last executing test programs:

13m9.058560779s ago: executing program 2 (id=778):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f00000000c0)=0x1002, 0x4)
sendto$inet(r0, 0x0, 0xffe5, 0xe000, &(0x7f0000000000)={0x2, 0x4e20}, 0x10)
socket(0x10, 0x803, 0x0)
socket(0x10, 0x400000000080803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000580)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_emit_ethernet(0x56, &(0x7f00000003c0)=ANY=[], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r3 = dup(r2)
write$binfmt_script(r3, &(0x7f0000000600)={'#! ', './file1/file0', [{0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xd1\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xc3\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\xff\\\x9c\xf0\xaa=\xb7\x83\x80\x01.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x182)
r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)

13m6.762989462s ago: executing program 2 (id=788):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x24000044)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x400000009)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x31)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x3631564e, 0x0, 0x0, 0x0, 0x0, 0xfeedcafe, 0x3}})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r5, &(0x7f0000005a00)={0x0, 0x0, &(0x7f00000059c0)={&(0x7f0000005940)=ANY=[@ANYBLOB="280000000806050a0000004a6b0000000000000a0500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x10)

13m3.6405208s ago: executing program 2 (id=796):
syz_open_dev$tty20(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000000)={0x8, 0xfffff6e9, 0x3, 0xfff, 0xd3, "ba829c53489b65e3206aa567b4efd0e4cfdde5", 0x2, 0xd})
syz_io_uring_setup(0xbf0, &(0x7f0000000340)={0x0, 0xa129, 0x400, 0x3, 0x400132b}, &(0x7f00000000c0), &(0x7f0000000040))
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0)
read$hiddev(r1, &(0x7f00000000c0)=""/4092, 0xffc)

13m2.401757823s ago: executing program 2 (id=801):
syz_open_dev$tty20(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_setup(0xbf0, &(0x7f0000000340)={0x0, 0xa129, 0x400, 0x3, 0x400132b}, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000040)=<r1=>0x0)
creat(&(0x7f0000000040)='./bus\x00', 0x8)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0)
read$hiddev(r2, &(0x7f00000000c0)=""/4092, 0xffc)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x104, &(0x7f0000000180)=0x2, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x388, 0x0, 0x12, 0x60d, 0x0, 0x202, 0x2b8, 0x2e8, 0x2e8, 0x2b8, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private1, @remote, [0xff000000], [], 'veth0_to_team\x00', 'macsec0\x00', {}, {}, 0x0, 0x0, 0x4}, 0x0, 0x190, 0x1b8, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x8, 'bm\x00', "000000165a8c2e0617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f672225d6147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac05a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x7, 0x2}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x9, 0x3}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1e5cced8f493c9b4}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x0, 0x2, 0x2}, {}, 0x8}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3e8)

13m1.732421196s ago: executing program 2 (id=803):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1a3089, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r0 = socket(0x28, 0x1, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0x5}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7}, @TCA_FQ_CODEL_ECN={0x8}]}}]}, 0x48}}, 0x4008000)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=@newtclass={0x54, 0x28, 0x8, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x10, 0xfffd}, {0xfff3, 0xa}, {0x4, 0xfffc}}, [@TCA_RATE={0x6, 0x5, {0x5, 0x81}}, @TCA_RATE={0x6, 0x5, {0x4, 0x4}}, @TCA_RATE={0x6, 0x5, {0x4, 0xf}}, @TCA_RATE={0x6, 0x5, {0x3, 0x6}}, @TCA_RATE={0x6, 0x5, {0xb2, 0x4}}, @tclass_kind_options=@c_sfb={0x8}]}, 0x54}}, 0x4000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
pipe(&(0x7f0000000080))
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r4, 0x3, r3, &(0x7f0000000c40)={0x2000000b})
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file1\x00')
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r2, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="78000000020703000000000000000000020000090c00034000000000000007ac4400078008000140000000060800014000000006080001400000000408000140000000090800024000002f7408000140fffff0000800f8400000000508000240000000530c00034000000000000000060800054000000002"], 0x78}, 0x1, 0x0, 0x0, 0x8800}, 0x4048001)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x8, 0xc, &(0x7f0000000fc0)=ANY=[@ANYBLOB="1800000000000000000000000000100085000000bb000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x66, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
setpgid(r5, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000891900000000009500"/24], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000040)='contention_end\x00', r6, 0x0, 0x3}, 0x18)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000400)={{0x1, 0x1, 0x3, 0x3, 0x1}, 0x0, 0x0, 'id0\x00', 'timer1\x00', 0x0, 0x7d, 0x800001, 0xffffffffffffd0c4})
setpgid(0x0, r5)
setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x2)
socket(0x1e, 0x3, 0x0)

13m1.100300615s ago: executing program 2 (id=808):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x20002, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x80800)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0xfffffffffffffda6, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[@ANYBLOB="28000000007d0e2852d111e90ce343b69b1d030900fcffffff8300b41349b814a5", @ANYRES32=r7, @ANYRES64=0x0, @ANYRESOCT], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$nl_netfilter(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)=ANY=[], 0xffffff70}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
r8 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_ENUMSTD(r8, 0xc0485619, &(0x7f00000000c0)={0x5, 0x1, "046c27fc51413c5616e9e87697f39ccfb10afb28dabd5aa5", {0x8, 0x1ff}})
recvmmsg(r5, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000900), 0x3}, 0x17ba}], 0x1e, 0x2000, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$sock_int(r9, 0x1, 0x26, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r10 = socket(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r10, &(0x7f0000000280)={0x0, 0x4c, &(0x7f0000000240)={&(0x7f0000000680)=ANY=[@ANYRES64=0x0, @ANYRESHEX=r3], 0x24}, 0x1, 0x0, 0x0, 0x81}, 0x24001)
recvmmsg$unix(r10, &(0x7f0000001dc0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000700)=""/191, 0xbf}, {&(0x7f0000000580)=""/237, 0xed}, {&(0x7f0000001e00)=""/4110, 0x100e}, {&(0x7f0000000480)=""/163, 0xa3}, {&(0x7f0000001700)=""/194, 0xc2}], 0x5}}], 0x1, 0x0, 0x0)
write(r10, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14)

12m45.181759974s ago: executing program 32 (id=808):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x20002, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x80800)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0xfffffffffffffda6, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[@ANYBLOB="28000000007d0e2852d111e90ce343b69b1d030900fcffffff8300b41349b814a5", @ANYRES32=r7, @ANYRES64=0x0, @ANYRESOCT], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$nl_netfilter(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)=ANY=[], 0xffffff70}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
r8 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_ENUMSTD(r8, 0xc0485619, &(0x7f00000000c0)={0x5, 0x1, "046c27fc51413c5616e9e87697f39ccfb10afb28dabd5aa5", {0x8, 0x1ff}})
recvmmsg(r5, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000900), 0x3}, 0x17ba}], 0x1e, 0x2000, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$sock_int(r9, 0x1, 0x26, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r10 = socket(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r10, &(0x7f0000000280)={0x0, 0x4c, &(0x7f0000000240)={&(0x7f0000000680)=ANY=[@ANYRES64=0x0, @ANYRESHEX=r3], 0x24}, 0x1, 0x0, 0x0, 0x81}, 0x24001)
recvmmsg$unix(r10, &(0x7f0000001dc0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000700)=""/191, 0xbf}, {&(0x7f0000000580)=""/237, 0xed}, {&(0x7f0000001e00)=""/4110, 0x100e}, {&(0x7f0000000480)=""/163, 0xa3}, {&(0x7f0000001700)=""/194, 0xc2}], 0x5}}], 0x1, 0x0, 0x0)
write(r10, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14)

11m30.202701061s ago: executing program 3 (id=1031):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, 0x43, 0x9, 0x0, 0x0, {0x3}, [@typed={0x8, 0x2, 0x0, 0x0, @pid}]}, 0x1c}}, 0x24000044)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x400000009)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x31)
r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x3631564e, 0x0, 0x0, 0x0, 0x0, 0xfeedcafe, 0x3}})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT(r6, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0xb0, 0x1, 0x3, 0x301, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0xffffff7f}}, @NFQA_CT={0x84, 0xb, 0x0, 0x1, [@CTA_SEQ_ADJ_ORIG={0xc, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x80}]}, @CTA_STATUS={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x404}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x4}, @CTA_TUPLE_MASTER={0x1c, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x3000}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x22}, @CTA_NAT_SRC={0x30, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @local}, @CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}]}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x80}, 0x20004810)

11m27.037277641s ago: executing program 3 (id=1038):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r4, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x7fff, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4)
sendto$inet6(r4, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f000000d980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/165, 0xa5}, 0x69a}], 0x1, 0x2061, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c40089001900010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000001000000000000000c00150000000000ffff0000"], 0xc4}}, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000001040)={0xc, {"a2e3ad2147c752f91b231a0987f70e06d038e7ff7fc6e5539b324b078b089b080f384b090890e0878f0e1ac6e7049b334d959b729a240d5b67f3988f7ef3195201c0ffe8d178708c523c921b1b5d500f0d06090936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc90da8196c28d920bab05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d21487b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a158b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae7183cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a799567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461600000000000000206ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef3d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f86b8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a75500000000d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0), 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$alg(0x26, 0x5, 0x0)
syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x288}, &(0x7f0000000340), &(0x7f0000000280))

11m25.681453353s ago: executing program 3 (id=1041):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, 0x43, 0x9, 0x0, 0x0, {0x3}, [@typed={0x8, 0x2, 0x0, 0x0, @pid}]}, 0x1c}}, 0x24000044)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x400000009)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x31)
r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x3631564e, 0x0, 0x0, 0x0, 0x0, 0xfeedcafe, 0x3}})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT(r6, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0xb0, 0x1, 0x3, 0x301, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0xffffff7f}}, @NFQA_CT={0x84, 0xb, 0x0, 0x1, [@CTA_SEQ_ADJ_ORIG={0xc, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x80}]}, @CTA_STATUS={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x404}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x4}, @CTA_TUPLE_MASTER={0x1c, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x3000}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x22}, @CTA_NAT_SRC={0x30, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @local}, @CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}]}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x80}, 0x20004810)
sendmsg$IPSET_CMD_SAVE(r6, &(0x7f0000005a00)={0x0, 0x0, &(0x7f00000059c0)={&(0x7f0000005940)=ANY=[@ANYBLOB="280000000806050a0000004a6b0000000000000a0500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
accept$nfc_llcp(0xffffffffffffffff, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

11m22.1608026s ago: executing program 3 (id=1051):
r0 = io_uring_setup(0x669, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x3e1})
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_setup(0x3, &(0x7f0000000580)={0x0, 0x7fa, 0x13500, 0x0, 0xfffffffd}, &(0x7f0000000240), &(0x7f0000001880))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r2 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000f8a000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
socket(0x23, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB="1803000000000000000000000002000000120000", @ANYRES32, @ANYBLOB="0000000000000000b50a000000000000850000000c000000b7000000000000009500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
close_range(r0, 0xffffffffffffffff, 0x0)

11m18.959040337s ago: executing program 3 (id=1056):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000480)=@o_path={&(0x7f0000000340)='./file0\x00', 0x0, 0x4000, r1}, 0x18)
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
capset(&(0x7f0000000000)={0x20071026}, 0x0)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r6, 0x1, 0x70bd27, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x2, @loopback}}, {0x14, 0x2, @in={0x2, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x80)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x810032}, 0xc, &(0x7f00000002c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="08002dbd7000fddbdf25d654ec140e000100ef657464657673696d0000000f0002006e657464657673696d300000080001007063690011000200303030303a30303a31302e30000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000082c833c5e8ead0767066281011aee91e34b6b885e382a0b6f32843b90a7dc77a36f0004631667bbd82cd5e6fd1fd56cbd41dce93eb010fc5e51dfb9d351ccf1cfb353c5d2e5062de81a4af65283b4fdabebf1fd7bba4ba1dd371733eb48df7da2e4b06188d533b531a83cb1e9dfa0f42ef"], 0x70}, 0x1, 0x0, 0x0, 0x830}, 0x4000050)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
write$cgroup_pid(r8, &(0x7f0000000000), 0xfdef)
recvmsg$unix(r7, 0x0, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000200)={@dev={0xfe, 0x80, '\x00', 0xfc}}, 0x14)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20)
close(0xffffffffffffffff)
r10 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r10, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x1, 0x0, 0x3, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @loopback}}, @sadb_x_sa2={0x2, 0x13, 0x3}]}, 0x50}}, 0x0)

11m17.586932927s ago: executing program 3 (id=1059):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f00000000c0)=0x1002, 0x4)
sendto$inet(r0, 0x0, 0xffe5, 0xe000, &(0x7f0000000000)={0x2, 0x4e20}, 0x10)
socket(0x10, 0x803, 0x0)
socket(0x10, 0x400000000080803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000580)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_emit_ethernet(0x56, &(0x7f00000003c0)=ANY=[], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(0xffffffffffffffff, 0x20000005)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r3 = dup(r2)
write$binfmt_script(r3, &(0x7f0000000600)={'#! ', './file1/file0', [{0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xd1\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xc3\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\xff\\\x9c\xf0\xaa=\xb7\x83\x80\x01.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x182)
r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)

11m2.321879134s ago: executing program 33 (id=1059):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f00000000c0)=0x1002, 0x4)
sendto$inet(r0, 0x0, 0xffe5, 0xe000, &(0x7f0000000000)={0x2, 0x4e20}, 0x10)
socket(0x10, 0x803, 0x0)
socket(0x10, 0x400000000080803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000580)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_emit_ethernet(0x56, &(0x7f00000003c0)=ANY=[], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(0xffffffffffffffff, 0x20000005)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r3 = dup(r2)
write$binfmt_script(r3, &(0x7f0000000600)={'#! ', './file1/file0', [{0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xd1\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xc3\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\xff\\\x9c\xf0\xaa=\xb7\x83\x80\x01.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x182)
r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)

8m56.121379443s ago: executing program 1 (id=1335):
r0 = openat$smackfs_ipv6host(0xffffff9c, 0x0, 0x2, 0x0)
io_setup(0x3ff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000700)=ANY=[@ANYRES16=r0, @ANYRES64=r1], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x20040890)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
syz_emit_ethernet(0xc6, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0e88a82c00810000000860450000b0fffc000004069078e00000010a01010200000004009c9078010000000400000044ad2d7b99c6faa8c453c24137b50539d7db8c5171d2a1a2de1c95494671d948dd5dde41d9f1fe83cdf1124bc3fffa5b3d7c7f11667e4a52c34a293f322a0fb83886c1ecc66eb0005fb69cf6598056aa427f6725087d614110cce8251c76e6fcea0276aed216ba86c09374d580995ebd1ccf5ac10500000000000000f9bf187a554122009eb5ee31c5855700"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[], 0x50)
r3 = socket$inet6(0xa, 0x800, 0x5)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000240)=[@in6={0xa, 0x4e23, 0x91, @mcast1, 0x8001}], 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000600)={{{@in=@private=0xa010102, @in=@multicast2, 0x4e20, 0xb, 0x4e23, 0x0, 0x2, 0x20, 0x20, 0x3b}, {0x4, 0x6, 0x5, 0x1, 0xf7f, 0x8, 0x5}, {0x9, 0x9c0d, 0x6, 0x6}, 0x5, 0x6e6bb9, 0x2, 0x1, 0x0, 0x3}, {{@in=@multicast2, 0x4d2, 0x33}, 0x8, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x3505, 0x0, 0x2, 0x2, 0x10, 0x5, 0xef}}, 0xe8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
r5 = syz_open_dev$video(&(0x7f0000000000), 0x0, 0x0)
ioctl$VIDIOC_S_SELECTION(r5, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x2, {0x8000, 0x8, 0x8, 0x2}})

8m53.517378197s ago: executing program 1 (id=1340):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c3600001600010800058004001c80"], 0x1c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800"], 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001d80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000064000000060a010400000000000000000100000008000b40000000003c000480380001800e000100696d6d656469617465000000240002800800014000000000180002801400028008000340fffffffe080001804b00fffc0900"], 0xd8}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
r3 = socket(0x8, 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
getresgid(&(0x7f0000000100)=<r4=>0x0, &(0x7f0000000180), &(0x7f00000001c0))
ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, r4)
ioctl$PPPIOCGL2TPSTATS(r3, 0x40106183, 0x0)

8m52.59160541s ago: executing program 1 (id=1345):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x8008af26, &(0x7f0000000400)={0x1d})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NL80211_CMD_DEL_TX_TS(r5, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)={0x4c, r4, 0x200, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x0, 0x5a}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xd}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000011)
unshare(0x22020400)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r7, 0x0, 0x2b, 0x800, &(0x7f0000b63fe4)={0xa, 0x2, 0x1, @empty}, 0x24a13acf)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0)
accept4(r6, 0x0, 0x0, 0x800)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r9 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_S_OUTPUT(r9, 0xc004562f, &(0x7f0000000100)=0x572faf8c)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000740)={'wlan1\x00'})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000180))
sendmsg$NL80211_CMD_REGISTER_FRAME(r11, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001d00)=ANY=[], 0x1030}, 0x1, 0x0, 0x0, 0x440c4}, 0x0)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r12, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYRESOCT=r1, @ANYRES16=r8, @ANYBLOB="010000000000000000003a00000008000300", @ANYRESDEC, @ANYBLOB="05005b"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010000000000000000000800000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

8m50.657380432s ago: executing program 1 (id=1349):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(0xffffffffffffffff, 0x1, 0x2)
fchdir(r2)
link(0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000000c0)={{0x0, 0x100000000, 0x8, 0x8, 0x1, 0xffffffffffff0000, 0x2, 0x10, 0xcfa5, 0x64, 0x7, 0x8, 0x3, 0x7, 0x2}, 0x38, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
sched_setscheduler(0x0, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)

8m49.15017284s ago: executing program 1 (id=1353):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e96"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x1, 0x0, 0x0)
syz_emit_vhci(0x0, 0xf2)
syz_create_resource$binfmt(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x1000085}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
read$msr(r2, &(0x7f0000019680)=""/102384, 0x18ff0)
syz_open_dev$sndctrl(0x0, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000480)={0xa, 0x0, 0x3c000, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x5}, 0x1c)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000008380), 0x400000000000174, 0x4008890)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_getaddrlabel={0x38, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x0, 0x20}, [@IFAL_ADDRESS={0x14, 0x1, @mcast1}, @IFAL_LABEL={0x8}]}, 0x38}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x117)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x40020, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
close_range(r3, 0xffffffffffffffff, 0x0)

8m47.874874561s ago: executing program 1 (id=1356):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socket(0x28, 0x1, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg$inet(r2, &(0x7f0000001900)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000500)="93bffce623851797a8dc79018d7716840ffc6941c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c35225ff91765770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac30538beb5d3ad7830b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e554046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb6c7ffbe2876ad8d2f34d612e47b86630000", 0xa8}, {&(0x7f0000000480)="029993440c7a0c95d3bb8cf353fd63c588ffa39f0ff0fca247d0822475", 0x1d}], 0x2}}], 0x1, 0x40c0)
sendto$inet(r2, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001600010a000000000000cbc7cc46381a2bba95a221c1cb7ebe4771a25ffe5c132ae11809e001ec6cb7a624afe3dd3b31ef523bbc5886d9a27883e2f792dab4b5cfff2aa578ed0d8e6cebfdfe6fa02412bccc0b6d1dc0154628514bb851a69d6b79aea4f04e36a7c920a974133985c8070805dcf3af4c"], 0x14}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="24000000021401006abd70"], 0x29}, 0x1, 0x0, 0x0, 0x10000801}, 0x40810)

8m32.132293818s ago: executing program 34 (id=1356):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socket(0x28, 0x1, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg$inet(r2, &(0x7f0000001900)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000500)="93bffce623851797a8dc79018d7716840ffc6941c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c35225ff91765770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac30538beb5d3ad7830b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e554046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb6c7ffbe2876ad8d2f34d612e47b86630000", 0xa8}, {&(0x7f0000000480)="029993440c7a0c95d3bb8cf353fd63c588ffa39f0ff0fca247d0822475", 0x1d}], 0x2}}], 0x1, 0x40c0)
sendto$inet(r2, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001600010a000000000000cbc7cc46381a2bba95a221c1cb7ebe4771a25ffe5c132ae11809e001ec6cb7a624afe3dd3b31ef523bbc5886d9a27883e2f792dab4b5cfff2aa578ed0d8e6cebfdfe6fa02412bccc0b6d1dc0154628514bb851a69d6b79aea4f04e36a7c920a974133985c8070805dcf3af4c"], 0x14}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="24000000021401006abd70"], 0x29}, 0x1, 0x0, 0x0, 0x10000801}, 0x40810)

22.126001187s ago: executing program 0 (id=2525):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
r2 = socket(0x8, 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
getresgid(0x0, 0x0, &(0x7f00000001c0))
ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, 0x0)
ioctl$PPPIOCGL2TPSTATS(r2, 0x40106183, 0x0)

17.901366824s ago: executing program 0 (id=2535):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000900), 0x40, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00')
mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0)

15.910108913s ago: executing program 0 (id=2540):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(0xffffffffffffffff, 0x1, 0x2)
fchdir(r2)
link(0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000000c0)={{0x0, 0x100000000, 0x8, 0x8, 0x1, 0xffffffffffff0000, 0x2, 0x10, 0xcfa5, 0x64, 0x7, 0x8, 0x3, 0x7, 0x2}, 0x38, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
sched_setscheduler(0x0, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
close_range(r3, 0xffffffffffffffff, 0x0)

14.765642308s ago: executing program 0 (id=2543):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r4, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x7fff, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4)
sendto$inet6(r4, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f000000d980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/165, 0xa5}, 0x69a}], 0x1, 0x2061, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c40089001900010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000001000000000000000c00150000000000ffff0000"], 0xc4}}, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000001040)={0xc, {"a2e3ad2147c752f91b231a0987f70e06d038e7ff7fc6e5539b324b078b089b080f384b090890e0878f0e1ac6e7049b334d959b729a240d5b67f3988f7ef3195201c0ffe8d178708c523c921b1b5d500f0d06090936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc90da8196c28d920bab05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d21487b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a158b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae7183cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a799567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461600000000000000206ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef3d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f86b8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a75500000000d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0), 0x10)
socket$alg(0x26, 0x5, 0x0)
syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

14.021396876s ago: executing program 4 (id=2547):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb)
migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)

13.475765414s ago: executing program 5 (id=2548):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20000800, 0x0, 0x0)
syz_emit_ethernet(0x3a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x6, 0x4, 0x0, 0x0, 0x0, {[@sack={0x5, 0x2}]}}}}}}}, 0x0)

13.015652194s ago: executing program 6 (id=2550):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r1=>0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
socket$inet(0x2, 0xa, 0x400)
sendmsg$can_bcm(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b040000000000000000020000003800048034000180090001007866726d0000000024000280070003dd010000000500030001000000080002400000000108000140000000160900010073797a30000000000900020073797a32000040"], 0x94}}, 0x0)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r6, &(0x7f0000000380)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a03760760beeab91e8ff0055e5c0d48bd63ffdb93bd43a847a1597c8ef03da5be42200", 0x37}, 0x60)
r7 = signalfd(r0, &(0x7f0000000040)={[0x8000000000000000]}, 0x8)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$UFFDIO_UNREGISTER(r7, 0x8010aa01, &(0x7f0000000080)={&(0x7f0000fff000/0x1000)=nil, 0x1000})
ppoll(&(0x7f00000000c0)=[{r6}], 0x1, &(0x7f0000000240)={0x0, 0x3938700}, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r1, {0x10, 0x4}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

13.012650682s ago: executing program 5 (id=2551):
r0 = socket$inet6(0xa, 0x3, 0x2)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @empty}, 0x1c)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x10, 0x453, 0x4, 0x70bd2d, 0xa0000000}, 0x10}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000100)=0xd9e3, 0x4)

10.644612442s ago: executing program 4 (id=2553):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(0xffffffffffffffff, 0x1, 0x2)
fchdir(r2)
link(0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000000c0)={{0x0, 0x100000000, 0x8, 0x8, 0x1, 0xffffffffffff0000, 0x2, 0x10, 0xcfa5, 0x64, 0x7, 0x8, 0x3, 0x7, 0x2}, 0x38, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
sched_setscheduler(0x0, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
close_range(r3, 0xffffffffffffffff, 0x0)

9.696970699s ago: executing program 4 (id=2554):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x20002, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x80800)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, "2e2b5aa4"}, @local=@item_4={0x3, 0x2, 0x0, "f85edaca"}, @main=@item_4={0x3, 0x0, 0x8}]}}, 0x0}, 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f0000000c00)={0x84, &(0x7f0000000800)={0x0, 0x0, 0x1, "9d"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
readv(r7, &(0x7f0000000480)=[{&(0x7f0000001580)=""/4091, 0x18}], 0x1)
ioctl$HIDIOCSFLAG(r7, 0x4004480f, &(0x7f0000000000)=0x3)
ioctl$HIDIOCGUSAGE(r7, 0xc018480b, 0x0)
sendmsg$nl_netfilter(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)=ANY=[], 0xffffff70}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
r8 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_ENUMSTD(r8, 0xc0485619, &(0x7f00000000c0)={0x5, 0x1, "046c27fc51413c5616e9e87697f39ccfb10afb28dabd5aa5", {0x8, 0x1ff}})
recvmmsg(r5, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000900), 0x3}, 0x17ba}], 0x1e, 0x2000, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)

9.230523062s ago: executing program 5 (id=2555):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff000000000200"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xffff}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x30}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x1c, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xf0}}, 0x0)
sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x4, 0xa, 0x101}, 0x14}}, 0x0)

8.579792306s ago: executing program 6 (id=2556):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x2004001)
io_setup(0xff, &(0x7f0000000380)=<r2=>0x0)
io_submit(r2, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000340), 0x41}]) (fail_nth: 3)

8.541080274s ago: executing program 7 (id=2557):
ioprio_set$pid(0x0, 0xffffffffffffffff, 0x8008)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r0=>0x0)
ioprio_set$pid(0x3, r0, 0x4007)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xd, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bb000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x46, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, @void, @value}, 0x94)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x10, 0x2, 0x0)
write(r2, &(0x7f00000003c0)="1c0000001a009b8a140000003b9b30e6c9dc7c64d5524a1f009d9503", 0x1c)

8.475398791s ago: executing program 5 (id=2558):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x20002, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x80800)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0xfffffffffffffda6, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[@ANYBLOB="28000000007d0e2852d111e90ce343b69b1d030900fcffffff8300b41349b814a5", @ANYRES32=r7, @ANYRES64=0x0, @ANYRESOCT], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
recvmmsg(r5, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000900), 0x3}, 0x17ba}], 0x1e, 0x2000, 0x0)
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x26, &(0x7f0000000000), &(0x7f0000000040)=0x4)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
r8 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r8, &(0x7f0000001dc0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000700)=""/191, 0xbf}, {&(0x7f0000000580)=""/237, 0xed}, {&(0x7f0000001e00)=""/4110, 0x100e}, {&(0x7f0000000480)=""/163, 0xa3}, {&(0x7f0000001700)=""/194, 0xc2}], 0x5}}], 0x1, 0x0, 0x0)
write(r8, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14)

7.009099658s ago: executing program 7 (id=2559):
syz_open_dev$tty20(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
creat(&(0x7f0000000040)='./bus\x00', 0x8)
r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$hiddev(r1, &(0x7f00000000c0)=""/4092, 0xffc)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x104, &(0x7f0000000180)=0x2, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x388, 0x0, 0x12, 0x60d, 0x0, 0x202, 0x2b8, 0x2e8, 0x2e8, 0x2b8, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private1, @remote, [0xff000000], [], 'veth0_to_team\x00', 'macsec0\x00', {}, {}, 0x0, 0x0, 0x4}, 0x0, 0x190, 0x1b8, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x8, 'bm\x00', "000000165a8c2e0617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f672225d6147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac05a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x7, 0x2}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x9, 0x3}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1e5cced8f493c9b4}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x0, 0x2, 0x2}, {}, 0x8}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3e8)

7.007895722s ago: executing program 6 (id=2560):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000080)={@remote, <r2=>0x0}, &(0x7f00000000c0)=0x14)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000140)=0x14)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'syztnl2\x00', &(0x7f0000000180)={'ip6gre0\x00', <r4=>0x0, 0x2f, 0x9, 0x8, 0x1, 0x8, @ipv4={'\x00', '\xff\xff', @remote}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x80, 0x7, 0x5, 0x10001}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000240)=[0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x5, 0x5, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x2c, &(0x7f0000000300)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0x20, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={0xffffffffffffffff, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000540)=[0x0, 0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x1, 0xa, &(0x7f0000000580)=[0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x4e, &(0x7f0000000600)=[{}, {}], 0x10, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0xe6, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000840)={@initdev, @dev, <r7=>0x0}, &(0x7f0000000880)=0xc)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)={'vxcan1\x00', <r8=>0x0})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000900)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000940)=0x14)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000980)={'wg0\x00', <r10=>0x0})
getsockname$packet(0xffffffffffffffff, &(0x7f00000009c0)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000a00)=0x14)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'sit0\x00', &(0x7f0000000a40)={'gretap0\x00', <r12=>0x0, 0x40, 0x7, 0x0, 0x1, {{0x13, 0x4, 0x0, 0x18, 0x4c, 0x4, 0x0, 0x3, 0x4, 0x0, @local, @empty, {[@lsrr={0x83, 0x7, 0x9c, [@empty]}, @timestamp={0x44, 0x24, 0xa6, 0x0, 0xe, [0x2, 0xb, 0x9, 0xffffffff, 0x0, 0x4, 0x4, 0x9]}, @end, @ssrr={0x89, 0xb, 0xa3, [@multicast1, @remote]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000b80)={'syztnl1\x00', &(0x7f0000000b00)={'ip6gre0\x00', <r13=>0x0, 0x0, 0x7, 0x4, 0x7, 0x4, @remote, @remote, 0x0, 0x80, 0x3, 0x7}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000c40)={'ip6tnl0\x00', &(0x7f0000000bc0)={'syztnl1\x00', <r14=>0x0, 0x4, 0x0, 0x2, 0x34, 0x44, @dev={0xfe, 0x80, '\x00', 0x21}, @local, 0x1, 0x8, 0x10}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'batadv0\x00', <r15=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000d40)={'syztnl2\x00', &(0x7f0000000cc0)={'syztnl0\x00', <r16=>0x0, 0x20, 0x30, 0x80, 0xd40c, {{0xa, 0x4, 0x3, 0x14, 0x28, 0x68, 0x0, 0x6, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0xb}, @private=0xa010102, {[@timestamp_addr={0x44, 0x14, 0x46, 0x1, 0x5, [{@private=0xa010101, 0x2}, {@broadcast, 0x81}]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000e00)={'syztnl1\x00', &(0x7f0000000d80)={'tunl0\x00', <r17=>0x0, 0x7, 0x700, 0x3, 0x9, {{0xc, 0x4, 0x3, 0x1, 0x30, 0x66, 0x0, 0x4, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, {[@rr={0x7, 0x1b, 0xf4, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x30}, @dev={0xac, 0x14, 0x14, 0x26}, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000ec0)={'syztnl2\x00', &(0x7f0000000e40)={'syztnl2\x00', <r18=>0x0, 0x4, 0x0, 0x2, 0xbf6, 0x40, @ipv4={'\x00', '\xff\xff', @remote}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0xf70dfc04024291f5, 0x0, 0x9}})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000001200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000011c0)={&(0x7f0000000f00)={0x28c, r1, 0x8, 0x70bd2a, 0x25dfdbfb, {}, [@HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r18}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x28c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000)
r19 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r19, 0x89f0, &(0x7f00000012c0)={'syztnl1\x00', &(0x7f0000001240)={'syztnl0\x00', r18, 0x29, 0x2, 0xc6, 0x78, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x32}, 0x80, 0x10, 0xc, 0x3}})
r20 = socket$inet6_udplite(0xa, 0x2, 0x88)
readv(r20, &(0x7f0000001540)=[{&(0x7f0000001300)=""/180, 0xb4}, {&(0x7f00000013c0)=""/209, 0xd1}, {&(0x7f00000014c0)=""/120, 0x78}], 0x3)
r21 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001580)='./cgroup/syz1\x00', 0x200002, 0x0)
r22 = openat$cgroup_ro(r21, &(0x7f00000015c0)='cpuset.effective_cpus\x00', 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001680)={{r22}, &(0x7f0000001600), &(0x7f0000001640)='%-5lx  \x00'}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000016c0)={0x3, 0x4, 0x4, 0xa, 0x0, r22, 0x0, '\x00', r15, r22, 0x1, 0x0, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r22, 0x84, 0x10, &(0x7f0000001740)=@assoc_value={0x0, 0xb2ba}, 0x8)

6.655400296s ago: executing program 5 (id=2561):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001f00000018000180140002007665746830"], 0x2c}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb)
migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)

5.945068036s ago: executing program 6 (id=2562):
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x101005)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000000)="aefdda9d040000005a90f57f07703aefeef64ebbee07962cff772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f00000000c0)="530000002412ffa0273b780984d21194945e44670c8e5300000000200000000000000000a55991b8f7d9ea5761cfc05bdc12c22913a248d9fc8fae5638e158ccb3db91fa10748c1427761af70d62f728303bcba7113b5c0d", 0x58}], 0x2)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x200, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x20}, 0x1, 0x0, 0x0, 0x10000080}, 0x2000001)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553ff73042486134529f62054673877e37"], 0x1c}}, 0x0)
recvmmsg$unix(r2, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1004}], 0x1}}], 0x8, 0x34000, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @remote, 0x20000}, 0x1c)
listen(0xffffffffffffffff, 0x0)
sendmsg$NFNL_MSG_CTHELPER_NEW(r2, &(0x7f000000ee00)={&(0x7f000000ecc0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f000000edc0)={&(0x7f000000ed00)={0x98, 0x0, 0x9, 0x201, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFCTH_TUPLE={0x84, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010102}, {0x8, 0x2, @rand_addr=0x64010102}}}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x40}, 0x4000001)
syz_emit_ethernet(0x72, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x3c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x2, 0x1, 0x0, 0xfffc, {[@sack_perm={0x4, 0x2}, @sack_perm={0x4, 0x2}, @fastopen={0x22, 0x10, "012c6541d9d4ddb570f62a3b2b14"}, @fastopen={0x22, 0x11, "735bb99a048a432c1f4259a080811a"}, @sack_perm={0x4, 0x2a}]}}}}}}}}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/pm_trace', 0x109482, 0x63)
write$cgroup_int(r4, &(0x7f0000000000)=0xfe8e, 0x12)
ioctl$BTRFS_IOC_SPACE_INFO(r4, 0xc0109414, &(0x7f0000000880)={0x981, 0x1, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
sendmsg$AUDIT_TTY_SET(r2, &(0x7f000000ef00)={&(0x7f000000ee40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f000000eec0)={&(0x7f000000ee80)={0x18, 0x3f9, 0x1104, 0x70bd2b, 0x25dfdbfe, {0x0, 0x1}, ["", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x4004400}, 0x40000)

5.870838138s ago: executing program 7 (id=2563):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r3, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
pipe(&(0x7f0000000600)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@fallback, 0xffffffffffffffff, 0xc, 0xfc7e9ba15e7d984, 0x0, @void, @value}, 0x20)
sendmsg$NFT_BATCH(r4, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x4}}, [@NFT_MSG_DELSETELEM={0x5c, 0xe, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x0, 0x0, 0x0, {0x3, 0x0, 0x9}, @NFT_OBJECT_SECMARK=@NFTA_OBJ_TYPE={0x8}}, @NFT_MSG_DELSETELEM={0x49fc, 0xe, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0xa}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x49dc, 0x3, 0x0, 0x1, [{0x290, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x8}, @NFTA_SET_ELEM_EXPRESSIONS={0x78, 0xb, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}]}}}, {0x44, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x30}, @NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0xd}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0xe}, @NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0xc}]}}}, {0x18, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_SET_ELEM_EXPRESSIONS={0x13c, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0xd}, @NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0x2}]}}}, {0x34, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_XFRM_DIR={0x5, 0x3, 0x1}]}}}, {0x18, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @void}}, {0x2c, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0xc}]}}}, {0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}, {0x38, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}]}}}, {0x20, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_NAT_REG_ADDR_MAX={0x8, 0x4, 0x1, 0x0, 0x9}]}}}, {0x3c, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_LAST_MSECS={0xc, 0x2, 0x1, 0x0, 0x5c8}, @NFTA_LAST_MSECS={0xc, 0x2, 0x1, 0x0, 0xffff}, @NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0xc971}]}}}]}, @NFTA_SET_ELEM_KEY_END={0xb4, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5e, 0x1, "a3543f9d67f207377925910c48b0f90f90468c7fdd64ee5a4765f2a93c6b09a94c39a61872b516e771d57e47754b0600676e0339f54655562bfd7d9939fc97d0a77b6f2e1f42cfce014d597daf6170fb3c3e423736fd581a67a7"}, @NFTA_DATA_VALUE={0x23, 0x1, "1deb1e5c5dc231822e079bba2190236ba57f9ed5fe38caffda67dd9f6af8d2"}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xffff}, @NFTA_SET_ELEM_TIMEOUT={0xc}]}, {0x1224, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x1220, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x1c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0xec, 0x1, "b5a15d9899016863edb450c336670e00a6c5f7abd4098b345aa3a416114986d1c5ea3a16151d517537147abf9764af31021e8f0ed0eb9359d5ece245b31ce6215f082c7a82c5d9e8f8b5d448955bb0082ea93146aa97ae062e89db4309916a71b8ee53525f5faf6aa257e87d24347b29c2437334ab6a5f6102f2c604335769f7bcf7ef4ab99428f725670ef3e5ce73dfe699d9e63e8f16feeb57917fec6e1cc4567fb1ff4a10549d1a12c55f3081baa6add122cdc0956fe9d5e381222b94b0ca4d9e5b68a16cb485d56db42506e2f65c16b66060ca8dde33220296e76643f4c1a0006804312a64d4"}, @NFTA_DATA_VALUE={0x1004, 0x1, "ece34c74433c7e7867c1b1e81ad93d060453ab60a52d809f18bd644ed54fa098ef681b0e422202d860da2bf799a811770d9336649b7bf0721f32d153a5e174ae575e899c521abdea7d05f6dcda2cdd054fbd7b61fae3ae3c97ac0806c77ea7fb569762d9cadaf194e07d9229acc16ce9fabf67877d011623cefe65975f2df73e0618928b7de135a913848501f4334fd314a507d19e1689ea08c6540929402ac463b2a8b50780914513055c14c25659d778b04bef422620e5a889b4013f03546ab692105c7f196d4d4a49e47069f15cad1af3a245a1c94930c48f2ca4b283708512602cbd9a97a7e4a3ea822d871ccdf1a501180bd57d4ce9e93cf55485c4ee01fe1651c46c0e84d000630d02718655e18c57dc1fba967667b88545a6a837b99b1895e35f585cd7116c200dd7e1dd33b6dddeed542b09b2edbb68f4a3b7f16f302de28a9e3e044f4fb3b0230e053c9dc8402845d7f454476d8d7f720a592af4074a61fcd00b3ccd18c44374a33cc91066e30c38c07164dc59f8ce32e3ece3297be9a0845f32520ba25828a209ad70777e10cc02cda192fe871e4b98ffc08c97ff0417c396e06f021c44ddb3374edd5c10e6c3bad42f8a456a2e0cbb315c58b209dfa75a7c36edbdceebd71290454894bedc6f8063afde791db8eda1cced8d26d8d7dd3715794d34a891c781f2a8e6dad97cce581b08532ccfdcc95291206deb41d18b9bf2f1140c62e8d49386d372330bc6549503c3b61fd86d1a75d262a10710883928feed7a2ce5508d69c7c8d4cb6a6665333fc8f9c88c96418ec2fde8c02912f4954db4f6969120de6b8a8a1e3563f1cee2f3a2702eb324eb22cffc0a2889ac8d9d881372cdaf2f3f678ce39630f85af6c2a1fd8bdce6d5299249f2dc6200cfff1b7be2743d3d3423c5cb8bfe5a360e1f051fda23c42bd4297b47eb221fcedc9a6955e85f7c7c8c1427732c9e92e6bd8078be7a8fab99c84ce47ab5f6d8b3a8499d84ae211e25e8c13567f3c941acc9462fd77d4c108ccd516e72bd3c879bd76ffafd45e5878ca13dee96ff3d603b7ddeafd62c03383c6fe6d0ab32d2aa3e8b2583609c99983fd538dd14e77a4464f21c7bde1812f9b4eb9cd6d28927ddea9dd6b1141c31046922528adec4be4f22042b7fc9c836aaf0747c311b4a385adecb9222ced66fde6b76196e16decbd9652b2aff6aca00df80cd1532f04f791f347942924f0126402e1731ed935552ecb4e088ac571f8ad9853474e510c49d31488e3e551afdd59c4806e300732725923fdebc5347849561f8a529c77dbdfb2e881999bd4324297277dcf738818489eb60f721715daa2fcd0afbff1f809d21a5dd48b95083fb47a86fdd3df02043c55dbcbfe1090fe98b7b17f41aa4224a1c452b4d4da6622989ee68b46f5b1ce235bb9768d93c9c90436ca5d83a3daf22973d6552417590452e1f7c19221d1f888ee3910246f9b3eae103c74c906a396d9a84230b4c98b1cbd6e0e58bfe2c1b1b1ee6b9591e3a61f3954ebc57c41e786cea9726003c41f817fcdf3cb7f66eda012512d7ac24ae2a21033eba35c9aa8f83ca0cabf1c61cf17ed763c854619c05628284e5880e45560520feae498c0450355d6374ee098799d24c6f29129e3bade4900898adc27d1d14c661338994a6fe5ce74fa5347309083d1a2682d610b3519bf35e1f56fc8c60b453dd9762fec7358cac1397ed94aa85cf78defc49628b0317ce1a00d30b5a4e0fd72d7e996f87e2fda6c52dbbdb5cec8326c8af3abae63020a553534a526d8085eeb4c39130b7473f02039732d12f24fb0dbff9baffad6a4eb47efae5cbffef20f0c8e8c8fd9cd21661418bdb9fcaa8d40907eb8881f85d03ae464d6a3b2416fedb63ae36fa70ea58a2babd29531b7f467a22f0fa455a1eb6cd251405b0126dfc4f394e2388a1a1adac639efc2f844ac3ba4213f312de9209c72effc76ca53503788c4e642b34262c406c21bc3a236287098a2100d36bc80e847f689f6dd350d07d3ce4a543ba86e63f6ed42ad090548cf231d84cf8aa85c9364d7ad033ded4081d9af398080102cabb27d861e94b8d87f481f4c850911c877860f3209aecca0fa8fd13702e7250a14917a93e28255823ab1f34629ae3ae0890e5a4e90e22e081e51e6dd90137a32b4e2e6ced089692aaf86590bbcab23bd02a62fbb9a42eda54c817baf8da804b8bf391c6b3354efa37c860a526b91ee098731d016ce5aeb3334f20fb062ca4437948da949b109d4ea0ed43171e9217531f143a229765efacc3b320fb2b37f57db5f33278567a40579c1ccb527040a82a30903e66e4f5e26e2cc7818fa45d4c4b2d8eeb3a4c5f1e700ce45d174c91474f4513f9c540f79b16f8d6c5e1e51f4cd8b2a6ab80a4e066ea4cafbaf4da141ebbabf9161af8d8fbb157cbac67a2f7872e4fd6e13e41ed245dab6be5ef55350e64854fa1b0e7a74050ae86a3cb81cca0c679ebec4efca834be167fd110b2acdc57e0aae1c56bbb46391e85dea9c908983f9658361918f31660faa867f57e8c53d3978a6e856879694ae5888fc88f82ff3ee8e3c1508f6429fd5233c4601d84dd9819a6f465d20e845dd26546f914ad9b1c865da1d8dcc8d132dafcff5bb5ec5cc4e8cd9c24e70991223c54b0d548d5d9565523ab6cf4c68aebb983addbfad9a2433234ed1843566a6048640494500d13be8b721b1905af9eb77734b309109cbb4ffa74dc567571761c4c6f929412bd7ba0f1ffd023195b77e2911bc7c0273f3e02a5d8bbb030b64e623985fddd7d7cb6cb680f98124a7d22bf6c9adfa079808a91f57ed6a8aae62227d537ba4a1b895b3ba4f1705dea0a0ac85a39a7a49eed95af4bf9538cbccff8043c536377546c32c2964f7e0b95fc10d22b4f5e2ba1738d6275e3d2064df7c71f7d959b00fe7f8f1e8fbe62d06eb307f03f677d5819219f87b648d7e2ea7b2e38a64f47358f90d57ee2314f338df766a709f299a994f75ca4ac6c028ae7ffa85317f969d85ded9088131639892d7d9b3c1ba2e56b9ffa11aa81b81e651022a0dfb4d03ea6b67b242d36c4fba14d9150a229a8092a4d6eeeab32a87488feb463d1079830b935b4df3598d408786712bf160a9087b0262a119bb42b22678909083b95b216f2f71cbcf4f6d850112b710eea7e05d86e1d25a6e75ba6757d072dec4f86ed2983fec5cbb720e1b82208c9572f0b334f07db62d8a14e9eb7b0558621039e1f1b8cc3ebc64756f779f76d22ba45b4f6483e8c7228ddbcac6a77e491ae679ed8b6002229a2dd38572114f37254738b6384f0350ce3146d306f4a78af04b676e332ff25bae71872a397d48a1e3a45b8785ff9e26be7b528c3f6bbefd331842de89c62b12c37f2fce3861a7efe5fa3fb7feee865b0c12712819ba20397c881c4aa6b75ee9f39f98d4308aeca3a20f31378315b2b93143ed42b29cdafd1ef230770a21ed8e98b7509d3815050d0e63dcd07f3e6a59279c80235f9ef81f835fc6bba66cf86008166be6098162e13f4c1be428e11cb995fee28e3f0936796d1564f839a287b30e4325977c07a2da5e5648339f63a1fb915c52bfc372e937fe6a49e9ec861c55602caa01ec1d10ccc68b21f65e042cc01ee6b1f11a7aaaebb84f4cab2d3c5bb423d90ec55bfb4f407501a017d793080adbb975b0fffccfb16992aaa45ad9f7a91478706de8e5a5582775eef1e87d1edba6a3312c63053a4822376981befb365142e7e05a7cf8cb7ffa65dd48b133dd63f8fadd6cfe9d412461ddc38977fed68f5cf51e675510a560a8708e8420385968d26ef426425f22af973c6425aaec0ec0012f66f235eb6c41679f915a0193616348e38e10b5e694ff923fe3637e050d3351a8cde3cbf276d1d34509f512605ca98aa021fddc5a938cff3a892fde9448df0c796b323853e25b838fbfe58ade89769dc16dbcd00be2f9077ecfcb4f32ceeffeeae9a33749e415395f034254fef8cd6f2b7f6c2864adb1407fe653558d85f89f5e4437022d31bbca603f9a320f1eb622a993762d2c6e2e056d7072a0077f64c64db78143108955345a55df94d890252329625be8fe3e17686157e0baa4abcb301c02a8cbe9d765ec7d76ce05a7c258ef2eb2b6f1eb31d656645368b8c3667781dc804f8e3dc4666b9a940bd88b5fa4b0a3d8155bfcab95ac0feeb1a41283f7ea69993da39af11643e2b3fa254902cd4b63bb965de4d8af59aa7e1b103ca634d278a1b6826dc67ae9d1f7e25204601955d2d0e7adec2be369ff9fb0ac614a503913845278b90e359c20721c45914d8a12e9cc2dcf0351015db3f6ba07786d222dfe5ea5d1e518e16ce45f4ef9a98bf68c7f0e49323f697765001aa9af5d5ef0d3db0178ed9b55ecfd6c641f3472372bf781ec833038969ed12f58694cc9c21cf948311f7dc006cc744da11fe6420300b1290d7b043c5877cf7e443265b12df051dd3b4e6909cb04929a57b5e4e774caa1f21d1d2366c59fb52928a3fa615bf631fdf40ea2413bb6e7f68c2afbb0de3221079d704c4def2df9063efed5d024642d3111c0fb0154d31b9b01c72eb2ee3aab1b85fc32ddd3235dad6472e56baa55a52bbe389f2964c31526e32f5efd90af2fbfd5a043d3822858bd6b6fd13883bd1e643a2608535cc463e873bfe905da1cbf3d39c6a1ab68957200561d0854514ea979ebf2092b54b890ef0e084d78dba605ac0f048c66e4bb214057dd4406ecedaf5a62da3ba9114ccc6ef53d1a0bf6d9a0f5c8edd371184517868c32a37d41439562b414d722941a1e8114e347d6306fde5705111b60c91e4b4418e042a53201ebaacc44c4e84191d6c2b0a9215e8e8d1bc13963b306bb1b8488fdbd436ad00428e6291f4a55129fffe4c36ab319177e9fc564113b106f411468693c326b15948fd888d090d5a313785ee5d3c76605578d8f9d0abf3918cd34737bbc7bda8e1e46bdc441d61a43bf90d47b7a1ab7c4897457e2b023d0ffbb37688fabf2b565227bafff63de0839fdb2ecb943eb30ed4460e6899622a3e908d442aa27d27cfdb476486aed61a2b1ac7825fa8b660b119cb2651049e6d1daae631f0a2e34f3adae2eb752917252d1de8d1932b9d1a41032c0704200c6679c7b3c5c2fa1ae645c2ffd255831a6d1b6b47589a2c1d3e0f7542d518073183823e1de053b2c5ba4f85e5e3d0cd706245225f2aa830289deabce70f9e40e742e5fa691f17c6ff6805f52582d3a16ff08e3b877e898222f7a86d78605796957e0f3e3cf584e0024752600c6d0d4e1e131ece39ec5884f8e456bd6bd8d539d1ce95d6291cc915b94f5665724c8de06048a3dbb679c296093e0a5300063caf7a8aba9f8e8c97875db66adf677786694f15f87e7a1b3838b5cc0f7962a09204ba1cd3632f3f1db9f141f950a7572a784a77776f493d619c8eab0a7a8d00c34adbb34d60f49ec98efe71060c6c8609daf634ba4efd5564e591bd592dd6e04579664f47b3a9bf87903e255612ea6fa964a64132bf063b01c08a778811b5d36fc09dd0f6728b4dba6ab26253fa0de1953899e7ce0b4c0dc1d8895275b0e0a6d31893dfadf73765a77c71976cc4b18e3d41fb7956b1c15972e867bed69f058110b0d98075e0b4f042b3baf60be2c3a3a2a408bec0b1274d43b95d654d50467cbe1f042ba403827a7b5daf4c047577189d218755e8b24355265c2aa137282185e2c911ccf95b23455496cdb63e4de263983154ccb4ba9ddac242b8ef2e53dcbeb9991b550a0ac401affc5e67255877eb2e9b11154e"}, @NFTA_DATA_VERDICT={0x48, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFTA_DATA_VALUE={0xa8, 0x1, "28c42d579c56d0eb3dc1fc96c9ca904597b29b98cbb5af49a774400a7783538ccfad81d5725a052a1df4ecbd394e1d5ff2ca6c4eb8dbabd4288afcdd927bff0873adeb333317492f81494d042d2baba3fa9a08ec85165884636d5051d25a1b25c430965dabf42751b99f0781daacc7768e7524b7ae39fa2daf640bf0af22bbc48a0b503ac0e90cd7ad3a2443f61c86a7e0b52591304c24ff6aa6ec7726b23356a887b709"}]}]}, {0x23a4, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7ff}, @NFTA_SET_ELEM_KEY={0x2348, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x7ffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8}]}, @NFTA_DATA_VERDICT={0x5c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x4c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0x75, 0x1, "1d5f826d9a58e75b50de03eb6f15323df3dc192ad75c97b67f081102523da6bd717936f3e52a9daacd6dac5552592fcc4d0e5ef8e0afd88ea0809155186bdaff1810e5b9a6b26cf18d536d8c2021bd5896477ba250f736e0ce7270572b1a49ac39f91d6c1578d95d4f16eba7ed38363d00"}, @NFTA_DATA_VALUE={0xca, 0x1, "421b22362f87520b9df68e27a2b7e1ba49151b34dde86e971bb12ab36e9c6fc1d3573550e297cfc91659c4322a7002dbd90e652a2029a9561ba8179f1b6589e6d81281a9395c9b387623f72c38562734742a26f56ce5d15c63ff6584323e64e5d71582bafc4dacd3859bf77b4e8940f922a9f26d9f0bc50a4ffa1a3fcfd6002a6f290bffc83ec59696fed21230667041f6e4e6c2f4beecba0a8e7d514cdae910c20624068de74ca7ad3dfc4fc7150b90ae00af8a5a50576bd1691574d0fcd1afb30352d019a6"}, @NFTA_DATA_VALUE={0x1004, 0x1, "8e8f3e5acdb6f13a315c994686c68f9f5add5d60a6ecbb02d19710d1e0135ad186f28bb720eca61faa7b6e106532e0d9d291a7a925814e809193655fe8705601e54ea76e7ec2a44145e6411685b5f8f68c2d45d7dc62d6879bfd65429dde644c57c9be859a28585660664259c6d55eb3538de22356b3a005586e470c5449ed1eddb9067d32a36605b08e78999d438f211f0d36f76dfc871f1d97c52d1bddf34756a227090f10f1ea1b01dcb674a7dd58fd408c78dbf2e02df314b21b5babc9862d945b089f897e96dafc840a0fdaddd669ef9d19231088e1d65b36f7aec35e3f971053195fd64bdffd243138fa01c7573824e1e497ddddbdba9cd5c140798550dc2fb64c720b57508b38b84e70cd6b576e5e2b1d1672b6c369b2180a63e648fd39b3c4b9b084efa672e7ca4ec4bc2d84a9e28a423729fda972e8212c82df68d4befd2e5177922da4d2eac231acf6cf4fe29527360efe54f959b1c0402f969ab29c3e9937652fd062a7bdbabdd8e45a079d4eff9e530c99af827aafee92bff2cbc9cc663f736c9e47f290a4850cada885bd8c7f489954d9968d039a15902c6a31d901c7800d883064078b2fe0de459062e4c664fb614460d382ebcaf31039da08c9001c6687401d01569c6acdc4724be5ebb67a341b2133b8f37534fb2e0707152c902312434906f4c7a7b89af61348907dfbf62b2ee191472caaf8b7d3f17c15e0781e048d8a4b7dc980a625bb5bb95426dc5925757e0b1f8e50cf4e4d42df9cbddf9f2102fd35ab82566c2299e03895d723c486bfd58b7c8ebf8e778cc10bf49ab4723842e6b458f9c953f395975439d090ade254ca63474a76164c191fc95dde20f0f5ec00388656f2f74707be35f48ffa9e3f232032a2fab88e9bd133b6e0fa2906208af92b442af18b15217399c55d70758cc1c2ec30da58f08cf563ae8ed364fafe0b3d951f7cce1a20ca8823f65e1fd8a3e2e310cb626dceccbf4392e72ba24bfe23b99bc139c44491c86fec2e95ab2372192745766f9ea9bf17b291289ef234acd78126e4476c0ed23ebd2926236388910ecb69238c8cd4d377ea5b9e33a405053b1fcbac4909616d5eb14a7a566df1faf66eb83e917b9b01d185e1e6e882e4f8aff414e51b135bde292a19488b5bf9c2328adf0c07b94d1ae6f71fcfa52a3c235d0bb489a1bff78978531944197b990a1620a46ef4cf8a936d1be8306886dc1fedab1bef7f02c5871a847638bb093d0668a3c4a2386efd5a2d50bc6fa853b34fc412c7a589c4075357feb760c3846b3d4988a29e2c4c1e0df58a4757c28cc1ed1eee66bf1b9d899c82c5b29024fb9a09fc6037eed03d0f49b6643abf35f8573ed3b346b7881c2aa6b1194a2f352b409e0bbd691d3ce9b3d650bb3bb6fafbeb97deb86e38071324b56cbf374eb51e3bcd01b017b3e7e2819efea9ef0228eae495193e3071aebb6db318074d4064989f664a9cf24e9713fd71a639b9137a72d4783b146f0fdbfb485f741c6acc9d63b60019e3ad085b4f0f8ae5314045d9af6d3d0c387fa6b3bf53442e2e889dcb9c566a04ee52e1339a76cb7af569f9bd377f2794619d6eee9bf446ee276f0f0cc1ac529df8cba9404f5112caf92133175b2a3f049d4e46f8a591963b65e593926cda7324508f5664183c931463f3521435bcae24fde19c677f40b3a549c317e86f6e16b78236b03531eaa2bb4c2290b014f0870935e68de1c8851608eb59cabad4387b5f0655417016b7fcd967fa44583c4bcb983701940fc8ffd449e98098267087ac59cbe84890f7a01a191a4e0bb3af1c470b96d0948201024c2722a04d22008ec779290992de7d872cf6abef79e2b096c31fe65e2c12dca5c6e193684fbf9ee5ed9f818adead84ba6011064408bfd1108d8140c7f4746a214d470e5863a961407b08765b0b328892cb2f8acdbb42d0a19289d09b9ceb9407d57cc56fc067ae3276954da02ee9899dc6ccd00d5891f1ba5b46b2dee6bd9c2d7b3de342ad8e101e5dcae3a9560045c0778e5a358bbece8f377ed9d931165ba1b4e72da70cceae3fd2cec86bd66bf213aecf8e792c9dc48e5cc2d272b6b3fab804273184de9aee1b582acdd71ffcdf22b267c45a011d6d23fd8e27abde06786a0ffb91c7bdc9c47995543bd52de02dd6f45e91414324e85ea69bbf8a03e61a9423dfccab72064eb918a74385a0d2914bb8b162e2d546793f627ac0e191ae0923384540da24a5234ea28188049a16c6b2f6811c49634baa35c3a60db991f2d23927204955f926fa9f113e99f3aed6f60920f63611804e8df759b938e80ac6a03babd27cca3154e236ec2e7c1e32b0e806ae0f36d8ea333b276d8b045c7b2a32e911e2369dabbc48f1d43ef3ba3936cc2613ad7d291c5cfb4d2b9549895d15538aeea516f8002714389326d1ba0dcb8c261baa512765444ed5d4346b365a72603902d53f9d86ee49172c548d7cb205050d82fd49659c39c52e1ff67914d0c48d765e184d57ec6df8e1484d1d7d0ff7420b7f72eee3dcf285729e9336d83cad21e17b3d21a82ab293fe1529d170c035d0bd4f6f015d5c87f7d5c24d8dd0676857a854a40b2c9caa7ef59f68cf0252a86605fd9f40853361f1efe7d9821d1362159afce002b470d3d2568f8f8f564a8992ec53416e5408a94341aba80e2d75b0d842314397843481dc547183c2cac6874dcc3256c1f6ade1eba555d28da9310f55afe741778597881829c6ee15e309ffe592fb18273f5c7cccd6721405e82fa4581a6d2205e0d27d9c7655a2f154bce6a81eb97972d23ad0c9a6c264c16da6a2d362a3e11a118f1376c46a21d49a20e40f2605d2e3972e77a8a55dde33743a4e33804a6640f6f4ad5822f803a0cf1415840404b84ed816bbfd2f5f21264f936b98f7f3ad1afbb18b32584067ff0c432ec0cfb009b74e46ee41efc0e89b8723bbeed4e481f4e0f74aa24f009025adcd468b0a0f18fe0c4a0acd7c83c614ae08ca1375018e67fd4ef8db864423aeb0fd403809f98e2146d9583179f14e1a933c651db6cb1fede15b56635be8ee2dafff07fc91f494256ccaaec13fcf32655479d0ab86127331e69bd1308d26ded627bff7c14b31048adbd042bedcd0d4a8a7d6db380cb2446d2166561cdd140c08b4be25ad7911a434862f6075f6308e8afb1b5d2254f13644a4261c06b5d53f82f41d8fa88172d9b90445cb3ae44f6f7d4fc453cd21093b6f8e5477697de351996cab0775462ec78f5c52effa83b8428dfde5689f73aa1ab14e002af4915630dc341b2092b4a145d47f40ff60078cac9d597fa468c3a4efa63e3c90056e444d654e8d28c871d22de7911abc79c24679a5f5715abce9225c70eb7a42eb15c9a14323a54bd692e8ef7244efd46a79197afbea5d1f21b4471b364cf96c5647a3c3bfdac80d226d26cd7d4969522c25a976bf951857af5035ffc1c11649a360a79e34b7fddfd6a82652f865488cc01866a9fbe98ad491be2b34b8fbaea3984d6b5f2af33069c88c4e219975cba998c88623397e659768dfbca82868080cb5e77af2585183692954aab32cf18611c25c8763e8b303723e90c3ea5e518d5df401d26553874eaae5c939317acb0a204ddc92e93ac8110321e26933a862daef665025a9974ae38e8759ec1cedeb1fcad1b7f5189e82d6ef823695bc566492b7c4cb296147be3d8ecb6d958787d5b5e535634d77c2a09dc0a912d71323db3e72df72c5e649ba0bf65ec0a2713586a677724b37f0f0d68f3d42c93f02eb23cf222cabe018873f191eeed2beff697d3a3b5c17303f4be296b6e206ee1bad75940ca22cb6cf248cdba461bf69340c0bcce4c52626bb4d3d811055d7378e4f475d2313043c1459f92ac3de8a4c4d7a9253e01c8a9c85f267584e1f93ac3b03f4cc2e0480b6b4d3398561285c73e115f316c94b8419df47d2212eef3cc7dc9ac8c2b79fe93b5e8aa7aac5be6f944ec52e944b39c4d57a0d296387b6980da653e02227fe62e89a9ef8edbf7d32879dbad7c250e596dfb0a5b2a705e2798f30c11308267fa7f6770cbb127f70f50f4fc09b2fcd9b143aa7b00c110ab0d4a80515db4c1e6219b5e6e46da71206d7da667076ca39f697b452e32f23ab6908db53bf36b19a09c97c13240cf722f1e40e14812b232f29b9587e7206e481e193c1653da50e40a9a065958dd80b5e28b534d5acc7310dcee8a65bc495e7978e831cda1f874eb7fa8fc769dff38857a23dc7a9d23f1bc89c2d7e38ffb6194b7825a6839973fea927c04e5b60bb757abb456029856c46f854aef77649eb9035b25e5c34a32c3cb92af3234d9644b2f8d7168ec042e25583d005933748157c3c84eaa34d4973d12d98a424006e3d932b1304b9a61c1e8abaef848522190390559e3adbaf05c3e378375f893801281cd05a8d2dbb224825cb82070adf2a102e501033df6da14ef923ce6e798e2efeb6f6d4e90623d120fc9afbf403efaef571c8f5700b82c94a65318a1c404c9cc7bdaa045625c83fdf008351fee11a96fbfb7a5887a1657814e3e7fb531a9f3caf94afee761b493bf38a44a4f61727352a98b471ffc858b0eb39108094ceef15d08c455830f55161c6ffc102317fb8406f30cb21e23fb2cca26248747c46067719d4071d36250f01d4ae5ac158ff993ef6725781a9600d9e1978e8240a7d1b03248ff2f41b9268406f1102df50ae708b175407cf0ea4de08a00568870c1aec3072d85ac7d1371ddf9c54eeb7352a1768c68cb2bfc040bc9be84d8e3ba638585b9f65b9b2111bf0a21b8c2efc503ed00a22570b0c226ac783e500c5b5bd669587d5d5edbfa582a49c359932e8a4e986b792856c8fe1905904f348fafce38fa2e89bb4eefb7c0dc65a8b9a4bc869cce5fe43cca0249387e7dc4805802a4875edd6a87a6c6f68d66101a7e17efb36facaac4dba4484977b31258712ec5e59dcfb94dd3d9f8c4b6638ce7b2430a734e7b11f387bf64e3384b4881261088a7e45a4c4389222b030f6c1deefd28c02ccfab80c5b9bb59bdf9b62b40f1557fb26ee8c714a559a0cb57f0dd5d02747d0cb6642b1eabc1e7610f5b2ef8e270b91a7ba8e63136ff74497b7761e2368a296064419a34abe51806d54d191de467cae05908ad2dd4047f81fe9c529e1e0a23d331d8144ecd417170e46bf1ddfd5b6221f9ed515bc1a2f219be2acaad968d0ca48f4aeaa03115ad763f2cb186e6232d60da557c44abe99714988ac788eae377f8205a9a678f15228d72b13893e03d1aa51a2cd0e1b14272e514eaa2f021487883527a0fe05f88b9f4ed677affacbb0ec75c429c962448e2e8abb4d5121220de161488bf005a5320f97ce2f8334adaf4ce8818378dde37f4d73fcc4948996b3066b99db9fbfb2ebaa51956ed5c1d6cddf1d6c3768a10b8a2cb628d6553f53b94e124d24b70affc69ad50e30f80fe1a7db9eba7c123e30154f6b625678ee50293d115ffbfe94df90da84498419806cdd1edd0dbc337751dc87a57c56a53f3907d4ae9fcf814435c2f0582d88dea1ca05adba4e20a6d4dfc933aa77862f2ee2b507d08f29ec6ac3ea3dc679ea4db042f0dce5342520835dd92b0f81d1676d5c1a6701240d1d50fd7d59b1062494c61de9ddb8db61480b32a46444c7ce2e156c0022e922acf0662620499919d28f2fc7c945eecaae76d4f2b83021f372ac492cb455d6fb7cbb4fcfd370bee4bf40991c1ef070043026a5f4a1ae1c5d29bb1e7f751918cd7fc7457d0712d45bd90d990ac1fc7c596f841a2b215380b39716b740"}, @NFTA_DATA_VALUE={0x88, 0x1, "22e68f21a8e74e5e682cb1122a0de201f4a98b12000eddac1c3f89dbc250dab58d347e49d420eb69daf7daa882b5233390b78fc1d0452873eb0c6fa919951918ce2dedbb23073165ba97342dc23b1019d6df41787065025905e89bd013fd000b62f255da285c6715563a745cc15ff33c5c620881f53d970eb652d8f721ffd76fdfd4dd47"}, @NFTA_DATA_VALUE={0x1004, 0x1, "0b20f88bf6eb5e97f59d43772f0675685a1cfa3a1f4e1d234ab3aa04e5ae04cc8f1fc0bf38680b9548bc2c45c4abf70092113a9d75b1882eca1c22ed0ce00f7b03c1fa2dc0c77ae9411cf86b5d4eeed19ca0f51aaaa918f81c78da2fe667bfef2ac7bbe6dc9adb6dac59617e8adb212193f6231d57747ca5cb7029f76391e2682d47c702b17bc9b0141addf5396f80750d135bb5fee8a727b823e130911159cb8b715c46c9b7980d81f24599b475008dfd45415e55e2e57b61e1563f1aea4ab8eb8c1650feba235959a4e4fa5d70b974e6467be6f21a189d791786a05d113aacc43a8b900f3e3b7841c03c7fd45665807785bbbc5e881ced3c8dcb7956177b9371b504dd324fc1bb5c82c3d68652e9b5bdb9bfc80d3b2021884ecacb55d0d07a15156b1be0f42de756f42a31331390b9d45fafe9aca22cf6d30e35169374ede8dd77465fbdf90f615ad99df454793d29e305e5084b11c4f842f3221cff236bd8af547b5762b5dcbd5c6140a95efcd4bf1114ea67d643c1fcb64573340dbaa3eb6681c1d2932b6735d5ed649ca4acbe96bd034343be014b9c21d3fe9c36d38c9f657e178cdca4dc48d6d5800aebaf91cfe5a33fdc0e0f35a020554d1fa64d7fc1897a9fb1e26f0e06cee295ee56d22a1cbcc4742fd520a1b37b028c3259c59d6a8611545de8e7c4a4b07a25644c7a50c388878b65459d73b9c116e028e9af4d3f28f93bdeefee3facae0cd3f3ec4124ea3d8a4b1df6017daf767f8af53c41ea1de380f4d0e2e41b6299f9b4cd255bb96c4b29126c2643e682c17f509246894d041595bfa32608053577c94bcd2549c7c6dffe761ecf9ccdeca8dabab0a502624849dc91dcf3aaa9ba95866a5222748cc5f4aa8f9ba580d926700765255863c963dfd2d323d0e2d90ab8e28b37e005bb36fca01e36841b5a3152f8da707cb328c257b830030b39ea8cb91a3e5bea24a528405b98c136f59cf8c1b1056771aa9fbc96a0891b77ea7ce1fa81d4d8fbc86e12b7ad97f6255e14d977f8daf880383a576384c725aa9ed1b6cd58f7c5a2d93aaa7ee1c753458f0e7dc792aab676a646dc34e5ce541dddaaf4ac06af949de93c4a856a5790c1d46aa18d054ceddd37fa0f7653db49d8195ad7535b79e766f5b5d0645e67e7eafb829579209a12df5f087ea6d6b922aa61bb2843feff25e8ac09c58ad0521d2b42f541c24342a2e5a1dc387ce4dca96d9158296f6cb141038eb7200208a59e1814cb32096052bf23f3efa1db60c5708fd367301a9b389839e81c9dc38ebb7fc6fdd8ac19eef91eabcdee98ad4300dc2f947db40bf0ed2feabadc0cc73dc17b15cf312d7fdc373e7f56fc547cbcb3fb7712b3f95a015a6464456ab1d08107605f39e633276db6e2939eb3d49478802b228d94eac7db947ea43ecef75aa7c88626f53bf289ccf42d992e79a029956da3f722d8e453489c966607752b7f73c2dc64527eca4afa2555e21cabc6c5241b39ffcfdb398322f3a2c00854b7d4ea82b16a7accd5d9df8ed3ad03603ce1b8bc4fceaf9f330f9f84e78d30229005313cfebf1d1b7d3e2326e9d435ec32bec5ae410c6befa34e95372fe4098b19c3c802d2aaea40cea9f961ed82edac9aa1f6d887823377642bbd2e771bdc5f3acbeeccecb3765528af6b2d7f2187ed31338232e187cb32507565bc1f677294ce972461d079fd80268ec5a092314c0326e9581ab526be8ac7b3e92e5ab30b1cf1fe0c57587c51382300bf27b2c82ea84983a4a4d84238449f15b3a496e84ed5b075b3af04467cbee6e3a24c1132cd0126b08babd3bf1182f50cc828df523e56b9fcc257a399941a999558b00e4105c30ccc098f3ac6e034784c1ed2211d502f63745c1b419814a952315d1b73dafa5fb83b9c102d4f3b309a2dd1a530ade8aede1ea80c02dfdc2c67c5ba56fa8dd30c5776d48659dc6a12c883edb8c3d3117f719d16556f16760c7ca99a831466df19026d9f11daec04c2932a23e1c8e338be10f908dec38205c9f184c5d00dd6235b06118410774d6f9f9927af90152c2b4c770285a05d247d0cf593b807a1c044ab10b273cecf61d127f0924006a321e96d052e8ef732c9f1f0932805a9514da2adf751c37ce72ce38153bf3957609be4cc6bd83f236ad51be55d8e0ed15064d6e682f3758fdf98c431c9d6d1d136cb0fd9c9647107c0a3f13e01d24306a7354f92d375afbeceb64c8e759bf0bd1454abb6948ed369ef73ad145ce6030165bfd125c3dcf4883dce2dff702ec6dcc0b2a9f2ba5f032237238b2eb96622ff3e5e2688d7738b4c0424b7c17faf6250bc0203ff8ccb38b0eaac5a355cc2a9439ae07ed74596b950543ff2af909f9c3d441dba96eeecef507c54b9da9b72b8f68fcb43749fc9b658ac722138d99009ac5d3ef9b461374e83d09569ecdebc4d98644a185e0b3db1c7acc913215a8bcae7ebab4b5d6ed8b44678baa2a0d0eaf42d8991cd830efc07157a6640551c51567cc42eaddd78e51eaf305e820c30beecb979e88816ffee0a21ab36076b5bc24a2d39c3f8a47da7544609dc19eac08f77640283cf35c2217e262d7f2db8f1ea009db9b3524091dfcd083a1fef708f34c2a28543fdf53a3832acac27b84d290f8a99e9b394819a768bf9cfba8d14e3127ad70f8db4cfa2450ad7e248a5803b828f02517db5e0849acb2fe6993f5056d85f7092c2c50fcb955b7377cbe0d3827b94cb61eb0fe14ca1b1fae969e845e1eebb10173e7c72d18afd1da0b88553076c18e8a37779229248d5b837899f89fd93e6033a314a512a35bea75f3aa73170cc75116c75ca8afb219220dd23d690caf40fdf4ecac54eca0dea8f327d7c35caf4ccbc11c14fdd7d17dacb977f3031dae2216453e88ab3effdf695fda0fd1b33e04e02e5a5340018848e68452942fdfe13caecee7d6e0957f17524a7da030a7c00951b85ebf1d4645119b1f01e6fc0e0f69452eb5c604992545bb5341ea0422fc88b233e6a0f69cd795c9d81c70c15db38e0dbfdc09a177510066a9293ec57ebb4e4b1a31e677d33144dca7ad386a6527e883738a0108856345899e63227b4eb469674c53d795a9d9fff4ae725df3cb9857dfa8a3210d2be412aefc917685973a8cb7bc3c13137d2d5ad34402be63eba2a6b5647caff51961e94dadcee4a1e385fe4a3053d31d71c63e6a953ba7004f41a0f0ff1ea4d0f20b472e760cfd36630673253fc0961b33aba5e66e4eb5717a882ea5b885436efa7336f873eb9b709c2e38f7ea24c9cebeb3d81c62a678ddbd78178b34dfe033f3dc94b3b31594a9c88c9fbb6973adbdce10b37eede497bd4f4712e1ead536fffd16c66931830748c1237735981983ad92fb1048b13b62ad1011b82050bc7810e57d89a08d4893368d826661a9ef66517bfca570f47ac7dace66318e63573542a9eb23a7a4aa78c7891531c42ea8ae1a168243c92b9d5a3b6e8aee91bb8c232b393d04bac729f72094b441e66ae1fb4ab49493af9a9562b4b6cee80da087790d37ddcac8f7ce6ac21c1492cbdd4fcaa84ec614e7b731b3ea0f698d07666cb4dfc6d78d65d75348ef28088e570fa00cc99b1d2af5b504814b455eb774991797c333e37d8fe1e693f5f84c06b8ed20277c8387ceba610dd42b59da9e6c9b0ed9ec620aae4e101d299fda84d92e4281788ff61d0ea295e07e9159197a849815d88a6eacc9b6a6b5a7f45c8c12d3fdffd30ed17ac38fe1248624e6e339bc6410b4c29d62646022c11d15eb2501e67aa40c89a93e640e0321686317ba31254980dffbc0935eefeea4ab7faac7b7e9ed22647b97bb7632b99b9686d6f26a6079f4bd374f6c4d970b05a17d27f74d12786c72b002df06ecd737eb44e412c201c27483729bc4fb4cd8c96ad17ff50a024f86ff4c4e8caa72663038cfea04981645ee48500b844fb34ae9acf2ae78c0d96b4df25eb9c6dc3bd8254714877fd8370a30bd38adadbc17872b8a1885d20663a0bc2b14e08eb6c182a05a8f98af017b258d2540de7cd56c8945afc7b15814cec07e1c4bb290753389b71d68d18b75d83cf7627a9b3d3b74af8316e1a7cc3eaa553e210c26048337f56c37228c8b31cb69416edd820863376b8ca512431fdb23e13ddf7386657ec716ab9eda9e02a036b66ad800663df2172397cb30efb7759aa8e73eae1c84023cc48651fac6bdb9a2cf142261925e24b7b5b0d467aa4e27f28a0d9240325fa50ed26db2c19ee0179ddef07d583d8c8f94256a6e78d74a847be138c60f6f3135ffb7a0a42937a1837d5974d9a93762345f1ceef7b1e52bd8c6bee3f85ed24f4d7b40a5151b8d8d1a8c558e793b9bce819355cf55ebd8d9664319057b71cd415d46bce9e040e77ddfa6fb19b962e2bb57be8fed6276943b6adebae0256406e3648cae4d3fbf214e6f8b2b754de32330064c86d2a645616fe2857849c0fd97b622f08930de6c405f40d7c1fcf154ffa384751e99623f7e83441eeb80bde25540c2c4353fb7feecd18c7622bb1a418e24b38ee4303b795f6720f2c83eeade1d64e087f7a239245a6a4c1da071619d4ad63ab8f27c8abe76d991b7a29222f3dc55ee05dc3be5cb4ae40a8c034ed02fb296cfd7cfef73ade690c69241db7a1696918a82b59dcd8623087fcdfcc1248692be11249463104ef0ff9b709fbdf06154ad94edeab375dea44f9c52bb6c2b47cb1fd65870f2123d02daaf92f8d84e7c0a92ab58db41143a0eaadb38b7ac780736c89e361017cb5035e1701f3dfa5607ef9d3dcdfeb8bd5c7b3c41b0bd034030f84696af664b4fee27f227cad92dd407a9ff6bde71dde73db53996fcb635827eab53ddba1c0359643e46c2f193fd01e1e3a665171579190ade700e69ac10c18c6f2abd4c19d507795701a05cf43f06cce1f3684d4601a91cf4c53f6dfa2ab9860b58e9901b0e93d0e09914914bd18d97a1de1e302529af0749b894faf9016fa50c3f8d4992814e38eb2607ebc9e2b25695316de6735eba11a096c77cfd29dbd05488a8be1a80cebd3da89328b53b6f411aa4fae5bae65dd70caa925a84c21f82cf79654aaecf2b102ccc4216604dbc6da7702eb8b633c3b12d2a687e8366207c089a26d0b339b9eb848316cc617dabe7487cb845d6b44102f1c95ec98407938d6a23ec4abcf67aa27853f300a4b562127045b1e7447b56cd6b428e8d4952596fc62b82c1adc7b9c0072b8cb00231a75fbff8aa9aa40c4430d20dfdce0b5d6fe49d4b64f50477efbd36495ec959c184c87fc3b75b99599428b7b69cdbc242123a0ce83fef1ffc471a7ce75ab7b7bb28414c3e4962d0e97ad4303170d69e4d267d4b36432cc987691d9a8dc7807bb6e3c4f5df03b2894a803b1a67ac2aa6d434308b48c04226bec81978d1999fbbe7f7e9454500a05043a5291789b643aa16d8aa27456ded6235a4d4a09e5234fcb7c5ebd8ad8f4186848a75f427585555307d6ef47747ee9839d1aa41e3ccba4a0d7cb71d931cdc6e80cfecf40441138d96044ea569914cb8e6f331f29d49fe877478e83b0f01d70e22c52ef204a6be7ccffd2d32569e32d966b869981ad5775597ce640261846e02b201b86ad254345c8a48ee184e2ebaa26f5c8a22421d2bb861555f81cb0963bdc1c46ae987fa0bcc99f27d1f06732da6d937bc2aef7165f9a649bc2978b6b1bd0729fc5413e400fd3a29c3a529f865762a5da91af32304d3902f1a23b04d58a5e282479da8e763a13d4352ffb32b1d9780c3d73cbab49059bda11623e3960643dfcbcceeb84f83ca657e03322"}, @NFTA_DATA_VALUE={0x4c, 0x1, "5b22c2af21537be8a8835858307114cee8d45895b366c6cc22b55f711c2d4cd659c0c13223817970290625dcb3d524b72411960c9d425ddd13fb641275d3d3e0d85972d065efcd71"}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_SET_ELEM_EXPR={0xc, 0x7, 0x0, 0x1, @fib={{0x8}, @void}}, @NFTA_SET_ELEM_EXPRESSIONS={0x40, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_DEV={0x8}, @NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x13}]}}}, {0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}, {0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}]}]}, {0x130, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPR={0x1c, 0x7, 0x0, 0x1, @payload={{0xc}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x1}]}}}, @NFTA_SET_ELEM_USERDATA={0xf9, 0x6, 0x1, 0x0, "c6241352605b316a70eb4772bb98b9dc98686d26be7adfe63c2b6028aea48a4396ff74ee2b6ba418b91a60529b844b72302b94f4ba4f9b0cb625f0a702ee76c44d605022a2152a12f18706c530fd7dd4826c9f66c48125b50a4847a056bc453daa92cb1dc1f23164066917af25655873bdad71d27a70e64418db191e7db7e9e4ed9e4867692cfe5f0e1d035209f4719438970477988221be54fa78e484769d950bad3565a3d116a1b15b0c86799a18a8c953c4bb64716eb0c1d4cfc722564eb9d6f9315ac4439ce753523e92f476641659b056ebe5bfec95103c72e51673ebdd420b25286c728716c1a3d168b3f32037c0510608b8"}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz1\x00'}]}, {0x24, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz1\x00'}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7ff0000000}, @NFTA_SET_ELEM_FLAGS={0x8}]}, {0x102c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x1028, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFTA_DATA_VALUE={0x1004, 0x1, "87742458d1105cc4ca001202a3c8291e88077a7827bf5e166f85445c25a7c936e73822fdf5141fb6c15758f880881a23df00edba22f33f9d484c2dec658c417aa1040e348be25ed02a4a4f2963b432c75c197de8c288469a08cf9d9ba88833a1a9ef9343b7cd7ab3262ee06652f38b782f42922d53ab73a585053ba621209d36c203a1cf4a5da1825db5d2c0132aa6c7c972e9c52f95fd8a57a644636fb3f473d0e38565db551c3a3b1e9c4017ab3b221b718d20ced72cbf0895a7e1ca80e8d6567d59e66f674ad35568b97d1af65d929b97d97aa65e5a7416db32451e68dc7c9f7d3532c1fdd51199f06845daf0f107e8d01db6272bb98c642c23b8279ec19088a09ee2acb715f5ff49dd14538b8f294fd9d480893c81470b3cbbabbb8061928caec6f5570efc89779833e8e7683ec9aad5648ea10dcd3a1613f2dd44f3b846b7d3bb3c562faa648df04f1c632ad9a2cac3a7245e9dd3e5d7ef7a4ca638369e67c3deff0d78938fe2a8265ae1e632c66cc6b085741cd3e3cad65445bfc6b139ea01bc021398c34fbea382f390050d3b7e296ccecea96bbf86b0bfc732a8623ecb410b6ce6ede9f7033b2bbb0004bfa1a93687577c7c067746c2983659c0758ee7d7d5ff8f7e99018fcfb7fd2f8356e107b1419d8357bb9d11e75d2fe231500de9877c98673b6f97e7fcf2a531fbaae8a1c7e9a7bad8bf78e301a35c6611b0420ef08847d9a6dc5ffc20106c8e43e1092a8218cf4b23a6db273898e6a85c3a1317035306cb22d9cda0e62b39f16c7459955e714707c25f55854a61a7cdb0ece49dc260ca4ce4acdeb71c402012c29535ac4eb919c7f611eae8a5bbcce468666116ef1c7835ba629ee6eaf21e15cf56bea6e13b05bf6c8f031427044b01aa1c19fe8ec4a59a94d2943b23cfd4cddae9903ad7bcdef653350c9bec90e87fd17fae408d5ef8b02c7a960ad6d9237b646fbf574929cef52d88f1c7a0d7d44334a669903c793f24f6302da52628ea2ae439a4d0790428aa03241f06ca76d81ecdba19e5a9818bfa25da1952e4a8715989f81a80d34cac2d65c6c63e2c606259256e7bcb272dc5fcd612fa977f42bb07a134ccb49b11571f0666e4f5a301dbec771938868469883795f6fc44e0b5b3dd06efd5aaf07df9652696f0a9d22b49a2cee813d7ca913344dcd4f946ee8f3b97bfb8d4b4ba7887f50571100adbd467bed4531dd64a3066d0dcec1033c6b90f577392b63beb6fa5b5b6026ddba195ae9f7662e26d6cd79213bcf5069c480febb44073c7ef621c66b268cee9a82d0114c78520a164f614120da0b7c2fceb08f31359744a72e7b1bc958412528684227f5bb203d6823648374689bc6b9aedfab8bb76fb123040c2ee5bf8d9fb04fa6ce8b0db1e23a68d7c18c16e52e2c289be06de2b08394352774f3566e460c911abda1abcc7c45b8b40339a175cc9026ae8616719c617b1527ea942024d59bc2fb69b7b7d301ba38a9ba1d6b907f5b3ada1315f435821eac721ecdff23207e3a11098e42e13d85d2789e535d5be7eec9b785c444db68adbc0714b0b0355b7faea4af64d4801c6c53d02512dd1656d311b4763aa9fdd7ea0ee1a7b8977b81448ccac626b9186a9b98ef13bc78f84a35306db871a13d0f741dfb4de5573117b50fdefdd9ca025118a4f2c694a5e468506e84e14d75dbbccf01e0fdc091f8b9f68b8b7ec5b7aba8a3a8e60e677f823f83d79a3384fb271aab8bd3b07a3d58cd1929f39fc63d890f9a1f4e65d822d8d151fd4ce39c29a6b58fb626b736bf67aeece53713ed85dd948c6a14a287baffdef36a335273f897b1f0d855935602309236ad93f2b960d8356542a91a3a07330f380e51ae080b4210195a7b345a4fad90dc02985bffe195c3eca6b521c12b90c85ec8b136a21dc4893aca9d3b74afc9cfcab4dfed281b3c881b109866e221dfeec373da552978114b662d694225793b55a1133f633dac4d763020a7651117f73fcf5fe7f8a695a67319a378857625e7f2d767f4f7d550326a7c2d212f9bb296c586ae039879c5475d9cb02d6216fbc6f5060db4f0ce82a7b91172084e0b9f52fbf6522c70e60ed30f575aa33159d7965fe9ad22742aeb195df178f504fc399dc2819a28bed3dd79f7f5cbd5b99c55017354321e896bfe23ccf4e1075791422b977dad74684974ca84b30785de0ac8d028374592390da4360fd5555bca0bf1d8ea3106592faa29120b3971618ed9b7a6e34edeccdcabc9ed8c78e12c074b3f7dd9b967e3064ea07529f9142ba8882f719d69698662d26e9a1a41fecdd6ecea7c59e6793ae66ec47ca79d430b2c9707077bb1cedd820d0c89db740fd776bdc5f896907b264557633e5c12a23f756444387569e059763b87c33c458231cbe2d20dd6cc9eedc94cb0b8e0268341e1dfc11e16742b5d687cf9e1b3a17ce5404f3d429a16ca73ef9abc6a91c80319c0d57710a788b128532a0e797e98467e5fba4211db904765942567fa9d6becb6ea5c2d5142c260880278d62e829cf8927a6f70cd61d1d9136bff47baf2ced5eec7f999fc2212f91c4a2fe52d6e2da905fd4d8cf863ffc179172434bed19bb915d60764bee21424a62f5d2328bc1a87d739b1a288f8e08bc26906527f7d42afa852b6a2ee6acef08bc08c2c4501940db6a353780e65079ccc0a5b7a209ae2a78223e91d8ca3078a6be45746f9e1fa466d4523ca064f7a136ce59d5f1c9325ff3431c66b56c49928d72626ed272b02d7d3f090f50c973e2b16fb8400010e06e2bda67bac91d88b9c7c15d47938d3f0beea2413bfbfe18a4e7086e08e4557e11acf0ac98a82f3ad462da19bd8329ab26f683ad8dca6eff770a9cee8d081831210dbf475a244f933954f3ae467d266ca9d1c429cf2f2d7f0c608f1d7c033cb32ca5ab9662675c36f86d9d1fea700cc64c723ea675c85e2843f6a024902f484c8c0ea6fd4e3ece2112245a4024d82b04a80be020f9527408c3ce379fcc72b2e87f031639eb325ed2b0f153e673a1f745e4a074994e23a6c083358d54546a1080929ebc16c33a035aa99c5c9ae817a05e03e719e15b1f7cdb960aa060d794233636bc536fccabd552e46e018af8adb957441f67f714435103c8c3f25d6ac17103f2e705c20029265f0c48de96a1e1a52fcd4c99a90e8068841b682eada5120c6170beb813b1b2b61a057d08d836a59c957b8917cc0b211137ed38b8514da34553cf1d4cc7f114210c040e6e546ac1cd70553dccec683790188215e8bebad47f8fa1c8efc13ab0967034e2e75fbc973d538281aa9e6b8b08c9de376648e5948c8df8e97f95177f41ea3bc829410c2719ccb472094a1f6bf8d3976b67b1bfceafeacf16b1a3f50e7e9b1044f5c402b49c8171a6a90e45c14f7b63e6b1476122cde5a3d11f0d391145d55247d88ca62b4cea10f27395e64a7900723a0fa0e6d5305bf060478f2d4a41bf25f8ff73936255cbb4aa576e985c3add0e0aff66b2ef81e451ca4bd226fbef400b85cbb421badbb2df5c1d3d42e779a02bcced9538aa8fcfa8f08a2a81d9b1e02bdaada21d4431b1c84410f4b415a95751d4d7ddc9ffd8fb88bea67d81786ba4c5609b2723bf5372d10e275c18ba8803be74c6af557ba13b9c30a586b585bf4ae04373305247148a7d44092abd38c93b583c50f04311164fff722d42479ac6dd2bb95024cc0e3fb3847b960c60857eb9f4d7b6b74925593ada73ba646f6eff31278b1aad2ee53a58bb944081d2238d8bfba06171c73e68c8271d3c0c76a2f848e800059bb86ee91a57e17794d6973988ccf26c68bbee77d9f8b6efc1d3b56b8b25cd7a337811dad967d18141e1a252058d5c98cbe5454ad5cfcae343a0f62eeace62f17207aa356685c56399f6ccbb737598d91f1e313a6d509b73e0774641223c8866d6add80993b7c1d2e54afdb447eacc3a8436407a686d1cb4dd9f8a688ec6535fcf8b83571d1bf0b6bac0d27b3367b7bd06e895c24659d6d127853f1a944c9c0b6890fbab6f8836d9b4071d0adbb20ef119435fa985483657bbdc7453cfb960148795dfa691d8163f386459d2b416e30a9dc811620ed0d1438721819283c8622c21781696ae78a660229bff868146104ad482ad74dc20aa567b326993c26de2001d090591ea49d1bba8987f6bd67f4f49ea3044fbe203d7778f1417817451f6337990d4bb2c4b02010f2dcb8802f78c7e390127fbaaef1974774f5f3d634982219a8081c6bc7c79d92805f07291d07faa5295d58fd837a4d39cab3ba20ebb4d257f4b6b1c4b60c4315a2bf147b45c4b284cacde34f9f4fe51ff308bbdda40ea3fcee78c0b2e12c58a4c39d9677698c5b911be0d68a9e766c2dcb6b01287b8336bdfc0c448a1a37613130ffedf46613a32431220cb535f12615b8db8fe35b560b00e5d741071c9592a0cd186cba5a3903ede866edb2f507e94c0b1d0fd9714b10a2e5c1c84331df72d5b42a98550f88e11829d1a5232de1d2d16a85b4966c4b9409c1c9637f2202ad413b4fba5ebfebed2432e2054905d771403425e5c9790d07415f96ff87f5e99e4d71492d1764c08ad7d9ee90e95a00566707d2cfcaf8d123aac1f3c80b63e309a479addea3804aaf4e9d8e84aeed9b88550cafd395b91d51b62c07fefe7baaf39a934e4c46f0128b6e06ec24414024f85050f967c6c81d77fa15d86b79ccb753f32a282914a37d8b624133162dbf9f5092b4368c436d98a38c1bcf373ed6e4a00b8a87124882092528a10fb31983d16578b5a51201ccfc710e01c1cb4821531f8ab594200e901efe5e74fd8dc7e8d7d37ca96391492f8025fca62de8bf61f063955932c03654fd2b8f3c31f62dd09ee1fb29b5c3ed2ed03f7a27d4889da68b8d23434b336fc74b6d284fbc51b802978e5b18707ca5f4c13466823d5b12da79cb0795c1513727a9b6e3c275b7ec850a1210558a71599d9792a26933498863c0027027004ad43c0d8e6bd599418a16194abcdb12e9f581b04c8feef69d393c094611dcf36d4b8abdac04ba7bc61f2be313e4dc1b659166534a146b529ef8f17035eb3d1989974f9ff1181c85830a7b540ec8f92dfe5dacc587336a6daedde54d31e0e1cb5f994b683dccd964bccaa9242e7abf44a80dfd645119ef52d47915d6f71837ca1057d67f814bcbf5116a88066312837161d40d341becc745b07ef4318ca71a4feb0ad58b1141ed7ca87725de1e3ef06a5b4bc99bbb178b70bc105541d022eb17aa39f0c20470ac3489be9ecca135fec32e8eb5c25c530f80c36e5d95385b63853ad6eef8bf1ccd6fe0402ac3b5c61495aac282485c9cb58ab8f9bc07dfd64aedef70d28ebfbc740e66777a46917d05dba6a72fd01740353918739cb36a85fc957199d17ee48f71e43fa300bd497a37c2ccd65891ff0b9bb9f3bbf8ca20953e0922da61e13b23f30c3bf8f947d74dce0ce48278634ab30bd490f6ed75088876c7d18ea85c1414b1ff0c8c697da24e90b55108b6ad2e59d4c8532875acbeb1b90b8b981078c268060394149e1e374801af90e8755e799724376ede11ec099d3abc96054198965d1fed63601e44d430dd9683589379073d0124ab7f6bd5e9a8b612a2ed44eec45c174e9a4ff1caca85d7fd29672671d01642677cab11ae5766da2ec1beadb420c1409d58ac463101e1bf04ce6a5714f5553ab62f52309e591ef8e4dc0fcfadc798deabb89998adf3098c1edb0e5111f8e780fcac1d02f769d4b8394b6df29cf8570c86f11b0b1b1e72f6793b666b15d566bccd071a2"}]}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x4a9c}, 0x1, 0x0, 0x0, 0x90}, 0x10)

5.814927757s ago: executing program 0 (id=2564):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, 0x43, 0x9, 0x0, 0x0, {0x3}, [@typed={0x8, 0x2, 0x0, 0x0, @pid}]}, 0x1c}}, 0x24000044)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x400000009)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x31)
r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x3631564e, 0x0, 0x0, 0x0, 0x0, 0xfeedcafe, 0x3}})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT(r6, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0xa8, 0x1, 0x3, 0x301, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0xffffff7f}}, @NFQA_CT={0x7c, 0xb, 0x0, 0x1, [@CTA_SEQ_ADJ_ORIG={0xc, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x80}]}, @CTA_STATUS={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x404}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x4}, @CTA_TUPLE_MASTER={0x1c, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x3000}, @CTA_NAT_SRC={0x30, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @local}, @CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}]}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x80}, 0x20004810)

3.219514214s ago: executing program 4 (id=2565):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(0xffffffffffffffff, 0x1, 0x2)
fchdir(r2)
link(0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000000c0)={{0x0, 0x100000000, 0x8, 0x8, 0x1, 0xffffffffffff0000, 0x2, 0x10, 0xcfa5, 0x64, 0x7, 0x8, 0x3, 0x7, 0x2}, 0x38, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
sched_setscheduler(0x0, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
close_range(r3, 0xffffffffffffffff, 0x0)

3.094222582s ago: executing program 5 (id=2566):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000080)={0x8, {"70ca253e230ef7cea884834d6c465f42def02f94c45b1f01cfd13fd2861758c6a3f127481e685c30df940fabe7e21f351b0c7c1b8de44552a95e7bc2997931185cdd971d5e6eb64794c87e1fec87a1a270a7bbbab5be8c0815954251fc2e177c022a16298decd4a2566ade604f962c561b894cdd8c8cf2a10c9da36d16647cdcbf6e575406baf4b5730e3e7e57622384fb84a0e9cd2b8ad525a43aebfbccad8e0e39512d2daeafc434c2f2234c59fa4ddb14477949df126432e20d94eac5ea6b880dbb7862010f40482da409cef850a503d0d8eba1d9b0de9c4fe0c1aa8af96afa487c89608b76c9791ae6bd00939d567acb5b11d54398aa649c9f60131e2ce92df810af5dd279c14f70a97c4735249817a2bf26af0fb9befc6be91ee11e10efaeb20bf2e58e4698b820bc7493d7cb4cd9a67b4517c589ef0bbd2f0deb3f8df2701a65c9cffa95e9d91fec02ad09a5822c683e346bc75160941a0e85ddf2485ee64ac7320e72767a0ed3a0788435f6a137773a9327450b780de47ad36a45a2431f4cec1ba7a1c63676f21456878798e8881ac7d692c182893bbb158790c8b30ae773a4c487bd6c5248d0ac861160f114f2fb0bf313f3eed9040d7ddbca03d2fcf6450b658209e4976ce602d5e976de5b17550fdd711206c667e644e5c58732549a1d9ea03ef6a4b96b9342851bbd4d9d31965ff1a5c96ff57f2af85b15519b08641eb6c3451167a28954ab9c713ce8c9890165717d52ef0557dd5c79d861deb2c66fb1a40b4f4c850970a74b5154b1120222a0b5bf5a1935623cb37042a9e98026b8800c53a187a532d759187da97f679e9525d79db3d253ab8622bca7357d164c51a762426296f9e518687bcc3d34264e16de8c8e2d74454c4ea5278fdcfc9a935fc059fb8476eb0c1d8f61b58a7bbe509b687a00ecf37095f2b4aed0b9a0f4c61f38254448081651bada010e316a23b1a22e598314c581e88a21a8b428ddf33e082499e0e8964543e36ecc72f759ee86432298f175aaf1350f54193965539dca6eaa159765c87ad5a6649b47e80b2dd93b076cccc9cbc95da67f3d52c94c5cd683c38c9f548da3b8714d44b5109f761dab9800a258759a8597e995615ba771d74479c8728d933733fbe62a722807e1839f5a537ebb2ee9d5e93252d64abfab5a7eac00413623924f48f9b304df00634b82c95650eb4bec42d1386c37a993ad5fae4483a9177421c454026af1ccce94b80b785671fc209264ce374a9add2ce2d95a08c31ad5c62d6608c338ff5a28d5400ea4d71f847381a83c2a7ba1437cebd9b665377595d5cd8f82f462b7763bcc5d0453a3ed95a99d316040b8f3578f516e79d53cccf98fd4548902a5deaaca146b799b4cdeeb60a429beb6d912153b793b725eca39b8ab21e34966dca1d24edbb891443cd619ef0435ea2ef563fbf3f3a07dff8f29381b13990a2d909e43dd3f57e176d7808e2d91b1364c1748880d96bc29101b0987f0e280886dd20c40b6bec7e721ebda7954fb1e77e1abb1a47da1ff213f994a22759a7d186f4d0f23e7f042b97051c9b12ca3bd47a30f05a0e8648201450f68b78ed541ed6ea9a920731caec520c2d6991ccbff20cedacbd07e94046ab083a6be822a020c19889f4bef2e057910c81e340a2869197906e2e9da4f8dc11bf778a72aa5590254a72520aa1a80ff8d02eb47e98053b23e9c98358c871e04669606838f8eb599dc0df5287dde674c05636a403fdb22f9b19182db445d732bd397d154d66dc1b9206b638ed38b15a3ed5eb72d28401398f7379541c715faf1b78985df2f41be10ec3c27ce1ea495cfd682a3efb9049ebab3e2b97b371b487c7a56bf16d371742002be0fa27693dadfc10290b37825f2d4a1a7385fdd812d71fcb951a3f329a183132894bdd256dc078e0b6216ebd341fc56c1175c80bd74064610a65655e4140a8c5920a516060f1a02e867de51136d2a82cf0450914a61288d92506ad04fc7e54a4003d3b102345fbe2e3fd5a75714345eefd25ef74aadb17a52ff41c7597163cd7de6e24c26d157176be3c3936c77916f8b51b9cd0ac9c583371a5f68add5561c306867ca4592965bd8932716f45dece476ea210a56386f102039316da5e3e632b0ebaab0856c1803f21c44d67fa9ec35c1aedf79ac427adb62f48cfab8c308faafadd00d24194e95a51f2f7c60a2fec8e094b71f8c1e6b0ba27c32c30e8da05f928d848fa295e3c9594220bafd302bf915d34a1bb20638aafaba3bd55b6f58b0427a863a961372add3d240a72913cf78772487b073d3db96b7447e2a85de6e8df404f49cd79feaddc69ed4e8061a6122d4e12d3cd32f20360b6f57c0d29cdbfd8f0fbb0f58328213680ca465efc7a891fce48174b12473f90850b56f246f83826e13ba4f39041d0344032be484a11473d31dce46cf28166680237199d55ae53b18acc4d67cd0ea8859d0362b68cda330e801e7fcceb0421a029615511900777583c2da500fd048382e54435ad7be5cec1499c6fa3e4688107b9946ea2f81fe935be159fafaacd07dc6a9de0d4d6a02a493e53a572c2880e59b29aebd31fa7e0bbd08119586d923cf76e3bb0ee5083e31e26dd2e103ce687b9aad198d7cb650965ca3a7d63155f4976127e37ce8f4668f4583419b3587cafb33b202816539000c9f45422c4642aa5e3aa6fe82c83f9151476f3c10e4531a419cdd72455c271d20317658c116b3f122c6bfe87db2a63d8235eeed3d3dc92e3b640cffcd0672dad125b9b7d850b8b27f5c1e3c89b121c5449acb9377c33f4a2ea99a580ff98e2d6e937834d556ea2afece5e75850600ddb540693d0f37a45e7cd9c4a186f34e18e334bbb2e9302e6e7159d73e6c654e5e6748e1ba24fec14a9a37701b9dcb3b8cdad2f6e6edcb955ef3f33f2db362c1f08ae514af64c4c02f079726128be3a487320dfaaf7feac2845878c23fa21b1edff5f5df1268cef6e94308a75161f1cb3aee1d8c1d574e1bd15a97df84983768ec12453c1d5418ab30568cee229c3ff0ee163d159165b5841c701a622e63236301e0a05764cf4ab14e4ddb6d6a0c10689f23decbffdfa5c71c7384bd986f76872033f47b920ac84f5decdd029444ec0b5780fcbc298350af77020ea5b328e1d6ea51f5ad6a2aac2c4e6ac3da48c1671fafba498e676b16ae1d11cc7d835f2a5ab0014fc1b408057620356e261e4721e1fd6cc4fb789641bab7c7897d29904d9bdf14c8b62f640da42776c10f4763dce9d0cd7b0231f4281cc48e9e6255a03ee0ae5ff7a13db515e2fcde1664d8030d48fd0936a9eb2b35ae4989d8ce527a5987d46f34f5f67e302ddc86ef8d1358a3929462b8cf302238172f18984c0129204eb84f88e4875c9ed62c4df4dec9b31a35fc47f49f371800e929f6ff6afb7006419581fb776dbd8e3669b799c920605ea26fbfe8b2eceba96e80c430967b4f154f9a8191b0ad02ad0e43b7219d4a1426c71e7dd69b52c35fbce6be14c07f7c38539a9c043e585f0b1baaaab411271962e1e28a9638dab16c568b8911c25d1100f970f629869f4bbe30efbaee3ec3e086477be178a882cbbbf698e6f456a3d0ee5f64325bb238b55f70f51cd4884b3002276c05ce7f8e801cc0238395fd98f884a12e6a980e79f434734a6d29f6724e2e6b4e41d72c7694a03fe1ca3d8ce9df03eafe3d7273b922cf942b224d795445c8716b092be6de27ac9e9e365d2dfa79a702fadc4472f42fe383b16688b4e9cd64ac288a466ed152f1fcc91f8d22912c750bbfe15ca304fcd82ff1c11c12f5df148d74a27caaf75780128fe17ad86c3b7f3d97659ffa1abbe292b2896c82f76d1b503eb80eae07fb1e7f68da96a536817c12d964b9f4ef6b6f901373ac365cbf6d276ad8b295a30de3288bc50ce3744b7d63c183e1fb072463baa366f67bcf6e7aa01c4fc129654413dba4747786ae3967a77a6f5d0bb24b1a18e276e9899a8fdc45df61ef84368964d77204c187b12d06ed7961b239aa3aad6b2ae75edebe0018335b77f9ff7a90a3518417ebad569ca9df6d9d028c347b0bc0754ff05bd30bc10057c339eb09fbdd875cb4a0760aa2e0a88633bf5b4beccbd3146046a490d66278cf75de76671c4ba8124fc9de5427ad120b202b8424e734eddbe08466259e757214f58b47cf3aaa21b8c98f6e8d4f66e9fda897732827855d987e6f8e310fce14a05034cf1d53d211aa4ad56eab17bbd39fc69d950ba5d14bcd5db8605950b6785acd04f00cf054998613dda8a6630102a86550205331444ce0248f2c44d3edec23a935cee7b093e47fd4fd72cae4bd1421adff6f2c13525692c511c19bd4008624510aafcf120801d7f6366806d3e377e2e39f47e341a40f812715e8a1130ee9770f998cea169038f43ba9bbefbff9882a85fe984a39c1930b7255ae8ddce424c1e5468557f072a3a76aa6932cc16a2633b27572a0696bd2a3303deba70cca4cad54b34ddb67acee56a95dde9c157890e36784576a9b8f96163c463c2c8392fb54e34da218c42616b8186c6e45298973af8769446a9fced6440543e4b355c0d1f2288f769ad5c62394f5ac6907d811c9f0e5c228ff01d7837833ffbe3b0fc4e45ee6356fe8fca29b6a5a7f498cce5c765ab77108ede41f455aa325d387bbf175a525104878d344d32e5afdfb68c4108551c2a45089c943456deb57f5dfe634fbcd305c076a4b93bb30286b474317e7daeadd45fa1a3fa21b74832c932773fa4d4f95794355c7692fd58e0b8a331e77d06d590ba1b14ed1349febb6782a695f16d8ebae63dd5e14650783f904e8f4835f941ff1f9d07208541a90f3412308074a882236abfb0540ded765b8ee18aef943ae608d5d8889d3d7d6b4871cdfb548d408dc67fee80ded13ad01e99cd9d6630099566f811d23859c65a87440790729e136e972734047262a8be47c4d8794fd4605b284db6365a8da83da9a3c3f6951e13ece5b2a454aa9e9d3421153e6e822cf05896a59561cea7d7ceec0a5e80141706ce6ff41429806d80fea11b222eda4ee1e3d983970fd31dc529de82e0b37d8b1d58692c1a45bdaee904359020d9bbad4c16ac667ad3c966019e988c498fa9041a7eece51ea6fd9292e522bd3f62876a3b29fb5cc759913495364bb505d200b9a7aa327f252453251099d5d815de77e81c4d75ada7630b4a72b184594d8e97ba8b09fcec10bd873e04b50f9f914067fe92d28691aec9f15c205ec4d59022798715348ed787418c2c7127f7077dbd83e72590675b237a9a0f88603b07679bdfb24e6dfdbc7718fc72d060c3ca002e42d5d93ab5b13ddab1aca5ac8cf245951e0ab9bb80060421053ff84e1b83751b7fa3449c326c5c5d5e0c0261a7e3ed779e376b3522b831e7d33a296e95d06ce7275f1f7d52b69e0116e4ade52cfc508e3bf9717aeb3320e3621c5d2fe06ef071d00c89698af91c37bdf52228f029412d18018baf7daae644fd700ba99331593f470ebf919f7bb360ab433cc5425b38ee89e1bc8c3e82da0b96c41a4506023146da65d5c1ef3b1bc968aa03c60933d6792e34bb221dec52509ece5d0976088acc0c36685f599e900aef4e86377e4206d0e54cf7fa76bbee156ceea501176807879f705ca5fea9ec6464d61b3c8f89ae03bef165e086a53104c0fa87c8007996bfd1c8f43d7d8ac3a7ae4e1bdf94d5fa9092eb580ca5756181d89f22f12b7e8d253958f0b281688e915e729b40cfe98ec9a8c0211b0c10ed3b2e88dc210b757153a797ccc22d349a7a419", 0x1000}}, 0x1006)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f010400000009058303"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x2, 0x0, 0x0, 0x0, 0x61, 0x11, 0x30}, [@ldst={0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0xba}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x16, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x21)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB='O\r'], 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[])

3.092179454s ago: executing program 7 (id=2567):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
dup(r0)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_readahead}], [], 0x6b}})
truncate(&(0x7f0000000240)='./file0\x00', 0x206b12)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa2000, 0xa3)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xae, 0x800002, &(0x7f0000006680))
socket$inet6(0xa, 0x2, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x0)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
tee(r6, r7, 0x4e, 0x0)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000240)={0x3, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x28, 0x0, 0x0, 0xffffefff}, {0x6, 0x0, 0x0, 0x6}]}, 0x10)

2.767925703s ago: executing program 6 (id=2568):
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r4, 0x0, 0x0}, 0x20)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r5, 0x117, 0x6, 0x0, 0x5)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)={0x20, 0x1405, 0x1, 0x70bd25, 0x25dfdbff, "", [{{0x8}, {0x8, 0x3, 0x1}}]}, 0x20}}, 0x8000)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
fcntl$setpipe(r6, 0x407, 0x7)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
r8 = inotify_init()
inotify_add_watch(r8, &(0x7f00000000c0)='./file1\x00', 0x44000268)
write$binfmt_elf64(r7, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460d04000c028000000000000003003e00ecffffff940200000000000040000000000000004d020000000000000000000000003800010001017f000800030000006400000005000000000000000a000000000000000101000000000000a1"], 0x78)
close(r7)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e21, 0x0, @private2}, 0x1c)
r9 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r9, &(0x7f0000000000)=[{&(0x7f00000003c0)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080002c48bb65b57a6b979d2bb23660f97f000001e809000000ff0000f03ad71006000000ffffffffffffffffffe7ee000000000000000002000001002e1afa405d84497d7ce29465602748a996fc44d116aae945a74ff4f6bb281cc5135bd54c30cebcebc46e92527b973130e8f8f9be92e64a08582e981e5555e01dc3375c40a2f2741ea08fd40b955adabbaec61f122e10c94f6e0a826d90c6f8b4db9c4a5f308b2f855016e0fa88fd382c8fd0b1c3fb6e3b37882ab6954f760e16a682ab6cf043eb24b420abfd1ac81f7b5e82eaa6bc4cebe1c708b8a0eedc0a086013feb08a591f2404e2dba94f8150ea2d3efd08559d12ba061edc2bcc6ed8d1ad27cd6cbedf964f0012f5dcc6b2f265fc9c3526fd1b3e8a96b2024a825d51c25a1ba9d6ad62d4fac1bb930ded27", 0x154}], 0x1)

1.12158452s ago: executing program 4 (id=2569):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r0, 0x1)
connect$bt_rfcomm(r0, &(0x7f0000005dc0)={0x1f, @any, 0x15}, 0xa)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
prctl$PR_SET_TIMERSLACK(0x1d, 0xffffffffffffff63)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r2}, 0x18)
syz_emit_ethernet(0xfdef, &(0x7f0000000140)={@random="5b1a033f2511", @remote, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x4578, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x10, 0x0, 0x0, "fdcdae25a7a296872a8a5290e48e30acf8afc7e67d70a62c979cefa10a0028bd", "ae0000000000000000e400", {"35f3c07eeca4a20a9858ac1500", "63081fe8fe001a08ed082ad7121d696f"}}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = open(&(0x7f0000000000)='./file1\x00', 0x181563, 0x0)
sendfile(r5, r5, 0x0, 0x80001d00c0cd)
ioctl$sock_inet_udp_SIOCOUTQ(r5, 0x5411, &(0x7f0000000280))
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10)
sendmmsg$inet_sctp(r6, &(0x7f0000004900)=[{&(0x7f00000000c0)=@in={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000100)="f4", 0x4e4}], 0x1, &(0x7f00000001c0)=[@dstaddrv4={0x18, 0x84, 0x7, @remote}, @dstaddrv4={0x18, 0x84, 0x7, @private=0xa010102}, @dstaddrv4={0x18, 0x84, 0x7, @dev}], 0x48}], 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)

1.120677514s ago: executing program 7 (id=2570):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0x3fb, 0x0, 0x0, 0x1}, 0xfffffc27}}, 0x0)
sendmsg$AUDIT_TTY_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x10, 0x3f8, 0x400}, 0x10}}, 0x0)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r1, 0x8)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendto$inet6(r2, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000001400)={0x0, 0x0, 0x7a}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000003c0)={0x0, 0x2, 0x7a}, 0x8)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
eventfd(0x80000001)
ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0)
r4 = io_uring_setup(0x28fe, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x11, &(0x7f00000002c0), 0x2)
syz_io_uring_setup(0xc41, &(0x7f0000000140)={0x0, 0xfe3c, 0x1000, 0xffffffdf, 0x2f4}, &(0x7f0000000240), &(0x7f0000001780))
fcntl$notify(r4, 0x402, 0x80000074)
getdents64(0xffffffffffffffff, &(0x7f0000000200)=""/171, 0xab)
close(0xffffffffffffffff)
r5 = socket$tipc(0x1e, 0x4, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="af72616e733d66642c7266646e6f3d", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB=',\x00'])
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r7, 0x0, 0x800000000}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1.104648297s ago: executing program 6 (id=2571):
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x29, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = memfd_secret(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x0, 0x2, 0x40020002, 0x0, 0xa17433da3c5d69ad, 0x2, 0x7f}, 0x9c)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x0)
openat$cgroup_ro(r0, &(0x7f00000002c0)='memory.events.local\x00', 0x0, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmsg$unix(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x20)
sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)}], 0x1}}], 0x1, 0x9200000000000000) (fail_nth: 2)

343.017133ms ago: executing program 0 (id=2572):
connect$qrtr(0xffffffffffffffff, &(0x7f0000000040), 0xc)
dup(0xffffffffffffffff)
writev(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000080040000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000142b0000b7030000000a00008500000005000000bf0920000000000045090100000003709500000000000000bf91000000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x9, 0x100b, &(0x7f0000001e40)=""/4107, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x2e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mprotect(&(0x7f0000374000/0x3000)=nil, 0x3000, 0x1000000)

162.17536ms ago: executing program 4 (id=2573):
syz_open_dev$tty20(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
creat(&(0x7f0000000040)='./bus\x00', 0x8)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0)
read$hiddev(r1, 0x0, 0x0)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x104, &(0x7f0000000180)=0x2, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x388, 0x0, 0x12, 0x60d, 0x0, 0x202, 0x2b8, 0x2e8, 0x2e8, 0x2b8, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private1, @remote, [0xff000000], [], 'veth0_to_team\x00', 'macsec0\x00', {}, {}, 0x0, 0x0, 0x4}, 0x0, 0x190, 0x1b8, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x8, 'bm\x00', "000000165a8c2e0617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f672225d6147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac05a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x7, 0x2}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x9, 0x3}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1e5cced8f493c9b4}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x0, 0x2, 0x2}, {}, 0x8}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3e8)

0s ago: executing program 7 (id=2574):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r4, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x7fff, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4)
sendto$inet6(r4, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f000000d980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/165, 0xa5}, 0x69a}], 0x1, 0x2061, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c40089001900010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000001000000000000000c00150000000000ffff0000"], 0xc4}}, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000001040)={0xc, {"a2e3ad2147c752f91b231a0987f70e06d038e7ff7fc6e5539b324b078b089b080f384b090890e0878f0e1ac6e7049b334d959b729a240d5b67f3988f7ef3195201c0ffe8d178708c523c921b1b5d500f0d06090936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc90da8196c28d920bab05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d21487b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a158b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae7183cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a799567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461600000000000000206ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef3d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f86b8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a75500000000d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0), 0x10)
socket$alg(0x26, 0x5, 0x0)
syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

kernel console output (not intermixed with test programs):

537][T13597] R13: 0000000000000000 R14: 00007fda585b5fa0 R15: 00007ffe4ad067f8
[  835.622568][T13597]  </TASK>
[  837.942972][T13612] FAULT_INJECTION: forcing a failure.
[  837.942972][T13612] name failslab, interval 1, probability 0, space 0, times 0
[  837.964077][   T30] audit: type=1800 audit(1748244714.959:91): pid=13600 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1763" name="/" dev="9p" ino=2 res=0 errno=0
[  838.043943][T13612] CPU: 0 UID: 0 PID: 13612 Comm: syz.6.1766 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  838.043973][T13612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  838.043985][T13612] Call Trace:
[  838.043993][T13612]  <TASK>
[  838.044002][T13612]  dump_stack_lvl+0x189/0x250
[  838.044036][T13612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  838.044061][T13612]  ? __pfx__printk+0x10/0x10
[  838.044096][T13612]  ? __pfx___might_resched+0x10/0x10
[  838.044130][T13612]  should_fail_ex+0x414/0x560
[  838.044156][T13612]  should_failslab+0xa8/0x100
[  838.044176][T13612]  __kmalloc_cache_noprof+0x70/0x3d0
[  838.044204][T13612]  ? binder_get_thread+0x1c8/0x6d0
[  838.044235][T13612]  binder_get_thread+0x1c8/0x6d0
[  838.044266][T13612]  binder_ioctl+0x273/0x19c0
[  838.044296][T13612]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  838.044319][T13612]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  838.044340][T13612]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  838.044360][T13612]  ? __pfx_binder_ioctl+0x10/0x10
[  838.044399][T13612]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  838.044417][T13612]  ? smack_log+0xef/0x3f0
[  838.044447][T13612]  ? __pfx_smack_log+0x10/0x10
[  838.044474][T13612]  ? smk_access+0x14c/0x4e0
[  838.044508][T13612]  ? smk_tskacc+0x2fc/0x370
[  838.044540][T13612]  ? smack_file_ioctl+0x2a9/0x340
[  838.044562][T13612]  ? __pfx_smack_file_ioctl+0x10/0x10
[  838.044591][T13612]  ? __fget_files+0x3a0/0x420
[  838.044608][T13612]  ? __fget_files+0x2a/0x420
[  838.044629][T13612]  ? bpf_lsm_file_ioctl+0x9/0x20
[  838.044652][T13612]  ? __pfx_binder_ioctl+0x10/0x10
[  838.044677][T13612]  __se_sys_ioctl+0xf9/0x170
[  838.044705][T13612]  do_syscall_64+0xf6/0x210
[  838.044730][T13612]  ? clear_bhb_loop+0x60/0xb0
[  838.044754][T13612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  838.044772][T13612] RIP: 0033:0x7fda5838e969
[  838.044790][T13612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  838.044807][T13612] RSP: 002b:00007fda59190038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  838.044829][T13612] RAX: ffffffffffffffda RBX: 00007fda585b5fa0 RCX: 00007fda5838e969
[  838.044844][T13612] RDX: 00002000000003c0 RSI: 00000000c0306201 RDI: 0000000000000003
[  838.044856][T13612] RBP: 00007fda59190090 R08: 0000000000000000 R09: 0000000000000000
[  838.044868][T13612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  838.044880][T13612] R13: 0000000000000000 R14: 00007fda585b5fa0 R15: 00007ffe4ad067f8
[  838.044912][T13612]  </TASK>
[  838.044947][T13612] binder: 13607:13612 ioctl c0306201 2000000003c0 returned -12
[  839.321602][T13636] ip6t_rpfilter: unknown options
[  839.601591][ T5873] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  842.732159][ T5873] usb 6-1: device descriptor read/all, error -71
[  842.912393][T13644] binder: 13643:13644 ioctl c0306201 2000000003c0 returned -14
[  844.102069][T13652] binder: 13651:13652 ioctl 4018620d 0 returned -22
[  844.229242][T13657] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1778'.
[  844.610524][T13665] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1778'.
[  845.181270][T13677] FAULT_INJECTION: forcing a failure.
[  845.181270][T13677] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  845.272209][T13677] CPU: 1 UID: 0 PID: 13677 Comm: syz.7.1783 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  845.272239][T13677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  845.272250][T13677] Call Trace:
[  845.272257][T13677]  <TASK>
[  845.272266][T13677]  dump_stack_lvl+0x189/0x250
[  845.272382][T13677]  ? __pfx_dump_stack_lvl+0x10/0x10
[  845.272407][T13677]  ? __pfx__printk+0x10/0x10
[  845.272449][T13677]  should_fail_ex+0x414/0x560
[  845.272475][T13677]  _copy_to_user+0x31/0xb0
[  845.272503][T13677]  simple_read_from_buffer+0xe1/0x170
[  845.272538][T13677]  proc_fail_nth_read+0x1df/0x250
[  845.272561][T13677]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  845.272584][T13677]  ? rw_verify_area+0x258/0x650
[  845.272609][T13677]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  845.272629][T13677]  vfs_read+0x200/0x980
[  845.272660][T13677]  ? __pfx___mutex_lock+0x10/0x10
[  845.272685][T13677]  ? __pfx_vfs_read+0x10/0x10
[  845.272712][T13677]  ? __fget_files+0x2a/0x420
[  845.272735][T13677]  ? __fget_files+0x3a0/0x420
[  845.272750][T13677]  ? __fget_files+0x2a/0x420
[  845.272778][T13677]  ksys_read+0x145/0x250
[  845.272806][T13677]  ? __pfx_ksys_read+0x10/0x10
[  845.272836][T13677]  ? do_syscall_64+0xba/0x210
[  845.272864][T13677]  do_syscall_64+0xf6/0x210
[  845.272886][T13677]  ? clear_bhb_loop+0x60/0xb0
[  845.272907][T13677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  845.272925][T13677] RIP: 0033:0x7fd12e38d37c
[  845.272943][T13677] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  845.272959][T13677] RSP: 002b:00007fd12f1bc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  845.272979][T13677] RAX: ffffffffffffffda RBX: 00007fd12e5b5fa0 RCX: 00007fd12e38d37c
[  845.272992][T13677] RDX: 000000000000000f RSI: 00007fd12f1bc0a0 RDI: 0000000000000005
[  845.273003][T13677] RBP: 00007fd12f1bc090 R08: 0000000000000000 R09: 0000000000000000
[  845.273014][T13677] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001
[  845.273026][T13677] R13: 0000000000000000 R14: 00007fd12e5b5fa0 R15: 00007ffe28b085e8
[  845.273057][T13677]  </TASK>
[  845.986976][T13700] ip6t_rpfilter: unknown options
[  847.790163][T13718] Bluetooth: hci3: Frame reassembly failed (-84)
[  847.805132][T13718] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1795'.
[  847.855025][   T53] Bluetooth: hci3: Frame reassembly failed (-84)
[  849.830896][T10058] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[  850.908986][T13739] netlink: 'syz.4.1800': attribute type 27 has an invalid length.
[  851.124295][T13739] netlink: 'syz.4.1800': attribute type 3 has an invalid length.
[  851.404038][T13739] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1800'.
[  852.005324][T13742] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  852.012598][T13742] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  852.018825][T13742] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  852.025198][T13742] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  852.031433][T13742] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  853.391754][T13774] blktrace: Concurrent blktraces are not allowed on sg0
[  853.790366][ T5825] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  854.030246][ T5825] usb 8-1: Using ep0 maxpacket: 16
[  854.037252][ T5825] usb 8-1: no configurations
[  854.058284][ T5825] usb 8-1: can't read configurations, error -22
[  854.230673][ T5833] Bluetooth: hci4: command 0x0c1a tx timeout
[  854.230691][T10058] Bluetooth: hci5: command 0x0c1a tx timeout
[  854.230733][T10058] Bluetooth: hci2: command 0x0405 tx timeout
[  854.236911][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  854.244295][ T5129] Bluetooth: hci0: command 0x0c1a tx timeout
[  854.263930][ T5825] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  854.560269][ T5825] usb 8-1: Using ep0 maxpacket: 16
[  854.573626][ T5825] usb 8-1: no configurations
[  854.578468][ T5825] usb 8-1: can't read configurations, error -22
[  855.212900][T13787] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  855.219095][T13787] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  855.228465][T13787] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  855.234758][T13787] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  855.240926][T13787] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  855.319092][ T5825] usb usb8-port1: attempt power cycle
[  855.670501][ T5825] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  855.692177][ T5825] usb 8-1: Using ep0 maxpacket: 16
[  855.729964][ T5825] usb 8-1: no configurations
[  855.735260][ T5825] usb 8-1: can't read configurations, error -22
[  856.074507][ T5825] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  856.211034][ T5825] usb 8-1: Using ep0 maxpacket: 16
[  856.257035][ T5825] usb 8-1: no configurations
[  856.283620][ T5825] usb 8-1: can't read configurations, error -22
[  856.302733][ T5825] usb usb8-port1: unable to enumerate USB device
[  857.281956][T10058] Bluetooth: hci4: command 0x0c1a tx timeout
[  857.288159][ T5129] Bluetooth: hci5: command 0x0c1a tx timeout
[  857.288191][ T5828] Bluetooth: hci2: command 0x0405 tx timeout
[  857.294371][ T5129] Bluetooth: hci1: command 0x0c1a tx timeout
[  857.300474][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout
[  857.958998][T13840] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  858.960604][T13837] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  858.969403][T13837] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  858.975849][T13837] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  858.983556][T13837] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  858.989718][T13837] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  859.000732][T13846] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1825'.
[  859.040389][T13846] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1825'.
[  859.949137][T13869] fuse: Bad value for 'group_id'
[  859.954427][T13869] fuse: Bad value for 'group_id'
[  861.030787][ T5821] Bluetooth: hci1: command 0x0c1a tx timeout
[  861.037205][ T5821] Bluetooth: hci0: command 0x0c1a tx timeout
[  861.048955][ T5833] Bluetooth: hci2: command 0x0405 tx timeout
[  861.055566][ T5828] Bluetooth: hci5: command 0x0c1a tx timeout
[  861.061969][ T5129] Bluetooth: hci4: command 0x0c1a tx timeout
[  862.066640][T13885] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1834'.
[  862.076555][T13885] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1834'.
[  863.541240][T13899] netlink: 'syz.7.1837': attribute type 15 has an invalid length.
[  863.549287][T13899] netlink: 723 bytes leftover after parsing attributes in process `syz.7.1837'.
[  865.300826][T13912] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  865.310841][T13912] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  865.317057][T13912] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  865.323890][T13912] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  865.335552][T13912] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  865.463731][T13892] FAULT_INJECTION: forcing a failure.
[  865.463731][T13892] name failslab, interval 1, probability 0, space 0, times 0
[  865.512385][T13892] CPU: 1 UID: 0 PID: 13892 Comm: syz.0.1836 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  865.512415][T13892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  865.512427][T13892] Call Trace:
[  865.512445][T13892]  <TASK>
[  865.512454][T13892]  dump_stack_lvl+0x189/0x250
[  865.512486][T13892]  ? __pfx_dump_stack_lvl+0x10/0x10
[  865.512510][T13892]  ? __pfx__printk+0x10/0x10
[  865.512538][T13892]  ? __pfx___might_resched+0x10/0x10
[  865.512564][T13892]  ? fs_reclaim_acquire+0x7d/0x100
[  865.512589][T13892]  should_fail_ex+0x414/0x560
[  865.512614][T13892]  should_failslab+0xa8/0x100
[  865.512632][T13892]  __kmalloc_cache_noprof+0x70/0x3d0
[  865.512653][T13892]  ? kvm_uevent_notify_change+0xc6/0x3a0
[  865.512671][T13892]  kvm_uevent_notify_change+0xc6/0x3a0
[  865.512687][T13892]  ? __pfx_kvm_vcpu_release+0x10/0x10
[  865.512712][T13892]  kvm_put_kvm+0xa8/0x1650
[  865.512740][T13892]  ? __pfx_kvm_vcpu_release+0x10/0x10
[  865.512764][T13892]  kvm_vcpu_release+0x54/0x60
[  865.512788][T13892]  __fput+0x449/0xa70
[  865.512822][T13892]  task_work_run+0x1d4/0x260
[  865.512849][T13892]  ? __pfx_task_work_run+0x10/0x10
[  865.512884][T13892]  get_signal+0x11c5/0x1310
[  865.512934][T13892]  arch_do_signal_or_restart+0x95/0x780
[  865.512964][T13892]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  865.512988][T13892]  ? __file_ref_put+0xd5/0x130
[  865.513027][T13892]  ? local_irq_enable_exit_to_user+0x5/0x10
[  865.513058][T13892]  syscall_exit_to_user_mode+0x8b/0x120
[  865.513083][T13892]  do_syscall_64+0x103/0x210
[  865.513108][T13892]  ? clear_bhb_loop+0x60/0xb0
[  865.513131][T13892]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.513149][T13892] RIP: 0033:0x7f3f3358e969
[  865.513167][T13892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  865.513183][T13892] RSP: 002b:00007f3f344d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  865.513203][T13892] RAX: fffffffffffffffc RBX: 00007f3f337b5fa0 RCX: 00007f3f3358e969
[  865.513217][T13892] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  865.513228][T13892] RBP: 00007f3f344d8090 R08: 0000000000000000 R09: 0000000000000000
[  865.513239][T13892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  865.513250][T13892] R13: 0000000000000000 R14: 00007f3f337b5fa0 R15: 00007fffcd67caf8
[  865.513281][T13892]  </TASK>
[  866.640124][T13946] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1844'.
[  867.550402][ T5129] Bluetooth: hci4: command 0x0c1a tx timeout
[  867.580512][T10058] Bluetooth: hci5: command 0x0c1a tx timeout
[  867.581341][ T5129] Bluetooth: hci2: command 0x0405 tx timeout
[  867.586730][T10058] Bluetooth: hci1: command 0x0c1a tx timeout
[  867.592860][ T5129] Bluetooth: hci0: command 0x0c1a tx timeout
[  870.864160][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  871.105491][T13983] loop6: detected capacity change from 0 to 524287999
[  871.129494][T13988] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  871.136805][T13988] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  871.143170][T13988] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  871.149438][T13988] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  871.155731][T13988] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  871.209834][T10950] buffer_io_error: 22 callbacks suppressed
[  871.209853][T10950] Buffer I/O error on dev loop6, logical block 0, async page read
[  871.333139][T13993] Invalid logical block size (3)
[  871.364415][T10950] Buffer I/O error on dev loop6, logical block 0, async page read
[  871.419813][T10950] Buffer I/O error on dev loop6, logical block 0, async page read
[  871.455442][T10950] Buffer I/O error on dev loop6, logical block 0, async page read
[  871.481966][T10950] Buffer I/O error on dev loop6, logical block 0, async page read
[  871.499625][T10950] Buffer I/O error on dev loop6, logical block 0, async page read
[  871.508053][T10950] Buffer I/O error on dev loop6, logical block 0, async page read
[  871.679709][T10950] Buffer I/O error on dev loop6, logical block 0, async page read
[  871.724223][T10950] ldm_validate_partition_table(): Disk read failed.
[  871.795529][T10950] Buffer I/O error on dev loop6, logical block 0, async page read
[  871.810374][T10950] Buffer I/O error on dev loop6, logical block 0, async page read
[  871.818768][T10950] Dev loop6: unable to read RDB block 0
[  871.948786][T10950]  loop6: unable to read partition table
[  872.958866][T10058] Bluetooth: hci0: command 0x0c1a tx timeout
[  873.191400][T10058] Bluetooth: hci4: command 0x0c1a tx timeout
[  873.197678][ T5828] Bluetooth: hci5: command 0x0c1a tx timeout
[  873.204064][ T5828] Bluetooth: hci2: command 0x0405 tx timeout
[  873.210785][T10058] Bluetooth: hci1: command 0x0c1a tx timeout
[  874.418808][T14039] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  875.794937][T14056] ip6t_rpfilter: unknown options
[  875.928116][T14050] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  875.934828][T14050] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  875.941226][T14050] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  875.948890][T14050] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  875.955190][T14050] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  877.530197][ T5882] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  877.830378][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[  877.990575][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[  877.996924][ T5828] Bluetooth: hci5: command 0x0c1a tx timeout
[  878.003915][ T5129] Bluetooth: hci2: command 0x0405 tx timeout
[  878.009989][ T5129] Bluetooth: hci1: command 0x0c1a tx timeout
[  878.502093][ T5882] usb 7-1: device descriptor read/64, error -71
[  878.783006][ T5882] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  879.357389][T14093] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  879.461164][ T5882] usb 7-1: device descriptor read/64, error -71
[  879.586191][T14098] ip6t_rpfilter: unknown options
[  880.036832][ T5882] usb usb7-port1: attempt power cycle
[  880.917684][T14111] ip6t_rpfilter: unknown options
[  880.991414][T14115] loop6: detected capacity change from 0 to 524287999
[  881.019740][T14115] buffer_io_error: 7 callbacks suppressed
[  881.019758][T14115] Buffer I/O error on dev loop6, logical block 0, async page read
[  881.083445][T14115] Buffer I/O error on dev loop6, logical block 0, async page read
[  881.094833][T14106] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  881.114126][T14115] Buffer I/O error on dev loop6, logical block 0, async page read
[  881.114662][T14106] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  881.124064][T14115] Buffer I/O error on dev loop6, logical block 0, async page read
[  881.128485][T14106] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  881.140032][T14115] Buffer I/O error on dev loop6, logical block 0, async page read
[  881.142486][T14106] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  881.152851][T14115] Buffer I/O error on dev loop6, logical block 0, async page read
[  881.156315][T14106] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  881.165629][T14115] Buffer I/O error on dev loop6, logical block 0, async page read
[  881.183016][T14115] Buffer I/O error on dev loop6, logical block 0, async page read
[  881.196872][T14115] ldm_validate_partition_table(): Disk read failed.
[  881.209398][T14115] Buffer I/O error on dev loop6, logical block 0, async page read
[  881.226481][T14115] Buffer I/O error on dev loop6, logical block 0, async page read
[  881.238407][T14115] Dev loop6: unable to read RDB block 0
[  881.307565][T14115]  loop6: unable to read partition table
[  881.320710][T14115] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  881.414843][T14123] No such timeout policy "syz0"
[  881.731977][T14115] Invalid logical block size (3)
[  881.748776][T14129] delete_channel: no stack
[  881.758765][T14129] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1883'.
[  881.844689][T14127] netlink: 'syz.0.1886': attribute type 1 has an invalid length.
[  881.939701][T14127] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1886'.
[  881.945653][T14117] delete_channel: no stack
[  881.979465][T14128] netlink: 'syz.0.1886': attribute type 1 has an invalid length.
[  882.040335][T14128] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1886'.
[  883.029000][T14144] netlink: 'syz.7.1888': attribute type 15 has an invalid length.
[  883.038110][T14144] netlink: 723 bytes leftover after parsing attributes in process `syz.7.1888'.
[  883.120682][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[  883.200961][ T5129] Bluetooth: hci5: command 0x0c1a tx timeout
[  883.207207][ T5833] Bluetooth: hci2: command 0x0405 tx timeout
[  883.213343][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  883.219835][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[  883.681456][T14157] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  885.427250][T14161] ip6t_rpfilter: unknown options
[  886.465725][T14169] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  886.493259][   T30] audit: type=1800 audit(1748244763.539:92): pid=14152 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.1892" name="/" dev="9p" ino=2 res=0 errno=0
[  889.407521][T14190] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1899'.
[  889.457511][T14189] loop6: detected capacity change from 0 to 524287999
[  889.701129][T14182] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  889.707520][T14182] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  889.715741][T14182] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  889.722483][T14182] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  889.728661][T14182] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  889.861550][T14189] buffer_io_error: 8 callbacks suppressed
[  889.861569][T14189] Buffer I/O error on dev loop6, logical block 0, async page read
[  889.920624][T14189] Buffer I/O error on dev loop6, logical block 0, async page read
[  889.977868][T14192] Invalid logical block size (3)
[  890.022936][T14189] Buffer I/O error on dev loop6, logical block 0, async page read
[  890.061072][T14189] Buffer I/O error on dev loop6, logical block 0, async page read
[  890.069196][T14189] Buffer I/O error on dev loop6, logical block 0, async page read
[  890.123399][T14189] Buffer I/O error on dev loop6, logical block 0, async page read
[  890.246628][T14189] Buffer I/O error on dev loop6, logical block 0, async page read
[  890.351214][T14189] Buffer I/O error on dev loop6, logical block 0, async page read
[  890.359255][T14189] ldm_validate_partition_table(): Disk read failed.
[  890.527296][T14189] Buffer I/O error on dev loop6, logical block 0, async page read
[  890.606244][T14189] Buffer I/O error on dev loop6, logical block 0, async page read
[  890.665713][T14189] Dev loop6: unable to read RDB block 0
[  890.730187][T14189]  loop6: unable to read partition table
[  890.773893][T14189] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  890.784566][T14203] netlink: 'syz.4.1902': attribute type 15 has an invalid length.
[  890.792617][T14203] netlink: 723 bytes leftover after parsing attributes in process `syz.4.1902'.
[  891.202089][T14206] FAULT_INJECTION: forcing a failure.
[  891.202089][T14206] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  891.290205][T14206] CPU: 1 UID: 0 PID: 14206 Comm: syz.6.1900 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  891.290235][T14206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  891.290245][T14206] Call Trace:
[  891.290253][T14206]  <TASK>
[  891.290262][T14206]  dump_stack_lvl+0x189/0x250
[  891.290291][T14206]  ? __lock_acquire+0xaac/0xd20
[  891.290318][T14206]  ? __pfx_dump_stack_lvl+0x10/0x10
[  891.290343][T14206]  ? __pfx__printk+0x10/0x10
[  891.290371][T14206]  ? __might_fault+0xb0/0x130
[  891.290406][T14206]  should_fail_ex+0x414/0x560
[  891.290432][T14206]  _copy_from_user+0x2d/0xb0
[  891.290459][T14206]  ___sys_recvmsg+0x12e/0x510
[  891.290486][T14206]  ? lockdep_hardirqs_on+0x9c/0x150
[  891.290513][T14206]  ? __pfx____sys_recvmsg+0x10/0x10
[  891.290567][T14206]  ? __fget_files+0x3a0/0x420
[  891.290597][T14206]  do_recvmmsg+0x307/0x760
[  891.290633][T14206]  ? __pfx_do_recvmmsg+0x10/0x10
[  891.290673][T14206]  ? _copy_from_user+0x94/0xb0
[  891.290716][T14206]  __x64_sys_recvmmsg+0x1af/0x240
[  891.290741][T14206]  ? rcu_is_watching+0x15/0xb0
[  891.290769][T14206]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  891.290800][T14206]  ? do_syscall_64+0xba/0x210
[  891.290828][T14206]  do_syscall_64+0xf6/0x210
[  891.290860][T14206]  ? clear_bhb_loop+0x60/0xb0
[  891.290883][T14206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  891.290901][T14206] RIP: 0033:0x7fda5838e969
[  891.290919][T14206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  891.290936][T14206] RSP: 002b:00007fda59190038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  891.290957][T14206] RAX: ffffffffffffffda RBX: 00007fda585b5fa0 RCX: 00007fda5838e969
[  891.290971][T14206] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  891.290983][T14206] RBP: 00007fda59190090 R08: 0000200000003700 R09: 0000000000000000
[  891.290995][T14206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  891.291007][T14206] R13: 0000000000000000 R14: 00007fda585b5fa0 R15: 00007ffe4ad067f8
[  891.291038][T14206]  </TASK>
[  891.800329][T14218] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  891.861771][T10058] Bluetooth: hci2: command 0x0405 tx timeout
[  891.872611][T10058] Bluetooth: hci1: command 0x0c1a tx timeout
[  891.953078][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[  891.967523][ T5129] Bluetooth: hci4: command 0x0c1a tx timeout
[  891.978382][T10058] Bluetooth: hci5: command 0x0c1a tx timeout
[  892.155404][T14214] ip6t_rpfilter: unknown options
[  892.592988][T14226] FAULT_INJECTION: forcing a failure.
[  892.592988][T14226] name failslab, interval 1, probability 0, space 0, times 0
[  892.650466][T14226] CPU: 1 UID: 0 PID: 14226 Comm: syz.7.1908 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  892.650496][T14226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  892.650506][T14226] Call Trace:
[  892.650514][T14226]  <TASK>
[  892.650523][T14226]  dump_stack_lvl+0x189/0x250
[  892.650556][T14226]  ? __pfx_dump_stack_lvl+0x10/0x10
[  892.650581][T14226]  ? __pfx__printk+0x10/0x10
[  892.650603][T14226]  ? irqentry_exit+0x74/0x90
[  892.650638][T14226]  should_fail_ex+0x414/0x560
[  892.650665][T14226]  should_failslab+0xa8/0x100
[  892.650686][T14226]  __kmalloc_cache_noprof+0x70/0x3d0
[  892.650712][T14226]  ? snd_mixer_oss_build_test+0xab/0x330
[  892.650736][T14226]  snd_mixer_oss_build_test+0xab/0x330
[  892.650759][T14226]  snd_mixer_oss_build_input+0x383/0x1300
[  892.650802][T14226]  ? __pfx_snd_mixer_oss_build_input+0x10/0x10
[  892.650857][T14226]  ? kstrdup+0x81/0x100
[  892.650888][T14226]  snd_mixer_oss_proc_write+0x518/0x6f0
[  892.650915][T14226]  ? __pfx_snd_mixer_oss_proc_write+0x10/0x10
[  892.650932][T14226]  ? filp_close+0x27/0x40
[  892.650985][T14226]  ? __pfx_snd_mixer_oss_proc_write+0x10/0x10
[  892.651005][T14226]  snd_info_text_entry_release+0xe5/0x1d0
[  892.651030][T14226]  ? __pfx_snd_info_text_entry_release+0x10/0x10
[  892.651051][T14226]  close_pdeo+0x1c3/0x3a0
[  892.651089][T14226]  ? __pfx_close_pdeo+0x10/0x10
[  892.651111][T14226]  ? do_raw_spin_lock+0x121/0x290
[  892.651136][T14226]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  892.651154][T14226]  ? __pfx_____fput+0x10/0x10
[  892.651175][T14226]  ? evm_file_release+0xc6/0x1e0
[  892.651202][T14226]  ? __pfx_proc_reg_release+0x10/0x10
[  892.651227][T14226]  proc_reg_release+0x14e/0x190
[  892.651250][T14226]  ? __pfx_proc_reg_release+0x10/0x10
[  892.651272][T14226]  __fput+0x449/0xa70
[  892.651302][T14226]  task_work_run+0x1d4/0x260
[  892.651328][T14226]  ? __pfx_task_work_run+0x10/0x10
[  892.651349][T14226]  ? filp_close+0x27/0x40
[  892.651382][T14226]  resume_user_mode_work+0x5e/0x80
[  892.651407][T14226]  syscall_exit_to_user_mode+0x9a/0x120
[  892.651431][T14226]  do_syscall_64+0x103/0x210
[  892.651460][T14226]  ? asm_sysvec_call_function_single+0x1a/0x20
[  892.651478][T14226]  ? clear_bhb_loop+0x60/0xb0
[  892.651501][T14226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  892.651519][T14226] RIP: 0033:0x7fd12e38e969
[  892.651538][T14226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  892.651554][T14226] RSP: 002b:00007fd12f1bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000124
[  892.651574][T14226] RAX: 0000000000000003 RBX: 00007fd12e5b5fa0 RCX: 00007fd12e38e969
[  892.651585][T14226] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[  892.651595][T14226] RBP: 00007fd12f1bc090 R08: 0000000000000000 R09: 0000000000000000
[  892.651606][T14226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  892.651618][T14226] R13: 0000000000000000 R14: 00007fd12e5b5fa0 R15: 00007ffe28b085e8
[  892.651648][T14226]  </TASK>
[  892.655971][T14226] ALSA: mixer_oss: invalid index 40000
[  893.194182][T14233] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1910'.
[  894.360934][T14238] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  894.370329][T14238] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  894.376697][T14238] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  894.383673][T14238] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  894.391158][T14238] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  894.976744][T14264] FAULT_INJECTION: forcing a failure.
[  894.976744][T14264] name failslab, interval 1, probability 0, space 0, times 0
[  895.028866][T14264] CPU: 0 UID: 0 PID: 14264 Comm: syz.0.1917 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  895.028897][T14264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  895.028910][T14264] Call Trace:
[  895.028919][T14264]  <TASK>
[  895.028929][T14264]  dump_stack_lvl+0x189/0x250
[  895.028965][T14264]  ? __pfx_dump_stack_lvl+0x10/0x10
[  895.028991][T14264]  ? __pfx__printk+0x10/0x10
[  895.029024][T14264]  ? __pfx___might_resched+0x10/0x10
[  895.029063][T14264]  ? fs_reclaim_acquire+0x7d/0x100
[  895.029092][T14264]  should_fail_ex+0x414/0x560
[  895.029119][T14264]  should_failslab+0xa8/0x100
[  895.029143][T14264]  __kmalloc_noprof+0xcb/0x4f0
[  895.029171][T14264]  ? tomoyo_encode+0x28b/0x550
[  895.029202][T14264]  tomoyo_encode+0x28b/0x550
[  895.029235][T14264]  tomoyo_realpath_from_path+0x58d/0x5d0
[  895.029265][T14264]  ? tomoyo_domain+0xda/0x130
[  895.029298][T14264]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  895.029322][T14264]  tomoyo_path_number_perm+0x1e8/0x5a0
[  895.029348][T14264]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  895.029378][T14264]  ? count_memcg_event_mm+0x92/0x3b0
[  895.029413][T14264]  ? __lock_acquire+0xaac/0xd20
[  895.029461][T14264]  ? __fget_files+0x2a/0x420
[  895.029486][T14264]  ? __fget_files+0x3a0/0x420
[  895.029503][T14264]  ? __fget_files+0x2a/0x420
[  895.029526][T14264]  security_file_ioctl+0xcb/0x2d0
[  895.029553][T14264]  __se_sys_ioctl+0x47/0x170
[  895.029583][T14264]  do_syscall_64+0xf6/0x210
[  895.029610][T14264]  ? clear_bhb_loop+0x60/0xb0
[  895.029635][T14264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.029654][T14264] RIP: 0033:0x7f3f3358e56b
[  895.029673][T14264] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  895.029690][T14264] RSP: 002b:00007f3f344d6490 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  895.029713][T14264] RAX: ffffffffffffffda RBX: 00007f3f344d6be0 RCX: 00007f3f3358e56b
[  895.029727][T14264] RDX: 00007f3f344d6aa0 RSI: 000000008138ae83 RDI: 0000000000000005
[  895.029740][T14264] RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000000000040
[  895.029759][T14264] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000018
[  895.029772][T14264] R13: 0000200001000000 R14: 0000200000fe8000 R15: 00000000fec00000
[  895.029806][T14264]  </TASK>
[  895.046663][T14264] ERROR: Out of memory at tomoyo_realpath_from_path.
[  895.404208][T14278] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  896.497253][T10058] Bluetooth: hci5: command 0x0c1a tx timeout
[  896.497315][T10058] Bluetooth: hci2: command 0x0405 tx timeout
[  896.497351][T10058] Bluetooth: hci1: command 0x0c1a tx timeout
[  896.497388][T10058] Bluetooth: hci0: command 0x0c1a tx timeout
[  896.512149][ T5129] Bluetooth: hci4: command 0x0c1a tx timeout
[  899.580826][T14300] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  899.580990][T14300] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  899.581104][T14300] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  899.581223][T14300] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  899.581333][T14300] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  900.228805][T14316] loop6: detected capacity change from 0 to 7
[  900.263106][T14316] Dev loop6: unable to read RDB block 7
[  900.263145][T14316]  loop6: AHDI p3 p4
[  900.263181][T14316] loop6: partition table partially beyond EOD, truncated
[  900.263418][T14316] loop6: p3 start 1886353253 is beyond EOD, truncated
[  900.495711][T14310] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  900.495961][T14310] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  900.496085][T14310] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  900.496266][T14310] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  900.496398][T14310] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  901.276771][T14325] dummy0: entered promiscuous mode
[  901.349901][T14325] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1934'.
[  901.743726][T14330] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  901.751146][T14330] IPv6: NLM_F_CREATE should be set when creating new route
[  901.758533][T14330] IPv6: NLM_F_CREATE should be set when creating new route
[  902.070583][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout
[  902.120371][ T5882] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  902.311601][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  902.387647][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  902.420631][ T5882] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  902.429846][ T5882] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  902.501774][ T5882] usb 1-1: config 0 descriptor??
[  902.550289][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  902.556557][ T5129] Bluetooth: hci4: command 0x0c1a tx timeout
[  902.562990][T10058] Bluetooth: hci5: command 0x0c1a tx timeout
[  902.569190][ T5828] Bluetooth: hci2: command 0x0405 tx timeout
[  903.608699][ T5882] ath6kl: Failed to submit usb control message: -71
[  904.596204][ T5882] ath6kl: unable to send the bmi data to the device: -71
[  904.618230][ T5882] ath6kl: Unable to send get target info: -71
[  904.645239][ T5882] ath6kl: Failed to init ath6kl core: -71
[  904.758427][T14349] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  904.765431][T14349] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  904.771741][T14349] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  904.778033][T14349] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  904.784215][T14349] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  904.879255][ T5882] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  904.984998][T14355] ptrace attach of "./syz-executor exec"[9120] was attempted by "./syz-executor exec"[14355]
[  905.221593][ T5882] usb 1-1: USB disconnect, device number 19
[  906.153225][ T5129] Bluetooth: hci0: command 0x0c1a tx timeout
[  906.951139][ T5129] Bluetooth: hci4: command 0x0c1a tx timeout
[  906.960794][T10058] Bluetooth: hci1: command 0x0c1a tx timeout
[  906.975024][ T5828] Bluetooth: hci2: command 0x0405 tx timeout
[  906.987782][ T5833] Bluetooth: hci5: command 0x0c1a tx timeout
[  907.040970][T14369] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  907.047367][T14369] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  907.053624][T14369] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  907.158763][T14369] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  907.165116][T14369] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  908.630520][ T5129] Bluetooth: hci0: command 0x0c1a tx timeout
[  909.113263][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  909.119445][ T5129] Bluetooth: hci2: command 0x0405 tx timeout
[  909.190290][ T5833] Bluetooth: hci5: command 0x0c1a tx timeout
[  909.196809][ T5129] Bluetooth: hci4: command 0x0c1a tx timeout
[  910.823616][T14408] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  910.829892][T14408] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  910.836192][T14408] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  910.842469][T14408] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  910.848713][T14408] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  912.871217][ T5129] Bluetooth: hci4: command 0x0c1a tx timeout
[  912.877350][ T5129] Bluetooth: hci5: command 0x0c1a tx timeout
[  912.883491][ T5833] Bluetooth: hci2: command 0x0405 tx timeout
[  912.889632][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  912.906229][ T5129] Bluetooth: hci0: command 0x0c1a tx timeout
[  914.521412][T14432] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  914.521412][T14432] The task syz.7.1956 (14432) triggered the difference, watch for misbehavior.
[  917.203723][T14438] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  917.210167][T14438] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  917.217690][T14438] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  917.224320][T14438] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  917.230607][T14438] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  917.600287][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[  918.106451][ T5908] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  918.376016][ T5908] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  918.397031][ T5908] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  918.567623][ T5908] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  918.578395][ T5908] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  918.600379][ T5908] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  918.616864][ T5908] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  918.631393][ T5908] usb 7-1: config 0 descriptor??
[  919.434291][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[  919.439926][ T5828] Bluetooth: hci5: command 0x0c1a tx timeout
[  919.439974][ T5828] Bluetooth: hci2: command 0x0405 tx timeout
[  919.440594][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout
[  919.896761][ T5908] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving
[  920.021444][T14469] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  920.030567][T14469] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  920.037646][T14469] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  920.045870][T14469] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  920.059456][T14469] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  920.551545][ T5908] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  922.070250][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[  922.076785][ T5129] Bluetooth: hci2: command 0x0405 tx timeout
[  922.082994][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  922.550175][ T5129] Bluetooth: hci4: command 0x0c1a tx timeout
[  922.556279][ T5129] Bluetooth: hci5: command 0x0c1a tx timeout
[  923.697962][ T8889] usb 7-1: USB disconnect, device number 5
[  925.600388][T14524] Bluetooth: hci3: Frame reassembly failed (-84)
[  926.180250][   T36] Bluetooth: hci3: Frame reassembly failed (-84)
[  927.671057][ T5129] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[  928.676386][ T5908] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  928.860392][ T5908] usb 5-1: Using ep0 maxpacket: 8
[  929.667977][ T5908] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  929.676974][ T5908] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  929.690622][ T5908] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  929.704684][ T5908] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  929.722883][ T5908] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  929.743260][ T5908] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  929.793042][ T5908] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  929.817020][ T5908] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  929.829609][ T5908] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  929.843203][ T5908] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  929.883972][ T5908] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  929.906607][ T5908] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  929.929405][ T5908] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  929.964247][ T5908] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  929.990599][ T5908] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  930.032402][ T5908] usb 5-1: string descriptor 0 read error: -22
[  930.040502][ T5908] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  930.080878][ T5908] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  930.662727][ T5908] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  930.891403][ T5873] usb 5-1: USB disconnect, device number 26
[  931.270908][ T5908] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  931.455424][ T5908] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  931.478711][ T5908] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  931.519358][ T5908] usb 1-1: config 0 descriptor??
[  931.925672][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  932.453131][T14582] Bluetooth: hci3: Frame reassembly failed (-84)
[  932.733910][   T36] Bluetooth: hci3: Frame reassembly failed (-84)
[  933.922738][T14560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  933.984017][T14560] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  934.550283][ T5129] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[  936.494366][ T5908] usb 1-1: Cannot set autoneg
[  936.499410][ T5908] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  936.814616][ T5908] usb 1-1: USB disconnect, device number 20
[  937.190703][   T10] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  937.380248][   T10] usb 8-1: Using ep0 maxpacket: 8
[  937.401744][T14625] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2000'.
[  937.420999][   T10] usb 8-1: unable to get BOS descriptor or descriptor too short
[  937.441678][   T10] usb 8-1: unable to read config index 0 descriptor/start: -71
[  937.451185][   T10] usb 8-1: can't read configurations, error -71
[  937.522538][T14625] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2000'.
[  940.504019][T14660] dummy0: entered promiscuous mode
[  940.511271][T14659] dummy0: left promiscuous mode
[  945.540415][T14713] dummy0: entered promiscuous mode
[  945.546921][T14712] dummy0: left promiscuous mode
[  945.747011][T14717] tun0: tun_chr_ioctl cmd 1074025681
[  945.974833][T14724] ip6t_rpfilter: unknown options
[  946.130775][ T5873] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  946.943579][ T5873] usb 8-1: Using ep0 maxpacket: 32
[  946.945874][ T5873] usb 8-1: unable to get BOS descriptor or descriptor too short
[  946.947189][ T5873] usb 8-1: config 1 interface 0 altsetting 32 bulk endpoint 0x82 has invalid maxpacket 1024
[  946.947221][ T5873] usb 8-1: config 1 interface 0 altsetting 32 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  946.947249][ T5873] usb 8-1: config 1 interface 0 has no altsetting 0
[  946.949975][ T5873] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  946.950005][ T5873] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  946.950120][ T5873] usb 8-1: Product: syz
[  946.950138][ T5873] usb 8-1: Manufacturer: syz
[  946.950152][ T5873] usb 8-1: SerialNumber: syz
[  946.957934][T14717] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  946.958088][T14717] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  947.393576][ T5873] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -22
[  947.525821][T14734] ip6t_rpfilter: unknown options
[  947.534588][ T5873] usb 8-1: USB disconnect, device number 13
[  947.775317][T14747] FAULT_INJECTION: forcing a failure.
[  947.775317][T14747] name failslab, interval 1, probability 0, space 0, times 0
[  947.775407][T14747] CPU: 1 UID: 0 PID: 14747 Comm: syz.0.2032 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  947.775422][T14747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  947.775429][T14747] Call Trace:
[  947.775434][T14747]  <TASK>
[  947.775439][T14747]  dump_stack_lvl+0x189/0x250
[  947.775461][T14747]  ? __pfx_dump_stack_lvl+0x10/0x10
[  947.775477][T14747]  ? __pfx__printk+0x10/0x10
[  947.775496][T14747]  ? __pfx___might_resched+0x10/0x10
[  947.775513][T14747]  ? fs_reclaim_acquire+0x7d/0x100
[  947.775529][T14747]  should_fail_ex+0x414/0x560
[  947.775544][T14747]  should_failslab+0xa8/0x100
[  947.775557][T14747]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  947.775574][T14747]  ? __alloc_skb+0x112/0x2d0
[  947.775601][T14747]  __alloc_skb+0x112/0x2d0
[  947.775619][T14747]  _sctp_make_chunk+0x5e/0x430
[  947.775639][T14747]  sctp_make_datafrag_empty+0x122/0x230
[  947.775658][T14747]  ? __pfx_sctp_make_datafrag_empty+0x10/0x10
[  947.775672][T14747]  ? __kasan_kmalloc+0x93/0xb0
[  947.775691][T14747]  ? sctp_auth_send_cid+0x69/0x250
[  947.775710][T14747]  sctp_datamsg_from_user+0x726/0xef0
[  947.775734][T14747]  ? __genradix_ptr+0x1e1/0x220
[  947.775752][T14747]  sctp_sendmsg_to_asoc+0x1003/0x1810
[  947.775770][T14747]  ? __lock_acquire+0xaac/0xd20
[  947.775795][T14747]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  947.775814][T14747]  ? __local_bh_enable_ip+0x12d/0x1c0
[  947.775831][T14747]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  947.775851][T14747]  ? sctp_sendmsg_check_sflags+0x18d/0x2e0
[  947.775872][T14747]  sctp_sendmsg+0x1941/0x2810
[  947.775890][T14747]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  947.775906][T14747]  ? __pfx_sctp_sendmsg+0x10/0x10
[  947.775935][T14747]  ? sock_rps_record_flow+0x19/0x400
[  947.775954][T14747]  ? inet_sendmsg+0x2f4/0x370
[  947.775970][T14747]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  947.775986][T14747]  __sock_sendmsg+0x19c/0x270
[  947.776001][T14747]  ____sys_sendmsg+0x52d/0x830
[  947.776020][T14747]  ? __pfx_____sys_sendmsg+0x10/0x10
[  947.776041][T14747]  ? import_iovec+0x74/0xa0
[  947.776060][T14747]  ___sys_sendmsg+0x21f/0x2a0
[  947.776077][T14747]  ? __pfx____sys_sendmsg+0x10/0x10
[  947.776116][T14747]  ? __fget_files+0x2a/0x420
[  947.776127][T14747]  ? __fget_files+0x3a0/0x420
[  947.776145][T14747]  __sys_sendmmsg+0x227/0x430
[  947.776164][T14747]  ? __pfx___sys_sendmmsg+0x10/0x10
[  947.776186][T14747]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  947.776213][T14747]  ? ksys_write+0x1f0/0x250
[  947.776237][T14747]  __x64_sys_sendmmsg+0xa0/0xc0
[  947.776254][T14747]  do_syscall_64+0xf6/0x210
[  947.776270][T14747]  ? clear_bhb_loop+0x60/0xb0
[  947.776285][T14747]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  947.776296][T14747] RIP: 0033:0x7f3f3358e969
[  947.776308][T14747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  947.776319][T14747] RSP: 002b:00007f3f344b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  947.776333][T14747] RAX: ffffffffffffffda RBX: 00007f3f337b6080 RCX: 00007f3f3358e969
[  947.776349][T14747] RDX: 0000000000000001 RSI: 0000200000003980 RDI: 0000000000000003
[  947.776358][T14747] RBP: 00007f3f344b7090 R08: 0000000000000000 R09: 0000000000000000
[  947.776366][T14747] R10: 0000000000084004 R11: 0000000000000246 R12: 0000000000000001
[  947.776374][T14747] R13: 0000000000000001 R14: 00007f3f337b6080 R15: 00007fffcd67caf8
[  947.776393][T14747]  </TASK>
[  948.520269][   T10] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  948.672651][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  948.672708][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  948.672754][   T10] usb 1-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53
[  948.672779][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  948.678135][   T10] usb 1-1: config 0 descriptor??
[  948.833130][T14758] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2036'.
[  948.958416][   T10] usb 1-1: USB disconnect, device number 21
[  948.977644][T14455] udevd[14455]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  949.910670][T14765] netlink: 220 bytes leftover after parsing attributes in process `syz.6.2039'.
[  950.724985][T14772] loop6: detected capacity change from 0 to 524287999
[  950.844778][T14455] buffer_io_error: 7 callbacks suppressed
[  950.844797][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  951.497421][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  951.505816][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  951.514735][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  951.523863][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  951.532287][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  951.541771][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  951.582651][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  951.601176][T14455] ldm_validate_partition_table(): Disk read failed.
[  951.609147][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  951.625816][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  951.638598][T14455] Dev loop6: unable to read RDB block 0
[  951.660783][T14776] Invalid logical block size (3)
[  951.675896][T14455]  loop6: unable to read partition table
[  951.685108][T14772] ldm_validate_partition_table(): Disk read failed.
[  951.722401][T14772] Dev loop6: unable to read RDB block 0
[  951.728722][T14772]  loop6: unable to read partition table
[  951.832924][T14772] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  952.125506][T14783] netlink: 220 bytes leftover after parsing attributes in process `syz.5.2045'.
[  952.256727][T14786] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2043'.
[  952.439436][T14792] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2047'.
[  952.730263][ T8889] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  952.918538][T14798] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2047'.
[  953.597112][ T8889] usb 7-1: config 0 has no interfaces?
[  953.602910][ T8889] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  953.612580][ T8889] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  953.644960][ T8889] usb 7-1: config 0 descriptor??
[  953.816815][T14802] syzkaller1: tun_chr_ioctl cmd 1074025677
[  953.823181][T14802] syzkaller1: Refused to change device type
[  954.171162][T14786] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  954.196671][T14811] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2052'.
[  954.206282][T14786] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  954.239374][T14811] macsec1: entered promiscuous mode
[  955.299525][ T8889] usb 7-1: USB disconnect, device number 6
[  955.301037][T14824] loop6: detected capacity change from 0 to 524287999
[  955.393358][T14824] ldm_validate_partition_table(): Disk read failed.
[  955.428408][T14824] Dev loop6: unable to read RDB block 0
[  955.450316][T14824]  loop6: unable to read partition table
[  955.461701][T14824] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  955.490373][   T30] audit: type=1800 audit(1748244832.529:93): pid=14815 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.2053" name="/" dev="9p" ino=2 res=0 errno=0
[  955.579089][T14825] Invalid logical block size (3)
[  955.598189][T14827] syzkaller1: tun_chr_ioctl cmd 1074025677
[  955.606208][ T5189] ldm_validate_partition_table(): Disk read failed.
[  955.614433][T14827] syzkaller1: Refused to change device type
[  955.623483][ T5189] Dev loop6: unable to read RDB block 0
[  955.653847][ T5189]  loop6: unable to read partition table
[  955.802966][T14832] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2058'.
[  955.827560][T14832] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2058'.
[  955.916214][T14832] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  955.980999][T14832] syz_tun: entered promiscuous mode
[  956.240777][T14841] tipc: Cannot configure node identity twice
[  958.390516][T14866] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  958.529617][T14871] loop6: detected capacity change from 0 to 524287999
[  958.669016][T14455] buffer_io_error: 55 callbacks suppressed
[  958.669035][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  958.831542][T14877] Invalid logical block size (3)
[  958.870257][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  958.894588][T14883] ip6t_rpfilter: unknown options
[  959.090749][   T30] audit: type=1800 audit(1748244836.139:94): pid=14862 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.2069" name="/" dev="9p" ino=2 res=0 errno=0
[  959.127896][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  959.136038][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  959.146543][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  959.146694][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  959.146835][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  959.146955][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  959.147038][T14455] ldm_validate_partition_table(): Disk read failed.
[  959.147090][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  959.147276][T14455] Buffer I/O error on dev loop6, logical block 0, async page read
[  959.147572][T14455] Dev loop6: unable to read RDB block 0
[  959.148091][T14455]  loop6: unable to read partition table
[  959.150179][T14871] ldm_validate_partition_table(): Disk read failed.
[  959.150577][T14871] Dev loop6: unable to read RDB block 0
[  959.151058][T14871]  loop6: unable to read partition table
[  959.151288][T14871] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  959.859764][T14897] FAULT_INJECTION: forcing a failure.
[  959.859764][T14897] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  959.925578][T14897] CPU: 1 UID: 0 PID: 14897 Comm: syz.5.2075 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  959.925608][T14897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  959.925619][T14897] Call Trace:
[  959.925627][T14897]  <TASK>
[  959.925636][T14897]  dump_stack_lvl+0x189/0x250
[  959.925670][T14897]  ? __pfx_dump_stack_lvl+0x10/0x10
[  959.925696][T14897]  ? __pfx__printk+0x10/0x10
[  959.925731][T14897]  ? __might_fault+0xb0/0x130
[  959.925750][T14897]  should_fail_ex+0x414/0x560
[  959.925778][T14897]  _copy_to_user+0x31/0xb0
[  959.925807][T14897]  simple_read_from_buffer+0xe1/0x170
[  959.925842][T14897]  proc_fail_nth_read+0x1df/0x250
[  959.925867][T14897]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  959.925891][T14897]  ? rw_verify_area+0x258/0x650
[  959.925915][T14897]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  959.925937][T14897]  vfs_read+0x200/0x980
[  959.925969][T14897]  ? __pfx___mutex_lock+0x10/0x10
[  959.925994][T14897]  ? __pfx_vfs_read+0x10/0x10
[  959.926021][T14897]  ? __fget_files+0x2a/0x420
[  959.926044][T14897]  ? __fget_files+0x3a0/0x420
[  959.926061][T14897]  ? __fget_files+0x2a/0x420
[  959.926111][T14897]  ksys_read+0x145/0x250
[  959.926140][T14897]  ? __pfx_ksys_read+0x10/0x10
[  959.926171][T14897]  ? do_syscall_64+0xba/0x210
[  959.926200][T14897]  do_syscall_64+0xf6/0x210
[  959.926223][T14897]  ? asm_sysvec_call_function_single+0x1a/0x20
[  959.926250][T14897]  ? clear_bhb_loop+0x60/0xb0
[  959.926275][T14897]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  959.926294][T14897] RIP: 0033:0x7fdbc1b8d37c
[  959.926313][T14897] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  959.926330][T14897] RSP: 002b:00007fdbc2a07030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  959.926351][T14897] RAX: ffffffffffffffda RBX: 00007fdbc1db5fa0 RCX: 00007fdbc1b8d37c
[  959.926365][T14897] RDX: 000000000000000f RSI: 00007fdbc2a070a0 RDI: 0000000000000007
[  959.926377][T14897] RBP: 00007fdbc2a07090 R08: 0000000000000000 R09: 0000000000000000
[  959.926390][T14897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  959.926402][T14897] R13: 0000000000000000 R14: 00007fdbc1db5fa0 R15: 00007ffe3cbce198
[  959.926436][T14897]  </TASK>
[  960.571846][T14901] syz.7.2072 (14901) used greatest stack depth: 18168 bytes left
[  962.247205][T14932] loop6: detected capacity change from 0 to 524287999
[  962.274541][T14932] ldm_validate_partition_table(): Disk read failed.
[  962.305230][T14932] Dev loop6: unable to read RDB block 0
[  962.324077][T14932]  loop6: unable to read partition table
[  962.344671][T14932] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  962.453215][T14934] Invalid logical block size (3)
[  963.852907][T14948] ip6t_rpfilter: unknown options
[  964.452958][T14960] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  966.050244][ T8889] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  966.224893][ T8889] usb 6-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[  966.482957][ T8889] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  968.813345][ T8889] usb 6-1: config 0 descriptor??
[  968.969500][ T8889] usb 6-1: can't set config #0, error -71
[  969.018274][ T8889] usb 6-1: USB disconnect, device number 9
[  969.298263][T15007] ip6t_rpfilter: unknown options
[  972.506589][   T30] audit: type=1326 audit(1748244849.549:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15013 comm="syz.5.2105" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdbc1b8e969 code=0x0
[  974.810756][T15074] ip6t_rpfilter: unknown options
[  975.838210][T15070] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  975.858772][T15070] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  975.900545][T15070] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  975.925193][T15070] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  975.963215][T15070] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  976.253486][ T5873] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  976.461312][ T5873] usb 8-1: Using ep0 maxpacket: 8
[  976.491735][ T5873] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  976.532152][ T5873] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  976.593705][ T5873] usb 8-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  976.626773][ T5873] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  976.651729][ T5873] usb 8-1: Product: syz
[  976.667663][ T5873] usb 8-1: Manufacturer: syz
[  976.678029][ T5873] usb 8-1: SerialNumber: syz
[  976.710405][ T5129] Bluetooth: hci0: command 0x0c1a tx timeout
[  976.723325][ T5873] usb 8-1: config 0 descriptor??
[  977.407004][ T5873] usb 8-1: USB disconnect, device number 14
[  977.690242][   T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  977.873605][   T10] usb 5-1: config 0 has no interfaces?
[  977.886707][   T10] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  977.909705][   T10] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  977.918537][ T5129] Bluetooth: hci2: command 0x0405 tx timeout
[  977.920211][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout
[  977.925210][   T10] usb 5-1: Product: syz
[  977.935248][   T10] usb 5-1: Manufacturer: syz
[  977.942234][   T10] usb 5-1: SerialNumber: syz
[  977.975733][   T10] usb 5-1: config 0 descriptor??
[  977.991612][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[  977.991785][ T5129] Bluetooth: hci5: command 0x0c1a tx timeout
[  978.450467][   T10] usb 5-1: USB disconnect, device number 27
[  978.788521][T15120] ip6t_rpfilter: unknown options
[  979.818607][T15128] netlink: 16402 bytes leftover after parsing attributes in process `syz.6.2135'.
[  979.841936][T15127] netlink: 16402 bytes leftover after parsing attributes in process `syz.6.2135'.
[  982.621316][T15168] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  983.108112][T15161] ip6t_rpfilter: unknown options
[  984.352683][T15188] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2152'.
[  984.452034][T15191] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2152'.
[  985.420990][   T10] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  985.488284][T15201] ieee802154 phy1 wpan1: encryption failed: -22
[  986.512508][   T10] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  986.558446][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  986.569962][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  986.581030][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  986.595770][   T10] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  986.609695][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  986.622809][   T10] usb 7-1: config 0 descriptor??
[  986.973132][T15207] ip6t_rpfilter: unknown options
[  987.078688][   T10] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving
[  987.138418][   T10] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  988.679818][T15235] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2165'.
[  988.790404][T15235] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2165'.
[  990.678194][ T5858] usb 7-1: USB disconnect, device number 7
[  992.331075][T15263] ip6t_rpfilter: unknown options
[  993.358450][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  995.794369][T15278] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  995.800569][T15278] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  995.806587][T15278] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  995.812847][T15278] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  995.818868][T15278] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  995.995893][T15282] netlink: 'syz.5.2175': attribute type 1 has an invalid length.
[  996.048598][T15282] netlink: 16150 bytes leftover after parsing attributes in process `syz.5.2175'.
[  996.226129][T15296] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2177'.
[  996.504907][T15302] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2177'.
[  997.909169][T15319] ip6t_rpfilter: unknown options
[  997.914759][ T5129] Bluetooth: hci5: command 0x0c1a tx timeout
[  997.914779][ T5833] Bluetooth: hci2: command 0x0405 tx timeout
[  997.921032][T10058] Bluetooth: hci1: command 0x0c1a tx timeout
[  997.926996][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout
[  997.933204][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[  998.832721][ T5882] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  998.881611][ T5858] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  999.035063][ T5882] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  999.062215][ T5882] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  999.090220][ T5882] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  999.114262][ T5882] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  999.115897][ T5858] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  999.128615][ T5882] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  999.145884][ T5858] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  999.170486][ T5858] usb 7-1: config 1 interface 0 has no altsetting 1
[  999.183895][ T5858] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  999.184145][ T5882] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  999.197815][ T5858] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  999.215799][ T5858] usb 7-1: SerialNumber: syz
[  999.251237][ T5858] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22
[  999.271562][ T5882] usb 6-1: config 0 descriptor??
[  999.464529][ T5858] usb 7-1: USB disconnect, device number 8
[  999.710951][ T5882] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[  999.783917][ T5882] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1000.202223][T15345] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2192'.
[ 1000.631192][T15354] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2193'.
[ 1000.772862][T15354] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2193'.
[ 1001.843708][ T5858] usb 6-1: USB disconnect, device number 10
[ 1004.219589][T15375] ip6t_rpfilter: unknown options
[ 1006.490278][T15405] netlink: 'syz.6.2203': attribute type 10 has an invalid length.
[ 1007.620693][ T5873] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[ 1007.763593][T15418] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2205'.
[ 1007.832946][ T5873] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1007.867105][T15418] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2205'.
[ 1007.884294][T15429] IPVS: sync thread started: state = MASTER, mcast_ifn = batadv_slave_0, syncid = 0, id = 0
[ 1007.953945][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1007.994680][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1008.044169][ T5873] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1008.114016][ T5873] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1008.133107][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1008.166053][ T5873] usb 5-1: config 0 descriptor??
[ 1008.641887][ T5873] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving
[ 1008.656277][T15431] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1008.697973][ T5873] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1009.482665][T15431] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1010.096250][T15431] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1010.125134][T15431] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1010.150391][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1010.173356][T15431] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1010.413744][   T10] usb 5-1: reset high-speed USB device number 28 using dummy_hcd
[ 1011.523215][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1012.150741][T10058] Bluetooth: hci2: command 0x0405 tx timeout
[ 1012.157002][ T5828] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1012.240270][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1012.625744][ T5873] usb 5-1: USB disconnect, device number 28
[ 1013.768192][T15472] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1015.060337][   T10] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1016.093992][T15489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2220'.
[ 1016.215688][T15496] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2220'.
[ 1016.511423][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1016.523126][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1016.544613][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1017.026346][   T10] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1017.040263][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1017.053733][   T10] usb 7-1: config 0 descriptor??
[ 1017.410419][ T5820] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1017.885366][   T10] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving
[ 1017.931410][   T10] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[ 1018.220985][   T10] usb 7-1: USB disconnect, device number 9
[ 1018.230371][ T5820] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1018.266153][ T5828] Bluetooth: hci0: unexpected event for opcode 0x0c58
[ 1018.311538][ T5820] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1018.344059][ T5820] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1018.361330][ T5820] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1018.414035][ T5820] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1018.427158][ T5820] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1018.476107][ T5820] usb 6-1: config 0 descriptor??
[ 1018.530608][ T5858] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[ 1018.701483][ T5858] usb 1-1: device descriptor read/64, error -71
[ 1018.916037][ T5820] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving
[ 1018.952236][ T5858] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[ 1018.969432][ T5820] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1019.120339][ T5858] usb 1-1: device descriptor read/64, error -71
[ 1019.353223][ T5858] usb usb1-port1: attempt power cycle
[ 1020.040564][ T5858] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[ 1020.612687][ T5858] usb 1-1: device descriptor read/8, error -71
[ 1020.880929][ T5858] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[ 1020.912938][ T5858] usb 1-1: device descriptor read/8, error -71
[ 1021.002560][   T10] usb 6-1: reset high-speed USB device number 11 using dummy_hcd
[ 1021.035649][ T5858] usb usb1-port1: unable to enumerate USB device
[ 1021.119691][T15532] xfrm0: entered promiscuous mode
[ 1021.125261][T15532] xfrm0: entered allmulticast mode
[ 1021.482552][T15542] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2232'.
[ 1021.750095][T15542] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2232'.
[ 1022.262306][T15554] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[ 1022.310480][ T5828] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[ 1022.320753][ T5828] Bluetooth: hci0: Injecting HCI hardware error event
[ 1022.354201][T10058] Bluetooth: hci0: hardware error 0x00
[ 1022.941163][ T5908] usb 6-1: USB disconnect, device number 11
[ 1024.390173][T10058] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 1026.320374][ T5908] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[ 1026.915896][ T5908] usb 7-1: config 0 has an invalid interface number: 133 but max is 0
[ 1027.229714][ T5908] usb 7-1: config 0 has no interface number 0
[ 1027.661143][T15604] ip6t_rpfilter: unknown options
[ 1027.747760][ T5908] usb 7-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1027.811404][ T5908] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1027.897907][ T5908] usb 7-1: Product: syz
[ 1027.918213][ T5908] usb 7-1: Manufacturer: syz
[ 1027.928365][ T5908] usb 7-1: SerialNumber: syz
[ 1027.958478][ T5908] usb 7-1: config 0 descriptor??
[ 1028.196475][ T5908] keyspan 7-1:0.133: Keyspan 1 port adapter converter detected
[ 1028.209536][ T5908] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 81
[ 1028.910884][ T5908] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 1
[ 1028.918799][ T5908] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 2
[ 1028.928163][ T5908] usb 7-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1028.938965][ T5908] usb 7-1: USB disconnect, device number 10
[ 1028.948025][ T5908] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1028.958206][ T5908] keyspan 7-1:0.133: device disconnected
[ 1029.599929][T15617] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2249'.
[ 1029.888565][T15616] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2249'.
[ 1034.054894][T15663] netlink: 'syz.0.2259': attribute type 15 has an invalid length.
[ 1034.102850][T15663] netlink: 723 bytes leftover after parsing attributes in process `syz.0.2259'.
[ 1034.218121][ T2013] IPVS: starting estimator thread 0...
[ 1034.238903][T15668] FAULT_INJECTION: forcing a failure.
[ 1034.238903][T15668] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1034.301544][T15668] CPU: 1 UID: 0 PID: 15668 Comm: syz.4.2262 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1034.301575][T15668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1034.301586][T15668] Call Trace:
[ 1034.301595][T15668]  <TASK>
[ 1034.301604][T15668]  dump_stack_lvl+0x189/0x250
[ 1034.301634][T15668]  ? __lock_acquire+0xaac/0xd20
[ 1034.301664][T15668]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1034.301689][T15668]  ? __pfx__printk+0x10/0x10
[ 1034.301718][T15668]  ? __might_fault+0xb0/0x130
[ 1034.301751][T15668]  should_fail_ex+0x414/0x560
[ 1034.301778][T15668]  _copy_from_user+0x2d/0xb0
[ 1034.301807][T15668]  rfcomm_dev_ioctl+0x251/0x1d40
[ 1034.301838][T15668]  ? kasan_quarantine_put+0xdd/0x220
[ 1034.301876][T15668]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[ 1034.301906][T15668]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1034.301929][T15668]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1034.301953][T15668]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1034.301977][T15668]  ? bt_sock_ioctl+0xe7/0x2d0
[ 1034.302004][T15668]  sock_do_ioctl+0xdc/0x300
[ 1034.302029][T15668]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1034.302050][T15668]  ? smk_tskacc+0x2fc/0x370
[ 1034.302084][T15668]  ? smack_file_ioctl+0x24a/0x340
[ 1034.302109][T15668]  sock_ioctl+0x576/0x790
[ 1034.302131][T15668]  ? __pfx_sock_ioctl+0x10/0x10
[ 1034.302155][T15668]  ? __fget_files+0x3a0/0x420
[ 1034.302172][T15668]  ? __fget_files+0x2a/0x420
[ 1034.302195][T15668]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1034.302219][T15668]  ? __pfx_sock_ioctl+0x10/0x10
[ 1034.302237][T15668]  __se_sys_ioctl+0xf9/0x170
[ 1034.302266][T15668]  do_syscall_64+0xf6/0x210
[ 1034.302292][T15668]  ? clear_bhb_loop+0x60/0xb0
[ 1034.302317][T15668]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1034.302334][T15668] RIP: 0033:0x7f1cd938e969
[ 1034.302352][T15668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1034.302366][T15668] RSP: 002b:00007f1cda26d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1034.302388][T15668] RAX: ffffffffffffffda RBX: 00007f1cd95b5fa0 RCX: 00007f1cd938e969
[ 1034.302401][T15668] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 000000000000000a
[ 1034.302413][T15668] RBP: 00007f1cda26d090 R08: 0000000000000000 R09: 0000000000000000
[ 1034.302425][T15668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1034.302437][T15668] R13: 0000000000000000 R14: 00007f1cd95b5fa0 R15: 00007ffd7184cfd8
[ 1034.302470][T15668]  </TASK>
[ 1034.640149][T15669] IPVS: using max 26 ests per chain, 62400 per kthread
[ 1034.799253][T15681] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2265'.
[ 1034.840245][ T2013] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[ 1035.000460][ T2013] usb 6-1: not running at top speed; connect to a high speed hub
[ 1035.048053][T15684] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2265'.
[ 1035.051128][ T2013] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1035.188645][ T2013] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1035.275397][ T2013] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1035.343670][ T2013] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1035.370346][ T2013] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1035.385437][ T2013] usb 6-1: Product: syz
[ 1035.407226][ T2013] usb 6-1: Manufacturer: syz
[ 1035.413054][ T2013] usb 6-1: SerialNumber: syz
[ 1035.631783][T15691] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2268'.
[ 1037.187317][ T2013] usb 6-1: 0:2 : does not exist
[ 1037.531229][ T2013] usb 6-1: USB disconnect, device number 12
[ 1037.598165][   T30] audit: type=1800 audit(1748244914.639:96): pid=15693 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.2269" name="/" dev="9p" ino=2 res=0 errno=0
[ 1040.103039][T15712] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1040.141215][T15712] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1040.174880][T15712] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1040.230851][T15712] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1040.251499][T10058] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1041.891075][T15758] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2278'.
[ 1042.154156][ T5828] Bluetooth: hci2: command 0x0405 tx timeout
[ 1042.341725][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1042.356915][T10058] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1044.583830][T15773] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1045.270816][T15781] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[ 1051.119944][T15824] dummy0: entered promiscuous mode
[ 1051.270618][T15823] dummy0: left promiscuous mode
[ 1051.369645][T15827] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2295'.
[ 1051.479061][T15829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2295'.
[ 1054.430362][ T8889] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[ 1054.604141][ T8889] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1054.620619][ T8889] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1054.680744][ T8889] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1054.697697][ T8889] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1054.717718][ T8889] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1054.727057][ T8889] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1054.994370][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.081649][ T5908] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[ 1055.390311][ T8889] usb 8-1: config 0 descriptor??
[ 1055.432435][ T8889] usb 8-1: can't set config #0, error -71
[ 1055.449611][ T8889] usb 8-1: USB disconnect, device number 15
[ 1055.517539][T15856] ip6t_rpfilter: unknown options
[ 1055.552326][ T5908] usb 5-1: Using ep0 maxpacket: 16
[ 1055.694194][ T5908] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1055.704721][ T5908] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 1055.716754][ T5908] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1055.726547][ T5908] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1055.909040][ T5908] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1056.680181][ T5908] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1056.689181][ T5908] usb 5-1: Product: syz
[ 1056.820612][ T5908] usb 5-1: Manufacturer: syz
[ 1056.830159][ T5908] usb 5-1: SerialNumber: syz
[ 1057.268279][T15849] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1058.007597][T15884] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2309'.
[ 1058.362547][ T5908] usb 5-1: USB disconnect, device number 29
[ 1060.749763][T15911] ip6t_rpfilter: unknown options
[ 1061.578107][T15932] dummy0: entered promiscuous mode
[ 1061.585527][T15930] dummy0: left promiscuous mode
[ 1061.913971][T15937] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2321'.
[ 1062.079180][T15938] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2321'.
[ 1063.631877][T15950] netlink: 'syz.4.2325': attribute type 15 has an invalid length.
[ 1063.659177][T15950] netlink: 723 bytes leftover after parsing attributes in process `syz.4.2325'.
[ 1064.345848][T15955] ip6t_rpfilter: unknown options
[ 1066.011111][T15966] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1066.018751][T15966] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1066.025045][T15966] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1066.031522][T15966] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1066.753139][T15991] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1068.070466][T15323] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1068.076802][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1068.120057][ T5821] Bluetooth: hci2: command 0x0405 tx timeout
[ 1068.130301][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1069.350227][ T5828] Bluetooth: hci3: command 0xfc11 tx timeout
[ 1069.359428][T10058] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[ 1069.588584][   T30] audit: type=1800 audit(1748244946.619:97): pid=15982 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.2336" name="/" dev="9p" ino=2 res=0 errno=0
[ 1070.296874][T16012] loop6: detected capacity change from 0 to 524287999
[ 1070.322567][T16012] buffer_io_error: 40 callbacks suppressed
[ 1070.322581][T16012] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1070.376362][T16012] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1070.406844][T16012] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1070.443702][T16012] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1070.481176][T16013] Invalid logical block size (3)
[ 1070.530463][T16012] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1070.548714][T16012] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1071.161060][T16012] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1071.203301][T16012] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1071.235421][T16012] ldm_validate_partition_table(): Disk read failed.
[ 1071.288042][T16012] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1071.330858][T16012] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1071.373215][T16012] Dev loop6: unable to read RDB block 0
[ 1071.413118][T16012]  loop6: unable to read partition table
[ 1071.493630][T16012] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1073.047141][T16039] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1073.054447][T16039] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1073.060777][T16039] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1073.066780][T16039] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1073.263131][T16049] netlink: 'syz.4.2350': attribute type 15 has an invalid length.
[ 1073.274277][T16049] netlink: 723 bytes leftover after parsing attributes in process `syz.4.2350'.
[ 1074.407618][T16061] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1074.429498][   T13] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1074.784838][T16069] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[ 1075.231986][T10058] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1075.238696][T10058] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1075.245613][T10058] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1075.252219][T10058] Bluetooth: hci2: command 0x0405 tx timeout
[ 1076.588537][T15323] Bluetooth: hci3: command 0xfc11 tx timeout
[ 1076.626479][ T5828] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[ 1077.010478][T15449] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[ 1077.185054][T15449] usb 1-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[ 1077.228425][T15449] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1077.267392][T15449] usb 1-1: Product: syz
[ 1077.456230][T15449] usb 1-1: Manufacturer: syz
[ 1077.634308][T16094] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2362'.
[ 1077.643495][T16094] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2362'.
[ 1078.229107][T15449] usb 1-1: SerialNumber: syz
[ 1078.243667][T15449] usb 1-1: config 0 descriptor??
[ 1078.890642][T16092] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1078.896989][T16092] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1078.903685][T16092] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1078.910291][T16092] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1079.170668][T16076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1079.179830][T16076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1079.213906][T16076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1079.223296][T16076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1079.235316][T16076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1079.244313][T16076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1079.502757][T16111] netlink: 'syz.4.2365': attribute type 15 has an invalid length.
[ 1079.552836][T16111] netlink: 723 bytes leftover after parsing attributes in process `syz.4.2365'.
[ 1079.872912][T15449] usb 1-1: f81604_read: reg: 100f failed: -EPROTO
[ 1080.589875][T15449] usb 1-1: f81604_read: reg: 200f failed: -EPROTO
[ 1080.609351][T15449] usb 1-1: USB disconnect, device number 26
[ 1080.797808][T15449] usb 1-1: f81604_read: reg: 100f failed: -ENODEV
[ 1080.857694][T16126] dummy0: entered promiscuous mode
[ 1081.644476][T15323] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1081.650748][T15323] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1081.656938][T15323] Bluetooth: hci2: command 0x0405 tx timeout
[ 1081.663181][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1081.751707][T16125] dummy0: left promiscuous mode
[ 1081.954953][T15449] usb 1-1: f81604_read: reg: 200f failed: -ENODEV
[ 1082.597073][T16142] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2372'.
[ 1082.618963][T16149] loop6: detected capacity change from 0 to 524287999
[ 1082.627021][T16144] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1082.637937][T16144] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2375'.
[ 1082.644610][   T12] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1082.647233][T16144] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2375'.
[ 1082.666803][T16149] buffer_io_error: 6 callbacks suppressed
[ 1082.666820][T16149] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1082.687662][T16149] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1082.697857][T16149] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1082.743473][T16149] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1082.759747][T16149] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1082.787513][T16149] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1082.832401][T16149] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1082.846250][T16149] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1082.858762][T16149] ldm_validate_partition_table(): Disk read failed.
[ 1082.877256][T16133] Invalid logical block size (3)
[ 1082.887128][T16149] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1082.903306][T16149] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1082.917461][T16149] Dev loop6: unable to read RDB block 0
[ 1082.949936][T16149]  loop6: unable to read partition table
[ 1082.982586][T16149] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1083.952311][T15449] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1084.134628][T15449] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1084.630310][T10058] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[ 1084.965027][T15449] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1084.976406][T15449] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1084.987199][T15449] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1084.994935][T16174] netlink: 'syz.5.2381': attribute type 15 has an invalid length.
[ 1085.002976][T15449] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1085.031946][T15449] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1085.050192][T16174] netlink: 723 bytes leftover after parsing attributes in process `syz.5.2381'.
[ 1085.092956][T15449] usb 7-1: config 0 descriptor??
[ 1085.167293][T16177] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2383'.
[ 1085.516304][T15449] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving
[ 1085.536592][T15449] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[ 1087.630666][ T5908] usb 7-1: reset high-speed USB device number 11 using dummy_hcd
[ 1089.059681][T15449] usb 7-1: USB disconnect, device number 11
[ 1089.948141][T16218] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1089.964017][T16218] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2393'.
[ 1089.975375][T16218] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2393'.
[ 1090.817123][T16226] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2395'.
[ 1090.831659][T16228] netlink: 'syz.6.2394': attribute type 15 has an invalid length.
[ 1090.854953][T16228] netlink: 723 bytes leftover after parsing attributes in process `syz.6.2394'.
[ 1091.184850][T16231] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1091.203640][T16231] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1091.225581][T16231] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1091.245187][T16231] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1092.248137][T15323] Bluetooth: hci3: command 0xfc11 tx timeout
[ 1092.255307][T10058] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[ 1092.870563][ T5820] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1093.043263][ T5820] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1093.085544][ T5820] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1093.110897][T10058] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1093.184647][ T5820] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1093.251816][ T5820] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1093.270478][T10058] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1093.276739][T10058] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1093.282881][T10058] Bluetooth: hci2: command 0x0405 tx timeout
[ 1093.312674][ T5820] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1093.337087][ T5820] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1093.388847][ T5820] usb 7-1: config 0 descriptor??
[ 1093.643125][T16251] ip6t_rpfilter: unknown options
[ 1093.799678][T16253] dummy0: entered promiscuous mode
[ 1093.825643][T16252] dummy0: left promiscuous mode
[ 1093.835653][ T5820] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving
[ 1093.869101][T15449] IPVS: starting estimator thread 0...
[ 1093.885330][ T5820] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[ 1094.000292][T16256] IPVS: using max 34 ests per chain, 81600 per kthread
[ 1095.405226][T16271] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2406'.
[ 1095.952897][T16277] netlink: 'syz.7.2407': attribute type 15 has an invalid length.
[ 1095.971968][T15449] usb 7-1: reset high-speed USB device number 12 using dummy_hcd
[ 1095.981552][T16277] netlink: 723 bytes leftover after parsing attributes in process `syz.7.2407'.
[ 1096.415845][T16285] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1096.431950][T16285] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2409'.
[ 1096.441316][T16285] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2409'.
[ 1096.958339][ T1868] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1097.009455][ T5908] usb 7-1: USB disconnect, device number 12
[ 1098.041378][T16292] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1098.047904][T16292] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1098.054487][T16292] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1098.060683][T16292] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1098.285300][T16294] ip6t_rpfilter: unknown options
[ 1098.550221][T15323] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[ 1098.551361][ T5828] Bluetooth: hci3: command 0xfc11 tx timeout
[ 1098.906773][T16300] dummy0: entered promiscuous mode
[ 1098.916103][T16299] dummy0: left promiscuous mode
[ 1099.009378][   T30] audit: type=1800 audit(1748244976.049:98): pid=16286 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.2410" name="/" dev="9p" ino=2 res=0 errno=0
[ 1100.150436][T15323] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1100.156120][ T5821] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1100.162865][ T5828] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1100.230357][ T5828] Bluetooth: hci2: command 0x0405 tx timeout
[ 1100.454711][   T30] audit: type=1800 audit(1748244977.499:99): pid=16314 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.2416" name="/" dev="9p" ino=2 res=0 errno=0
[ 1100.685088][T16328] loop6: detected capacity change from 0 to 524287999
[ 1100.723942][T16328] buffer_io_error: 6 callbacks suppressed
[ 1100.723956][T16328] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1100.810399][T16328] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1100.868678][T16328] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1100.908777][T16328] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1100.971741][T16331] Invalid logical block size (3)
[ 1100.990457][T16328] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1101.020383][T16328] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1101.040540][T16328] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1101.067134][T16328] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1101.757569][T16328] ldm_validate_partition_table(): Disk read failed.
[ 1102.058265][T16341] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1102.064960][T16341] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1102.071424][T16341] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1102.077648][T16341] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1102.100153][T16328] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1102.108437][T16328] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1102.335249][T16328] Dev loop6: unable to read RDB block 0
[ 1102.380741][T16328]  loop6: unable to read partition table
[ 1102.493939][T16349] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1102.510650][T16349] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2424'.
[ 1102.520186][T16349] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2424'.
[ 1102.703852][T16328] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1102.797106][   T13] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1103.167997][T16355] ip6t_rpfilter: unknown options
[ 1103.975831][T16359] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1103.982266][T16359] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1103.988301][T16359] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1103.994527][T16359] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1104.790787][ T5828] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[ 1105.596959][ T5821] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1105.980461][T16394] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2435'.
[ 1105.989499][T16394] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2435'.
[ 1106.107862][ T5821] Bluetooth: hci2: command 0x0405 tx timeout
[ 1106.140619][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1106.140710][ T5821] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1106.171105][T16394] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2435'.
[ 1106.418276][T16394] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2435'.
[ 1107.214561][T16403] loop6: detected capacity change from 0 to 524287999
[ 1107.255084][T16403] buffer_io_error: 6 callbacks suppressed
[ 1107.255104][T16403] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1107.280753][T16403] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1107.293832][T16403] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1107.308955][T16403] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1107.320326][T16403] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1107.328293][T16403] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1107.339467][T16403] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1107.346786][T16408] netlink: 'syz.5.2438': attribute type 21 has an invalid length.
[ 1107.380551][T16403] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1107.393453][T16408] netlink: 'syz.5.2438': attribute type 6 has an invalid length.
[ 1107.402130][T16408] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2438'.
[ 1107.430108][T16403] ldm_validate_partition_table(): Disk read failed.
[ 1107.453020][T16404] Invalid logical block size (3)
[ 1107.461411][T16403] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1107.477533][T16403] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1107.492782][T16403] Dev loop6: unable to read RDB block 0
[ 1107.499794][T16403]  loop6: unable to read partition table
[ 1107.521469][T16403] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1108.580605][T16420] netlink: 'syz.6.2439': attribute type 15 has an invalid length.
[ 1108.610131][T16420] netlink: 723 bytes leftover after parsing attributes in process `syz.6.2439'.
[ 1110.539214][T16437] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1110.549835][T16437] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2444'.
[ 1110.558907][T16437] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2444'.
[ 1110.989365][ T6118] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1111.012352][ T6118] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1111.718144][T16447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2446'.
[ 1111.846263][T16451] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2446'.
[ 1112.950148][ T5828] Bluetooth: hci3: command 0xfc11 tx timeout
[ 1112.950643][ T5821] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[ 1114.373778][   T30] audit: type=1800 audit(1748244991.409:100): pid=16469 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.2450" name="/" dev="9p" ino=2 res=0 errno=0
[ 1114.946763][T16495] netlink: 'syz.0.2454': attribute type 15 has an invalid length.
[ 1115.023657][T16495] netlink: 723 bytes leftover after parsing attributes in process `syz.0.2454'.
[ 1115.961896][T16514] ip6t_rpfilter: unknown options
[ 1115.980818][ T5820] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 1116.328902][T16520] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1116.329837][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.355136][T16517] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2460'.
[ 1116.364491][T16517] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2460'.
[ 1116.377645][ T3465] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1116.410699][ T8889] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[ 1117.639580][ T8889] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1117.656926][ T5820] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1117.670201][ T8889] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1117.860389][ T5820] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1117.881775][ T8889] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1117.903341][ T5820] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1117.946026][ T8889] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1117.978520][ T5820] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1117.992342][ T8889] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1118.001734][ T5820] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1118.011641][ T8889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1118.020168][ T5820] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1118.035190][ T8889] usb 5-1: config 0 descriptor??
[ 1118.044446][ T5820] usb 6-1: config 0 descriptor??
[ 1118.178987][ T8889] usbhid 5-1:0.0: can't add hid device: -71
[ 1118.211475][ T8889] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1118.273261][T16530] FAULT_INJECTION: forcing a failure.
[ 1118.273261][T16530] name failslab, interval 1, probability 0, space 0, times 0
[ 1118.286194][T16530] CPU: 0 UID: 0 PID: 16530 Comm: syz.6.2465 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1118.286221][T16530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1118.286233][T16530] Call Trace:
[ 1118.286242][T16530]  <TASK>
[ 1118.286250][T16530]  dump_stack_lvl+0x189/0x250
[ 1118.286284][T16530]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1118.286309][T16530]  ? __pfx__printk+0x10/0x10
[ 1118.286343][T16530]  ? __pfx___might_resched+0x10/0x10
[ 1118.286369][T16530]  ? fs_reclaim_acquire+0x7d/0x100
[ 1118.286395][T16530]  should_fail_ex+0x414/0x560
[ 1118.286422][T16530]  should_failslab+0xa8/0x100
[ 1118.286443][T16530]  __kmalloc_noprof+0xcb/0x4f0
[ 1118.286468][T16530]  ? kfree+0x4d/0x440
[ 1118.286488][T16530]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1118.286520][T16530]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1118.286544][T16530]  ? tomoyo_domain+0xda/0x130
[ 1118.286575][T16530]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1118.286596][T16530]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1118.286620][T16530]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1118.286660][T16530]  ? __lock_acquire+0xaac/0xd20
[ 1118.286707][T16530]  ? __fget_files+0x2a/0x420
[ 1118.286730][T16530]  ? __fget_files+0x3a0/0x420
[ 1118.286746][T16530]  ? __fget_files+0x2a/0x420
[ 1118.286770][T16530]  security_file_ioctl+0xcb/0x2d0
[ 1118.286795][T16530]  __se_sys_ioctl+0x47/0x170
[ 1118.286821][T16530]  do_syscall_64+0xf6/0x210
[ 1118.286847][T16530]  ? clear_bhb_loop+0x60/0xb0
[ 1118.286871][T16530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1118.286890][T16530] RIP: 0033:0x7fda5838e969
[ 1118.286908][T16530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1118.286925][T16530] RSP: 002b:00007fda59190038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1118.286946][T16530] RAX: ffffffffffffffda RBX: 00007fda585b5fa0 RCX: 00007fda5838e969
[ 1118.286960][T16530] RDX: 0000000000000008 RSI: 000000000000330f RDI: 0000000000000004
[ 1118.286972][T16530] RBP: 00007fda59190090 R08: 0000000000000000 R09: 0000000000000000
[ 1118.286984][T16530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1118.286996][T16530] R13: 0000000000000000 R14: 00007fda585b5fa0 R15: 00007ffe4ad067f8
[ 1118.287041][T16530]  </TASK>
[ 1118.287050][T16530] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1118.300094][ T5820] usbhid 6-1:0.0: can't add hid device: -71
[ 1118.391120][ T5828] Bluetooth: hci3: command 0xfc11 tx timeout
[ 1118.400076][ T8889] usb 5-1: USB disconnect, device number 30
[ 1118.410321][ T5821] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[ 1119.383867][ T5820] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1119.396846][ T5820] usb 6-1: USB disconnect, device number 13
[ 1122.795342][   T30] audit: type=1800 audit(1748244999.819:101): pid=16534 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.2467" name="/" dev="9p" ino=2 res=0 errno=0
[ 1122.932520][T16565] ip6t_rpfilter: unknown options
[ 1123.030357][T16555] netlink: 'syz.0.2470': attribute type 15 has an invalid length.
[ 1124.073363][T16555] netlink: 723 bytes leftover after parsing attributes in process `syz.0.2470'.
[ 1124.180334][ T5908] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[ 1124.375770][ T5908] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1124.404545][   T30] audit: type=1326 audit(1748245001.449:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16587 comm="syz.6.2479" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fda5838e969 code=0x0
[ 1124.408891][ T5908] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1124.497137][ T5908] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1124.516705][ T5908] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1124.586304][ T5908] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1124.654889][ T5908] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1124.696654][ T5908] usb 5-1: config 0 descriptor??
[ 1125.065188][T16597] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1125.078033][T16597] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2481'.
[ 1125.084301][ T6118] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1125.088644][T16597] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2481'.
[ 1126.113888][ T5908] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving
[ 1126.151125][ T5908] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1127.148688][ T5828] Bluetooth: hci3: command 0xfc11 tx timeout
[ 1127.156888][ T5821] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[ 1127.304808][ T5820] usb 5-1: USB disconnect, device number 31
[ 1127.693850][T16626] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[ 1128.559446][ T5908] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1128.644833][T16621] ip6t_rpfilter: unknown options
[ 1128.754238][ T5908] usb 6-1: too many configurations: 9, using maximum allowed: 8
[ 1128.766166][T16639] netlink: 'syz.0.2490': attribute type 15 has an invalid length.
[ 1128.802233][ T5908] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1128.809985][T16639] netlink: 723 bytes leftover after parsing attributes in process `syz.0.2490'.
[ 1128.820403][ T5908] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1128.820439][ T5908] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1128.855420][ T5908] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1128.872433][ T5908] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1129.165087][ T5908] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1129.174250][ T5908] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1129.251897][T16650] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2493'.
[ 1129.380154][T16651] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2493'.
[ 1129.949183][ T5908] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1130.160301][ T5908] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1130.184221][ T5908] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1130.202371][ T5908] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1130.251651][ T5908] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1130.323125][ T5908] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1130.340230][ T5908] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1130.380389][ T5908] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1130.428980][ T5908] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1130.464733][ T5908] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1130.484725][ T5908] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1130.495009][ T5908] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1130.510189][ T5908] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1130.532407][ T5908] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1131.086565][ T5908] usb 6-1: unable to read config index 7 descriptor/all
[ 1131.102668][ T5908] usb 6-1: can't read configurations, error -71
[ 1131.290827][T15905] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[ 1131.725550][T15905] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1131.744679][T15905] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1131.757447][T15905] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1131.771916][T15905] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1131.987353][T15905] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1132.018852][T15905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1132.286620][T15905] usb 1-1: config 0 descriptor??
[ 1132.749090][T15905] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving
[ 1132.774240][T15905] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[ 1135.456988][ T8889] usb 1-1: USB disconnect, device number 27
[ 1136.417488][T16709] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2506'.
[ 1136.898539][T16714] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2507'.
[ 1137.286346][T16725] loop6: detected capacity change from 0 to 524287999
[ 1137.433720][T16725] buffer_io_error: 6 callbacks suppressed
[ 1137.434416][T16725] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1138.186912][T16725] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1138.206986][T16725] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1138.217012][T16725] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1138.226415][T16725] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1138.237140][T16725] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1138.248675][T16725] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1138.259195][T16725] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1138.268928][T16725] ldm_validate_partition_table(): Disk read failed.
[ 1138.370348][T16740] Invalid logical block size (3)
[ 1138.779817][T16725] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1138.973796][T16746] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2512'.
[ 1139.136690][ T5858] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[ 1139.168025][T16725] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1139.208644][T16725] Dev loop6: unable to read RDB block 0
[ 1139.255364][T16725]  loop6: unable to read partition table
[ 1139.269819][T16725] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1139.654133][ T5858] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1139.702521][ T5858] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1140.013994][ T5858] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1140.589007][ T5858] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1140.796381][ T5858] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1141.283623][T16755] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1141.301264][ T5858] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1141.316718][ T5858] usb 5-1: config 0 descriptor??
[ 1142.477633][ T5858] usbhid 5-1:0.0: can't add hid device: -71
[ 1142.485924][ T5858] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1142.543977][ T5858] usb 5-1: USB disconnect, device number 32
[ 1144.909102][T16784] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1144.929455][T16784] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1145.082502][T16784] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1145.192665][T16784] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1146.791477][ T5821] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1146.950851][ T5821] Bluetooth: hci2: command 0x0405 tx timeout
[ 1147.110121][ T5821] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1147.270184][ T5821] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1147.306001][T16811] ip6t_rpfilter: unknown options
[ 1148.208936][T16813] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2532'.
[ 1148.480135][T16821] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1150.960204][T15449] usb 7-1: new full-speed USB device number 13 using dummy_hcd
[ 1151.135063][T15449] usb 7-1: device descriptor read/64, error -71
[ 1152.392309][T15449] usb 7-1: new full-speed USB device number 14 using dummy_hcd
[ 1152.409743][T16852] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2539'.
[ 1152.540098][T15449] usb 7-1: device descriptor read/64, error -71
[ 1152.670801][T15449] usb usb7-port1: attempt power cycle
[ 1153.570109][T15449] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[ 1153.609548][T15449] usb 7-1: device descriptor read/8, error -71
[ 1156.590314][T16889] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2550'.
[ 1157.719472][T16886] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2550'.
[ 1157.781936][T16902] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2555'.
[ 1158.422625][T16907] FAULT_INJECTION: forcing a failure.
[ 1158.422625][T16907] name failslab, interval 1, probability 0, space 0, times 0
[ 1158.514602][T15905] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1158.601562][T16907] CPU: 1 UID: 0 PID: 16907 Comm: syz.6.2556 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1158.601595][T16907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1158.601607][T16907] Call Trace:
[ 1158.601616][T16907]  <TASK>
[ 1158.601625][T16907]  dump_stack_lvl+0x189/0x250
[ 1158.601670][T16907]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1158.601695][T16907]  ? __pfx__printk+0x10/0x10
[ 1158.601730][T16907]  ? __pfx___might_resched+0x10/0x10
[ 1158.601763][T16907]  should_fail_ex+0x414/0x560
[ 1158.601790][T16907]  should_failslab+0xa8/0x100
[ 1158.601810][T16907]  __kmalloc_noprof+0xcb/0x4f0
[ 1158.601837][T16907]  ? sock_kmalloc+0xd6/0x160
[ 1158.601870][T16907]  sock_kmalloc+0xd6/0x160
[ 1158.601901][T16907]  af_alg_alloc_areq+0x8d/0x260
[ 1158.601925][T16907]  aead_recvmsg+0x55b/0x1620
[ 1158.601948][T16907]  ? ima_match_policy+0x10b/0x2150
[ 1158.602002][T16907]  ? __pfx_aead_recvmsg+0x10/0x10
[ 1158.602025][T16907]  ? process_measurement+0x3d8/0x1a40
[ 1158.602050][T16907]  ? __pfx_cgroup_rstat_updated+0x10/0x10
[ 1158.602076][T16907]  ? ima_match_policy+0x10b/0x2150
[ 1158.602121][T16907]  ? rcu_is_watching+0x15/0xb0
[ 1158.602167][T16907]  ? __lock_acquire+0xaac/0xd20
[ 1158.602203][T16907]  ? __lock_acquire+0xaac/0xd20
[ 1158.602246][T16907]  ? is_bpf_text_address+0x26/0x2b0
[ 1158.602277][T16907]  ? is_bpf_text_address+0x292/0x2b0
[ 1158.602299][T16907]  ? is_bpf_text_address+0x26/0x2b0
[ 1158.602326][T16907]  ? kernel_text_address+0xa5/0xe0
[ 1158.602350][T16907]  ? __kernel_text_address+0xd/0x40
[ 1158.602372][T16907]  ? unwind_get_return_address+0x4d/0x90
[ 1158.602393][T16907]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1158.602412][T16907]  ? arch_stack_walk+0xfc/0x150
[ 1158.602449][T16907]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1158.602468][T16907]  ? security_socket_recvmsg+0x7e/0x2e0
[ 1158.602489][T16907]  ? __pfx_aead_recvmsg+0x10/0x10
[ 1158.602511][T16907]  sock_recvmsg+0x22c/0x270
[ 1158.602538][T16907]  sock_read_iter+0x231/0x2f0
[ 1158.602570][T16907]  ? __pfx_sock_read_iter+0x10/0x10
[ 1158.602612][T16907]  ? bpf_lsm_file_permission+0x9/0x20
[ 1158.602633][T16907]  ? security_file_permission+0x75/0x290
[ 1158.602656][T16907]  ? rw_verify_area+0x258/0x650
[ 1158.602687][T16907]  aio_read+0x30e/0x470
[ 1158.602713][T16907]  ? __pfx_aio_read+0x10/0x10
[ 1158.602746][T16907]  ? __might_fault+0xb0/0x130
[ 1158.602788][T16907]  io_submit_one+0x6ec/0x1240
[ 1158.602816][T16907]  ? __lock_acquire+0xaac/0xd20
[ 1158.602847][T16907]  ? __pfx_io_submit_one+0x10/0x10
[ 1158.602876][T16907]  ? __might_fault+0xb0/0x130
[ 1158.602908][T16907]  ? __might_fault+0xb0/0x130
[ 1158.602930][T16907]  __se_sys_io_submit+0x185/0x2f0
[ 1158.602960][T16907]  ? __pfx___se_sys_io_submit+0x10/0x10
[ 1158.602983][T16907]  ? ksys_write+0x1f0/0x250
[ 1158.603019][T16907]  ? do_syscall_64+0xba/0x210
[ 1158.603048][T16907]  do_syscall_64+0xf6/0x210
[ 1158.603072][T16907]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1158.603091][T16907]  ? clear_bhb_loop+0x60/0xb0
[ 1158.603115][T16907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1158.603134][T16907] RIP: 0033:0x7fda5838e969
[ 1158.603152][T16907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1158.603168][T16907] RSP: 002b:00007fda59190038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[ 1158.603189][T16907] RAX: ffffffffffffffda RBX: 00007fda585b5fa0 RCX: 00007fda5838e969
[ 1158.603204][T16907] RDX: 0000200000001440 RSI: 000000000000027f RDI: 00007fda5916b000
[ 1158.603217][T16907] RBP: 00007fda59190090 R08: 0000000000000000 R09: 0000000000000000
[ 1158.603229][T16907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1158.603241][T16907] R13: 0000000000000000 R14: 00007fda585b5fa0 R15: 00007ffe4ad067f8
[ 1158.603274][T16907]  </TASK>
[ 1159.276598][T15905] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1159.315731][T15905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1159.327233][T15905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1159.338726][T15905] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1159.359013][T15905] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1159.440513][T15905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1159.838782][T15905] usb 5-1: config 0 descriptor??
[ 1160.078230][T16919] ip6t_rpfilter: unknown options
[ 1160.804841][T15905] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving
[ 1160.829674][T15905] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1163.771903][ T5858] usb 5-1: reset high-speed USB device number 33 using dummy_hcd
[ 1164.211201][T16941] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1165.540908][ T5908] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1165.642170][   T10] usb 5-1: USB disconnect, device number 33
[ 1165.692229][T16951] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1165.698494][T16951] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1165.704880][T16951] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1165.711066][T16951] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1165.805681][ T5908] usb 6-1: Using ep0 maxpacket: 8
[ 1165.823930][ T5908] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[ 1165.838255][ T5908] usb 6-1: config 179 has no interface number 0
[ 1165.846949][ T5908] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1165.858490][ T5908] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1165.878395][ T5908] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 20, changing to 8
[ 1165.900492][ T5908] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 57696, setting to 1024
[ 1165.915785][ T5908] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1165.955704][ T5908] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1165.985656][ T5908] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1166.022653][T16945] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1166.102179][T16962] FAULT_INJECTION: forcing a failure.
[ 1166.102179][T16962] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1166.115980][T16962] CPU: 0 UID: 0 PID: 16962 Comm: syz.6.2571 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1166.116006][T16962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1166.116018][T16962] Call Trace:
[ 1166.116026][T16962]  <TASK>
[ 1166.116034][T16962]  dump_stack_lvl+0x189/0x250
[ 1166.116070][T16962]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1166.116096][T16962]  ? __pfx__printk+0x10/0x10
[ 1166.116140][T16962]  should_fail_ex+0x414/0x560
[ 1166.116167][T16962]  _copy_to_user+0x31/0xb0
[ 1166.116197][T16962]  simple_read_from_buffer+0xe1/0x170
[ 1166.116232][T16962]  proc_fail_nth_read+0x1df/0x250
[ 1166.116257][T16962]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1166.116281][T16962]  ? rw_verify_area+0x258/0x650
[ 1166.116306][T16962]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1166.116328][T16962]  vfs_read+0x200/0x980
[ 1166.116360][T16962]  ? __pfx___mutex_lock+0x10/0x10
[ 1166.116387][T16962]  ? __pfx_vfs_read+0x10/0x10
[ 1166.116414][T16962]  ? __fget_files+0x2a/0x420
[ 1166.116439][T16962]  ? __fget_files+0x3a0/0x420
[ 1166.116454][T16962]  ? __fget_files+0x2a/0x420
[ 1166.116484][T16962]  ksys_read+0x145/0x250
[ 1166.116513][T16962]  ? __pfx_ksys_read+0x10/0x10
[ 1166.116544][T16962]  ? do_syscall_64+0xba/0x210
[ 1166.116574][T16962]  do_syscall_64+0xf6/0x210
[ 1166.116598][T16962]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1166.116617][T16962]  ? clear_bhb_loop+0x60/0xb0
[ 1166.116639][T16962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1166.116656][T16962] RIP: 0033:0x7fda5838d37c
[ 1166.116674][T16962] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1166.116700][T16962] RSP: 002b:00007fda5916f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1166.116722][T16962] RAX: ffffffffffffffda RBX: 00007fda585b6080 RCX: 00007fda5838d37c
[ 1166.116736][T16962] RDX: 000000000000000f RSI: 00007fda5916f0a0 RDI: 0000000000000009
[ 1166.116749][T16962] RBP: 00007fda5916f090 R08: 0000000000000000 R09: 0000000000000000
[ 1166.116761][T16962] R10: 9200000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1166.116774][T16962] R13: 0000000000000000 R14: 00007fda585b6080 R15: 00007ffe4ad067f8
[ 1166.116808][T16962]  </TASK>
[ 1166.421088][ T5821] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[ 1166.426088][T16945] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1166.570039][T16945] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1167.244352][ T5820] usb 6-1: USB disconnect, device number 16
[ 1167.244369][    C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1167.259028][    C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1167.268704][    C0] ==================================================================
[ 1167.270120][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1167.276999][    C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23d/0x290
[ 1167.277029][    C0] Read of size 4 at addr ffff88805a02a85c by task syz-executor/11817
[ 1167.277046][    C0] 
[ 1167.277056][    C0] CPU: 0 UID: 0 PID: 11817 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1167.277079][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1167.277091][    C0] Call Trace:
[ 1167.277099][    C0]  <IRQ>
[ 1167.277107][    C0]  dump_stack_lvl+0x189/0x250
[ 1167.277130][    C0]  ? __virt_addr_valid+0x18c/0x540
[ 1167.277153][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1167.277177][    C0]  ? __kasan_check_byte+0x12/0x40
[ 1167.277204][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1167.277226][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1167.277251][    C0]  ? lock_release+0x4b/0x3e0
[ 1167.277277][    C0]  ? __virt_addr_valid+0x18c/0x540
[ 1167.277299][    C0]  ? __virt_addr_valid+0x469/0x540
[ 1167.277318][    C0]  print_report+0xb4/0x290
[ 1167.277337][    C0]  ? do_raw_spin_lock+0x23d/0x290
[ 1167.277363][    C0]  kasan_report+0x118/0x150
[ 1167.277388][    C0]  ? do_raw_spin_lock+0x23d/0x290
[ 1167.277408][    C0]  do_raw_spin_lock+0x23d/0x290
[ 1167.277425][    C0]  ? __wake_up_common_lock+0x2f/0x1f0
[ 1167.277444][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1167.277466][    C0]  _raw_spin_lock_irqsave+0xb3/0xf0
[ 1167.277484][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 1167.277502][    C0]  ? kcov_remote_stop+0x78/0x6d0
[ 1167.277523][    C0]  __wake_up_common_lock+0x2f/0x1f0
[ 1167.277544][    C0]  __usb_hcd_giveback_urb+0x4d7/0x690
[ 1167.277562][    C0]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[ 1167.277580][    C0]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[ 1167.277599][    C0]  ? usb_hcd_giveback_urb+0x10e/0x420
[ 1167.277616][    C0]  dummy_timer+0x862/0x4550
[ 1167.277651][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1167.277668][    C0]  ? __lock_acquire+0xaac/0xd20
[ 1167.277697][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1167.277721][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1167.277743][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1167.277764][    C0]  __hrtimer_run_queues+0x52c/0xc60
[ 1167.277794][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1167.277815][    C0]  ? read_tsc+0x9/0x20
[ 1167.277837][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[ 1167.277863][    C0]  hrtimer_run_softirq+0x187/0x2b0
[ 1167.277887][    C0]  handle_softirqs+0x283/0x870
[ 1167.277910][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[ 1167.277934][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1167.277958][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[ 1167.277979][    C0]  __irq_exit_rcu+0xca/0x1f0
[ 1167.278001][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[ 1167.278026][    C0]  irq_exit_rcu+0x9/0x30
[ 1167.278047][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1167.278067][    C0]  </IRQ>
[ 1167.278073][    C0]  <TASK>
[ 1167.278080][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1167.278098][    C0] RIP: 0010:check_preemption_disabled+0x6/0x120
[ 1167.278120][    C0] Code: c7 c6 e0 22 c1 8b eb 1c 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 56 53 <48> 83 ec 10 65 48 8b 05 4e ee 22 07 48 89 44 24 08 65 8b 05 56 ee
[ 1167.278136][    C0] RSP: 0018:ffffc9000b426e48 EFLAGS: 00000283
[ 1167.278153][    C0] RAX: 0000000000000000 RBX: ffffc9000b427001 RCX: 2249928eafcb2200
[ 1167.278167][    C0] RDX: ffffffff900c1501 RSI: ffffffff8bc122e0 RDI: ffffffff8bc122a0
[ 1167.278179][    C0] RBP: dffffc0000000000 R08: ffffc9000b427027 R09: 0000000000000000
[ 1167.278191][    C0] R10: ffffc9000b427018 R11: fffff52001684e05 R12: ffffc9000b427418
[ 1167.278203][    C0] R13: ffffffff8171ca05 R14: ffffffff8df3dee0 R15: ffffffff8171ca05
[ 1167.278216][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1167.278234][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1167.278258][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1167.278275][    C0]  rcu_is_watching+0x15/0xb0
[ 1167.278297][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1167.278314][    C0]  lock_release+0x4b/0x3e0
[ 1167.278335][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1167.278360][    C0]  unwind_next_frame+0x19a9/0x2390
[ 1167.278381][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1167.278399][    C0]  ? pte_alloc_one+0x6d/0x160
[ 1167.278418][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1167.278435][    C0]  arch_stack_walk+0x11c/0x150
[ 1167.278457][    C0]  ? __pte_alloc+0x25/0x160
[ 1167.278476][    C0]  stack_trace_save+0x9c/0xe0
[ 1167.278492][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1167.278513][    C0]  kasan_save_track+0x3e/0x80
[ 1167.278533][    C0]  ? kasan_save_track+0x3e/0x80
[ 1167.278552][    C0]  ? __kasan_slab_alloc+0x6c/0x80
[ 1167.278572][    C0]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1167.278594][    C0]  ? ptlock_alloc+0x20/0x70
[ 1167.278608][    C0]  ? pte_alloc_one+0x6d/0x160
[ 1167.278642][    C0]  __kasan_slab_alloc+0x6c/0x80
[ 1167.278665][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1167.278686][    C0]  ? ptlock_alloc+0x20/0x70
[ 1167.278703][    C0]  ptlock_alloc+0x20/0x70
[ 1167.278717][    C0]  pte_alloc_one+0x6d/0x160
[ 1167.278735][    C0]  __pte_alloc+0x25/0x160
[ 1167.278753][    C0]  copy_pmd_range+0x6903/0x7000
[ 1167.278776][    C0]  ? __pfx_mas_destroy+0x10/0x10
[ 1167.278798][    C0]  ? __pfx_copy_pmd_range+0x10/0x10
[ 1167.278822][    C0]  copy_page_range+0x95c/0xd40
[ 1167.278847][    C0]  ? __pfx_copy_page_range+0x10/0x10
[ 1167.278867][    C0]  ? copy_mm+0x1221/0x2160
[ 1167.278885][    C0]  ? up_write+0x1c4/0x420
[ 1167.278900][    C0]  ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10
[ 1167.278922][    C0]  copy_mm+0x126a/0x2160
[ 1167.278945][    C0]  ? __pfx_copy_mm+0x10/0x10
[ 1167.278959][    C0]  ? do_raw_spin_lock+0x121/0x290
[ 1167.278981][    C0]  ? __init_rwsem+0x122/0x160
[ 1167.278998][    C0]  ? copy_signal+0x50b/0x630
[ 1167.279014][    C0]  ? copy_process+0x978/0x3b80
[ 1167.279028][    C0]  copy_process+0x16d3/0x3b80
[ 1167.279047][    C0]  ? copy_process+0x978/0x3b80
[ 1167.279069][    C0]  ? __pfx_copy_process+0x10/0x10
[ 1167.279089][    C0]  kernel_clone+0x224/0x7f0
[ 1167.279107][    C0]  ? __pfx_kernel_clone+0x10/0x10
[ 1167.279127][    C0]  ? irqentry_exit+0x74/0x90
[ 1167.279148][    C0]  __x64_sys_clone+0x18b/0x1e0
[ 1167.279167][    C0]  ? __pfx___x64_sys_clone+0x10/0x10
[ 1167.279190][    C0]  ? do_user_addr_fault+0xc8a/0x1390
[ 1167.279215][    C0]  ? do_syscall_64+0xba/0x210
[ 1167.279236][    C0]  do_syscall_64+0xf6/0x210
[ 1167.279256][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1167.279274][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1167.279290][    C0] RIP: 0033:0x7fd12e3851d3
[ 1167.279306][    C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[ 1167.279320][    C0] RSP: 002b:00007ffe28b08868 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1167.279337][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd12e3851d3
[ 1167.279349][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1167.279367][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[ 1167.279377][    C0] R10: 000055555a17c7d0 R11: 0000000000000246 R12: 0000000000000000
[ 1167.279389][    C0] R13: 00000000000927c0 R14: 000000000011cab4 R15: 00007ffe28b08a00
[ 1167.279407][    C0]  </TASK>
[ 1167.279413][    C0] 
[ 1167.976930][    C0] Allocated by task 5908:
[ 1167.981265][    C0]  kasan_save_track+0x3e/0x80
[ 1167.986047][    C0]  __kasan_kmalloc+0x93/0xb0
[ 1167.990674][    C0]  __kmalloc_cache_noprof+0x230/0x3d0
[ 1167.996167][    C0]  xpad_probe+0x41c/0x1ed0
[ 1168.000611][    C0]  usb_probe_interface+0x641/0xbc0
[ 1168.005732][    C0]  really_probe+0x26d/0x9a0
[ 1168.010251][    C0]  __driver_probe_device+0x18c/0x2f0
[ 1168.015541][    C0]  driver_probe_device+0x4f/0x430
[ 1168.020604][    C0]  __device_attach_driver+0x2ce/0x530
[ 1168.026154][    C0]  bus_for_each_drv+0x24e/0x2e0
[ 1168.031003][    C0]  __device_attach+0x2b8/0x400
[ 1168.035768][    C0]  bus_probe_device+0x185/0x260
[ 1168.040967][    C0]  device_add+0x7b6/0xb50
[ 1168.045325][    C0]  usb_set_configuration+0x1a87/0x20e0
[ 1168.050795][    C0]  usb_generic_driver_probe+0x8d/0x150
[ 1168.056268][    C0]  usb_probe_device+0x1c1/0x390
[ 1168.061130][    C0]  really_probe+0x26d/0x9a0
[ 1168.065649][    C0]  __driver_probe_device+0x18c/0x2f0
[ 1168.070945][    C0]  driver_probe_device+0x4f/0x430
[ 1168.076076][    C0]  __device_attach_driver+0x2ce/0x530
[ 1168.081476][    C0]  bus_for_each_drv+0x24e/0x2e0
[ 1168.086596][    C0]  __device_attach+0x2b8/0x400
[ 1168.091365][    C0]  bus_probe_device+0x185/0x260
[ 1168.096220][    C0]  device_add+0x7b6/0xb50
[ 1168.100560][    C0]  usb_new_device+0xa39/0x16c0
[ 1168.105334][    C0]  hub_event+0x2941/0x4a00
[ 1168.109839][    C0]  process_scheduled_works+0xade/0x17a0
[ 1168.115411][    C0]  worker_thread+0x8a0/0xda0
[ 1168.120093][    C0]  kthread+0x711/0x8a0
[ 1168.124164][    C0]  ret_from_fork+0x4b/0x80
[ 1168.128593][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1168.133423][    C0] 
[ 1168.135748][    C0] Freed by task 5820:
[ 1168.139725][    C0]  kasan_save_track+0x3e/0x80
[ 1168.144407][    C0]  kasan_save_free_info+0x46/0x50
[ 1168.149438][    C0]  __kasan_slab_free+0x62/0x70
[ 1168.154246][    C0]  kfree+0x193/0x440
[ 1168.158232][    C0]  xpad_disconnect+0x350/0x480
[ 1168.162999][    C0]  usb_unbind_interface+0x26b/0x8f0
[ 1168.168202][    C0]  device_release_driver_internal+0x4d9/0x7c0
[ 1168.174385][    C0]  bus_remove_device+0x34d/0x410
[ 1168.179329][    C0]  device_del+0x511/0x8e0
[ 1168.183844][    C0]  usb_disable_device+0x3e9/0x8a0
[ 1168.188876][    C0]  usb_disconnect+0x330/0x910
[ 1168.193563][    C0]  hub_event+0x1cdb/0x4a00
[ 1168.198087][    C0]  process_scheduled_works+0xade/0x17a0
[ 1168.203642][    C0]  worker_thread+0x8a0/0xda0
[ 1168.208268][    C0]  kthread+0x711/0x8a0
[ 1168.212344][    C0]  ret_from_fork+0x4b/0x80
[ 1168.216767][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1168.221537][    C0] 
[ 1168.223873][    C0] The buggy address belongs to the object at ffff88805a02a800
[ 1168.223873][    C0]  which belongs to the cache kmalloc-1k of size 1024
[ 1168.238631][    C0] The buggy address is located 92 bytes inside of
[ 1168.238631][    C0]  freed 1024-byte region [ffff88805a02a800, ffff88805a02ac00)
[ 1168.252788][    C0] 
[ 1168.255128][    C0] The buggy address belongs to the physical page:
[ 1168.261539][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805a028800 pfn:0x5a028
[ 1168.271696][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1168.280194][    C0] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1168.288954][    C0] page_type: f5(slab)
[ 1168.292959][    C0] raw: 00fff00000000240 ffff88801a041dc0 ffffea0000a73610 ffffea0001df7610
[ 1168.301593][    C0] raw: ffff88805a028800 000000000010000f 00000000f5000000 0000000000000000
[ 1168.310189][    C0] head: 00fff00000000240 ffff88801a041dc0 ffffea0000a73610 ffffea0001df7610
[ 1168.318869][    C0] head: ffff88805a028800 000000000010000f 00000000f5000000 0000000000000000
[ 1168.327800][    C0] head: 00fff00000000003 ffffea0001680a01 00000000ffffffff 00000000ffffffff
[ 1168.336471][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1168.345334][    C0] page dumped because: kasan: bad access detected
[ 1168.351824][    C0] page_owner tracks the page as allocated
[ 1168.357551][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3479, tgid 3479 (kworker/u8:7), ts 91008920302, free_ts 28372681903
[ 1168.378590][    C0]  post_alloc_hook+0x1d8/0x230
[ 1168.383367][    C0]  get_page_from_freelist+0x21c7/0x22a0
[ 1168.389010][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1168.394993][    C0]  alloc_pages_mpol+0x232/0x4a0
[ 1168.399861][    C0]  allocate_slab+0x8a/0x3b0
[ 1168.404420][    C0]  ___slab_alloc+0xbfc/0x1480
[ 1168.409190][    C0]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[ 1168.415786][    C0]  kmalloc_reserve+0x136/0x290
[ 1168.420644][    C0]  __alloc_skb+0x142/0x2d0
[ 1168.425064][    C0]  br_info_notify+0x105/0x260
[ 1168.429748][    C0]  br_port_carrier_check+0x301/0x3f0
[ 1168.435047][    C0]  br_device_event+0x5fa/0x910
[ 1168.440339][    C0]  notifier_call_chain+0x1b3/0x3e0
[ 1168.445565][    C0]  netif_state_change+0x284/0x3a0
[ 1168.450622][    C0]  linkwatch_do_dev+0x117/0x170
[ 1168.455695][    C0]  __linkwatch_run_queue+0x56d/0x7e0
[ 1168.461007][    C0] page last free pid 1 tgid 1 stack trace:
[ 1168.466999][    C0]  __free_frozen_pages+0xb05/0xcd0
[ 1168.472302][    C0]  free_contig_range+0x159/0x440
[ 1168.477264][    C0]  destroy_args+0x86/0x460
[ 1168.481694][    C0]  debug_vm_pgtable+0x3cf/0x410
[ 1168.486727][    C0]  do_one_initcall+0x233/0x820
[ 1168.491502][    C0]  do_initcall_level+0x137/0x1f0
[ 1168.496530][    C0]  do_initcalls+0x69/0xd0
[ 1168.500861][    C0]  kernel_init_freeable+0x3d9/0x570
[ 1168.506062][    C0]  kernel_init+0x1d/0x1d0
[ 1168.510507][    C0]  ret_from_fork+0x4b/0x80
[ 1168.514956][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1168.519750][    C0] 
[ 1168.522100][    C0] Memory state around the buggy address:
[ 1168.527908][    C0]  ffff88805a02a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1168.536415][    C0]  ffff88805a02a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1168.544480][    C0] >ffff88805a02a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1168.552628][    C0]                                                     ^
[ 1168.559575][    C0]  ffff88805a02a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1168.567653][    C0]  ffff88805a02a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1168.575940][    C0] ==================================================================
[ 1168.584121][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1168.591530][    C0] CPU: 0 UID: 0 PID: 11817 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1168.603858][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1168.614005][    C0] Call Trace:
[ 1168.617301][    C0]  <IRQ>
[ 1168.620152][    C0]  dump_stack_lvl+0x99/0x250
[ 1168.624932][    C0]  ? __asan_memcpy+0x40/0x70
[ 1168.629535][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1168.634844][    C0]  ? __pfx__printk+0x10/0x10
[ 1168.639571][    C0]  panic+0x2db/0x790
[ 1168.643516][    C0]  ? __pfx_panic+0x10/0x10
[ 1168.647960][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1168.653953][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1168.660464][    C0]  ? print_memory_metadata+0x314/0x400
[ 1168.666020][    C0]  ? do_raw_spin_lock+0x23d/0x290
[ 1168.671058][    C0]  check_panic_on_warn+0x89/0xb0
[ 1168.676098][    C0]  ? do_raw_spin_lock+0x23d/0x290
[ 1168.681126][    C0]  end_report+0x78/0x160
[ 1168.685386][    C0]  kasan_report+0x129/0x150
[ 1168.689898][    C0]  ? do_raw_spin_lock+0x23d/0x290
[ 1168.694937][    C0]  do_raw_spin_lock+0x23d/0x290
[ 1168.699816][    C0]  ? __wake_up_common_lock+0x2f/0x1f0
[ 1168.705202][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1168.710671][    C0]  _raw_spin_lock_irqsave+0xb3/0xf0
[ 1168.715970][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 1168.722056][    C0]  ? kcov_remote_stop+0x78/0x6d0
[ 1168.727123][    C0]  __wake_up_common_lock+0x2f/0x1f0
[ 1168.732525][    C0]  __usb_hcd_giveback_urb+0x4d7/0x690
[ 1168.738013][    C0]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[ 1168.743921][    C0]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[ 1168.749825][    C0]  ? usb_hcd_giveback_urb+0x10e/0x420
[ 1168.755463][    C0]  dummy_timer+0x862/0x4550
[ 1168.759992][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1168.765542][    C0]  ? __lock_acquire+0xaac/0xd20
[ 1168.770508][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1168.775495][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1168.780444][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1168.785400][    C0]  __hrtimer_run_queues+0x52c/0xc60
[ 1168.790702][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1168.796521][    C0]  ? read_tsc+0x9/0x20
[ 1168.800602][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[ 1168.806617][    C0]  hrtimer_run_softirq+0x187/0x2b0
[ 1168.811745][    C0]  handle_softirqs+0x283/0x870
[ 1168.816606][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[ 1168.821379][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1168.826854][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[ 1168.832163][    C0]  __irq_exit_rcu+0xca/0x1f0
[ 1168.836773][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[ 1168.841989][    C0]  irq_exit_rcu+0x9/0x30
[ 1168.846244][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1168.851889][    C0]  </IRQ>
[ 1168.854860][    C0]  <TASK>
[ 1168.857796][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1168.863788][    C0] RIP: 0010:check_preemption_disabled+0x6/0x120
[ 1168.870128][    C0] Code: c7 c6 e0 22 c1 8b eb 1c 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 56 53 <48> 83 ec 10 65 48 8b 05 4e ee 22 07 48 89 44 24 08 65 8b 05 56 ee
[ 1168.889915][    C0] RSP: 0018:ffffc9000b426e48 EFLAGS: 00000283
[ 1168.895999][    C0] RAX: 0000000000000000 RBX: ffffc9000b427001 RCX: 2249928eafcb2200
[ 1168.903975][    C0] RDX: ffffffff900c1501 RSI: ffffffff8bc122e0 RDI: ffffffff8bc122a0
[ 1168.911951][    C0] RBP: dffffc0000000000 R08: ffffc9000b427027 R09: 0000000000000000
[ 1168.920077][    C0] R10: ffffc9000b427018 R11: fffff52001684e05 R12: ffffc9000b427418
[ 1168.928158][    C0] R13: ffffffff8171ca05 R14: ffffffff8df3dee0 R15: ffffffff8171ca05
[ 1168.936151][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1168.941281][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1168.946408][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1168.951527][    C0]  rcu_is_watching+0x15/0xb0
[ 1168.956131][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1168.961246][    C0]  lock_release+0x4b/0x3e0
[ 1168.965671][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1168.970872][    C0]  unwind_next_frame+0x19a9/0x2390
[ 1168.976078][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1168.981194][    C0]  ? pte_alloc_one+0x6d/0x160
[ 1168.985877][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1168.992038][    C0]  arch_stack_walk+0x11c/0x150
[ 1168.996837][    C0]  ? __pte_alloc+0x25/0x160
[ 1169.001351][    C0]  stack_trace_save+0x9c/0xe0
[ 1169.006039][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1169.011419][    C0]  kasan_save_track+0x3e/0x80
[ 1169.016205][    C0]  ? kasan_save_track+0x3e/0x80
[ 1169.021072][    C0]  ? __kasan_slab_alloc+0x6c/0x80
[ 1169.026110][    C0]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1169.031754][    C0]  ? ptlock_alloc+0x20/0x70
[ 1169.036262][    C0]  ? pte_alloc_one+0x6d/0x160
[ 1169.040960][    C0]  __kasan_slab_alloc+0x6c/0x80
[ 1169.045995][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1169.051497][    C0]  ? ptlock_alloc+0x20/0x70
[ 1169.056108][    C0]  ptlock_alloc+0x20/0x70
[ 1169.060437][    C0]  pte_alloc_one+0x6d/0x160
[ 1169.064944][    C0]  __pte_alloc+0x25/0x160
[ 1169.069455][    C0]  copy_pmd_range+0x6903/0x7000
[ 1169.074346][    C0]  ? __pfx_mas_destroy+0x10/0x10
[ 1169.079327][    C0]  ? __pfx_copy_pmd_range+0x10/0x10
[ 1169.084600][    C0]  copy_page_range+0x95c/0xd40
[ 1169.089434][    C0]  ? __pfx_copy_page_range+0x10/0x10
[ 1169.094744][    C0]  ? copy_mm+0x1221/0x2160
[ 1169.099170][    C0]  ? up_write+0x1c4/0x420
[ 1169.103503][    C0]  ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10
[ 1169.110494][    C0]  copy_mm+0x126a/0x2160
[ 1169.114751][    C0]  ? __pfx_copy_mm+0x10/0x10
[ 1169.119345][    C0]  ? do_raw_spin_lock+0x121/0x290
[ 1169.124475][    C0]  ? __init_rwsem+0x122/0x160
[ 1169.129329][    C0]  ? copy_signal+0x50b/0x630
[ 1169.133920][    C0]  ? copy_process+0x978/0x3b80
[ 1169.138683][    C0]  copy_process+0x16d3/0x3b80
[ 1169.143362][    C0]  ? copy_process+0x978/0x3b80
[ 1169.148225][    C0]  ? __pfx_copy_process+0x10/0x10
[ 1169.153277][    C0]  kernel_clone+0x224/0x7f0
[ 1169.157785][    C0]  ? __pfx_kernel_clone+0x10/0x10
[ 1169.162992][    C0]  ? irqentry_exit+0x74/0x90
[ 1169.167592][    C0]  __x64_sys_clone+0x18b/0x1e0
[ 1169.172365][    C0]  ? __pfx___x64_sys_clone+0x10/0x10
[ 1169.177720][    C0]  ? do_user_addr_fault+0xc8a/0x1390
[ 1169.183032][    C0]  ? do_syscall_64+0xba/0x210
[ 1169.187716][    C0]  do_syscall_64+0xf6/0x210
[ 1169.192230][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1169.197044][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1169.202939][    C0] RIP: 0033:0x7fd12e3851d3
[ 1169.207412][    C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[ 1169.227196][    C0] RSP: 002b:00007ffe28b08868 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1169.235706][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd12e3851d3
[ 1169.243687][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1169.251662][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[ 1169.259668][    C0] R10: 000055555a17c7d0 R11: 0000000000000246 R12: 0000000000000000
[ 1169.268163][    C0] R13: 00000000000927c0 R14: 000000000011cab4 R15: 00007ffe28b08a00
[ 1169.276219][    C0]  </TASK>
[ 1169.279605][    C0] Kernel Offset: disabled
[ 1169.283928][    C0] Rebooting in 86400 seconds..