last executing test programs:

24.646126138s ago: executing program 1 (id=438):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x3, 0x2, 0x0, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000440)={@flat=@weak_binder={0x77622a85, 0x1000, 0x2}, @flat=@binder={0x73622a85, 0xa, 0x1}, @flat=@binder={0x73622a85, 0x1000}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x2, 0x1000000, &(0x7f0000000880)="c0e4"})
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000040)={0x200000000000001}, 0x8)
sendto$inet6(r4, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000005440)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)='+', 0x1}], 0x1}}], 0x1, 0x400c404)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0)={0x200000, 0x200000, 0x80000000, 0x0, 0x0, 0x8})
sendmmsg$inet6(r4, &(0x7f0000003640)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000140)="af", 0x1}], 0x1}}], 0x1, 0x4040005)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x369040, 0x0)

22.694402071s ago: executing program 1 (id=445):
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
r0 = syz_io_uring_setup(0xed1, &(0x7f0000000400)={0x0, 0x586d, 0x10300, 0xfffffffe, 0x103}, &(0x7f00000005c0)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000834752b20aab8cf59d4bad3c0000000850000000e000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x25}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xb, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0xfffffffd)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
io_setup(0x222, 0x0)
r7 = creat(0x0, 0x0)
r8 = socket(0x10, 0x3, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, &(0x7f0000000080)={<r9=>r4})
signalfd4(r9, &(0x7f00000000c0)={[0x3]}, 0x8, 0x80800)
bind$netlink(r8, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r8, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
connect$netlink(r8, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
gettid()
sendmmsg$inet(r4, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
io_uring_enter(r0, 0xa3d, 0x0, 0x0, 0x0, 0xff39)

14.083331576s ago: executing program 0 (id=457):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0xfffffffffffffca1}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
io_setup(0x8, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/seq/clients\x00', 0x0, 0x0)
read$char_usb(r4, &(0x7f0000000000)=""/38, 0x26)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000140)=0x8)
setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000000)={r5, 0xe, 0x80000000, 0x2e8a}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0x2})
r6 = syz_open_procfs(0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
socket(0x1e, 0x4, 0x0)
r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x183081, 0x0)
close(r7)
syz_open_procfs(0x0, 0x0)
read$FUSE(r6, 0x0, 0x0)
fchdir(0xffffffffffffffff)
write$cgroup_int(r0, &(0x7f0000000000)=0xb00, 0x12)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg$inet(r8, &(0x7f0000000280)=[{{&(0x7f0000000040)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x25}}, 0x10, 0x0}}], 0x1, 0x20000000)

12.875469715s ago: executing program 3 (id=460):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x25, &(0x7f00000000c0))
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000040)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000e01f00ffdbdf250c00000018000180140002006261746164765f736c6176655f300000140003"], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000000)={0x1})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x26, &(0x7f0000000100)={0x1, 0x0, 0x200000000})
close(r0)

12.613812396s ago: executing program 1 (id=461):
unshare(0x2c020400)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) (async)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r1 = open_tree(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x89101)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000008300)={r1}, 0x4)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) (async)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='mountstats\x00')
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x50, 0x18, &(0x7f00000002c0)={@flat=@weak_handle={0x77682a85, 0x1000, 0x1}, @fd={0x66642a85, 0x0, r6}, @fda={0x66646185, 0x2, 0x1, 0x3c}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) (async)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) (async)
r7 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
ioctl$FS_IOC_RESVSP(r7, 0x40305828, &(0x7f00000007c0)={0x0, 0x4, 0x939, 0x2}) (async)
r8 = socket(0x1e, 0x4, 0x0) (async)
r9 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r9, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1c0000004a008102e0", 0x9}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe", 0x13}], 0x2, 0x0, 0x0, 0x10}, 0x0)
r10 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r10, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r8, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

12.314753973s ago: executing program 0 (id=462):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @remote, 0xb}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e200e22"], 0x0)
r1 = socket(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'macvlan0\x00'})
ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000140)=0xffbfffc0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x24008050}, 0x20008000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040800)
socket(0x10, 0x803, 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
syz_emit_ethernet(0x7e, &(0x7f0000000300)={@random="2f5b02cb75db", @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x48, 0x11, 0x0, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {[], {0x4e20, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x1, "88c73b21f267636d01dbe5712c1c941e1cdafbbb43f09c70", "e13808ca72381f41e5fff9620915b6f78670dfaf9a2038083179cf6b7931c9b4"}}}}}}}, 0x0)

12.215056654s ago: executing program 2 (id=463):
setreuid(0xee01, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0', [], 0xa, "1f411d2552ad52cb07410969e814977e4f2c4a80522094786c8673fb61cf8b86bda4de504f5a3c7c04055f1f70e4064d46b2bb9e5100d446bb6a"}, 0x2)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='\t'], 0x28)
close(r0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_open_procfs$namespace(r1, &(0x7f0000000180)='ns/time_for_children\x00')

12.106037355s ago: executing program 0 (id=464):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
getpgid(0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x14, 0xffffffffffffffff}]}, &(0x7f0000000080)='syzkaller\x00'}, 0xfffffffffffffff2)
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000021c0), 0x181000)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0xc0a85320, &(0x7f0000000c40)={{0x80}, 'port0\x00', 0x0, 0x100c40, 0x5, 0x6, 0x2, 0x40, 0x3, 0x0, 0x1, 0x5})
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r2, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x28, 0x1b1878, 0x4, 0x2, 0x3e4, 0x0, 0x4, 0x0, 0x7, 0x3})
close(r1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {<r3=>0xffffffffffffffff}}, './file1\x00'})
mount$9p_rdma(&(0x7f0000000300), &(0x7f0000000080)='./file1\x00', &(0x7f0000000240), 0x6400, &(0x7f0000000100)={'trans=rdma,', {'port', 0x3d, 0x4e21}, 0x2c, {[], [{@obj_role={'obj_role', 0x3d, 'unconfined_u'}}, {@dont_appraise}, {@fowner_gt={'fowner>', 0xee00}}, {@context={'context', 0x3d, 'unconfined_u'}}, {@dont_measure}, {@fowner_eq={'fowner', 0x3d, r3}}, {@audit}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@obj_type={'obj_type', 0x3d, '%{+\x9fh+/(-]['}}]}})
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, &(0x7f0000000700)={[&(0x7f00000004c0)=',\x00', &(0x7f0000000500)='//\x00', &(0x7f0000000540)='&\'.\xad,^%,-!:\',!\\\x00']}, 0x0)

12.025230176s ago: executing program 2 (id=465):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044940, &(0x7f0000001fc0))
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002640)=@newtaction={0xa58, 0x30, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [{0x840, 0x1, [@m_ipt={0x270, 0x17, 0x0, 0x0, {{0x8}, {0x1b4, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xeb, 0x6, {0x0, 'raw\x00', 0xe, 0xb3, "01df771ed4aa468d466490bb6d3a762752b0276450737133d354ea68c13a92efe99064741e04d8a20e194e30a60295d386bccda0f3007979597e6d03b954a8f914ba7b899f16c20d6d72edd9b6f52db88f3ba2e308499f6252662a51fa4b12868b58f75e27ec9103b8068b9b811e21bd2aa37e31ee1bb8e60ecb8155c8e19ea1c7fdbb9aa819059c61aa86c434a7c8da18ab573d7585bec9c1d4494956d182e7b35a526fd48659ab60beb8f339651c715661a36a876cce3dd7a98863f318caef99"}}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TARG={0x3d, 0x6, {0xff3b, 'nat\x00', 0x6a, 0xfff, "ec6c358b1b02688c45d6891b8d39befc710e9c"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x3ff}, @TCA_IPT_HOOK={0x8}]}, {0x95, 0x6, "33c428b1016ea0e62b6c917780554ec63a01a7382016d430730d1158d5469fa35f73d351ec348637d292a8c8699738644c304a14a0ca2e2c1422d9493ae361a88a61e76022334cc9eff1d9b15acf815ab9bf490688724773d3775e92953306fa3923bf0b3eb78ed4c4e43760fb360a12727f0000004fe4c5639595b4ce1706ccb85c9b5872240c31834297cfb06b7eaaa1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x90, 0x11, 0x0, 0x0, {{0x8}, {0x4}, {0x65, 0x6, "195244b493b69a109e343c48236a318aa067ccccb2000506f4e63246fce6276de9355aae82ccf014b3a51009a53cc597e7eec180e252560262d28e1340152b8389fc3dcbd1c60cbef5aa738a80d9582b7bf553a33208654c9b7b642eb56b8a9716"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ipt={0x170, 0x17, 0x0, 0x0, {{0x8}, {0xc0, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0x4}]}, {0x89, 0x6, "828d51b8c024f3ba75276291fd744bf1d83ac94c40f59c2d7aabe5cffe85cb1235f3e723c7a0ca6f1a15a0e38afac0bc7115796816162cbc6d09aea501ff36a46772ec7a3aa4d7c60363ff8f0eeda2f3eb8c435fb1d254244779da6c44c5dc30ed21a60df465ec395bc4d898dc7104dc47d809383d1d5431371c66f76842e2571bf73ce597"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x114, 0x18, 0x0, 0x0, {{0x8}, {0x78, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TARG={0x69, 0x6, {0x3, 'security\x00', 0x84, 0x8, "cf8102ab12c6b2198a413eaa65607ab7ca51ab206bef3fe70b20aa2e7aacfa341b2d9158773430366e3a48eb70679ab8b9759ebcd3b2636776df09c3eb7702"}}]}, {0x75, 0x6, "1d4af027bf39e92f2bc3b16061477612108c4de6dbb9dbc37f978e20a11849888f1cfa0d69961cc5b133c25b0a606d867918fd28cefd9936cea3c502ba83dbc878d09708660761105b2cb89c15f4eb2ff9ca07aba60aef01aab6097fa30bc52f5c31cbba441df32848abb9344a809a2a4c"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x13c, 0x11, 0x0, 0x0, {{0x8}, {0xe0, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xd9, 0x6, {0x2, 'mangle\x00', 0x1, 0x1, "26b28bee405c084d7d3004660f6902208128531e54ab5a1819783607be3e2e463fc401b2d641a72c11f6aea69efbc1dac1e8f34f762cbc8ee0231ffeebcb773de1e20df7f65c7029200a9570577fe540733523b10491dc5fda6c0091603360fb1b6019648c7b5ef50f8741b6670963cc5d8533f50c4a2cfbeda3e0ed5070ab41e44997bdda4c34c11413cb846041ef4060b9cb71e527a7dd8e4efb7877f6f37b7cd8648d2d22911f9fbfdd95b69e14"}}]}, {0x35, 0x6, "e7ba22f1ebc93a7960461c2acdaf1da6af842571f14f3b0700806b225899f9ba581b6cc401693affa591693a24cad555ae"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ipt={0x64, 0x20, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0x15, 0x6, "a0f801aae36e077609a01908bc70dd5a7c"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_ipt={0x118, 0x20, 0x0, 0x0, {{0x8}, {0x6c, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x55, 0x6, {0xfffa, 'nat\x00', 0x4, 0x8, "b112d50939750fa56623826275793a59f694cdc8bda79320bfe1d4c8997abe43daace6790afb2937cfb2e0"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x6}, @TCA_IPT_INDEX={0x8, 0x3, 0x6062ae06}]}, {0x85, 0x6, "080f497fef56763eb14339e04d8880b35d4fcb1f3ccd5757021fa31ef38a7d4c8fca4f32d5757fdee1a2aceaaeb6abdad810154a059435c356867b27c8df5015f90bffb81405bdefffef46fede1a8038897bb9fd967f32f04f15a8596894786759dc20093ddbffb2158f5c0591205638b11d518d459f3137f1349ab013b3b5732e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x97dd299ab8dc81d}}}}]}, {0xb0, 0x1, [@m_ipt={0xac, 0x3, 0x0, 0x0, {{0x8}, {0x74, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x6d, 0x6, {0x8, 'mangle\x00', 0x80, 0xa62, "07625db7849301f3c760230789043c3c5de12e22cc8e1f5f20c97ba14d907f5a3eae7673340356d1e624a3f315c4d0b1439a387605ebd024be5895e6659813581fe54a"}}]}, {0x14, 0x6, "e2ebd2e0185a4d308803e9306ec5d2b0"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}, {0x154, 0x1, [@m_ipt={0xdc, 0x6, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x4}]}, {0xa9, 0x6, "f5fcf6c5d281ac07391f35700b5786a70ee288211391aef6ec3378d7dd4a7c7445b8d3046ec059dd382a214deedda165d8663d562a47b1afb15557c5ceab4960c0442cc36ea1e65aa9650e7ac2c900fbb08da34b73b6b699463a47761daa69afd529deea7f5c97d3f950af23793139f4c0c3cea503bb9a23d2f7677c9bf150e350defce66ec3eccbaabb1e8f7fe7c49b9e91ecca113edb7f81da88a113c1065219a1d6062e"}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ipt={0x74, 0x1a, 0x0, 0x0, {{0x8}, {0x4}, {0x4b, 0x6, "4b6275823d714c9413915317da89818ccff96e8938cf0100000000000000c9bdc74a0a5b7f653980ed0af5c857ee3a0361bfe072c3d9c7043b1d027446cc8454c51cbd25fb61c2"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0xa58}}, 0x4008800)
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0)
write$binfmt_aout(r7, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x6, 0x6, 0x1, "42341f9b1000007e4f00"})
splice(0xffffffffffffffff, 0x0, r6, 0x0, 0x3, 0xb)

11.192433345s ago: executing program 3 (id=466):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000280), 0x400, 0x480)
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
openat$dir(0xffffffffffffff9c, 0x0, 0x101000, 0x108)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x7)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x12, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x10000, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x5, 0x10, 0x0, 0x0, 0x5f, 0x3, 0x0, 0xa6, 0x2, 0x5}, {0xfffffff9, 0x4004, 0x0, 0x0, 0x0, 0xf6, 0x1, 0x8, 0x4, 0xff, 0x4, 0x0, 0x800000000000000}, {0xffffff01, 0x35, 0x0, 0x0, 0x4, 0x5, 0x7, 0xfe, 0x5, 0x2, 0x0, 0x4}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)={{0x14, 0x10, 0x1, 0x0, 0x2000000}, [@NFT_MSG_NEWSET={0x30, 0x12, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}], {0x14}}, 0x58}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

9.665289671s ago: executing program 2 (id=467):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000000)=ANY=[], &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000a00)='.\x00', &(0x7f0000000040)='ocfs2\x00', 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
dup(r5)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000bc0)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00", @ANYBLOB="36edd96ea5271c6fd71592c3c484041d3aabcef05d3444f7f1b6cace057e95efc45da82c5fd0eaf19dff181f81d6d9545f9e3c1216e4542ca79f87a62f0657c507859b4785cbef639895cdd4368b88338c6c3786ae23d95eb51417c3474a0c89e167cd1649a1f90d3e3d460809c063efdfb1e3354c93935ee8e820741d30dcad2f96ccfd003e6998deecd8d3a1ac0ea5e8821b0c53de83885a8cf29d7f3e605cd93236eac649828a6fce148093448d09b7ed1c953637cb3da2eec2c7c47a7c86903f685ebcc214425015d2c52ada1a36e6b29b387cce4e62f90f97e636e686feb32ba239668fd7a4bcb5bdcfb68d412e949ab57d08068d1de1c93ddccfa50b570ab21478b36a0fcbbd67ce51e17bc57bce0d25aa1ff833db1bca41ff3de50769795605471c432ef3c1c5be55301d5e10da7e204a87f7da21750e4094613b37ba9c40dbe47951635e1f68fa60913c4ebc2da866d8941dcf66573fe1baabfabf5989911b15757c41450d64cbe6aa9c7396b782edf99fc2a1e21a6fa463b8437f73bb86ae9016f833f4c39cb559469de92abdae9cd24f9ec21b11d1b7dde83780180813cef00902abf6518c4107181eea19e154b39ad819f1c9e7dfe1d2f23e41faa2cb0b75681f33561005324bfaea7557d718185d2e550dd354a62e7223d827d32d06b0491616718940617cea2bca76d48aff7f4ff29f874e4a038193d8c2fe7014099b4dddbdacc81ea79a9af3e5491fff080ed2f1c43efffafd104c67bd69e0fec60d9f394e8111c61d62536cb7ecad6bd799e9d74db9a0bbd2e678fc85280230eec2d20441881f7dd284db40d3a1e60634db75f51b4eb1ab0b26b6e96d0e85a906170c00b08da67cea02a53eb017f90457817849ba7432fbd732d0653f8c38f460ae4dc98ab33ee1338f26399198de12f799c4746b24db944a43e5609d62f0b058f6219e3e025bb0dea6ed68716a0d84409a7d13e360610a684f895125a7cc80ae6afc3bd1272f062de7eb92552e20ac86015809fb7e1c3e307a507cd698a4eda315189b97edebc02c79cf1e317e0f5548130328999fcc1532fefc288c265007c1ea4598742af61d5e8314d865ccb55d309ed185a8fb4eb7e16e5e146f6bda5e6766cb9506068e15ccc23a2782f44f929aff8a6d87b17b205d03993af3b69fd80d110078aef1755578a29d063eb3bc9de56ccbd9925f69e8baae54804c2bab991bad8fe004e60c19795c0831afe8dd93cfb13604338ba871bde9408a451a9150099f9dbc78ad35f7ba2d62eec35066b615ab3644a3ac294d21c7f061714c351feddc1216d8ca43448fabd521ae5a8f9816318a3f6ea5599a929952e828caf49ea05610f955286ec5d64ffa25c5bc5f4e6ea70abfdcb4419faa919f2e12c9e9a75a1617503df041b8f389c0ed650155538a7664b75eb2febc770a62069f4a872324381d06d48ff058573a161b13a507a4ba5bc25e8a3d11d6fe307553195f6e8169a607f1b8ff0b54e92c68498ac642f376c49420a2d95b34433fe5134e55215643e415a1df10f1dc9d482f64b1c7419f585c039ffffd3b78d60c7a6005aec7c538334988855b7e108255a239ca6b2ab4a8ee9f531e03e1092ac6c4c69b90e7a3a06eea85864552c5d31156f877f38568e9f276eb76186808de3329e816c6805579e8af78ccc229fbd1fd07c40257526afb63d12d6489754f6b4695422f340396b023313acc1421449d37d702ff21cf4c2019a0ca6d872446f8a6b43ab2fdb1bffdbb7094731b96742ed0ca31c6f0dbe1401f8a827518858cfcd9e95e4f55b1ae49ac14a3b9ba63dd626572d371adcec8bea14c0066359a59a8e18c3cc2e026b60fb7979485b9443ebde9c3cb813a0bf482c2af036fd53d3bce3aa83fe12fb4e6098f602c0d8e9a87ae125d17925eab6969470caf40ab2624da9a71bb8b01cf028a9df577c9f61a9afcebe4df2dba0cf8640ab8f284d4125f7ee16a11a5a5ca921a7383a55aad18aecb64ed46baeb2381a32bdc71360166b0c86d4b4aae17cc9279e96b25dceb6de1aa7b39679cd26366c245c141d736abe4aa257d54f0aef16e178a44d51470a3efab7378452b0dc7d347e72765c67485df2edec21d1c9072d9ebbed61877a37fde735a95788a19b4c66a330014409c68b83b1f313b7dfb10c9bd5335624cb85c1438d1fa98b8dfeec8dfd3eb83481355f576b44d9a9d654c6e1fce9ba128d4fb70a8a30751f8222f955d19777448c759efcf5d17d5946be2660b9913edf3b18e31c58e270e4137823e5d6e47bfdf0c4a11911119fd611a82cfa1864de13f31047e5ef1b5846193a6895d4cfc7fb5dacd18cb723efe3f9c3b759e6bfb71f18f28fc8ce72af4d7e8984156af93257fb5e25cedb1783c9bdb416666b8ccbb8227dd03f8f7d1fc12efb624ee7c896b22186444ee24db3e1663989b9a0bce479d55462e394c5f48c01a63995cb6de63d9f679cdb5703913d512b16842326cadaa193a59f085d63910a2f95bcc61a94c31e0ab5e129c43ab3e0b6e2eae1aabcdd66a983ab543e43493d0660b2d8e8199ecc208c75acd132accbc759eeb110eb8976957f22d4db74cbc6db16c88bf9808294d1bf3175cdeb94fa9e22c50cdaeea8fdf3c87c09a8fdec6704c2385951c8805783d8a0bafed7763f2e5cbea7211007942e9ad7604e48aaa30e24071ee86b317d98aac5feb2d78658849b641f4e08239fa198a018e3dc0394b90bd384e6e6b472fcbf63635270c248bcea2d0b7dba1b4193d916e4bc80b9a4744aaae73680d67a94bb89e69b35cfee1f241c1e3f452613db3612fd30408f9225cfca653fe521bafb5c50fa35e04ed8aac7d0cdf5c3910f2a44532a3b6f4fef99454931fa4a2af10c903c73ccf8450dc347245378786379fc156d94b04df7ea1723173705c8203824e43603398d4e3843e7d967164950a90b1b33bd2133e379490bd851376d52c1d4886d1ef6bd4dd2e469d2a5ed80faca92c8e4eadd569d2046f4d5f51e2ee86f89777a7f2d50cdad7390976bbf86941628d755b0547a55651bbc49ed5f55914ce385f62c49f82f0f69f020e0c8faf88124a3350663d269a941da6cfb869294992e9e9e81964d22b1cb19c574b3b621cd56190855d436843a6c92b101776bbadfe2acfa288482a251c16e631fb54a73e6b27aaa953ee15efa56b508dbd63a92d2e557ed36ed244a43498fa68a1c5f0e143ab41ad3a9835ec86cb032da005dbeef24e91f6abdf52cf3f5ffa0d60db26ca8d14c1fb9839e274070123efcfa2a99e9ce3b07bb58a1b43173d0d3d41b7f9d74ab08790bf7b58ee461d9a3475d43e8b845d672375e6e851e8fcd2eff2c120ee6777390ba7287c76d68a12ffd3aa0aef58073e2b9158137441321e670b1eb8581f334dbb8b2769dc40e26698f755e52b4929e8436f301462ccf0a6d6ad8e8dc36cc165ac1a105befa26227c1a715b9fca30562902e1f8ccf7dc16e747da2f909851aaa8478f82b43773f373273d440db5a5f6c3f72d4a75b2872b49d2218effd96aca1d38612f25a085d88d5b7ae6b81c9178696d7cc539e385bad456e3f9ca347b9570d112e0b8f35f2d048d70d0c20ad3ae177d546bcc1bb289cba0941b9f42b83bddcbfb67a9914ea0d6d756e42d01645b22baef438c46748c207e32204e752fd13837fbe843d9f14e3613b93d2a98c0fc02beec469e29bc42a7a90aee43030c98f0bda69e4e1e53d90f193957031b76a3e75db2c7958ab49d0498659e2a9b1aee08a3071d7b4e772a58ec48d213ba6629380535f0aed1bbe79d8fd8d5f75ddfd65bb56ae67a9f28976b94c82bbab0cf2925418eeee8a353f8d859ab6c1622832530f6597f2913fca21bf566c29f2a0fdc19c5a84d3027d81b6f32adc15a269cfbb7287182bf816ed118a937c2dbd35f50f65730802e9f90a6b956467377eccfd67edd3fd67e8bcdf2b66ae98892e8d31a27172e4592741d2491c83392ae1823dc03fbb3e8a638be639b430c4efb81ffb264525e9dc96b0fb1b09c11dadadf7c1ef061ac4e4dd30b7d6806a8c4f333cd0d18155c463b9d6997d85262c751654cebdfbc423b0f0ae9ef2ca806b9dd77fc1c03aea2c392441e04af0ccba60fd457965d7afbea1805ace389feb30f87f8d622996154bb4eff2f5afe745be656beb2ef253fcac4d510bb6f2eeac3b19e4d34521dba13fff50a5c579687a6d70222245fe397d9464c514483e6030a4a61a69675de568780c33c35e322cde0fc54925eeb84cc3c36113e5e31aae4810085fcc51122ba29c7bf7e9bdc3be18203f997e9ba22976cef8a54c20cc12aa1e64db832f8d950d60cde4a92b53a909a7a10e4837b51a6a9d27d0677904bdf0c4158441ef7d33146299b2d53f845bcd20c28565c0cfac581744e4f338d0d3b82d9f76c57e57c7d36e631c38ddfd44c0073097ed94dee2b0615499aba7e25493324d23513645924181e56b184a59fb0b3a5fc95b3c9e80f164c64d0e4f4dbf5e0f8b7643f8a514cce78208c81cd51bc1ef174a7ca0e5a95499895403d656eb7b1867f27bac5ae117668ee9163530829d916c49ae6350fb448520e58d35b60dfeeb9f288c61bbd965f6ed0f0fe592c5ba124d58c84af18d56402df3a669ecf6baff4a6cacb96f0cabceb17cd25ebc173ba886e55c320c69d90a456d805f771040d3cb4c8b10efba1765592ee4d9a666c96c808d0dd73ef22dfff10daecaebaa153399420c0ad30f9f3da0a4521e6c2f9906677e53fd61054b3f5bb0a0e6c917d7faddf87b742642b55b013eef5fce353aefab6b742d6b2bc53a561ffb6344abdc4935bdc88f0650c70989966bf5c3668dbd14cf60117600d1cbe4705252ff8ac0faf37ec48182c36acdfb774929580fdd0bbc823833ffbfd9b0c4b2c09f9d40a81123541b4e223b6db85260ee805b7c17f12fbcc139a71e05c8563d8808ffb1ed3a68eb0a6f9e3a287eaa62c5d82683c85ee9e5a1f2396a97067747de47847ef5b291dabaf1e006d90b2f20e9555032b5206b369b9f0c6bb8f920bd32c44c6853558c592a7d0daea8d85beb32fac8f17db1f5ee918a4a6d4e7c2b6d762339d60b6f86e9f46bbca76b3932b46be0f6c9b9db7cbf30c55697d3005185886cccb53fa16533cf662804a2c636446e64a4e13717935c931d9d9d10ae004d5fbc7278539fcb2f9a01c3788b921f004a4f0c4d537e587ef57eaa70eeeedaf00f6fb2b42aa34156bede448a636b7eb9afd7adccaa8280583f932edbdbaeb2efb019fd103d7c8281018ffbd32d3cccfd90bde35d47d8a810e9f930d29cc252fe07d0d4eeaf641481f307cce89fea336f88e1040beb4d03c427a9ef8f9fefcbb8b21298849253d42ddd460605521a0f3f64b463466e0cfd0e7b9f9b359f625f32f63f41cb4b1c12e6e2f58024d247e336f26346eaf9bf9e3bbc7b795234c9bee920e907c6dd1dd982504d63af633b8c3a5309e8f3e959c74f34e5f913e7992dd81e57d7b1c8034828789fd10266847d23e34484085dc687c166dccf010ee734b7a4e574e5b503631f6c83d8b50369dce52605223be5d42cd806d9f4f0787d9fcdca35f92280ecc06489c88d49ae8e932c0f7c9f4cba9121945320e490c9be1c1ea079ee85c6887afbcc66d5e336dceca24e7e4f3700e8e7f6ae6dbac00d845bc861d468c0a67d9671a0ef4af7db2558bdf4cb3662abc434759269089db4835a86c1876cc406decbc745aa6c595d9a6614e20b2275904fd50d60dd05e0b516cccfdf01f40c579160195c9edb09edf2c24d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$TCFLSH(r7, 0x400455c8, 0x2)
ioctl$TIOCSETD(r7, 0x5412, 0x0)

8.838453502s ago: executing program 3 (id=469):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000180)={0x5, 0x0, {0x3, 0x0, 0x1, 0x1, 0x40}, 0x8})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)

8.143521397s ago: executing program 4 (id=470):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000180)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000200)={0x18, r1, 0x1, 0x0, &(0x7f0000000140)=[{0xfffffffffffffff9, 0xfffffffffffffffb}]})
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000240)={0x48, 0x2, r3, 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3dcf})

7.992554765s ago: executing program 2 (id=471):
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
setsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, 0x0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pipe2$9p(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r8, 0x4048aecb, &(0x7f0000000400)=ANY=[@ANYBLOB="0600000000000000000000c0ffffffff00000000ffffff7f0600000006000000010000000000000000000000000000007f0000c004000000000000001000000027000000070000000500000000000000000056cd3336f318a826fd36326fc042220000000000000b0000000800000000000000ffff0000ffffff7f05000000020000000000000000000000000000000b000000100000000100000007000000f40d000006000000010000800000000000000005000000000d000000bb020000000000000a0000000300dfff020000000004000000000000000000000000000000000080000100000000000002000000030000000100000003"])
ftruncate(r2, 0x80000001)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
shmget$private(0x0, 0x1000, 0x78000a42, &(0x7f0000ff2000/0x1000)=nil)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448cb, &(0x7f00000000c0)="1d6950d5ed9591fc92c7b53c510fc6b0549980ccfa920b900156e82ad4f2aba48783f1ec67e7e53202267539e7253351c35e9ff52c4411d61450e47f9fa43c55673633cdd9d3")

7.877691928s ago: executing program 0 (id=472):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4001c20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000001280)=@mangle={'mangle\x00', 0x8, 0x6, 0x5e0, 0x120, 0x0, 0x1f0, 0x1f0, 0x120, 0x510, 0x510, 0x510, 0x510, 0x510, 0x6, 0x0, {[{{@ipv6={@local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0xff000000, 0x0, 0xffffff00, 0xff000000], [0xff, 0xff, 0xff000000, 0xffffffff], 'ipvlan1\x00', 'ipvlan1\x00', {}, {}, 0x0, 0x9, 0x2, 0x2}, 0x0, 0xf8, 0x120, 0x0, {0x7a00000000000000}, [@inet=@rpfilter={{0x28}, {0x4}}, @common=@unspec=@connlabel={{0x28}, {0x4, 0x1}}]}, @HL={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x5002}}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@empty, @ipv4=@private=0xa010100, 0x0, 0x32, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@dev, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, 0xff}}}, {{@uncond, 0x0, 0x118, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x4}}, @common=@hbh={{0x48}, {0x101, 0x0, 0x1, [0x8, 0xc, 0x8001, 0x8, 0x5, 0x2, 0x9, 0x4, 0xfff4, 0xf7fd, 0x6, 0xfff8, 0x6, 0x1, 0x2, 0x9], 0x10}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x0, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x640)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x8, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4c}, 0x94)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r5=>r4, {0x1b01}}, './file0\x00'})
ioctl$TIOCGISO7816(r5, 0x80285442, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x7f, 0xef0, 0x80, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)

7.807525407s ago: executing program 1 (id=473):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$sndpcmp(&(0x7f0000001540), 0x1, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket$inet6(0xa, 0x3, 0x2c)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x3c1, 0x3, 0x538, 0x3a0, 0x150, 0x150, 0x0, 0xf8010000, 0x468, 0x238, 0x238, 0x468, 0x238, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_0\x00', 'hsr0\x00', {}, {}, 0x84}, 0x0, 0x338, 0x3a0, 0x0, {}, [@common=@inet=@sctp={{0x148}, {[], [], [], 0x2, [], 0x0, 0x4}}, @common=@inet=@sctp={{0x148}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @mcast1, [], [], 'batadv_slave_0\x00', 'veth1\x00'}, 0x0, 0xa8, 0xc8}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x598)
r3 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r3, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
sendmsg(r3, &(0x7f00000000c0)={0x0, 0x9588, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
pselect6(0x40, &(0x7f0000000340)={0xd, 0xa3cd, 0x6, 0x7, 0x5, 0x9, 0x5, 0x1}, 0x0, 0x0, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='blkio.bfq.io_service_bytes_recursive\x00', 0x26e1, 0x0)
close(r4)
close(0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f00000001c0)=[{0x0, 0x8, 0xc, 0x3}, {0x10000002, 0x0, 0xf, 0x6}, {0x4, 0x3, 0x1, 0xc}, {0x5, 0x3, 0xc, 0x5}, {0x1, 0x2, 0x10, 0x2}], 0x10, 0x4000000}, 0x94)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000006a000105fefdffffffdbdf25000000000000000008000a000200000088d24fd80e5c3dc3686299bd0ddda211e2b85407e65353cec58beb67e50e7328de7611cf5eb925dc3d6c14444f112e5f6a92e0e34008fd08331f0c949f1e00cefb4dac42f0967fb0cc48395377679635c049d8855ffb73c38619faebfd4c2904937e62ed9ec3d7c77fdd4a275faa112167f8eba08702be43d9ef2731437c02672e1f8e86880340f0a12a13e9feaa8fb2eab82d221b3db172207269f5064e64279d12bcf76526140c2a793e0bc8ea7ba839e61c3060ef974db4278f072311d1fbced226746afc943d6ebe34f2bef5ce19e5b6222dfd16627a7e6e6af0c6ac1f"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x20008000)
mlockall(0x7)
migrate_pages(0x0, 0x9, &(0x7f0000000040)=0x9, &(0x7f0000000380)=0x102)
mmap$snddsp(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000005, 0x20010, r0, 0xb000)
socket$kcm(0x2, 0x1, 0x84)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x13)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x15, 0x0, 0x7, 0xb, 0xfffffffe})
write$bt_hci(r6, &(0x7f0000000080)=ANY=[], 0x6)

7.700025675s ago: executing program 4 (id=474):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x44, 0x485, 0x0, 0x0)

6.438923677s ago: executing program 3 (id=475):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
pipe2$9p(&(0x7f0000000180), 0x80000)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010003b15000000000000000000214907", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b00010067726574617000001800028004001200060018001c00000006000e"], 0x48}, 0x1, 0x0, 0x0, 0x20040080}, 0x0)
listen(r5, 0xf)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

6.27479517s ago: executing program 2 (id=476):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000081}, 0x40048094)
writev(0xffffffffffffffff, &(0x7f0000000100), 0x0)
prlimit64(0x0, 0x8, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040)={0xfc, 0x0, 0x0, 0x9, 0x0, 0x4, 0xfe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x3}, 0xe)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000000)=0x7ff, 0x4)
shutdown(r1, 0x1)
recvmmsg(r1, &(0x7f0000000840)=[{{0x0, 0x41, 0x0}}], 0x414, 0x406, 0x0)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}, 'veth0_vlan\x00'}}, 0x1e)
sched_setscheduler(0x0, 0x5, 0x0)
getpid()
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000200)='msdos\x00', 0x124a078, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r3, r4, 0x0, 0x201f00)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)

6.146029771s ago: executing program 4 (id=477):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000180)={0x5, 0x0, {0x3, 0x0, 0x1, 0x1, 0x40}, 0x8})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)

5.241443243s ago: executing program 3 (id=478):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044940, &(0x7f0000001fc0))
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002640)=@newtaction={0xa58, 0x30, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [{0x840, 0x1, [@m_ipt={0x270, 0x17, 0x0, 0x0, {{0x8}, {0x1b4, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xeb, 0x6, {0x0, 'raw\x00', 0xe, 0xb3, "01df771ed4aa468d466490bb6d3a762752b0276450737133d354ea68c13a92efe99064741e04d8a20e194e30a60295d386bccda0f3007979597e6d03b954a8f914ba7b899f16c20d6d72edd9b6f52db88f3ba2e308499f6252662a51fa4b12868b58f75e27ec9103b8068b9b811e21bd2aa37e31ee1bb8e60ecb8155c8e19ea1c7fdbb9aa819059c61aa86c434a7c8da18ab573d7585bec9c1d4494956d182e7b35a526fd48659ab60beb8f339651c715661a36a876cce3dd7a98863f318caef99"}}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TARG={0x3d, 0x6, {0xff3b, 'nat\x00', 0x6a, 0xfff, "ec6c358b1b02688c45d6891b8d39befc710e9c"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x3ff}, @TCA_IPT_HOOK={0x8}]}, {0x95, 0x6, "33c428b1016ea0e62b6c917780554ec63a01a7382016d430730d1158d5469fa35f73d351ec348637d292a8c8699738644c304a14a0ca2e2c1422d9493ae361a88a61e76022334cc9eff1d9b15acf815ab9bf490688724773d3775e92953306fa3923bf0b3eb78ed4c4e43760fb360a12727f0000004fe4c5639595b4ce1706ccb85c9b5872240c31834297cfb06b7eaaa1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x90, 0x11, 0x0, 0x0, {{0x8}, {0x4}, {0x65, 0x6, "195244b493b69a109e343c48236a318aa067ccccb2000506f4e63246fce6276de9355aae82ccf014b3a51009a53cc597e7eec180e252560262d28e1340152b8389fc3dcbd1c60cbef5aa738a80d9582b7bf553a33208654c9b7b642eb56b8a9716"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ipt={0x170, 0x17, 0x0, 0x0, {{0x8}, {0xc0, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0x4}]}, {0x89, 0x6, "828d51b8c024f3ba75276291fd744bf1d83ac94c40f59c2d7aabe5cffe85cb1235f3e723c7a0ca6f1a15a0e38afac0bc7115796816162cbc6d09aea501ff36a46772ec7a3aa4d7c60363ff8f0eeda2f3eb8c435fb1d254244779da6c44c5dc30ed21a60df465ec395bc4d898dc7104dc47d809383d1d5431371c66f76842e2571bf73ce597"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x114, 0x18, 0x0, 0x0, {{0x8}, {0x78, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TARG={0x69, 0x6, {0x3, 'security\x00', 0x84, 0x8, "cf8102ab12c6b2198a413eaa65607ab7ca51ab206bef3fe70b20aa2e7aacfa341b2d9158773430366e3a48eb70679ab8b9759ebcd3b2636776df09c3eb7702"}}]}, {0x75, 0x6, "1d4af027bf39e92f2bc3b16061477612108c4de6dbb9dbc37f978e20a11849888f1cfa0d69961cc5b133c25b0a606d867918fd28cefd9936cea3c502ba83dbc878d09708660761105b2cb89c15f4eb2ff9ca07aba60aef01aab6097fa30bc52f5c31cbba441df32848abb9344a809a2a4c"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x13c, 0x11, 0x0, 0x0, {{0x8}, {0xe0, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xd9, 0x6, {0x2, 'mangle\x00', 0x1, 0x1, "26b28bee405c084d7d3004660f6902208128531e54ab5a1819783607be3e2e463fc401b2d641a72c11f6aea69efbc1dac1e8f34f762cbc8ee0231ffeebcb773de1e20df7f65c7029200a9570577fe540733523b10491dc5fda6c0091603360fb1b6019648c7b5ef50f8741b6670963cc5d8533f50c4a2cfbeda3e0ed5070ab41e44997bdda4c34c11413cb846041ef4060b9cb71e527a7dd8e4efb7877f6f37b7cd8648d2d22911f9fbfdd95b69e14"}}]}, {0x35, 0x6, "e7ba22f1ebc93a7960461c2acdaf1da6af842571f14f3b0700806b225899f9ba581b6cc401693affa591693a24cad555ae"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ipt={0x64, 0x20, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0x15, 0x6, "a0f801aae36e077609a01908bc70dd5a7c"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_ipt={0x118, 0x20, 0x0, 0x0, {{0x8}, {0x6c, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x55, 0x6, {0xfffa, 'nat\x00', 0x4, 0x8, "b112d50939750fa56623826275793a59f694cdc8bda79320bfe1d4c8997abe43daace6790afb2937cfb2e0"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x6}, @TCA_IPT_INDEX={0x8, 0x3, 0x6062ae06}]}, {0x85, 0x6, "080f497fef56763eb14339e04d8880b35d4fcb1f3ccd5757021fa31ef38a7d4c8fca4f32d5757fdee1a2aceaaeb6abdad810154a059435c356867b27c8df5015f90bffb81405bdefffef46fede1a8038897bb9fd967f32f04f15a8596894786759dc20093ddbffb2158f5c0591205638b11d518d459f3137f1349ab013b3b5732e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x97dd299ab8dc81d}}}}]}, {0xb0, 0x1, [@m_ipt={0xac, 0x3, 0x0, 0x0, {{0x8}, {0x74, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x6d, 0x6, {0x8, 'mangle\x00', 0x80, 0xa62, "07625db7849301f3c760230789043c3c5de12e22cc8e1f5f20c97ba14d907f5a3eae7673340356d1e624a3f315c4d0b1439a387605ebd024be5895e6659813581fe54a"}}]}, {0x14, 0x6, "e2ebd2e0185a4d308803e9306ec5d2b0"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}, {0x154, 0x1, [@m_ipt={0xdc, 0x6, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x4}]}, {0xa9, 0x6, "f5fcf6c5d281ac07391f35700b5786a70ee288211391aef6ec3378d7dd4a7c7445b8d3046ec059dd382a214deedda165d8663d562a47b1afb15557c5ceab4960c0442cc36ea1e65aa9650e7ac2c900fbb08da34b73b6b699463a47761daa69afd529deea7f5c97d3f950af23793139f4c0c3cea503bb9a23d2f7677c9bf150e350defce66ec3eccbaabb1e8f7fe7c49b9e91ecca113edb7f81da88a113c1065219a1d6062e"}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ipt={0x74, 0x1a, 0x0, 0x0, {{0x8}, {0x4}, {0x4b, 0x6, "4b6275823d714c9413915317da89818ccff96e8938cf0100000000000000c9bdc74a0a5b7f653980ed0af5c857ee3a0361bfe072c3d9c7043b1d027446cc8454c51cbd25fb61c2"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0xa58}}, 0x4008800)
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0)
write$binfmt_aout(r7, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x6, 0x6, 0x1, "42341f9b1000007e4f00"})
splice(0xffffffffffffffff, 0x0, r6, 0x0, 0x3, 0xb)

5.025047096s ago: executing program 0 (id=479):
io_uring_setup(0x177d, &(0x7f00000002c0)={0x0, 0x698c, 0x40, 0x2, 0xfffffffe})
socket$alg(0x26, 0x5, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x7})
syz_io_uring_setup(0x2c0c, &(0x7f0000000400)={0x0, 0x0, 0x4002}, 0x0, 0x0)
listen(r1, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
shutdown(r2, 0x1)
write(r2, 0x0, 0x0)
connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r3 = socket$unix(0x1, 0x1, 0x0)
close(0x3)
connect$unix(r3, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

4.238590716s ago: executing program 4 (id=480):
socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x6, &(0x7f0000000200)=0x84)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000da10ba78c1e72ea26d3e46bcb0000009500000000000000"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$BINDER_GET_FROZEN_INFO(0xffffffffffffffff, 0xc00c620f, &(0x7f00000002c0))
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x2}, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000280)=0x6)
mmap(&(0x7f000003b000/0x2000)=nil, 0x2000, 0xb635773f04ebbeef, 0x1010, 0xffffffffffffffff, 0x256d2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000240)={0x9, 0x206, 0xec6d, 0x3, <r4=>0x0}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000480)={r4, 0x9f}, &(0x7f00000004c0)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

871.193558ms ago: executing program 4 (id=481):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
prlimit64(0x0, 0x0, &(0x7f0000000300)={0x42, 0x80}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x44004)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000300))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.current\x00', 0xf000, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES8=r1, @ANYRES32], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)

868.128637ms ago: executing program 1 (id=482):
socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10)
sendmmsg$unix(r2, &(0x7f0000000680), 0x4924924924925c6, 0x0)

652.778829ms ago: executing program 3 (id=483):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x1f, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x80}, [@call={0x85, 0x0, 0x0, 0x23}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3f}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0xfffffffffffffde5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000080), &(0x7f00000000c0)=0x3930)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000240)={<r8=>0xffffffffffffffff}, 0x111, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000380), r8, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r7, &(0x7f0000000040)={0x7, 0x8, 0xfa00, {r8}}, 0x10)

645.977144ms ago: executing program 2 (id=484):
syz_usb_connect(0x3, 0x64, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003834a6b2099040d10a2840102030109025200010c2440070904b800018c8c02010a24010400000201020924030203030201a60d2408010700bc5affd3dc187508240806050005f9072408020600030924030605030303070905032b3b"], &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x4, 0x58, &(0x7f0000000cc0)={{0x12, 0x1, 0x200, 0xff, 0x3e, 0xdf, 0x8, 0x10c4, 0x85a7, 0x9304, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x46, 0x1, 0xd5, 0x1, 0xf0, 0xb, [{{0x9, 0x4, 0x4a, 0xcc, 0x0, 0x13, 0xf6, 0xa3, 0x3, [@cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0xfffffffd, 0x1, 0x9, 0x4}}, @cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x5, 0x101, 0x10}, {0x6, 0x24, 0x1a, 0xb, 0x8}}]}}]}}]}}, 0x0)

135.921312ms ago: executing program 0 (id=485):
r0 = socket$alg(0x26, 0x5, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x40000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x26)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x1c4d, &(0x7f0000000400)={0x0, 0x707b, 0x40, 0x4, 0x80288}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x6}, 0x94)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, 0x0, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @empty}, 0x1c)
sendto$inet6(r3, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
writev(r3, &(0x7f0000001300), 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r4, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r4, 0x1)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512-generic\x00'}, 0x68)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad", 0x1)
r5 = accept4(r0, 0x0, 0x0, 0x80800)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000280)=@newtaction={0x14, 0x30, 0x9}, 0x14}}, 0x0)

135.02329ms ago: executing program 1 (id=486):
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x2)
r0 = fsopen(&(0x7f0000000100)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000600)=@newqdisc={0x60, 0x24, 0xd0f, 0x2, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0xffffffff}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x2}, {}, 0x7}}]}}]}, 0x60}}, 0x4000004)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003700)=[{{&(0x7f0000001280)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000033c0)=[{0x0}, {&(0x7f0000001300)="2140c0964c18d31828973c49caf530db8d7444a0af22d85e5eecbb1243fde55bf03e72ed0822a5d65cfdf1c81b04239a1d6af397e54f4606b6cd7973f4196afc227b97a922ab3a6dc872eb5453ab85e56fa820c5b0e608c3e51076c6fbd201812e5e995fa508479f8099196130c8ff87d2ef5d9e7510a2e762730e92f9645555a48c93f2e007cab9e979a40d2d494ed81fdc3f42b02a6703200ca2ec4c694eadb9469678713e92f1bcd9281d9159847028bb4ebaaaafb504d10936ece29e577e280430cceb3b80f48dd7c234b7d16e7c67ba9a4d037e1638166de2e2ed4d77fc53163b543148b994bae5eb968404ede307b86076b40766ba7dd7f7e3dda23c7a8a3fd12184491164d7a23c95fa9ef9021035f04dda3209d8d36a79dcf52fa4e6d13d6992a9db86aada3c061dafb77a8f1dd3c72027380964bd3968d84c872c26e4f78fdb3ea68a660fd4c144778e0e90b81403c98d2e496dedc8b1426a78d615bd614b1c00c554affb773094cb9520a7acc9c2d9993a5ea1640053517ef4296746172690ce9dd53f2a5dc905429f771e00d9f5a5e7a89b16a39f435152dff24ca69670e15c4a014ceea4d63050200374b54874d5bedff9137801a0b61fbbca110eeab1c805445d5a9c0a453fdfc1cec579e3791fd4ededec3fa67d4a6726c74b6081af9b68e8953c347bf5c00b63268c556ec78adcdf51fe3112a70b805738d2197a48c8a77c124016f5054fd5783b10aa05626d40ad2657be76da85b61e0466fbb8cfe7a0c6438628b5fef8b1195b3aafce81914f822e80d83a77e0c3ec5bf5c8bd516f86c8ec19410f3db6be8c10b0b943c6fa7220e86eb4388bc8d3b39d2fd178ab4fe16146710429127b379b54648a0201fb3ed924b29cb68a7391b1f010e61fb6cbfc3f11ba9f56c96e55a28f46d13aae0be014a38b0ca4d1be1eac9c999a98821851211664898ef396fdd8c462f4c75c21c7640de75d656bd10352a231d24ea719de067e79ad9263d17f1f439d016c8826d8a72bc0ceab9d3ea3351672520dd65a269ea6d765e3b4ab93b5ffe627a0c460c5cfebb549d768412a5a10dfd2ebe738c86ed10ed85a2f396405c7618e6735f2785d81e34a4de1e7ed2cf76414dbd14da8c0a1b42e81aa9257249a6c209605d266b6ff5af30a97ec452916ae51ea23b3da0816e965c4d1fce4b0d063ad29340677ec8369f038f21a58fa079bf08b654a438485c010f1cd8666cdb5ad65c1c68582eb3a1adc7e0607abdc8125a1f394abd6c583feefa3d4392a0b410ee3ad3fdd0306a4cff4082e15f682c9743e6115edb26a7ab360cee9494c2c3c54ae9e6110469b8f032c3ad05e0fd4ed82c33fe35de71b13095e8df9376723fa4efa952841543ca8e27a00e3e2c6a88689b527fc56c3ade6561e98b0dfde1a53174b48b3be02c2b54977a935078b8602a67d988120abc71cda5a2008b9622dcfc62747c1a618c282490f79114ff42f16d64b3f2f3a36d5b81eee8f8cc1a8bbf170478efaa63a96ace15baccc12b81e70faedd0316dbafbf334d6e8cba3506cb66b1d1875ff922c0748fb0ccf51531d83e9ddf5f2db828a2c995ef688c793940ab1a052f8a5f86adc4436eb7784a46b33b16634a8664cc67162cfda77b821061631f32385e32d05455c396683972686010acb351dc6a6ef20e5de31bfeca1073383b8045b880d9bd82febeb96bdfce95c0dcd5aee43728d0c942d3eb608f963387884c43a22360bceb0bfe8008ae85733e06eb160258065f74839436f398556ef58c46333dd6a6739f3fbef56ce8b7ab4eeafce6004e019263ed86a4032df50e9f76dd9ba4984b9ae793fc6f20b0b055fa215cf60a0ac963b2fdb734a906e37cc1842d46508e1629687c98ccd2ff6bf2e447d1ee82145e16e12c4105860c8b805979bb231f73ca6b13c0b3e2af5fd604b895705513d6d633adfa22a4634561a7f125113e86a38046e76e640dd75f48af81f8c72a0a1669a1f0ac5e17dcea83ed854476b070e1d4c20646c67c7bce238b5681c17d65fec43eeab200a626848f6e9ae33ff3b95b32959101dd14b18e7a9a2230e1d4f9f0c935ce920b972fd8ab297c1ce93df702eaca7e913344661e47b88da6b196f11e7ba0abd5394222b962a66178dad8f642b2434ec50675965bb4eca2eb9d951e647e51a99c1e439a2fbc8cf628c11dfa79f6f1d5279a9c94f07cdd2ac375137a16598c20d0739fd592f05545a373d10b5dc5479b62fbe551139f5c181403f2b29b5c8b9b41f7a6bac4a4ad67a8c31dcebe3fa2ae5bbfa17e3e6ca5e82301cd2dcbe59810b5c13f78d23cc2672d019ab69ffefad4a58b47a3a636df0ca51804e1e40f1225c0673018631e6fa40ad8718da38127b7ab792f336ec1939c52578d8c20a1080f64d370b172899a4d2819116698bf48be9b8f05bb685cbdfc7a425dbbe1fdfc3b807a599dfacf25a427607c2480ae8d793d4973d1669be64fdf577f92c379f0e77c48aed6867fbad7cfef0fd9d162d164323d62b49b19734314cab7435544b0a131d1053fb6ceed2823214615f822015068557a1368b57d59cbc7b555134ac044b9130b1c3b34045577171736dad334882f608c3e5b162e6c20c9862901ad49db2f99ef7da67284d85e5731c9591eebbb4a47549f727fe388649ec35bc040a390250fc2df733cfc1cb5cea6656956dd2c0d24e1f0392826e3b4131b958003b1f88bda344e9713085339fb7882f81d678ece9d4a2f8455f2a785e95a85dbca625408a0ff2bbeef2b0d478576f1569bb4d8c35772d08787422fbd8d2cf84ccc6d42e14fe25b1d004dd30da8c9014c28e56a9f8e41b8d69a511e7b416a929e229f39d745166e6544113ab68fc86177857047bdf8b47d0a01d64ca93d450e9e005d8374d863e743f9b4668318740275ead5c27e569283aa40e12e1a082b46ef2de0936c0f7552ce92318a42f9cec84fedc95177fd791963e3b1ab170e1835b27b7f09b1619335910177a74709bfc8eb54fc1ed1a5204b3293256075e365a637bac887c99dd1744bff661c5982894d52c215db2ac1a4c34c5067cf91d938ccbef587bdaf9cfa84e09e6dda67952e796ad7af14f4712b57ede32b2c572cae13ef83b8a97665580ed421cd9b6a93b808b58e68ce13aa2f3d9864c74e1f14a332e6eeac7aa9f2d0550d59fe6f315833cce737a102de28e38881fc1cf2fb128abd105e4ea5d1cfa6b4d7364e6be6ecdf1e13b5da4aa2f688853ff8e07382441bf9128f94e51b3eaa3706944efe55caa3ddcde6cee9128a83cc43f1f62ea8e0c456007216563cd7e48d52dfe5189e963cabe57c972decefd0dbeea4d200d1c29c923230d535aa26d3ff992ecb818a26d7e9a883efa14724262e5f14448c61fe4d150d9bf63defd6d4d71a1fbb5891cc096dd8491b30ed43b13a39b95921e40ed7ac982306ceee25eddff740b5ded6a900139fe37da71e2bdb559b1efa8e93edce3016b4a2debee3fed1ca62cb897398e60732db4f02f0caf4ca7eb7ba222a3dff7849691e9dddd679a26a94818d1cc57a1c99c41ab99f9bf3097d344da2825cfdb3c0a9302ced02777aab9a4f46ee73a582da77dd1d431bff2b0ad9ddc4453162aad88619e2fba21247645b0637f8f9356284d758584c9e1f31be48c40c8b72b2e0aa2b29b038f4d5a0dc81d503d761f2108ee5dcb5e48e90bb17a3ee5059f928cade84a67e63034e462fffdf8890aa340427b288932e5e93edf16f6b64bedf2575f9f6176489bb1b6a18037ad7a4e600b30fe36e7484725a8f17fb4dc550cd02e88bc8ec773052968fcc6b33ac1bb2c7178a51848ecc674f41b3b8ebccdceeeec28f1eed3f18a1517c5702b6418853b6a99512c37473df2f2164ffd3317ce93f2dc20b531890c24f30c9d4d403a4b37b523a6f34395f7299b5f2d2541356558229021171ba569a10e3a7db0eb547b0c6588b6fbe24ae086a556dd6b696639c879516832143729b2ac35cc86548680d4a282941442d8d2adfbaac2b99154c9c3c2c512152025b1ce31c8bacb80554bf3faa284b2df7e91c8d679ce984c026622f026edd9bbe859b3367f1560fd53d39173c80b8cf5964fb887e4f106361dcac934683bca793c1d8959a72406dc12f52bce35cc8ef29ef1d875f6c1e3223c8794c01252649ab5c68ffbd6f0d03dc5b8d78f86522e6c957013e8524ae7c056ea84509586f972ea5a056e8707f3a75f3a4d887467eb034633ecfb080ab9f283fc578c4459b50a35b58b639411048750d76571766dd3c305c520c78ea1306b8128c500375413e226f3d428106a8a13acc6669220c8fc89fd621efbbf2a269a2a305e0ed1d2e3e6d08acda24c829503a2f5993ca605586121e6755a98b06fa9f766775938147ef120406cd4a4f3db8b5dac6b8c5e06bdae1ae4e166040d95f4a624273004358780b0a509738f1ec307343cbf4f97a4beadeca84b64e31cf2a5516afd3ffc29a9bcb0b8732ecc945486c6b021f181dec14e431d10a53d3464ce943d243671e7679182eb4ce53e131121995ba89caf701ec3e39fd2417514d5d6dd58448477d1b9149cca5576e7504270cbf92bc7cbbd0f2c58d398e5857ebe3f955291ac28d5dd349ef7ea8e7c40b83441e408878a7b40fd525b5d7de348ee59942006ed2d043446c92f2d1d8e42dbf126ae993ea64f9c00a89be8f0649f2757e29ab28f830f9ced141379e36beb8e3f1f659bf760fd0a2a24c27de4f14ab6acd236e7755c5c36e16e45da81f7e5f1a9f52e1b9bff2c5714e849dccc01c93410f0b6cefcae76226218bcf31ce4b5f8e96fb38ab0e6ff17d261364b5f50fb872a40fdb611b7cab9f5d69f5580306a707925250c80d3106b818e5db31df18626a94f8973e60396ffe6ff124fd95f09b5b91a8738c6bb23c7e5234bc1c5b4d6601388bb4bcf89882b071c96d55157d61229a96ecc0c9003c7506354513968ee865f3b942d940295374c49e12d40098c5ad035c020c778b6c87c25766ce04f6062f4bbd5a41ad9ef15f6c4e256346db386b4126baf8c3f5b70cab7dd188067750332dcabfe2fc49fc1865bae0a70f8574686922f2327f76f12e221010f82ee25de113b76f2df51150840dfb02611f5f5d1068437a75ee32f203ca78e0d6923285172d1bb2f53ef130e7e07bd72ec378bdce0d75748efc5aa0020c436b7b2460a4f221acec15b83cae6e85c2fd998e2e6fe2a1fda395c160f2cdadc4cf9ed31a01468e09d7e459551028cc2fa315811cc128455bb16d1edc14519cbe17854e7f5fd5bde42b83cfc43a4788b2cbe51e478dd9550470be373473518af67fab96e4a7c6394a7aec83639c07709d7831ecebc744c105c85af72c4e37a6a5a866b756e5bee0e59f791afe0484a67715caaf46181fc4f6471538bf8b2f8959624cc48438a630c56f0275ef9700d950c54ffd0aae5ce2b0772c9ecd3cb195af39390eeb697dcd824dc4cfcd4a3b1da0b908bc3a6591ff543fe7d5a91135b9b3d2d095ae44f65278a25d4621876e96cd4ab9babff1978206bf9d5a38c13b61af0add68b5ee3be7b89e7cbff619714343e1a239ed4496f88b5c622598df50babd913cbe29892d160065095b84df19a20b7cef1d322490996fc387e71ec65ebd59ec6332145dd033a24b7c4480f235dd5befd5c09dfdf6c0f68f29e3b141506afd68c0e4c6ba21e920758c2ae2c3d0cb705e82b24dfc3a288a12882d8a2bb4ed4bdf574a5f466c4d68442894571abe38cb933e6742a2876764620b2b576c56b9529371081557509b7", 0x1000}, {&(0x7f0000002300)="dcb6ffce8f6be87ba35a6d33d2d863802b2549d462e746bcee570a2062599b755f242015fb88349d1c4887cc9cf9eb5502c551c82847ecdfeb259a14f49a5ed76c7088d73df2719bbde09861d1d7176530d3e32dc784551210ae31f6231f9abe7464136f642460a52ed2e576ee9fb0de3a1244b81543c108487ce685e57b95173762cdd5bbd1eb09c1b49e1609086433c5d88998292d20f21924941bc4c64f28917f6b6da8488afdbefe26b45a83147c6e4830e8938c7143675802f93bd1c4756922fc7235886e6ef54b96c1f8cb636fd2da071958b0f319cb3847a33f07e6bdd3db2e7d4806150641b779bc7fec55304b8a8b76c4050d1adb718606b82e821cf55aef5198537a1b885eeac651c27fa74212ceaf36892556c51fbd01da80a19abaeb9c52abe605147962a31a7de8080e39429e8a6f81f3aa0c78379525948b9a354b0fb83984f2e0416d21ea7865eee9d01e691e6e61bebade4744a5b8c2fe755ea1e1783a1b8425bcf67d5dfe96e98792407e6e63f8b44f5bc5aebd9acaebadb3ddc31ec4a6ce84aea19bdcc9e3f8f0a94abd6913e9db45ed101ac5a12eddc74b3bc2f66dd5c9ccf1339cb587be9bf2b5a536865e551f155ca2bda23d424e13de065d6427aeaf0f18b0c88baf01f31d035e2ea74c49545106871cf7c848611cbcc37527d027a2c63b1542dea0788557aa39c6041b0f39374b1ebab4e037b09e406ee86035c26117fabade956faacdbe300b609e282462c6872b7c7ccdaa852dd47f1e86b41fb5493589c146a20302793c75397110a05aaa09df26799ec0724e80e5262b43a36868d434eeaddc46464111fbb6a5e171957336b676d986ac60caa0cfedf88956dd61154c7b167e1c42299aa875435f80d8727cc717dfb69a0c48abb25679f69796d198e3914bb7861fee7204a6eb66b085baaa49b6907628bb64603122fb5b858498268672eb9db8930e9a2e688a7ac3e7da7b2329c0d4227c1057c8149aaabffb4de74118ab42ee20892523bf73a7e8b6f88cfe36ad0644182a7fd133e97937521505a59e26ff2d7c26f5465c9e55f119bbebd03107a4efa117d716a76f4ca50df83572d31537f5b41fe770577ceda706c970fdb41966332036e12c7d9527979257121dec7548311a5708db987737a73881817c2c014e89c0d6556af2827825a79c62829ba666f4f0bdd80b5bea3151be43d95b3aa6dc5f623b9b004c4ef95c8c1ed2217dc89c0553a2dd6f7e2482aeaca281d34e55961fb6fc1437fb2129659451d420e195c8bfa8468b4a3cc5fbe941a249cf79b7df4220553982bce0705891c727cc342ef665118c83c950905c193f63e06a2c2aad9b2df2af7ca7a3a6fee8a4d0f8802757bea90f50d63677935f0e571396ffb3752d9cd366e9418319766c659928daff91ff34c1753d3a47d3547d4025206b4054ddf4c862b73dca731ebd0aee8886b9c53fe256bd0d9c06c56bbb699bf21411578609922644d57f2a9db71e793889631b595123950fd4c9df7be898df2f14b4beaa4dd71b7d03699fd96d7496c35acd79d3e16a101b6e0e91b25cf2bb1c367cdd1693302cc16c91ad9368b9feb8f1a951a91e9347fb9f74725c2314494f9e4a7321332822fbf5334337f8e22b421af1589999f2724da80bc2840f9d31fb9a80553b0d292bb1768069635116d6387d55fd25843251ef279e5106cbc77e9da5badb5630b25b71c2dae6397b55b05b80aa46f0c4c89b24c006237e70656be8d837c1630655c1a6502c0f2a31a63aa5e1b739951c0ed70dd5a7339f3016af4fb851274d6395f3983895cc57eda4c7970b08f8e8eb8ff7cb42b78d5bf8382d17495bdb42503a1fd2a847c5c0b9a3abb49e56ff770f2fb5e5b77d67e195431dafe690a83384d1f4c9f94d013291ee3d7e5514e13ad1421d771c585ab8945944c7cbffbd1aebb880b88bbbb49faa92658e326d7292367aa1843d5938b35cd8b6b2d257dd72e0ffc0c491c70c04b3353136c4e67b8d793b03ba732cda7bb8795e5843687a196fee5d65d0213069217120cda1007545f9e634879ca7d127a72b7211df59b560611f339d3e20fbde249de8fb6642c02ff90d21da95448993dcfc29feb117c9fcedd9ff9646e96bb8d045854d7da1f66aaa91a0fd6c4b1651cc7b76b35cc0fa5aeb559094ed4600c56657e2e37eafb739d9e75e432895af0cbbcd0ff3c2b9a326db9a0b9e6ee8b67600c930ae3fa0198552a11056493ca7d417cd39ab6714849b4b7518f768d1f3d4462f6cf7af788fdcf5fa0e2f10cca27f72b60ea8beaaf1d60333fa5b428f7718c383e1cb81913f9f71a8c61dbe50276f0846857a9f89f47b245cbe760367f7efd2d6104016edb12f95750f948e7043f49d936446eb8290c96494b90624120648f04f3db925bd3c5b847f0acb7361d38d5cdc8e574a7f16097625a7a018493a39e0a5e363bb3102d3f3a81bd212b17c1ef26eec8746d963f3571b09170dd87b8175073f43ef0ab063ee6027a8a2086e7b5601401fced2dc0493d542167dd5af6868a3b4f3095ae67e8c3c45b8333e4ccb8ce4f5889d5a06e7eb3558211d0fce2b616b288f9e08aa68ef76bfcba4926727db6cb109e501041fdb134860825966d87b52721a62a1aaa0aa2283ee9f9c7023ebf57e2549d6c5f372e99247c5dc248f233a4e1ab1b793dd65faff3c12d0eb7051f19b2a265cd38fd9907a6f648410e012b4fa23d19e0103aada4176f36b488c33ef86f7d0be2136008a3e08e290a2d4e3db12b95bcdbd620b820cd55f7fcb9ba1351708b9e2d827140437958727007e1fc16ac0c5bc114d8318aae4fa51fc97129758b6ba99a3e2d3b46dac9a1eb6305323a4b16dc266dd2f5bd67d44e85434fad46083ab6a231f514cc5f7cad2718fed76cee21f4418d5eac85cdebe4ffd5694dab5934cbebb479dc0da84d92e1d706975e05cca5e8900f50c10ed65a6a3ab288a6ad9a768059841ee0d05b5104a376c60ba2faadc6baeb17b11b4ac99aa3353f106cfdb5cfc95f63bb770349f61d67bced8fdd400109fdad12dbbdc74e8df5c322e10d454dd6e7771986d25c946eb39819fdacb3fe12530eae6c4ab0b5828ae4b5f6137563a4c79c3d2aa47e73f8fbb9fe7356f5f9b17310fb94fd5840f158af184d1644da3c19505dd4f64d6978e1e8300989af88249d0da21f6e5ae9709c4a43c094ab93736a9428fad4cf141ce6d23d86ea36cc83858e348fb1ddd1353c4b86a9034fe8bcb71e862fa8f4a314483388e8541e8c6a79f5c1839589d60ce6c7bcd1861364d8ffb92687528f988defc783d71c44f92aef0b993ed35554d0fdf55fc27352e51e11bff241dc6e12818b268ce5ae358cbf4f86897af0e248ba039ad7f890286e0ff84f4918f8a5b0212d608e40f29c1da88d23cf3ebaf806beebb71577657dae8fbd533f24bcaaaa04a4b85c2cc197fbccce5373d3dff8cf12158eb8b84dccf5fbc39784a691d11e3d47a2066c103e1f6e46ffcb17247b80b2b853ac4300c35520d00c3567e2bf913334fd90c3588f72a09bb9442f01f5046e87fbaad26f46e885cda4b49867af68fa9bdbec80da84bbce210ebb98219957e75bdf31aa82dc4a2c8c397eb2b8cc0b1f62fd772c55df160974d7ebdc17a5ae5d3799b4147681910daacd7f29f61591c808fd63c93d57283d0a7a57763c724909b76542ef80a683266625d652d0beb86a13384066ae99c0b813cf27c68061a1522ed13eb79c507781d40bd60618280b47817078f9fcd1b5ccac7e0d350de88b296ed8c9b31cee5097849acc0cc19ccf1d4649ccd22d4e0dade08e52157f26e55c8d5b65f6a341e17febbf23cf24d4ac35d82131b3560487e10384a2df603c84437c581ef411eff77ed1f266ce511a98e86fa5d3799311cd52dde2e7f32f314d970667deae08a6666a27a540267ba653c806a1f957866d693b946c110f491d31e3df51d200063e29735a5e396006a59253a15a5288908c8dcd3d77ce6c0af9cd53ce8b3a8d61300b3f69d2bcd229811e904567933db40eb63e0b4cecdd84ef863e025cce0864c0da82d133653c35408f2febe4ec3d164d3a18a49ab59830a1f3f4b599d143a6975677d699eed0cb2375e995b7b992d618bae177958f7b9ffe24e20f4e520f0d51baa575c3056fb496766af0e2bfd60806093f931dc99f52267dcd02960c3025026c2f6de2c03e7381a860830a31142c2ff120f6753a24a17d8ebfd0b029c1dbb41470204cad9b85206db1b3faa901902f888492913111b657c974af851d48e741a18aa60d0794adc935e25f5284a045f46334cd9b79102f3ab87946bf5a47148c693cd31912b2e0675a7995e5bdf23e25ac706315655ddb87584aa74d9d635be5bd6dc972efb11bac3cf2515f4e930ce3d0a6e8bdf1bec72dffa69be04a02749c8473e2cfe5448cedda2209fedd989d108efb918ccb96c59d27eb0f1d9f7f196079b642234d6e643bb166e22cc63712cca0db5fb27606767980ad7349dc3014671655bef6bf758121b63def73078f66359ec52fdd3931d1fda02dc043d2308c9b2c6f6579709a5e1a9080f5430cbad9f5ca7ffe95a9409014e3d741b1c1dd64a3a1c53cdc7b524cbcb5003059aa16a38170b0ee2d81ab740059dc8a8dbdb5ffe0c71d1f6e9e02be85651fbe7c573a96f4ef9209081286bb8325c34db54937e227645ef3e15aade4db70909a7872a05b9c6d7cb175f882ff64bad6d1b4d9cfd225947e72c9e3c668747fc7e08ac7307519489b40a1660ee26933335a300d5739735df84c38e47d652ae5f6488537d07fedd818e003cf3e51ced1b973ebfed3d6b683d959cafcd23c67e0d93551a6200b972db73e108f5868219f7ff22caa27672dfc1aae0c849f979509d6051687803ecaa521a29bd43465075fc88aad7b6c4030c86ff895197e72512d8c12bc70f88db6a3d10a2b11b13c521f462ad696b342306d9119ed66747405fe898f0b4497f61f95296abc480b40719ec44e8258b7785e36f683f38d3641ea6b4acf3a63c5bbf9206a3ad8fdf0292c4277b5cabc8c4cf3245d74d936861853f3b8cd7ec97557e3586ac42e060c1b738b4140c44a4e64601c9dc95f117da35d266ec17ab679ff6aaa370fa3ebaa2e31e92f4d0dc3ae722693ee98583603d8285b8295eed0434baca81b83c54903a81da43cb5a2cc5c5ce92abb31f2c6bf95bc38779f31ee2d097336e6fecf18c86994a28816d2b4f215b904f73a1dd1aaf49513e0df30bfb71b47c4e4c8afcb4bbd873ba5b64f28fc2cc34e97f197d051223f3969b75836188cdf3c69ecc43bef1baa4c3ca9a23b9a69077ce5f4579975ecfdb90172e11da97ff30bcd438fe3dcee04b371d35b3b690f0c6544102a31d92cf6af7e375611cefd071366d3cd256f23f2183b8e917ae050e86895d3ab635c0ac9bd47cab2858672077312e32e29d6aafc2b357a9f4c3e1909a895473f7052b8d083bb9afaeaeddfe510facb4b0a958e0d29a0fc8f20a65ab687b9a5ada69a2f8351a7aba4385aa361c8acf6baeef1870deb9947df16b26abffb9bfcee733ddf28ae3ea5385317e8ca55dc212a75b61450830a2c7901b0529df1a9b0d285814ce95c9302ee033a0b5e4455a8901cb40437d87e10dc97f92a6930111dad1d2076a38d842afe2fa8ea04dc2e9bc0c6321ff3f8bd55a63c0ccf00b89624e9966846fc73719e4fd2372186beab0683a001977c7dbb2e1d1874d77c0db9d9d81f7b61f7dab8985aeb7a33b43e17dfe46e96e08cbf2a2bb2b261ffb5771bfbf", 0xfff}, {&(0x7f0000003300)="17e2af80f8", 0x5}, {&(0x7f0000003340)="4c972c0f55cafae2a0fd81e5165d7c6efa88cf05992adeca985aa30cf27324dbe2313419f3ac0c45794c24df3a2533c16eba4fe58714c8ff947e8eb5044ecaf8b10b292939ddfc6720b07725820755dc7bf4d763d40f7457ab6b90811547ea5c32acfca02fa9ea16a79ef02ff76b78", 0x6f}], 0x5}}, {{&(0x7f0000003440)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000003640)=[{&(0x7f0000003480)="12afcd4f15d9c7ca3c32618a990d69c7560af4cecadeea3e4ec5fba6e5cf11fd395c274c3e666b0c54e1ad04326f74a7", 0x30}, {&(0x7f00000034c0)="00e2152706bee587b87ef33d3358005f7a7554db1f00cf9849a445331e7e0368de8c8d82ea496bb6d4cfbedd423bcac60d669a523dd02ad9d8107b157083d724", 0x40}, {&(0x7f0000003540)="13c1f63d027dc57420c8e17dd2399e30013eabdca5a6b499d672b82c92c0ae5cad2bcfc1ce42680a2901b59057c28364eb2f2433d836867c773d5cc286fb29f6a5f7dcf7213b7954e9824d68a5630a5d51810f45e05ffa89973b9c5b9f7de928cc0eaa26b9003ebe370b03148544f7d784e5861ff3a65a36f252614d9eddd56aca8f0235a45d826264cebbbd3b5893dc7a2b67aaf0436ac3714ddb44dd9313fd7294c33978cd03ae2c7e9024d73b38a93916e71a259949fedec59857b8a1f3346d7e0e138a71894bc716297f0f0f425d371bfb889eadefee9599c9778478d3d46348c3688e59c22dc6f298e1983d6fe8", 0xf0}], 0x3, &(0x7f0000003680)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @broadcast, @dev={0xac, 0x14, 0x14, 0x2d}}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7}}, @ip_ttl={{0x14, 0x0, 0x2, 0xd}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x5}}], 0x80}}], 0x2, 0x20000000)
fchdir(r1)
r3 = open(&(0x7f00000001c0)='.\x00', 0x141400, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
socket$inet_udplite(0x2, 0x2, 0x88)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
timer_getoverrun(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x3)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000080)={0x8080000, 0x0, 0x2})
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000180)={0x8000000, 0x6000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000040)={0xdddd0000, 0x10000})
getdents(r3, &(0x7f0000000280)=""/4096, 0x9005)
bpf$PROG_LOAD(0x5, &(0x7f00000037c0)={0x11, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x800000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x908}, 0x94)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd2a, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x2c}, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x7, 0xa, 0x0, 0x60}, {0x0, 0xffffffff, 0xfffffffffffffffe, 0x40000000, 0x0, 0x1a, 0x4, 0xfffffffffffffff6}, {0x77, 0x5, 0x0, 0x95}, 0x8}}, 0xb8}}, 0xc0e1ed0507c55408)
connect$inet6(r6, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c)
sendto$inet6(r6, 0x0, 0x0, 0x0, &(0x7f0000003780)={0xa, 0x4e22, 0xfb, @local, 0xc}, 0x1c)

0s ago: executing program 4 (id=487):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8d)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="1400000016000b63d25a80648c2594f90924fc60", 0x14}], 0x1, 0x0, 0x0, 0x600}, 0x0)
lsm_list_modules(0x0, 0x0, 0x0)
r1 = memfd_create(&(0x7f0000000580)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc5\x1d\xe7jDf\x87@\x8fg\x15RJw\x82\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7g\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0)
ftruncate(r1, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x2, 0x12, r1, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x22102, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000340)={<r6=>r5})
close(0xffffffffffffffff)
timerfd_create(0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='fdinfo/3\x00')
lseek(r7, 0x4, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000015c0)={0x18, 0x3, &(0x7f0000001480)=ANY=[@ANYRESHEX], &(0x7f0000000000)='syzkaller\x00', 0x2}, 0x94)
r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r8, 0x0, 0x1}, 0x18)
r10 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r9}, 0x8)
close(r10)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000480)="d8001c00180081064e81f7050044fd56170d12a0b9b5457073", 0x19}], 0x1}, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000040)={r6})
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e3, &(0x7f0000000180)={r5, r11})
ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000080)={{&(0x7f00003fe000/0x4000)=nil, 0x4000}})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0xc01, 0x3, 0x1230, 0x10e8, 0x5002004a, 0xa, 0x10e8, 0x0, 0x1208, 0x3c8, 0x3c8, 0x1208, 0x3c8, 0x3, 0x0, {[{{@ip={@private, @loopback, 0x0, 0x0, 'syzkaller0\x00', 'syzkaller0\x00'}, 0x60, 0x10a0, 0x10e8, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x0, 0x0, 0x0, './cgroup.cpu/syz1\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x0, {@ipv6=@private0, 'wg2\x00'}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "53f99237f41c832fc8969da1f2b7a86ddedeb7587f1590839a7a3acebc0f"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x1290)

kernel console output (not intermixed with test programs):

1, 0] type 2 family 0 port 6081 - 0
[  130.618393][  T926] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  130.766326][  T926] usb 1-1: device descriptor read/64, error -71
[  130.966441][  T926] usb usb1-port1: attempt power cycle
[  131.302612][ T6045] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  131.361143][ T6045] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  131.427229][ T6045] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  131.457443][ T6045] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  132.535245][ T6331] pim6reg: entered allmulticast mode
[  132.986599][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  132.993863][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  133.104797][ T6350] random: crng reseeded on system resumption
[  133.196602][ T6350] Restarting kernel threads ...
[  133.202048][ T6350] Done restarting kernel threads.
[  135.189717][ T6045] 8021q: adding VLAN 0 to HW filter on device bond0
[  135.299750][ T6045] 8021q: adding VLAN 0 to HW filter on device team0
[  135.418467][ T1095] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.425675][ T1095] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.553968][ T1114] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.561198][ T1114] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.644778][ T6371] netlink: 8 bytes leftover after parsing attributes in process `syz.2.92'.
[  135.809091][ T6370] gtp0: entered promiscuous mode
[  135.811566][ T6374] =======================================================
[  135.811566][ T6374] WARNING: The mand mount option has been deprecated and
[  135.811566][ T6374]          and is ignored by this kernel. Remove the mand
[  135.811566][ T6374]          option from the mount to silence this warning.
[  135.811566][ T6374] =======================================================
[  135.828416][ T6371] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  135.858283][ T6371] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  135.867156][ T6371] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  135.876388][ T6371] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  135.986005][ T6374] tmpfs: Bad value for 'mpol'
[  136.921068][ T6045] 8021q: adding VLAN 0 to HW filter on device batadv0
[  137.142234][ T6324] pim6reg: left allmulticast mode
[  137.306340][   T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  137.502720][   T24] usb 4-1: config 0 has no interfaces?
[  137.533968][   T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  137.577223][   T24] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  137.585378][   T24] usb 4-1: Manufacturer: syz
[  137.627157][   T24] usb 4-1: config 0 descriptor??
[  137.753073][ T6421] IPv6: Can't replace route, no match found
[  137.849426][   T24] usb 4-1: USB disconnect, device number 8
[  137.993856][ T6045] veth0_vlan: entered promiscuous mode
[  138.241254][ T6045] veth1_vlan: entered promiscuous mode
[  138.275541][ T6045] veth0_macvtap: entered promiscuous mode
[  138.881539][ T6045] veth1_macvtap: entered promiscuous mode
[  139.038197][ T6045] batman_adv: batadv0: Interface activated: batadv_slave_0
[  139.051285][ T6045] batman_adv: batadv0: Interface activated: batadv_slave_1
[  139.069057][ T6045] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  139.077972][ T6045] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  139.136131][ T6045] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  139.189234][ T6045] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  140.328554][ T5838] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  140.648794][   T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  140.655988][ T5838] usb 3-1: Using ep0 maxpacket: 8
[  140.836257][ T5838] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 255, changing to 11
[  140.910738][ T6453] netlink: 8 bytes leftover after parsing attributes in process `syz.0.109'.
[  140.932954][ T5838] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 59391, setting to 1024
[  140.967343][   T24] usb 2-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  141.001029][ T5838] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  141.024231][ T6453] netlink: 48 bytes leftover after parsing attributes in process `syz.0.109'.
[  141.104931][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.131752][ T5838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.157145][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.197106][   T24] usb 2-1: config 0 descriptor??
[  141.206004][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.293965][ T6444] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  141.395710][ T3012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.434346][ T6452] warning: `syz.0.109' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  141.452040][ T3012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.581578][ T5838] usb 3-1: string descriptor 0 read error: -71
[  141.609647][ T6459] netlink: 60 bytes leftover after parsing attributes in process `syz.3.110'.
[  141.621086][ T5838] hub 3-1:32.0: USB hub found
[  141.666487][ T5838] hub 3-1:32.0: config failed, can't read hub descriptor (err -22)
[  141.680461][ T6457] netlink: 60 bytes leftover after parsing attributes in process `syz.3.110'.
[  141.843547][   T24] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  141.894126][   T24] asix 2-1:0.0: probe with driver asix failed with error -71
[  141.965589][   T24] usb 2-1: USB disconnect, device number 3
[  141.973722][ T5838] usb 3-1: USB disconnect, device number 2
[  143.107272][ T6485] netlink: 'syz.1.114': attribute type 20 has an invalid length.
[  143.159454][ T6489] program syz.3.116 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  143.160789][ T6490] FAULT_INJECTION: forcing a failure.
[  143.160789][ T6490] name failslab, interval 1, probability 0, space 0, times 0
[  143.217113][ T6490] CPU: 1 UID: 0 PID: 6490 Comm: syz.0.115 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  143.217144][ T6490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  143.217156][ T6490] Call Trace:
[  143.217164][ T6490]  <TASK>
[  143.217173][ T6490]  dump_stack_lvl+0x189/0x250
[  143.217204][ T6490]  ? __pfx____ratelimit+0x10/0x10
[  143.217227][ T6490]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.217251][ T6490]  ? __pfx__printk+0x10/0x10
[  143.217285][ T6490]  ? __pfx___might_resched+0x10/0x10
[  143.217312][ T6490]  should_fail_ex+0x414/0x560
[  143.217340][ T6490]  should_failslab+0xa8/0x100
[  143.217365][ T6490]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  143.217387][ T6490]  ? __alloc_skb+0x112/0x2d0
[  143.217422][ T6490]  __alloc_skb+0x112/0x2d0
[  143.217456][ T6490]  netlink_sendmsg+0x5c6/0xb30
[  143.217508][ T6490]  ? __pfx_netlink_sendmsg+0x10/0x10
[  143.217546][ T6490]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  143.217566][ T6490]  ? __pfx_netlink_sendmsg+0x10/0x10
[  143.217598][ T6490]  __sock_sendmsg+0x219/0x270
[  143.217626][ T6490]  ____sys_sendmsg+0x505/0x830
[  143.217665][ T6490]  ? __pfx_____sys_sendmsg+0x10/0x10
[  143.217708][ T6490]  ? import_iovec+0x74/0xa0
[  143.217747][ T6490]  ___sys_sendmsg+0x21f/0x2a0
[  143.217783][ T6490]  ? __pfx____sys_sendmsg+0x10/0x10
[  143.217853][ T6490]  ? __fget_files+0x2a/0x420
[  143.217878][ T6490]  ? __fget_files+0x3a0/0x420
[  143.217914][ T6490]  __x64_sys_sendmsg+0x19b/0x260
[  143.217951][ T6490]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  143.217994][ T6490]  ? __pfx_ksys_write+0x10/0x10
[  143.218012][ T6490]  ? rcu_is_watching+0x15/0xb0
[  143.218042][ T6490]  ? do_syscall_64+0xbe/0x3b0
[  143.218070][ T6490]  do_syscall_64+0xfa/0x3b0
[  143.218093][ T6490]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.218115][ T6490]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.218136][ T6490]  ? clear_bhb_loop+0x60/0xb0
[  143.218162][ T6490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.218184][ T6490] RIP: 0033:0x7f2dca18e9a9
[  143.218203][ T6490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.218221][ T6490] RSP: 002b:00007f2dcafee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  143.218244][ T6490] RAX: ffffffffffffffda RBX: 00007f2dca3b5fa0 RCX: 00007f2dca18e9a9
[  143.218260][ T6490] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  143.218273][ T6490] RBP: 00007f2dcafee090 R08: 0000000000000000 R09: 0000000000000000
[  143.218286][ T6490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.218299][ T6490] R13: 0000000000000000 R14: 00007f2dca3b5fa0 R15: 00007ffde7f021e8
[  143.218331][ T6490]  </TASK>
[  143.488212][    C1] vkms_vblank_simulate: vblank timer overrun
[  143.605755][ T5901] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  143.694662][ T6503] FAULT_INJECTION: forcing a failure.
[  143.694662][ T6503] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  143.708020][ T6503] CPU: 1 UID: 0 PID: 6503 Comm: syz.0.119 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  143.708048][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  143.708060][ T6503] Call Trace:
[  143.708081][ T6503]  <TASK>
[  143.708090][ T6503]  dump_stack_lvl+0x189/0x250
[  143.708118][ T6503]  ? __pfx____ratelimit+0x10/0x10
[  143.708141][ T6503]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.708164][ T6503]  ? __pfx__printk+0x10/0x10
[  143.708191][ T6503]  ? __might_fault+0xb0/0x130
[  143.708223][ T6503]  should_fail_ex+0x414/0x560
[  143.708250][ T6503]  _copy_from_user+0x2d/0xb0
[  143.708281][ T6503]  drm_ioctl+0x58a/0xb10
[  143.708302][ T6503]  ? smk_tskacc+0x2fc/0x370
[  143.708333][ T6503]  ? __pfx_drm_mode_cursor2_ioctl+0x10/0x10
[  143.708364][ T6503]  ? __pfx_drm_ioctl+0x10/0x10
[  143.708400][ T6503]  ? __fget_files+0x2a/0x420
[  143.708447][ T6503]  ? bpf_lsm_file_ioctl+0x9/0x20
[  143.708472][ T6503]  ? __pfx_drm_ioctl+0x10/0x10
[  143.708494][ T6503]  __se_sys_ioctl+0xf9/0x170
[  143.708529][ T6503]  do_syscall_64+0xfa/0x3b0
[  143.708550][ T6503]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.708573][ T6503]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.708593][ T6503]  ? clear_bhb_loop+0x60/0xb0
[  143.708619][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.708639][ T6503] RIP: 0033:0x7f2dca18e9a9
[  143.708657][ T6503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.708675][ T6503] RSP: 002b:00007f2dcafee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  143.708696][ T6503] RAX: ffffffffffffffda RBX: 00007f2dca3b5fa0 RCX: 00007f2dca18e9a9
[  143.708711][ T6503] RDX: 0000200000000080 RSI: 00000000c02464bb RDI: 0000000000000003
[  143.708725][ T6503] RBP: 00007f2dcafee090 R08: 0000000000000000 R09: 0000000000000000
[  143.708751][ T6503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.708763][ T6503] R13: 0000000000000000 R14: 00007f2dca3b5fa0 R15: 00007ffde7f021e8
[  143.708795][ T6503]  </TASK>
[  143.917303][    C1] vkms_vblank_simulate: vblank timer overrun
[  143.968233][ T5901] usb 3-1: config 0 has an invalid interface number: 90 but max is 0
[  143.976427][ T5901] usb 3-1: config 0 has no interface number 0
[  143.982575][ T5901] usb 3-1: config 0 interface 90 altsetting 0 endpoint 0x85 has invalid maxpacket 512, setting to 64
[  143.996931][ T5901] usb 3-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=3a.fa
[  144.006105][ T5901] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.014126][ T5901] usb 3-1: Product: syz
[  144.018378][ T5901] usb 3-1: Manufacturer: syz
[  144.023036][ T5901] usb 3-1: SerialNumber: syz
[  144.129765][ T5901] usb 3-1: config 0 descriptor??
[  144.135558][ T6483] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  144.347849][ T5901] powermate: Expected payload of 3--6 bytes, found 64 bytes!
[  144.620388][ T6515] process 'syz.0.122' launched './file0' with NULL argv: empty string added
[  144.637057][ T5901] input: Griffin PowerMate as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.90/input/input6
[  145.174500][ T6515] batadv1: entered promiscuous mode
[  145.213027][ T6520] program syz.0.122 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  146.318159][    C1] powermate: config urb returned -71
[  146.323865][    C1] powermate: config urb returned -71
[  146.329524][    C1] powermate: config urb returned -71
[  146.335020][    C1] powermate: config urb returned -71
[  146.375595][ T5901] usb 3-1: USB disconnect, device number 3
[  146.381630][    C1] powermate 3-1:0.90: powermate_irq - usb_submit_urb failed with result: -19
[  146.443515][ T6524] capability: warning: `syz.1.121' uses deprecated v2 capabilities in a way that may be insecure
[  146.514277][ T6525] netlink: 'syz.3.123': attribute type 4 has an invalid length.
[  146.554183][ T6529] FAULT_INJECTION: forcing a failure.
[  146.554183][ T6529] name failslab, interval 1, probability 0, space 0, times 0
[  146.700356][ T6533] netlink: 'syz.3.123': attribute type 4 has an invalid length.
[  146.727062][ T6529] CPU: 0 UID: 0 PID: 6529 Comm: syz.2.125 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  146.727094][ T6529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  146.727107][ T6529] Call Trace:
[  146.727115][ T6529]  <TASK>
[  146.727124][ T6529]  dump_stack_lvl+0x189/0x250
[  146.727155][ T6529]  ? __pfx____ratelimit+0x10/0x10
[  146.727179][ T6529]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.727203][ T6529]  ? __pfx__printk+0x10/0x10
[  146.727238][ T6529]  ? ref_tracker_alloc+0x318/0x460
[  146.727266][ T6529]  should_fail_ex+0x414/0x560
[  146.727293][ T6529]  should_failslab+0xa8/0x100
[  146.727319][ T6529]  kmem_cache_alloc_noprof+0x73/0x3c0
[  146.727339][ T6529]  ? skb_clone+0x212/0x3a0
[  146.727365][ T6529]  skb_clone+0x212/0x3a0
[  146.727390][ T6529]  __netlink_deliver_tap+0x404/0x850
[  146.727435][ T6529]  ? netlink_deliver_tap+0x2e/0x1b0
[  146.727473][ T6529]  netlink_deliver_tap+0x19c/0x1b0
[  146.727505][ T6529]  netlink_unicast+0x730/0x8e0
[  146.727545][ T6529]  netlink_sendmsg+0x805/0xb30
[  146.727586][ T6529]  ? __pfx_netlink_sendmsg+0x10/0x10
[  146.727625][ T6529]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  146.727646][ T6529]  ? __pfx_netlink_sendmsg+0x10/0x10
[  146.727678][ T6529]  __sock_sendmsg+0x219/0x270
[  146.727706][ T6529]  ____sys_sendmsg+0x505/0x830
[  146.727745][ T6529]  ? __pfx_____sys_sendmsg+0x10/0x10
[  146.727789][ T6529]  ? import_iovec+0x74/0xa0
[  146.727823][ T6529]  ___sys_sendmsg+0x21f/0x2a0
[  146.727870][ T6529]  ? __pfx____sys_sendmsg+0x10/0x10
[  146.727940][ T6529]  ? __fget_files+0x2a/0x420
[  146.727981][ T6529]  ? __fget_files+0x3a0/0x420
[  146.728017][ T6529]  __x64_sys_sendmsg+0x19b/0x260
[  146.728053][ T6529]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  146.728097][ T6529]  ? __pfx_ksys_write+0x10/0x10
[  146.728115][ T6529]  ? rcu_is_watching+0x15/0xb0
[  146.728144][ T6529]  ? do_syscall_64+0xbe/0x3b0
[  146.728173][ T6529]  do_syscall_64+0xfa/0x3b0
[  146.728195][ T6529]  ? lockdep_hardirqs_on+0x9c/0x150
[  146.728218][ T6529]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.728239][ T6529]  ? clear_bhb_loop+0x60/0xb0
[  146.728263][ T6529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.728283][ T6529] RIP: 0033:0x7f909a38e9a9
[  146.728301][ T6529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  146.728319][ T6529] RSP: 002b:00007f909b1ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  146.728341][ T6529] RAX: ffffffffffffffda RBX: 00007f909a5b5fa0 RCX: 00007f909a38e9a9
[  146.728355][ T6529] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  146.728369][ T6529] RBP: 00007f909b1ee090 R08: 0000000000000000 R09: 0000000000000000
[  146.728381][ T6529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  146.728394][ T6529] R13: 0000000000000000 R14: 00007f909a5b5fa0 R15: 00007ffc12820828
[  146.728427][ T6529]  </TASK>
[  147.412391][ T6518] overlayfs: missing 'lowerdir'
[  147.846450][ T6544] (syz.2.127,6544,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  147.856349][ T6544] (syz.2.127,6544,1):ocfs2_fill_super:1177 ERROR: status = -22
[  147.987982][   T12] Bluetooth: (null): Invalid header checksum
[  148.650926][   T12] Bluetooth: (null): Invalid header checksum
[  150.324009][ T6559] netlink: 'syz.3.129': attribute type 1 has an invalid length.
[  152.345953][ T5909] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  153.387959][ T5909] usb 5-1: Using ep0 maxpacket: 8
[  153.462740][ T5909] usb 5-1: config 162 has an invalid interface number: 226 but max is 1
[  153.485897][ T5909] usb 5-1: config 162 has an invalid descriptor of length 97, skipping remainder of the config
[  153.751355][ T6632] netlink: 8 bytes leftover after parsing attributes in process `syz.0.134'.
[  153.953333][ T5909] usb 5-1: config 162 has 1 interface, different from the descriptor's value: 2
[  154.656618][ T5909] usb 5-1: config 162 has no interface number 0
[  154.761566][ T5909] usb 5-1: config 162 interface 226 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  154.956434][ T5909] usb 5-1: config 162 interface 226 has no altsetting 0
[  154.966044][ T5838] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  155.376195][ T5838] usb 1-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  155.547835][ T5838] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.597972][ T5838] usb 1-1: config 0 descriptor??
[  156.625983][ T5909] usb 5-1: string descriptor 0 read error: -71
[  156.632397][ T5909] usb 5-1: New USB device found, idVendor=07b8, idProduct=9271, bcdDevice=bc.4e
[  156.883911][ T5838] gspca_main: spca508-2.14.0 probing 8086:0110
[  156.931120][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.085896][ T5909] usb 5-1: can't set config #162, error -71
[  157.150331][ T6639] pim6reg: entered allmulticast mode
[  157.177734][ T6639] pim6reg: left allmulticast mode
[  157.515498][ T5838] gspca_spca508: reg_read err -110
[  157.524406][ T5909] usb 5-1: USB disconnect, device number 2
[  157.555605][ T5838] gspca_spca508: reg_read err -32
[  157.581814][ T5838] gspca_spca508: reg_read err -32
[  157.884129][ T5838] gspca_spca508: reg_read err -32
[  157.976328][ T5838] gspca_spca508: reg_read err -32
[  158.092762][ T5838] gspca_spca508: reg write: error -32
[  158.102907][ T5838] spca508 1-1:0.0: probe with driver spca508 failed with error -32
[  158.269241][ T5838] usb 1-1: USB disconnect, device number 6
[  158.779967][ T6654] (syz.4.141,6654,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  158.788685][ T6654] (syz.4.141,6654,0):ocfs2_fill_super:1177 ERROR: status = -22
[  159.946280][ T6666] Illegal XDP return value 729988096 on prog  (id 39) dev N/A, expect packet loss!
[  160.177367][ T6669] netlink: 'syz.0.142': attribute type 21 has an invalid length.
[  160.185429][ T6669] netlink: 4 bytes leftover after parsing attributes in process `syz.0.142'.
[  162.226314][  T926] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  162.386166][  T926] usb 4-1: device descriptor read/64, error -71
[  163.426103][ T6684] Bluetooth: MGMT ver 1.23
[  164.499195][ T6711] FAULT_INJECTION: forcing a failure.
[  164.499195][ T6711] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  164.512624][ T6711] CPU: 0 UID: 0 PID: 6711 Comm: syz.1.154 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  164.512652][ T6711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  164.512665][ T6711] Call Trace:
[  164.512673][ T6711]  <TASK>
[  164.512682][ T6711]  dump_stack_lvl+0x189/0x250
[  164.512711][ T6711]  ? __pfx____ratelimit+0x10/0x10
[  164.512734][ T6711]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.512758][ T6711]  ? __pfx__printk+0x10/0x10
[  164.512806][ T6711]  should_fail_ex+0x414/0x560
[  164.512834][ T6711]  strncpy_from_user+0x36/0x290
[  164.512872][ T6711]  getname_flags+0xf3/0x540
[  164.512902][ T6711]  user_path_at+0x24/0x60
[  164.512932][ T6711]  do_fchmodat+0xef/0x200
[  164.512965][ T6711]  ? __pfx_do_fchmodat+0x10/0x10
[  164.513007][ T6711]  __x64_sys_fchmodat+0x7d/0x90
[  164.513033][ T6711]  do_syscall_64+0xfa/0x3b0
[  164.513058][ T6711]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.513078][ T6711]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  164.513098][ T6711]  ? clear_bhb_loop+0x60/0xb0
[  164.513124][ T6711]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.513145][ T6711] RIP: 0033:0x7fa6b678e9a9
[  164.513163][ T6711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.513181][ T6711] RSP: 002b:00007fa6b762d038 EFLAGS: 00000246 ORIG_RAX: 000000000000010c
[  164.513203][ T6711] RAX: ffffffffffffffda RBX: 00007fa6b69b6160 RCX: 00007fa6b678e9a9
[  164.513219][ T6711] RDX: 0000000000000008 RSI: 0000200000000040 RDI: ffffffffffffffff
[  164.513233][ T6711] RBP: 00007fa6b762d090 R08: 0000000000000000 R09: 0000000000000000
[  164.513246][ T6711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.513258][ T6711] R13: 0000000000000000 R14: 00007fa6b69b6160 R15: 00007fff9836c588
[  164.513290][ T6711]  </TASK>
[  165.779178][ T6718] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  166.191345][ T6719] netlink: 16 bytes leftover after parsing attributes in process `syz.1.156'.
[  166.247373][ T6719] netlink: 28 bytes leftover after parsing attributes in process `syz.1.156'.
[  166.384303][ T6724] pim6reg: entered allmulticast mode
[  166.433750][ T6724] pim6reg: left allmulticast mode
[  166.959355][ T6714] ALSA: seq fatal error: cannot create timer (-19)
[  167.451611][ T6735] netlink: 36 bytes leftover after parsing attributes in process `syz.0.158'.
[  170.891338][ T6773] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  171.726339][ T5909] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  172.748782][ T5909] usb 2-1: Using ep0 maxpacket: 16
[  172.986269][ T5909] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  172.995390][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.019742][ T6791] FAULT_INJECTION: forcing a failure.
[  173.019742][ T6791] name failslab, interval 1, probability 0, space 0, times 0
[  173.045525][ T6789] tipc: Started in network mode
[  173.086793][ T6789] tipc: Node identity 726ee7974264, cluster identity 4711
[  173.094255][ T6789] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  173.099969][ T6791] CPU: 1 UID: 0 PID: 6791 Comm: syz.4.171 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  173.100002][ T6791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.100025][ T6791] Call Trace:
[  173.100035][ T6791]  <TASK>
[  173.100044][ T6791]  dump_stack_lvl+0x189/0x250
[  173.100079][ T6791]  ? __pfx____ratelimit+0x10/0x10
[  173.100105][ T6791]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.100131][ T6791]  ? __pfx__printk+0x10/0x10
[  173.100168][ T6791]  ? __pfx___might_resched+0x10/0x10
[  173.100193][ T6791]  ? fs_reclaim_acquire+0x7d/0x100
[  173.100227][ T6791]  should_fail_ex+0x414/0x560
[  173.100257][ T6791]  should_failslab+0xa8/0x100
[  173.100286][ T6791]  __kmalloc_node_noprof+0xd1/0x4e0
[  173.100308][ T6791]  ? alloc_slab_obj_exts+0x39/0xa0
[  173.100351][ T6791]  alloc_slab_obj_exts+0x39/0xa0
[  173.100387][ T6791]  __memcg_slab_post_alloc_hook+0x31e/0x7f0
[  173.100437][ T6791]  ? kasan_unpoison+0x48/0x70
[  173.100474][ T6791]  __kvmalloc_node_noprof+0x466/0x5f0
[  173.100500][ T6791]  ? traverse+0xd9/0x570
[  173.100541][ T6791]  traverse+0xd9/0x570
[  173.100605][ T6791]  ? __lock_acquire+0xab9/0xd20
[  173.100635][ T6791]  seq_read_iter+0xcfe/0xe10
[  173.100682][ T6791]  ? __asan_memset+0x22/0x50
[  173.100724][ T6791]  seq_read+0x2e2/0x3d0
[  173.100756][ T6791]  ? __lock_acquire+0xab9/0xd20
[  173.100790][ T6791]  ? __pfx_seq_read+0x10/0x10
[  173.100832][ T6791]  ? __import_iovec+0x5d4/0x7f0
[  173.100875][ T6791]  ? __pfx_seq_read+0x10/0x10
[  173.100902][ T6791]  proc_reg_read+0x1e6/0x2e0
[  173.100936][ T6791]  vfs_readv+0x5a7/0x850
[  173.100962][ T6791]  ? __pfx_proc_reg_read+0x10/0x10
[  173.100993][ T6791]  ? __pfx_vfs_readv+0x10/0x10
[  173.101041][ T6791]  ? __fget_files+0x2a/0x420
[  173.101070][ T6791]  ? __fget_files+0x3a0/0x420
[  173.101093][ T6791]  ? __fget_files+0x2a/0x420
[  173.101127][ T6791]  __x64_sys_preadv+0x197/0x2a0
[  173.101155][ T6791]  ? __pfx___x64_sys_preadv+0x10/0x10
[  173.101179][ T6791]  ? rcu_is_watching+0x15/0xb0
[  173.101213][ T6791]  ? do_syscall_64+0xbe/0x3b0
[  173.101245][ T6791]  do_syscall_64+0xfa/0x3b0
[  173.101270][ T6791]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.101295][ T6791]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.101319][ T6791]  ? clear_bhb_loop+0x60/0xb0
[  173.101349][ T6791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.101372][ T6791] RIP: 0033:0x7fcab5f8e9a9
[  173.101393][ T6791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.101413][ T6791] RSP: 002b:00007fcab6d88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  173.101439][ T6791] RAX: ffffffffffffffda RBX: 00007fcab61b5fa0 RCX: 00007fcab5f8e9a9
[  173.101457][ T6791] RDX: 0000000000000001 RSI: 00002000000007c0 RDI: 0000000000000004
[  173.101472][ T6791] RBP: 00007fcab6d88090 R08: 00000000fffffe01 R09: 0000000000000000
[  173.101486][ T6791] R10: 000000000000007f R11: 0000000000000246 R12: 0000000000000001
[  173.101501][ T6791] R13: 0000000000000000 R14: 00007fcab61b5fa0 R15: 00007ffc24de5658
[  173.101538][ T6791]  </TASK>
[  173.413591][ T5909] usb 2-1: Product: syz
[  173.418050][ T5909] usb 2-1: Manufacturer: syz
[  173.422677][ T5909] usb 2-1: SerialNumber: syz
[  173.430568][ T6795] syzkaller0: entered promiscuous mode
[  173.456576][ T5909] usb 2-1: config 0 descriptor??
[  173.474148][ T5909] visor 2-1:0.0: Sony Clie 3.5 converter detected
[  173.493631][ T6795] syzkaller0: entered allmulticast mode
[  173.670590][ T5909] usb 2-1: clie_3_5_startup: get config number bad return length: 0
[  173.886316][ T5909] visor 2-1:0.0: probe with driver visor failed with error -5
[  173.980107][ T6789] tipc: Resetting bearer <eth:syzkaller0>
[  174.097187][ T6799] ALSA: seq fatal error: cannot create timer (-19)
[  174.149582][ T6801] pim6reg: entered allmulticast mode
[  174.181487][ T6781] block nbd0: server does not support multiple connections per device.
[  174.197091][ T5909] tipc: Node number set to 806021015
[  174.202601][ T6784] tipc: Resetting bearer <eth:syzkaller0>
[  174.235729][ T6781] block nbd0: shutting down sockets
[  174.400241][ T6784] tipc: Disabling bearer <eth:syzkaller0>
[  174.899417][ T5909] usb 2-1: USB disconnect, device number 4
[  175.259554][ T6818] FAULT_INJECTION: forcing a failure.
[  175.259554][ T6818] name failslab, interval 1, probability 0, space 0, times 0
[  175.352830][ T6818] CPU: 0 UID: 0 PID: 6818 Comm: syz.0.177 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  175.352862][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  175.352875][ T6818] Call Trace:
[  175.352884][ T6818]  <TASK>
[  175.352894][ T6818]  dump_stack_lvl+0x189/0x250
[  175.352924][ T6818]  ? __pfx____ratelimit+0x10/0x10
[  175.352948][ T6818]  ? __pfx_dump_stack_lvl+0x10/0x10
[  175.352972][ T6818]  ? __pfx__printk+0x10/0x10
[  175.353007][ T6818]  ? __pfx___might_resched+0x10/0x10
[  175.353036][ T6818]  should_fail_ex+0x414/0x560
[  175.353064][ T6818]  should_failslab+0xa8/0x100
[  175.353091][ T6818]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  175.353115][ T6818]  ? __alloc_skb+0x112/0x2d0
[  175.353149][ T6818]  __alloc_skb+0x112/0x2d0
[  175.353184][ T6818]  netlink_sendmsg+0x5c6/0xb30
[  175.353226][ T6818]  ? __pfx_netlink_sendmsg+0x10/0x10
[  175.353266][ T6818]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  175.353288][ T6818]  ? __pfx_netlink_sendmsg+0x10/0x10
[  175.353320][ T6818]  __sock_sendmsg+0x219/0x270
[  175.353349][ T6818]  ____sys_sendmsg+0x505/0x830
[  175.353390][ T6818]  ? __pfx_____sys_sendmsg+0x10/0x10
[  175.353434][ T6818]  ? import_iovec+0x74/0xa0
[  175.353468][ T6818]  ___sys_sendmsg+0x21f/0x2a0
[  175.353504][ T6818]  ? __pfx____sys_sendmsg+0x10/0x10
[  175.353578][ T6818]  ? __fget_files+0x2a/0x420
[  175.353602][ T6818]  ? __fget_files+0x3a0/0x420
[  175.353638][ T6818]  __x64_sys_sendmsg+0x19b/0x260
[  175.353675][ T6818]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  175.353720][ T6818]  ? __pfx_ksys_write+0x10/0x10
[  175.353738][ T6818]  ? rcu_is_watching+0x15/0xb0
[  175.353768][ T6818]  ? do_syscall_64+0xbe/0x3b0
[  175.353797][ T6818]  do_syscall_64+0xfa/0x3b0
[  175.353833][ T6818]  ? lockdep_hardirqs_on+0x9c/0x150
[  175.353856][ T6818]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.353878][ T6818]  ? clear_bhb_loop+0x60/0xb0
[  175.353904][ T6818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.353926][ T6818] RIP: 0033:0x7f2dca18e9a9
[  175.353944][ T6818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.353962][ T6818] RSP: 002b:00007f2dcafee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  175.353985][ T6818] RAX: ffffffffffffffda RBX: 00007f2dca3b5fa0 RCX: 00007f2dca18e9a9
[  175.354001][ T6818] RDX: 0000000000040050 RSI: 0000200000000000 RDI: 0000000000000007
[  175.354015][ T6818] RBP: 00007f2dcafee090 R08: 0000000000000000 R09: 0000000000000000
[  175.354028][ T6818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.354041][ T6818] R13: 0000000000000000 R14: 00007f2dca3b5fa0 R15: 00007ffde7f021e8
[  175.354074][ T6818]  </TASK>
[  175.761693][ T6823] FAULT_INJECTION: forcing a failure.
[  175.761693][ T6823] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.775082][ T6823] CPU: 0 UID: 0 PID: 6823 Comm: syz.3.178 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  175.775112][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  175.775126][ T6823] Call Trace:
[  175.775135][ T6823]  <TASK>
[  175.775145][ T6823]  dump_stack_lvl+0x189/0x250
[  175.775174][ T6823]  ? __pfx____ratelimit+0x10/0x10
[  175.775199][ T6823]  ? __pfx_dump_stack_lvl+0x10/0x10
[  175.775223][ T6823]  ? __pfx__printk+0x10/0x10
[  175.775252][ T6823]  ? __might_fault+0xb0/0x130
[  175.775287][ T6823]  should_fail_ex+0x414/0x560
[  175.775317][ T6823]  _copy_from_user+0x2d/0xb0
[  175.775350][ T6823]  snd_seq_write+0x300/0x810
[  175.775389][ T6823]  ? __pfx_snd_seq_write+0x10/0x10
[  175.775414][ T6823]  ? bpf_lsm_file_permission+0x9/0x20
[  175.775439][ T6823]  ? security_file_permission+0x75/0x290
[  175.775466][ T6823]  ? rw_verify_area+0x258/0x650
[  175.775499][ T6823]  ? __pfx_snd_seq_write+0x10/0x10
[  175.775526][ T6823]  vfs_write+0x27b/0xa90
[  175.775557][ T6823]  ? __pfx_vfs_write+0x10/0x10
[  175.775579][ T6823]  ? __fget_files+0x2a/0x420
[  175.775608][ T6823]  ? __fget_files+0x2a/0x420
[  175.775631][ T6823]  ? __fget_files+0x3a0/0x420
[  175.775654][ T6823]  ? __fget_files+0x2a/0x420
[  175.775689][ T6823]  ksys_write+0x145/0x250
[  175.775713][ T6823]  ? __pfx_ksys_write+0x10/0x10
[  175.775731][ T6823]  ? rcu_is_watching+0x15/0xb0
[  175.775762][ T6823]  ? do_syscall_64+0xbe/0x3b0
[  175.775791][ T6823]  do_syscall_64+0xfa/0x3b0
[  175.775821][ T6823]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.775841][ T6823]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  175.775863][ T6823]  ? clear_bhb_loop+0x60/0xb0
[  175.775888][ T6823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.775910][ T6823] RIP: 0033:0x7f1d6138e9a9
[  175.775930][ T6823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.775948][ T6823] RSP: 002b:00007f1d6220d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  175.775971][ T6823] RAX: ffffffffffffffda RBX: 00007f1d615b5fa0 RCX: 00007f1d6138e9a9
[  175.775988][ T6823] RDX: 000000000000001c RSI: 0000200000000080 RDI: 0000000000000004
[  175.776002][ T6823] RBP: 00007f1d6220d090 R08: 0000000000000000 R09: 0000000000000000
[  175.776015][ T6823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.776027][ T6823] R13: 0000000000000000 R14: 00007f1d615b5fa0 R15: 00007ffd8b3f18c8
[  175.776068][ T6823]  </TASK>
[  176.149631][ T5848] Bluetooth: hci4: command 0x0405 tx timeout
[  176.333935][ T6826] netlink: 'syz.0.179': attribute type 1 has an invalid length.
[  176.595277][ T6829] delete_channel: no stack
[  176.918745][ T6835] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  177.472960][ T6826] bond1: (slave vti0): The slave device specified does not support setting the MAC address
[  178.439992][ T6826] bond1: (slave vti0): Setting fail_over_mac to active for active-backup mode
[  178.453157][ T6826] bond1: (slave vti0): making interface the new active one
[  178.461856][ T6826] bond1: (slave vti0): Enslaving as an active interface with an up link
[  179.473184][ T6854] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  180.880586][ T6881] FAULT_INJECTION: forcing a failure.
[  180.880586][ T6881] name failslab, interval 1, probability 0, space 0, times 0
[  180.893451][ T6881] CPU: 1 UID: 0 PID: 6881 Comm: syz.0.190 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  180.893480][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  180.893494][ T6881] Call Trace:
[  180.893504][ T6881]  <TASK>
[  180.893514][ T6881]  dump_stack_lvl+0x189/0x250
[  180.893555][ T6881]  ? __pfx____ratelimit+0x10/0x10
[  180.893579][ T6881]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.893604][ T6881]  ? __pfx__printk+0x10/0x10
[  180.893639][ T6881]  ? __pfx___might_resched+0x10/0x10
[  180.893662][ T6881]  ? fs_reclaim_acquire+0x7d/0x100
[  180.893694][ T6881]  should_fail_ex+0x414/0x560
[  180.893723][ T6881]  should_failslab+0xa8/0x100
[  180.893749][ T6881]  __kmalloc_noprof+0xcb/0x4f0
[  180.893770][ T6881]  ? do_handle_open+0x41b/0x850
[  180.893800][ T6881]  do_handle_open+0x41b/0x850
[  180.893830][ T6881]  ? __pfx_do_handle_open+0x10/0x10
[  180.893878][ T6881]  do_syscall_64+0xfa/0x3b0
[  180.893904][ T6881]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.893925][ T6881]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  180.893946][ T6881]  ? clear_bhb_loop+0x60/0xb0
[  180.893973][ T6881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.893995][ T6881] RIP: 0033:0x7f2dca18e9a9
[  180.894019][ T6881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.894037][ T6881] RSP: 002b:00007f2dcafac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[  180.894067][ T6881] RAX: ffffffffffffffda RBX: 00007f2dca3b6160 RCX: 00007f2dca18e9a9
[  180.894083][ T6881] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a
[  180.894097][ T6881] RBP: 00007f2dcafac090 R08: 0000000000000000 R09: 0000000000000000
[  180.894110][ T6881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  180.894123][ T6881] R13: 0000000000000000 R14: 00007f2dca3b6160 R15: 00007ffde7f021e8
[  180.894157][ T6881]  </TASK>
[  181.085109][    C1] vkms_vblank_simulate: vblank timer overrun
[  181.396502][ T6889] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  181.417357][ T6889] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  181.864720][ T6896] netlink: 'syz.4.196': attribute type 1 has an invalid length.
[  181.982991][ T6900] netlink: 12 bytes leftover after parsing attributes in process `syz.3.194'.
[  182.778416][ T6902] (syz.0.195,6902,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  182.787069][ T6902] (syz.0.195,6902,1):ocfs2_fill_super:1177 ERROR: status = -22
[  183.307152][ T6896] bond1: (slave vti0): The slave device specified does not support setting the MAC address
[  183.446493][ T6896] bond1: (slave vti0): Setting fail_over_mac to active for active-backup mode
[  183.559598][ T6896] bond1: (slave vti0): making interface the new active one
[  183.730744][ T6896] bond1: (slave vti0): Enslaving as an active interface with an up link
[  183.807895][ T6915] FAULT_INJECTION: forcing a failure.
[  183.807895][ T6915] name failslab, interval 1, probability 0, space 0, times 0
[  183.962628][ T6915] CPU: 0 UID: 0 PID: 6915 Comm: syz.0.199 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  183.962660][ T6915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  183.962674][ T6915] Call Trace:
[  183.962683][ T6915]  <TASK>
[  183.962692][ T6915]  dump_stack_lvl+0x189/0x250
[  183.962723][ T6915]  ? __pfx____ratelimit+0x10/0x10
[  183.962747][ T6915]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.962771][ T6915]  ? __pfx__printk+0x10/0x10
[  183.962807][ T6915]  ? ref_tracker_alloc+0x318/0x460
[  183.962840][ T6915]  should_fail_ex+0x414/0x560
[  183.962868][ T6915]  should_failslab+0xa8/0x100
[  183.962894][ T6915]  kmem_cache_alloc_noprof+0x73/0x3c0
[  183.962916][ T6915]  ? skb_clone+0x212/0x3a0
[  183.962942][ T6915]  skb_clone+0x212/0x3a0
[  183.962967][ T6915]  __netlink_deliver_tap+0x404/0x850
[  183.963013][ T6915]  ? netlink_deliver_tap+0x2e/0x1b0
[  183.963045][ T6915]  netlink_deliver_tap+0x19c/0x1b0
[  183.963100][ T6915]  netlink_unicast+0x730/0x8e0
[  183.963141][ T6915]  netlink_sendmsg+0x805/0xb30
[  183.963183][ T6915]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.963224][ T6915]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  183.963246][ T6915]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.963278][ T6915]  __sock_sendmsg+0x219/0x270
[  183.963308][ T6915]  ____sys_sendmsg+0x505/0x830
[  183.963348][ T6915]  ? __pfx_____sys_sendmsg+0x10/0x10
[  183.963398][ T6915]  ? import_iovec+0x74/0xa0
[  183.963434][ T6915]  ___sys_sendmsg+0x21f/0x2a0
[  183.963470][ T6915]  ? __pfx____sys_sendmsg+0x10/0x10
[  183.963544][ T6915]  ? __fget_files+0x2a/0x420
[  183.963568][ T6915]  ? __fget_files+0x3a0/0x420
[  183.963604][ T6915]  __x64_sys_sendmsg+0x19b/0x260
[  183.963642][ T6915]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  183.963696][ T6915]  ? do_syscall_64+0xbe/0x3b0
[  183.963726][ T6915]  do_syscall_64+0xfa/0x3b0
[  183.963749][ T6915]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.963771][ T6915]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.963793][ T6915]  ? clear_bhb_loop+0x60/0xb0
[  183.963820][ T6915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.963842][ T6915] RIP: 0033:0x7f2dca18e9a9
[  183.963860][ T6915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.963878][ T6915] RSP: 002b:00007f2dcafee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  183.963901][ T6915] RAX: ffffffffffffffda RBX: 00007f2dca3b5fa0 RCX: 00007f2dca18e9a9
[  183.963917][ T6915] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  183.963930][ T6915] RBP: 00007f2dcafee090 R08: 0000000000000000 R09: 0000000000000000
[  183.963943][ T6915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.963956][ T6915] R13: 0000000000000000 R14: 00007f2dca3b5fa0 R15: 00007ffde7f021e8
[  183.963989][ T6915]  </TASK>
[  184.526839][ T6912] tipc: Started in network mode
[  184.546091][ T6912] tipc: Node identity 56b55294be6f, cluster identity 4711
[  184.642847][ T6912] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  185.020863][ T6907] tipc: Resetting bearer <eth:syzkaller0>
[  185.670209][ T5838] tipc: Node number set to 3906622100
[  185.830028][ T6906] tipc: Disabling bearer <eth:syzkaller0>
[  185.976684][ T6924] fuse: Bad value for 'group_id'
[  185.981962][ T6924] fuse: Bad value for 'group_id'
[  186.725303][ T6935] FAULT_INJECTION: forcing a failure.
[  186.725303][ T6935] name failslab, interval 1, probability 0, space 0, times 0
[  187.496709][ T6935] CPU: 1 UID: 0 PID: 6935 Comm: syz.3.203 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  187.496741][ T6935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  187.496754][ T6935] Call Trace:
[  187.496763][ T6935]  <TASK>
[  187.496771][ T6935]  dump_stack_lvl+0x189/0x250
[  187.496802][ T6935]  ? __pfx____ratelimit+0x10/0x10
[  187.496826][ T6935]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.496851][ T6935]  ? __pfx__printk+0x10/0x10
[  187.496886][ T6935]  ? __pfx___might_resched+0x10/0x10
[  187.496915][ T6935]  should_fail_ex+0x414/0x560
[  187.496943][ T6935]  ? xp_create_and_assign_umem+0x184/0xce0
[  187.496967][ T6935]  should_failslab+0xa8/0x100
[  187.496992][ T6935]  __kvmalloc_node_noprof+0x161/0x5f0
[  187.497023][ T6935]  ? xp_create_and_assign_umem+0x184/0xce0
[  187.497055][ T6935]  xp_create_and_assign_umem+0x184/0xce0
[  187.497109][ T6935]  xsk_bind+0x42d/0xf90
[  187.497154][ T6935]  __sys_bind+0x2c6/0x3e0
[  187.497185][ T6935]  ? __pfx___sys_bind+0x10/0x10
[  187.497227][ T6935]  ? __pfx_ksys_write+0x10/0x10
[  187.497256][ T6935]  __x64_sys_bind+0x7a/0x90
[  187.497285][ T6935]  do_syscall_64+0xfa/0x3b0
[  187.497311][ T6935]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.497332][ T6935]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  187.497353][ T6935]  ? clear_bhb_loop+0x60/0xb0
[  187.497380][ T6935]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.497401][ T6935] RIP: 0033:0x7f1d6138e9a9
[  187.497420][ T6935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.497438][ T6935] RSP: 002b:00007f1d6220d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  187.497460][ T6935] RAX: ffffffffffffffda RBX: 00007f1d615b5fa0 RCX: 00007f1d6138e9a9
[  187.497476][ T6935] RDX: 0000000000000010 RSI: 00002000000002c0 RDI: 0000000000000003
[  187.497490][ T6935] RBP: 00007f1d6220d090 R08: 0000000000000000 R09: 0000000000000000
[  187.497503][ T6935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  187.497515][ T6935] R13: 0000000000000000 R14: 00007f1d615b5fa0 R15: 00007ffd8b3f18c8
[  187.497549][ T6935]  </TASK>
[  188.076129][ T6942] 8021q: VLANs not supported on caif0
[  188.417759][ T6958] FAULT_INJECTION: forcing a failure.
[  188.417759][ T6958] name failslab, interval 1, probability 0, space 0, times 0
[  188.484032][ T6958] CPU: 1 UID: 0 PID: 6958 Comm: syz.4.209 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  188.484064][ T6958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  188.484078][ T6958] Call Trace:
[  188.484086][ T6958]  <TASK>
[  188.484096][ T6958]  dump_stack_lvl+0x189/0x250
[  188.484130][ T6958]  ? __pfx____ratelimit+0x10/0x10
[  188.484153][ T6958]  ? __pfx_dump_stack_lvl+0x10/0x10
[  188.484178][ T6958]  ? __pfx__printk+0x10/0x10
[  188.484212][ T6958]  ? __pfx___might_resched+0x10/0x10
[  188.484241][ T6958]  should_fail_ex+0x414/0x560
[  188.484269][ T6958]  ? drm_gem_get_pages+0x161/0xa20
[  188.484300][ T6958]  should_failslab+0xa8/0x100
[  188.484325][ T6958]  __kvmalloc_node_noprof+0x161/0x5f0
[  188.484350][ T6958]  ? drm_gem_get_pages+0x161/0xa20
[  188.484389][ T6958]  drm_gem_get_pages+0x161/0xa20
[  188.484436][ T6958]  ? __pfx_drm_gem_get_pages+0x10/0x10
[  188.484512][ T6958]  drm_gem_shmem_get_pages_locked+0x201/0x440
[  188.484543][ T6958]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  188.484580][ T6958]  drm_gem_shmem_pin_locked+0x22c/0x460
[  188.484611][ T6958]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[  188.484645][ T6958]  ? ww_mutex_lock+0x3f/0x1c0
[  188.484671][ T6958]  ? __pfx_drm_gem_shmem_object_pin+0x10/0x10
[  188.484699][ T6958]  drm_gem_pin+0x9c/0xf0
[  188.484724][ T6958]  dma_buf_dynamic_attach+0x1e7/0x3d0
[  188.484758][ T6958]  ? __fget_files+0x3a0/0x420
[  188.484786][ T6958]  drm_gem_prime_import_dev+0xeb/0x340
[  188.484823][ T6958]  drm_gem_prime_fd_to_handle+0x1f1/0x4d0
[  188.484858][ T6958]  drm_ioctl_kernel+0x2cc/0x390
[  188.484883][ T6958]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  188.484912][ T6958]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  188.484948][ T6958]  drm_ioctl+0x67f/0xb10
[  188.484977][ T6958]  ? smk_tskacc+0x2fc/0x370
[  188.485011][ T6958]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  188.485046][ T6958]  ? __pfx_drm_ioctl+0x10/0x10
[  188.485084][ T6958]  ? __fget_files+0x2a/0x420
[  188.485112][ T6958]  ? bpf_lsm_file_ioctl+0x9/0x20
[  188.485138][ T6958]  ? __pfx_drm_ioctl+0x10/0x10
[  188.485161][ T6958]  __se_sys_ioctl+0xf9/0x170
[  188.485195][ T6958]  do_syscall_64+0xfa/0x3b0
[  188.485216][ T6958]  ? lockdep_hardirqs_on+0x9c/0x150
[  188.485237][ T6958]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.485258][ T6958]  ? clear_bhb_loop+0x60/0xb0
[  188.485285][ T6958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.485305][ T6958] RIP: 0033:0x7fcab5f8e9a9
[  188.485323][ T6958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.485342][ T6958] RSP: 002b:00007fcab6d88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  188.485365][ T6958] RAX: ffffffffffffffda RBX: 00007fcab61b5fa0 RCX: 00007fcab5f8e9a9
[  188.485381][ T6958] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000004
[  188.485395][ T6958] RBP: 00007fcab6d88090 R08: 0000000000000000 R09: 0000000000000000
[  188.485408][ T6958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.485421][ T6958] R13: 0000000000000000 R14: 00007fcab61b5fa0 R15: 00007ffc24de5658
[  188.485455][ T6958]  </TASK>
[  188.841654][ T6960] netlink: 'syz.3.210': attribute type 1 has an invalid length.
[  189.208344][ T6963] bond1: (slave vti0): The slave device specified does not support setting the MAC address
[  189.236324][ T5909] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  189.246039][ T6963] bond1: (slave vti0): Setting fail_over_mac to active for active-backup mode
[  189.338077][ T6963] bond1: (slave vti0): making interface the new active one
[  189.387065][ T6963] bond1: (slave vti0): Enslaving as an active interface with an up link
[  189.406074][ T5909] usb 2-1: Using ep0 maxpacket: 16
[  189.456722][ T5909] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  189.499336][ T5909] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  189.533204][ T5909] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  189.552189][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.594853][ T5909] usb 2-1: Product: syz
[  189.629608][ T5909] usb 2-1: Manufacturer: syz
[  189.670975][ T5909] usb 2-1: SerialNumber: syz
[  191.276093][ T5909] usb 2-1: 0:2 : does not exist
[  191.299689][ T5909] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  191.337179][ T5909] usb 2-1: USB disconnect, device number 5
[  191.534650][ T6185] udevd[6185]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  191.581551][ T6988] kvm: requested 9219 ns i8254 timer period limited to 200000 ns
[  191.992111][ T6999] FAULT_INJECTION: forcing a failure.
[  191.992111][ T6999] name failslab, interval 1, probability 0, space 0, times 0
[  192.043992][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  192.044011][   T30] audit: type=1326 audit(1753035183.032:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7000 comm="syz.0.219" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2dca18e9a9 code=0x0
[  192.054944][ T6999] CPU: 0 UID: 0 PID: 6999 Comm: syz.2.218 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  192.054983][ T6999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  192.054997][ T6999] Call Trace:
[  192.055007][ T6999]  <TASK>
[  192.055018][ T6999]  dump_stack_lvl+0x189/0x250
[  192.055053][ T6999]  ? __pfx____ratelimit+0x10/0x10
[  192.055080][ T6999]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.055108][ T6999]  ? __pfx__printk+0x10/0x10
[  192.055147][ T6999]  ? ref_tracker_alloc+0x318/0x460
[  192.055178][ T6999]  should_fail_ex+0x414/0x560
[  192.055210][ T6999]  should_failslab+0xa8/0x100
[  192.055238][ T6999]  kmem_cache_alloc_noprof+0x73/0x3c0
[  192.055263][ T6999]  ? skb_clone+0x212/0x3a0
[  192.055292][ T6999]  skb_clone+0x212/0x3a0
[  192.055320][ T6999]  __netlink_deliver_tap+0x404/0x850
[  192.055369][ T6999]  ? netlink_deliver_tap+0x2e/0x1b0
[  192.055404][ T6999]  netlink_deliver_tap+0x19c/0x1b0
[  192.055439][ T6999]  netlink_unicast+0x730/0x8e0
[  192.055484][ T6999]  netlink_sendmsg+0x805/0xb30
[  192.055529][ T6999]  ? __pfx_netlink_sendmsg+0x10/0x10
[  192.055572][ T6999]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  192.055597][ T6999]  ? __pfx_netlink_sendmsg+0x10/0x10
[  192.055632][ T6999]  __sock_sendmsg+0x219/0x270
[  192.055672][ T6999]  ____sys_sendmsg+0x505/0x830
[  192.055716][ T6999]  ? __pfx_____sys_sendmsg+0x10/0x10
[  192.055764][ T6999]  ? import_iovec+0x74/0xa0
[  192.055807][ T6999]  ___sys_sendmsg+0x21f/0x2a0
[  192.055846][ T6999]  ? __pfx____sys_sendmsg+0x10/0x10
[  192.055925][ T6999]  ? __fget_files+0x2a/0x420
[  192.055951][ T6999]  ? __fget_files+0x3a0/0x420
[  192.055992][ T6999]  __x64_sys_sendmsg+0x19b/0x260
[  192.056035][ T6999]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  192.056085][ T6999]  ? __pfx_ksys_write+0x10/0x10
[  192.056106][ T6999]  ? rcu_is_watching+0x15/0xb0
[  192.056165][ T6999]  ? do_syscall_64+0xbe/0x3b0
[  192.056197][ T6999]  do_syscall_64+0xfa/0x3b0
[  192.056222][ T6999]  ? lockdep_hardirqs_on+0x9c/0x150
[  192.056247][ T6999]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.056272][ T6999]  ? clear_bhb_loop+0x60/0xb0
[  192.056301][ T6999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.056325][ T6999] RIP: 0033:0x7f909a38e9a9
[  192.056346][ T6999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.056366][ T6999] RSP: 002b:00007f909b1ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  192.056393][ T6999] RAX: ffffffffffffffda RBX: 00007f909a5b5fa0 RCX: 00007f909a38e9a9
[  192.056408][ T6999] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  192.056422][ T6999] RBP: 00007f909b1ee090 R08: 0000000000000000 R09: 0000000000000000
[  192.056437][ T6999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  192.056451][ T6999] R13: 0000000000000000 R14: 00007f909a5b5fa0 R15: 00007ffc12820828
[  192.056487][ T6999]  </TASK>
[  192.436195][ T7006] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  192.557256][ T7009] netlink: 4 bytes leftover after parsing attributes in process `syz.0.219'.
[  192.592132][ T7009] netlink: 4 bytes leftover after parsing attributes in process `syz.0.219'.
[  192.642919][ T7009] netlink: 4 bytes leftover after parsing attributes in process `syz.0.219'.
[  192.756805][ T5902] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  192.960786][ T5902] usb 2-1: Using ep0 maxpacket: 8
[  192.978329][ T7006] batman_adv: batadv0: Removing interface: batadv_slave_1
[  192.990258][ T5902] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  192.999257][ T5902] usb 2-1: config 0 has no interface number 0
[  193.000338][   T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  193.005518][ T5902] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  193.028974][ T5902] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  193.042127][ T5902] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  193.052679][ T5902] usb 2-1: config 0 interface 2 altsetting 0 has an endpoint descriptor with address 0x5F, changing to 0xF
[  193.064957][ T5902] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0xF has invalid maxpacket 28271, setting to 1024
[  193.076498][ T5902] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024
[  193.090660][ T5902] usb 2-1: New USB device found, idVendor=05da, idProduct=0099, bcdDevice=d5.82
[  193.100160][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.108509][ T5902] usb 2-1: Product: syz
[  193.116845][ T5902] usb 2-1: Manufacturer: syz
[  193.121721][ T5902] usb 2-1: SerialNumber: syz
[  193.136885][ T5902] usb 2-1: config 0 descriptor??
[  193.143443][ T7011] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  193.209403][   T10] usb 3-1: Using ep0 maxpacket: 16
[  193.209563][ T7013] @: renamed from vlan0 (while UP)
[  193.217821][   T10] usb 3-1: config 7 has an invalid interface number: 46 but max is 0
[  193.236205][   T10] usb 3-1: config 7 has no interface number 0
[  193.242382][   T10] usb 3-1: config 7 interface 46 has no altsetting 0
[  193.270418][   T10] usb 3-1: New USB device found, idVendor=9fdb, idProduct=cfba, bcdDevice=f1.37
[  193.283640][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.309787][   T10] usb 3-1: Product: syz
[  193.317367][   T10] usb 3-1: Manufacturer: syz
[  193.322029][   T10] usb 3-1: SerialNumber: syz
[  193.394785][ T5902] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 2 is not bulk.
[  193.428900][ T5902] microtek usb (rev 0.4.3): can only deal with one output endpoints. Bailing out.
[  193.431585][ T7022] netlink: 'syz.4.224': attribute type 4 has an invalid length.
[  193.444397][ T5902] usb 2-1: USB disconnect, device number 6
[  193.508255][ T7022] netlink: 'syz.4.224': attribute type 4 has an invalid length.
[  193.534656][ T7022] IPVS: length: 24 != 6168
[  193.586515][ T7018] netlink: 'syz.2.222': attribute type 1 has an invalid length.
[  193.594285][ T7018] netlink: 20 bytes leftover after parsing attributes in process `syz.2.222'.
[  193.655312][   T10] usb 3-1: USB disconnect, device number 4
[  194.348564][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  194.366505][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  195.195668][ T7048] FAULT_INJECTION: forcing a failure.
[  195.195668][ T7048] name failslab, interval 1, probability 0, space 0, times 0
[  195.359114][ T7048] CPU: 1 UID: 0 PID: 7048 Comm: syz.1.232 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  195.359146][ T7048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  195.359158][ T7048] Call Trace:
[  195.359166][ T7048]  <TASK>
[  195.359175][ T7048]  dump_stack_lvl+0x189/0x250
[  195.359204][ T7048]  ? __pfx____ratelimit+0x10/0x10
[  195.359227][ T7048]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.359251][ T7048]  ? __pfx__printk+0x10/0x10
[  195.359283][ T7048]  ? ref_tracker_alloc+0x318/0x460
[  195.359310][ T7048]  should_fail_ex+0x414/0x560
[  195.359336][ T7048]  should_failslab+0xa8/0x100
[  195.359361][ T7048]  kmem_cache_alloc_noprof+0x73/0x3c0
[  195.359382][ T7048]  ? skb_clone+0x212/0x3a0
[  195.359407][ T7048]  skb_clone+0x212/0x3a0
[  195.359432][ T7048]  __netlink_deliver_tap+0x404/0x850
[  195.359475][ T7048]  ? netlink_deliver_tap+0x2e/0x1b0
[  195.359506][ T7048]  netlink_deliver_tap+0x19c/0x1b0
[  195.359537][ T7048]  netlink_unicast+0x730/0x8e0
[  195.359575][ T7048]  netlink_sendmsg+0x805/0xb30
[  195.359614][ T7048]  ? __pfx_netlink_sendmsg+0x10/0x10
[  195.359650][ T7048]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  195.359670][ T7048]  ? __pfx_netlink_sendmsg+0x10/0x10
[  195.359699][ T7048]  __sock_sendmsg+0x219/0x270
[  195.359726][ T7048]  ____sys_sendmsg+0x505/0x830
[  195.359761][ T7048]  ? __pfx_____sys_sendmsg+0x10/0x10
[  195.359802][ T7048]  ? import_iovec+0x74/0xa0
[  195.359835][ T7048]  ___sys_sendmsg+0x21f/0x2a0
[  195.359869][ T7048]  ? __pfx____sys_sendmsg+0x10/0x10
[  195.359940][ T7048]  ? __fget_files+0x2a/0x420
[  195.359963][ T7048]  ? __fget_files+0x3a0/0x420
[  195.359997][ T7048]  __x64_sys_sendmsg+0x19b/0x260
[  195.360032][ T7048]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  195.360072][ T7048]  ? __pfx_ksys_write+0x10/0x10
[  195.360088][ T7048]  ? rcu_is_watching+0x15/0xb0
[  195.360124][ T7048]  ? do_syscall_64+0xbe/0x3b0
[  195.360151][ T7048]  do_syscall_64+0xfa/0x3b0
[  195.360172][ T7048]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.360193][ T7048]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.360232][ T7048]  ? clear_bhb_loop+0x60/0xb0
[  195.360259][ T7048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.360275][ T7048] RIP: 0033:0x7fa6b678e9a9
[  195.360289][ T7048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.360302][ T7048] RSP: 002b:00007fa6b766f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  195.360319][ T7048] RAX: ffffffffffffffda RBX: 00007fa6b69b5fa0 RCX: 00007fa6b678e9a9
[  195.360330][ T7048] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  195.360340][ T7048] RBP: 00007fa6b766f090 R08: 0000000000000000 R09: 0000000000000000
[  195.360349][ T7048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.360359][ T7048] R13: 0000000000000000 R14: 00007fa6b69b5fa0 R15: 00007fff9836c588
[  195.360382][ T7048]  </TASK>
[  195.752709][ T7048] netlink: 'syz.1.232': attribute type 1 has an invalid length.
[  195.764171][ T7048] netlink: 20 bytes leftover after parsing attributes in process `syz.1.232'.
[  195.841817][ T7056] FAULT_INJECTION: forcing a failure.
[  195.841817][ T7056] name failslab, interval 1, probability 0, space 0, times 0
[  195.924936][ T7056] CPU: 1 UID: 0 PID: 7056 Comm: syz.0.233 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  195.924967][ T7056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  195.924980][ T7056] Call Trace:
[  195.924988][ T7056]  <TASK>
[  195.924997][ T7056]  dump_stack_lvl+0x189/0x250
[  195.925027][ T7056]  ? __pfx____ratelimit+0x10/0x10
[  195.925060][ T7056]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.925085][ T7056]  ? __pfx__printk+0x10/0x10
[  195.925119][ T7056]  ? __pfx___might_resched+0x10/0x10
[  195.925143][ T7056]  ? fs_reclaim_acquire+0x7d/0x100
[  195.925180][ T7056]  should_fail_ex+0x414/0x560
[  195.925209][ T7056]  should_failslab+0xa8/0x100
[  195.925234][ T7056]  __kmalloc_noprof+0xcb/0x4f0
[  195.925258][ T7056]  ? kfree+0x4d/0x440
[  195.925288][ T7056]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  195.925323][ T7056]  tomoyo_realpath_from_path+0xe3/0x5d0
[  195.925354][ T7056]  ? tomoyo_domain+0xda/0x130
[  195.925389][ T7056]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  195.925413][ T7056]  tomoyo_path_number_perm+0x1e8/0x5a0
[  195.925440][ T7056]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  195.925483][ T7056]  ? __lock_acquire+0xab9/0xd20
[  195.925526][ T7056]  ? __fget_files+0x2a/0x420
[  195.925554][ T7056]  ? __fget_files+0x2a/0x420
[  195.925577][ T7056]  ? __fget_files+0x3a0/0x420
[  195.925600][ T7056]  ? __fget_files+0x2a/0x420
[  195.925629][ T7056]  security_file_ioctl+0xcb/0x2d0
[  195.925656][ T7056]  __se_sys_ioctl+0x47/0x170
[  195.925692][ T7056]  do_syscall_64+0xfa/0x3b0
[  195.925715][ T7056]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.925737][ T7056]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.925759][ T7056]  ? clear_bhb_loop+0x60/0xb0
[  195.925785][ T7056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.925810][ T7056] RIP: 0033:0x7f2dca18e9a9
[  195.925829][ T7056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.925846][ T7056] RSP: 002b:00007f2dcafee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  195.925869][ T7056] RAX: ffffffffffffffda RBX: 00007f2dca3b5fa0 RCX: 00007f2dca18e9a9
[  195.925885][ T7056] RDX: 0000200000000000 RSI: 000000008028640c RDI: 0000000000000003
[  195.925899][ T7056] RBP: 00007f2dcafee090 R08: 0000000000000000 R09: 0000000000000000
[  195.925913][ T7056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.925925][ T7056] R13: 0000000000000000 R14: 00007f2dca3b5fa0 R15: 00007ffde7f021e8
[  195.925958][ T7056]  </TASK>
[  196.175950][   T30] audit: type=1326 audit(1753035186.922:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7043 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6138e9a9 code=0x7fc00000
[  196.198354][ T7056] ERROR: Out of memory at tomoyo_realpath_from_path.
[  196.361469][ T7063] netlink: 'syz.1.235': attribute type 4 has an invalid length.
[  196.437345][ T7067] netlink: 'syz.1.235': attribute type 4 has an invalid length.
[  196.472252][ T7063] IPVS: length: 24 != 6168
[  197.571015][   T51] Bluetooth: hci4: link tx timeout
[  197.576517][   T51] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  197.586138][   T51] Bluetooth: hci4: link tx timeout
[  197.591355][   T51] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  197.623072][   T51] Bluetooth: hci4: link tx timeout
[  197.643129][   T51] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  200.062996][   T51] Bluetooth: hci4: command 0x0405 tx timeout
[  200.108022][ T7077] Process accounting resumed
[  201.098381][ T7095] FAULT_INJECTION: forcing a failure.
[  201.098381][ T7095] name failslab, interval 1, probability 0, space 0, times 0
[  201.142774][ T7095] CPU: 0 UID: 0 PID: 7095 Comm: syz.1.248 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  201.142804][ T7095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  201.142818][ T7095] Call Trace:
[  201.142826][ T7095]  <TASK>
[  201.142836][ T7095]  dump_stack_lvl+0x189/0x250
[  201.142866][ T7095]  ? __pfx____ratelimit+0x10/0x10
[  201.142889][ T7095]  ? __pfx_dump_stack_lvl+0x10/0x10
[  201.142913][ T7095]  ? __pfx__printk+0x10/0x10
[  201.142948][ T7095]  ? __pfx___might_resched+0x10/0x10
[  201.142971][ T7095]  ? fs_reclaim_acquire+0x7d/0x100
[  201.143002][ T7095]  should_fail_ex+0x414/0x560
[  201.143030][ T7095]  should_failslab+0xa8/0x100
[  201.143056][ T7095]  __kmalloc_noprof+0xcb/0x4f0
[  201.143075][ T7095]  ? kfree+0x4d/0x440
[  201.143105][ T7095]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  201.143140][ T7095]  tomoyo_realpath_from_path+0xe3/0x5d0
[  201.143171][ T7095]  ? tomoyo_domain+0xda/0x130
[  201.143206][ T7095]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  201.143230][ T7095]  tomoyo_path_number_perm+0x1e8/0x5a0
[  201.143257][ T7095]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  201.143299][ T7095]  ? __lock_acquire+0xab9/0xd20
[  201.143342][ T7095]  ? __fget_files+0x2a/0x420
[  201.143370][ T7095]  ? __fget_files+0x2a/0x420
[  201.143393][ T7095]  ? __fget_files+0x3a0/0x420
[  201.143416][ T7095]  ? __fget_files+0x2a/0x420
[  201.143444][ T7095]  security_file_ioctl+0xcb/0x2d0
[  201.143472][ T7095]  __se_sys_ioctl+0x47/0x170
[  201.143508][ T7095]  do_syscall_64+0xfa/0x3b0
[  201.143531][ T7095]  ? lockdep_hardirqs_on+0x9c/0x150
[  201.143554][ T7095]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.143575][ T7095]  ? clear_bhb_loop+0x60/0xb0
[  201.143602][ T7095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.143623][ T7095] RIP: 0033:0x7fa6b678e9a9
[  201.143655][ T7095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.143673][ T7095] RSP: 002b:00007fa6b766f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  201.143696][ T7095] RAX: ffffffffffffffda RBX: 00007fa6b69b5fa0 RCX: 00007fa6b678e9a9
[  201.143712][ T7095] RDX: 0000200000000380 RSI: 0000000000005412 RDI: 0000000000000003
[  201.143726][ T7095] RBP: 00007fa6b766f090 R08: 0000000000000000 R09: 0000000000000000
[  201.143739][ T7095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  201.143751][ T7095] R13: 0000000000000000 R14: 00007fa6b69b5fa0 R15: 00007fff9836c588
[  201.143783][ T7095]  </TASK>
[  201.143792][ T7095] ERROR: Out of memory at tomoyo_realpath_from_path.
[  201.243746][ T7098] netlink: 'syz.4.250': attribute type 3 has an invalid length.
[  201.264328][ T6615] Bluetooth: (null): Too short H5 packet
[  201.366171][ T5902] usb 4-1: new low-speed USB device number 11 using dummy_hcd
[  201.370552][ T7098] netlink: 666 bytes leftover after parsing attributes in process `syz.4.250'.
[  201.441145][ T6615] Bluetooth: (null): Invalid header checksum
[  201.449924][ T6615] Bluetooth: (null): Invalid header checksum
[  201.580940][ T7110] netlink: 'syz.4.253': attribute type 4 has an invalid length.
[  201.605639][ T7110] netlink: 'syz.4.253': attribute type 4 has an invalid length.
[  201.633631][ T7110] IPVS: length: 24 != 6168
[  201.697741][ T5902] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  201.714313][ T5902] usb 4-1: config 0 has no interface number 0
[  201.720612][ T5902] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  201.731799][ T5902] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  201.743401][ T5902] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  201.779292][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.937886][ T7113] netlink: 'syz.0.252': attribute type 21 has an invalid length.
[  201.946133][ T7113] netlink: 4 bytes leftover after parsing attributes in process `syz.0.252'.
[  201.985648][ T5902] usb 4-1: config 0 descriptor??
[  202.037865][ T7099] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  202.838705][ T7099] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  202.927517][ T5902] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  203.327475][ T7099] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  203.692051][ T7129] netlink: 12 bytes leftover after parsing attributes in process `syz.0.257'.
[  203.693600][ T7099] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  203.746282][ T7099] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  203.764242][   T30] audit: type=1326 audit(1753035194.722:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7121 comm="syz.2.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909a38e9a9 code=0x7fc00000
[  204.844994][  T978] usb 4-1: USB disconnect, device number 11
[  205.818490][ T7152] netlink: 'syz.3.264': attribute type 4 has an invalid length.
[  206.001227][ T7155] netlink: 'syz.3.264': attribute type 4 has an invalid length.
[  206.800427][ T7152] IPVS: length: 24 != 6168
[  207.092996][ T7170] binder: 7169:7170 ioctl 80049367 2000000001c0 returned -22
[  208.208828][ T7176] netlink: 76 bytes leftover after parsing attributes in process `syz.3.269'.
[  208.269226][ T7176] binder: 7169:7176 ioctl c0306201 200000000540 returned -22
[  208.280075][ T7176] binder: 7169:7176 unknown command 0
[  208.285610][ T7176] binder: 7169:7176 ioctl c0306201 200000000480 returned -22
[  209.095743][ T7175] netlink: 8 bytes leftover after parsing attributes in process `syz.4.270'.
[  209.105026][ T7175] netlink: 48 bytes leftover after parsing attributes in process `syz.4.270'.
[  212.298270][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  212.305515][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  212.311683][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  212.319308][ T5849] Bluetooth: hci3: command 0x0406 tx timeout
[  212.752548][ T7189] netlink: 'syz.1.274': attribute type 4 has an invalid length.
[  213.772319][ T7206] netlink: 'syz.4.279': attribute type 4 has an invalid length.
[  213.781169][  T978] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  213.807094][ T7206] netlink: 'syz.4.279': attribute type 4 has an invalid length.
[  213.824966][ T7206] IPVS: length: 24 != 6168
[  213.956865][  T978] usb 1-1: Using ep0 maxpacket: 32
[  213.983015][  T978] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  214.013639][  T978] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  214.034258][  T978] usb 1-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  214.082724][ T7219] FAULT_INJECTION: forcing a failure.
[  214.082724][ T7219] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  214.096170][  T978] usb 1-1: config 0 interface 0 has no altsetting 1
[  214.113365][ T7219] CPU: 0 UID: 0 PID: 7219 Comm: syz.4.282 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  214.113401][ T7219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  214.113415][ T7219] Call Trace:
[  214.113423][ T7219]  <TASK>
[  214.113431][ T7219]  dump_stack_lvl+0x189/0x250
[  214.113462][ T7219]  ? __pfx____ratelimit+0x10/0x10
[  214.113484][ T7219]  ? __pfx_dump_stack_lvl+0x10/0x10
[  214.113508][ T7219]  ? __pfx__printk+0x10/0x10
[  214.113536][ T7219]  ? __might_fault+0xb0/0x130
[  214.113576][ T7219]  should_fail_ex+0x414/0x560
[  214.113603][ T7219]  _copy_from_user+0x2d/0xb0
[  214.113634][ T7219]  smc_setsockopt+0x3b8/0xab0
[  214.113663][ T7219]  ? __pfx_smc_setsockopt+0x10/0x10
[  214.113687][ T7219]  ? __fget_files+0x2a/0x420
[  214.113710][ T7219]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  214.113732][ T7219]  ? __pfx_smc_setsockopt+0x10/0x10
[  214.113754][ T7219]  do_sock_setsockopt+0x179/0x1b0
[  214.113791][ T7219]  __x64_sys_setsockopt+0x13f/0x1b0
[  214.113828][ T7219]  do_syscall_64+0xfa/0x3b0
[  214.113851][ T7219]  ? lockdep_hardirqs_on+0x9c/0x150
[  214.113873][ T7219]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.113895][ T7219]  ? clear_bhb_loop+0x60/0xb0
[  214.113921][ T7219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.113941][ T7219] RIP: 0033:0x7fcab5f8e9a9
[  214.113960][ T7219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.113979][ T7219] RSP: 002b:00007fcab6d88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  214.114002][ T7219] RAX: ffffffffffffffda RBX: 00007fcab61b5fa0 RCX: 00007fcab5f8e9a9
[  214.114017][ T7219] RDX: 0000000000000021 RSI: 0000000000000006 RDI: 0000000000000003
[  214.114030][ T7219] RBP: 00007fcab6d88090 R08: 0000000000000010 R09: 0000000000000000
[  214.114044][ T7219] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  214.114057][ T7219] R13: 0000000000000000 R14: 00007fcab61b5fa0 R15: 00007ffc24de5658
[  214.114108][ T7219]  </TASK>
[  214.350276][ T7217] bond1: entered promiscuous mode
[  214.355414][ T7217] bond1: entered allmulticast mode
[  214.361274][ T7217] 8021q: adding VLAN 0 to HW filter on device bond1
[  214.369595][  T978] usb 1-1: New USB device found, idVendor=0582, idProduct=0033, bcdDevice=8e.57
[  214.378758][  T978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.387173][  T978] usb 1-1: Product: syz
[  214.391381][  T978] usb 1-1: Manufacturer: syz
[  214.397052][  T978] usb 1-1: SerialNumber: syz
[  214.405016][  T978] usb 1-1: config 0 descriptor??
[  214.422010][  T978] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  214.450350][  T978] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2
[  214.489231][ T6185] udevd[6185]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  214.713321][ T7193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.771430][ T7193] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  216.176572][ T5901] usb 1-1: USB disconnect, device number 7
[  216.212562][ T7230] netlink: 8 bytes leftover after parsing attributes in process `syz.1.285'.
[  216.221606][ T7230] netlink: 48 bytes leftover after parsing attributes in process `syz.1.285'.
[  217.609142][ T5901] hid-generic 0005:16C0:5505.0001: item fetching failed at offset 0/1
[  217.638639][ T5901] hid-generic 0005:16C0:5505.0001: probe with driver hid-generic failed with error -22
[  219.236582][ T7268] netlink: 68 bytes leftover after parsing attributes in process `syz.1.294'.
[  219.336740][ T7265] FAULT_INJECTION: forcing a failure.
[  219.336740][ T7265] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.403379][ T7265] CPU: 0 UID: 0 PID: 7265 Comm: syz.0.293 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  219.403410][ T7265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  219.403424][ T7265] Call Trace:
[  219.403432][ T7265]  <TASK>
[  219.403442][ T7265]  dump_stack_lvl+0x189/0x250
[  219.403472][ T7265]  ? __pfx____ratelimit+0x10/0x10
[  219.403495][ T7265]  ? __pfx_dump_stack_lvl+0x10/0x10
[  219.403519][ T7265]  ? __pfx__printk+0x10/0x10
[  219.403545][ T7265]  ? __might_fault+0xb0/0x130
[  219.403577][ T7265]  should_fail_ex+0x414/0x560
[  219.403603][ T7265]  _copy_from_iter+0x1db/0x16f0
[  219.403632][ T7265]  ? sock_alloc_send_pskb+0x875/0x990
[  219.403661][ T7265]  ? __pfx__copy_from_iter+0x10/0x10
[  219.403697][ T7265]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  219.403725][ T7265]  skb_copy_datagram_from_iter+0xf5/0x720
[  219.403754][ T7265]  ? skb_put+0x11b/0x210
[  219.403790][ T7265]  tun_get_user+0x15c3/0x3ce0
[  219.403837][ T7265]  ? __might_fault+0xb0/0x130
[  219.403861][ T7265]  ? __pfx_tun_get_user+0x10/0x10
[  219.403898][ T7265]  ? __lock_acquire+0xab9/0xd20
[  219.403926][ T7265]  ? ref_tracker_alloc+0x318/0x460
[  219.403948][ T7265]  ? __lock_acquire+0xab9/0xd20
[  219.403970][ T7265]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  219.404002][ T7265]  ? tun_get+0x1c/0x2f0
[  219.404036][ T7265]  ? tun_get+0x1c/0x2f0
[  219.404062][ T7265]  ? tun_get+0x1c/0x2f0
[  219.404094][ T7265]  tun_chr_write_iter+0x113/0x200
[  219.404126][ T7265]  vfs_write+0x548/0xa90
[  219.404153][ T7265]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  219.404181][ T7265]  ? __pfx_vfs_write+0x10/0x10
[  219.404214][ T7265]  ? __fget_files+0x2a/0x420
[  219.404248][ T7265]  ksys_write+0x145/0x250
[  219.404272][ T7265]  ? __pfx_ksys_write+0x10/0x10
[  219.404290][ T7265]  ? rcu_is_watching+0x15/0xb0
[  219.404320][ T7265]  ? do_syscall_64+0xbe/0x3b0
[  219.404359][ T7265]  do_syscall_64+0xfa/0x3b0
[  219.404385][ T7265]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.404406][ T7265]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  219.404428][ T7265]  ? clear_bhb_loop+0x60/0xb0
[  219.404455][ T7265]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.404477][ T7265] RIP: 0033:0x7f2dca18e9a9
[  219.404497][ T7265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.404517][ T7265] RSP: 002b:00007f2dcafee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  219.404540][ T7265] RAX: ffffffffffffffda RBX: 00007f2dca3b5fa0 RCX: 00007f2dca18e9a9
[  219.404557][ T7265] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000003
[  219.404571][ T7265] RBP: 00007f2dcafee090 R08: 0000000000000000 R09: 0000000000000000
[  219.404585][ T7265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  219.404598][ T7265] R13: 0000000000000000 R14: 00007f2dca3b5fa0 R15: 00007ffde7f021e8
[  219.404632][ T7265]  </TASK>
[  219.422334][ T7269] xt_CT: No such helper "syz0"
[  219.525983][  T978] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  219.802537][ T7268] random: crng reseeded on system resumption
[  220.182492][   T30] audit: type=1326 audit(1753035211.172:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7271 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909a38e9a9 code=0x7fc00000
[  220.218480][  T978] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  220.240399][  T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  220.271019][  T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  220.315432][  T978] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  220.366010][  T978] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  220.375612][  T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.084819][  T978] usb 4-1: config 0 descriptor??
[  223.646426][  T978] usb 4-1: can't set config #0, error -71
[  223.655733][  T978] usb 4-1: USB disconnect, device number 12
[  223.748579][ T7283] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  223.756126][ T7283] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  223.776386][ T7283] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  223.782518][ T7283] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  223.793823][ T7283] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  223.800484][ T7283] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  223.811742][ T7283] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  223.819553][ T7283] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  223.832772][ T7283] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  223.865911][ T7283] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  223.930800][ T7288] pim6reg: entered allmulticast mode
[  223.988312][ T7287] pim6reg: left allmulticast mode
[  224.561510][ T7298] pim6reg: entered allmulticast mode
[  224.588283][ T7299] pim6reg: left allmulticast mode
[  224.687038][ T7296] ALSA: seq fatal error: cannot create timer (-19)
[  225.687392][   T30] audit: type=1326 audit(1753035216.682:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7308 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6138e9a9 code=0x7ffc0000
[  226.595957][   T30] audit: type=1326 audit(1753035216.682:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7308 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6138e9a9 code=0x7ffc0000
[  226.620063][   T30] audit: type=1326 audit(1753035216.682:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7308 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7f1d6138e9a9 code=0x7ffc0000
[  226.625927][ T5848] Bluetooth: hci2: command 0x0406 tx timeout
[  226.665754][ T5848] Bluetooth: hci3: command 0x0406 tx timeout
[  226.674625][ T5848] Bluetooth: hci1: command 0x0406 tx timeout
[  226.676261][ T5156] Bluetooth: hci0: command 0x0406 tx timeout
[  226.681344][ T5848] Bluetooth: hci4: command 0x0405 tx timeout
[  226.813430][   T30] audit: type=1326 audit(1753035216.682:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7308 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6138e9a9 code=0x7ffc0000
[  226.835139][   T30] audit: type=1326 audit(1753035216.682:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7308 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f1d6138e9a9 code=0x7ffc0000
[  226.866227][   T30] audit: type=1326 audit(1753035216.682:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7308 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6138e9a9 code=0x7ffc0000
[  226.915961][   T30] audit: type=1326 audit(1753035216.692:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7308 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f1d6138e9a9 code=0x7ffc0000
[  226.984378][ T7324] FAULT_INJECTION: forcing a failure.
[  226.984378][ T7324] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  227.000691][ T7324] CPU: 0 UID: 0 PID: 7324 Comm: syz.2.307 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  227.000713][ T7324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  227.000723][ T7324] Call Trace:
[  227.000729][ T7324]  <TASK>
[  227.000736][ T7324]  dump_stack_lvl+0x189/0x250
[  227.000757][ T7324]  ? __pfx____ratelimit+0x10/0x10
[  227.000773][ T7324]  ? __pfx_dump_stack_lvl+0x10/0x10
[  227.000791][ T7324]  ? __pfx__printk+0x10/0x10
[  227.000820][ T7324]  should_fail_ex+0x414/0x560
[  227.000841][ T7324]  _copy_to_user+0x31/0xb0
[  227.000865][ T7324]  simple_read_from_buffer+0xe1/0x170
[  227.000885][ T7324]  proc_fail_nth_read+0x1df/0x250
[  227.000907][ T7324]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  227.000929][ T7324]  ? rw_verify_area+0x258/0x650
[  227.000952][ T7324]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  227.000973][ T7324]  vfs_read+0x1fd/0x980
[  227.001001][ T7324]  ? __pfx___mutex_lock+0x10/0x10
[  227.001019][ T7324]  ? __pfx_vfs_read+0x10/0x10
[  227.001044][ T7324]  ? __fget_files+0x2a/0x420
[  227.001066][ T7324]  ? __fget_files+0x3a0/0x420
[  227.001082][ T7324]  ? __fget_files+0x2a/0x420
[  227.001106][ T7324]  ksys_read+0x145/0x250
[  227.001119][ T7324]  ? __fget_files+0x3a0/0x420
[  227.001137][ T7324]  ? __pfx_ksys_read+0x10/0x10
[  227.001155][ T7324]  ? do_syscall_64+0xbe/0x3b0
[  227.001176][ T7324]  do_syscall_64+0xfa/0x3b0
[  227.001192][ T7324]  ? lockdep_hardirqs_on+0x9c/0x150
[  227.001208][ T7324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.001223][ T7324]  ? clear_bhb_loop+0x60/0xb0
[  227.001242][ T7324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.001257][ T7324] RIP: 0033:0x7f909a38d3bc
[  227.001271][ T7324] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  227.001285][ T7324] RSP: 002b:00007f909b1ee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  227.001301][ T7324] RAX: ffffffffffffffda RBX: 00007f909a5b5fa0 RCX: 00007f909a38d3bc
[  227.001313][ T7324] RDX: 000000000000000f RSI: 00007f909b1ee0a0 RDI: 0000000000000005
[  227.001323][ T7324] RBP: 00007f909b1ee090 R08: 0000000000000000 R09: 0000000000000000
[  227.001332][ T7324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  227.001341][ T7324] R13: 0000000000000000 R14: 00007f909a5b5fa0 R15: 00007ffc12820828
[  227.001364][ T7324]  </TASK>
[  227.247109][   T30] audit: type=1326 audit(1753035216.692:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7308 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6138e9a9 code=0x7ffc0000
[  227.271622][   T30] audit: type=1326 audit(1753035216.692:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7308 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f1d6138e9a9 code=0x7ffc0000
[  227.466025][   T30] audit: type=1326 audit(1753035216.692:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7308 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6138e9a9 code=0x7ffc0000
[  227.983317][ T7326] xt_CT: No such helper "syz0"
[  228.684643][ T7334] netlink: 64 bytes leftover after parsing attributes in process `syz.1.310'.
[  228.705958][ T5834] Bluetooth: hci4: command 0x0405 tx timeout
[  228.712050][ T5834] Bluetooth: hci0: command 0x0406 tx timeout
[  228.718143][ T5848] Bluetooth: hci1: command 0x0406 tx timeout
[  228.718187][ T5156] Bluetooth: hci3: command 0x0406 tx timeout
[  228.724164][ T5848] Bluetooth: hci2: command 0x0406 tx timeout
[  228.803935][ T7339] pim6reg: entered allmulticast mode
[  228.842778][ T7336] pim6reg: left allmulticast mode
[  231.008243][ T7358] pim6reg: entered allmulticast mode
[  231.015152][ T7359] pim6reg: left allmulticast mode
[  231.125408][ T7352] ALSA: seq fatal error: cannot create timer (-19)
[  231.365898][  T926] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  231.615929][   T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  231.961487][  T926] usb 2-1: Using ep0 maxpacket: 16
[  232.282368][   T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  233.449189][  T926] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  234.375612][ T7364] syz.2.319 (7364): drop_caches: 2
[  234.401959][ T7364] syz.2.319 (7364): drop_caches: 2
[  234.658780][   T24] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  234.685997][   T24] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  234.708666][   T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  234.718035][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.880086][   T24] usb 1-1: Product: syz
[  234.909280][  T926] usb 2-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.40
[  234.968611][   T24] usb 1-1: Manufacturer: syz
[  235.024862][  T926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.040386][   T24] usb 1-1: SerialNumber: syz
[  235.108312][  T926] usb 2-1: Product: syz
[  235.131875][  T926] usb 2-1: Manufacturer: syz
[  235.163302][  T926] usb 2-1: SerialNumber: syz
[  235.192921][   T24] hub 1-1:1.0: bad descriptor, ignoring hub
[  235.274631][  T926] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input7
[  235.303717][   T24] hub 1-1:1.0: probe with driver hub failed with error -5
[  235.437698][   T24] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  235.733908][ T5191] bcm5974 2-1:1.0: could not read from device
[  235.761193][ T5191] bcm5974 2-1:1.0: could not read from device
[  235.776027][  T926] usb 2-1: USB disconnect, device number 7
[  235.789832][   T24] usb 1-1: USB disconnect, device number 8
[  236.243144][ T5191] bcm5974 2-1:1.0: could not read from device
[  236.384510][ T5191] bcm5974 2-1:1.0: could not read from device
[  236.436836][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  236.436854][   T30] audit: type=1326 audit(1753035227.432:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7381 comm="syz.4.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab5f8e9a9 code=0x7fc00000
[  236.471271][   T24] usblp0: removed
[  238.201788][   T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  239.205869][   T24] usb 2-1: Using ep0 maxpacket: 8
[  239.234307][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[  239.244120][   T24] usb 2-1: config 8 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 8
[  239.365936][   T24] usb 2-1: config 8 interface 0 has no altsetting 0
[  239.477186][   T24] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5
[  239.563660][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.656988][   T24] usb 2-1: Product: syz
[  239.661690][   T24] usb 2-1: Manufacturer: syz
[  239.719967][  T926] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  239.762878][   T24] usb 2-1: SerialNumber: syz
[  239.813843][   T24] usb 2-1: can't set config #8, error -71
[  239.834639][   T24] usb 2-1: USB disconnect, device number 8
[  240.078325][ T6176] udevd[6176]: setting mode of /dev/bus/usb/002/008 to 020664 failed: No such file or directory
[  240.138010][ T7445] capability: warning: `syz.3.333' uses 32-bit capabilities (legacy support in use)
[  240.733998][ T6176] udevd[6176]: setting owner of /dev/bus/usb/002/008 to uid=0, gid=0 failed: No such file or directory
[  240.770612][  T926] usb 1-1: Using ep0 maxpacket: 16
[  240.798273][  T926] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  240.823860][  T926] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  240.863079][ T5834] Bluetooth: hci2: unexpected event for opcode 0x204e
[  240.871070][  T926] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  240.887014][  T926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.897139][  T926] usb 1-1: Product: syz
[  240.901368][  T926] usb 1-1: Manufacturer: syz
[  240.906642][  T926] usb 1-1: SerialNumber: syz
[  241.302922][ T7457] (syz.4.336,7457,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  241.311667][ T7457] (syz.4.336,7457,1):ocfs2_fill_super:1177 ERROR: status = -22
[  242.051566][  T926] usb 1-1: 0:2 : does not exist
[  242.105957][   T24] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  242.288278][   T24] usb 2-1: Using ep0 maxpacket: 16
[  242.306379][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[  242.323449][   T24] usb 2-1: config 1 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 39, changing to 9
[  242.336283][   T24] usb 2-1: config 1 interface 0 altsetting 127 endpoint 0x81 has invalid maxpacket 1536, setting to 1024
[  242.347811][   T24] usb 2-1: config 1 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  242.396898][   T24] usb 2-1: config 1 interface 0 has no altsetting 0
[  242.581855][  T926] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  242.590053][   T24] usb 2-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40
[  242.635308][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.956253][   T24] usb 2-1: Product: syz
[  242.960506][   T24] usb 2-1: Manufacturer: syz
[  242.965137][   T24] usb 2-1: SerialNumber: syz
[  243.011547][   T30] audit: type=1326 audit(1753035233.972:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7463 comm="syz.4.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab5f8e9a9 code=0x7fc00000
[  243.054472][  T926] usb 1-1: USB disconnect, device number 9
[  243.055689][ T7454] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  243.134949][ T6185] udevd[6185]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  243.278333][ T7479] netlink: 20 bytes leftover after parsing attributes in process `syz.3.342'.
[  243.344473][   T24] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input8
[  243.956094][    C0] bcm5974 2-1:1.0: trackpad urb failed: -1
[  244.103448][ T7491] sctp: [Deprecated]: syz.2.344 (pid 7491) Use of int in maxseg socket option.
[  244.103448][ T7491] Use struct sctp_assoc_value instead
[  244.161196][ T5191] bcm5974 2-1:1.0: could not read from device
[  244.161588][   T10] usb 2-1: USB disconnect, device number 9
[  244.199766][ T5191] bcm5974 2-1:1.0: could not read from device
[  244.286915][ T5838] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  244.325897][  T978] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  244.454171][ T5838] usb 4-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  244.472660][ T7495] netlink: 8 bytes leftover after parsing attributes in process `syz.4.347'.
[  244.487299][ T5838] usb 4-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  244.500742][ T7495] netlink: 48 bytes leftover after parsing attributes in process `syz.4.347'.
[  244.510362][  T978] usb 1-1: Using ep0 maxpacket: 16
[  244.547114][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  244.561012][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  244.574919][ T5838] usb 4-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=26.29
[  244.589750][ T5838] usb 4-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  244.598788][  T978] usb 1-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.00
[  244.609359][ T5838] usb 4-1: Manufacturer: syz
[  244.614035][ T5838] usb 4-1: SerialNumber: syz
[  244.624271][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.656247][  T978] usb 1-1: config 0 descriptor??
[  244.952337][ T7484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  244.978330][ T7484] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  245.037325][ T5838] usbhid 4-1:36.0: couldn't find an input interrupt endpoint
[  245.077841][ T5838] usb 4-1: USB disconnect, device number 13
[  245.211650][ T7501] netlink: 28 bytes leftover after parsing attributes in process `syz.1.349'.
[  245.426578][ T7506] FAULT_INJECTION: forcing a failure.
[  245.426578][ T7506] name failslab, interval 1, probability 0, space 0, times 0
[  245.481679][ T7506] CPU: 1 UID: 0 PID: 7506 Comm: syz.2.351 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  245.481713][ T7506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  245.481728][ T7506] Call Trace:
[  245.481738][ T7506]  <TASK>
[  245.481749][ T7506]  dump_stack_lvl+0x189/0x250
[  245.481781][ T7506]  ? __pfx____ratelimit+0x10/0x10
[  245.481805][ T7506]  ? __pfx_dump_stack_lvl+0x10/0x10
[  245.481831][ T7506]  ? __pfx__printk+0x10/0x10
[  245.481865][ T7506]  ? __pfx___might_resched+0x10/0x10
[  245.481905][ T7506]  should_fail_ex+0x414/0x560
[  245.481934][ T7506]  should_failslab+0xa8/0x100
[  245.481961][ T7506]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  245.481985][ T7506]  ? __alloc_skb+0x112/0x2d0
[  245.482020][ T7506]  __alloc_skb+0x112/0x2d0
[  245.482055][ T7506]  netlink_sendmsg+0x5c6/0xb30
[  245.482098][ T7506]  ? __pfx_netlink_sendmsg+0x10/0x10
[  245.482139][ T7506]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  245.482162][ T7506]  ? __pfx_netlink_sendmsg+0x10/0x10
[  245.482193][ T7506]  __sock_sendmsg+0x219/0x270
[  245.482224][ T7506]  ____sys_sendmsg+0x505/0x830
[  245.482264][ T7506]  ? __pfx_____sys_sendmsg+0x10/0x10
[  245.482308][ T7506]  ? import_iovec+0x74/0xa0
[  245.482343][ T7506]  ___sys_sendmsg+0x21f/0x2a0
[  245.482379][ T7506]  ? __pfx____sys_sendmsg+0x10/0x10
[  245.482452][ T7506]  ? __fget_files+0x2a/0x420
[  245.482476][ T7506]  ? __fget_files+0x3a0/0x420
[  245.482512][ T7506]  __x64_sys_sendmsg+0x19b/0x260
[  245.482549][ T7506]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  245.482594][ T7506]  ? __pfx_ksys_write+0x10/0x10
[  245.482612][ T7506]  ? rcu_is_watching+0x15/0xb0
[  245.482642][ T7506]  ? do_syscall_64+0xbe/0x3b0
[  245.482674][ T7506]  do_syscall_64+0xfa/0x3b0
[  245.482698][ T7506]  ? lockdep_hardirqs_on+0x9c/0x150
[  245.482720][ T7506]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.482743][ T7506]  ? clear_bhb_loop+0x60/0xb0
[  245.482770][ T7506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.482792][ T7506] RIP: 0033:0x7f909a38e9a9
[  245.482811][ T7506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.482831][ T7506] RSP: 002b:00007f909b1ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  245.482854][ T7506] RAX: ffffffffffffffda RBX: 00007f909a5b5fa0 RCX: 00007f909a38e9a9
[  245.482870][ T7506] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  245.482885][ T7506] RBP: 00007f909b1ee090 R08: 0000000000000000 R09: 0000000000000000
[  245.482905][ T7506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  245.482919][ T7506] R13: 0000000000000000 R14: 00007f909a5b5fa0 R15: 00007ffc12820828
[  245.482952][ T7506]  </TASK>
[  246.243067][  T978] input: HID 0458:5012 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5012.0002/input/input9
[  246.349287][  T978] input: HID 0458:5012 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5012.0002/input/input10
[  246.640948][  T978] kye 0003:0458:5012.0002: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5012] on usb-dummy_hcd.0-1/input0
[  247.432182][  T978] usb 1-1: USB disconnect, device number 10
[  247.756884][ T7523] FAULT_INJECTION: forcing a failure.
[  247.756884][ T7523] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  247.855206][ T7523] CPU: 1 UID: 0 PID: 7523 Comm: syz.1.355 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  247.855238][ T7523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  247.855251][ T7523] Call Trace:
[  247.855260][ T7523]  <TASK>
[  247.855270][ T7523]  dump_stack_lvl+0x189/0x250
[  247.855300][ T7523]  ? __pfx____ratelimit+0x10/0x10
[  247.855321][ T7523]  ? __pfx_dump_stack_lvl+0x10/0x10
[  247.855344][ T7523]  ? __pfx__printk+0x10/0x10
[  247.855385][ T7523]  ? __might_fault+0xb0/0x130
[  247.855414][ T7523]  should_fail_ex+0x414/0x560
[  247.855441][ T7523]  _copy_to_user+0x31/0xb0
[  247.855474][ T7523]  copy_to_sockptr+0x5e/0xa0
[  247.855503][ T7523]  do_ip_getsockopt+0x1000/0x1b60
[  247.855540][ T7523]  ? __pfx_do_ip_getsockopt+0x10/0x10
[  247.855566][ T7523]  ? register_lock_class+0x51/0x320
[  247.855607][ T7523]  ? __lock_acquire+0xab9/0xd20
[  247.855636][ T7523]  ? __mutex_trylock_common+0x153/0x260
[  247.855665][ T7523]  ? __pfx___mutex_trylock_common+0x10/0x10
[  247.855696][ T7523]  ? rcu_is_watching+0x15/0xb0
[  247.855720][ T7523]  ? trace_contention_end+0x39/0x120
[  247.855747][ T7523]  ? __mutex_lock+0x330/0xe80
[  247.855790][ T7523]  ip_getsockopt+0xbb/0x220
[  247.855824][ T7523]  ? __pfx_ip_getsockopt+0x10/0x10
[  247.855856][ T7523]  ? sock_common_getsockopt+0x2d/0xb0
[  247.855887][ T7523]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  247.855913][ T7523]  smc_getsockopt+0x1b7/0x380
[  247.855941][ T7523]  ? __pfx_smc_getsockopt+0x10/0x10
[  247.855969][ T7523]  ? __pfx_smc_getsockopt+0x10/0x10
[  247.856001][ T7523]  do_sock_getsockopt+0x372/0x450
[  247.856037][ T7523]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  247.856069][ T7523]  ? do_syscall_64+0x20/0x3b0
[  247.856092][ T7523]  ? __fget_files+0x3a0/0x420
[  247.856116][ T7523]  ? __fget_files+0x2a/0x420
[  247.856149][ T7523]  __x64_sys_getsockopt+0x1a5/0x250
[  247.856180][ T7523]  ? do_syscall_64+0x20/0x3b0
[  247.856200][ T7523]  ? do_syscall_64+0x20/0x3b0
[  247.856223][ T7523]  do_syscall_64+0xfa/0x3b0
[  247.856241][ T7523]  ? lockdep_hardirqs_on+0x9c/0x150
[  247.856261][ T7523]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.856283][ T7523]  ? clear_bhb_loop+0x60/0xb0
[  247.856311][ T7523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.856333][ T7523] RIP: 0033:0x7fa6b678e9a9
[  247.856353][ T7523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.856373][ T7523] RSP: 002b:00007fa6b766f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  247.856396][ T7523] RAX: ffffffffffffffda RBX: 00007fa6b69b5fa0 RCX: 00007fa6b678e9a9
[  247.856412][ T7523] RDX: 0000000000000021 RSI: 0000000000000000 RDI: 0000000000000003
[  247.856424][ T7523] RBP: 00007fa6b766f090 R08: 0000200000000040 R09: 0000000000000000
[  247.856439][ T7523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  247.856453][ T7523] R13: 0000000000000000 R14: 00007fa6b69b5fa0 R15: 00007fff9836c588
[  247.856484][ T7523]  </TASK>
[  248.145833][    C1] vkms_vblank_simulate: vblank timer overrun
[  248.175018][ T7520] fido_id[7520]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  248.579211][ T7532] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  249.026471][ T7538] pim6reg: entered allmulticast mode
[  249.365554][ T7542] netlink: 12 bytes leftover after parsing attributes in process `syz.1.361'.
[  249.369300][ T7543] netlink: 12 bytes leftover after parsing attributes in process `syz.1.361'.
[  249.591711][ T7545] netlink: 28 bytes leftover after parsing attributes in process `syz.1.361'.
[  249.616588][ T7547] FAULT_INJECTION: forcing a failure.
[  249.616588][ T7547] name failslab, interval 1, probability 0, space 0, times 0
[  249.654417][ T7547] CPU: 1 UID: 0 PID: 7547 Comm: syz.3.362 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  249.654448][ T7547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  249.654461][ T7547] Call Trace:
[  249.654469][ T7547]  <TASK>
[  249.654479][ T7547]  dump_stack_lvl+0x189/0x250
[  249.654509][ T7547]  ? __pfx____ratelimit+0x10/0x10
[  249.654532][ T7547]  ? __pfx_dump_stack_lvl+0x10/0x10
[  249.654556][ T7547]  ? __pfx__printk+0x10/0x10
[  249.654601][ T7547]  ? __pfx___might_resched+0x10/0x10
[  249.654625][ T7547]  ? fs_reclaim_acquire+0x7d/0x100
[  249.654657][ T7547]  should_fail_ex+0x414/0x560
[  249.654686][ T7547]  should_failslab+0xa8/0x100
[  249.654712][ T7547]  __kmalloc_noprof+0xcb/0x4f0
[  249.654732][ T7547]  ? kfree+0x4d/0x440
[  249.654762][ T7547]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  249.654796][ T7547]  tomoyo_realpath_from_path+0xe3/0x5d0
[  249.654828][ T7547]  ? tomoyo_domain+0xda/0x130
[  249.654863][ T7547]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  249.654887][ T7547]  tomoyo_path_number_perm+0x1e8/0x5a0
[  249.654915][ T7547]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  249.654958][ T7547]  ? __lock_acquire+0xab9/0xd20
[  249.655001][ T7547]  ? __fget_files+0x2a/0x420
[  249.655030][ T7547]  ? __fget_files+0x2a/0x420
[  249.655052][ T7547]  ? __fget_files+0x3a0/0x420
[  249.655074][ T7547]  ? __fget_files+0x2a/0x420
[  249.655103][ T7547]  security_file_ioctl+0xcb/0x2d0
[  249.655131][ T7547]  __se_sys_ioctl+0x47/0x170
[  249.655167][ T7547]  do_syscall_64+0xfa/0x3b0
[  249.655191][ T7547]  ? lockdep_hardirqs_on+0x9c/0x150
[  249.655214][ T7547]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.655236][ T7547]  ? clear_bhb_loop+0x60/0xb0
[  249.655263][ T7547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.655284][ T7547] RIP: 0033:0x7f1d6138e9a9
[  249.655303][ T7547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.655323][ T7547] RSP: 002b:00007f1d6220d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  249.655346][ T7547] RAX: ffffffffffffffda RBX: 00007f1d615b5fa0 RCX: 00007f1d6138e9a9
[  249.655363][ T7547] RDX: 0000200000000000 RSI: 000000000000227c RDI: 000000000000000a
[  249.655377][ T7547] RBP: 00007f1d6220d090 R08: 0000000000000000 R09: 0000000000000000
[  249.655391][ T7547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  249.655405][ T7547] R13: 0000000000000000 R14: 00007f1d615b5fa0 R15: 00007ffd8b3f18c8
[  249.655439][ T7547]  </TASK>
[  249.655448][ T7547] ERROR: Out of memory at tomoyo_realpath_from_path.
[  249.814739][ T7533] pim6reg: left allmulticast mode
[  249.997212][ T7545] 8021q: adding VLAN 0 to HW filter on device bond2
[  250.603492][ T7556] sd 0:0:1:0: device reset
[  252.721111][ T7559] netlink: 'syz.1.365': attribute type 1 has an invalid length.
[  252.923670][ T7559] bond3: (slave vti0): The slave device specified does not support setting the MAC address
[  253.316045][ T7559] bond3: (slave vti0): Setting fail_over_mac to active for active-backup mode
[  254.098667][ T7559] bond3: (slave vti0): making interface the new active one
[  254.126816][ T7559] bond3: (slave vti0): Enslaving as an active interface with an up link
[  255.766858][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  255.773342][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  257.374150][ T7607] netlink: 88 bytes leftover after parsing attributes in process `syz.3.376'.
[  258.033528][ T7614] syz.2.379: attempt to access beyond end of device
[  258.033528][ T7614] nbd2: rw=4096, sector=2, nr_sectors = 2 limit=0
[  258.046923][ T7614] EXT4-fs (nbd2): unable to read superblock
[  259.894589][ T7631] netlink: 'syz.3.386': attribute type 4 has an invalid length.
[  260.868037][ T7631] DRBG: could not allocate digest TFM handle: hmac(sha512)
[  260.962460][ T7647] netlink: 'syz.2.387': attribute type 4 has an invalid length.
[  261.020471][ T7647] netlink: 'syz.2.387': attribute type 4 has an invalid length.
[  261.774298][ T7647] DRBG: could not allocate digest TFM handle: hmac(sha512)
[  262.376277][ T5893] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  262.593954][ T5893] usb 2-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  262.671708][ T7670] syz.0.391: attempt to access beyond end of device
[  262.671708][ T7670] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  262.686681][ T7670] EXT4-fs (nbd0): unable to read superblock
[  263.352624][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.374186][ T5893] usb 2-1: Product: syz
[  263.380445][ T5893] usb 2-1: Manufacturer: syz
[  263.385107][ T5893] usb 2-1: SerialNumber: syz
[  263.420663][ T5893] r8152-cfgselector 2-1: Unknown version 0x0000
[  263.429025][ T5893] r8152-cfgselector 2-1: config 0 descriptor??
[  264.733532][ T7680] 9pnet_fd: Insufficient options for proto=fd
[  265.493591][ T7687] FAULT_INJECTION: forcing a failure.
[  265.493591][ T7687] name failslab, interval 1, probability 0, space 0, times 0
[  265.510111][ T7687] CPU: 1 UID: 0 PID: 7687 Comm: syz.4.396 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  265.510143][ T7687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  265.510157][ T7687] Call Trace:
[  265.510167][ T7687]  <TASK>
[  265.510176][ T7687]  dump_stack_lvl+0x189/0x250
[  265.510207][ T7687]  ? __pfx____ratelimit+0x10/0x10
[  265.510235][ T7687]  ? __pfx_dump_stack_lvl+0x10/0x10
[  265.510260][ T7687]  ? __pfx__printk+0x10/0x10
[  265.510302][ T7687]  ? __pfx___might_resched+0x10/0x10
[  265.510333][ T7687]  should_fail_ex+0x414/0x560
[  265.510362][ T7687]  should_failslab+0xa8/0x100
[  265.510389][ T7687]  __kmalloc_noprof+0xcb/0x4f0
[  265.510410][ T7687]  ? vmalloc_info_show+0x55/0xbf0
[  265.510444][ T7687]  vmalloc_info_show+0x55/0xbf0
[  265.510470][ T7687]  ? rcu_is_watching+0x15/0xb0
[  265.510494][ T7687]  ? seq_read_iter+0x648/0xe10
[  265.510530][ T7687]  ? trace_kmalloc+0x1f/0xd0
[  265.510551][ T7687]  ? seq_read_iter+0x648/0xe10
[  265.510589][ T7687]  seq_read_iter+0x4ea/0xe10
[  265.510644][ T7687]  proc_reg_read_iter+0x1b7/0x280
[  265.510679][ T7687]  vfs_read+0x4cd/0x980
[  265.510724][ T7687]  ? __pfx_vfs_read+0x10/0x10
[  265.510769][ T7687]  ? __fget_files+0x2a/0x420
[  265.510806][ T7687]  __x64_sys_pread64+0x193/0x220
[  265.510832][ T7687]  ? __pfx___x64_sys_pread64+0x10/0x10
[  265.510851][ T7687]  ? rcu_is_watching+0x15/0xb0
[  265.510881][ T7687]  ? do_syscall_64+0xbe/0x3b0
[  265.510910][ T7687]  do_syscall_64+0xfa/0x3b0
[  265.510933][ T7687]  ? lockdep_hardirqs_on+0x9c/0x150
[  265.510956][ T7687]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.510978][ T7687]  ? clear_bhb_loop+0x60/0xb0
[  265.511006][ T7687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.511027][ T7687] RIP: 0033:0x7fcab5f8e9a9
[  265.511047][ T7687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  265.511066][ T7687] RSP: 002b:00007fcab6d67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  265.511091][ T7687] RAX: ffffffffffffffda RBX: 00007fcab61b6080 RCX: 00007fcab5f8e9a9
[  265.511108][ T7687] RDX: 00000000000000c8 RSI: 00002000000001c0 RDI: 0000000000000005
[  265.511122][ T7687] RBP: 00007fcab6d67090 R08: 0000000000000000 R09: 0000000000000000
[  265.511136][ T7687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.511149][ T7687] R13: 0000000000000000 R14: 00007fcab61b6080 R15: 00007ffc24de5658
[  265.511184][ T7687]  </TASK>
[  266.128095][ T5893] r8152-cfgselector 2-1: Unknown version 0x0000
[  266.164477][ T5893] r8152-cfgselector 2-1: bad CDC descriptors
[  266.182474][ T5893] r8152-cfgselector 2-1: USB disconnect, device number 10
[  266.306407][ T5838] usb 1-1: new full-speed USB device number 11 using dummy_hcd
[  266.356337][ T7699] netlink: 'syz.4.399': attribute type 4 has an invalid length.
[  266.547844][ T5838] usb 1-1: config 0 has an invalid interface number: 216 but max is 0
[  266.586152][ T5838] usb 1-1: config 0 has no interface number 0
[  266.635662][ T5838] usb 1-1: config 0 interface 216 altsetting 0 endpoint 0x7 has invalid maxpacket 528, setting to 64
[  266.958519][ T5838] usb 1-1: New USB device found, idVendor=05da, idProduct=0094, bcdDevice=f6.f7
[  266.958555][ T5838] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.958579][ T5838] usb 1-1: Product: syz
[  266.958597][ T5838] usb 1-1: Manufacturer: syz
[  266.958614][ T5838] usb 1-1: SerialNumber: syz
[  267.159858][ T5838] usb 1-1: config 0 descriptor??
[  267.168274][ T5838] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 7 is not bulk.
[  267.168298][ T5838] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 3 is not bulk.
[  267.168314][ T5838] microtek usb (rev 0.4.3): couldn't find two input bulk endpoints. Bailing out.
[  267.372272][ T7690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  267.372694][ T7690] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  267.409000][ T5838] usb 1-1: USB disconnect, device number 11
[  268.434516][ T7714] syz.4.404: attempt to access beyond end of device
[  268.434516][ T7714] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  268.434917][ T7714] EXT4-fs (nbd4): unable to read superblock
[  272.355615][ T7746] netlink: 'syz.2.414': attribute type 4 has an invalid length.
[  272.842523][ T7755] syz.1.417: attempt to access beyond end of device
[  272.842523][ T7755] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0
[  272.855884][ T7755] EXT4-fs (nbd1): unable to read superblock
[  274.490434][ T7771] netlink: 'syz.1.422': attribute type 21 has an invalid length.
[  274.504434][ T7771] netlink: 156 bytes leftover after parsing attributes in process `syz.1.422'.
[  276.075968][   T24] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  276.114340][ T7790] mkiss: ax0: crc mode is auto.
[  276.256084][   T24] usb 1-1: device descriptor read/64, error -71
[  276.496179][   T24] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  276.646269][ T5838] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  276.655911][   T24] usb 1-1: device descriptor read/64, error -71
[  276.766673][   T24] usb usb1-port1: attempt power cycle
[  276.829569][ T5838] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  276.850407][ T5838] usb 2-1: New USB device found, idVendor=0979, idProduct=0227, bcdDevice=6d.4d
[  276.859995][ T5838] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.874385][ T5838] usb 2-1: config 0 descriptor??
[  276.916146][ T5838] gspca_main: jl2005bcd-2.14.0 probing 0979:0227
[  276.925643][ T5838] command write [95] error -22
[  277.097961][ T5838] usb 2-1: USB disconnect, device number 11
[  277.120714][   T24] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  277.150345][   T24] usb 1-1: device descriptor read/8, error -71
[  277.396072][   T24] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  277.422272][   T24] usb 1-1: device descriptor read/8, error -71
[  277.730126][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807c672800: rx timeout, send abort
[  277.742524][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807c672800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  277.777202][   T24] usb usb1-port1: unable to enumerate USB device
[  278.286165][ T7813] syz.1.432: attempt to access beyond end of device
[  278.286165][ T7813] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0
[  278.299392][ T7813] EXT4-fs (nbd1): unable to read superblock
[  278.535993][ T5834] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  278.542794][ T5848] Bluetooth: hci5: command 0x1003 tx timeout
[  280.327186][ T7790] syz.3.426 (7790) used greatest stack depth: 17992 bytes left
[  280.352375][   T30] audit: type=1326 audit(1753035271.342:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7808 comm="syz.4.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab5f8e9a9 code=0x7ffc0000
[  280.436190][   T30] audit: type=1326 audit(1753035271.342:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7808 comm="syz.4.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab5f8e9a9 code=0x7ffc0000
[  280.466211][   T30] audit: type=1326 audit(1753035271.392:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7808 comm="syz.4.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7fcab5f8e9a9 code=0x7ffc0000
[  280.488494][   T30] audit: type=1326 audit(1753035271.452:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7808 comm="syz.4.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab5f8e9a9 code=0x7ffc0000
[  280.511183][   T30] audit: type=1326 audit(1753035271.452:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7808 comm="syz.4.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab5f8e9a9 code=0x7ffc0000
[  280.546300][   T30] audit: type=1326 audit(1753035271.452:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7808 comm="syz.4.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fcab5f8e9a9 code=0x7ffc0000
[  280.594743][   T30] audit: type=1326 audit(1753035271.452:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7808 comm="syz.4.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab5f8e9a9 code=0x7ffc0000
[  280.619243][   T30] audit: type=1326 audit(1753035271.452:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7808 comm="syz.4.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab5f8e9a9 code=0x7ffc0000
[  280.706388][   T30] audit: type=1326 audit(1753035271.452:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7808 comm="syz.4.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fcab5f8e9a9 code=0x7ffc0000
[  280.803417][   T30] audit: type=1326 audit(1753035271.452:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7808 comm="syz.4.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab5f8e9a9 code=0x7ffc0000
[  280.880491][ T7820] 9pnet_fd: Insufficient options for proto=fd
[  280.926384][ T7819] netlink: 52 bytes leftover after parsing attributes in process `syz.3.434'.
[  280.950629][ T7820] tap0: tun_chr_ioctl cmd 1074025677
[  280.963288][ T7820] tap0: linktype set to 270
[  280.977515][ T7819] FAULT_INJECTION: forcing a failure.
[  280.977515][ T7819] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  280.991737][ T7826] netlink: 'syz.4.436': attribute type 5 has an invalid length.
[  281.004805][ T7819] CPU: 1 UID: 0 PID: 7819 Comm: syz.3.434 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  281.004837][ T7819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  281.004852][ T7819] Call Trace:
[  281.004861][ T7819]  <TASK>
[  281.004870][ T7819]  dump_stack_lvl+0x189/0x250
[  281.004901][ T7819]  ? __pfx____ratelimit+0x10/0x10
[  281.004926][ T7819]  ? __pfx_dump_stack_lvl+0x10/0x10
[  281.004951][ T7819]  ? __pfx__printk+0x10/0x10
[  281.005000][ T7819]  should_fail_ex+0x414/0x560
[  281.005028][ T7819]  strncpy_from_user+0x36/0x290
[  281.005069][ T7819]  getname_flags+0xf3/0x540
[  281.005101][ T7819]  do_sys_openat2+0xbc/0x1c0
[  281.005135][ T7819]  ? __pfx_do_sys_openat2+0x10/0x10
[  281.005164][ T7819]  ? ksys_write+0x22a/0x250
[  281.005188][ T7819]  ? __pfx_ksys_write+0x10/0x10
[  281.005206][ T7819]  ? rcu_is_watching+0x15/0xb0
[  281.005233][ T7819]  __x64_sys_creat+0x8f/0xc0
[  281.005268][ T7819]  do_syscall_64+0xfa/0x3b0
[  281.005291][ T7819]  ? lockdep_hardirqs_on+0x9c/0x150
[  281.005315][ T7819]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.005337][ T7819]  ? clear_bhb_loop+0x60/0xb0
[  281.005364][ T7819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.005386][ T7819] RIP: 0033:0x7f1d6138e9a9
[  281.005406][ T7819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.005426][ T7819] RSP: 002b:00007f1d6220d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  281.005449][ T7819] RAX: ffffffffffffffda RBX: 00007f1d615b5fa0 RCX: 00007f1d6138e9a9
[  281.005466][ T7819] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140
[  281.005480][ T7819] RBP: 00007f1d6220d090 R08: 0000000000000000 R09: 0000000000000000
[  281.005494][ T7819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  281.005507][ T7819] R13: 0000000000000000 R14: 00007f1d615b5fa0 R15: 00007ffd8b3f18c8
[  281.005539][ T7819]  </TASK>
[  281.253249][ T7819] evm: overlay not supported
[  281.259646][  T978] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[  281.280001][ T7828] FAULT_INJECTION: forcing a failure.
[  281.280001][ T7828] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  281.342875][ T7828] CPU: 1 UID: 0 PID: 7828 Comm: syz.2.437 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  281.342908][ T7828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  281.342922][ T7828] Call Trace:
[  281.342931][ T7828]  <TASK>
[  281.342940][ T7828]  dump_stack_lvl+0x189/0x250
[  281.342971][ T7828]  ? __pfx____ratelimit+0x10/0x10
[  281.343004][ T7828]  ? __pfx_dump_stack_lvl+0x10/0x10
[  281.343029][ T7828]  ? __pfx__printk+0x10/0x10
[  281.343071][ T7828]  should_fail_ex+0x414/0x560
[  281.343100][ T7828]  _copy_to_user+0x31/0xb0
[  281.343133][ T7828]  simple_read_from_buffer+0xe1/0x170
[  281.343163][ T7828]  proc_fail_nth_read+0x1df/0x250
[  281.343194][ T7828]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  281.343225][ T7828]  ? rw_verify_area+0x258/0x650
[  281.343255][ T7828]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  281.343284][ T7828]  vfs_read+0x1fd/0x980
[  281.343323][ T7828]  ? __pfx___mutex_lock+0x10/0x10
[  281.343349][ T7828]  ? __pfx_vfs_read+0x10/0x10
[  281.343384][ T7828]  ? __fget_files+0x2a/0x420
[  281.343414][ T7828]  ? __fget_files+0x3a0/0x420
[  281.343438][ T7828]  ? __fget_files+0x2a/0x420
[  281.343472][ T7828]  ksys_read+0x145/0x250
[  281.343495][ T7828]  ? __pfx_ksys_read+0x10/0x10
[  281.343512][ T7828]  ? rcu_is_watching+0x15/0xb0
[  281.343543][ T7828]  ? do_syscall_64+0xbe/0x3b0
[  281.343571][ T7828]  do_syscall_64+0xfa/0x3b0
[  281.343594][ T7828]  ? lockdep_hardirqs_on+0x9c/0x150
[  281.343616][ T7828]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.343638][ T7828]  ? clear_bhb_loop+0x60/0xb0
[  281.343670][ T7828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.343691][ T7828] RIP: 0033:0x7f909a38d3bc
[  281.343710][ T7828] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  281.343730][ T7828] RSP: 002b:00007f909b1ee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  281.343753][ T7828] RAX: ffffffffffffffda RBX: 00007f909a5b5fa0 RCX: 00007f909a38d3bc
[  281.343770][ T7828] RDX: 000000000000000f RSI: 00007f909b1ee0a0 RDI: 0000000000000004
[  281.343784][ T7828] RBP: 00007f909b1ee090 R08: 0000000000000000 R09: 000000000000001c
[  281.343798][ T7828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  281.343811][ T7828] R13: 0000000000000000 R14: 00007f909a5b5fa0 R15: 00007ffc12820828
[  281.343845][ T7828]  </TASK>
[  281.599234][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  281.612783][  T978] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  281.663133][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  281.679584][ T7830] binder: BINDER_SET_CONTEXT_MGR already set
[  281.693400][ T7830] binder: 7829:7830 ioctl 4018620d 200000000040 returned -16
[  281.704795][ T7830] binder: 7829:7830 ioctl c0306201 200000000900 returned -14
[  281.737817][  T978] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  281.765496][  T978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  281.819257][  T978] usb 1-1: Product: syz
[  282.579592][  T978] usb 1-1: Manufacturer: syz
[  282.680859][  T978] usb 1-1: SerialNumber: syz
[  283.060322][  T978] usb 1-1: config 0 descriptor??
[  283.066306][ T7822] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  283.088666][ T7822] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  283.133978][  T978] usb 1-1: ucan: probing device on interface #0
[  283.943089][ T7849] netlink: 'syz.3.443': attribute type 83 has an invalid length.
[  284.243863][  T978] usb 1-1: ucan: could not read protocol version, ret=-110
[  284.295422][ T7822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  284.306259][  T978] usb 1-1: ucan: probe failed; try to update the device firmware
[  284.760068][ T7822] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  285.983440][ T5893] usb 1-1: USB disconnect, device number 16
[  290.454185][ T7882] FAULT_INJECTION: forcing a failure.
[  290.454185][ T7882] name failslab, interval 1, probability 0, space 0, times 0
[  290.591469][ T7882] CPU: 1 UID: 0 PID: 7882 Comm: syz.3.454 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  290.591501][ T7882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  290.591515][ T7882] Call Trace:
[  290.591524][ T7882]  <TASK>
[  290.591534][ T7882]  dump_stack_lvl+0x189/0x250
[  290.591560][ T7882]  ? __pfx____ratelimit+0x10/0x10
[  290.591584][ T7882]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.591607][ T7882]  ? __pfx__printk+0x10/0x10
[  290.591642][ T7882]  ? __pfx___might_resched+0x10/0x10
[  290.591664][ T7882]  ? fs_reclaim_acquire+0x7d/0x100
[  290.591694][ T7882]  should_fail_ex+0x414/0x560
[  290.591723][ T7882]  should_failslab+0xa8/0x100
[  290.591746][ T7882]  __kmalloc_noprof+0xcb/0x4f0
[  290.591764][ T7882]  ? snd_pcm_hw_refine+0x967/0x1640
[  290.591797][ T7882]  snd_pcm_hw_refine+0x967/0x1640
[  290.591841][ T7882]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  290.591914][ T7882]  ? __asan_memset+0x22/0x50
[  290.591945][ T7882]  ? snd_pcm_oss_change_params_locked+0x7a0/0x3e40
[  290.591974][ T7882]  ? snd_pcm_oss_change_params_locked+0x800/0x3e40
[  290.592004][ T7882]  snd_pcm_oss_change_params_locked+0xa84/0x3e40
[  290.592038][ T7882]  ? __pfx___mutex_trylock_common+0x10/0x10
[  290.592075][ T7882]  ? trace_contention_end+0x39/0x120
[  290.592102][ T7882]  ? __mutex_lock+0x330/0xe80
[  290.592136][ T7882]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  290.592161][ T7882]  ? snd_pcm_oss_write+0x28f/0x11a0
[  290.592202][ T7882]  ? _parse_integer_limit+0x1ae/0x1f0
[  290.592234][ T7882]  snd_pcm_oss_write+0x2fb/0x11a0
[  290.592257][ T7882]  ? __lock_acquire+0xab9/0xd20
[  290.592296][ T7882]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  290.592323][ T7882]  ? bpf_lsm_file_permission+0x9/0x20
[  290.592346][ T7882]  ? security_file_permission+0x75/0x290
[  290.592373][ T7882]  ? rw_verify_area+0x258/0x650
[  290.592420][ T7882]  vfs_writev+0x4b6/0x960
[  290.592450][ T7882]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  290.592477][ T7882]  ? __pfx_vfs_writev+0x10/0x10
[  290.592519][ T7882]  ? __fget_files+0x2a/0x420
[  290.592548][ T7882]  ? __fget_files+0x3a0/0x420
[  290.592571][ T7882]  ? __fget_files+0x2a/0x420
[  290.592604][ T7882]  do_writev+0x14d/0x2d0
[  290.592634][ T7882]  ? __pfx_do_writev+0x10/0x10
[  290.592657][ T7882]  ? rcu_is_watching+0x15/0xb0
[  290.592685][ T7882]  ? do_syscall_64+0xbe/0x3b0
[  290.592714][ T7882]  do_syscall_64+0xfa/0x3b0
[  290.592736][ T7882]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.592759][ T7882]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.592782][ T7882]  ? clear_bhb_loop+0x60/0xb0
[  290.592809][ T7882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.592829][ T7882] RIP: 0033:0x7f1d6138e9a9
[  290.592847][ T7882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.592865][ T7882] RSP: 002b:00007f1d6220d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  290.592887][ T7882] RAX: ffffffffffffffda RBX: 00007f1d615b5fa0 RCX: 00007f1d6138e9a9
[  290.592903][ T7882] RDX: 0000000000000002 RSI: 0000200000000900 RDI: 0000000000000003
[  290.592917][ T7882] RBP: 00007f1d6220d090 R08: 0000000000000000 R09: 0000000000000000
[  290.592931][ T7882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.592943][ T7882] R13: 0000000000000000 R14: 00007f1d615b5fa0 R15: 00007ffd8b3f18c8
[  290.592975][ T7882]  </TASK>
[  291.268218][ T7888] (syz.0.455,7888,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  291.277256][ T7888] (syz.0.455,7888,0):ocfs2_fill_super:1177 ERROR: status = -22
[  292.370696][ T7897] netlink: 36 bytes leftover after parsing attributes in process `syz.3.459'.
[  292.847392][   T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  293.205958][   T10] usb 5-1: device descriptor read/64, error -71
[  293.224755][ T7902] bridge1: entered promiscuous mode
[  293.246145][ T7902] bridge1: entered allmulticast mode
[  293.337026][ T7902] team0: Port device bridge1 added
[  293.442555][ T7907] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  293.502152][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  293.645963][   T10] usb 5-1: device descriptor read/64, error -71
[  293.786312][   T10] usb usb5-port1: attempt power cycle
[  294.136958][   T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  294.395729][   T10] usb 5-1: device descriptor read/8, error -71
[  294.999286][   T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  296.254235][   T10] usb 5-1: device descriptor read/8, error -71
[  296.552353][   T10] usb usb5-port1: unable to enumerate USB device
[  297.209065][ T7942] (syz.2.467,7942,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  297.218233][ T7942] (syz.2.467,7942,0):ocfs2_fill_super:1177 ERROR: status = -22
[  299.914808][ T7957] xt_CT: No such helper "pptp"
[  306.095884][ T5991] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  306.786710][ T5991] usb 3-1: Using ep0 maxpacket: 32
[  307.382335][ T5834]  non-paged memory
[  307.386712][ T5834] list_del corruption, ffff88805bd37580->next is LIST_POISON1 (dead000000000100)
[  307.398071][ T5834] ------------[ cut here ]------------
[  307.403661][ T5834] kernel BUG at lib/list_debug.c:58!
[  307.427259][ T5834] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  307.433572][ T5834] CPU: 1 UID: 0 PID: 5834 Comm: kworker/u9:2 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
[  307.445762][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  307.455948][ T5834] Workqueue: hci4 hci_conn_timeout
[  307.461119][ T5834] RIP: 0010:__list_del_entry_valid_or_report+0x10e/0x190
[  307.468198][ T5834] Code: 80 bd e1 8b 48 89 de e8 20 20 68 fc 90 0f 0b 4c 89 e7 e8 c5 03 40 fd 48 c7 c7 e0 bd e1 8b 48 89 de 4c 89 e2 e8 03 20 68 fc 90 <0f> 0b 4c 89 e7 e8 a8 03 40 fd 48 c7 c7 40 be e1 8b 48 89 de 4c 89
[  307.487857][ T5834] RSP: 0018:ffffc90004587980 EFLAGS: 00010246
[  307.493980][ T5834] RAX: 000000000000004e RBX: ffff88805bd37580 RCX: 6b62697ac9e03600
[  307.501994][ T5834] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  307.510016][ T5834] RBP: ffffffff8a758780 R08: 0000000000000003 R09: 0000000000000004
[  307.518027][ T5834] R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: dead000000000100
[  307.526036][ T5834] R13: dffffc0000000000 R14: dead000000000100 R15: dead000000000122
[  307.534049][ T5834] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  307.543017][ T5834] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  307.549633][ T5834] CR2: 0000001b3060bff8 CR3: 000000007ab9a000 CR4: 00000000003526f0
[  307.557646][ T5834] Call Trace:
[  307.560954][ T5834]  <TASK>
[  307.563930][ T5834]  hci_cmd_sync_dequeue_once+0x24a/0x370
[  307.569614][ T5834]  hci_cancel_connect_sync+0xc8/0x120
[  307.575041][ T5834]  hci_abort_conn+0x191/0x330
[  307.579771][ T5834]  ? process_scheduled_works+0x9ef/0x17b0
[  307.585539][ T5834]  process_scheduled_works+0xade/0x17b0
[  307.591145][ T5834]  ? __pfx_process_scheduled_works+0x10/0x10
[  307.597193][ T5834]  worker_thread+0x8a0/0xda0
[  307.601928][ T5834]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  307.608333][ T5834]  ? __kthread_parkme+0x7b/0x200
[  307.613322][ T5834]  kthread+0x711/0x8a0
[  307.617656][ T5834]  ? __pfx_worker_thread+0x10/0x10
[  307.623113][ T5834]  ? __pfx_kthread+0x10/0x10
[  307.627942][ T5834]  ? _raw_spin_unlock_irq+0x23/0x50
[  307.633684][ T5834]  ? lockdep_hardirqs_on+0x9c/0x150
[  307.639192][ T5834]  ? __pfx_kthread+0x10/0x10
[  307.643828][ T5834]  ret_from_fork+0x3fc/0x770
[  307.648457][ T5834]  ? __pfx_ret_from_fork+0x10/0x10
[  307.653609][ T5834]  ? __switch_to_asm+0x39/0x70
[  307.658423][ T5834]  ? __switch_to_asm+0x33/0x70
[  307.663342][ T5834]  ? __pfx_kthread+0x10/0x10
[  307.667983][ T5834]  ret_from_fork_asm+0x1a/0x30
[  307.672806][ T5834]  </TASK>
[  307.675855][ T5834] Modules linked in:
[  307.680911][ T5834] ---[ end trace 0000000000000000 ]---
[  307.721400][ T5834] RIP: 0010:__list_del_entry_valid_or_report+0x10e/0x190
[  307.728967][ T5834] Code: 80 bd e1 8b 48 89 de e8 20 20 68 fc 90 0f 0b 4c 89 e7 e8 c5 03 40 fd 48 c7 c7 e0 bd e1 8b 48 89 de 4c 89 e2 e8 03 20 68 fc 90 <0f> 0b 4c 89 e7 e8 a8 03 40 fd 48 c7 c7 40 be e1 8b 48 89 de 4c 89
[  307.809643][ T5834] RSP: 0018:ffffc90004587980 EFLAGS: 00010246
[  307.816579][ T5834] RAX: 000000000000004e RBX: ffff88805bd37580 RCX: 6b62697ac9e03600
[  307.824805][ T5834] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  307.833348][ T5834] RBP: ffffffff8a758780 R08: 0000000000000003 R09: 0000000000000004
[  307.841748][ T5834] R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: dead000000000100
[  307.853397][ T5834] R13: dffffc0000000000 R14: dead000000000100 R15: dead000000000122
[  307.862060][ T5834] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  307.875098][ T5834] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  307.882266][ T5834] CR2: 000000110c361ee6 CR3: 0000000077306000 CR4: 00000000003526f0
[  307.892841][ T5834] Kernel panic - not syncing: Fatal exception
[  307.899334][ T5834] Kernel Offset: disabled
[  307.903668][ T5834] Rebooting in 86400 seconds..