129425][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  517.216444][T10774] Failed to initialize the IGMP autojoin socket (err -2)
[  517.991977][T10781] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1242'.
[  518.000897][T10781] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1242'.
[  518.009793][T10781] netlink: 'syz.4.1242': attribute type 12 has an invalid length.
[  518.017637][T10781] netlink: 'syz.4.1242': attribute type 11 has an invalid length.
[  518.028882][ T5858] Bluetooth: hci2: command tx timeout
[  519.676824][ T5858] Bluetooth: hci1: unexpected event for opcode 0x100c
[  519.992931][T10817] NILFS (loop4): device size too small
[  520.248886][ T5858] Bluetooth: hci2: command tx timeout
[  520.438047][T10762] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  520.551187][ T5857] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  520.561135][ T5857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  520.579506][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  520.595600][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  520.603306][ T5857] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  521.162469][T10762] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  521.218151][T10762] wireguard: wg0: Could not create IPv4 socket
[  521.248636][T10825] Failed to initialize the IGMP autojoin socket (err -2)
[  521.258575][T10762] wireguard: wg1: Could not create IPv4 socket
[  521.268761][T10762] wireguard: wg2: Could not create IPv4 socket
[  522.140978][ T5974] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  522.165744][   T30] audit: type=1400 audit(1757050789.564:511): avc:  denied  { write } for  pid=10840 comm="syz.0.1253" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  522.313198][ T5974] usb 5-1: Using ep0 maxpacket: 32
[  522.322471][ T5974] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  522.343622][ T5974] usb 5-1: config 0 has no interface number 0
[  522.666947][ T5974] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  522.701216][ T5974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.921462][ T5974] usb 5-1: Product: syz
[  522.925657][ T5974] usb 5-1: Manufacturer: syz
[  522.930239][ T5974] usb 5-1: SerialNumber: syz
[  522.955536][ T5974] usb 5-1: config 0 descriptor??
[  523.025174][ T5974] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  523.080958][ T5974] usb 5-1: selecting invalid altsetting 1
[  523.122395][ T5974] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  523.165622][ T5974] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  523.183905][T10839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  523.207405][   T30] audit: type=1400 audit(1757050790.509:512): avc:  denied  { read } for  pid=10838 comm="syz.4.1254" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  523.263773][T10839] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  523.277467][ T5974] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  523.299671][ T5974] usb 5-1: media controller created
[  523.316551][   T30] audit: type=1400 audit(1757050790.509:513): avc:  denied  { open } for  pid=10838 comm="syz.4.1254" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  523.353439][ T5974] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  523.506181][   T30] audit: type=1400 audit(1757050790.799:514): avc:  denied  { mounton } for  pid=10855 comm="syz.1.1256" path="/255/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  523.528439][    C0] vkms_vblank_simulate: vblank timer overrun
[  523.559212][T10856] 9pnet_fd: p9_fd_create_unix (10856): problem connecting socket: ./file0: -5
[  523.764901][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  523.777995][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  523.786880][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  523.796094][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  523.804013][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  523.834996][T10865] Failed to initialize the IGMP autojoin socket (err -2)
[  523.992850][T10871] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1257'.
[  524.001857][T10871] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1257'.
[  524.010798][T10871] netlink: 'syz.0.1257': attribute type 12 has an invalid length.
[  524.018824][T10871] netlink: 'syz.0.1257': attribute type 11 has an invalid length.
[  524.439606][T10839] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  524.482491][ T5974] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  524.502749][ T5974] zl10353_read_register: readreg error (reg=127, ret==-71)
[  524.625663][T10875] loop2: detected capacity change from 0 to 7
[  524.636807][ T5974] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  524.649127][T10875] Dev loop2: unable to read RDB block 7
[  524.663896][T10875]  loop2: unable to read partition table
[  524.672340][T10875] loop2: partition table beyond EOD, truncated
[  524.680448][T10875] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  524.905815][ T5974] usb 5-1: USB disconnect, device number 35
[  524.964892][T10883] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1259'.
[  524.973960][T10883] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1259'.
[  524.983052][T10883] netlink: 'syz.0.1259': attribute type 12 has an invalid length.
[  524.991016][T10883] netlink: 'syz.0.1259': attribute type 11 has an invalid length.
[  525.390926][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  525.397361][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  525.981360][ T5857] Bluetooth: hci2: command tx timeout
[  526.691535][T10865] netdevsim netdevsim2 netdevsim0: renamed from eth9
[  526.850302][T10865] netdevsim netdevsim2 netdevsim1: renamed from eth10
[  527.410777][ T5937] usb 1-1: new full-speed USB device number 31 using dummy_hcd
[  527.420174][   T24] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[  527.439403][T10865] netdevsim netdevsim2 netdevsim2: renamed from eth11
[  527.488006][T10865] netdevsim netdevsim2 netdevsim3: renamed from eth12
[  527.660411][   T24] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  527.680341][   T24] usb 5-1: config 0 has no interface number 0
[  527.686599][   T24] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  527.706011][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.714355][ T5937] usb 1-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  527.736708][ T5937] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.767809][   T24] usb 5-1: config 0 descriptor??
[  527.785211][ T5937] usb 1-1: Product: syz
[  527.809281][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  527.840206][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  527.857300][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  527.873890][ T5937] usb 1-1: Manufacturer: syz
[  527.884129][   T24] usb 5-1: selecting invalid altsetting 1
[  527.892727][   T24] dvb_ttusb_budget: ttusb_init_controller: error
[  527.900037][   T24] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  527.909319][ T5937] usb 1-1: SerialNumber: syz
[  527.914518][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  527.941169][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  527.968422][ T5937] usb 1-1: config 0 descriptor??
[  528.202716][ T5857] Bluetooth: hci2: command tx timeout
[  528.242806][T10923] Failed to initialize the IGMP autojoin socket (err -2)
[  528.436204][   T24] DVB: Unable to find symbol cx22700_attach()
[  528.493383][T10931] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1260'.
[  528.592700][   T24] DVB: Unable to find symbol tda10046_attach()
[  528.638539][   T24] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  528.820810][T10865] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  528.923588][T10865] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  528.998862][T10865] wireguard: wg0: Could not create IPv4 socket
[  529.051582][T10865] wireguard: wg1: Could not create IPv4 socket
[  529.097050][T10865] wireguard: wg2: Could not create IPv4 socket
[  530.070836][    T9] usb 1-1: USB disconnect, device number 31
[  530.512645][ T5858] Bluetooth: hci5: command 0x1003 tx timeout
[  530.554660][ T5857] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  531.786916][   T24] usb 5-1: USB disconnect, device number 36
[  531.866365][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  531.879543][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  531.888878][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  531.901245][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  531.922475][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  532.002598][T10978] Failed to initialize the IGMP autojoin socket (err -2)
[  532.119605][T10984] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1269'.
[  532.158310][T10982] 9pnet_fd: p9_fd_create_unix (10982): problem connecting socket: ./file0: -5
[  532.436300][ T5973] usb 1-1: new full-speed USB device number 32 using dummy_hcd
[  532.894217][ T5973] usb 1-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  532.904382][ T5973] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.956700][T11007] loop2: detected capacity change from 0 to 7
[  532.979226][T11007] Dev loop2: unable to read RDB block 7
[  532.985976][T11007]  loop2: unable to read partition table
[  532.995121][T11007] loop2: partition table beyond EOD, truncated
[  533.001875][T11007] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  533.022105][ T5973] usb 1-1: Product: syz
[  533.043001][ T5973] usb 1-1: Manufacturer: syz
[  533.048373][ T5973] usb 1-1: SerialNumber: syz
[  533.216120][ T5973] usb 1-1: config 0 descriptor??
[  533.672972][T11012] Failed to initialize the IGMP autojoin socket (err -2)
[  533.811805][T11021] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1270'.
[  534.189317][ T5857] Bluetooth: hci2: command tx timeout
[  535.876670][T10978] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  535.934627][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  535.947734][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  536.004082][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  536.030101][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  536.037612][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  536.341532][   T24] usb 1-1: USB disconnect, device number 32
[  536.379657][T10978] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  536.413083][ T5857] Bluetooth: hci2: command tx timeout
[  536.428371][T10978] wireguard: wg0: Could not create IPv4 socket
[  536.593571][T10978] wireguard: wg1: Could not create IPv4 socket
[  536.602386][T11076] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1279'.
[  536.617133][T11068] Failed to initialize the IGMP autojoin socket (err -2)
[  536.620847][T10978] wireguard: wg2: Could not create IPv4 socket
[  537.381854][T11093] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1279'.
[  537.748027][T11097] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1281'.
[  539.811397][T11144] loop2: detected capacity change from 0 to 7
[  539.835563][T11142] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled
[  539.835772][T11144] Dev loop2: unable to read RDB block 7
[  539.937319][T11144]  loop2: unable to read partition table
[  539.996729][T11144] loop2: partition table beyond EOD, truncated
[  540.003101][T11144] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  540.877478][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  540.887073][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  540.895425][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  540.906043][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  540.926372][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  540.983635][T11152] Failed to initialize the IGMP autojoin socket (err -2)
[  542.024390][T11152] netdevsim netdevsim2 netdevsim0: renamed from eth9
[  542.050132][T11152] netdevsim netdevsim2 netdevsim1: renamed from eth10
[  542.085124][T11152] netdevsim netdevsim2 netdevsim2: renamed from eth11
[  542.117308][T11152] netdevsim netdevsim2 netdevsim3: renamed from eth12
[  543.170877][ T5857] Bluetooth: hci2: command tx timeout
[  543.842944][T11152] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  544.060866][T11152] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  544.335442][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  544.345057][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  544.347534][T11152] wireguard: wg0: Could not create IPv4 socket
[  544.375677][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  544.386404][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  544.398006][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  544.421953][T11223] Failed to initialize the IGMP autojoin socket (err -2)
[  544.451782][T11152] wireguard: wg1: Could not create IPv4 socket
[  544.491307][T11152] wireguard: wg2: Could not create IPv4 socket
[  546.169953][   T30] audit: type=1400 audit(1757050812.014:515): avc:  denied  { getopt } for  pid=11267 comm="syz.1.1296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  547.198257][T11278] input: syz1 as /devices/virtual/input/input36
[  547.400779][T11281] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  547.922019][T11292] evm: overlay not supported
[  548.033606][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  548.043076][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  548.051179][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  548.059739][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  548.068412][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  548.107358][T11290] Failed to initialize the IGMP autojoin socket (err -2)
[  549.595285][ T5973] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  549.779467][ T5973] usb 5-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.02
[  549.835938][ T5973] usb 5-1: New USB device strings: Mfr=0, Product=232, SerialNumber=255
[  549.876984][ T5973] usb 5-1: Product: syz
[  549.882377][ T5973] usb 5-1: SerialNumber: syz
[  549.907679][ T5973] usb 5-1: config 0 descriptor??
[  550.143980][T11311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  550.178682][T11311] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  550.226409][ T5973] ldusb 5-1:0.0: Interrupt in endpoint not found
[  550.238120][ T5973] usb 5-1: USB disconnect, device number 37
[  550.268480][ T5858] Bluetooth: hci2: command tx timeout
[  550.603848][   T30] audit: type=1400 audit(1757050816.157:516): avc:  denied  { create } for  pid=11337 comm="syz.1.1305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  550.643625][   T30] audit: type=1400 audit(1757050816.157:517): avc:  denied  { listen } for  pid=11337 comm="syz.1.1305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  550.877265][ T5973] usb 2-1: new low-speed USB device number 39 using dummy_hcd
[  551.051241][ T5973] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  551.092061][ T5973] usb 2-1: config 0 has no interface number 0
[  551.121648][ T5973] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  551.156562][ T5973] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  551.183817][ T5973] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  551.210193][ T5973] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.237797][ T5973] usb 2-1: config 0 descriptor??
[  551.250482][T11340] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  551.291766][ T5973] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  551.442569][ T5857] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  551.451508][ T5857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  551.508132][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  551.522416][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  551.531117][ T5857] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  551.635587][T11340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  551.650626][T11363] Failed to initialize the IGMP autojoin socket (err -2)
[  551.671999][T11340] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  551.705114][T11290] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  551.774424][   T10] usb 2-1: USB disconnect, device number 39
[  551.774586][    C1] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  551.801122][T11290] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  551.897810][ T5973] usb 1-1: new full-speed USB device number 33 using dummy_hcd
[  551.911841][T11290] wireguard: wg0: Could not create IPv4 socket
[  551.932269][T11290] wireguard: wg1: Could not create IPv4 socket
[  551.950783][T11290] wireguard: wg2: Could not create IPv4 socket
[  552.129798][ T5973] usb 1-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  552.150369][ T5973] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  552.158387][ T5973] usb 1-1: Product: syz
[  552.179777][ T5973] usb 1-1: Manufacturer: syz
[  552.187510][ T5973] usb 1-1: SerialNumber: syz
[  552.195838][ T5973] usb 1-1: config 0 descriptor??
[  552.539253][T11382] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1308'.
[  553.485351][T11412] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1310'.
[  553.524035][T11412] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1310'.
[  553.894566][T11420] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1311'.
[  553.903636][T11420] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1311'.
[  553.912750][T11420] netlink: 'syz.4.1311': attribute type 12 has an invalid length.
[  553.920728][T11420] netlink: 'syz.4.1311': attribute type 11 has an invalid length.
[  553.950729][ T5909] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  554.371401][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  554.382181][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  554.391873][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  554.406493][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  554.414063][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  554.415943][ T5909] usb 2-1: Using ep0 maxpacket: 32
[  554.470572][ T5909] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  554.503954][ T5909] usb 2-1: config 0 has no interface number 0
[  554.511493][T11422] Failed to initialize the IGMP autojoin socket (err -2)
[  554.532876][ T5909] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  554.546539][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.685964][ T5909] usb 2-1: Product: syz
[  554.712517][ T5909] usb 2-1: Manufacturer: syz
[  554.768329][ T5909] usb 2-1: SerialNumber: syz
[  554.800254][ T5909] usb 2-1: config 0 descriptor??
[  554.807216][ T5909] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  555.198102][ T5909] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  555.280069][ T5909] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  555.497884][ T5853] usb 1-1: USB disconnect, device number 33
[  555.621077][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  555.623644][   T10] usb 2-1: USB disconnect, device number 40
[  555.700791][ T5973] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  555.735681][   T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  555.760132][   T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  555.778724][   T10] quatech2 2-1:0.51: device disconnected
[  555.901975][ T5973] usb 5-1: Using ep0 maxpacket: 32
[  555.908923][ T5973] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  555.924792][ T5973] usb 5-1: config 0 has no interface number 0
[  555.944829][ T5973] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  555.964077][ T5973] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.979854][ T5973] usb 5-1: Product: syz
[  555.985310][ T5973] usb 5-1: Manufacturer: syz
[  555.992513][ T5973] usb 5-1: SerialNumber: syz
[  556.011738][ T5973] usb 5-1: config 0 descriptor??
[  556.042049][ T5973] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  556.052003][ T5973] usb 5-1: selecting invalid altsetting 1
[  556.057897][ T5973] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  556.076395][ T5973] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  556.110543][ T5973] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  556.119531][ T5973] usb 5-1: media controller created
[  556.157335][ T5973] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  556.265780][T11440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  556.276298][T11440] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  556.597323][ T5858] Bluetooth: hci2: command tx timeout
[  557.383326][ T5973] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  557.438592][ T5973] zl10353_read_register: readreg error (reg=127, ret==-110)
[  557.466392][T11440] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  557.601015][ T5973] usb 5-1: USB disconnect, device number 38
[  557.638140][T11422] netdevsim netdevsim2 netdevsim0: renamed from eth9
[  557.673809][T11422] netdevsim netdevsim2 netdevsim1: renamed from eth10
[  557.723758][T11422] netdevsim netdevsim2 netdevsim2: renamed from eth11
[  557.745704][T11422] netdevsim netdevsim2 netdevsim3: renamed from eth12
[  558.156700][T11422] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  558.184026][T11422] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  558.260361][T11422] wireguard: wg0: Could not create IPv4 socket
[  558.314828][T11422] wireguard: wg1: Could not create IPv4 socket
[  558.429366][T11422] wireguard: wg2: Could not create IPv4 socket
[  558.623864][T11500] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1318'.
[  558.824680][ T5858] Bluetooth: hci2: command tx timeout
[  559.854771][T11505] kexec: Could not allocate control_code_buffer
[  562.980427][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  563.000012][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  563.013586][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  563.029949][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  563.039487][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  563.078063][T11538] Failed to initialize the IGMP autojoin socket (err -2)
[  563.349002][   T30] audit: type=1400 audit(1757050828.074:518): avc:  denied  { remount } for  pid=11542 comm="syz.0.1325" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  564.168107][   T30] audit: type=1400 audit(1757050828.832:519): avc:  denied  { unmount } for  pid=5851 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  564.539956][ T5909] usb 1-1: new full-speed USB device number 34 using dummy_hcd
[  564.765878][ T5909] usb 1-1: config 8 has an invalid interface number: 80 but max is 0
[  564.774236][ T5909] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  564.980512][ T5909] usb 1-1: config 8 has no interface number 0
[  565.007008][ T5909] usb 1-1: config 8 interface 80 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  565.029870][ T5909] usb 1-1: config 8 interface 80 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 14
[  565.060381][ T5909] usb 1-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.6f
[  565.077431][ T5909] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.127626][ T5909] usb 1-1: NFC: intf ffff888029282000 id ffffffff8f569700
[  565.235464][ T5857] Bluetooth: hci2: command tx timeout
[  565.770478][ T5909] usb 1-1: USB disconnect, device number 34
[  567.400681][   T30] audit: type=1400 audit(1757050831.835:520): avc:  denied  { read } for  pid=11599 comm="syz.1.1333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  567.458428][ T5857] Bluetooth: hci2: command tx timeout
[  567.883273][   T30] audit: type=1326 audit(1757050831.984:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11595 comm="syz.4.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7cab8ebe9 code=0x7ffc0000
[  567.951928][   T30] audit: type=1326 audit(1757050831.994:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11595 comm="syz.4.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7cab8ebe9 code=0x7ffc0000
[  568.029366][   T30] audit: type=1326 audit(1757050831.994:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11595 comm="syz.4.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7fb7cab8ebe9 code=0x7ffc0000
[  568.129000][   T30] audit: type=1326 audit(1757050831.994:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11595 comm="syz.4.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7cab8ebe9 code=0x7ffc0000
[  568.156604][   T30] audit: type=1326 audit(1757050831.994:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11595 comm="syz.4.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7cab8ebe9 code=0x7ffc0000
[  568.288165][   T30] audit: type=1326 audit(1757050831.994:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11595 comm="syz.4.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fb7cab8ebe9 code=0x7ffc0000
[  568.423198][   T30] audit: type=1326 audit(1757050831.994:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11595 comm="syz.4.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7cab8ebe9 code=0x7ffc0000
[  568.917271][T11538] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  568.962404][T11538] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  568.997636][T11538] wireguard: wg0: Could not create IPv4 socket
[  569.024303][T11538] wireguard: wg1: Could not create IPv4 socket
[  569.058079][T11538] wireguard: wg2: Could not create IPv4 socket
[  572.046194][   T43] usb 5-1: new low-speed USB device number 39 using dummy_hcd
[  572.146174][T11679] loop2: detected capacity change from 0 to 7
[  572.165755][T11679] Dev loop2: unable to read RDB block 7
[  572.172596][T11679]  loop2: unable to read partition table
[  572.182268][T11679] loop2: partition table beyond EOD, truncated
[  572.248208][T11679] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  572.312207][   T43] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  572.320421][   T43] usb 5-1: config 0 has no interface number 0
[  572.348495][   T43] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  572.382164][   T43] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  572.414935][   T43] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  572.483673][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.535292][   T43] usb 5-1: config 0 descriptor??
[  572.547438][T11672] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  572.633310][   T43] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  572.719360][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  572.728459][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  572.738537][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  572.745712][ T5973] usb 2-1: new low-speed USB device number 41 using dummy_hcd
[  572.770260][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  572.826074][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  572.858663][T11672] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  572.912622][ T5973] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  572.920972][ T5973] usb 2-1: config 0 has no interface number 0
[  572.927348][ T5973] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  572.930269][T11691] Failed to initialize the IGMP autojoin socket (err -2)
[  572.942708][ T5973] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  572.967973][T11672] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  572.992704][ T5973] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  573.021773][   T10] usb 5-1: USB disconnect, device number 39
[  573.027746][    C0] iowarrior 5-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  573.100597][ T5973] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.194052][ T5973] usb 2-1: config 0 descriptor??
[  573.223940][T11686] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  573.257365][ T5973] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  573.546330][T11686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  573.590797][T11686] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  573.661252][ T5973] usb 2-1: USB disconnect, device number 41
[  573.667222][    C0] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  574.203652][T11691] netdevsim netdevsim2 netdevsim0: renamed from eth9
[  574.222919][T11691] netdevsim netdevsim2 netdevsim1: renamed from eth10
[  574.249774][T11691] netdevsim netdevsim2 netdevsim2: renamed from eth11
[  574.263347][T11691] netdevsim netdevsim2 netdevsim3: renamed from eth12
[  574.824221][T11749] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1343'.
[  574.986911][ T5857] Bluetooth: hci2: command tx timeout
[  575.124908][T11751] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1344'.
[  575.133899][T11751] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1344'.
[  575.250841][T11691] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  575.386951][T11691] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  576.127638][T11691] wireguard: wg0: Could not create IPv4 socket
[  576.213645][T11691] wireguard: wg1: Could not create IPv4 socket
[  576.302671][T11691] wireguard: wg2: Could not create IPv4 socket
[  576.616020][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  576.625652][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  576.634066][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  576.642808][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  576.650181][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  576.706609][ T5974] usb 2-1: new full-speed USB device number 42 using dummy_hcd
[  576.772996][T11766] Failed to initialize the IGMP autojoin socket (err -2)
[  577.165057][ T5974] usb 2-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  577.196979][ T5974] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.211704][ T5974] usb 2-1: Product: syz
[  577.215878][ T5974] usb 2-1: Manufacturer: syz
[  577.386532][ T5974] usb 2-1: SerialNumber: syz
[  577.483732][ T5974] usb 2-1: config 0 descriptor??
[  578.833268][ T5858] Bluetooth: hci2: command tx timeout
[  578.865847][T11792] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1346'.
[  580.309159][T11813] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[11813]
[  580.913874][T11818] loop2: detected capacity change from 0 to 7
[  580.922412][T11818] Dev loop2: unable to read RDB block 7
[  580.961483][T11818]  loop2: unable to read partition table
[  581.024149][T11818] loop2: partition table beyond EOD, truncated
[  581.032345][T11818] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  581.110919][ T5858] Bluetooth: hci2: command tx timeout
[  581.968720][   T43] usb 2-1: USB disconnect, device number 42
[  582.181471][T11845] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1355'.
[  583.280700][ T5858] Bluetooth: hci2: command tx timeout
[  583.505839][T11766] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  583.638249][T11766] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  583.711690][T11766] wireguard: wg0: Could not create IPv4 socket
[  583.747693][T11766] wireguard: wg1: Could not create IPv4 socket
[  583.793203][T11766] wireguard: wg2: Could not create IPv4 socket
[  585.959589][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  586.081762][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  586.089973][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  586.098395][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  586.105957][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  586.151089][T11945] Failed to initialize the IGMP autojoin socket (err -2)
[  586.487422][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  586.487439][   T30] audit: type=1400 audit(1757050849.720:536): avc:  denied  { ioctl } for  pid=11955 comm="syz.4.1368" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0x9432 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  586.794886][ T5973] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  587.040928][ T5973] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  587.061025][ T5973] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  587.128301][ T5973] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  587.153218][ T5973] usb 5-1: config 220 has no interface number 2
[  587.172943][ T5973] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  587.205119][ T5973] usb 5-1: config 220 interface 0 has no altsetting 0
[  587.211959][ T5973] usb 5-1: config 220 interface 76 has no altsetting 0
[  587.233405][ T5973] usb 5-1: config 220 interface 1 has no altsetting 0
[  587.261482][ T5973] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  587.274601][ T5973] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.290842][ T5973] usb 5-1: Product: syz
[  587.295017][ T5973] usb 5-1: Manufacturer: syz
[  587.311171][ T5973] usb 5-1: SerialNumber: syz
[  587.676181][T11957] 9pnet_fd: p9_fd_create_unix (11957): problem connecting socket: ./file0: -5
[  587.771432][ T5973] usb 5-1: Found UVC 7.01 device syz (8086:0b07)
[  587.789113][T11945] netdevsim netdevsim2 netdevsim0: renamed from eth9
[  587.800109][ T5973] usb 5-1: No valid video chain found.
[  587.806772][ T5973] usb 5-1: selecting invalid altsetting 0
[  587.826603][T11945] netdevsim netdevsim2 netdevsim1: renamed from eth10
[  587.857348][ T5973] usb 5-1: selecting invalid altsetting 0
[  587.864605][ T5973] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[  587.881444][T11945] netdevsim netdevsim2 netdevsim2: renamed from eth11
[  587.886315][ T5973] usb 5-1: USB disconnect, device number 40
[  587.917830][T11945] netdevsim netdevsim2 netdevsim3: renamed from eth12
[  588.279408][T11945] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  588.303801][T11945] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  588.324727][T11945] wireguard: wg0: Could not create IPv4 socket
[  588.329185][ T5857] Bluetooth: hci2: command tx timeout
[  588.335537][T11945] wireguard: wg1: Could not create IPv4 socket
[  588.345106][T11945] wireguard: wg2: Could not create IPv4 socket
[  588.733979][T12012] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1370'.
[  588.757245][T12014] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1371'.
[  588.812850][T12016] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  588.926653][T12023] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1370'.
[  589.470340][ T5973] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[  589.641518][   T43] usb 5-1: new full-speed USB device number 41 using dummy_hcd
[  589.796155][ T5973] usb 2-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  589.816908][ T5973] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  589.830292][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  589.840059][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  589.848633][ T5973] usb 2-1: Product: syz
[  589.852940][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  589.860022][ T5973] usb 2-1: Manufacturer: syz
[  589.865566][ T5973] usb 2-1: SerialNumber: syz
[  589.870888][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  589.879470][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  589.896146][ T5973] usb 2-1: config 0 descriptor??
[  589.911722][   T43] usb 5-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  589.926354][T12040] Failed to initialize the IGMP autojoin socket (err -2)
[  589.956288][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  589.990754][   T43] usb 5-1: Product: syz
[  589.998597][   T43] usb 5-1: Manufacturer: syz
[  590.003316][   T43] usb 5-1: SerialNumber: syz
[  590.027788][   T43] usb 5-1: config 0 descriptor??
[  590.152028][T12026] FAULT_INJECTION: forcing a failure.
[  590.152028][T12026] name failslab, interval 1, probability 0, space 0, times 0
[  590.173338][T12026] CPU: 0 UID: 0 PID: 12026 Comm: syz.1.1373 Not tainted syzkaller #0 PREEMPT(full) 
[  590.173363][T12026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  590.173372][T12026] Call Trace:
[  590.173378][T12026]  <TASK>
[  590.173385][T12026]  dump_stack_lvl+0x16c/0x1f0
[  590.173409][T12026]  should_fail_ex+0x512/0x640
[  590.173429][T12026]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  590.173449][T12026]  should_failslab+0xc2/0x120
[  590.173468][T12026]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  590.173494][T12026]  ? alloc_inode+0x61/0x240
[  590.173522][T12026]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  590.173540][T12026]  alloc_inode+0x61/0x240
[  590.173565][T12026]  new_inode+0x22/0x1c0
[  590.173592][T12026]  __debugfs_create_file+0x11c/0x6b0
[  590.173617][T12026]  debugfs_create_file_short+0x41/0x60
[  590.173642][T12026]  ieee80211_debugfs_recreate_netdev+0x4e6/0x17e0
[  590.173664][T12026]  ? __pfx_ieee80211_debugfs_recreate_netdev+0x10/0x10
[  590.173687][T12026]  ? ieee80211_link_setup+0x5e/0x90
[  590.173703][T12026]  ? ieee80211_setup_sdata+0x5b5/0xcf0
[  590.173732][T12026]  ieee80211_if_change_type+0x2ba/0x800
[  590.173764][T12026]  ieee80211_change_iface+0xa5/0x500
[  590.173788][T12026]  cfg80211_change_iface+0x57f/0xdc0
[  590.173810][T12026]  nl80211_set_interface+0x911/0xcb0
[  590.173834][T12026]  ? __pfx_nl80211_set_interface+0x10/0x10
[  590.173860][T12026]  ? nl80211_pre_doit+0x71e/0xb10
[  590.173885][T12026]  ? nl80211_pre_doit+0x1b0/0xb10
[  590.173915][T12026]  genl_family_rcv_msg_doit+0x206/0x2f0
[  590.173941][T12026]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  590.173973][T12026]  ? bpf_lsm_capable+0x9/0x10
[  590.173997][T12026]  ? security_capable+0x7e/0x260
[  590.174018][T12026]  ? ns_capable+0xd7/0x110
[  590.174042][T12026]  genl_rcv_msg+0x55c/0x800
[  590.174069][T12026]  ? __pfx_genl_rcv_msg+0x10/0x10
[  590.174091][T12026]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  590.174115][T12026]  ? __pfx_nl80211_set_interface+0x10/0x10
[  590.174132][T12026]  ? __pfx_nl80211_post_doit+0x10/0x10
[  590.174155][T12026]  ? __lock_acquire+0x62e/0x1ce0
[  590.174185][T12026]  netlink_rcv_skb+0x155/0x420
[  590.174205][T12026]  ? __pfx_genl_rcv_msg+0x10/0x10
[  590.174230][T12026]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  590.174261][T12026]  ? netlink_deliver_tap+0x1ae/0xd30
[  590.174279][T12026]  ? selinux_netlink_send+0x578/0x830
[  590.174301][T12026]  ? is_vmalloc_addr+0x86/0xa0
[  590.174321][T12026]  genl_rcv+0x28/0x40
[  590.174340][T12026]  netlink_unicast+0x5aa/0x870
[  590.174364][T12026]  ? __pfx_netlink_unicast+0x10/0x10
[  590.174385][T12026]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  590.174411][T12026]  netlink_sendmsg+0x8d1/0xdd0
[  590.174435][T12026]  ? __pfx_netlink_sendmsg+0x10/0x10
[  590.174466][T12026]  ____sys_sendmsg+0xa95/0xc70
[  590.174497][T12026]  ? copy_msghdr_from_user+0x10a/0x160
[  590.174515][T12026]  ? __pfx_____sys_sendmsg+0x10/0x10
[  590.174551][T12026]  ___sys_sendmsg+0x134/0x1d0
[  590.174574][T12026]  ? __pfx____sys_sendmsg+0x10/0x10
[  590.174626][T12026]  __sys_sendmsg+0x16d/0x220
[  590.174646][T12026]  ? __pfx___sys_sendmsg+0x10/0x10
[  590.174683][T12026]  do_syscall_64+0xcd/0x4c0
[  590.174706][T12026]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.174722][T12026] RIP: 0033:0x7f828858ebe9
[  590.174737][T12026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  590.174755][T12026] RSP: 002b:00007f82893ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  590.174772][T12026] RAX: ffffffffffffffda RBX: 00007f82887c5fa0 RCX: 00007f828858ebe9
[  590.174783][T12026] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005
[  590.174794][T12026] RBP: 00007f82893ad090 R08: 0000000000000000 R09: 0000000000000000
[  590.174804][T12026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  590.174814][T12026] R13: 00007f82887c6038 R14: 00007f82887c5fa0 R15: 00007ffe30f59638
[  590.174838][T12026]  </TASK>
[  590.174846][T12026] debugfs: out of free dentries, can not create file 'rc_rateidx_mcs_mask_5ghz'
[  590.240362][ T5909] usb 1-1: new low-speed USB device number 35 using dummy_hcd
[  590.446037][T12057] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1375'.
[  590.611919][   T43] usb 2-1: USB disconnect, device number 43
[  590.638240][ T5909] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  590.648921][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  590.655202][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  590.666665][ T5909] usb 1-1: config 0 has no interface number 0
[  590.752967][ T5909] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  590.844409][ T5909] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  590.906142][ T5909] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  590.944036][ T5909] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.963305][ T5909] usb 1-1: config 0 descriptor??
[  590.981864][T12045] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  590.997061][ T5909] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  591.343438][T12045] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  591.396868][T12045] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  591.478788][ T5909] usb 1-1: USB disconnect, device number 35
[  591.485029][    C1] iowarrior 1-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  592.090203][ T5858] Bluetooth: hci2: command tx timeout
[  593.011760][   T30] audit: type=1400 audit(1757050855.295:537): avc:  denied  { read } for  pid=12091 comm="iou-sqp-12099" name="file0" dev="tmpfs" ino=1560 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  593.128784][   T30] audit: type=1400 audit(1757050855.295:538): avc:  denied  { open } for  pid=12091 comm="iou-sqp-12099" path="/295/file0" dev="tmpfs" ino=1560 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  593.638175][ T5973] usb 5-1: USB disconnect, device number 41
[  593.808258][T12040] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  593.874157][T12040] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  593.951165][T12040] wireguard: wg0: Could not create IPv4 socket
[  593.959879][T12040] wireguard: wg1: Could not create IPv4 socket
[  593.968891][T12040] wireguard: wg2: Could not create IPv4 socket
[  594.377359][ T5858] Bluetooth: hci2: command tx timeout
[  596.419553][T10970] usb 2-1: new low-speed USB device number 44 using dummy_hcd
[  596.616043][T10970] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  596.650510][T10970] usb 2-1: config 0 has no interface number 0
[  596.676423][T10970] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  596.717012][T10970] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  596.753026][T10970] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  596.774732][T10970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.788320][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  596.798362][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  596.809185][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  596.827319][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  596.834853][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  596.856341][T10970] usb 2-1: config 0 descriptor??
[  596.870667][T12131] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  596.899057][T10970] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  596.934144][T12136] Failed to initialize the IGMP autojoin socket (err -2)
[  597.121992][T12131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  597.170960][T12131] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.234999][T10970] usb 2-1: USB disconnect, device number 44
[  597.240942][    C0] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  598.233913][T10970] usb 1-1: new low-speed USB device number 36 using dummy_hcd
[  598.493422][T10970] usb 1-1: device descriptor read/64, error -71
[  598.761772][T10970] usb 1-1: new low-speed USB device number 37 using dummy_hcd
[  598.834288][T12136] netdevsim netdevsim2 netdevsim0: renamed from eth9
[  598.861209][T12136] netdevsim netdevsim2 netdevsim1: renamed from eth10
[  598.877566][T12136] netdevsim netdevsim2 netdevsim2: renamed from eth11
[  598.895067][T12136] netdevsim netdevsim2 netdevsim3: renamed from eth12
[  598.912299][T10970] usb 1-1: device descriptor read/64, error -71
[  599.017111][ T5858] Bluetooth: hci2: command tx timeout
[  599.049849][T10970] usb usb1-port1: attempt power cycle
[  599.281184][T12136] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  599.302501][T12136] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  599.324837][T12136] wireguard: wg0: Could not create IPv4 socket
[  599.333490][T12136] wireguard: wg1: Could not create IPv4 socket
[  599.344206][T12136] wireguard: wg2: Could not create IPv4 socket
[  599.434544][T10970] usb 1-1: new low-speed USB device number 38 using dummy_hcd
[  599.477832][T10970] usb 1-1: device descriptor read/8, error -71
[  599.733629][T10970] usb 1-1: new low-speed USB device number 39 using dummy_hcd
[  599.784912][T10970] usb 1-1: device descriptor read/8, error -71
[  599.913582][T10970] usb usb1-port1: unable to enumerate USB device
[  600.965808][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  600.975175][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  600.983566][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  600.997553][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  601.006572][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  601.044677][T12220] Failed to initialize the IGMP autojoin socket (err -2)
[  601.443559][ T5909] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  601.711423][ T5909] usb 2-1: Using ep0 maxpacket: 16
[  601.770239][ T5909] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  601.797473][ T5909] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  601.846218][T12239] FAULT_INJECTION: forcing a failure.
[  601.846218][T12239] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  601.909324][ T5909] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  601.920154][T12239] CPU: 1 UID: 0 PID: 12239 Comm: syz.4.1395 Not tainted syzkaller #0 PREEMPT(full) 
[  601.920178][T12239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  601.920188][T12239] Call Trace:
[  601.920193][T12239]  <TASK>
[  601.920201][T12239]  dump_stack_lvl+0x16c/0x1f0
[  601.920223][T12239]  should_fail_ex+0x512/0x640
[  601.920245][T12239]  _copy_to_user+0x32/0xd0
[  601.920268][T12239]  simple_read_from_buffer+0xcb/0x170
[  601.920287][T12239]  proc_fail_nth_read+0x197/0x240
[  601.920307][T12239]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  601.920328][T12239]  ? rw_verify_area+0xcf/0x6c0
[  601.920352][T12239]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  601.920370][T12239]  vfs_read+0x1e1/0xcf0
[  601.920389][T12239]  ? __pfx___mutex_lock+0x10/0x10
[  601.920408][T12239]  ? __pfx_vfs_read+0x10/0x10
[  601.920436][T12239]  ? __fget_files+0x20e/0x3c0
[  601.920461][T12239]  ksys_read+0x12a/0x250
[  601.920477][T12239]  ? __pfx_ksys_read+0x10/0x10
[  601.920500][T12239]  do_syscall_64+0xcd/0x4c0
[  601.920521][T12239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.920537][T12239] RIP: 0033:0x7fb7cab8d5fc
[  601.920550][T12239] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  601.920566][T12239] RSP: 002b:00007fb7cba90030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  601.920583][T12239] RAX: ffffffffffffffda RBX: 00007fb7cadc6090 RCX: 00007fb7cab8d5fc
[  601.920593][T12239] RDX: 000000000000000f RSI: 00007fb7cba900a0 RDI: 0000000000000007
[  601.920603][T12239] RBP: 00007fb7cba90090 R08: 0000000000000000 R09: 0000000000000000
[  601.920612][T12239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  601.920622][T12239] R13: 00007fb7cadc6128 R14: 00007fb7cadc6090 R15: 00007ffe4ccfcb08
[  601.920644][T12239]  </TASK>
[  602.105401][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  602.120051][ T5909] usb 2-1: config 0 descriptor??
[  602.775272][T12253] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  602.803837][T12253] CIFS: Unable to determine destination address
[  603.207918][ T5858] Bluetooth: hci2: command tx timeout
[  603.311439][T12266] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1398'.
[  603.764226][T10970] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  603.928251][T12220] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  603.959143][T10970] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  603.981478][T10970] usb 5-1: New USB device found, idVendor=05a4, idProduct=2000, bcdDevice= 0.00
[  604.001646][T12220] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  604.020442][T10970] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.043791][T10970] usb 5-1: config 0 descriptor??
[  604.052728][ T5853] usb 1-1: new low-speed USB device number 40 using dummy_hcd
[  604.073349][T12220] wireguard: wg0: Could not create IPv4 socket
[  604.094842][T12220] wireguard: wg1: Could not create IPv4 socket
[  604.114941][T12220] wireguard: wg2: Could not create IPv4 socket
[  604.249481][ T5853] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  604.260725][ T5853] usb 1-1: config 0 has no interface number 0
[  604.277047][ T5853] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  604.300171][ T5853] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  604.327224][ T5853] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  604.348044][ T5853] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.369297][ T5853] usb 1-1: config 0 descriptor??
[  604.392009][T12275] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  604.422156][ T5853] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  604.518364][ T5909] usbhid 2-1:0.0: can't add hid device: -71
[  604.524748][ T5909] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  604.551088][ T5909] usb 2-1: USB disconnect, device number 45
[  604.643535][T12275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.668297][T10970] ortek 0003:05A4:2000.0025: unknown main item tag 0x4
[  604.686817][T10970] ortek 0003:05A4:2000.0025: unknown main item tag 0x5
[  604.821917][T12275] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  604.822565][T10970] ortek 0003:05A4:2000.0025: hidraw0: USB HID v0.00 Device [HID 05a4:2000] on usb-dummy_hcd.4-1/input0
[  604.880727][ T5909] usb 1-1: USB disconnect, device number 40
[  604.880763][    C0] iowarrior 1-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  604.964860][T10970] usb 5-1: USB disconnect, device number 42
[  605.050995][T12300] fido_id[12300]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  608.571563][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  608.581465][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  608.594138][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  608.601794][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  608.609358][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  608.639932][T12370] Failed to initialize the IGMP autojoin socket (err -2)
[  609.669200][   T30] audit: type=1400 audit(1757050871.402:539): avc:  denied  { listen } for  pid=12383 comm="syz.4.1406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  609.828979][   T30] audit: type=1400 audit(1757050871.402:540): avc:  denied  { ioctl } for  pid=12383 comm="syz.4.1406" path="socket:[39076]" dev="sockfs" ino=39076 ioctlcmd=0x6686 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  610.479973][T12370] netdevsim netdevsim2 netdevsim0: renamed from eth9
[  610.499796][T12370] netdevsim netdevsim2 netdevsim1: renamed from eth10
[  610.515998][T12370] netdevsim netdevsim2 netdevsim2: renamed from eth11
[  610.527183][T12370] netdevsim netdevsim2 netdevsim3: renamed from eth12
[  610.820117][ T5858] Bluetooth: hci2: command tx timeout
[  610.898360][T12370] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  610.933206][T12370] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  610.951458][T12370] wireguard: wg0: Could not create IPv4 socket
[  610.960292][T12370] wireguard: wg1: Could not create IPv4 socket
[  610.969414][T12370] wireguard: wg2: Could not create IPv4 socket
[  612.383004][T12451] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  612.530479][   T43] usb 2-1: new full-speed USB device number 46 using dummy_hcd
[  612.708394][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  612.719237][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  612.733203][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  612.749845][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  612.758924][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  612.785498][T12461] Failed to initialize the IGMP autojoin socket (err -2)
[  612.786572][ T5853] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  612.853379][   T43] usb 2-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  612.872095][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.880292][   T43] usb 2-1: Product: syz
[  612.884658][   T43] usb 2-1: Manufacturer: syz
[  612.889394][   T43] usb 2-1: SerialNumber: syz
[  612.906746][   T43] usb 2-1: config 0 descriptor??
[  612.990268][ T5853] usb 1-1: Using ep0 maxpacket: 16
[  613.015358][ T5853] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  613.071458][ T5853] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  613.118032][ T5853] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  613.166147][ T5853] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.205414][ T5853] usb 1-1: config 0 descriptor??
[  613.298383][T12472] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1409'.
[  613.679035][   T30] audit: type=1400 audit(1757050875.078:541): avc:  denied  { ioctl } for  pid=12452 comm="syz.1.1409" path="/dev/input/mouse0" dev="devtmpfs" ino=976 ioctlcmd=0x6418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  614.142028][T12482] loop2: detected capacity change from 0 to 7
[  614.252817][T12482] Dev loop2: unable to read RDB block 7
[  614.258940][T12482]  loop2: unable to read partition table
[  614.265886][T12482] loop2: partition table beyond EOD, truncated
[  614.272710][T12482] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  614.924761][ T5857] Bluetooth: hci2: command tx timeout
[  615.624442][ T5853] usbhid 1-1:0.0: can't add hid device: -71
[  615.641026][ T5853] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  615.697529][ T5853] usb 1-1: USB disconnect, device number 41
[  615.749100][T10970] usb 2-1: USB disconnect, device number 46
[  616.263960][ T5853] usb 1-1: new low-speed USB device number 42 using dummy_hcd
[  616.619563][T12461] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  616.641830][T12461] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  616.690730][ T5853] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  616.698837][ T5853] usb 1-1: config 0 has no interface number 0
[  616.761151][T12461] wireguard: wg0: Could not create IPv4 socket
[  616.763567][ T5853] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  616.794483][T12461] wireguard: wg1: Could not create IPv4 socket
[  616.847051][ T5853] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  616.848826][T12461] wireguard: wg2: Could not create IPv4 socket
[  616.861202][ T5853] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  616.958079][ T5853] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  617.045084][ T5853] usb 1-1: config 0 descriptor??
[  617.110187][T12513] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  617.191221][ T5857] Bluetooth: hci2: command tx timeout
[  617.211144][ T5853] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  617.407281][T12513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  617.426792][T12513] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  617.501396][ T5853] usb 1-1: USB disconnect, device number 42
[  621.034552][T12616] kexec: Could not allocate control_code_buffer
[  621.264190][   T30] audit: type=1400 audit(1757050882.253:542): avc:  denied  { mount } for  pid=12605 comm="syz.0.1417" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  621.527131][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  621.537002][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  621.545567][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  621.555332][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  621.562962][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  621.593073][T12621] Failed to initialize the IGMP autojoin socket (err -2)
[  622.361731][T12621] netdevsim netdevsim2 netdevsim0: renamed from eth9
[  622.394114][T12621] netdevsim netdevsim2 netdevsim1: renamed from eth10
[  622.419595][T12621] netdevsim netdevsim2 netdevsim2: renamed from eth11
[  622.435714][T12621] netdevsim netdevsim2 netdevsim3: renamed from eth12
[  622.770236][T12621] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  622.800622][T12621] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  622.827053][T12621] wireguard: wg0: Could not create IPv4 socket
[  622.835431][T12621] wireguard: wg1: Could not create IPv4 socket
[  622.848694][T12621] wireguard: wg2: Could not create IPv4 socket
[  623.224441][T12678] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1423'.
[  623.394641][T12689] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1423'.
[  623.949589][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  623.964449][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  623.973776][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  624.403162][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  624.413698][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  624.451809][T12696] Failed to initialize the IGMP autojoin socket (err -2)
[  624.846044][T12711] loop2: detected capacity change from 0 to 7
[  625.009968][T12711] Dev loop2: unable to read RDB block 7
[  625.016938][T12711]  loop2: unable to read partition table
[  625.026456][T12711] loop2: partition table beyond EOD, truncated
[  626.641636][ T5858] Bluetooth: hci2: command tx timeout
[  626.988979][T12722] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12
[  626.998802][T12722] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12
[  627.008586][T12722] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  627.119821][T12711] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  627.366526][T12730] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1428'.
[  627.375676][T12730] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1428'.
[  627.384794][T12730] netlink: 'syz.4.1428': attribute type 12 has an invalid length.
[  627.392746][T12730] netlink: 'syz.4.1428': attribute type 11 has an invalid length.
[  628.229797][T12738] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1431'.
[  628.260213][T12738] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1431'.
[  628.987007][ T5857] Bluetooth: hci2: command tx timeout
[  629.210005][T12752] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1433'.
[  630.551053][T12764] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12
[  630.560567][T12764] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12
[  630.570251][T12764] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  630.832345][ T5857] Bluetooth: hci4: command 0x0406 tx timeout
[  631.239356][ T5857] Bluetooth: hci2: command tx timeout
[  632.040435][ T5937] usb 5-1: new full-speed USB device number 43 using dummy_hcd
[  632.174684][T12696] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  632.208182][T12696] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  632.236260][T12696] wireguard: wg0: Could not create IPv4 socket
[  632.237214][ T5937] usb 5-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  632.245469][T12696] wireguard: wg1: Could not create IPv4 socket
[  632.260116][ T5937] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.267669][T12696] wireguard: wg2: Could not create IPv4 socket
[  632.278750][ T5937] usb 5-1: Product: syz
[  632.290076][ T5937] usb 5-1: Manufacturer: syz
[  632.300547][ T5937] usb 5-1: SerialNumber: syz
[  632.327868][ T5937] usb 5-1: config 0 descriptor??
[  632.572047][T12777] FAULT_INJECTION: forcing a failure.
[  632.572047][T12777] name failslab, interval 1, probability 0, space 0, times 0
[  632.589187][T12777] CPU: 0 UID: 0 PID: 12777 Comm: syz.4.1437 Not tainted syzkaller #0 PREEMPT(full) 
[  632.589213][T12777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  632.589224][T12777] Call Trace:
[  632.589229][T12777]  <TASK>
[  632.589235][T12777]  dump_stack_lvl+0x16c/0x1f0
[  632.589260][T12777]  should_fail_ex+0x512/0x640
[  632.589281][T12777]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  632.589305][T12777]  should_failslab+0xc2/0x120
[  632.589326][T12777]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  632.589344][T12777]  ? __d_alloc+0x32/0xae0
[  632.589369][T12777]  __d_alloc+0x32/0xae0
[  632.589394][T12777]  d_alloc_parallel+0x111/0x1480
[  632.589425][T12777]  ? __lock_acquire+0x62e/0x1ce0
[  632.589455][T12777]  ? __lock_acquire+0xb97/0x1ce0
[  632.589480][T12777]  ? __pfx_d_alloc_parallel+0x10/0x10
[  632.589510][T12777]  ? lockdep_init_map_type+0x5c/0x280
[  632.589528][T12777]  ? lockdep_init_map_type+0x5c/0x280
[  632.589548][T12777]  __lookup_slow+0x193/0x460
[  632.589575][T12777]  ? __pfx___lookup_slow+0x10/0x10
[  632.589600][T12777]  ? pcpu_next_md_free_region+0x340/0x380
[  632.589633][T12777]  ? pcpu_next_md_free_region+0x340/0x380
[  632.589659][T12777]  ? d_lookup+0xe7/0x190
[  632.589690][T12777]  lookup_noperm+0xe1/0x110
[  632.589716][T12777]  simple_start_creating+0xd1/0x1b0
[  632.589739][T12777]  start_creating.part.0+0x82/0x190
[  632.589760][T12777]  __debugfs_create_file+0xa7/0x6b0
[  632.589786][T12777]  debugfs_create_file_short+0x41/0x60
[  632.589810][T12777]  ieee80211_debugfs_recreate_netdev+0x4e6/0x17e0
[  632.589834][T12777]  ? __pfx_ieee80211_debugfs_recreate_netdev+0x10/0x10
[  632.589856][T12777]  ? ieee80211_link_setup+0x5e/0x90
[  632.589873][T12777]  ? ieee80211_setup_sdata+0x5b5/0xcf0
[  632.589901][T12777]  ieee80211_if_change_type+0x2ba/0x800
[  632.589932][T12777]  ieee80211_change_iface+0xa5/0x500
[  632.589957][T12777]  cfg80211_change_iface+0x57f/0xdc0
[  632.589979][T12777]  nl80211_set_interface+0x911/0xcb0
[  632.590003][T12777]  ? __pfx_nl80211_set_interface+0x10/0x10
[  632.590043][T12777]  ? nl80211_pre_doit+0x71e/0xb10
[  632.590069][T12777]  ? nl80211_pre_doit+0x1b0/0xb10
[  632.590099][T12777]  genl_family_rcv_msg_doit+0x206/0x2f0
[  632.590126][T12777]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  632.590157][T12777]  ? bpf_lsm_capable+0x9/0x10
[  632.590189][T12777]  ? security_capable+0x7e/0x260
[  632.590211][T12777]  ? ns_capable+0xd7/0x110
[  632.590234][T12777]  genl_rcv_msg+0x55c/0x800
[  632.590261][T12777]  ? __pfx_genl_rcv_msg+0x10/0x10
[  632.590284][T12777]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  632.590308][T12777]  ? __pfx_nl80211_set_interface+0x10/0x10
[  632.590325][T12777]  ? __pfx_nl80211_post_doit+0x10/0x10
[  632.590350][T12777]  ? __lock_acquire+0x62e/0x1ce0
[  632.590377][T12777]  netlink_rcv_skb+0x155/0x420
[  632.590396][T12777]  ? __pfx_genl_rcv_msg+0x10/0x10
[  632.590418][T12777]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  632.590450][T12777]  ? netlink_deliver_tap+0x1ae/0xd30
[  632.590468][T12777]  ? selinux_netlink_send+0x578/0x830
[  632.590489][T12777]  ? is_vmalloc_addr+0x86/0xa0
[  632.590509][T12777]  genl_rcv+0x28/0x40
[  632.590529][T12777]  netlink_unicast+0x5aa/0x870
[  632.590554][T12777]  ? __pfx_netlink_unicast+0x10/0x10
[  632.590574][T12777]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  632.590603][T12777]  netlink_sendmsg+0x8d1/0xdd0
[  632.590626][T12777]  ? __pfx_netlink_sendmsg+0x10/0x10
[  632.590658][T12777]  ____sys_sendmsg+0xa95/0xc70
[  632.590683][T12777]  ? copy_msghdr_from_user+0x10a/0x160
[  632.590702][T12777]  ? __pfx_____sys_sendmsg+0x10/0x10
[  632.590738][T12777]  ___sys_sendmsg+0x134/0x1d0
[  632.590758][T12777]  ? __pfx____sys_sendmsg+0x10/0x10
[  632.590813][T12777]  __sys_sendmsg+0x16d/0x220
[  632.590831][T12777]  ? __pfx___sys_sendmsg+0x10/0x10
[  632.590870][T12777]  do_syscall_64+0xcd/0x4c0
[  632.590891][T12777]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.590908][T12777] RIP: 0033:0x7fb7cab8ebe9
[  632.590924][T12777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  632.590942][T12777] RSP: 002b:00007fb7cbab1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  632.590959][T12777] RAX: ffffffffffffffda RBX: 00007fb7cadc5fa0 RCX: 00007fb7cab8ebe9
[  632.590970][T12777] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005
[  632.590980][T12777] RBP: 00007fb7cbab1090 R08: 0000000000000000 R09: 0000000000000000
[  632.590990][T12777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  632.590999][T12777] R13: 00007fb7cadc6038 R14: 00007fb7cadc5fa0 R15: 00007ffe4ccfcb08
[  632.591025][T12777]  </TASK>
[  632.593920][    T9] usb 5-1: USB disconnect, device number 43
[  635.089732][    T9] usb 2-1: new low-speed USB device number 47 using dummy_hcd
[  635.774274][    T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  635.784752][    T9] usb 2-1: config 0 has no interface number 0
[  635.801720][    T9] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  636.236312][    T9] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  636.247640][    T9] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  636.256991][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  636.281234][    T9] usb 2-1: config 0 descriptor??
[  636.296995][T12838] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  636.323546][    T9] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  636.371371][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  636.382068][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  636.390350][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  636.404146][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  636.411806][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  636.448195][T12858] Failed to initialize the IGMP autojoin socket (err -2)
[  636.694582][T12838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  636.716677][T12838] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  636.779587][    C1] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1
[  636.789984][    T9] usb 2-1: USB disconnect, device number 47
[  637.108184][   T30] audit: type=1400 audit(1757050897.079:543): avc:  denied  { append } for  pid=12877 comm="syz.4.1443" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  638.198362][ T5909] usb 2-1: new full-speed USB device number 48 using dummy_hcd
[  638.362029][ T5909] usb 2-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  638.371466][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  638.379538][ T5909] usb 2-1: Product: syz
[  638.427147][ T5909] usb 2-1: Manufacturer: syz
[  638.531562][ T5909] usb 2-1: SerialNumber: syz
[  638.548257][ T5909] usb 2-1: config 0 descriptor??
[  638.623648][ T5858] Bluetooth: hci2: command tx timeout
[  639.152523][T12912] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1444'.
[  640.361533][T12858] netdevsim netdevsim2 netdevsim0: renamed from eth9
[  640.380446][T12858] netdevsim netdevsim2 netdevsim1: renamed from eth10
[  640.431263][T12858] netdevsim netdevsim2 netdevsim2: renamed from eth11
[  640.460394][T12858] netdevsim netdevsim2 netdevsim3: renamed from eth12
[  640.841267][ T5858] Bluetooth: hci2: command tx timeout
[  641.092152][T12858] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  641.157003][T12858] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  641.230801][T12858] wireguard: wg0: Could not create IPv4 socket
[  641.247806][T12955] netlink: 'syz.4.1449': attribute type 2 has an invalid length.
[  641.260542][T12858] wireguard: wg1: Could not create IPv4 socket
[  641.304797][ T5853] usb 2-1: USB disconnect, device number 48
[  641.372884][T12955] : entered promiscuous mode
[  641.517039][T12858] wireguard: wg2: Could not create IPv4 socket
[  641.623488][T12967] NILFS (loop0): device size too small
[  642.615358][ T5857] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  642.628777][ T5857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  642.637935][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  642.647190][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  642.654847][ T5857] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  642.732328][T12974] Failed to initialize the IGMP autojoin socket (err -2)
[  643.012968][T12976] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  643.212042][   T43] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  643.488192][   T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  643.510995][   T43] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  643.529685][   T43] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  643.603138][   T43] usb 5-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  643.616689][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.661254][   T43] usb 5-1: Product: syz
[  643.668143][   T43] usb 5-1: Manufacturer: syz
[  643.691181][   T43] usb 5-1: SerialNumber: syz
[  643.738330][   T43] usb 5-1: config 0 descriptor??
[  644.028202][   T43] usb 5-1: Found UVC 34.00 device syz (8086:0b5b)
[  644.048691][   T43] usb 5-1: No valid video chain found.
[  644.074412][   T43] usb 5-1: USB disconnect, device number 44
[  645.069760][ T5857] Bluetooth: hci3: command tx timeout
[  646.092314][T12974] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  646.112244][T12974] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  646.132363][T12974] wireguard: wg0: Could not create IPv4 socket
[  646.144485][T12974] wireguard: wg1: Could not create IPv4 socket
[  646.162792][T12974] wireguard: wg2: Could not create IPv4 socket
[  649.313448][T13132] FAULT_INJECTION: forcing a failure.
[  649.313448][T13132] name failslab, interval 1, probability 0, space 0, times 0
[  649.326334][T13132] CPU: 1 UID: 0 PID: 13132 Comm: syz.4.1462 Not tainted syzkaller #0 PREEMPT(full) 
[  649.326368][T13132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  649.326379][T13132] Call Trace:
[  649.326385][T13132]  <TASK>
[  649.326392][T13132]  dump_stack_lvl+0x16c/0x1f0
[  649.326417][T13132]  should_fail_ex+0x512/0x640
[  649.326436][T13132]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  649.326459][T13132]  should_failslab+0xc2/0x120
[  649.326480][T13132]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  649.326499][T13132]  ? __alloc_skb+0x2b2/0x380
[  649.326517][T13132]  ? __pfx_idr_get_next_ul+0x10/0x10
[  649.326537][T13132]  __alloc_skb+0x2b2/0x380
[  649.326554][T13132]  ? __pfx___alloc_skb+0x10/0x10
[  649.326575][T13132]  ? idr_get_next+0xec/0x150
[  649.326592][T13132]  ? __pfx_idr_get_next+0x10/0x10
[  649.326614][T13132]  ctrl_build_family_msg+0x36/0xa0
[  649.326642][T13132]  ctrl_getfamily+0x354/0x540
[  649.326666][T13132]  ? __pfx_ctrl_getfamily+0x10/0x10
[  649.326691][T13132]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  649.326715][T13132]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  649.326746][T13132]  genl_family_rcv_msg_doit+0x206/0x2f0
[  649.326771][T13132]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  649.326795][T13132]  ? genl_get_cmd+0x194/0x580
[  649.326827][T13132]  ? genl_rcv_msg+0x10b/0x800
[  649.326854][T13132]  genl_rcv_msg+0x55c/0x800
[  649.326881][T13132]  ? __pfx_genl_rcv_msg+0x10/0x10
[  649.326905][T13132]  ? __pfx_ctrl_getfamily+0x10/0x10
[  649.326932][T13132]  ? __lock_acquire+0x62e/0x1ce0
[  649.326964][T13132]  netlink_rcv_skb+0x155/0x420
[  649.326983][T13132]  ? __pfx_genl_rcv_msg+0x10/0x10
[  649.327007][T13132]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  649.327040][T13132]  ? netlink_deliver_tap+0x1ae/0xd30
[  649.327058][T13132]  ? selinux_netlink_send+0x578/0x830
[  649.327079][T13132]  ? is_vmalloc_addr+0x86/0xa0
[  649.327099][T13132]  genl_rcv+0x28/0x40
[  649.327119][T13132]  netlink_unicast+0x5aa/0x870
[  649.327144][T13132]  ? __pfx_netlink_unicast+0x10/0x10
[  649.327176][T13132]  netlink_sendmsg+0x8d1/0xdd0
[  649.327201][T13132]  ? __pfx_netlink_sendmsg+0x10/0x10
[  649.327228][T13132]  ? __sys_sendto+0x3f6/0x520
[  649.327248][T13132]  __sys_sendto+0x4a3/0x520
[  649.327265][T13132]  ? __pfx___sys_sendto+0x10/0x10
[  649.327314][T13132]  __x64_sys_sendto+0xe0/0x1c0
[  649.327330][T13132]  ? do_syscall_64+0x91/0x4c0
[  649.327354][T13132]  ? lockdep_hardirqs_on+0x7c/0x110
[  649.327373][T13132]  do_syscall_64+0xcd/0x4c0
[  649.327395][T13132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.327413][T13132] RIP: 0033:0x7fb7cab90a7c
[  649.327428][T13132] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  649.327445][T13132] RSP: 002b:00007fb7cba6dec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  649.327462][T13132] RAX: ffffffffffffffda RBX: 00007fb7cba6dfc0 RCX: 00007fb7cab90a7c
[  649.327473][T13132] RDX: 0000000000000020 RSI: 00007fb7cba6e010 RDI: 000000000000000a
[  649.327484][T13132] RBP: 0000000000000000 R08: 00007fb7cba6df14 R09: 000000000000000c
[  649.327494][T13132] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000a
[  649.327504][T13132] R13: 00007fb7cba6df68 R14: 00007fb7cba6e010 R15: 0000000000000000
[  649.327529][T13132]  </TASK>
[  649.779133][ T5909] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  649.990001][ T5909] usb 2-1: Using ep0 maxpacket: 32
[  650.006380][ T5909] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  650.032179][ T5909] usb 2-1: config 0 interface 0 has no altsetting 0
[  650.042325][ T5909] usb 2-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  650.058574][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.110938][ T5909] usb 2-1: config 0 descriptor??
[  650.833649][ T5909] vrc2 0003:07C0:1125.0026: fixing up VRC-2 report descriptor
[  650.864775][ T5909] input: HID 07c0:1125 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:07C0:1125.0026/input/input38
[  650.931059][ T5909] vrc2 0003:07C0:1125.0026: input,hidraw0: USB HID v0.02 Joystick [HID 07c0:1125] on usb-dummy_hcd.1-1/input0
[  651.270620][ T5909] usb 2-1: USB disconnect, device number 49
[  651.373367][T13152] fido_id[13152]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  651.430900][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  651.441082][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  651.450719][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  651.462482][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  651.483747][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  651.517394][T13153] Failed to initialize the IGMP autojoin socket (err -2)
[  652.298402][T13153] netdevsim netdevsim2 netdevsim0: renamed from eth9
[  652.319409][T13153] netdevsim netdevsim2 netdevsim1: renamed from eth10
[  652.338479][T13153] netdevsim netdevsim2 netdevsim2: renamed from eth11
[  652.356391][T13153] netdevsim netdevsim2 netdevsim3: renamed from eth12
[  652.729639][T13153] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  652.756947][T13153] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  652.785464][T13153] wireguard: wg0: Could not create IPv4 socket
[  652.800117][T13153] wireguard: wg1: Could not create IPv4 socket
[  652.811431][T13153] wireguard: wg2: Could not create IPv4 socket
[  653.499911][T13218] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13218 comm=syz.0.1466
[  653.550504][   T30] audit: type=1400 audit(1757050912.457:544): avc:  denied  { write } for  pid=13221 comm="syz.4.1468" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  653.881819][ T5937] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  654.044319][ T5937] usb 1-1: Using ep0 maxpacket: 8
[  654.051905][ T5937] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  654.061160][ T5937] usb 1-1: config 0 has no interface number 0
[  654.079102][ T5937] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  654.091748][ T5937] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  654.133094][ T5937] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  654.167578][ T5937] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  654.209256][ T5937] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  654.232163][ T5937] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.251581][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  654.258970][ T5937] usb 1-1: config 0 descriptor??
[  654.271405][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  654.281712][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  654.285122][ T5937] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  654.305277][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  654.313003][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  654.354317][T13235] Failed to initialize the IGMP autojoin socket (err -2)
[  655.678136][T13254] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13254 comm=syz.4.1471
[  656.604579][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  656.617480][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  656.694760][ T5858] Bluetooth: hci2: command tx timeout
[  656.848145][ T5937] usb 1-1: USB disconnect, device number 43
[  656.869525][ T5937] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  658.671721][T13295] NILFS (loop1): device size too small
[  659.042272][ T5858] Bluetooth: hci2: command tx timeout
[  660.576870][T13235] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  660.612829][T13235] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  660.632702][T13235] wireguard: wg0: Could not create IPv4 socket
[  660.646791][T13235] wireguard: wg1: Could not create IPv4 socket
[  660.665663][T13235] wireguard: wg2: Could not create IPv4 socket
[  662.611137][T13390] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1483'.
[  662.716057][ T5858] ==================================================================
[  662.724331][ T5858] BUG: KASAN: slab-use-after-free in l2cap_sock_ready_cb+0x16a/0x170
[  662.732411][ T5858] Read of size 8 at addr ffff888033d14188 by task kworker/u9:5/5858
[  662.740386][ T5858] 
[  662.742711][ T5858] CPU: 0 UID: 0 PID: 5858 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT(full) 
[  662.742737][ T5858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  662.742751][ T5858] Workqueue: hci4 hci_rx_work
[  662.742775][ T5858] Call Trace:
[  662.742782][ T5858]  <TASK>
[  662.742790][ T5858]  dump_stack_lvl+0x116/0x1f0
[  662.742812][ T5858]  print_report+0xcd/0x630
[  662.742834][ T5858]  ? __virt_addr_valid+0x81/0x610
[  662.742859][ T5858]  ? __phys_addr+0xe8/0x180
[  662.742883][ T5858]  ? l2cap_sock_ready_cb+0x16a/0x170
[  662.742903][ T5858]  kasan_report+0xe0/0x110
[  662.742924][ T5858]  ? l2cap_sock_ready_cb+0x16a/0x170
[  662.742947][ T5858]  l2cap_sock_ready_cb+0x16a/0x170
[  662.742965][ T5858]  l2cap_le_start+0x1ea/0xe40
[  662.742996][ T5858]  ? __pfx_l2cap_le_start+0x10/0x10
[  662.743022][ T5858]  ? __pfx_l2cap_global_fixed_chan+0x10/0x10
[  662.743055][ T5858]  ? __l2cap_chan_add+0x3e6/0xa20
[  662.743083][ T5858]  l2cap_connect_cfm+0x8f4/0xf80
[  662.743111][ T5858]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  662.743141][ T5858]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  662.743170][ T5858]  le_conn_complete_evt+0x1665/0x1d70
[  662.743205][ T5858]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  662.743233][ T5858]  ? hci_event_packet+0x459/0x11c0
[  662.743264][ T5858]  hci_le_conn_complete_evt+0x23c/0x370
[  662.743295][ T5858]  hci_le_meta_evt+0x357/0x5e0
[  662.743312][ T5858]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  662.743342][ T5858]  hci_event_packet+0x682/0x11c0
[  662.743370][ T5858]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  662.743389][ T5858]  ? __pfx_hci_event_packet+0x10/0x10
[  662.743418][ T5858]  ? kcov_remote_start+0x3c9/0x6d0
[  662.743438][ T5858]  ? lockdep_hardirqs_on+0x7c/0x110
[  662.743461][ T5858]  hci_rx_work+0x2c5/0x16b0
[  662.743480][ T5858]  ? rcu_is_watching+0x12/0xc0
[  662.743504][ T5858]  process_one_work+0x9cc/0x1b70
[  662.743529][ T5858]  ? __pfx_process_one_work+0x10/0x10
[  662.743554][ T5858]  ? assign_work+0x1a0/0x250
[  662.743572][ T5858]  worker_thread+0x6c8/0xf10
[  662.743595][ T5858]  ? __pfx_worker_thread+0x10/0x10
[  662.743616][ T5858]  kthread+0x3c2/0x780
[  662.743634][ T5858]  ? __pfx_kthread+0x10/0x10
[  662.743653][ T5858]  ? rcu_is_watching+0x12/0xc0
[  662.743676][ T5858]  ? __pfx_kthread+0x10/0x10
[  662.743694][ T5858]  ret_from_fork+0x5d4/0x6f0
[  662.743710][ T5858]  ? __pfx_kthread+0x10/0x10
[  662.743725][ T5858]  ret_from_fork_asm+0x1a/0x30
[  662.743748][ T5858]  </TASK>
[  662.743755][ T5858] 
[  662.978214][ T5858] Allocated by task 13390:
[  662.982622][ T5858]  kasan_save_stack+0x33/0x60
[  662.987299][ T5858]  kasan_save_track+0x14/0x30
[  662.991970][ T5858]  __kasan_kmalloc+0xaa/0xb0
[  662.996551][ T5858]  __kmalloc_noprof+0x223/0x510
[  663.001393][ T5858]  sk_prot_alloc+0x1a8/0x2a0
[  663.005980][ T5858]  sk_alloc+0x36/0xc20
[  663.010038][ T5858]  bt_sock_alloc+0x3b/0x3a0
[  663.014565][ T5858]  l2cap_sock_alloc.constprop.0+0x33/0x1d0
[  663.020395][ T5858]  l2cap_sock_create+0x123/0x1f0
[  663.025328][ T5858]  bt_sock_create+0x182/0x350
[  663.030006][ T5858]  __sock_create+0x335/0x8d0
[  663.034597][ T5858]  __sys_socket+0x14d/0x260
[  663.039102][ T5858]  __x64_sys_socket+0x72/0xb0
[  663.043776][ T5858]  do_syscall_64+0xcd/0x4c0
[  663.048276][ T5858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.054164][ T5858] 
[  663.056478][ T5858] Freed by task 13386:
[  663.060531][ T5858]  kasan_save_stack+0x33/0x60
[  663.065205][ T5858]  kasan_save_track+0x14/0x30
[  663.069876][ T5858]  kasan_save_free_info+0x3b/0x60
[  663.074901][ T5858]  __kasan_slab_free+0x60/0x70
[  663.079656][ T5858]  kfree+0x2b4/0x4d0
[  663.083552][ T5858]  __sk_destruct+0x75f/0x9a0
[  663.088135][ T5858]  sk_destruct+0xc2/0xf0
[  663.092370][ T5858]  __sk_free+0xf4/0x3e0
[  663.096521][ T5858]  sk_free+0x6a/0x90
[  663.100413][ T5858]  l2cap_sock_kill+0x171/0x2d0
[  663.105177][ T5858]  l2cap_sock_release+0x1c7/0x250
[  663.110207][ T5858]  __sock_release+0xb3/0x270
[  663.114804][ T5858]  sock_close+0x1c/0x30
[  663.118955][ T5858]  __fput+0x3ff/0xb70
[  663.122942][ T5858]  task_work_run+0x150/0x240
[  663.127526][ T5858]  exit_to_user_mode_loop+0xeb/0x110
[  663.132796][ T5858]  do_syscall_64+0x3f6/0x4c0
[  663.137373][ T5858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.143248][ T5858] 
[  663.145557][ T5858] The buggy address belongs to the object at ffff888033d14000
[  663.145557][ T5858]  which belongs to the cache kmalloc-2k of size 2048
[  663.159588][ T5858] The buggy address is located 392 bytes inside of
[  663.159588][ T5858]  freed 2048-byte region [ffff888033d14000, ffff888033d14800)
[  663.173450][ T5858] 
[  663.175770][ T5858] The buggy address belongs to the physical page:
[  663.182157][ T5858] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33d10
[  663.190892][ T5858] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  663.199365][ T5858] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  663.206888][ T5858] page_type: f5(slab)
[  663.210863][ T5858] raw: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122
[  663.219427][ T5858] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  663.228005][ T5858] head: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122
[  663.236753][ T5858] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  663.245417][ T5858] head: 00fff00000000003 ffffea0000cf4401 00000000ffffffff 00000000ffffffff
[  663.254080][ T5858] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  663.262751][ T5858] page dumped because: kasan: bad access detected
[  663.269141][ T5858] page_owner tracks the page as allocated
[  663.274829][ T5858] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5916, tgid 5916 (kworker/1:4), ts 74789681788, free_ts 74755369080
[  663.296095][ T5858]  post_alloc_hook+0x1c0/0x230
[  663.300850][ T5858]  get_page_from_freelist+0x132b/0x38e0
[  663.306373][ T5858]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  663.312246][ T5858]  alloc_pages_mpol+0x1fb/0x550
[  663.317078][ T5858]  new_slab+0x247/0x330
[  663.321227][ T5858]  ___slab_alloc+0xcf2/0x1750
[  663.325903][ T5858]  __slab_alloc.constprop.0+0x56/0xb0
[  663.331275][ T5858]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  663.337672][ T5858]  kmalloc_reserve+0xef/0x2c0
[  663.342335][ T5858]  __alloc_skb+0x166/0x380
[  663.346729][ T5858]  mld_newpack.isra.0+0x18e/0xa20
[  663.351734][ T5858]  add_grhead+0x299/0x340
[  663.356042][ T5858]  add_grec+0x11b5/0x1720
[  663.360352][ T5858]  mld_send_initial_cr+0x151/0x320
[  663.365444][ T5858]  mld_dad_work+0x32/0x1f0
[  663.369839][ T5858]  process_one_work+0x9cc/0x1b70
[  663.374767][ T5858] page last free pid 5845 tgid 5845 stack trace:
[  663.381066][ T5858]  __free_frozen_pages+0x7d5/0x10f0
[  663.386251][ T5858]  __put_partials+0x165/0x1c0
[  663.390942][ T5858]  qlist_free_all+0x4d/0x120
[  663.395507][ T5858]  kasan_quarantine_reduce+0x195/0x1e0
[  663.400944][ T5858]  __kasan_slab_alloc+0x69/0x90
[  663.405782][ T5858]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  663.411139][ T5858]  netdevice_event+0x365/0x9d0
[  663.415885][ T5858]  notifier_call_chain+0xb9/0x410
[  663.420895][ T5858]  call_netdevice_notifiers_info+0xbe/0x140
[  663.426773][ T5858]  netif_set_mac_address+0x36f/0x4a0
[  663.432041][ T5858]  do_setlink.constprop.0+0x75f/0x4380
[  663.437478][ T5858]  rtnl_newlink+0x1446/0x2000
[  663.442141][ T5858]  rtnetlink_rcv_msg+0x95b/0xe90
[  663.447058][ T5858]  netlink_rcv_skb+0x155/0x420
[  663.451803][ T5858]  netlink_unicast+0x5aa/0x870
[  663.456550][ T5858]  netlink_sendmsg+0x8d1/0xdd0
[  663.461294][ T5858] 
[  663.463601][ T5858] Memory state around the buggy address:
[  663.469217][ T5858]  ffff888033d14080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  663.477266][ T5858]  ffff888033d14100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  663.485311][ T5858] >ffff888033d14180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  663.493349][ T5858]                       ^
[  663.497655][ T5858]  ffff888033d14200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  663.505692][ T5858]  ffff888033d14280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  663.513729][ T5858] ==================================================================
[  663.525046][ T5858] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  663.532251][ T5858] CPU: 0 UID: 0 PID: 5858 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT(full) 
[  663.541696][ T5858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  663.551735][ T5858] Workqueue: hci4 hci_rx_work
[  663.556415][ T5858] Call Trace:
[  663.559674][ T5858]  <TASK>
[  663.562584][ T5858]  dump_stack_lvl+0x3d/0x1f0
[  663.567161][ T5858]  vpanic+0x6e8/0x7a0
[  663.571132][ T5858]  ? __pfx_vpanic+0x10/0x10
[  663.575627][ T5858]  ? l2cap_sock_ready_cb+0x16a/0x170
[  663.580891][ T5858]  panic+0xca/0xd0
[  663.584612][ T5858]  ? __pfx_panic+0x10/0x10
[  663.589016][ T5858]  ? l2cap_sock_ready_cb+0x16a/0x170
[  663.594283][ T5858]  ? preempt_schedule_common+0x44/0xc0
[  663.599724][ T5858]  ? preempt_schedule_thunk+0x16/0x30
[  663.605109][ T5858]  check_panic_on_warn+0xab/0xb0
[  663.610031][ T5858]  end_report+0x107/0x170
[  663.614343][ T5858]  kasan_report+0xee/0x110
[  663.618744][ T5858]  ? l2cap_sock_ready_cb+0x16a/0x170
[  663.624031][ T5858]  l2cap_sock_ready_cb+0x16a/0x170
[  663.629135][ T5858]  l2cap_le_start+0x1ea/0xe40
[  663.633799][ T5858]  ? __pfx_l2cap_le_start+0x10/0x10
[  663.638983][ T5858]  ? __pfx_l2cap_global_fixed_chan+0x10/0x10
[  663.644959][ T5858]  ? __l2cap_chan_add+0x3e6/0xa20
[  663.649973][ T5858]  l2cap_connect_cfm+0x8f4/0xf80
[  663.654925][ T5858]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  663.660384][ T5858]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  663.665833][ T5858]  le_conn_complete_evt+0x1665/0x1d70
[  663.671210][ T5858]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  663.676917][ T5858]  ? hci_event_packet+0x459/0x11c0
[  663.682025][ T5858]  hci_le_conn_complete_evt+0x23c/0x370
[  663.687560][ T5858]  hci_le_meta_evt+0x357/0x5e0
[  663.692309][ T5858]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  663.698366][ T5858]  hci_event_packet+0x682/0x11c0
[  663.703292][ T5858]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  663.708570][ T5858]  ? __pfx_hci_event_packet+0x10/0x10
[  663.713931][ T5858]  ? kcov_remote_start+0x3c9/0x6d0
[  663.719028][ T5858]  ? lockdep_hardirqs_on+0x7c/0x110
[  663.724210][ T5858]  hci_rx_work+0x2c5/0x16b0
[  663.728695][ T5858]  ? rcu_is_watching+0x12/0xc0
[  663.733446][ T5858]  process_one_work+0x9cc/0x1b70
[  663.738385][ T5858]  ? __pfx_process_one_work+0x10/0x10
[  663.743749][ T5858]  ? assign_work+0x1a0/0x250
[  663.748321][ T5858]  worker_thread+0x6c8/0xf10
[  663.752899][ T5858]  ? __pfx_worker_thread+0x10/0x10
[  663.757993][ T5858]  kthread+0x3c2/0x780
[  663.762048][ T5858]  ? __pfx_kthread+0x10/0x10
[  663.766630][ T5858]  ? rcu_is_watching+0x12/0xc0
[  663.771380][ T5858]  ? __pfx_kthread+0x10/0x10
[  663.775950][ T5858]  ret_from_fork+0x5d4/0x6f0
[  663.780522][ T5858]  ? __pfx_kthread+0x10/0x10
[  663.785091][ T5858]  ret_from_fork_asm+0x1a/0x30
[  663.789861][ T5858]  </TASK>
[  663.793113][ T5858] Kernel Offset: disabled
[  663.797440][ T5858] Rebooting in 86400 seconds..