last executing test programs:

11m47.644626177s ago: executing program 3 (id=507):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x3, &(0x7f0000000040)=[{0x4d}, {0x4d}, {0x6}]})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
setfsuid(0xee00)
setresuid(0x0, 0x0, 0x0)
syz_open_dev$vbi(&(0x7f00000002c0), 0x3, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$inet6(0xa, 0x80003, 0xff)
socket$inet6(0xa, 0x80003, 0xff)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
setpriority(0x0, 0x0, 0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f0000000000)={0x6, 0x2, 0x8000000000000000, 0x0, 0x2, 0x0, 0x100, 0x10001003}, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, 0x0, 0xc0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000100))
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
gettid()
fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@bridge_dellink={0x34, 0x13, 0x5, 0x0, 0x0, {0x7, 0x0, 0x0, r1}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x4, 0x0, 0x1, {0xc, 0x2, 0x0, 0x1, [{0x8, 0x4, 0x0, 0x0, 0x5}]}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0)

11m46.224998365s ago: executing program 3 (id=512):
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x200840d, &(0x7f0000000280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}})
read$FUSE(r0, &(0x7f0000002480)={0x2020}, 0x2020)
write$FUSE_INIT(r0, 0x0, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x1)

11m44.727991668s ago: executing program 3 (id=516):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0xfffffffffffffffc, {}, 0xfd}, 0x18)
sendmmsg(r0, &(0x7f0000003e00)=[{{&(0x7f00000002c0)=@can={0x1d, r1, 0xc7}, 0x80, &(0x7f0000000580)=[{&(0x7f0000001080)="078f8de44280e052cc83f0a75c654d1bd933f5f3617841222596c1ec0d71f4d008affb40beec93f26a5d2a54132deac44049a9b04ee833a53b3832ee6044a4c69a70d30dc71f935614cfe5c04a9cb74454f05527d4ec2ec59f1640c901265e59afe6081b1aedb91d0762e8759ba52c73ffc44262981adb035a8bae21d5e49473eeb232b8de82eae90e1d01f44c06ababcdde0366f95d83b2d87345ac6c0b1dfb8554c7837226bb694e68e096af5664c14fbbfe90f0519d584e1b084e0d0e2baf409bf838a27a51ec96b481001322fe2fd45ce2f741031cd4dbc12b8ae474bf278b786c7ec54e3e018d6c62cdaeaf24bbfd0eb791b3fdf639a0f347207407c90a7859e60c0f4f6b772dc394e2d565570bb10342955a663445fbe5a0385ddfe8d0bd5aee1c71cb28c950fc576904c80a655c04e466df6daa31920f70f02f288a8bef634a743bd0e44df8179e156bbe023120db46eace2810292a0a25891bb919dd16d4bfd8a42fcb95201a1791e3b373592cc211add6235698e939daecbc581a7bbcd8479b1122634f1aab5c323e73d0edc4213fae6f61cb821ef3fde46403afeaefa679741a0b1076fa3d21c8e505bd42711ff9627d3c7b7b7ce988b4b321e5398be46dc323a13bca4d08fdca595d82ae502d82d9efe7454968450c2dac4589e6ccc4ebb0937805a3e357b0036be03472146d538777f5cf54167d92898a9c2cea9a19abdaa83cd3e4829df4a63162ada779da151e0760714f01995f5ac2e969cfce59b4b8f49b50c08839d69ca7288abefac314c16f2e8741217dbda4e11ff99a6d5a0d3baa3093d320f6fac12b22f7af60a033cc3842e39cd4cd85cc0d7f0209c1aec0886aae7bddac1ab282ee68d4f2100bc72051e651f02ce1072502d8837c082802d09a6915c0f6148eed1aa61d5ac46689968345c89e884d9abc77e33a6a5e982f07ce02b8df5104b347811c4804db44ce4e6149d1af8c3b0722ef435f6d29793b144f375982de655e245adf95e4fdcd4606deffa49555fb2ad2afedd1716182e5605cdad054666a3a593457f056c4d02ae40d172add1629031c0e88dcbac6dcf1c6ae325e1dbcf61342e0ef5e7ba698a99c2b469522008aec02b45d12ed427112b798594c0803839a737cc0193e2bb151f5bb116f2b81b4c3bb10675016366742d910ae2f15ae834a6b5405dbf7a924ecc138a06933c667176ec9f52d700847ad431ba3b9115f69af5a32658bb30d03441aef9ef477c34d520f62d639924dfe2839eb79afa2ed834b0ced0d3de080ed8ee23e449ba8cf6705bd15a4320cbe0edbc4676892c0b62762067a79155b45a482fd30df2ce2ea778dcf009bf95ed89a1d737d2cdef1caa4cdebd5629c8c2f3b261237a5cf43bcb8521b7c745a51bd45695729414fbe41b12d69467fdb9592a13154c2285cee47634f9e5de342e0fd3e4545ef1d8d251b37f1e922cccb4ddac03e6f0329aedb0745abc763c528ea5f145bcd3d6710e22bfd554660370b621bc54b019edea2b54d10b046b805a7e6021762e56ec1b4528332b82e9c45d965838aeeb9cfdf024692400dd50880f0751054ff95fe0c85ecd1bb0e49d1769da64a1d65b4a38df2bbabbfc371449b34590dc1bc38b63f5e7db099e9f938ec95345562c0986773bad01faa282c2be7a7ab3b8e283812d117bb9ec92831e00d5392adf2db13074b04668d3bf470857d83d609062cecacabbdd9fd9cfa7b38d58e0a6a9fba6f59cf1d0ad3d2c9cfc359dea5b4310bc17c4d66c5584aa56cc199ce1fb846dbed9df1e0d70bdc6da44c80e9392ec1a800577a07aef2fbabd0baa5e71d24cb8ca68ec0cd1961225ae02d8139f4c616d58ea65dac8d40666905a6f8aa26b7a61a3acce2fd65dd55d0043431a86ce40025a7db6f32091f876ae59ea85c6cb62cfb70fc999ecb7c874ec7b678ffa04174519dec2efdbf3da683edc466fb960ebaf02bdb932e8677bebdc3a6e364e0185dd4fe0def95f63e45323f325dda600b5fb77749256be0317355fa618902cb9b983cd046978869546a167c3107de51d0274f61d97c05de23b638f1260e7d5cda5a35f6b7c05c64d03d9626d6103191d94e201b8aa12380274fac5c527267dc0992d8a6e808710a8e1edeb7dd013a5f924213490617f5352c5d08bb10f3a68d2e930b43552fb196ff6ee2e81e61db2fdeb0bfd9df845df2257fcbac6cb403c0b7423f0ad36cb297bd2e0d2f43ca0e692fec280d3375a069459281e679014a686b21fe437b1ca13e170bbf16840fc73a0d1655e7cf385e7a6c6e26c7c8e08959aafc71eb8e89beba026d70719382c5da6180e354c79b090404e86de7b3ec505baa6a872e92eb755a83cd041efab1457fa5645e73ddafa5e307ef8cea44d943dc776e442539fe78ee12e9a2f13f3bee85568a510bb048de1aaa623f1efd227cefa5cfbd4d6e5f68d79932ff0a67c4b5c87a400fd884aa7c072393afdbc10a6a3e529586d65be91ed3191049e448e7a6bd3ec92b4019a3d990b5b64a", 0x6fb}, {0x0}], 0x2}}], 0x1, 0x8084)

11m44.412449871s ago: executing program 3 (id=517):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)
close_range(r0, r3, 0x1010000)

11m37.917927849s ago: executing program 3 (id=530):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, r2, 0x1}, 0x14}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
epoll_create1(0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$netlink(0x10, 0x3, 0x14)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_SEND_PRIO(r4, 0x6b, 0x3, &(0x7f0000000000), &(0x7f00000000c0)=0x4)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x200000400000000, 0x4, 0x344}, 0x0, 0x0)

11m35.121340115s ago: executing program 3 (id=533):
syz_open_dev$usbfs(&(0x7f0000000380), 0x1ff, 0x2)
r0 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
r2 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') (async, rerun: 64)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x12d102, 0x0) (rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) (async)
r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000002640), 0x600, 0x0)
pread64(r4, &(0x7f0000000080)=""/14, 0xe, 0x7) (async)
openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff) (async)
ioprio_get$uid(0x0, 0x0) (async, rerun: 32)
openat$binfmt(0xffffffffffffff9c, r2, 0x41, 0x1ff) (rerun: 32)

11m19.861801735s ago: executing program 32 (id=533):
syz_open_dev$usbfs(&(0x7f0000000380), 0x1ff, 0x2)
r0 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
r2 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') (async, rerun: 64)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x12d102, 0x0) (rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) (async)
r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000002640), 0x600, 0x0)
pread64(r4, &(0x7f0000000080)=""/14, 0xe, 0x7) (async)
openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff) (async)
ioprio_get$uid(0x0, 0x0) (async, rerun: 32)
openat$binfmt(0xffffffffffffff9c, r2, 0x41, 0x1ff) (rerun: 32)

9m50.684434609s ago: executing program 2 (id=772):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x3, 0x0)
write(r1, &(0x7f0000000140)="480100001a000708ab0925040900070002ab0700a90100001d60369321001d000a800000000000000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc00030026000000140000270400117c22ebc205214000000000008934d07302ade01720d7d5bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a87", 0x148)
setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0xfffffffc}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

9m50.188509131s ago: executing program 2 (id=775):
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_setup(0x7d, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_io_uring_setup(0x382d, &(0x7f0000000140)={0x0, 0x8144, 0x8, 0x2}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000100)=@IORING_OP_CLOSE={0x13, 0x4, 0x0, r1})
io_uring_enter(r2, 0xb516, 0xc2de, 0x8, 0x0, 0x0)

9m48.500061741s ago: executing program 2 (id=778):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket(0x2a, 0x2, 0x100)
sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
socket$kcm(0x2, 0x1000000000000002, 0x0)
r3 = socket$inet6(0xa, 0x5, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xa, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x53)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r9=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r7, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x1c, r8, 0x331, 0x70bd2b, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}]}, 0x1c}}, 0x0)
r10 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000400)='source', &(0x7f0000001bc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\a\x00\x00\x00\x00\x00\x00\x00\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000080)='source', &(0x7f00000019c0)='//\xf2/\x06\b/?\\o\xdc\xea\x95\x9a)\x00bb\x8a\x80\x91\xdf\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6h\xd1\x1d\xac\xaa\xfb\xc7Y\xcd\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\x9c\x00\x00\x00\x00\x00\x00\x00&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc50\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\x05\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1oO\xe4\x99\xd6\xed\x83\xb0\x18q\xb9\xda\xf1kk\xb0N\xe69D\x12\x1f\x96\x85y\xe1\xf6\x83\x81\xc1\xcb\x169\xa5A%\xcb\n\xaby\x9f\x97\xde\xcf\x14\x0f\xffl\xb0e\xa2m\xb3\x8fsI\xc8v<\x8a\\7\xbaA\xef\x92\x98K\xfd\xaa\xdb', 0x0)
setsockopt$inet_int(r1, 0x0, 0x1, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x2)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c)

9m41.55422335s ago: executing program 2 (id=784):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000400000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) (async)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) (async)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x28a100a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0xfa, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c3513000000", &(0x7f00000001c0)=""/4103, 0x0, 0x0, 0x0, 0x0}) (async)
ioctl$SG_IO(r1, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0xfa, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c3513000000", &(0x7f00000001c0)=""/4103, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'bond0\x00', &(0x7f0000000040)=@ethtool_gfeatures})

9m37.714954969s ago: executing program 2 (id=792):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000100000000000000a140000001100010000000000000000000000000a59d7afd1239e9f8776e835e435ce22363f76dc02e107f0cf450521b5e5e9ac0d2c7c88365a784ec459071d22943eaa49245e89805c1cf186a2fa599d36f0cc3b0e7fa689e044d0f0c229ad58fd03bfc1c8f97659f90285d83a6920334e9faad6dd0050f75c0753f94117d7257ccc25630000000000000000"], 0x28}}, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0xffffffff})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x6a}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r1, 0x7a, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000400)=[0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000480)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000500), &(0x7f0000000540), 0x8, 0xa8, 0x8, 0x8, &(0x7f0000000580)}}, 0x10)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f)
read$dsp(0xffffffffffffffff, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb62", 0x1c)
read$dsp(0xffffffffffffffff, &(0x7f0000001380)=""/229, 0xe5)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
epoll_create1(0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r3 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="38000000131401"], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00')
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='1', 0x1}], 0x1)

9m37.125011002s ago: executing program 2 (id=795):
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
munlockall()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x4000000000001ca, 0x4004010)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x14a, 0x200080)
ioctl$USBDEVFS_BULK(r2, 0xc0185502, &(0x7f0000000200)={{{0x7, 0x1}}, 0x4, 0x0, &(0x7f00000000c0)="fe579deb"})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000000c0)="b9da06ce171c2e7cc2a25d589ccd75d0275367048f46e1d1833f0b225d71e6", 0x1f)
r4 = accept4(r3, 0x0, 0x0, 0x80000)
recvmsg$can_raw(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000140)=""/103, 0x67}], 0x1}, 0x40010022)
recvmsg$can_raw(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/57, 0x39}], 0x1}, 0x10001)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2, 0x100}, {0xa, 0x0, 0x7, @mcast1, 0x29c}, r6}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @ib_path={0x0, r6}}, 0x20)

9m36.303733722s ago: executing program 33 (id=795):
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
munlockall()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x4000000000001ca, 0x4004010)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x14a, 0x200080)
ioctl$USBDEVFS_BULK(r2, 0xc0185502, &(0x7f0000000200)={{{0x7, 0x1}}, 0x4, 0x0, &(0x7f00000000c0)="fe579deb"})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000000c0)="b9da06ce171c2e7cc2a25d589ccd75d0275367048f46e1d1833f0b225d71e6", 0x1f)
r4 = accept4(r3, 0x0, 0x0, 0x80000)
recvmsg$can_raw(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000140)=""/103, 0x67}], 0x1}, 0x40010022)
recvmsg$can_raw(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/57, 0x39}], 0x1}, 0x10001)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2, 0x100}, {0xa, 0x0, 0x7, @mcast1, 0x29c}, r6}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @ib_path={0x0, r6}}, 0x20)

4m14.419325675s ago: executing program 1 (id=1543):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r1 = io_uring_setup(0x1694, &(0x7f0000000000)={0x0, 0x0, 0x80, 0x1, 0x17b})
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000200)=[r0], 0x1)

4m14.187139564s ago: executing program 1 (id=1546):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r1=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000040)={0xb, 0x10, 0xfa00, {0x0, r1}}, 0x18)

4m13.827570764s ago: executing program 1 (id=1552):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
signalfd(r0, &(0x7f00000000c0)={[0xe]}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205647, &(0x7f0000000100)={0xf020000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f910, 0x8000, '\x00', @ptr=0x100000020001100}})
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x4, [@enum={0x4, 0x1, 0x0, 0x6, 0x4, [{0x800000e}]}]}, {0x0, [0x0, 0x2e]}}, 0x0, 0x30, 0x0, 0x1}, 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x200840d, &(0x7f0000000280)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x2000}})
read$FUSE(r4, &(0x7f0000002480)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000140)={0x50, 0x0, r5, {0x7, 0x2b, 0xd, 0x800000, 0xa, 0x8, 0x3, 0x6, 0x0, 0x0, 0x40, 0xfffffffc}}, 0x50)
umount2(&(0x7f0000000000)='./file0\x00', 0x1)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/26, 0x1a}], 0x1}, 0x40)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x38)
dup2(0xffffffffffffffff, r8)
ioctl(r2, 0x8b2c, &(0x7f0000000040))

4m12.0101998s ago: executing program 1 (id=1556):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000000005000000150000b900000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r4}, 0x18)
syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/time_for_children\x00')
openat$urandom(0xffffffffffffff9c, 0x0, 0x42, 0x0)
sendmmsg$sock(r3, &(0x7f0000002780)=[{{&(0x7f0000000340)=@ieee802154={0x24, @none={0x0, 0x1}}, 0x80, &(0x7f0000000040)=[{&(0x7f00000005c0)="0ef1c816b86b5b0b6e7bdb81ea8d7c01c7658b879ed0f4cdc151cc4f523e9c36496e412c089b9eecfc8aeab4d9aae6f24200bf97192bb1039e25bb6571fcc77442c3dc2c7703a480ec80d707a4f57584678dc805b132175f502d1cd18578f4af4ce9d4", 0x63}], 0x1}}, {{&(0x7f0000000640)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(ecb(arc4),sha224-neon)\x00'}, 0x80, &(0x7f0000002580)=[{&(0x7f00000006c0)="c0f5bed003169850a3bf45bc55555575dbdaa6034d2ae29619234d01ebf922a816f873e92f864c20e12340e92b53e4f7910262f6fddb0d189e11821fe1048aa7b148af56e3d88f9d6f5e144daf7020aec54875a1ab5366dec67c27d9a7c74b247979fa1289ccbbd72edb965549b011611d2f9d36a9df59b08ffe1b5e767a0c7951933a23c30ce6e85beb52c4e76c932868fe4ff03b6b73f161142ab07017bb5184bb2c8bb3a2d072764b17f9c2c7ec157c0ebfdc01b74ad16195062b5a81509c3d3a7f5902925e3e1c1d0209f11d3074fe54ca6aeac556d5467719eb2e6899702acb0b8cde4c687f516e70afb25c46cc9bc61069cbfb5cb068", 0xf9}, {&(0x7f00000001c0)="d379b5983ad859c30067e0818d5f10681d", 0x11}, {&(0x7f0000000cc0)="c99a6bd47e57e0e35dbc5126a0245567187229c22a6bd39a3cecc5682bc814e07ac1ca58c6482084f719d9d96d2f120e72cd0933ae6c4ba0aeb514bdb0cdfac42fdc6240a0d72901e5a1ba3076ea5db37a097668a8e4dd7e89c8f138ad292684441422b8c365939804cc6e10a7e4228fba0d23060d2859790bb312dbe6692f98fabcb1aad9dbc286d3c6fa0582c7f91fd17f10118c2c89f2ba241683e84e8e98d383537a780401cfa2cdb0fa2f520c64102eb6183492d334a6c6614faf9f384804eba2f246b89c1443f25dbbfe5a0fb33629f62ea2af59680759598bc389dc44e620ca214cd2d50bc259636f3cf0df086027", 0xf2}, {&(0x7f00000008c0)="4f663a021b3c16733f5ed5029d92778a39408377e7e9bbe35bd359fe2bb324ab582265e15d99bcae7cb88affad0ac224d966e0f461ed646b6b4239ba4f0f56ca8d61b3968582f5059ec22e4dee156719434eea2d66ab575371", 0x59}, {&(0x7f0000000840)="4c48a3221c125a2a198246de59b73803f86036c80311cde8f232f71215f686fa06281ad0ae8573fbf447c68e5988190fa84ffb0e59cbc058f588cfc76422c4d4d3eb549273e477898ae7e6d899c02f5a77360589a015b4d66aee4b475cdf1af64c072cc5982560862bc69dd82ba390304f184b8da61ec24d48706369cf", 0x7d}, {&(0x7f0000000fc0)="8487db6c1bf6188d6ab922d354cbf1eb67738766979449368af105111ebada88286ffc6b3772a5a547b17f2d11f2b504929386a64e0ec216a501ba345eca1c19978a018f27a15c13d8d3f8441b9746cbebe517930ee4c91c3e456037e37a1467ffe7b0d0467f729783ff607f205b9b4b4e50650bef083646db1616b02427b924bd230e33ba873c488614bc2a4ba44305978e0bf9327dfe492a6e06faa9a858d4c3c255a277dbd5027b0e9d8003aa3c54dec0ca654c3a104dba9aa6e3869e4ea7deaef6310c8f8aaab8124d027d2687cebc13740bc8d7ab5e1111b4f42fba5b33998624cc0555dc56cc81489576dc42200edcf9e64fa4bcd8d3", 0xf9}], 0x6}}, {{&(0x7f0000000940)=@nl=@kern={0x10, 0x0, 0x0, 0x8000000}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000a00)="4da0c99e52cd1c7cfbe232c4e7a24445859138ac094e43c6bbb9edac65563928cdc02a5e1086cc60398d210cc4938b7af7a2d7c9dd32d0d23c7cb8fd513f0f8675bb44b59a648bdcb4911c0421e21b40f88a8ed3f3df7111e1e0a9129583697831e5e813aa76a375be674621bb65f30b4f6fe1febe4b34720811ce96dc4634dc30aa3923faaa41b32a94ad6460f78e426333c224d7cabb19", 0x98}], 0x1}}, {{&(0x7f0000000ac0)=@qipcrtr={0x2a, 0x0, 0x4001}, 0x80, &(0x7f0000000400)=[{&(0x7f00000010c0)="c0e287c02b80886d4b2ad87f84541f58cb9d5bdb573b7db8ae5db6878591e44fdbc979cf2ba8c2e1f24317247bcb68bae83ef7ccd6008561da72cb83b5b6d43bf6c54e82c5d2e5a1a1c91d19118f5524c22bbd361c85891251fe35db3482acb7e3372f6625b6e3673ff4a646b04cfd4610c3995f937d8e941d23c9779a4e819b4fb28d2dbbefae9f4b83c0da3541bd43e9b36dad6b5ed29f188a94d456f0c8deafca9f43729418611aabe771b8b71c34875942dacce0fc194acbdfccd06d37b8b4728951074e16459d0a41fa5313478de9e841c1b374befb9e3a0b21b2585468b0e4a2f782e79c9eedf794a7f1b77f99e0453c1b87ffffe06cfc6ed27dd9cf713033f96cdc11e4a4d29383b946abeb014b069b23d57173e5294a8943d9d3bb595ae7d9714f969952ba4bef2d12bed268c7c2b234b3867c1be01ef73bcfd4edcd9b46d7b47a53b80f61877c8da78e1cb43057b2b3ed31151f5cf1d974e39ef008ba47adb33cba48b76040139cf478d196e449e386ba96fa74221da4d6e75acb704380e931ad34472de6eb4045737c804682f1f7d2b24c275ba99ac68796ee2f6aa840ec957a2c8930b09e57f50de411d5a24255193a146be13f4c7bb9ad356f1986c668c8508825b2b3ae56bb80618a3bd9968dc94a92dce9397d7c53db34bd5a236c51baf29814dd81e01a9f752416d7ad46f1c99b5c392b07af0208000000000000003822db163d22fd118733d228c13cd00fd4087b9d4e9c4422eaf9674a343c1bd60a2b2951dd1018317213cfc97607e9d700a898d3a4d22958249f9fe17b0f65e2f84937a637c0dc8aecec3535ee42d2bdd69cf4e286238d07e8dd97b818de33769e604934715dc803f7bca6162304efb973f61417c7992ed9c8ac5f5e190e2f7c78edb7394120a15014b4ae3a4cbf323396229fb16ef5fc47b8760bd074bca598eec924c6b3d716eb13f1956676081b043eda2fe57a8b77ba9cf40dd1a87ad01d7babd6e5922c05ab7c7fdd1f26fc46de1c43d57d25f00902fdd9ee66c349b8f832286dfa58b1949977a70d9019bd18c538755c3ae83371a9f84f3fc3594a425f53e44743aae4becc370c6eb70146f9494b82edbae30e8f34c93ba65b7ac98ae6547213bd97a2b08bb0d3e2a90be7b1dad1a86535738f696c9a22f771c0f9ef8675ed9f2d7b9589a9f104e4dbfd020e64c36546a579b499abfc1c1f2ea2ca54b761a92f779cccce780834e433dbed4fa75bc8abd3784a30845d51a37f87739a890c2d420445da5701428f6f1292cc94ab98590bae7411f48e1eb0fa85efc613ea43f7aa1b3f168419fce8cebd8462edbbb84abafd3b977607f4cd394219b2c364bc9f1b43826f044850813ef0586311ca919ec87bbb7a86d11bbfffc651d4308d0c032e15c3986d8a487fcbe5397696e053dbc23381eea0c30420e7f92694e9a1f6e814b42ff618837e9a9195dd945eae409230c3fd58192de6bdd3d77f51ce1ffbfe30447564701a70a2d13424c45b67d08eef8f1073d66de6d4403463fe800eac77bd42b754a909e2be39cf1e07ebb921d227cb342b980fbe672b5df4493447869e7c84c776c520dfce45e16b72d928bfdd467d14e1efb871707e1870f7c359d2851a88e4907ba2972c1b1a87714a9b31a401e6d66e327ca0e270ea22f7af8df5cfff426f509be07b53e5e9c8c283e98637d9303fcc1d6cf693a0e79bb8d88c1c017f2c5b039b6dc39ae35d47086c365bd0b6e3dcb049ccf4b0df57ff87df8ab749d7099b5dcb9b85c9fa4c868408c6afabb59d0abfdf2501535040a2df0f84aa78a2760b97dab3b499865d024198287c25ce8f40a7b0b5778c6c3a0faeb2da591778c3ef030396adc3ddfad3c530ea62d17c56357f676df35e09957dddbd8e903d884841a50c4e14f3645af17bc3b88409b1a67629fda2582282931961663e9d6816d1aff2f7cf1b2d1f2da3ed9280c97458609257ab8f5c8529c0aaf6582e9ad39bdd1fc46ca08c53198a0022d2950237bb8d174efd15c58e9edb1376f7c089d1d17d7b6018238184be6dec305c72f33b7579f708fc98fd9b8287b31c79e592b5af75fd0e4426a0dbc77cd4eb5f3355c7d5f7768b87f8bf661a6bd0e2913563c7e78886cd0d5678649dd5fbbd34b18b5b64c27124933378e3c3f84b1a8fece94b804fe912996e4bbe5ac7f4b48ed8db0ed011d4a2909ac7cf6576dd0d829ece80eddc9f10c5a554c7976950ff44ef0136b67cc49d217844782292343e76d41e55ad8a2fce04533cee91e63fefa20aafecbf43430b13be106952710a36e168106efced8beeda1cb9a198bde09c8eac7b3deab75f27780fa7d1ce2b1329c920dd8cef059f7e710c8e7ffab8cec402711b312db94e84065e28bd8a63ac50f6325274cc877d8980345761cb49fc07b957dfd4fe5ebde3fe2f1992b09d05a81470d78bade2b2b72177e31170c03defbc29db66437cedf98d4439c3d833c456edc6b6971ff33874984532b96f50b988f22d1f25db80a1dd1b7dc31c6584ac6aefb1516ecc4ee569d3212848e206679cb670673c306917ac9682f582988a06c0d1fbcf6fafb7ad8c7a1cb7c94e91d1e1a8f06168644a23a87cfc01257e7a46014810e4b2150e7b4c7dab2f8d502b2e91091159e850fa10b3d6cb03e7a32ef1ffcec80c033cffe5221a9869890bc87da110941daaf55aefcc870299df7028fe874d442407a925c60dda5269bf49911b162d5fcea169e9d965ae5c6f5ffb50ed4e2c6f65793bc2372c4194ee6545d2a4515d444746d92779f84d38b487be54f09bdf64b0015692771e493ccc81a8814cf89fe38b04aada85a04aa1415769d052949a4c8561900326e451bcdf0c5fb65388c38d530ab1aaf35a462e476974fd68078508f3adc4b69317d4dc0695eee2000c831332d62c3a3b16c6461464be5bfd70984e6d02beb71d34257c15aa320d871404f89caa372c8c98ebae727e9e46085d69a1b0c883d01b0539f4609efa7a377ab3d46c487587320f7ff68ef3859b46bd7df25cda37390ca92121895daf97e280d8aad6dc1510a275bde267ce00e9d6ff40df150a87946ab572dbca3049c02742774f7ada846ec3e8861ecb8b517dd092eb4bb47c2b98b7ddb8eb4b00463b3f8f58db5c25bd7ece4aeb52fd40d7500985b96db343336416531507da4d459e027f485aa19bb8b5baef2ef10d9badbcab15197d6f7b0a4959f7add8203b1038955506b57db31adf872c427a79696f0b0649bb160220922e33738ac53b07e3e7df295f65dcf20b81999147ee6eb632f48b147d5a9ee0b8dff15c8da9578425fb4bba9974b5b07eacb0ab795f40eedef66474dbbb8fbb9e6fa124de1d67e1cf57cffa8b88c78b4824ad3683fc11c623a6e5262b044238975af10630a83e71f9ed38fc2ee42f8d434fe5a22c17a421e8b558b47ca81a8593c29c1d9274abb560d1ca7ef0a2487a55ab3ce7b1730149ab8fc26f535c0190e900ba4093b6ac1bb77f0ed9a3453304763b4b8ea9bcd3ee2f373a0e5864df9825a3a1e9e255dc090954f1191ad618a89e23319d56afe64a75432650c36c624ac07fc3944298b0572cc9d3d875e81ed964e3ae08541c381b8bfd86c1c56c2fb976520cc9c130e0bf3c145c638e025ddb470b2680ac3f4cf96cd482be8d0f663284839fe3ce146f17387fec2bf7085f48ba3d7f3cfecf01c1557890e5061fd546b4a5900267586b9fa4317f28022ec5406691c9e7532587dcdf375f55037e368b9a399630fe005911a923b3683a5edb6f73d270b74d450dfccdf75dd14b9be6ed4461830b1f42c1d72f70ca5cac185252b21f5b88cb05f349fc682e331fa06acb4a71b176db1212fbc3e20a7544c0a476171c0f3a3721a932b7fd3d8bcc001f6b3e83e56db03219828612b812b92e40f5a9c7195fcb4923dcf3df5332f82fe1a03d08d8a47920df300b9d869e9f3e47e7b983674ab30d2301d4fc5bbe2429654a721cc166f3811d7e57cb8ddf9d2191ed37449cf81cbe71b70f459916d1424690405d5e3c87878c92976e53cb192faa1ee83e73ced4dcaf1dd3e49506a86784699113352d141e0a11faeacd969b84d2f0253bd1d37de1c2dbaaaa7b3a3f044e576e990554ad8e2c6bc3bf61bebadf70420cdc6e83708140c4f3343830c2d83e934e652efe60a5c932f818b1f645004c659af50cfc6a5f30a0cd94e4a5183cd4f1c1534439a633e7c2a1cb63babce72cb3eff8a73473ecd936a2a909357a86f93cd0082240e27592a21feffa6b70fb8d63ba2426128455540238dec734bad3b4d4b746e4acd376ff84aebd5e44d540aa374b7af08a187a6a8bbfcd0ddafaa1ce30e773c4fa005f29db81e2d6fe03572edb85bdaa6a23c68e4cb591d9e5437dbab690d92d7f4df8c87b0c015fb4edeaebe4b371fbb5eb6ed202d5bebe17377c7a6b9eacd3b5668433dce6a7bd0aeec740e84d401b8a494c3a960f80ab9302cb3d4842320592035ea1feef070e0a3d9ddf9662951ab293f987993f467eefce2012f4c5acbf3c98e0997944e05f2f392221f9d1cea12ccd62671eab88feb7151b46000a2bf87455d6fed4d14dbde7d4dd7c3a828a3b975f2e0fc6fa01206638f2726e902b7ababe05ec82595611439455f66c0e41c07085f07260997cc1450757e9d2c43e304554462c8472023b734c0d2666f313ceb0b1c7c0fcecddf17ee4400cf5a8fcf1cb9c2b762d6ec943519a9f18e64cf7aefb1ca991e0d8bf6ea3ff23c36d5f6b2b5a9d3c48155f6ea493148472637da938f9c970d4bb5b5f3458e4cf8a29ed8c1674d5cb9edd9f5c5c5e557e6333ee05f686c38a8607d94165e1345311b2050ea70f2a66ca91619d6049b494b8758ddf2a21517516b044891ddf4c832d20f4c1d2a2391f8b1f089311971e793ffb33387a931947fd6d5dd9e60897bd8bb20d06fbb64bd7746109781f993ce80b6c3cdcfe765518b2a97f4c88fdeb2234ebd488dee8258c99d3865bbfda45a9347e4afeafea3cfecadfb79187d41cd3e844d23c3f21154f236a784b72064554bc84c8d13a9ba485e6fa1957a853af20fee7b9384d75e3988a61c74f97ad6511f3fbed503064b8766118d778ffbdd894dbe9ef6f379071af4cb0d0d22bde9f8d867d92857eb0b0f23e80f426a25f67c85929a962550c70c9f58279b9a409998e06d5a4dd162eee40575dabac36570023ae4aa7b300f6e5ec6508eab0406939622f9770af78cad5b9b380233b83a3c66e4a484ebb5e77191af022b2a33d0bca3868e191ef76be110b2261dec6aa481498e4dda706eee0184c24e4141ae4d5d0d8a6d8f329914502866e84e2b50b226479314e9f416f01d4f716a2b08d56c59acbb89681ee3a72e2ad26d919044a8efb589efa2a093b48cad5770ebf17c1c1f63dccb91373690c837c6ecef3760388218c55c7afc1459071a359b848d73e7c302c5b8172f5cfada3f35e8462e8b6cfa0d77f8327670bee6aa4f8bb6fe8bc9312ce00e92aafdfbc81e40fe62c91183335885f4abbc2cad2f7dc76b1832f9aef6c8d2f4c3d781207d330c5e1606a378849a583afd295a8b359646dc527eefed1f61809fb4155ae1ca077cc3dc75853408cfcd08e039c0a15071ece13efc7ce972838d2c8f286b528e8eed64b82e6fb22da5461556ea8634c89afe9c1bd3a2500c777cbd3e29e8cb16a9e54fd2679fc1828e18babe79a38bbaccd17d02142fec0b61cefbf2dc963c177eaa75a2bce6da349c8ebac58539174916ecc2e6c2a9c68073a53d133a49d5490c843d5", 0xffd}, {&(0x7f0000000b40)="e4f8de774712103f712df991a3ad379ba8244cd805d0d42a9e65172f0a51ddf5393dc6e4df22c3fc78d555ca82d75248ed3483b04cf6bdd867fb12d22669d0f50ca44f87319f975d88f20d281cf65d6f57ded690082b8349106b74e9858aeef69f5e928d31f7189d9a3ca071ff03fa6129ba7d443d26acd665d101f96a79e620cbec289c10f337f2cd137a6213814dba07469ec3399226356081627b2a489325f1dd714f0426ef94b0", 0xa9}, {&(0x7f0000000c00)="262376c27286e294729dcfa73ead67e3357b5879fc5b5f650d75604e3a0ca4e6c42f01653d7b8c407ddb670d5afd69d937dbb1aa7d9cce11a280b3cfaaf51773b000ec18fbd82185b6a1b4ad57efcc7bf031255be30352542c3b527cc02c523574b8a37c98d312af0c92bfc6", 0x6c}, {&(0x7f00000020c0)="26468f7554727a7342fe3428b9eaddb9bce96186cf12b1961e6746a7b4766bece7de5437910dfee3f576e8c7b97419c0c8d80af264052275ec2df9babea466bb2ca84a366704dbd3552e28276c7b2d5e3524de5444977ef721f3d38193c307ce9ff43c4f6755b6bfd1ba3cf7ffffff90fc9bdc3830b7faa634846dc4883e040004c735ff35ea6a0d", 0x88}], 0x4, &(0x7f0000002180)=[@timestamping={{0x14, 0x1, 0x25, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}, @txtime={{0x18, 0x1, 0x3d, 0x6}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}], 0x90}}, {{&(0x7f0000002280)=@nfc={0x27, 0x0, 0x1, 0x2}, 0x80, &(0x7f0000002640)=[{&(0x7f0000002300)="0b8592b9faa8e802257212afe6613a2ae9e8673637060e75356f445a4c50f2ba550e749ae7e46e5d6920fd2ff35e8a9bef3c7046198e9af638bc4a71ceb1e3c31739e4408ecae443a02b53df9889d2c2e3ebd221b9b738e195783f420c546305f4c686af5e88557a2c824dac226e0eff4c761d91fe3779532ae233eec5e744f1c9d3", 0x82}, {&(0x7f00000023c0)="a58f00963d62eb343fe35b30432a594026db7dad56cb2212071d62cef37583abaefafde5217cb2ca07accf28109d905e7df39f5755a606dd01b8b5308d3c95b6423a9dfc52a77c5fffe48177413bb1ea3e46dd2ed771c0fc345e3ab42160fc4ab82da2e3498361488d2f42e8ef42ecf6e5dd36a2b4af8e0494185ba40bda91e15ea022fe513a09fe1a839a7e3593a512a3c124aa28b36393b829f765d8985c92ea11c8899c7facc8101f0d8a832d3d637c4270192d8feeb95bf0f785aa669d1527b83bfb7bedd1e591ccedc9f838575d4ab800bf497144dbcc9a", 0xda}, {&(0x7f00000024c0)="e8556ede7f700bccb1bc7f97613a1d80718c18453fdcb351605db98d7645f42b93fdeb1e58a861741deca9dcbad9908c4e6336a27e9af2fa428561216cdd15eee890146cce26b4155ba6f56735468a3b6fa2e1e1d3d8512ab8fbaaecfa8051bbd42d5ffd7230eebeaa5dc6afbbf56469c67025b3de16d62c09a12294835146ff7f6922ef067cdd63c2dccd6bcc5fe22452ace3c75193175075c7d486900a7f", 0x9f}, {&(0x7f00000007c0)="b64eaa0debcb20614193d511e758971898f984a13d99a3a47e8b009eb2b95e60650d3c26f89a7da915678915dc09aa542ed5684dd68b96d2cf66124a207614d59f0dde79", 0x44}, {&(0x7f0000002600)="ca08ab26c4f764e147a26a1467f551aa5d60689c518082f3e140606f2a136f2fd27e06b6", 0x24}], 0x5, &(0x7f00000026c0)=[@timestamping={{0x14, 0x1, 0x25, 0xe87}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}, @txtime={{0x18, 0x1, 0x3d, 0x1}}, @mark={{0x14, 0x1, 0x24, 0xffffff7f}}, @timestamping={{0x14, 0x1, 0x25, 0x80000001}}, @mark={{0x14, 0x1, 0x24, 0x2}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}], 0xc0}}], 0x5, 0x40001)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280))
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2}}, 0x20)
r5 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000000140)={"09025a26", 0x4, 0x3, 0xfc, 0x6, 0xfff, "e840fe213981327944dea0ab8de591", "ddf9e8f5", "84708d56", "b0ae9f2e", ["93a03a7ae19776071eebf3e2", "155199e846586bd6df78ec79", "69fe3745d21db04d44490f86", "4c95443ed5fb833211e14aa2"]})
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r7, 0x0, r6, 0x0, 0x6, 0x0)

4m7.816198731s ago: executing program 1 (id=1562):
mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff)
socket$can_j1939(0x1d, 0x2, 0x7)
syz_open_dev$dri(0x0, 0x8, 0x200000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) (fail_nth: 3)
getsockopt$inet_tcp_buf(r1, 0x6, 0xb, 0x0, 0x0)
add_key$user(0x0, &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, 0x0, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', 0x0, 0x0, 0x0)

4m6.304220966s ago: executing program 1 (id=1568):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000180), r0)
sendmsg$NET_DM_CMD_START(r0, &(0x7f0000006ac0)={0x0, 0x0, &(0x7f0000006a80)={&(0x7f0000000000)={0x14, r1, 0x401, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@empty, @in=@local, 0xfffd, 0x1, 0x0, 0x0, 0xa}, {0x2, 0xfffffffffffffffc, 0x3, 0x0, 0x0, 0x4, 0x1}, {0x40000000020, 0x40000000, 0xfffffffffffffffd, 0xff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@private0, 0x0, 0x32}, 0x0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x3503, 0x0, 0x3, 0x0, 0x4d}}, 0xe8)
sendmmsg$inet6(r3, &(0x7f0000000300)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x40040d4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$6lowpan_control(r4, &(0x7f0000000100)='connect aa:aa:aa:aa:aa:11 1', 0x1b)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r6 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
sendto(0xffffffffffffffff, &(0x7f0000000880)="120000001200e7ef007b0000", 0xc, 0x0, 0x0, 0x0)
getsockopt$bt_BT_SECURITY(r6, 0x112, 0x4, 0x0, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000240)={<r9=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r8, &(0x7f00000002c0)={0x12, 0x10, 0xfa00, {&(0x7f0000000200), r9, r8}}, 0x18)
ioctl$TCXONC(r7, 0x540a, 0x2)

3m51.085871202s ago: executing program 34 (id=1568):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000180), r0)
sendmsg$NET_DM_CMD_START(r0, &(0x7f0000006ac0)={0x0, 0x0, &(0x7f0000006a80)={&(0x7f0000000000)={0x14, r1, 0x401, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@empty, @in=@local, 0xfffd, 0x1, 0x0, 0x0, 0xa}, {0x2, 0xfffffffffffffffc, 0x3, 0x0, 0x0, 0x4, 0x1}, {0x40000000020, 0x40000000, 0xfffffffffffffffd, 0xff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@private0, 0x0, 0x32}, 0x0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x3503, 0x0, 0x3, 0x0, 0x4d}}, 0xe8)
sendmmsg$inet6(r3, &(0x7f0000000300)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x40040d4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$6lowpan_control(r4, &(0x7f0000000100)='connect aa:aa:aa:aa:aa:11 1', 0x1b)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r6 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
sendto(0xffffffffffffffff, &(0x7f0000000880)="120000001200e7ef007b0000", 0xc, 0x0, 0x0, 0x0)
getsockopt$bt_BT_SECURITY(r6, 0x112, 0x4, 0x0, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000240)={<r9=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r8, &(0x7f00000002c0)={0x12, 0x10, 0xfa00, {&(0x7f0000000200), r9, r8}}, 0x18)
ioctl$TCXONC(r7, 0x540a, 0x2)

20.423275656s ago: executing program 0 (id=2121):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x9c, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007006e6174003c000000060a01040000000000000000010000001400048010000180090001006d6173710000000008000b40000000000900010073797a300000000014000000110001"], 0xcc}, 0x1, 0x0, 0x0, 0x880}, 0x0)

20.202758518s ago: executing program 0 (id=2124):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000880), 0x88000, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) (fail_nth: 2)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r0, @ANYRESDEC=r0, @ANYRESDEC=r0, @ANYRES8=r0, @ANYRES32=r0, @ANYRES32, @ANYRESOCT=r0, @ANYRESDEC=r0, @ANYRES16=r0], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
pipe(&(0x7f0000000600))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r3 = socket$kcm(0x1e, 0x2, 0x0)
setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x303}, "bd88818314ff7d84", "0b3ea924c47b25d7624cd362581725c7", "000400", "d5a1d50399459b68"}, 0x28)

19.012261972s ago: executing program 0 (id=2126):
r0 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", "037ec42b", '\x00', "64bdac32", ["e86621d9cc668c391f77c506", "3549ffffffffffffff010800", "2fc7977386a7a0236a9cc1f0", "cf6cce2296b3f853e224c4e0"]})
ioctl$CEC_TRANSMIT(r0, 0xc0386105, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
r3 = shmat(r2, &(0x7f0000ff7000/0x3000)=nil, 0x400c)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil)
shmdt(r3)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x6b, 0x4)
syz_emit_ethernet(0x220, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x1ea, 0x6, 0xff, @remote, @local, {[@dstopts={0xc, 0x21, '\x00', [@jumbo={0xc2, 0x4, 0xffff}, @enc_lim={0x4, 0x1, 0x81}, @pad1, @generic={0x0, 0xf6, "0492894b2eb7f83cba143cd64d87094a81d1cdf013d0595bdb9a5a512d9c3fc1baeacd136e637a85c13bf15e27d7964f0d88d231405286cc6e4afbd9f909e20f2510d1eaf51af2ff3152ad629a93cfc5d8fc5a9d90a2b9cfb6a896d4ce1100c7f3bbb0e63c503b4d10b5d6e1f8f03867ace0087748575598b00141df17c06160cd24da9e4268ea7716da77dfe325b67b2c77350c24c0bbc2103e86af5f1e16568ef9eaacf4117014b1eec795155bb05c74654c9e45bcffa107139a86dcd999f2d8de2c00b173ca45e39d9cf6e31cd6ffa9f8a4f3f37b51e2f3c105de4bb07b96f156862cc3d01a92008f4953625f3b90b3fa5ad31084"}, @enc_lim={0x4, 0x1, 0x81}, @pad1, @pad1]}, @srh={0x3b, 0xc, 0x4, 0x6, 0x5b, 0x58, 0x3ff, [@loopback, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, @ipv4={'\x00', '\xff\xff', @multicast2}, @ipv4={'\x00', '\xff\xff', @broadcast}, @dev={0xfe, 0x80, '\x00', 0xf}]}], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}, {"7a2c0225ae932f33909962f380e66e761d2c639c804d32f6ef75a33293ef7fb3d736f16137ac43cb575bb3c58fffd3a96205d3a451708345ccb04a1eb39a3dd03bc0cb257f68df4c10aa957a041d014003a8ede2b658"}}}}}}}, 0x0)

18.789122693s ago: executing program 0 (id=2130):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
signalfd(r0, &(0x7f00000000c0)={[0xe]}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205647, &(0x7f0000000100)={0xf020000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f910, 0x8000, '\x00', @ptr=0x100000020001100}})
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x5, [@enum={0x4, 0x1, 0x0, 0x6, 0x4, [{0x800000e}]}]}, {0x0, [0x0, 0x2e, 0x5f]}}, 0x0, 0x31, 0x0, 0x1}, 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x200840d, &(0x7f0000000280)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x2000}})
read$FUSE(r4, &(0x7f0000002480)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000140)={0x50, 0x0, r5, {0x7, 0x2b, 0xd, 0x800000, 0xa, 0x8, 0x3, 0x6, 0x0, 0x0, 0x40, 0xfffffffc}}, 0x50)
umount2(&(0x7f0000000000)='./file0\x00', 0x1)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/26, 0x1a}], 0x1}, 0x40)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x38)
dup2(0xffffffffffffffff, r8)
ioctl(r2, 0x8b2c, &(0x7f0000000040))

16.984361115s ago: executing program 0 (id=2134):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000016c0)={{r0}, &(0x7f0000001580), &(0x7f00000015c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x8)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101011, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
r2 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x8)
fchmodat(r2, &(0x7f0000000100)='./file0/../file0\x00', 0xfffffed3)
mkdir(&(0x7f00000003c0)='./file0\x00', 0xff0c)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000016c0)={{r0}, &(0x7f0000001580), &(0x7f00000015c0)}, 0x20) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x8) (async)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101011, 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
chdir(&(0x7f00000001c0)='./bus\x00') (async)
rmdir(&(0x7f0000000380)='./file0/../file0\x00') (async)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x8) (async)
fchmodat(r2, &(0x7f0000000100)='./file0/../file0\x00', 0xfffffed3) (async)
mkdir(&(0x7f00000003c0)='./file0\x00', 0xff0c) (async)

16.424068704s ago: executing program 0 (id=2136):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_opts(r0, 0x0, 0xb, &(0x7f0000000000)=""/1, &(0x7f0000000040)=0x1)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r1}, 0x20)
r3 = syz_io_uring_setup(0xbde, &(0x7f0000000540)={0x0, 0xec25, 0x400, 0x41, 0x40000337}, &(0x7f0000000dc0)=<r4=>0x0, &(0x7f0000000a40)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x143862, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280), &(0x7f00000013c0)=0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="30200000000804001c001a8018000a8014000700fe8800000000000000000000000001011400350062617461647630000000000000000000"], 0x50}}, 0x20004400)
mount(&(0x7f0000000200)=@filename='./file0/../file0/../file0\x00', &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x1000000, &(0x7f0000000300)='trans=rdma,')

10.699807394s ago: executing program 4 (id=2143):
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_setup(0x7d, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$OSF_MSG_ADD(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000080}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x7, 0x3}, 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0})
connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10)
sendmsg$can_bcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0x922, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5c91440132bb112240fcbcc3fa9d0431575f8614d3538ce09c50eecd6ac579e8e83b944b666113f3afed71231e6653a13532f17b33515bdd7e1be14f53b9fc9b"}}, 0x80}}, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0xb)
r3 = socket(0x2, 0x80805, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x18, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x4}]}, 0x18}}, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000001140)={0x18, 0xfffffffffffffff5, 0x0, {0x7}}, 0x18)
getsockopt$bt_hci(r3, 0x84, 0x80, &(0x7f0000000000)=""/4102, &(0x7f00000010c0)=0x1006)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000140)={0x0, 0x1, 0x6, @local}, 0x10)
setsockopt$packet_drop_memb(r4, 0x107, 0x2, &(0x7f00000005c0)={0x0, 0x1, 0x6, @broadcast}, 0x10)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r5 = syz_open_dev$video4linux(&(0x7f0000001080), 0x0, 0xc441)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000001040)={0x3, 0x980900, 0x2})
ioctl$VIDIOC_QUERYMENU(r5, 0xc008561c, &(0x7f0000000000)={0x980900, 0x7, @value=0x2})

8.946889491s ago: executing program 4 (id=2145):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="14010000340001000000000000000000010100800c0007000000000000000000140003"], 0x114}], 0x1}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000007000000095"], &(0x7f0000000500)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0x36, 0x0, &(0x7f0000000640)="c1188e99b92402ff4284860186dd036329eaadffc27df91b61c2b21bfa84a164ecea337a73030cce5e507074fc861c3a5bc0760f2c07", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x200)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendto$inet6(r3, &(0x7f0000000280)="7800000018002507b9409b14ffff00000214ae04020206050a02040c430009003f000405100000000d0085a168d0bf46d389516a9069921a4b0005000a00000049935ade4a460c89b6ec0cff3959547f5000000000c902007a00004a324004001600040000d5808bd3e30a37e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
r4 = socket(0x10, 0x3, 0x6)
r5 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000040)={'team0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc, 0xfffc], [0x0, 0x4]}}}}]}, 0x88}}, 0x20000000)
timer_create(0x5, 0x0, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
fcntl$getownex(r2, 0x10, 0x0)
openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
chown(0x0, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x7)
r8 = syz_open_dev$midi(&(0x7f0000000080), 0x2, 0x220002)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r8, 0x810c5701, &(0x7f0000000180))
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0xd, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r10 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x70, 0x30, 0x829, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x3}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x7}, @TCA_SKBEDIT_PTYPE={0xffffffffffffff78, 0x7, 0x5}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x70}}, 0x0)

8.639001759s ago: executing program 6 (id=2148):
r0 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", "037ec42b", '\x00', "64bdac32", ["e86621d9cc668c391f77c506", "3549ffffffffffffff010800", "2fc7977386a7a0236a9cc1f0", "cf6cce2296b3f853e224c4e0"]})
ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000000)={0x9, 0x0, 0x2, 0x10000000, 0x0, 0x4, "0ff8000000000000c5c6ff0717c3a86d", 0x0, 0x2, 0x3, 0xff, 0x0, 0x1, 0xff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
r3 = shmat(r2, &(0x7f0000ff7000/0x3000)=nil, 0x400c)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil)
shmdt(r3)
bind$inet6(r1, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x6b, 0x4)
syz_emit_ethernet(0x220, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x1ea, 0x6, 0xff, @remote, @local, {[@dstopts={0xc, 0x21, '\x00', [@jumbo={0xc2, 0x4, 0xffff}, @enc_lim={0x4, 0x1, 0x81}, @pad1, @generic={0x0, 0xf6, "0492894b2eb7f83cba143cd64d87094a81d1cdf013d0595bdb9a5a512d9c3fc1baeacd136e637a85c13bf15e27d7964f0d88d231405286cc6e4afbd9f909e20f2510d1eaf51af2ff3152ad629a93cfc5d8fc5a9d90a2b9cfb6a896d4ce1100c7f3bbb0e63c503b4d10b5d6e1f8f03867ace0087748575598b00141df17c06160cd24da9e4268ea7716da77dfe325b67b2c77350c24c0bbc2103e86af5f1e16568ef9eaacf4117014b1eec795155bb05c74654c9e45bcffa107139a86dcd999f2d8de2c00b173ca45e39d9cf6e31cd6ffa9f8a4f3f37b51e2f3c105de4bb07b96f156862cc3d01a92008f4953625f3b90b3fa5ad31084"}, @enc_lim={0x4, 0x1, 0x81}, @pad1, @pad1]}, @srh={0x3b, 0xc, 0x4, 0x6, 0x5b, 0x58, 0x3ff, [@loopback, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, @ipv4={'\x00', '\xff\xff', @multicast2}, @ipv4={'\x00', '\xff\xff', @broadcast}, @dev={0xfe, 0x80, '\x00', 0xf}]}], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}, {"7a2c0225ae932f33909962f380e66e761d2c639c804d32f6ef75a33293ef7fb3d736f16137ac43cb575bb3c58fffd3a96205d3a451708345ccb04a1eb39a3dd03bc0cb257f68df4c10aa957a041d014003a8ede2b658"}}}}}}}, 0x0)

8.545738423s ago: executing program 6 (id=2149):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r0 = syz_io_uring_setup(0x1e1e, &(0x7f00000000c0)={0x0, 0x86f8, 0x0, 0x40, 0x3}, &(0x7f0000002000)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r0, 0x48e9, 0x0, 0x2, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, 0x0, 0x20000004)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
sched_setattr(0x0, 0x0, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f0000000240)={0x0, 0x1000000})

8.405082531s ago: executing program 7 (id=2150):
r0 = socket(0x2a, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x400000, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000400), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000300)=@gcm_256={{0x303}, "fffffffffffffff9", "241ac1eb797f3647a51ed8fb51ee710f00214de279c9b7e07a696756a31d83d7", "f8a2e06d", "00000400000100"}, 0x38)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
write$cgroup_int(r2, &(0x7f0000000000), 0xffffff6a)
sendfile(r1, r2, 0x0, 0xffffffff004)
ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000480)=""/248)
r3 = syz_io_uring_setup(0x49f, &(0x7f0000000580)={0x0, 0xe7a9, 0x10000, 0x1, 0x40024e}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000180)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000a00)=[{0x0}, {0x0}, {&(0x7f0000001900)=""/4096, 0x1000}, {&(0x7f0000000700)=""/127, 0x7f}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000003c0)=""/44, 0x2c}, {&(0x7f0000000880)=""/222, 0xde}, {&(0x7f0000000a80)=""/89, 0x59}], 0x7}, 0x0, 0x2161, 0x1, {0x5}})
io_uring_enter(r3, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e21, @local}}, 0x9, 0x7, 0x0, 0x0, 0x54, 0x80000000}, 0x9c)
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000080)=""/24, &(0x7f0000000000)=0x18)
socket(0x18, 0x1, 0x1)
getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000200))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000007a03000018010000696c6c2500000000f91f20207b1a00fe00000000bfa100000000000007010000f8ff"], 0x0, 0x1}, 0x94)
r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000080)={0x5, "83e624170a20290000deffffffffffffff00000000001e0400000023e6ff00", <r7=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f0000000280)={"840d6042cee820000028000000e8ff0000002000000000000000000f00", r7})
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
accept4(r8, 0x0, 0x0, 0x800)
syz_io_uring_setup(0xbdc, &(0x7f0000000300)={0x0, 0xe823, 0x4000, 0x1, 0x3c3}, &(0x7f0000000dc0)=<r9=>0x0, &(0x7f0000000380)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})

8.304222571s ago: executing program 5 (id=2151):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x2040600)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff})
syz_genetlink_get_family_id$smc(&(0x7f0000000000), r1)
fcntl$getownex(r2, 0x10, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r3=>0x0})
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC(r4, 0x0, 0xcc, &(0x7f0000000080)={@private=0xa010101, @dev={0xac, 0x14, 0x14, 0x1c}, 0xffffffffffffffff, "912a966aa21d094c7832bd6fbfa6da889ceab0aecac843628230d6e08cb7618c", 0x4f, 0x5, 0x9, 0x197}, 0x3c)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r5}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
rt_sigtimedwait(&(0x7f0000000040)={[0x4]}, 0x0, 0x0, 0x8)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYRES8=r6, @ANYRES16=r0, @ANYBLOB="010027bd7000fbdbdf254400000008000300", @ANYRES32=r3, @ANYBLOB="2c002380050011000100000008001400d2ffffff05000f00400000000500060009"], 0x60}, 0x1, 0x0, 0x0, 0x44055}, 0x0)

8.081029722s ago: executing program 5 (id=2152):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = timerfd_create(0x0, 0x800)
timerfd_settime(r0, 0x3, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec21, 0x1000, 0x400001, 0x40000333}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r1, 0x847ba, 0x3e00, 0xe, 0x0, 0x0)

7.706255654s ago: executing program 7 (id=2153):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000002140)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000030000005637f880f14ee2dd0000f90e72cd0ea30cee982535"], &(0x7f0000000c40)=""/3, 0x26, 0x3, 0x1, 0x1}, 0x28)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=@newtaction={0x100, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0xec, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x3, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x2, 0xea3, 0x20000000}}, @TCA_GACT_PARMS={0x18, 0x2, {0xb66, 0xb3, 0x5, 0x34e, 0xffff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x100}}, 0x0)
r4 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
accept(0xffffffffffffffff, &(0x7f0000002080)=@l2tp6, &(0x7f0000002100)=0x80)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r6 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r6, 0x105, 0x5000003a, r5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
r7 = epoll_create(0x6)
r8 = dup3(r4, r7, 0x0)
read$FUSE(r8, 0x0, 0x0)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="180000000114010025bd7000fedbdf25000000000000a000"], 0x18}, 0x1, 0x0, 0x0, 0x44}, 0x4044080)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$VT_RESIZE(r8, 0x5609, &(0x7f0000002180)={0x2, 0x1, 0xefbf})
sendmsg$nl_generic(r10, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c010}, 0x4080)

7.480195548s ago: executing program 6 (id=2154):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)={0x38, r2, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x4}]}]}]}, 0x38}}, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f0000000540)={0x37c, r2, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xbd}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff8a2e}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3ff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6ef}]}, @TIPC_NLA_LINK={0x188, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa00}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x84a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x20000000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x53c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3fff80}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xa44}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x743c}]}, @TIPC_NLA_NET={0x64, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x40}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80000000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xc2e9}, @TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffffc0}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4a}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xdf3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x200}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x40}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xa}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff00}]}, @TIPC_NLA_LINK={0x98, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6f830a39}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}]}]}]}, 0x37c}, 0x1, 0x0, 0x0, 0x8890}, 0x40045)
r3 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
sendto$unix(r7, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0)
recvfrom(r7, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x1, 0x0, 0xffffffffffffffb5)
ioctl$int_in(r4, 0x5452, &(0x7f0000000180)=0x2)
fcntl$setsig(r4, 0xa, 0x12)
fstat(r5, &(0x7f0000000200))
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r8, 0x0, 0x81, &(0x7f0000000040)={'filter\x00', 0x0, 0x0, 0x0, [], 0x1, 0x0, 0x0, [{}]}, 0x88)
ppoll(&(0x7f0000000140)=[{r5, 0x8002}], 0x1, 0x0, 0x0, 0x0)
dup2(r4, r5)
r9 = getpgid(r3)
fcntl$setown(r4, 0x8, r9)
tkill(r3, 0x13)

6.723740444s ago: executing program 4 (id=2155):
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000180)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x7c, &(0x7f0000000400)={[{0x20, 0x4e00, "373b781c663c13d335279b718ffab4c997e02fdff24232b64e4f9b489443d9c5"}, {0x4a, 0x4e00, "e13ba960da62ea7847f7862dea5729b9246fc4ea91eebac23925879c5531245651e9bcc6dcbb7edb8d090ad0293f1469d5c2f621c633dc4899b8719004ba74fed0e54834be6d14428aa7"}, {0x4, 0x4e00, "ea10f8d7"}]})

6.637500612s ago: executing program 5 (id=2156):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, &(0x7f0000000380)=[0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x58, 0x0, 0x0, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0xef, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0300000004000000040000001361b1af655550620bc8310a00000000000000", @ANYRES32, @ANYBLOB="001000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000020000000300"/28], 0x50)
readv(0xffffffffffffffff, &(0x7f0000000300)=[{0x0}, {0x0}, {&(0x7f0000000280)=""/47, 0x2f}], 0x3)
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xb}, 0x10}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r1, r2, 0x26, 0x0, @void}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={r3, r1, 0x4, r1}, 0x10)
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x18)
connect$ax25(r4, &(0x7f0000000000)={{0x3, @null}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x40a09940, 0x321102)
read$usbfs(r6, &(0x7f00000003c0)=""/40, 0x28)
timer_create(0x8, 0x0, &(0x7f00009b1ffc))
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000400)='sched_process_wait\x00', r8}, 0x18)
timer_delete(0x0)

6.440443228s ago: executing program 7 (id=2157):
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0xaa702, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
ioctl$sock_ax25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000180)={@bcast, @default, 0x3, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
mkdir(&(0x7f0000000000)='./file1\x00', 0xf0a552e37b97b976)
syz_open_dev$tty1(0xc, 0x4, 0x1)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000100)='ramfs\x00', 0x140008, &(0x7f00000000c0)='uc\x97q\xbd\xc1e\x8fK\x9aP')
chdir(&(0x7f0000000280)='./file1\x00')
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000800, 0x0, &(0x7f00000003c0)={0xfffffffffffffffe, 0x2, 0x7, 0x40000476, 0x3ffffffffffffffc, 0x5f, 0xfffffffffffffffe, 0x0, 0xb77})
ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)})
ioctl$BLKRRPART(r1, 0x125f, 0x0)

5.361352617s ago: executing program 7 (id=2158):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340))
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r1, 0x0, 0x0)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
read$dsp(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
epoll_create1(0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$netlink(0x10, 0x3, 0x14)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x2000, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x200000400000000, 0x4, 0x344}, 0x0, 0x0)

5.233913397s ago: executing program 6 (id=2159):
r0 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", "037ec42b", '\x00', "64bdac32", ["e86621d9cc668c391f77c506", "3549ffffffffffffff010800", "2fc7977386a7a0236a9cc1f0", "cf6cce2296b3f853e224c4e0"]})
ioctl$CEC_TRANSMIT(r0, 0xc0386105, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
r3 = shmat(r2, &(0x7f0000ff7000/0x3000)=nil, 0x400c)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil)
shmdt(r3)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x6b, 0x4)
syz_emit_ethernet(0x220, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x1ea, 0x6, 0xff, @remote, @local, {[@dstopts={0xc, 0x21, '\x00', [@jumbo={0xc2, 0x4, 0xffff}, @enc_lim={0x4, 0x1, 0x81}, @pad1, @generic={0x0, 0xf6, "0492894b2eb7f83cba143cd64d87094a81d1cdf013d0595bdb9a5a512d9c3fc1baeacd136e637a85c13bf15e27d7964f0d88d231405286cc6e4afbd9f909e20f2510d1eaf51af2ff3152ad629a93cfc5d8fc5a9d90a2b9cfb6a896d4ce1100c7f3bbb0e63c503b4d10b5d6e1f8f03867ace0087748575598b00141df17c06160cd24da9e4268ea7716da77dfe325b67b2c77350c24c0bbc2103e86af5f1e16568ef9eaacf4117014b1eec795155bb05c74654c9e45bcffa107139a86dcd999f2d8de2c00b173ca45e39d9cf6e31cd6ffa9f8a4f3f37b51e2f3c105de4bb07b96f156862cc3d01a92008f4953625f3b90b3fa5ad31084"}, @enc_lim={0x4, 0x1, 0x81}, @pad1, @pad1]}, @srh={0x3b, 0xc, 0x4, 0x6, 0x5b, 0x58, 0x3ff, [@loopback, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, @ipv4={'\x00', '\xff\xff', @multicast2}, @ipv4={'\x00', '\xff\xff', @broadcast}, @dev={0xfe, 0x80, '\x00', 0xf}]}], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}, {"7a2c0225ae932f33909962f380e66e761d2c639c804d32f6ef75a33293ef7fb3d736f16137ac43cb575bb3c58fffd3a96205d3a451708345ccb04a1eb39a3dd03bc0cb257f68df4c10aa957a041d014003a8ede2b658"}}}}}}}, 0x0)

5.197935191s ago: executing program 5 (id=2160):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000404000000002e"], 0x0, 0x37}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x8000000000000001, 0x20002)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0x4, 0xa, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x48)

4.151400373s ago: executing program 5 (id=2161):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000538acc089c0e00001e5b0102030109021b0001000000000904"], 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000003c0)={'vxcan1\x00'})
socket$can_raw(0x1d, 0x3, 0x1)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, 0x0, 0x40840)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001e61e410b1134200557b0102030109021b0001000000000904000001cf28fc000905822fe9"], 0x0)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="e17f6ee9ce2b89c26658d58a1812a6e2b440e038d0f4e99b86b78afed1aec06e8c7c7764839b00c11156eb679ba04c116dc7fa281c23624f922af64433331138fd2a6aa6aa6b453f2a62512baecfc39b1c36cf25ec31361b693b530b4772b6580b56cd4f20505c3e5fef6058", 0xfffffeac}], 0x6, &(0x7f0000000040), 0xfffffffffffffc9e, 0x20040005}, 0x20000001)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r2, 0x0, 0x58)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000040), 0x4)
r3 = add_key$user(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x3}, &(0x7f0000000240)="28430f9477f73488f423d39bb56b4781598f39e31ec9c13f8d9a1c45a9240945a2843f8cb1ad8c16fa3f0421cfea25d467fa3319c221fc6803159cd3f03b1e37dd4482d441fbd29d586edd05958757ee8fad08bf7915760941fac314b4e20e7b39", 0x61, 0xfffffffffffffffc)
keyctl$update(0x2, r3, 0x0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000190c0)=0x8)
r4 = getpid()
r5 = fanotify_init(0x8, 0x80000)
fanotify_mark(r5, 0x80, 0x40100420, 0xffffffffffffffff, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

4.050993699s ago: executing program 6 (id=2162):
r0 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7278, 0x0, 0x202, 0x158}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r0, 0x8000000006, 0x0, 0xe448})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r3 = socket$key(0xf, 0x3, 0x2)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='contention_begin\x00', r5, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$SO_BINDTODEVICE(r7, 0x29, 0x19, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x9, 0x2, 0x200, 0x0, 0x8}, 0x0, &(0x7f0000000200)={0x3ff, 0x0, 0x0, 0x9, 0x1, 0x0, 0x7fffffff, 0x100002}, 0x0, 0x0)
write$binfmt_aout(r4, &(0x7f00000000c0)=ANY=[], 0xff2e)
shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000100)=""/49)
ioctl$TCSETS(r4, 0x40045431, 0x0)
r8 = syz_open_pts(r4, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000440)=ANY=[])
ioctl$TIOCSTI(r8, 0x5412, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d000018000000000000000000000005000600000000000a004e2400000000fc010000000000000000000000000000000000000000000005000500000000000a000000000000000000000000000000000000000000000000000000000000000200120002000200000000000000000006002b00020000000000000000000000fe880000000000000000000000000001fc010000020000000000000000000000040004"], 0xc0}}, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0)

3.904396151s ago: executing program 7 (id=2163):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000002280)='oom_adj\x00')
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='15', 0x2}], 0x8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f0000000380)=ANY=[], 0x8)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x4, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, [@jmp={0x5, 0x0, 0x5, 0x6, 0x6, 0x30}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000840)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xfffffffffffffdd8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000180)=r5, 0x4)
sendmsg$inet(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@map, 0x13, 0x0, 0x6, &(0x7f0000000240), 0x0, 0x0, 0x0, &(0x7f0000000300)=[0x0], 0x0, <r8=>0x0}, 0x40)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000008c0)={0xffffffffffffffff, 0xe0, &(0x7f00000007c0)={0x0, <r9=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500), &(0x7f0000000540), 0x0, 0xe, &(0x7f0000000580)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000005c0), &(0x7f0000000600), 0x8, 0x69, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000003c0)={@ifindex, 0xffffffffffffffff, 0x21, 0x22, 0xffffffffffffffff, @void, @void, @void, @value=r9, r8}, 0x20)
r10 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000002380), 0x0, 0x0)
read$fb(r10, &(0x7f0000000040)=""/12, 0xc)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={@fallback=r0, r5, 0x34, 0x2011, r4, @value=r10, @void, @void, @void, r8}, 0x20)

2.890958203s ago: executing program 4 (id=2164):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x7, &(0x7f0000000040)=[{0x9, 0xa, 0x5, 0x7}, {0x74e9, 0x6, 0xe, 0x9}, {0x6, 0xb, 0x7, 0x5}, {0x4, 0x3, 0x7, 0x10}, {0x7, 0xb, 0x2, 0x7}, {0x6, 0x3, 0x9, 0x7}, {0x3, 0x2, 0xf, 0x2}]})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$smackfs_ipv6host(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$smackfs_ipv6host(r2, &(0x7f00000003c0)=@l2={{0x8, 0x3a, 0x8, 0x3a, 0xfffffffffffffff4, 0x3a, 0xb, 0x3a, 0x5, 0x3a, 0x7, 0x3a, 0x3ff, 0x3a, 0x1}, 0x2f, 0x5, 0x20, '!'}, 0xaf)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000000400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.76226917s ago: executing program 6 (id=2165):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x97, 0xff, 0x82, 0x8, 0x2058, 0x1005, 0xc19b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x8f, 0x0, 0x0, 0xbf, 0x57, 0x5a}}]}}]}}, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_wakeup_irq', 0x0, 0xb)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000140)={r0, 0x800, {0x2a00, 0x80010000, 0x0, 0x9, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000040)={0x81a0, 0xa, [{0x5, 0x1}, {0x7, 0x1}, {0x6}, {0xa}, {0x2, 0x1}, {0x4, 0x1}, {0x8, 0x1}, {0x6}, {0xd}, {0xc}]})

2.644481931s ago: executing program 4 (id=2166):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = timerfd_create(0x0, 0x800)
timerfd_settime(r0, 0x3, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec21, 0x1000, 0x400001, 0x40000333}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r1, 0x847ba, 0x3e00, 0xe, 0x0, 0x0)

2.150643475s ago: executing program 4 (id=2167):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000002c0)=0xfffffffe)
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0xffff0080)
writev(r0, &(0x7f00000005c0)=[{&(0x7f0000000040)="209740ac215a5508dde76a185dd8", 0xe}, {&(0x7f00000001c0)="53464807c651bd19754d51c3a16d6df9bf91b5df1f2d5deb531f203e46a81bb7e938373b610bf25c32a487099e13dc83476d253596a1f5d05b15519af35953f9196fb5c97020cedca68c19993803bcc79985d926bdbb6cdac96a5d4070a1097261be9e5edbb8d30a09fa6a06b22a109fa9867419d3cfe26cacfbf1f58f19f5168aca8e0b60b86299f47ee77173b88b9a82674cf23d310b36e7b6257de1241015a21744bcdecf1719897547aa", 0xac}, {&(0x7f0000000300)="accb367f5b67ae6543a883b4bd919a1ca7f2832f7c20d933b08cc65a88b033f90158cd96adb8ea3f33d0d24cdf4f101bbba1645f8790677214e6b5ab9a0aaa350749749f591afffe2472e38ea5378bbec4f184c0a7d9cefe8e5062032de43c24146b0bbe3d4c56caa60940b33e30c4786f89c2", 0x73}, {&(0x7f00000000c0)}, {&(0x7f0000000380)="ab207f310345c1ed92e9a8d8abd0f6dc2ad062261e60358fe11deddb6009ceb7ec5dff79bc3606e03d5413842037e52d1430a38ccdfbbee667de7106b90a14371cd0945ae8d5383b2e9d9272f5d9b31a5f8359368e67d8a52bc70992151ce68c2a9de43dcc123ffbf91b518d50", 0x6d}, {&(0x7f0000000280)="dec2dd3cd47fe178056fb8d4c5dac45aaf37d2d317bd", 0x16}, {&(0x7f0000000400)="14809ff9119fa8bc7744c0c3f3f09360f8a24e8adabc9d17d286f1ed4e3aa8d0a8587860c00f", 0x26}, {&(0x7f0000000440)="1e15b8b65c1945767be9581f9dc5be28b460ca7f255bc7600c2b62db9aa6d374e8dc96d74dcd97644be2968cf3528873e31b8856df3f6da075dce016f05b620dafa3d95dc639abe09deba7ed4835c3c05bae1d0a0b0a31eac7a302fa95d7ce02c56504e10b10addfd0bd8c6bbd596c976d56312d80cccf8d3e483069e6b62105bad7a4d8e35a26865bdad5dd505a7a66f344f93bf57e781dbe913416f667573c0fdb03048d217466d8f47de836e5bfe68df74a6aea201350fda0330aec41a27b38d8961f0b586aafe4c1ad1ee061a3f75c153f91467bfdde96769031b48dc50d774375", 0xe3}, {&(0x7f0000000540)="96c5735b58cd1ba8a3267df6ebd392991ad512761d6c47699908c8160ae265c4725fb4b831c359048ef45591ce4450df809168b81b6355857ce4a59685db94c7730b1deafa79f5231c1b1ed1d10a83190317bfb390fb", 0x56}], 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0)
writev(r1, &(0x7f0000000140)=[{&(0x7f00000000c0)='\b', 0x1}], 0x1)
r2 = getpid()
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x402300, 0x0)
ioctl$IOMMU_VFIO_SET_IOMMU(r3, 0x3b66, 0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b040000000000000000020000002400048020000180070001006374000014000280080002400000000f08000140000000140900010073797a30000000000900020073797a320000"], 0x78}}, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r7, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xb3550aa4ba878396}, 0x9c)
socket$netlink(0x10, 0x3, 0x0)
r8 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r8, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x52)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)

401.594916ms ago: executing program 35 (id=2136):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_opts(r0, 0x0, 0xb, &(0x7f0000000000)=""/1, &(0x7f0000000040)=0x1)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r1}, 0x20)
r3 = syz_io_uring_setup(0xbde, &(0x7f0000000540)={0x0, 0xec25, 0x400, 0x41, 0x40000337}, &(0x7f0000000dc0)=<r4=>0x0, &(0x7f0000000a40)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x143862, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280), &(0x7f00000013c0)=0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="30200000000804001c001a8018000a8014000700fe8800000000000000000000000001011400350062617461647630000000000000000000"], 0x50}}, 0x20004400)
mount(&(0x7f0000000200)=@filename='./file0/../file0/../file0\x00', &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x1000000, &(0x7f0000000300)='trans=rdma,')

168.589579ms ago: executing program 5 (id=2169):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000040)={0xc6e}, 0x4)
sendto$inet6(r0, &(0x7f0000000080)="b1", 0x34000, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

0s ago: executing program 7 (id=2170):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x800, 0x4, 0x80, 0x2, 0x46b}, 0x4, 0x0, 0x9, 0x7, 0x7, 0x1, 0x2, 0x17, 0x7, 0x6, {0xa, 0x2, 0x3, 0xfffffffd, 0x5, 0xc}}}}]}, 0x78}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@gettfilter={0x24, 0x2e, 0x121, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0xb, 0xa}, {0xf, 0xfff1}, {0x7, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000090}, 0x4041080) (fail_nth: 6)

kernel console output (not intermixed with test programs):

slave_1: left promiscuous mode
[  792.293587][ T2996] bridge0: port 2(bridge_slave_1) entered disabled state
[  792.310160][ T2996] bridge_slave_0: left allmulticast mode
[  792.318790][ T2996] bridge_slave_0: left promiscuous mode
[  792.324622][ T2996] bridge0: port 1(bridge_slave_0) entered disabled state
[  792.694802][ T2996] tipc: Resetting bearer <eth:xfrm0>
[  792.973363][T12631] sctp: [Deprecated]: syz.4.1622 (pid 12631) Use of struct sctp_assoc_value in delayed_ack socket option.
[  792.973363][T12631] Use struct sctp_sack_info instead
[  794.012429][T12639] =======================================================
[  794.012429][T12639] WARNING: The mand mount option has been deprecated and
[  794.012429][T12639]          and is ignored by this kernel. Remove the mand
[  794.012429][T12639]          option from the mount to silence this warning.
[  794.012429][T12639] =======================================================
[  794.114118][T12639] overlay: Bad value for 'verity'
[  794.200772][T12639] overlayfs: missing 'lowerdir'
[  794.506524][ T2996] tipc: Disabling bearer <eth:xfrm0>
[  795.173213][T12645] netlink: 'syz.4.1625': attribute type 1 has an invalid length.
[  795.173213][T12643] netlink: 'syz.4.1625': attribute type 1 has an invalid length.
[  796.693747][T12659] kAFS: No cell specified
[  796.724165][ T2996] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  796.775118][ T2996] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  796.846976][ T2996] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  796.906702][ T2996] bond0 (unregistering): Released all slaves
[  797.129275][ T2996] bond1 (unregistering): Released all slaves
[  797.174180][T12643] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  797.177970][T12645] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  797.187247][T12662] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1631'.
[  798.285082][T12676] sctp: [Deprecated]: syz.6.1633 (pid 12676) Use of struct sctp_assoc_value in delayed_ack socket option.
[  798.285082][T12676] Use struct sctp_sack_info instead
[  798.303204][T12678] /dev/nullb0: Can't open blockdev
[  798.672019][ T2996] tipc: Left network mode
[  798.696151][T12504] bridge0: port 1(bridge_slave_0) entered blocking state
[  798.728722][T12504] bridge0: port 1(bridge_slave_0) entered disabled state
[  798.807457][T12504] bridge_slave_0: entered allmulticast mode
[  798.823312][T12504] bridge_slave_0: entered promiscuous mode
[  798.957696][T12684] overlayfs: missing 'lowerdir'
[  799.025405][T12504] bridge0: port 2(bridge_slave_1) entered blocking state
[  799.102378][T12504] bridge0: port 2(bridge_slave_1) entered disabled state
[  799.148888][T12504] bridge_slave_1: entered allmulticast mode
[  799.281424][T12504] bridge_slave_1: entered promiscuous mode
[  799.339747][T12686] fuse: Unknown parameter 'user_id00000000000000000000'
[  799.565883][T12688] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1638'.
[  799.632104][T12504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  799.679951][T12504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  800.154397][ T5899] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  800.267972][T12504] team0: Port device team_slave_0 added
[  800.380719][ T5899] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  800.422410][ T5899] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  800.443560][ T5899] usb 7-1: Product: syz
[  800.452207][ T5899] usb 7-1: Manufacturer: syz
[  800.464426][ T2996] hsr_slave_0: left promiscuous mode
[  800.527860][ T2996] hsr_slave_1: left promiscuous mode
[  800.647708][ T5899] usb 7-1: SerialNumber: syz
[  800.667688][ T2996] veth1_macvtap: left promiscuous mode
[  800.689313][ T5899] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  800.695751][ T2996] veth0_macvtap: left promiscuous mode
[  800.717372][ T2996] veth1_vlan: left promiscuous mode
[  800.725994][ T5986] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  800.753737][ T2996] veth0_vlan: left promiscuous mode
[  800.771114][T12703] kAFS: No cell specified
[  801.237993][T12695] netlink: 'syz.6.1640': attribute type 11 has an invalid length.
[  801.335095][ T5899] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  801.371815][T12711] syz.6.1640: attempt to access beyond end of device
[  801.371815][T12711] nbd6: rw=0, sector=0, nr_sectors = 1 limit=0
[  801.459920][T12711] (syz.6.1640,12711,0):ocfs2_get_sector:1714 ERROR: status = -5
[  801.499065][T12711] (syz.6.1640,12711,0):ocfs2_sb_probe:753 ERROR: status = -5
[  801.554344][T12711] (syz.6.1640,12711,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  801.563117][T12711] (syz.6.1640,12711,1):ocfs2_fill_super:1177 ERROR: status = -5
[  801.575368][ T5899] usb 5-1: Using ep0 maxpacket: 8
[  801.603086][ T5899] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  801.629440][ T5899] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  801.670677][ T5899] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  801.730120][ T1209] usb 7-1: USB disconnect, device number 24
[  801.763826][ T5899] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  801.795614][ T5899] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  801.814295][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  801.837624][ T5986] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  801.873970][ T5986] ath9k_htc: Failed to initialize the device
[  801.903470][ T1209] usb 7-1: ath9k_htc: USB layer deinitialized
[  802.052725][ T5899] usb 5-1: GET_CAPABILITIES returned 0
[  802.074330][ T5899] usbtmc 5-1:16.0: can't read capabilities
[  803.377727][ T5986] usb 5-1: USB disconnect, device number 33
[  804.311053][T12727] /dev/nullb0: Can't open blockdev
[  804.321081][T12725] sctp: [Deprecated]: syz.4.1645 (pid 12725) Use of struct sctp_assoc_value in delayed_ack socket option.
[  804.321081][T12725] Use struct sctp_sack_info instead
[  805.197770][T12734] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  806.223680][ T2996] team0 (unregistering): Port device team_slave_1 removed
[  806.315173][ T2996] team0 (unregistering): Port device team_slave_0 removed
[  807.297462][T12504] team0: Port device team_slave_1 added
[  807.474900][T12504] batman_adv: batadv0: Adding interface: batadv_slave_0
[  807.524414][T12504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  807.550815][T12504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  807.565396][T12504] batman_adv: batadv0: Adding interface: batadv_slave_1
[  807.572378][T12504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  807.637177][T12504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  807.784360][T12755] kAFS: No cell specified
[  807.845777][T12504] hsr_slave_0: entered promiscuous mode
[  807.863410][T12504] hsr_slave_1: entered promiscuous mode
[  807.876712][T12504] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  807.884698][T12504] Cannot create hsr debugfs directory
[  808.060587][T12750] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  808.085192][T12750] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  808.092731][T12750] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  808.102829][T12750] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  808.137311][T12750] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  808.280695][T12767] sctp: [Deprecated]: syz.4.1656 (pid 12767) Use of struct sctp_assoc_value in delayed_ack socket option.
[  808.280695][T12767] Use struct sctp_sack_info instead
[  808.825987][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  808.832473][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  809.458866][T12774] /dev/nullb0: Can't open blockdev
[  810.204569][ T5846] Bluetooth: hci5: command 0x0c1a tx timeout
[  810.210780][ T5846] Bluetooth: hci2: command 0x0c1a tx timeout
[  810.214313][ T5840] Bluetooth: hci1: command 0x041b tx timeout
[  810.516457][ T2996] IPVS: stop unused estimator thread 0...
[  812.040710][T12504] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  812.234674][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout
[  812.795567][T12504] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  812.891260][T12798] FAULT_INJECTION: forcing a failure.
[  812.891260][T12798] name failslab, interval 1, probability 0, space 0, times 0
[  812.904457][T12798] CPU: 1 UID: 0 PID: 12798 Comm: syz.4.1662 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  812.904484][T12798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  812.904496][T12798] Call Trace:
[  812.904504][T12798]  <TASK>
[  812.904512][T12798]  dump_stack_lvl+0x189/0x250
[  812.904540][T12798]  ? __pfx____ratelimit+0x10/0x10
[  812.904562][T12798]  ? __pfx_dump_stack_lvl+0x10/0x10
[  812.904584][T12798]  ? __pfx__printk+0x10/0x10
[  812.904615][T12798]  ? __pfx___might_resched+0x10/0x10
[  812.904636][T12798]  ? fs_reclaim_acquire+0x7d/0x100
[  812.904664][T12798]  should_fail_ex+0x414/0x560
[  812.904689][T12798]  should_failslab+0xa8/0x100
[  812.904712][T12798]  __kmalloc_noprof+0xcb/0x4f0
[  812.904730][T12798]  ? kfree+0x4d/0x440
[  812.904755][T12798]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  812.904787][T12798]  tomoyo_realpath_from_path+0xe3/0x5d0
[  812.904814][T12798]  ? tomoyo_domain+0xda/0x130
[  812.904846][T12798]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  812.904867][T12798]  tomoyo_path_number_perm+0x1e8/0x5a0
[  812.904891][T12798]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  812.904913][T12798]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  812.904951][T12798]  ? preempt_schedule_irq+0xde/0x150
[  812.904970][T12798]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  812.905003][T12798]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  812.905056][T12798]  ? __rcu_read_unlock+0x84/0xe0
[  812.905083][T12798]  ? __fget_files+0x2a/0x420
[  812.905104][T12798]  ? __fget_files+0x3a0/0x420
[  812.905123][T12798]  ? __fget_files+0x2a/0x420
[  812.905150][T12798]  security_file_ioctl+0xcb/0x2d0
[  812.905175][T12798]  __se_sys_ioctl+0x47/0x170
[  812.905206][T12798]  do_syscall_64+0xfa/0x3b0
[  812.905229][T12798]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  812.905247][T12798]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  812.905266][T12798]  ? clear_bhb_loop+0x60/0xb0
[  812.905290][T12798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  812.905308][T12798] RIP: 0033:0x7fe4eab8ebe9
[  812.905327][T12798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  812.905345][T12798] RSP: 002b:00007fe4e8df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  812.905366][T12798] RAX: ffffffffffffffda RBX: 00007fe4eadb6180 RCX: 00007fe4eab8ebe9
[  812.905381][T12798] RDX: 0000200000000040 RSI: 00000000c0606610 RDI: 0000000000000004
[  812.905394][T12798] RBP: 00007fe4e8df6090 R08: 0000000000000000 R09: 0000000000000000
[  812.905406][T12798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  812.905418][T12798] R13: 00007fe4eadb6218 R14: 00007fe4eadb6180 R15: 00007ffc7b5c3d78
[  812.905451][T12798]  </TASK>
[  812.905483][T12798] ERROR: Out of memory at tomoyo_realpath_from_path.
[  813.197685][T12504] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  813.225815][T12504] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  813.265390][T12801] kAFS: No cell specified
[  813.678372][T12812] sctp: [Deprecated]: syz.5.1666 (pid 12812) Use of struct sctp_assoc_value in delayed_ack socket option.
[  813.678372][T12812] Use struct sctp_sack_info instead
[  814.084818][T12504] 8021q: adding VLAN 0 to HW filter on device bond0
[  814.131982][T12504] 8021q: adding VLAN 0 to HW filter on device team0
[  814.258846][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  814.266171][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  814.287805][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  814.295026][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  814.320496][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout
[  814.613159][T12825] FAULT_INJECTION: forcing a failure.
[  814.613159][T12825] name failslab, interval 1, probability 0, space 0, times 0
[  814.651368][T12825] CPU: 1 UID: 0 PID: 12825 Comm: syz.5.1670 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  814.651397][T12825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  814.651410][T12825] Call Trace:
[  814.651417][T12825]  <TASK>
[  814.651426][T12825]  dump_stack_lvl+0x189/0x250
[  814.651452][T12825]  ? __pfx____ratelimit+0x10/0x10
[  814.651473][T12825]  ? __pfx_dump_stack_lvl+0x10/0x10
[  814.651495][T12825]  ? __pfx__printk+0x10/0x10
[  814.651526][T12825]  ? __pfx___might_resched+0x10/0x10
[  814.651546][T12825]  ? fs_reclaim_acquire+0x7d/0x100
[  814.651580][T12825]  should_fail_ex+0x414/0x560
[  814.651606][T12825]  should_failslab+0xa8/0x100
[  814.651630][T12825]  kmem_cache_alloc_noprof+0x73/0x3c0
[  814.651649][T12825]  ? security_inode_alloc+0x39/0x330
[  814.651682][T12825]  security_inode_alloc+0x39/0x330
[  814.651713][T12825]  inode_init_always_gfp+0x9ed/0xdc0
[  814.651742][T12825]  ? __pfx_sock_alloc_inode+0x10/0x10
[  814.651764][T12825]  alloc_inode+0x82/0x1b0
[  814.651784][T12825]  __sock_create+0x12d/0x9f0
[  814.651815][T12825]  mptcp_subflow_create_socket+0xfd/0xb40
[  814.651849][T12825]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  814.651876][T12825]  ? tomoyo_check_inet_address+0x275/0x8c0
[  814.651905][T12825]  __mptcp_nmpc_sk+0x148/0x750
[  814.651931][T12825]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  814.651955][T12825]  ? smack_ipv6host_label+0x81d/0x8e0
[  814.651978][T12825]  ? look_up_lock_class+0x74/0x170
[  814.652004][T12825]  mptcp_connect+0x6f/0x790
[  814.652028][T12825]  __inet_stream_connect+0x2ab/0xe80
[  814.652059][T12825]  ? __local_bh_enable_ip+0x12d/0x1c0
[  814.652078][T12825]  ? __pfx___inet_stream_connect+0x10/0x10
[  814.652100][T12825]  ? __local_bh_enable_ip+0x12d/0x1c0
[  814.652120][T12825]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  814.652150][T12825]  inet_stream_connect+0x66/0xa0
[  814.652174][T12825]  __sys_connect+0x316/0x440
[  814.652198][T12825]  ? __fget_files+0x3a0/0x420
[  814.652220][T12825]  ? __pfx___sys_connect+0x10/0x10
[  814.652258][T12825]  ? __pfx_ksys_write+0x10/0x10
[  814.652272][T12825]  ? rcu_is_watching+0x15/0xb0
[  814.652301][T12825]  __x64_sys_connect+0x7a/0x90
[  814.652325][T12825]  do_syscall_64+0xfa/0x3b0
[  814.652345][T12825]  ? lockdep_hardirqs_on+0x9c/0x150
[  814.652362][T12825]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  814.652381][T12825]  ? clear_bhb_loop+0x60/0xb0
[  814.652404][T12825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  814.652422][T12825] RIP: 0033:0x7f0a78b8ebe9
[  814.652439][T12825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  814.652457][T12825] RSP: 002b:00007f0a79a30038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  814.652477][T12825] RAX: ffffffffffffffda RBX: 00007f0a78db5fa0 RCX: 00007f0a78b8ebe9
[  814.652492][T12825] RDX: 000000000000001c RSI: 0000200000000180 RDI: 0000000000000006
[  814.652503][T12825] RBP: 00007f0a79a30090 R08: 0000000000000000 R09: 0000000000000000
[  814.652515][T12825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  814.652526][T12825] R13: 00007f0a78db6038 R14: 00007f0a78db5fa0 R15: 00007ffec0357338
[  814.652557][T12825]  </TASK>
[  814.652598][T12825] socket: no more sockets
[  816.056009][T12504] 8021q: adding VLAN 0 to HW filter on device batadv0
[  816.111669][T12834] sp0: Synchronizing with TNC
[  816.417469][ T5986] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  816.439908][T12842] syzkaller1: entered promiscuous mode
[  816.459496][T12842] syzkaller1: entered allmulticast mode
[  816.608138][ T5986] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  816.624740][   T49] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  816.639658][ T5986] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  816.684533][ T5986] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  816.734281][ T5986] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  816.784460][   T49] usb 7-1: Using ep0 maxpacket: 8
[  816.802282][   T49] usb 7-1: New USB device found, idVendor=046d, idProduct=08b3, bcdDevice=6d.2a
[  816.833168][   T49] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  816.871327][   T49] usb 7-1: config 0 descriptor??
[  816.912427][   T49] pwc: Logitech QuickCam Zoom USB webcam detected.
[  816.993127][   T49] pwc: Warning: more than 1 configuration available.
[  817.202594][   T49] pwc: Failed to set LED on/off time (-71)
[  817.216858][   T49] pwc: send_video_command error -71
[  817.262213][ T5986] usb 5-1: GET_CAPABILITIES returned 0
[  817.310160][ T5986] usbtmc 5-1:16.0: can't read capabilities
[  817.784262][   T49] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  817.793105][   T49] Philips webcam 7-1:0.0: probe with driver Philips webcam failed with error -71
[  817.804880][ T5986] usb 5-1: USB disconnect, device number 34
[  817.813520][   T49] usb 7-1: USB disconnect, device number 25
[  818.071865][T12861] kAFS: No cell specified
[  818.143567][T12863] sctp: [Deprecated]: syz.5.1677 (pid 12863) Use of struct sctp_assoc_value in delayed_ack socket option.
[  818.143567][T12863] Use struct sctp_sack_info instead
[  818.282892][T12504] veth0_vlan: entered promiscuous mode
[  818.505712][T12504] veth1_vlan: entered promiscuous mode
[  818.790187][T12504] veth0_macvtap: entered promiscuous mode
[  818.861495][T12504] veth1_macvtap: entered promiscuous mode
[  818.966088][T12504] batman_adv: batadv0: Interface activated: batadv_slave_0
[  819.033494][T12504] batman_adv: batadv0: Interface activated: batadv_slave_1
[  819.108097][T12504] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  819.162138][T12504] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  819.171095][T12504] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  819.180603][T12504] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  820.185208][T10042] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  820.194136][T10042] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  820.278036][T12881] netlink: 'syz.4.1683': attribute type 8 has an invalid length.
[  820.805218][ T2984] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  820.829807][ T2984] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  822.612749][T12895] netlink: 'syz.7.1583': attribute type 1 has an invalid length.
[  823.385850][T12899] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0)
[  823.529577][T12903] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 12903 comm: syz.7.1689)
[  823.552275][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  823.552307][   T30] audit: type=1800 audit(1755080730.923:514): pid=12903 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.1689" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=38469 res=0 errno=0
[  824.170280][T12907] sctp: [Deprecated]: syz.4.1690 (pid 12907) Use of struct sctp_assoc_value in delayed_ack socket option.
[  824.170280][T12907] Use struct sctp_sack_info instead
[  825.086804][T12914] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1693'.
[  825.096166][T12914] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1693'.
[  828.192198][T12928] overlayfs: upper fs does not support tmpfile.
[  828.963101][T12945] sctp: [Deprecated]: syz.6.1703 (pid 12945) Use of struct sctp_assoc_value in delayed_ack socket option.
[  828.963101][T12945] Use struct sctp_sack_info instead
[  829.175150][ T5899] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  829.451588][ T5899] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  829.611094][ T5899] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  829.641697][ T5899] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  829.667273][ T5899] usb 5-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  829.740193][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  829.764546][ T5899] usb 5-1: Product: syz
[  829.768852][ T5899] usb 5-1: Manufacturer: syz
[  829.773473][ T5899] usb 5-1: SerialNumber: syz
[  829.807580][ T5899] usb 5-1: config 0 descriptor??
[  830.130496][ T5956] usb 5-1: USB disconnect, device number 35
[  830.641370][T12961] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1707'.
[  830.922861][T12966] overlayfs: missing 'lowerdir'
[  832.731944][T12980] tipc: Started in network mode
[  832.737209][T12980] tipc: Node identity ac14140f, cluster identity 4711
[  832.747360][T12980] tipc: New replicast peer: 255.255.255.255
[  833.084829][T12979] FAULT_INJECTION: forcing a failure.
[  833.084829][T12979] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  833.098009][T12979] CPU: 0 UID: 0 PID: 12979 Comm: syz.0.1712 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  833.098024][T12979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  833.098031][T12979] Call Trace:
[  833.098036][T12979]  <TASK>
[  833.098041][T12979]  dump_stack_lvl+0x189/0x250
[  833.098057][T12979]  ? __pfx____ratelimit+0x10/0x10
[  833.098069][T12979]  ? __pfx_dump_stack_lvl+0x10/0x10
[  833.098080][T12979]  ? __pfx__printk+0x10/0x10
[  833.098094][T12979]  ? __might_fault+0xb0/0x130
[  833.098111][T12979]  should_fail_ex+0x414/0x560
[  833.098125][T12979]  _copy_from_user+0x2d/0xb0
[  833.098140][T12979]  ___sys_sendmsg+0x158/0x2a0
[  833.098158][T12979]  ? __pfx____sys_sendmsg+0x10/0x10
[  833.098194][T12979]  ? __fget_files+0x2a/0x420
[  833.098205][T12979]  ? __fget_files+0x3a0/0x420
[  833.098222][T12979]  __sys_sendmmsg+0x227/0x430
[  833.098250][T12979]  ? __pfx___sys_sendmmsg+0x10/0x10
[  833.098265][T12979]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  833.098292][T12979]  ? ksys_write+0x22a/0x250
[  833.098303][T12979]  ? __pfx_ksys_write+0x10/0x10
[  833.098310][T12979]  ? rcu_is_watching+0x15/0xb0
[  833.098326][T12979]  __x64_sys_sendmmsg+0xa0/0xc0
[  833.098342][T12979]  do_syscall_64+0xfa/0x3b0
[  833.098353][T12979]  ? lockdep_hardirqs_on+0x9c/0x150
[  833.098364][T12979]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  833.098374][T12979]  ? clear_bhb_loop+0x60/0xb0
[  833.098387][T12979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  833.098396][T12979] RIP: 0033:0x7f31ee18ebe9
[  833.098407][T12979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  833.098416][T12979] RSP: 002b:00007f31ec3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  833.098428][T12979] RAX: ffffffffffffffda RBX: 00007f31ee3b6180 RCX: 00007f31ee18ebe9
[  833.098436][T12979] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 000000000000000a
[  833.098443][T12979] RBP: 00007f31ec3f6090 R08: 0000000000000000 R09: 0000000000000000
[  833.098449][T12979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  833.098455][T12979] R13: 00007f31ee3b6218 R14: 00007f31ee3b6180 R15: 00007ffde105fd88
[  833.098472][T12979]  </TASK>
[  834.545659][T12980] tipc: Enabled bearer <udp:syz2>, priority 10
[  835.122613][T12980] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1711'.
[  835.516801][T12988] sctp: [Deprecated]: syz.6.1714 (pid 12988) Use of struct sctp_assoc_value in delayed_ack socket option.
[  835.516801][T12988] Use struct sctp_sack_info instead
[  835.986069][T12989] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  836.058151][ T5899] tipc: Node number set to 2886997007
[  836.140943][T12992] netlink: 'syz.4.1715': attribute type 83 has an invalid length.
[  837.133885][T12997] wg1 speed is unknown, defaulting to 1000
[  837.764078][T13005] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(9)
[  837.770618][T13005] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  837.782795][T13005] vhci_hcd vhci_hcd.0: Device attached
[  837.791946][T13005] vhci_hcd vhci_hcd.0: pdev(7) rhport(1) sockfd(11)
[  837.798596][T13005] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  837.808194][T13005] vhci_hcd vhci_hcd.0: Device attached
[  837.818601][T13005] vhci_hcd vhci_hcd.0: pdev(7) rhport(2) sockfd(13)
[  837.825229][T13005] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  837.833303][T13005] vhci_hcd vhci_hcd.0: Device attached
[  837.842667][T13005] vhci_hcd vhci_hcd.0: pdev(7) rhport(3) sockfd(16)
[  837.849300][T13005] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  837.860559][T13005] vhci_hcd vhci_hcd.0: Device attached
[  837.872180][T13005] vhci_hcd vhci_hcd.0: pdev(7) rhport(4) sockfd(18)
[  837.878849][T13005] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  837.892983][T13005] vhci_hcd vhci_hcd.0: Device attached
[  837.901493][T13005] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(20)
[  837.908161][T13005] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  837.925662][T13005] vhci_hcd vhci_hcd.0: Device attached
[  837.943054][T13005] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  837.963242][T13005] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  837.971984][ T5899] vhci_hcd: vhci_device speed not set
[  837.986906][T13005] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  838.044972][ T5899] usb 47-1: new full-speed USB device number 2 using vhci_hcd
[  838.110410][T13016] vhci_hcd: connection closed
[  838.110632][T13012] vhci_hcd: connection closed
[  838.112098][T13010] vhci_hcd: connection closed
[  838.116178][T13014] vhci_hcd: connection closed
[  838.121274][T13008] vhci_hcd: connection closed
[  838.126903][T13006] vhci_hcd: connection reset by peer
[  838.142385][   T48] vhci_hcd: stop threads
[  838.148600][   T48] vhci_hcd: release socket
[  838.154404][   T48] vhci_hcd: disconnect device
[  838.163704][   T48] vhci_hcd: stop threads
[  838.168580][   T48] vhci_hcd: release socket
[  838.173224][   T48] vhci_hcd: disconnect device
[  838.179752][   T48] vhci_hcd: stop threads
[  838.184128][   T48] vhci_hcd: release socket
[  838.189042][   T48] vhci_hcd: disconnect device
[  838.195060][   T48] vhci_hcd: stop threads
[  838.199948][   T48] vhci_hcd: release socket
[  838.206052][   T48] vhci_hcd: disconnect device
[  838.211207][   T48] vhci_hcd: stop threads
[  838.216183][   T48] vhci_hcd: release socket
[  838.220813][   T48] vhci_hcd: disconnect device
[  838.226188][   T48] vhci_hcd: stop threads
[  838.230551][   T48] vhci_hcd: release socket
[  838.237689][   T48] vhci_hcd: disconnect device
[  838.434700][T13027] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  838.441275][T13027] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  838.484806][ T1209] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  838.504836][T13027] vhci_hcd vhci_hcd.0: Device attached
[  838.716370][ T1209] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  838.735751][ T1209] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  838.769338][ T9452] usb 43-1: new low-speed USB device number 2 using vhci_hcd
[  838.769980][ T1209] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  838.908492][ T1209] usb 5-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  838.922880][ T1209] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  838.924397][T13028] vhci_hcd: connection reset by peer
[  838.936583][ T1209] usb 5-1: Product: syz
[  838.941145][ T1209] usb 5-1: Manufacturer: syz
[  838.951046][ T1209] usb 5-1: SerialNumber: syz
[  838.959487][ T1209] usb 5-1: config 0 descriptor??
[  838.974109][   T75] vhci_hcd: stop threads
[  838.982006][   T75] vhci_hcd: release socket
[  838.992101][   T75] vhci_hcd: disconnect device
[  839.935469][ T1209] usb 5-1: USB disconnect, device number 36
[  840.776235][T13045] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1726'.
[  841.142799][T13054] sctp: [Deprecated]: syz.6.1727 (pid 13054) Use of struct sctp_assoc_value in delayed_ack socket option.
[  841.142799][T13054] Use struct sctp_sack_info instead
[  842.766044][T13065] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  842.772876][T13065] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  842.781308][T13065] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  842.938932][T13068] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1732'.
[  843.100018][T13076] fuseblk: Bad value for 'fd'
[  843.516872][ T5899] vhci_hcd: vhci_device speed not set
[  844.323628][ T9452] vhci_hcd: vhci_device speed not set
[  844.804355][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout
[  844.810480][ T5840] Bluetooth: hci1: command 0x041b tx timeout
[  844.816612][ T5840] Bluetooth: hci5: command 0x0c1a tx timeout
[  844.944310][ T5986] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  845.104730][ T5986] usb 7-1: Using ep0 maxpacket: 16
[  845.115828][ T5986] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  845.149583][ T5986] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  845.209125][ T5986] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  845.253869][T13099] sctp: [Deprecated]: syz.0.1740 (pid 13099) Use of struct sctp_assoc_value in delayed_ack socket option.
[  845.253869][T13099] Use struct sctp_sack_info instead
[  845.429106][    T9] usb usb48-port1: attempt power cycle
[  845.672863][ T5986] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  845.684607][ T5986] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  845.692822][ T5986] usb 7-1: Product: syz
[  845.698966][ T5986] usb 7-1: Manufacturer: syz
[  845.704565][ T5986] usb 7-1: SerialNumber: syz
[  846.231440][ T5986] usb 7-1: 2:1 : format type 0 is detected, processed as PCM
[  846.278435][ T5986] usb 7-1: 2:1: cannot set freq 9338507 to ep 0x82
[  846.325811][    T9] usb usb48-port1: unable to enumerate USB device
[  846.401687][T13113] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  846.422931][ T5986] usb 7-1: USB disconnect, device number 26
[  846.517642][T13114] netlink: 'syz.0.1744': attribute type 83 has an invalid length.
[  846.680148][T13118] netlink: 'syz.7.1745': attribute type 10 has an invalid length.
[  846.689421][T13121] netlink: 'syz.7.1745': attribute type 10 has an invalid length.
[  846.784977][T13118] 8021q: adding VLAN 0 to HW filter on device team0
[  846.881507][T13118] bond0: (slave team0): Enslaving as an active interface with an up link
[  846.970710][T13119] netlink: 'syz.5.1746': attribute type 10 has an invalid length.
[  847.144833][T13119] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1746'.
[  850.361277][T13147] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1753'.
[  852.466413][ T5845] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  853.093084][ T5845] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  853.176886][ T5845] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  853.245475][ T5845] usb 5-1: Product: syz
[  853.274933][ T5845] usb 5-1: Manufacturer: syz
[  853.302654][ T5845] usb 5-1: SerialNumber: syz
[  853.519069][ T5845] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  853.761997][   T49] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  854.551790][T13185] syz.4.1760: attempt to access beyond end of device
[  854.551790][T13185] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  854.649607][T13185] (syz.4.1760,13185,1):ocfs2_get_sector:1714 ERROR: status = -5
[  854.660620][T13185] (syz.4.1760,13185,1):ocfs2_sb_probe:753 ERROR: status = -5
[  854.704950][T13195] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1767'.
[  854.742752][T13185] (syz.4.1760,13185,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  854.808778][T13185] (syz.4.1760,13185,1):ocfs2_fill_super:1177 ERROR: status = -5
[  855.066348][   T49] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  855.076489][   T49] ath9k_htc: Failed to initialize the device
[  855.220006][   T49] usb 5-1: ath9k_htc: USB layer deinitialized
[  855.543350][ T5956] usb 5-1: USB disconnect, device number 37
[  855.596771][T13200] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1768'.
[  855.660382][T13204] sp0: Synchronizing with TNC
[  855.945165][T13214] vivid-000: disconnect
[  855.964440][    T9] usb 7-1: new full-speed USB device number 27 using dummy_hcd
[  855.972579][T13214] Bluetooth: MGMT ver 1.23
[  856.235701][T13216] vlan2: entered allmulticast mode
[  856.247389][    T9] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  856.260700][T13216] erspan0: entered allmulticast mode
[  856.266261][    T9] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  856.323092][T13218] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1773'.
[  856.895085][T13209] vivid-000: reconnect
[  856.919855][    T9] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  856.929379][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  857.285423][    T9] usb 7-1: GET_CAPABILITIES returned 0
[  857.304291][    T9] usbtmc 7-1:16.0: can't read capabilities
[  857.530992][   T49] usb 7-1: USB disconnect, device number 27
[  859.046159][T13224] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  859.052998][T13224] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  859.064890][T13224] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  859.724740][T13246] netlink: 'syz.0.1781': attribute type 29 has an invalid length.
[  859.743237][T13248] netlink: 'syz.0.1781': attribute type 29 has an invalid length.
[  860.954217][T13265] loop4: detected capacity change from 0 to 524255232
[  861.115946][T12506] Bluetooth: hci2: command 0x0c1a tx timeout
[  861.116563][ T5840] Bluetooth: hci1: command 0x041b tx timeout
[  861.122158][T12506] Bluetooth: hci5: command 0x0c1a tx timeout
[  861.154513][T13266] loop4: detected capacity change from 524255232 to 524287956
[  861.791579][   T30] audit: type=1800 audit(1755080769.173:515): pid=13275 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.1787" name="file0" dev="fuse" ino=2 res=0 errno=0
[  861.803034][T13278] FAULT_INJECTION: forcing a failure.
[  861.803034][T13278] name failslab, interval 1, probability 0, space 0, times 0
[  861.825902][T13278] CPU: 0 UID: 0 PID: 13278 Comm: syz.7.1790 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  861.825930][T13278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  861.825943][T13278] Call Trace:
[  861.825951][T13278]  <TASK>
[  861.825960][T13278]  dump_stack_lvl+0x189/0x250
[  861.825988][T13278]  ? __pfx____ratelimit+0x10/0x10
[  861.826009][T13278]  ? __pfx_dump_stack_lvl+0x10/0x10
[  861.826031][T13278]  ? __pfx__printk+0x10/0x10
[  861.826071][T13278]  should_fail_ex+0x414/0x560
[  861.826096][T13278]  should_failslab+0xa8/0x100
[  861.826119][T13278]  __kmalloc_cache_noprof+0x70/0x3d0
[  861.826138][T13278]  ? sdev_prefix_printk+0xc7/0x1f0
[  861.826165][T13278]  sdev_prefix_printk+0xc7/0x1f0
[  861.826192][T13278]  ? __pfx_sdev_prefix_printk+0x10/0x10
[  861.826210][T13278]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  861.826240][T13278]  ? lockdep_hardirqs_on+0x9c/0x150
[  861.826261][T13278]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  861.826291][T13278]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  861.826330][T13278]  virtscsi_device_reset+0x6d/0x320
[  861.826365][T13278]  scsi_ioctl_reset+0x372/0x740
[  861.826395][T13278]  scsi_ioctl+0x81e/0x1fb0
[  861.826420][T13278]  ? __pfx_scsi_ioctl+0x10/0x10
[  861.826473][T13278]  ? kasan_quarantine_put+0xdd/0x220
[  861.826502][T13278]  ? __pfx___might_resched+0x10/0x10
[  861.826531][T13278]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  861.826553][T13278]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  861.826576][T13278]  ? scsi_block_when_processing_errors+0x390/0x470
[  861.826597][T13278]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  861.826619][T13278]  ? __pfx_scsi_block_when_processing_errors+0x10/0x10
[  861.826662][T13278]  sg_ioctl+0x1886/0x2230
[  861.826698][T13278]  ? __pfx_sg_ioctl+0x10/0x10
[  861.826730][T13278]  ? __fget_files+0x2a/0x420
[  861.826751][T13278]  ? __fget_files+0x3a0/0x420
[  861.826771][T13278]  ? __fget_files+0x2a/0x420
[  861.826795][T13278]  ? bpf_lsm_file_ioctl+0x9/0x20
[  861.826817][T13278]  ? __pfx_sg_ioctl+0x10/0x10
[  861.826842][T13278]  __se_sys_ioctl+0xfc/0x170
[  861.826873][T13278]  do_syscall_64+0xfa/0x3b0
[  861.826893][T13278]  ? lockdep_hardirqs_on+0x9c/0x150
[  861.826912][T13278]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  861.826930][T13278]  ? clear_bhb_loop+0x60/0xb0
[  861.826954][T13278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  861.826971][T13278] RIP: 0033:0x7fb98118ebe9
[  861.826989][T13278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  861.827006][T13278] RSP: 002b:00007fb981ff9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  861.827027][T13278] RAX: ffffffffffffffda RBX: 00007fb9813b5fa0 RCX: 00007fb98118ebe9
[  861.827042][T13278] RDX: 0000200000000080 RSI: 0000000000002284 RDI: 0000000000000003
[  861.827054][T13278] RBP: 00007fb981ff9090 R08: 0000000000000000 R09: 0000000000000000
[  861.827066][T13278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  861.827078][T13278] R13: 00007fb9813b6038 R14: 00007fb9813b5fa0 R15: 00007ffc41b42c98
[  861.827110][T13278]  </TASK>
[  862.132127][    C0] vkms_vblank_simulate: vblank timer overrun
[  862.261017][   T30] audit: type=1326 audit(1755080769.173:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13271 comm="syz.6.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  862.316821][   T30] audit: type=1326 audit(1755080769.173:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13271 comm="syz.6.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  862.389225][   T30] audit: type=1326 audit(1755080769.533:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13271 comm="syz.6.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  862.410803][    C0] vkms_vblank_simulate: vblank timer overrun
[  862.417009][   T30] audit: type=1326 audit(1755080769.533:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13271 comm="syz.6.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  862.439365][   T30] audit: type=1326 audit(1755080769.533:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13271 comm="syz.6.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  862.460962][    C0] vkms_vblank_simulate: vblank timer overrun
[  862.518738][   T30] audit: type=1326 audit(1755080769.533:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13271 comm="syz.6.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  862.612645][   T30] audit: type=1326 audit(1755080769.533:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13271 comm="syz.6.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  862.643380][   T30] audit: type=1326 audit(1755080769.533:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13271 comm="syz.6.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  862.656137][T13287] netlink: 260 bytes leftover after parsing attributes in process `syz.7.1793'.
[  863.053272][T13289] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1792'.
[  863.354642][T13302] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1796'.
[  863.383866][T13302] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1796'.
[  863.411723][T13301] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  863.434082][T13301] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  864.772709][T13312] netlink: 'syz.6.1800': attribute type 29 has an invalid length.
[  865.017393][T13312] netlink: 'syz.6.1800': attribute type 29 has an invalid length.
[  866.232118][T13331] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  866.684198][T13348] FAULT_INJECTION: forcing a failure.
[  866.684198][T13348] name failslab, interval 1, probability 0, space 0, times 0
[  866.707764][T13348] CPU: 1 UID: 0 PID: 13348 Comm: syz.7.1811 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  866.707792][T13348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  866.707802][T13348] Call Trace:
[  866.707809][T13348]  <TASK>
[  866.707816][T13348]  dump_stack_lvl+0x189/0x250
[  866.707840][T13348]  ? __pfx____ratelimit+0x10/0x10
[  866.707859][T13348]  ? __pfx_dump_stack_lvl+0x10/0x10
[  866.707884][T13348]  ? __pfx__printk+0x10/0x10
[  866.707910][T13348]  ? __pfx___might_resched+0x10/0x10
[  866.707928][T13348]  ? fs_reclaim_acquire+0x7d/0x100
[  866.707952][T13348]  should_fail_ex+0x414/0x560
[  866.707975][T13348]  should_failslab+0xa8/0x100
[  866.707995][T13348]  __kmalloc_cache_noprof+0x70/0x3d0
[  866.708011][T13348]  ? register_netdevice+0x58b/0x1ae0
[  866.708033][T13348]  register_netdevice+0x58b/0x1ae0
[  866.708065][T13348]  ? __pfx_register_netdevice+0x10/0x10
[  866.708086][T13348]  ? net_generic+0x1e/0x240
[  866.708109][T13348]  ? net_generic+0x1e/0x240
[  866.708130][T13348]  ? geneve_configure+0x556/0xa80
[  866.708157][T13348]  geneve_configure+0x645/0xa80
[  866.708189][T13348]  geneve_newlink+0x188/0x220
[  866.708210][T13348]  ? alloc_netdev_mqs+0xc9e/0x11e0
[  866.708230][T13348]  ? __pfx_geneve_newlink+0x10/0x10
[  866.708270][T13348]  ? __pfx_geneve_newlink+0x10/0x10
[  866.708294][T13348]  rtnl_newlink_create+0x30d/0xb00
[  866.708323][T13348]  ? __lock_acquire+0xab9/0xd20
[  866.708344][T13348]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  866.708366][T13348]  ? rtnl_newlink+0x8db/0x1c70
[  866.708390][T13348]  ? __pfx___mutex_lock+0x10/0x10
[  866.708419][T13348]  ? ns_capable+0x8a/0xf0
[  866.708441][T13348]  rtnl_newlink+0x16d6/0x1c70
[  866.708465][T13348]  ? netlink_sendmsg+0x805/0xb30
[  866.708501][T13348]  ? __pfx_rtnl_newlink+0x10/0x10
[  866.708545][T13348]  ? kasan_quarantine_put+0xdd/0x220
[  866.708569][T13348]  ? lockdep_hardirqs_on+0x9c/0x150
[  866.708601][T13348]  ? nlmon_xmit+0xb0/0x100
[  866.708620][T13348]  ? kmem_cache_free+0x18f/0x400
[  866.708643][T13348]  ? __local_bh_enable_ip+0x12d/0x1c0
[  866.708660][T13348]  ? lockdep_hardirqs_on+0x9c/0x150
[  866.708678][T13348]  ? __local_bh_enable_ip+0x12d/0x1c0
[  866.708695][T13348]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  866.708717][T13348]  ? __dev_queue_xmit+0x27e/0x3a70
[  866.708734][T13348]  ? __dev_queue_xmit+0x27e/0x3a70
[  866.708749][T13348]  ? __dev_queue_xmit+0x27e/0x3a70
[  866.708767][T13348]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  866.708789][T13348]  ? __lock_acquire+0xab9/0xd20
[  866.708828][T13348]  ? __pfx_rtnl_newlink+0x10/0x10
[  866.708848][T13348]  rtnetlink_rcv_msg+0x7cc/0xb70
[  866.708874][T13348]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  866.708899][T13348]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  866.708918][T13348]  ? ref_tracker_free+0x63a/0x7d0
[  866.708934][T13348]  ? __copy_skb_header+0xa7/0x550
[  866.708952][T13348]  ? __pfx_ref_tracker_free+0x10/0x10
[  866.708970][T13348]  ? __skb_clone+0x63/0x7a0
[  866.708993][T13348]  netlink_rcv_skb+0x205/0x470
[  866.709016][T13348]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  866.709039][T13348]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  866.709074][T13348]  ? netlink_deliver_tap+0x2e/0x1b0
[  866.709096][T13348]  ? netlink_deliver_tap+0x2e/0x1b0
[  866.709124][T13348]  netlink_unicast+0x75c/0x8e0
[  866.709156][T13348]  netlink_sendmsg+0x805/0xb30
[  866.709188][T13348]  ? __pfx_netlink_sendmsg+0x10/0x10
[  866.709219][T13348]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  866.709235][T13348]  ? __pfx_netlink_sendmsg+0x10/0x10
[  866.709259][T13348]  __sock_sendmsg+0x21c/0x270
[  866.709282][T13348]  ____sys_sendmsg+0x505/0x830
[  866.709313][T13348]  ? __pfx_____sys_sendmsg+0x10/0x10
[  866.709347][T13348]  ? import_iovec+0x74/0xa0
[  866.709373][T13348]  ___sys_sendmsg+0x21f/0x2a0
[  866.709400][T13348]  ? __pfx____sys_sendmsg+0x10/0x10
[  866.709460][T13348]  ? __fget_files+0x2a/0x420
[  866.709478][T13348]  ? __fget_files+0x3a0/0x420
[  866.709506][T13348]  __x64_sys_sendmsg+0x19b/0x260
[  866.709534][T13348]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  866.709569][T13348]  ? __pfx_ksys_write+0x10/0x10
[  866.709589][T13348]  ? do_syscall_64+0xbe/0x3b0
[  866.709611][T13348]  do_syscall_64+0xfa/0x3b0
[  866.709628][T13348]  ? lockdep_hardirqs_on+0x9c/0x150
[  866.709645][T13348]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.709661][T13348]  ? clear_bhb_loop+0x60/0xb0
[  866.709681][T13348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.709697][T13348] RIP: 0033:0x7fb98118ebe9
[  866.709712][T13348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  866.709727][T13348] RSP: 002b:00007fb981ff9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  866.709746][T13348] RAX: ffffffffffffffda RBX: 00007fb9813b5fa0 RCX: 00007fb98118ebe9
[  866.709759][T13348] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  866.709769][T13348] RBP: 00007fb981ff9090 R08: 0000000000000000 R09: 0000000000000000
[  866.709780][T13348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  866.709790][T13348] R13: 00007fb9813b6038 R14: 00007fb9813b5fa0 R15: 00007ffc41b42c98
[  866.709819][T13348]  </TASK>
[  867.364230][ T5956] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  867.534732][ T5956] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  867.545651][ T5956] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  867.555497][ T5956] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  867.582535][ T5956] usb 7-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  867.591848][ T5956] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  867.600051][ T5956] usb 7-1: Product: syz
[  867.604655][ T5956] usb 7-1: Manufacturer: syz
[  867.609620][ T5956] usb 7-1: SerialNumber: syz
[  867.639939][ T5956] usb 7-1: config 0 descriptor??
[  868.158196][ T5986] usb 7-1: USB disconnect, device number 28
[  868.162840][T13368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  868.192801][T13368] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  868.394301][ T5956] usb 5-1: new full-speed USB device number 38 using dummy_hcd
[  868.824057][ T5956] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  868.900551][ T5956] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  868.927917][ T5956] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  868.950800][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  868.964310][ T5956] usb 5-1: Product: syz
[  868.969362][ T5956] usb 5-1: Manufacturer: syz
[  868.980734][ T5956] usb 5-1: SerialNumber: syz
[  869.282580][ T5956] usb 5-1: 0:2 : does not exist
[  869.315039][ T5956] usb 5-1: unit 6 not found!
[  869.413058][T13390] FAULT_INJECTION: forcing a failure.
[  869.413058][T13390] name failslab, interval 1, probability 0, space 0, times 0
[  869.426695][T13390] CPU: 1 UID: 0 PID: 13390 Comm: syz.6.1825 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  869.426721][T13390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  869.426733][T13390] Call Trace:
[  869.426740][T13390]  <TASK>
[  869.426749][T13390]  dump_stack_lvl+0x189/0x250
[  869.426797][T13390]  ? __pfx____ratelimit+0x10/0x10
[  869.426818][T13390]  ? __pfx_dump_stack_lvl+0x10/0x10
[  869.426840][T13390]  ? __pfx__printk+0x10/0x10
[  869.426871][T13390]  ? __pfx___might_resched+0x10/0x10
[  869.426891][T13390]  ? fs_reclaim_acquire+0x7d/0x100
[  869.426920][T13390]  should_fail_ex+0x414/0x560
[  869.426946][T13390]  should_failslab+0xa8/0x100
[  869.426974][T13390]  __kmalloc_noprof+0xcb/0x4f0
[  869.426991][T13390]  ? kfree+0x4d/0x440
[  869.427017][T13390]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  869.427047][T13390]  tomoyo_realpath_from_path+0xe3/0x5d0
[  869.427074][T13390]  ? tomoyo_domain+0xda/0x130
[  869.427105][T13390]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  869.427131][T13390]  tomoyo_path_number_perm+0x1e8/0x5a0
[  869.427160][T13390]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  869.427182][T13390]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  869.427214][T13390]  ? rcu_is_watching+0x15/0xb0
[  869.427245][T13390]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  869.427305][T13390]  ? __rcu_read_unlock+0x84/0xe0
[  869.427332][T13390]  ? __fget_files+0x2a/0x420
[  869.427353][T13390]  ? __fget_files+0x3a0/0x420
[  869.427372][T13390]  ? __fget_files+0x2a/0x420
[  869.427399][T13390]  security_file_ioctl+0xcb/0x2d0
[  869.427424][T13390]  __se_sys_ioctl+0x47/0x170
[  869.427454][T13390]  do_syscall_64+0xfa/0x3b0
[  869.427476][T13390]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  869.427493][T13390]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  869.427511][T13390]  ? clear_bhb_loop+0x60/0xb0
[  869.427534][T13390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  869.427551][T13390] RIP: 0033:0x7fb83b78ebe9
[  869.427569][T13390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  869.427585][T13390] RSP: 002b:00007fb83c5aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  869.427604][T13390] RAX: ffffffffffffffda RBX: 00007fb83b9b6090 RCX: 00007fb83b78ebe9
[  869.427618][T13390] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000008
[  869.427631][T13390] RBP: 00007fb83c5aa090 R08: 0000000000000000 R09: 0000000000000000
[  869.427642][T13390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  869.427654][T13390] R13: 00007fb83b9b6128 R14: 00007fb83b9b6090 R15: 00007ffd2121c2c8
[  869.427687][T13390]  </TASK>
[  869.427736][T13390] ERROR: Out of memory at tomoyo_realpath_from_path.
[  869.635423][    C1] vkms_vblank_simulate: vblank timer overrun
[  869.707543][T13390] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0)
[  870.354628][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  870.362716][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  870.483871][ T5956] usb 5-1: USB disconnect, device number 38
[  870.819970][T13402] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0)
[  872.476765][T13415] overlayfs: missing 'lowerdir'
[  873.660770][ T5956] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  874.274302][ T5956] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  874.413427][ T5956] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  874.422672][ T5956] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  874.439999][ T5956] usb 5-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  874.449349][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  874.457500][ T5956] usb 5-1: Product: syz
[  874.461680][ T5956] usb 5-1: Manufacturer: syz
[  874.471895][ T5956] usb 5-1: SerialNumber: syz
[  874.481843][ T5956] usb 5-1: config 0 descriptor??
[  874.767847][ T5956] usb 5-1: USB disconnect, device number 39
[  876.634625][T13455] comedi comedi2: comedi_config --init_data is deprecated
[  876.695778][T13453] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  876.842682][T13459] netlink: 'syz.7.1842': attribute type 83 has an invalid length.
[  877.020461][T13464] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  877.031946][T13464] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  877.038306][T13464] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  877.106114][T13474] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1849'.
[  877.954260][    T9] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  879.035254][ T5846] Bluetooth: hci5: command 0x0c1a tx timeout
[  879.041536][T13269] Bluetooth: hci1: command 0x041b tx timeout
[  879.099841][T13481] comedi comedi2: reset error (fatal)
[  879.124481][T13269] Bluetooth: hci2: command 0x0c1a tx timeout
[  879.154277][    T9] usb 7-1: device descriptor read/64, error -71
[  879.680852][    T9] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  879.885616][T13511] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1860'.
[  880.278979][    T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  880.296451][    T9] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  880.310107][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  880.410903][T13516] mkiss: ax0: crc mode is auto.
[  881.713418][    T9] usb 7-1: string descriptor 0 read error: -71
[  881.747464][T13524] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1865'.
[  881.749309][    T9] usb 7-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  881.785995][T13528] 9pnet_fd: Insufficient options for proto=fd
[  881.833400][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  881.852013][    T9] usb 7-1: config 0 descriptor??
[  882.093659][ T9452] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  882.109296][    T9] usb 7-1: can't set config #0, error -71
[  882.315190][ T9452] usb 5-1: Using ep0 maxpacket: 8
[  882.351088][ T9452] usb 5-1: config 0 has an invalid interface number: 47 but max is 1
[  882.361197][    T9] usb 7-1: USB disconnect, device number 30
[  882.372716][ T9452] usb 5-1: config 0 has an invalid descriptor of length 185, skipping remainder of the config
[  882.403891][ T9452] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  882.422503][ T9452] usb 5-1: config 0 has no interface number 0
[  882.430717][T13532] 9pnet_fd: Insufficient options for proto=fd
[  882.442225][ T9452] usb 5-1: config 0 interface 47 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  882.639826][ T9452] usb 5-1: New USB device found, idVendor=04c1, idProduct=009d, bcdDevice=1f.14
[  882.652921][ T9452] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  882.681467][ T9452] usb 5-1: Product: syz
[  882.706106][ T9452] usb 5-1: Manufacturer: syz
[  882.929615][ T9452] usb 5-1: SerialNumber: syz
[  883.011410][ T9452] usb 5-1: config 0 descriptor??
[  883.032142][ T9452] gspca_main: vicam-2.14.0 probing 04c1:009d
[  883.050310][ T9452] usb 5-1: Direct firmware load for vicam/firmware.fw failed with error -2
[  883.094216][ T9452] usb 5-1: Falling back to sysfs fallback for: vicam/firmware.fw
[  883.739518][T13546] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  883.863329][T13547] netlink: 'syz.6.1871': attribute type 83 has an invalid length.
[  884.841498][T13564] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1877'.
[  884.854687][T13563] FAULT_INJECTION: forcing a failure.
[  884.854687][T13563] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  884.889897][T13563] CPU: 1 UID: 0 PID: 13563 Comm: syz.5.1876 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  884.889915][T13563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  884.889922][T13563] Call Trace:
[  884.889927][T13563]  <TASK>
[  884.889932][T13563]  dump_stack_lvl+0x189/0x250
[  884.889949][T13563]  ? __pfx____ratelimit+0x10/0x10
[  884.889960][T13563]  ? __pfx_dump_stack_lvl+0x10/0x10
[  884.889972][T13563]  ? __pfx__printk+0x10/0x10
[  884.889992][T13563]  should_fail_ex+0x414/0x560
[  884.890006][T13563]  _copy_to_user+0x31/0xb0
[  884.890022][T13563]  simple_read_from_buffer+0xe1/0x170
[  884.890037][T13563]  proc_fail_nth_read+0x1df/0x250
[  884.890052][T13563]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  884.890082][T13563]  ? rw_verify_area+0x258/0x650
[  884.890098][T13563]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  884.890111][T13563]  vfs_read+0x200/0x980
[  884.890130][T13563]  ? __pfx___mutex_lock+0x10/0x10
[  884.890142][T13563]  ? __pfx_vfs_read+0x10/0x10
[  884.890164][T13563]  ? __fget_files+0x2a/0x420
[  884.890179][T13563]  ? __fget_files+0x3a0/0x420
[  884.890189][T13563]  ? __fget_files+0x2a/0x420
[  884.890205][T13563]  ksys_read+0x145/0x250
[  884.890217][T13563]  ? __pfx_ksys_read+0x10/0x10
[  884.890224][T13563]  ? rcu_is_watching+0x15/0xb0
[  884.890239][T13563]  ? do_syscall_64+0xbe/0x3b0
[  884.890252][T13563]  do_syscall_64+0xfa/0x3b0
[  884.890263][T13563]  ? lockdep_hardirqs_on+0x9c/0x150
[  884.890273][T13563]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  884.890283][T13563]  ? clear_bhb_loop+0x60/0xb0
[  884.890295][T13563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  884.890305][T13563] RIP: 0033:0x7f0a78b8d5fc
[  884.890315][T13563] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  884.890324][T13563] RSP: 002b:00007f0a79a30030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  884.890336][T13563] RAX: ffffffffffffffda RBX: 00007f0a78db5fa0 RCX: 00007f0a78b8d5fc
[  884.890344][T13563] RDX: 000000000000000f RSI: 00007f0a79a300a0 RDI: 0000000000000046
[  884.890351][T13563] RBP: 00007f0a79a30090 R08: 0000000000000000 R09: 0000000000000000
[  884.890357][T13563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  884.890363][T13563] R13: 00007f0a78db6038 R14: 00007f0a78db5fa0 R15: 00007ffec0357338
[  884.890380][T13563]  </TASK>
[  886.866368][   T30] audit: type=1326 audit(1755080799.558:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.7.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  887.016889][   T30] audit: type=1326 audit(1755080799.558:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.7.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  887.048190][   T30] audit: type=1326 audit(1755080799.558:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.7.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  887.091947][   T30] audit: type=1326 audit(1755080799.558:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.7.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  887.158605][   T30] audit: type=1326 audit(1755080799.558:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.7.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  887.290767][   T30] audit: type=1326 audit(1755080799.558:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.7.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  887.409164][T13592] 8021q: adding VLAN 0 to HW filter on device bond1
[  887.719285][ T2996] Bluetooth: hci6: Frame reassembly failed (-84)
[  887.785856][   T30] audit: type=1326 audit(1755080799.558:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.7.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  887.839308][ T2996] Bluetooth: hci6: Frame reassembly failed (-84)
[  888.143799][   T30] audit: type=1326 audit(1755080799.568:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.7.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  888.526554][   T30] audit: type=1326 audit(1755080799.568:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.7.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  888.936648][   T30] audit: type=1326 audit(1755080799.868:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.7.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  889.674290][T13269] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  890.946343][T13612] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  890.958333][ T1209] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  891.201357][ T1209] usb 7-1: config 0 has an invalid interface number: 24 but max is 0
[  891.214224][ T1209] usb 7-1: config 0 has no interface number 0
[  891.234960][ T1209] usb 7-1: too many endpoints for config 0 interface 24 altsetting 84: 236, using maximum allowed: 30
[  891.375216][ T1209] usb 7-1: config 0 interface 24 altsetting 84 has 0 endpoint descriptors, different from the interface descriptor's value: 236
[  891.411074][T13599] overlayfs: failed to resolve './bus': -2
[  891.515935][ T1209] usb 7-1: config 0 interface 24 has no altsetting 0
[  891.522957][ T1209] usb 7-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=26.ea
[  891.540340][ T1209] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  891.553429][ T1209] usb 7-1: config 0 descriptor??
[  891.621642][T13623] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  891.671563][T13623] syzkaller0: entered promiscuous mode
[  891.677414][T13623] syzkaller0: entered allmulticast mode
[  891.684667][T13623] tipc: Resetting bearer <eth:syzkaller0>
[  891.718243][T13623] hub 1-0:1.0: USB hub found
[  891.723330][T13623] hub 1-0:1.0: 1 port detected
[  891.741126][T13622] tipc: Resetting bearer <eth:syzkaller0>
[  891.782229][ T1209] usb 7-1: string descriptor 0 read error: -71
[  891.792625][ T1209] usb 7-1: Invalid firmware size=18.
[  891.804529][ T1209] usb 7-1: USB disconnect, device number 31
[  895.788697][T13622] tipc: Disabling bearer <eth:syzkaller0>
[  895.980562][T13654] netlink: 'syz.0.1901': attribute type 10 has an invalid length.
[  895.988492][T13654] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1901'.
[  895.999313][T13654] batman_adv: batadv0: Adding interface: virt_wifi0
[  896.006092][T13654] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  896.031782][T13654] batman_adv: batadv0: Interface activated: virt_wifi0
[  896.201206][T13649] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1900'.
[  896.211305][T13649] PKCS7: Unknown OID: [4] 0.0
[  896.216116][T13649] PKCS7: Only support pkcs7_signedData type
[  896.490098][T13664] wg1 speed is unknown, defaulting to 1000
[  896.829525][T13669] loop6: detected capacity change from 0 to 63
[  896.843121][T13669] buffer_io_error: 23 callbacks suppressed
[  896.843140][T13669] Buffer I/O error on dev loop6, logical block 0, async page read
[  896.865284][T13669] Buffer I/O error on dev loop6, logical block 1, async page read
[  896.873359][T13669] Buffer I/O error on dev loop6, logical block 2, async page read
[  896.886669][T13669] Buffer I/O error on dev loop6, logical block 3, async page read
[  897.005807][T13671] Buffer I/O error on dev loop6, logical block 0, async page read
[  897.099027][T13671] Buffer I/O error on dev loop6, logical block 1, async page read
[  897.169753][T13671] Buffer I/O error on dev loop6, logical block 2, async page read
[  897.225566][T13671] Buffer I/O error on dev loop6, logical block 3, async page read
[  897.353468][T13669] Buffer I/O error on dev loop6, logical block 0, async page read
[  897.439480][T13669] Buffer I/O error on dev loop6, logical block 1, async page read
[  901.594007][T13688] tipc: Started in network mode
[  901.634697][T13688] tipc: Node identity f278f3c9cf0e, cluster identity 4711
[  901.642054][T13688] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  901.712255][   T49] IPVS: starting estimator thread 0...
[  901.778603][T13688] syzkaller0: entered promiscuous mode
[  901.792411][T13688] syzkaller0: entered allmulticast mode
[  901.824434][T13696] IPVS: using max 49 ests per chain, 117600 per kthread
[  902.535547][T13709] futex_wake_op: syz.0.1918 tries to shift op by -1; fix this program
[  902.612578][T13687] tipc: Resetting bearer <eth:syzkaller0>
[  902.697398][T13687] tipc: Disabling bearer <eth:syzkaller0>
[  902.724591][   T49] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  902.907528][   T49] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  902.967705][   T49] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  903.186216][   T49] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  903.335490][   T49] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  903.350813][T13705] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  903.361321][   T49] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  904.661261][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  904.661302][   T30] audit: type=1326 audit(1755080817.778:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13716 comm="syz.0.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ee18ebe9 code=0x7ffc0000
[  906.142694][    T9] usb 7-1: USB disconnect, device number 32
[  906.189464][   T30] audit: type=1326 audit(1755080817.788:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13716 comm="syz.0.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ee18ebe9 code=0x7ffc0000
[  906.618786][   T30] audit: type=1326 audit(1755080817.798:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13716 comm="syz.0.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f31ee18ebe9 code=0x7ffc0000
[  907.021692][   T30] audit: type=1326 audit(1755080817.798:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13716 comm="syz.0.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ee18ebe9 code=0x7ffc0000
[  907.409164][   T30] audit: type=1326 audit(1755080817.798:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13716 comm="syz.0.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ee18ebe9 code=0x7ffc0000
[  907.463193][   T30] audit: type=1326 audit(1755080817.818:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13716 comm="syz.0.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7f31ee18ebe9 code=0x7ffc0000
[  907.484959][   T30] audit: type=1326 audit(1755080817.828:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13716 comm="syz.0.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ee18ebe9 code=0x7ffc0000
[  907.508867][   T30] audit: type=1326 audit(1755080817.828:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13716 comm="syz.0.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ee18ebe9 code=0x7ffc0000
[  907.530621][   T30] audit: type=1326 audit(1755080817.838:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13716 comm="syz.0.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f31ee18ebe9 code=0x7ffc0000
[  907.554234][   T30] audit: type=1326 audit(1755080818.698:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13716 comm="syz.0.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ee18ebe9 code=0x7ffc0000
[  910.684567][T13747] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1927'.
[  910.833993][T10039] Bluetooth: hci6: Frame reassembly failed (-84)
[  912.861068][T13755] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  912.875768][ T5846] Bluetooth: hci6: command 0x1003 tx timeout
[  912.882337][T13269] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  913.203493][T13755] netlink: 'syz.5.1930': attribute type 83 has an invalid length.
[  913.292718][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  913.292738][   T30] audit: type=1800 audit(1755080826.658:552): pid=13762 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1932" name="SYSV00000000" dev="hugetlbfs" ino=5 res=0 errno=0
[  914.354826][ T5899] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[  914.554933][ T5899] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  914.565939][ T5899] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  914.598736][ T5899] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  914.655485][ T5899] usb 7-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  914.665000][ T5899] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  914.673692][ T5899] usb 7-1: Product: syz
[  914.694243][ T5899] usb 7-1: Manufacturer: syz
[  914.714443][ T5899] usb 7-1: SerialNumber: syz
[  914.752101][ T5899] usb 7-1: config 0 descriptor??
[  914.987226][   T49] usb 7-1: USB disconnect, device number 33
[  915.019930][T13790] loop2: detected capacity change from 0 to 7
[  915.045501][T13790]  loop2:
[  915.048609][T13790] loop2: partition table partially beyond EOD, truncated
[  918.582797][   T30] audit: type=1326 audit(1755080831.278:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13811 comm="syz.6.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  918.671029][   T30] audit: type=1326 audit(1755080831.278:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13811 comm="syz.6.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  918.707728][   T30] audit: type=1326 audit(1755080831.278:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13811 comm="syz.6.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  918.738261][   T30] audit: type=1326 audit(1755080831.278:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13811 comm="syz.6.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  918.760487][   T30] audit: type=1326 audit(1755080831.278:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13811 comm="syz.6.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  919.054305][   T30] audit: type=1326 audit(1755080831.288:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13811 comm="syz.6.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  919.364336][   T30] audit: type=1326 audit(1755080831.288:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13811 comm="syz.6.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  919.573370][   T30] audit: type=1326 audit(1755080831.288:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13811 comm="syz.6.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  919.609491][T13830] syzkaller1: entered promiscuous mode
[  919.615123][T13830] syzkaller1: entered allmulticast mode
[  919.648148][   T30] audit: type=1326 audit(1755080831.298:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13811 comm="syz.6.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  919.672356][   T30] audit: type=1326 audit(1755080831.748:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13811 comm="syz.6.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  920.948760][T13868] Driver unsupported XDP return value 0 on prog  (id 628) dev N/A, expect packet loss!
[  922.240148][T13883] netlink: 'syz.6.1966': attribute type 5 has an invalid length.
[  922.292766][T13883] ip6erspan0: entered promiscuous mode
[  922.738698][T13896] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1968'.
[  924.458543][T13913] /dev/nullb0: Can't open blockdev
[  927.219326][ T5846] Bluetooth: hci2: command 0x0c1a tx timeout
[  928.844594][T13935] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  928.852204][T13935] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  929.018292][T13935] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  929.982626][ T5986] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[  930.186031][ T5986] usb 7-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  930.204203][ T5986] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  930.225036][ T5986] usb 7-1: config 0 descriptor??
[  930.286357][T13960] sp0: Synchronizing with TNC
[  930.908241][ T5846] Bluetooth: hci1: command 0x041b tx timeout
[  930.914853][ T5846] Bluetooth: hci5: command 0x0c1a tx timeout
[  930.931689][ T2996] Bluetooth: hci6: Frame reassembly failed (-84)
[  931.249127][T12506] Bluetooth: hci2: command 0x0c1a tx timeout
[  931.693074][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  931.704670][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  932.955129][T13269] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  932.955307][T12506] Bluetooth: hci6: command 0x1003 tx timeout
[  933.036162][ T5986] pegasus 7-1:0.0: can't reset MAC
[  933.242584][ T5986] pegasus 7-1:0.0: probe with driver pegasus failed with error -5
[  933.997244][ T5986] usb 7-1: USB disconnect, device number 34
[  934.651514][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  934.651533][   T30] audit: type=1326 audit(1755080847.468:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13977 comm="syz.7.1990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  934.867270][   T30] audit: type=1326 audit(1755080847.468:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13977 comm="syz.7.1990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  934.896293][   T30] audit: type=1326 audit(1755080847.468:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13977 comm="syz.7.1990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  934.949435][   T30] audit: type=1326 audit(1755080847.468:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13977 comm="syz.7.1990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  934.980825][   T30] audit: type=1326 audit(1755080847.468:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13977 comm="syz.7.1990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  935.002575][   T30] audit: type=1326 audit(1755080847.468:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13977 comm="syz.7.1990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  935.033420][   T30] audit: type=1326 audit(1755080847.468:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13977 comm="syz.7.1990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  935.058533][   T30] audit: type=1326 audit(1755080847.468:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13977 comm="syz.7.1990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  935.089842][T13993] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1991'.
[  935.100174][   T30] audit: type=1326 audit(1755080847.468:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13977 comm="syz.7.1990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  935.303848][   T30] audit: type=1326 audit(1755080847.938:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13977 comm="syz.7.1990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  937.117074][T13725] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[  937.382712][T14018] sp0: Synchronizing with TNC
[  937.444557][T13725] usb 7-1: Using ep0 maxpacket: 32
[  937.563385][T13725] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  937.631736][T13725] usb 7-1: config 0 has no interface number 0
[  939.065548][T14022] uprobe: syz.0.2001:14022 failed to unregister, leaking uprobe
[  939.088798][T13725] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  939.114258][T13725] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  939.153370][T13725] usb 7-1: Product: syz
[  939.187973][T13725] usb 7-1: Manufacturer: syz
[  939.204268][T13725] usb 7-1: SerialNumber: syz
[  939.228159][T13725] usb 7-1: config 0 descriptor??
[  939.258219][T13725] smsc95xx v2.0.0
[  939.507365][T13725] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[  939.517772][T13725] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71
[  939.956854][T13725] usb 7-1: USB disconnect, device number 35
[  940.869163][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  940.869181][   T30] audit: type=1326 audit(1755080853.498:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14029 comm="syz.7.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  940.918440][   T30] audit: type=1326 audit(1755080853.498:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14029 comm="syz.7.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  940.935063][T14034] loop6: detected capacity change from 0 to 2560
[  940.956667][   T30] audit: type=1326 audit(1755080853.508:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14029 comm="syz.7.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  941.075441][T14034] buffer_io_error: 510 callbacks suppressed
[  941.075459][T14034] Buffer I/O error on dev loop6, logical block 0, async page read
[  941.090990][   T30] audit: type=1326 audit(1755080853.508:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14029 comm="syz.7.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  941.136745][   T30] audit: type=1326 audit(1755080853.508:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14029 comm="syz.7.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  941.175321][T14034] Buffer I/O error on dev loop6, logical block 0, async page read
[  941.188289][T14034] Buffer I/O error on dev loop6, logical block 0, async page read
[  941.200302][   T30] audit: type=1326 audit(1755080853.508:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14029 comm="syz.7.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  941.229871][T14034] Buffer I/O error on dev loop6, logical block 0, async page read
[  941.255162][   T30] audit: type=1326 audit(1755080853.508:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14029 comm="syz.7.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  941.270786][T14034] Buffer I/O error on dev loop6, logical block 0, async page read
[  941.280584][   T30] audit: type=1326 audit(1755080853.508:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14029 comm="syz.7.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  941.308867][   T30] audit: type=1326 audit(1755080853.508:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14029 comm="syz.7.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  941.335797][T14034] Buffer I/O error on dev loop6, logical block 0, async page read
[  941.346187][T14034] Buffer I/O error on dev loop6, logical block 0, async page read
[  941.374700][   T30] audit: type=1326 audit(1755080853.978:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14029 comm="syz.7.2004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb98118ebe9 code=0x7ffc0000
[  941.408323][T14034] Buffer I/O error on dev loop6, logical block 0, async page read
[  941.831807][T14034] ldm_validate_partition_table(): Disk read failed.
[  941.842332][T14034] Buffer I/O error on dev loop6, logical block 0, async page read
[  941.904392][T14034] Buffer I/O error on dev loop6, logical block 0, async page read
[  941.955293][T14034] Dev loop6: unable to read RDB block 0
[  941.968157][T14034]  loop6: unable to read partition table
[  941.973955][T14034] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  942.434855][T13725] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[  942.704957][T13725] usb 7-1: Using ep0 maxpacket: 16
[  942.797988][T13725] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  942.911582][T13725] usb 7-1: New USB device found, idVendor=05e3, idProduct=0502, bcdDevice=9d.03
[  942.972576][T13725] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  943.021223][T13725] usb 7-1: Product: syz
[  943.052996][T13725] usb 7-1: Manufacturer: syz
[  943.091834][T13725] usb 7-1: SerialNumber: syz
[  943.199707][T13725] usb 7-1: config 0 descriptor??
[  943.298730][T13725] gl620a 7-1:0.0: probe with driver gl620a failed with error -22
[  943.567071][T13725] usb 7-1: USB disconnect, device number 36
[  944.591230][T14075] ubi31: attaching mtd0
[  944.619372][T14075] ubi31: scanning is finished
[  944.741352][T14077] sp0: Synchronizing with TNC
[  945.062224][T14075] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  945.073519][T14075] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  945.142396][T14075] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  945.154226][ T5986] usb 1-1: new full-speed USB device number 32 using dummy_hcd
[  945.198017][T14075] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  945.256797][T14075] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  945.307431][ T5986] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  945.317996][ T5986] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  945.360978][T14075] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  945.460160][ T5986] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  945.471776][ T5986] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.525088][T14075] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2397645507
[  945.593098][T14075] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  945.679374][T14079] ubi31: background thread "ubi_bgt31d" started, PID 14079
[  945.722685][ T5986] usb 1-1: usb_control_msg returned -71
[  945.742760][ T5986] usbtmc 1-1:16.0: can't read capabilities
[  945.775936][ T5986] usb 1-1: USB disconnect, device number 32
[  945.804066][T14085] program syz.5.2021 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  946.855477][T14094] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2024'.
[  947.058838][ T9452] gspca_vicam: Failed to load "vicam/firmware.fw": -110
[  947.269837][ T9452] vicam 5-1:0.47: probe with driver vicam failed with error -110
[  947.281516][ T9452] usb 5-1: USB disconnect, device number 40
[  949.502347][ T9452] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  950.412547][ T9452] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  950.460159][ T9452] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  950.469929][ T9452] usb 5-1: Product: syz
[  950.476339][ T9452] usb 5-1: Manufacturer: syz
[  950.484323][ T9452] usb 5-1: SerialNumber: syz
[  950.498092][ T9452] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  950.716272][ T5845] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  951.290732][T14117] netlink: 'syz.4.2028': attribute type 11 has an invalid length.
[  951.391762][T14143] syz.4.2028: attempt to access beyond end of device
[  951.391762][T14143] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  951.424590][T14143] (syz.4.2028,14143,0):ocfs2_get_sector:1714 ERROR: status = -5
[  951.432905][T14143] (syz.4.2028,14143,0):ocfs2_sb_probe:753 ERROR: status = -5
[  951.492246][T14143] (syz.4.2028,14143,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  951.528126][T14143] (syz.4.2028,14143,0):ocfs2_fill_super:1177 ERROR: status = -5
[  951.585441][T14147] sp0: Synchronizing with TNC
[  951.603826][ T5899] usb 5-1: USB disconnect, device number 41
[  952.029942][T14152] FAULT_INJECTION: forcing a failure.
[  952.029942][T14152] name failslab, interval 1, probability 0, space 0, times 0
[  952.043003][T14152] CPU: 0 UID: 0 PID: 14152 Comm: syz.6.2037 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  952.043029][T14152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  952.043042][T14152] Call Trace:
[  952.043050][T14152]  <TASK>
[  952.043058][T14152]  dump_stack_lvl+0x189/0x250
[  952.043087][T14152]  ? __pfx____ratelimit+0x10/0x10
[  952.043108][T14152]  ? __pfx_dump_stack_lvl+0x10/0x10
[  952.043131][T14152]  ? __pfx__printk+0x10/0x10
[  952.043163][T14152]  ? __pfx___might_resched+0x10/0x10
[  952.043183][T14152]  ? fs_reclaim_acquire+0x7d/0x100
[  952.043212][T14152]  should_fail_ex+0x414/0x560
[  952.043237][T14152]  should_failslab+0xa8/0x100
[  952.043260][T14152]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  952.043281][T14152]  ? __alloc_skb+0x112/0x2d0
[  952.043313][T14152]  __alloc_skb+0x112/0x2d0
[  952.043343][T14152]  netlink_ack+0x146/0xa50
[  952.043366][T14152]  ? __pfx___mutex_trylock_common+0x10/0x10
[  952.043396][T14152]  ? rcu_is_watching+0x15/0xb0
[  952.043429][T14152]  netlink_rcv_skb+0x28c/0x470
[  952.043457][T14152]  ? __pfx_crypto_user_rcv_msg+0x10/0x10
[  952.043489][T14152]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  952.043532][T14152]  ? netlink_deliver_tap+0x2e/0x1b0
[  952.043558][T14152]  ? netlink_deliver_tap+0x2e/0x1b0
[  952.043589][T14152]  crypto_netlink_rcv+0x2a/0x40
[  952.043609][T14152]  netlink_unicast+0x75c/0x8e0
[  952.043646][T14152]  netlink_sendmsg+0x805/0xb30
[  952.043684][T14152]  ? __pfx_netlink_sendmsg+0x10/0x10
[  952.043721][T14152]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  952.043741][T14152]  ? __pfx_netlink_sendmsg+0x10/0x10
[  952.043769][T14152]  __sock_sendmsg+0x21c/0x270
[  952.043796][T14152]  __sys_sendto+0x3bd/0x520
[  952.043826][T14152]  ? __pfx___sys_sendto+0x10/0x10
[  952.043866][T14152]  ? count_memcg_event_mm+0x21/0x260
[  952.043909][T14152]  ? exc_page_fault+0x76/0xf0
[  952.043934][T14152]  ? do_user_addr_fault+0xc8a/0x1390
[  952.043968][T14152]  __x64_sys_sendto+0xde/0x100
[  952.043999][T14152]  do_syscall_64+0xfa/0x3b0
[  952.044020][T14152]  ? lockdep_hardirqs_on+0x9c/0x150
[  952.044040][T14152]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  952.044059][T14152]  ? clear_bhb_loop+0x60/0xb0
[  952.044085][T14152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  952.044102][T14152] RIP: 0033:0x7fb83b790a7c
[  952.044120][T14152] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  952.044136][T14152] RSP: 002b:00007fb83c587ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  952.044157][T14152] RAX: ffffffffffffffda RBX: 00007fb83c587fc0 RCX: 00007fb83b790a7c
[  952.044171][T14152] RDX: 0000000000000024 RSI: 00007fb83c588010 RDI: 0000000000000005
[  952.044184][T14152] RBP: 0000000000000000 R08: 00007fb83c587f14 R09: 000000000000000c
[  952.044197][T14152] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
[  952.044208][T14152] R13: 00007fb83c587f68 R14: 00007fb83c588010 R15: 0000000000000000
[  952.044238][T14152]  </TASK>
[  952.229754][ T5845] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  952.348708][ T5845] ath9k_htc: Failed to initialize the device
[  952.366844][ T5899] usb 5-1: ath9k_htc: USB layer deinitialized
[  955.008932][T14175] /dev/nullb0: Can't open blockdev
[  955.852548][T14186] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2047'.
[  955.866627][ T5845] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  956.094346][ T5845] usb 1-1: Using ep0 maxpacket: 32
[  956.105548][ T5845] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  956.115988][ T5845] usb 1-1: config 0 has no interfaces?
[  956.239154][ T5845] usb 1-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  956.249973][ T5845] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  956.261740][ T5845] usb 1-1: config 0 descriptor??
[  956.266288][T14192] sp0: Synchronizing with TNC
[  956.477909][ T5899] usb 1-1: USB disconnect, device number 33
[  956.908303][T14194] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2051'.
[  957.496499][T14197] block device autoloading is deprecated and will be removed.
[  957.689788][T14209] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  957.783245][T14209] syzkaller0: entered promiscuous mode
[  957.857518][T14209] syzkaller0: entered allmulticast mode
[  958.669300][T14209] tipc: Resetting bearer <eth:syzkaller0>
[  960.075894][T14209] tipc: Disabling bearer <eth:syzkaller0>
[  961.493552][T14243] binder: Unknown parameter 'func'
[  963.105531][ T5845] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  963.354205][ T5845] usb 1-1: Using ep0 maxpacket: 32
[  963.366169][ T5845] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  963.392011][ T5845] usb 1-1: config 0 has no interface number 0
[  963.451949][T14269] RDS: rds_bind could not find a transport for 0:0:4::1, load rds_tcp or rds_rdma?
[  964.040190][ T5845] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  964.050746][ T5845] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  964.060012][ T5845] usb 1-1: Product: syz
[  964.064713][ T5845] usb 1-1: Manufacturer: syz
[  964.069422][ T5845] usb 1-1: SerialNumber: syz
[  964.168991][ T5845] usb 1-1: config 0 descriptor??
[  964.207104][ T5845] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  964.216193][ T5845] usb 1-1: selecting invalid altsetting 1
[  964.244517][ T5845] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  964.262313][ T5845] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  964.416118][ T5845] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  964.432827][ T5845] usb 1-1: media controller created
[  965.121235][ T5845] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  965.413279][T14278] netlink: 'syz.6.2072': attribute type 21 has an invalid length.
[  965.421269][T14278] netlink: 128 bytes leftover after parsing attributes in process `syz.6.2072'.
[  965.430605][T14278] netlink: 'syz.6.2072': attribute type 4 has an invalid length.
[  965.438702][T14278] netlink: 3 bytes leftover after parsing attributes in process `syz.6.2072'.
[  966.203252][T14263] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  966.268887][ T5845] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  966.311373][ T5845] zl10353_read_register: readreg error (reg=127, ret==-71)
[  966.350145][ T5845] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  966.960499][ T5845] usb 1-1: USB disconnect, device number 34
[  967.514368][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  969.365186][ T5899] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  969.546824][ T5899] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  969.576274][ T5899] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  969.594756][ T5899] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  969.620093][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  969.676199][T14322] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  969.695560][ T5899] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  969.993274][ T5845] usb 5-1: USB disconnect, device number 42
[  972.981738][T14350] program syz.4.2093 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  973.154687][    T9] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[  973.179362][ T5845] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  973.855049][ T5845] usb 1-1: Using ep0 maxpacket: 8
[  973.938041][ T5845] usb 1-1: config 0 has an invalid interface number: 31 but max is 0
[  973.938590][    T9] usb 7-1: unable to get BOS descriptor or descriptor too short
[  973.955931][ T5845] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  973.955959][ T5845] usb 1-1: config 0 has no interface number 0
[  973.977126][ T5845] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  973.995238][ T5845] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  974.013547][ T5845] usb 1-1: Product: syz
[  974.021824][ T5845] usb 1-1: Manufacturer: syz
[  974.027639][ T5845] usb 1-1: SerialNumber: syz
[  974.073274][ T5845] usb 1-1: config 0 descriptor??
[  974.105545][    T9] usb 7-1: config index 0 descriptor too short (expected 42267, got 27)
[  974.123209][    T9] usb 7-1: config 17 has too many interfaces: 40, using maximum allowed: 32
[  974.142241][ T5845] usb 1-1: Found UVC 0.00 device syz (046d:08c3)
[  974.154481][ T5845] usb 1-1: No valid video chain found.
[  974.208548][    T9] usb 7-1: config 17 has an invalid descriptor of length 80, skipping remainder of the config
[  974.234660][    T9] usb 7-1: config 17 has 0 interfaces, different from the descriptor's value: 40
[  974.414731][    T9] usb 7-1: New USB device found, idVendor=25ec, idProduct=5f02, bcdDevice=96.1d
[  974.423831][    T9] usb 7-1: New USB device strings: Mfr=235, Product=2, SerialNumber=3
[  975.000637][    T9] usb 7-1: Product: syz
[  975.075157][    T9] usb 7-1: Manufacturer: syz
[  975.089709][    T9] usb 7-1: SerialNumber: syz
[  975.684975][T14383] FAULT_INJECTION: forcing a failure.
[  975.684975][T14383] name failslab, interval 1, probability 0, space 0, times 0
[  975.702955][T14383] CPU: 0 UID: 0 PID: 14383 Comm: syz.4.2099 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  975.702983][T14383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  975.702995][T14383] Call Trace:
[  975.703004][T14383]  <TASK>
[  975.703012][T14383]  dump_stack_lvl+0x189/0x250
[  975.703042][T14383]  ? __pfx____ratelimit+0x10/0x10
[  975.703064][T14383]  ? __pfx_dump_stack_lvl+0x10/0x10
[  975.703086][T14383]  ? __pfx__printk+0x10/0x10
[  975.703117][T14383]  ? __pfx___might_resched+0x10/0x10
[  975.703138][T14383]  ? fs_reclaim_acquire+0x7d/0x100
[  975.703165][T14383]  should_fail_ex+0x414/0x560
[  975.703189][T14383]  should_failslab+0xa8/0x100
[  975.703211][T14383]  __kmalloc_noprof+0xcb/0x4f0
[  975.703229][T14383]  ? kfree+0x4d/0x440
[  975.703255][T14383]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  975.703286][T14383]  tomoyo_realpath_from_path+0xe3/0x5d0
[  975.703314][T14383]  ? tomoyo_domain+0xda/0x130
[  975.703347][T14383]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  975.703369][T14383]  tomoyo_path_number_perm+0x1e8/0x5a0
[  975.703395][T14383]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  975.703435][T14383]  ? __lock_acquire+0xab9/0xd20
[  975.703477][T14383]  ? __fget_files+0x2a/0x420
[  975.703504][T14383]  ? __fget_files+0x2a/0x420
[  975.703525][T14383]  ? __fget_files+0x3a0/0x420
[  975.703546][T14383]  ? __fget_files+0x2a/0x420
[  975.703574][T14383]  security_file_ioctl+0xcb/0x2d0
[  975.703600][T14383]  __se_sys_ioctl+0x47/0x170
[  975.703633][T14383]  do_syscall_64+0xfa/0x3b0
[  975.703657][T14383]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  975.703682][T14383]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  975.703702][T14383]  ? clear_bhb_loop+0x60/0xb0
[  975.703727][T14383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  975.703746][T14383] RIP: 0033:0x7fe4eab8ebe9
[  975.703764][T14383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  975.703782][T14383] RSP: 002b:00007fe4eb938038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  975.703802][T14383] RAX: ffffffffffffffda RBX: 00007fe4eadb5fa0 RCX: 00007fe4eab8ebe9
[  975.703817][T14383] RDX: 0000200000000000 RSI: 000000008028640c RDI: 0000000000000003
[  975.703831][T14383] RBP: 00007fe4eb938090 R08: 0000000000000000 R09: 0000000000000000
[  975.703844][T14383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  975.703856][T14383] R13: 00007fe4eadb6038 R14: 00007fe4eadb5fa0 R15: 00007ffc7b5c3d78
[  975.703888][T14383]  </TASK>
[  975.703920][T14383] ERROR: Out of memory at tomoyo_realpath_from_path.
[  975.742122][ T5845] usb 1-1: USB disconnect, device number 35
[  976.553779][ T2966] Bluetooth: hci6: Frame reassembly failed (-84)
[  978.497907][T13269] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  978.820661][T14395] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2101'.
[  981.743817][ T1209] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  983.280025][T14403] Falling back ldisc for ptm0.
[  985.103303][T14095] usb 7-1: USB disconnect, device number 37
[  985.351354][T14422] syz_tun: entered allmulticast mode
[  985.996029][T14429] ip6erspan0: entered promiscuous mode
[  986.030847][T14429] tipc: Cannot configure node identity twice
[  986.827500][T14434] input: syz1 as /devices/virtual/input/input17
[  986.950283][T14445] FAULT_INJECTION: forcing a failure.
[  986.950283][T14445] name failslab, interval 1, probability 0, space 0, times 0
[  986.972130][T14445] CPU: 0 UID: 0 PID: 14445 Comm: syz.4.2116 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  986.972158][T14445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  986.972169][T14445] Call Trace:
[  986.972177][T14445]  <TASK>
[  986.972185][T14445]  dump_stack_lvl+0x189/0x250
[  986.972211][T14445]  ? __pfx____ratelimit+0x10/0x10
[  986.972232][T14445]  ? __pfx_dump_stack_lvl+0x10/0x10
[  986.972253][T14445]  ? __pfx__printk+0x10/0x10
[  986.972284][T14445]  ? __pfx___might_resched+0x10/0x10
[  986.972304][T14445]  ? fs_reclaim_acquire+0x7d/0x100
[  986.972332][T14445]  should_fail_ex+0x414/0x560
[  986.972358][T14445]  should_failslab+0xa8/0x100
[  986.972380][T14445]  __kmalloc_noprof+0xcb/0x4f0
[  986.972398][T14445]  ? snd_pcm_hw_refine+0x967/0x1640
[  986.972432][T14445]  snd_pcm_hw_refine+0x967/0x1640
[  986.972484][T14445]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  986.972549][T14445]  ? __kasan_kmalloc+0x93/0xb0
[  986.972583][T14445]  snd_pcm_oss_change_params_locked+0xd22/0x3e40
[  986.972633][T14445]  ? trace_contention_end+0x39/0x120
[  986.972674][T14445]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  986.972695][T14445]  ? snd_pcm_oss_read+0x1f9/0x8d0
[  986.972738][T14445]  ? __switch_to+0xd74/0x1600
[  986.972770][T14445]  ? __asan_memset+0x22/0x50
[  986.972798][T14445]  snd_pcm_oss_read+0x26a/0x8d0
[  986.972836][T14445]  vfs_readv+0x5aa/0x850
[  986.972860][T14445]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  986.972884][T14445]  ? __pfx_vfs_readv+0x10/0x10
[  986.972924][T14445]  ? __fget_files+0x2a/0x420
[  986.972950][T14445]  ? __fget_files+0x3a0/0x420
[  986.972970][T14445]  ? __fget_files+0x2a/0x420
[  986.973001][T14445]  do_readv+0x14d/0x2d0
[  986.973027][T14445]  ? __pfx_do_readv+0x10/0x10
[  986.973056][T14445]  ? do_syscall_64+0xbe/0x3b0
[  986.973082][T14445]  do_syscall_64+0xfa/0x3b0
[  986.973108][T14445]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  986.973127][T14445]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  986.973146][T14445]  ? clear_bhb_loop+0x60/0xb0
[  986.973170][T14445]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  986.973188][T14445] RIP: 0033:0x7fe4eab8ebe9
[  986.973206][T14445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  986.973224][T14445] RSP: 002b:00007fe4eb938038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  986.973244][T14445] RAX: ffffffffffffffda RBX: 00007fe4eadb5fa0 RCX: 00007fe4eab8ebe9
[  986.973264][T14445] RDX: 0000000000000001 RSI: 00002000000002c0 RDI: 0000000000000003
[  986.973276][T14445] RBP: 00007fe4eb938090 R08: 0000000000000000 R09: 0000000000000000
[  986.973288][T14445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  986.973300][T14445] R13: 00007fe4eadb6038 R14: 00007fe4eadb5fa0 R15: 00007ffc7b5c3d78
[  986.973333][T14445]  </TASK>
[  987.516387][T14450] hub 9-0:1.0: USB hub found
[  987.524743][T14450] hub 9-0:1.0: 1 port detected
[  988.164214][T14095] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  988.338787][T14095] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  988.360040][T14095] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  988.382058][T14095] usb 5-1: Product: syz
[  988.390558][T14095] usb 5-1: Manufacturer: syz
[  988.398713][T14095] usb 5-1: SerialNumber: syz
[  988.415477][T14095] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  988.469525][ T5845] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  988.509514][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  988.509529][   T30] audit: type=1326 audit(1755080901.898:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14462 comm="syz.6.2122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  988.576650][   T30] audit: type=1326 audit(1755080901.898:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14462 comm="syz.6.2122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  988.631726][   T30] audit: type=1326 audit(1755080901.928:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14462 comm="syz.6.2122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  988.678228][T14470] pimreg: entered allmulticast mode
[  988.683642][T14469] FAULT_INJECTION: forcing a failure.
[  988.683642][T14469] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  988.707658][T14469] CPU: 0 UID: 0 PID: 14469 Comm: syz.0.2124 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  988.707688][T14469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  988.707701][T14469] Call Trace:
[  988.707709][T14469]  <TASK>
[  988.707717][T14469]  dump_stack_lvl+0x189/0x250
[  988.707846][T14469]  ? __pfx____ratelimit+0x10/0x10
[  988.707867][T14469]  ? __pfx_dump_stack_lvl+0x10/0x10
[  988.707889][T14469]  ? __pfx__printk+0x10/0x10
[  988.707915][T14469]  ? fs_reclaim_acquire+0x7d/0x100
[  988.707948][T14469]  should_fail_ex+0x414/0x560
[  988.707974][T14469]  prepare_alloc_pages+0x213/0x610
[  988.708006][T14469]  __alloc_frozen_pages_noprof+0x123/0x370
[  988.708036][T14469]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  988.708071][T14469]  ? policy_nodemask+0x27c/0x720
[  988.708089][T14469]  ? __lock_acquire+0xab9/0xd20
[  988.708114][T14469]  alloc_pages_mpol+0x232/0x4a0
[  988.708140][T14469]  vma_alloc_folio_noprof+0xe4/0x200
[  988.708166][T14469]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  988.708201][T14469]  folio_prealloc+0x30/0x180
[  988.708226][T14469]  __handle_mm_fault+0x2c88/0x5620
[  988.708282][T14469]  ? __pfx___handle_mm_fault+0x10/0x10
[  988.708331][T14469]  ? find_vma+0xe7/0x160
[  988.708350][T14469]  ? __pfx_find_vma+0x10/0x10
[  988.708378][T14469]  handle_mm_fault+0x2d5/0x7f0
[  988.708424][T14469]  do_user_addr_fault+0x764/0x1390
[  988.708474][T14469]  exc_page_fault+0x76/0xf0
[  988.708500][T14469]  asm_exc_page_fault+0x26/0x30
[  988.708519][T14469] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  988.708558][T14469] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  988.708576][T14469] RSP: 0018:ffffc9000471fae8 EFLAGS: 00050246
[  988.708597][T14469] RAX: ffffffff84b95b01 RBX: 0000000000000040 RCX: 0000000000000040
[  988.708612][T14469] RDX: 0000000000000000 RSI: ffffc9000471fb80 RDI: 0000200000033a80
[  988.708627][T14469] RBP: ffffc9000471fc30 R08: ffffc9000471fbbf R09: 1ffff920008e3f77
[  988.708641][T14469] R10: dffffc0000000000 R11: fffff520008e3f78 R12: 0000200000033ac0
[  988.708666][T14469] R13: 00007ffffffff000 R14: ffffc9000471fb80 R15: 0000200000033a80
[  988.708690][T14469]  ? _copy_from_user+0x71/0xb0
[  988.708730][T14469]  _copy_to_user+0x8a/0xb0
[  988.708767][T14469]  ? __pfx_virtio_read+0x10/0x10
[  988.708786][T14469]  rng_dev_read+0x3f2/0x770
[  988.708822][T14469]  ? __pfx_rng_dev_read+0x10/0x10
[  988.708856][T14469]  ? bpf_lsm_file_permission+0x9/0x20
[  988.708878][T14469]  ? security_file_permission+0x75/0x290
[  988.708905][T14469]  ? rw_verify_area+0x258/0x650
[  988.708940][T14469]  vfs_readv+0x5aa/0x850
[  988.708964][T14469]  ? __pfx_rng_dev_read+0x10/0x10
[  988.708995][T14469]  ? __pfx_vfs_readv+0x10/0x10
[  988.709038][T14469]  ? __fget_files+0x2a/0x420
[  988.709067][T14469]  ? __fget_files+0x3a0/0x420
[  988.709090][T14469]  ? __fget_files+0x2a/0x420
[  988.709123][T14469]  __x64_sys_preadv+0x197/0x2a0
[  988.709147][T14469]  ? __pfx___x64_sys_preadv+0x10/0x10
[  988.709166][T14469]  ? rcu_is_watching+0x15/0xb0
[  988.709194][T14469]  ? do_syscall_64+0xbe/0x3b0
[  988.709225][T14469]  do_syscall_64+0xfa/0x3b0
[  988.709246][T14469]  ? lockdep_hardirqs_on+0x9c/0x150
[  988.709267][T14469]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  988.709287][T14469]  ? clear_bhb_loop+0x60/0xb0
[  988.709310][T14469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  988.709330][T14469] RIP: 0033:0x7f31ee18ebe9
[  988.709348][T14469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  988.709365][T14469] RSP: 002b:00007f31eef3d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  988.709387][T14469] RAX: ffffffffffffffda RBX: 00007f31ee3b5fa0 RCX: 00007f31ee18ebe9
[  988.709402][T14469] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004
[  988.709416][T14469] RBP: 00007f31eef3d090 R08: 0000000000000000 R09: 0000000000000000
[  988.709428][T14469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  988.709440][T14469] R13: 00007f31ee3b6038 R14: 00007f31ee3b5fa0 R15: 00007ffde105fd88
[  988.709472][T14469]  </TASK>
[  988.709907][   T30] audit: type=1326 audit(1755080901.928:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14462 comm="syz.6.2122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  988.941198][T14095] usb 5-1: USB disconnect, device number 43
[  989.131944][   T30] audit: type=1326 audit(1755080901.928:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14462 comm="syz.6.2122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  989.185914][   T30] audit: type=1326 audit(1755080901.928:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14462 comm="syz.6.2122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  989.525497][   T30] audit: type=1326 audit(1755080901.928:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14462 comm="syz.6.2122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  989.534678][ T5845] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  989.560476][    T9] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[  989.644987][   T30] audit: type=1326 audit(1755080901.928:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14462 comm="syz.6.2122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  989.708199][ T5845] ath9k_htc: Failed to initialize the device
[  989.725935][T14095] usb 5-1: ath9k_htc: USB layer deinitialized
[  989.741217][   T30] audit: type=1326 audit(1755080901.928:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14462 comm="syz.6.2122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  989.830131][    T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  989.842308][   T30] audit: type=1326 audit(1755080901.938:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14462 comm="syz.6.2122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83b78ebe9 code=0x7ffc0000
[  989.842902][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  990.843446][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  990.877647][    T9] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  990.889741][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  990.898377][    T9] usb 7-1: Product: syz
[  990.902600][    T9] usb 7-1: Manufacturer: syz
[  990.907318][    T9] usb 7-1: SerialNumber: syz
[  991.159167][    T9] usb 7-1: config 0 descriptor??
[  991.672752][    T9] usb 7-1: USB disconnect, device number 38
[  991.804634][T14498] overlayfs: missing 'lowerdir'
[  991.902118][T14501] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2132'.
[  993.952897][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  993.962627][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  994.040988][T14514] FAULT_INJECTION: forcing a failure.
[  994.040988][T14514] name failslab, interval 1, probability 0, space 0, times 0
[  994.054461][T14514] CPU: 1 UID: 0 PID: 14514 Comm: syz.5.2138 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  994.054487][T14514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  994.054499][T14514] Call Trace:
[  994.054507][T14514]  <TASK>
[  994.054516][T14514]  dump_stack_lvl+0x189/0x250
[  994.054543][T14514]  ? __pfx____ratelimit+0x10/0x10
[  994.054564][T14514]  ? __pfx_dump_stack_lvl+0x10/0x10
[  994.054583][T14514]  ? __pfx__printk+0x10/0x10
[  994.054612][T14514]  ? __lock_acquire+0xab9/0xd20
[  994.054640][T14514]  should_fail_ex+0x414/0x560
[  994.054666][T14514]  should_failslab+0xa8/0x100
[  994.054689][T14514]  __kmalloc_cache_noprof+0x70/0x3d0
[  994.054709][T14514]  ? nfulnl_recv_config+0xb62/0x1290
[  994.054738][T14514]  nfulnl_recv_config+0xb62/0x1290
[  994.054776][T14514]  nfnetlink_rcv_msg+0xb4d/0x1130
[  994.054796][T14514]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  994.054831][T14514]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  994.054849][T14514]  ? kasan_save_free_info+0x46/0x50
[  994.054917][T14514]  netlink_rcv_skb+0x205/0x470
[  994.054942][T14514]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  994.054966][T14514]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  994.055005][T14514]  ? bpf_lsm_capable+0x9/0x20
[  994.055028][T14514]  ? security_capable+0x7e/0x2e0
[  994.055060][T14514]  nfnetlink_rcv+0x26a/0x2520
[  994.055085][T14514]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  994.055111][T14514]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  994.055134][T14514]  ? __dev_queue_xmit+0x27e/0x3a70
[  994.055154][T14514]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  994.055183][T14514]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  994.055204][T14514]  ? __pfx___dev_queue_xmit+0x10/0x10
[  994.055241][T14514]  ? ref_tracker_free+0x63a/0x7d0
[  994.055260][T14514]  ? __copy_skb_header+0xa7/0x550
[  994.055278][T14514]  ? __pfx_ref_tracker_free+0x10/0x10
[  994.055295][T14514]  ? __skb_clone+0x63/0x7a0
[  994.055313][T14514]  ? __skb_clone+0x483/0x7a0
[  994.055336][T14514]  ? skb_clone+0x246/0x3a0
[  994.055356][T14514]  ? __netlink_deliver_tap+0x807/0x850
[  994.055380][T14514]  ? netlink_deliver_tap+0x2e/0x1b0
[  994.055421][T14514]  ? netlink_deliver_tap+0x2e/0x1b0
[  994.055446][T14514]  ? netlink_deliver_tap+0x2e/0x1b0
[  994.055476][T14514]  netlink_unicast+0x75c/0x8e0
[  994.055513][T14514]  netlink_sendmsg+0x805/0xb30
[  994.055550][T14514]  ? __pfx_netlink_sendmsg+0x10/0x10
[  994.055584][T14514]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  994.055600][T14514]  ? __pfx_netlink_sendmsg+0x10/0x10
[  994.055626][T14514]  __sock_sendmsg+0x21c/0x270
[  994.055652][T14514]  ____sys_sendmsg+0x505/0x830
[  994.055689][T14514]  ? __pfx_____sys_sendmsg+0x10/0x10
[  994.055727][T14514]  ? import_iovec+0x74/0xa0
[  994.055757][T14514]  ___sys_sendmsg+0x21f/0x2a0
[  994.055786][T14514]  ? __pfx____sys_sendmsg+0x10/0x10
[  994.055848][T14514]  ? __fget_files+0x2a/0x420
[  994.055868][T14514]  ? __fget_files+0x3a0/0x420
[  994.055900][T14514]  __x64_sys_sendmsg+0x19b/0x260
[  994.055929][T14514]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  994.055969][T14514]  ? __pfx_ksys_write+0x10/0x10
[  994.055986][T14514]  ? rcu_is_watching+0x15/0xb0
[  994.056013][T14514]  ? do_syscall_64+0xbe/0x3b0
[  994.056039][T14514]  do_syscall_64+0xfa/0x3b0
[  994.056059][T14514]  ? lockdep_hardirqs_on+0x9c/0x150
[  994.056080][T14514]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  994.056099][T14514]  ? clear_bhb_loop+0x60/0xb0
[  994.056124][T14514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  994.056143][T14514] RIP: 0033:0x7f0a78b8ebe9
[  994.056160][T14514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  994.056177][T14514] RSP: 002b:00007f0a79a30038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  994.056199][T14514] RAX: ffffffffffffffda RBX: 00007f0a78db5fa0 RCX: 00007f0a78b8ebe9
[  994.056212][T14514] RDX: 0000000000000008 RSI: 0000200000000140 RDI: 0000000000000003
[  994.056224][T14514] RBP: 00007f0a79a30090 R08: 0000000000000000 R09: 0000000000000000
[  994.056236][T14514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  994.056247][T14514] R13: 00007f0a78db6038 R14: 00007f0a78db5fa0 R15: 00007ffec0357338
[  994.056276][T14514]  </TASK>
[  995.994245][T12506] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  997.967205][T14527] overlayfs: failed to resolve './file0': -2
[ 1000.063726][T14543] netlink: 'syz.4.2145': attribute type 7 has an invalid length.
[ 1000.081165][T14543] netlink: 'syz.4.2145': attribute type 3 has an invalid length.
[ 1000.117531][T14543] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2145'.
[ 1000.187665][T14547] netlink: 'syz.4.2145': attribute type 4 has an invalid length.
[ 1000.276775][T14547] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2145'.
[ 1001.624412][T14569] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2153'.
[ 1002.327185][T14095] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1002.936870][T14095] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1002.989392][T14095] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1003.421589][T14095] usb 5-1: Product: syz
[ 1003.427950][T14095] usb 5-1: Manufacturer: syz
[ 1003.432962][T14095] usb 5-1: SerialNumber: syz
[ 1003.462256][T14095] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1003.504380][ T5845] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1004.474773][ T9452] usb 5-1: USB disconnect, device number 44
[ 1004.582211][ T5845] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[ 1004.594518][ T5845] ath9k_htc: Failed to initialize the device
[ 1004.601707][ T9452] usb 5-1: ath9k_htc: USB layer deinitialized
[ 1006.374982][T13725] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[ 1006.564183][T13725] usb 7-1: Using ep0 maxpacket: 8
[ 1006.583014][T13725] usb 7-1: config 0 has an invalid interface number: 143 but max is 0
[ 1006.598565][T13725] usb 7-1: config 0 has no interface number 0
[ 1006.640359][T13725] usb 7-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[ 1006.660675][T13725] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1006.806005][T13725] usb 7-1: config 0 descriptor??
[ 1006.977077][T13725] viperboard 7-1:0.143: version 0.00 found at bus 007 address 039
[ 1007.551363][T14607] loop9: detected capacity change from 0 to 7
[ 1007.603920][T14612] syz.4.2167: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1007.620449][T14612] CPU: 0 UID: 0 PID: 14612 Comm: syz.4.2167 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1007.620474][T14612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1007.620486][T14612] Call Trace:
[ 1007.620494][T14612]  <TASK>
[ 1007.620504][T14612]  dump_stack_lvl+0x189/0x250
[ 1007.620532][T14612]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1007.620553][T14612]  ? __pfx__printk+0x10/0x10
[ 1007.620579][T14612]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1007.620604][T14612]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1007.620630][T14612]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1007.620657][T14612]  warn_alloc+0x214/0x310
[ 1007.620681][T14612]  ? stack_depot_save_flags+0x40/0x900
[ 1007.620706][T14612]  ? __pfx_warn_alloc+0x10/0x10
[ 1007.620730][T14612]  ? kasan_save_track+0x4f/0x80
[ 1007.620757][T14612]  ? xskq_create+0x56/0x170
[ 1007.620775][T14612]  ? xsk_init_queue+0xb0/0x110
[ 1007.620791][T14612]  ? xsk_setsockopt+0x43f/0x710
[ 1007.620820][T14612]  ? do_sock_setsockopt+0x179/0x1b0
[ 1007.620847][T14612]  ? __x64_sys_setsockopt+0x13f/0x1b0
[ 1007.620874][T14612]  ? do_syscall_64+0xfa/0x3b0
[ 1007.620895][T14612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.620923][T14612]  __vmalloc_node_range_noprof+0x125/0x12f0
[ 1007.620980][T14612]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1007.621010][T14612]  ? __kasan_kmalloc+0x93/0xb0
[ 1007.621034][T14612]  vmalloc_user_noprof+0xad/0xf0
[ 1007.621067][T14612]  ? xskq_create+0xbf/0x170
[ 1007.621089][T14612]  xskq_create+0xbf/0x170
[ 1007.621113][T14612]  xsk_init_queue+0xb0/0x110
[ 1007.621136][T14612]  xsk_setsockopt+0x43f/0x710
[ 1007.621171][T14612]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1007.621205][T14612]  ? __fget_files+0x2a/0x420
[ 1007.621232][T14612]  ? __fget_files+0x2a/0x420
[ 1007.621253][T14612]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1007.621273][T14612]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1007.621306][T14612]  do_sock_setsockopt+0x179/0x1b0
[ 1007.621339][T14612]  __x64_sys_setsockopt+0x13f/0x1b0
[ 1007.621374][T14612]  do_syscall_64+0xfa/0x3b0
[ 1007.621395][T14612]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1007.621416][T14612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.621436][T14612]  ? clear_bhb_loop+0x60/0xb0
[ 1007.621462][T14612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.621482][T14612] RIP: 0033:0x7fe4eab8ebe9
[ 1007.621503][T14612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1007.621520][T14612] RSP: 002b:00007fe4eb917038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1007.621542][T14612] RAX: ffffffffffffffda RBX: 00007fe4eadb6090 RCX: 00007fe4eab8ebe9
[ 1007.621557][T14612] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000a
[ 1007.621571][T14612] RBP: 00007fe4eac11e19 R08: 0000000000000052 R09: 0000000000000000
[ 1007.621584][T14612] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1007.621598][T14612] R13: 00007fe4eadb6128 R14: 00007fe4eadb6090 R15: 00007ffc7b5c3d78
[ 1007.621632][T14612]  </TASK>
[ 1007.621649][T14612] Mem-Info:
[ 1007.930804][T14612] active_anon:4478 inactive_anon:8641 isolated_anon:0
[ 1007.930804][T14612]  active_file:16949 inactive_file:40350 isolated_file:0
[ 1007.930804][T14612]  unevictable:768 dirty:330 writeback:0
[ 1007.930804][T14612]  slab_reclaimable:10950 slab_unreclaimable:105772
[ 1007.930804][T14612]  mapped:41611 shmem:8455 pagetables:1189
[ 1007.930804][T14612]  sec_pagetables:0 bounce:0
[ 1007.930804][T14612]  kernel_misc_reclaimable:0
[ 1007.930804][T14612]  free:1275542 free_pcp:14309 free_cma:0
[ 1007.977331][T14612] Node 0 active_anon:17912kB inactive_anon:34564kB active_file:67288kB inactive_file:161400kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:166140kB dirty:1320kB writeback:0kB shmem:32284kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12008kB pagetables:4568kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1008.011594][T14612] Node 1 active_anon:0kB inactive_anon:0kB active_file:508kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:304kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:188kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1008.043583][T14612] Node 0 DMA free:15328kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:0kB free_cma:0kB
[ 1008.073183][T14612] lowmem_reserve[]: 0 2500 2502 2502 2502
[ 1008.079250][T14612] Node 0 DMA32 free:1190484kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:17908kB inactive_anon:34520kB active_file:65520kB inactive_file:161340kB unevictable:1536kB writepending:1376kB present:3129332kB managed:2560996kB mlocked:0kB bounce:0kB free_pcp:35684kB local_pcp:17236kB free_cma:0kB
[ 1008.112269][T14612] lowmem_reserve[]: 0 0 1 1 1
[ 1008.117310][T14612] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1768kB inactive_file:60kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 1008.146636][T14612] lowmem_reserve[]: 0 0 0 0 0
[ 1008.151333][T14612] Node 1 Normal free:3896484kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:508kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21260kB local_pcp:21004kB free_cma:0kB
[ 1008.183331][T14612] lowmem_reserve[]: 0 0 0 0 0
[ 1008.188339][T14612] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15328kB
[ 1008.202716][T14612] Node 0 DMA32: 1*4kB (M) 0*8kB 523*16kB (UME) 459*32kB (UME) 451*64kB (UME) 117*128kB (UM) 135*256kB (UM) 31*512kB (UME) 72*1024kB (UME) 8*2048kB (UME) 240*4096kB (UM) = 1190484kB
[ 1008.220944][T14612] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 1008.233655][T14612] Node 1 Normal: 80*4kB (UE) 5*8kB (UME) 9*16kB (UME) 173*32kB (UME) 101*64kB (UME) 22*128kB (UME) 9*256kB (UME) 6*512kB (UM) 7*1024kB (UME) 7*2048kB (UME) 941*4096kB (UM) = 3896536kB
[ 1008.252211][T14612] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1008.262109][T14612] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB
[ 1008.272349][T14612] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1008.282086][T14612] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1008.291418][T14612] 65751 total pagecache pages
[ 1008.296130][T14612] 0 pages in swap cache
[ 1008.300265][T14612] Free swap  = 124996kB
[ 1008.304750][T14612] Total swap = 124996kB
[ 1008.308996][T14612] 2097051 pages RAM
[ 1008.312798][T14612] 0 pages HighMem/MovableOnly
[ 1008.317905][T14612] 424695 pages reserved
[ 1008.322087][T14612] 0 pages cma reserved
[ 1008.356681][T14607] buffer_io_error: 6 callbacks suppressed
[ 1008.356699][T14607] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1008.416686][T13725] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[ 1008.432191][T14607] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1008.486589][T13725] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[ 1008.594666][T14607] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1008.728801][T14607] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1008.824712][T14607] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1008.928502][ T6095] 
[ 1008.930932][ T6095] =========================
[ 1008.935449][ T6095] WARNING: held lock freed!
[ 1008.939978][ T6095] 6.16.0-syzkaller #0 Not tainted
[ 1008.945014][ T6095] -------------------------
[ 1008.949516][ T6095] syz.0.33/6095 is freeing memory ffff888057e1b000-ffff888057e1b7ff, with a lock still held there!
[ 1008.960204][ T6095] ffff888057e1b258 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: bt_accept_dequeue+0xfc/0x590
[ 1008.971219][ T6095] 2 locks held by syz.0.33/6095:
[ 1008.976167][ T6095]  #0: ffff888075f56808 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[ 1008.986400][ T6095]  #1: ffff888057e1b258 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: bt_accept_dequeue+0xfc/0x590
[ 1008.997849][ T6095] 
[ 1008.997849][ T6095] stack backtrace:
[ 1009.003758][ T6095] CPU: 0 UID: 0 PID: 6095 Comm: syz.0.33 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1009.003785][ T6095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1009.003798][ T6095] Call Trace:
[ 1009.003806][ T6095]  <TASK>
[ 1009.003815][ T6095]  dump_stack_lvl+0x189/0x250
[ 1009.003842][ T6095]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1009.003863][ T6095]  ? __pfx__printk+0x10/0x10
[ 1009.003892][ T6095]  debug_check_no_locks_freed+0x18b/0x1c0
[ 1009.003914][ T6095]  ? __sk_destruct+0x4e1/0x660
[ 1009.003942][ T6095]  kfree+0xfd/0x440
[ 1009.003973][ T6095]  __sk_destruct+0x4e1/0x660
[ 1009.004003][ T6095]  bt_accept_dequeue+0x3ce/0x590
[ 1009.004035][ T6095]  l2cap_sock_cleanup_listen+0x2f/0x3e0
[ 1009.004059][ T6095]  l2cap_sock_release+0x5d/0x1d0
[ 1009.004085][ T6095]  sock_close+0xc3/0x240
[ 1009.004106][ T6095]  ? __pfx_sock_close+0x10/0x10
[ 1009.004126][ T6095]  __fput+0x449/0xa70
[ 1009.004155][ T6095]  task_work_run+0x1d1/0x260
[ 1009.004182][ T6095]  ? __pfx_task_work_run+0x10/0x10
[ 1009.004208][ T6095]  ? kmem_cache_free+0x18f/0x400
[ 1009.004229][ T6095]  do_exit+0x6b5/0x22e0
[ 1009.004256][ T6095]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1009.004279][ T6095]  ? do_raw_spin_lock+0x121/0x290
[ 1009.004304][ T6095]  ? __pfx_do_exit+0x10/0x10
[ 1009.004334][ T6095]  do_group_exit+0x21c/0x2d0
[ 1009.004360][ T6095]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.004382][ T6095]  get_signal+0x125e/0x1310
[ 1009.004411][ T6095]  arch_do_signal_or_restart+0x9a/0x750
[ 1009.004439][ T6095]  ? __pfx_get_timespec64+0x10/0x10
[ 1009.004469][ T6095]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1009.004504][ T6095]  ? exit_to_user_mode_loop+0x40/0x110
[ 1009.004525][ T6095]  exit_to_user_mode_loop+0x75/0x110
[ 1009.004544][ T6095]  do_syscall_64+0x2bd/0x3b0
[ 1009.004565][ T6095]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.004585][ T6095]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.004605][ T6095]  ? clear_bhb_loop+0x60/0xb0
[ 1009.004627][ T6095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.004646][ T6095] RIP: 0033:0x7f31ee1c14a5
[ 1009.004662][ T6095] Code: Unable to access opcode bytes at 0x7f31ee1c147b.
[ 1009.004674][ T6095] RSP: 002b:00007f31eef3cf80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[ 1009.004694][ T6095] RAX: fffffffffffffdfc RBX: 00007f31ee3b5fa0 RCX: 00007f31ee1c14a5
[ 1009.004709][ T6095] RDX: 00007f31eef3cfc0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1009.004723][ T6095] RBP: 00007f31ee211e19 R08: 0000000000000000 R09: 0000000000000000
[ 1009.004735][ T6095] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1009.004748][ T6095] R13: 00007f31ee3b6038 R14: 00007f31ee3b5fa0 R15: 00007ffde105fd88
[ 1009.004770][ T6095]  </TASK>
[ 1009.034639][T14607] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1009.056208][T14621] FAULT_INJECTION: forcing a failure.
[ 1009.056208][T14621] name failslab, interval 1, probability 0, space 0, times 0
[ 1009.121725][ T6095] ==================================================================
[ 1009.291073][ T6095] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23d/0x290
[ 1009.298889][ T6095] Read of size 4 at addr ffff888057e1b1c4 by task syz.0.33/6095
[ 1009.306517][ T6095] 
[ 1009.308838][ T6095] CPU: 1 UID: 0 PID: 6095 Comm: syz.0.33 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1009.308859][ T6095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1009.308870][ T6095] Call Trace:
[ 1009.308879][ T6095]  <TASK>
[ 1009.308888][ T6095]  dump_stack_lvl+0x189/0x250
[ 1009.308911][ T6095]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1009.308929][ T6095]  ? lock_release+0x4b/0x3e0
[ 1009.308947][ T6095]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1009.308974][ T6095]  print_report+0xca/0x240
[ 1009.308997][ T6095]  ? do_raw_spin_lock+0x23d/0x290
[ 1009.309018][ T6095]  kasan_report+0x118/0x150
[ 1009.309036][ T6095]  ? do_raw_spin_lock+0x23d/0x290
[ 1009.309060][ T6095]  do_raw_spin_lock+0x23d/0x290
[ 1009.309081][ T6095]  ? lock_acquire+0x5f/0x360
[ 1009.309096][ T6095]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1009.309117][ T6095]  ? __sk_destruct+0x4e1/0x660
[ 1009.309142][ T6095]  ? release_sock+0x2f/0x1f0
[ 1009.309163][ T6095]  release_sock+0x2f/0x1f0
[ 1009.309184][ T6095]  bt_accept_dequeue+0x512/0x590
[ 1009.309213][ T6095]  l2cap_sock_cleanup_listen+0x2f/0x3e0
[ 1009.309240][ T6095]  l2cap_sock_release+0x5d/0x1d0
[ 1009.309264][ T6095]  sock_close+0xc3/0x240
[ 1009.309283][ T6095]  ? __pfx_sock_close+0x10/0x10
[ 1009.309300][ T6095]  __fput+0x449/0xa70
[ 1009.309325][ T6095]  task_work_run+0x1d1/0x260
[ 1009.309349][ T6095]  ? __pfx_task_work_run+0x10/0x10
[ 1009.309372][ T6095]  ? kmem_cache_free+0x18f/0x400
[ 1009.309391][ T6095]  do_exit+0x6b5/0x22e0
[ 1009.309416][ T6095]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1009.309436][ T6095]  ? do_raw_spin_lock+0x121/0x290
[ 1009.309458][ T6095]  ? __pfx_do_exit+0x10/0x10
[ 1009.309485][ T6095]  do_group_exit+0x21c/0x2d0
[ 1009.309507][ T6095]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.309525][ T6095]  get_signal+0x125e/0x1310
[ 1009.309550][ T6095]  arch_do_signal_or_restart+0x9a/0x750
[ 1009.309575][ T6095]  ? __pfx_get_timespec64+0x10/0x10
[ 1009.309601][ T6095]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1009.309630][ T6095]  ? exit_to_user_mode_loop+0x40/0x110
[ 1009.309648][ T6095]  exit_to_user_mode_loop+0x75/0x110
[ 1009.309663][ T6095]  do_syscall_64+0x2bd/0x3b0
[ 1009.309682][ T6095]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.309698][ T6095]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.309715][ T6095]  ? clear_bhb_loop+0x60/0xb0
[ 1009.309733][ T6095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.309749][ T6095] RIP: 0033:0x7f31ee1c14a5
[ 1009.309763][ T6095] Code: Unable to access opcode bytes at 0x7f31ee1c147b.
[ 1009.309772][ T6095] RSP: 002b:00007f31eef3cf80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[ 1009.309791][ T6095] RAX: fffffffffffffdfc RBX: 00007f31ee3b5fa0 RCX: 00007f31ee1c14a5
[ 1009.309805][ T6095] RDX: 00007f31eef3cfc0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1009.309816][ T6095] RBP: 00007f31ee211e19 R08: 0000000000000000 R09: 0000000000000000
[ 1009.309827][ T6095] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1009.309838][ T6095] R13: 00007f31ee3b6038 R14: 00007f31ee3b5fa0 R15: 00007ffde105fd88
[ 1009.309857][ T6095]  </TASK>
[ 1009.309864][ T6095] 
[ 1009.598476][ T6095] Allocated by task 5840:
[ 1009.602799][ T6095]  kasan_save_track+0x3e/0x80
[ 1009.607487][ T6095]  __kasan_kmalloc+0x93/0xb0
[ 1009.612084][ T6095]  __kmalloc_noprof+0x27a/0x4f0
[ 1009.616931][ T6095]  sk_prot_alloc+0xe7/0x220
[ 1009.621434][ T6095]  sk_alloc+0x3a/0x370
[ 1009.625502][ T6095]  bt_sock_alloc+0x3b/0x310
[ 1009.630004][ T6095]  l2cap_sock_new_connection_cb+0xe2/0x2b0
[ 1009.635814][ T6095]  l2cap_connect_cfm+0x377/0x1040
[ 1009.640836][ T6095]  hci_remote_features_evt+0x584/0x8e0
[ 1009.646286][ T6095]  hci_event_packet+0x7e0/0x1200
[ 1009.651221][ T6095]  hci_rx_work+0x46a/0xe80
[ 1009.655831][ T6095]  process_scheduled_works+0xade/0x17b0
[ 1009.661372][ T6095]  worker_thread+0x8a0/0xda0
[ 1009.665958][ T6095]  kthread+0x70e/0x8a0
[ 1009.670028][ T6095]  ret_from_fork+0x3fc/0x770
[ 1009.674614][ T6095]  ret_from_fork_asm+0x1a/0x30
[ 1009.679374][ T6095] 
[ 1009.681689][ T6095] Freed by task 6095:
[ 1009.685659][ T6095]  kasan_save_track+0x3e/0x80
[ 1009.690336][ T6095]  kasan_save_free_info+0x46/0x50
[ 1009.695371][ T6095]  __kasan_slab_free+0x62/0x70
[ 1009.700127][ T6095]  kfree+0x18e/0x440
[ 1009.704023][ T6095]  __sk_destruct+0x4e1/0x660
[ 1009.708622][ T6095]  bt_accept_dequeue+0x3ce/0x590
[ 1009.713562][ T6095]  l2cap_sock_cleanup_listen+0x2f/0x3e0
[ 1009.719115][ T6095]  l2cap_sock_release+0x5d/0x1d0
[ 1009.724068][ T6095]  sock_close+0xc3/0x240
[ 1009.728329][ T6095]  __fput+0x449/0xa70
[ 1009.732381][ T6095]  task_work_run+0x1d1/0x260
[ 1009.736977][ T6095]  do_exit+0x6b5/0x22e0
[ 1009.741134][ T6095]  do_group_exit+0x21c/0x2d0
[ 1009.745725][ T6095]  get_signal+0x125e/0x1310
[ 1009.750227][ T6095]  arch_do_signal_or_restart+0x9a/0x750
[ 1009.755871][ T6095]  exit_to_user_mode_loop+0x75/0x110
[ 1009.761160][ T6095]  do_syscall_64+0x2bd/0x3b0
[ 1009.765762][ T6095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.771678][ T6095] 
[ 1009.774006][ T6095] The buggy address belongs to the object at ffff888057e1b000
[ 1009.774006][ T6095]  which belongs to the cache kmalloc-2k of size 2048
[ 1009.788155][ T6095] The buggy address is located 452 bytes inside of
[ 1009.788155][ T6095]  freed 2048-byte region [ffff888057e1b000, ffff888057e1b800)
[ 1009.802047][ T6095] 
[ 1009.804372][ T6095] The buggy address belongs to the physical page:
[ 1009.810885][ T6095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57e18
[ 1009.819823][ T6095] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1009.828329][ T6095] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1009.835877][ T6095] page_type: f5(slab)
[ 1009.839858][ T6095] raw: 00fff00000000040 ffff88801a442000 ffffea0000cb6800 dead000000000002
[ 1009.848439][ T6095] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 1009.857021][ T6095] head: 00fff00000000040 ffff88801a442000 ffffea0000cb6800 dead000000000002
[ 1009.865690][ T6095] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 1009.874361][ T6095] head: 00fff00000000003 ffffea00015f8601 00000000ffffffff 00000000ffffffff
[ 1009.883032][ T6095] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1009.891702][ T6095] page dumped because: kasan: bad access detected
[ 1009.898122][ T6095] page_owner tracks the page as allocated
[ 1009.903851][ T6095] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5844, tgid 5844 (syz-executor), ts 85060310152, free_ts 24963019179
[ 1009.925223][ T6095]  post_alloc_hook+0x240/0x2a0
[ 1009.929995][ T6095]  get_page_from_freelist+0x21d5/0x22b0
[ 1009.935542][ T6095]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1009.941344][ T6095]  alloc_pages_mpol+0x232/0x4a0
[ 1009.946192][ T6095]  allocate_slab+0x8a/0x3b0
[ 1009.950692][ T6095]  ___slab_alloc+0xbfc/0x1480
[ 1009.955367][ T6095]  __kmalloc_noprof+0x305/0x4f0
[ 1009.960221][ T6095]  ieee80211_register_hw+0x1ebd/0x4120
[ 1009.965684][ T6095]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[ 1009.971408][ T6095]  hwsim_new_radio_nl+0xea4/0x1b10
[ 1009.976521][ T6095]  genl_family_rcv_msg_doit+0x215/0x300
[ 1009.982061][ T6095]  genl_rcv_msg+0x60e/0x790
[ 1009.986561][ T6095]  netlink_rcv_skb+0x205/0x470
[ 1009.991336][ T6095]  genl_rcv+0x28/0x40
[ 1009.995336][ T6095]  netlink_unicast+0x75c/0x8e0
[ 1010.000107][ T6095]  netlink_sendmsg+0x805/0xb30
[ 1010.004879][ T6095] page last free pid 1 tgid 1 stack trace:
[ 1010.010713][ T6095]  __free_frozen_pages+0xc65/0xe60
[ 1010.016087][ T6095]  free_contig_range+0x1bd/0x4a0
[ 1010.021047][ T6095]  destroy_args+0x7e/0x5d0
[ 1010.025483][ T6095]  debug_vm_pgtable+0x412/0x450
[ 1010.030340][ T6095]  do_one_initcall+0x233/0x820
[ 1010.035103][ T6095]  do_initcall_level+0x137/0x1f0
[ 1010.040040][ T6095]  do_initcalls+0x69/0xd0
[ 1010.044375][ T6095]  kernel_init_freeable+0x3d9/0x570
[ 1010.049578][ T6095]  kernel_init+0x1d/0x1d0
[ 1010.053918][ T6095]  ret_from_fork+0x3fc/0x770
[ 1010.058501][ T6095]  ret_from_fork_asm+0x1a/0x30
[ 1010.063263][ T6095] 
[ 1010.065579][ T6095] Memory state around the buggy address:
[ 1010.071212][ T6095]  ffff888057e1b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1010.079270][ T6095]  ffff888057e1b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1010.087344][ T6095] >ffff888057e1b180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1010.095413][ T6095]                                            ^
[ 1010.101577][ T6095]  ffff888057e1b200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1010.109641][ T6095]  ffff888057e1b280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1010.117701][ T6095] ==================================================================
[ 1010.125826][ T6095] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1010.133153][ T6095] CPU: 1 UID: 0 PID: 6095 Comm: syz.0.33 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1010.142901][ T6095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1010.153045][ T6095] Call Trace:
[ 1010.156324][ T6095]  <TASK>
[ 1010.159263][ T6095]  dump_stack_lvl+0x99/0x250
[ 1010.163860][ T6095]  ? __asan_memcpy+0x40/0x70
[ 1010.168456][ T6095]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1010.173656][ T6095]  ? __pfx__printk+0x10/0x10
[ 1010.178262][ T6095]  panic+0x2db/0x790
[ 1010.182172][ T6095]  ? __pfx_panic+0x10/0x10
[ 1010.186584][ T6095]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 1010.192483][ T6095]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1010.198476][ T6095]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1010.204808][ T6095]  ? print_memory_metadata+0x314/0x400
[ 1010.210280][ T6095]  ? do_raw_spin_lock+0x23d/0x290
[ 1010.215404][ T6095]  check_panic_on_warn+0x89/0xb0
[ 1010.220345][ T6095]  ? do_raw_spin_lock+0x23d/0x290
[ 1010.225373][ T6095]  end_report+0x78/0x160
[ 1010.229613][ T6095]  kasan_report+0x129/0x150
[ 1010.234117][ T6095]  ? do_raw_spin_lock+0x23d/0x290
[ 1010.239210][ T6095]  do_raw_spin_lock+0x23d/0x290
[ 1010.244064][ T6095]  ? lock_acquire+0x5f/0x360
[ 1010.248664][ T6095]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1010.254055][ T6095]  ? __sk_destruct+0x4e1/0x660
[ 1010.258836][ T6095]  ? release_sock+0x2f/0x1f0
[ 1010.263427][ T6095]  release_sock+0x2f/0x1f0
[ 1010.267844][ T6095]  bt_accept_dequeue+0x512/0x590
[ 1010.272782][ T6095]  l2cap_sock_cleanup_listen+0x2f/0x3e0
[ 1010.278345][ T6095]  l2cap_sock_release+0x5d/0x1d0
[ 1010.283288][ T6095]  sock_close+0xc3/0x240
[ 1010.287529][ T6095]  ? __pfx_sock_close+0x10/0x10
[ 1010.292377][ T6095]  __fput+0x449/0xa70
[ 1010.296378][ T6095]  task_work_run+0x1d1/0x260
[ 1010.300969][ T6095]  ? __pfx_task_work_run+0x10/0x10
[ 1010.306258][ T6095]  ? kmem_cache_free+0x18f/0x400
[ 1010.311194][ T6095]  do_exit+0x6b5/0x22e0
[ 1010.315354][ T6095]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1010.320729][ T6095]  ? do_raw_spin_lock+0x121/0x290
[ 1010.325848][ T6095]  ? __pfx_do_exit+0x10/0x10
[ 1010.330445][ T6095]  do_group_exit+0x21c/0x2d0
[ 1010.335037][ T6095]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1010.340238][ T6095]  get_signal+0x125e/0x1310
[ 1010.344751][ T6095]  arch_do_signal_or_restart+0x9a/0x750
[ 1010.350388][ T6095]  ? __pfx_get_timespec64+0x10/0x10
[ 1010.355594][ T6095]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1010.361759][ T6095]  ? exit_to_user_mode_loop+0x40/0x110
[ 1010.367223][ T6095]  exit_to_user_mode_loop+0x75/0x110
[ 1010.372596][ T6095]  do_syscall_64+0x2bd/0x3b0
[ 1010.377187][ T6095]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1010.382390][ T6095]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1010.388455][ T6095]  ? clear_bhb_loop+0x60/0xb0
[ 1010.393133][ T6095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1010.399025][ T6095] RIP: 0033:0x7f31ee1c14a5
[ 1010.403437][ T6095] Code: Unable to access opcode bytes at 0x7f31ee1c147b.
[ 1010.410448][ T6095] RSP: 002b:00007f31eef3cf80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[ 1010.418866][ T6095] RAX: fffffffffffffdfc RBX: 00007f31ee3b5fa0 RCX: 00007f31ee1c14a5
[ 1010.426926][ T6095] RDX: 00007f31eef3cfc0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1010.434897][ T6095] RBP: 00007f31ee211e19 R08: 0000000000000000 R09: 0000000000000000
[ 1010.442900][ T6095] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1010.450874][ T6095] R13: 00007f31ee3b6038 R14: 00007f31ee3b5fa0 R15: 00007ffde105fd88
[ 1010.458855][ T6095]  </TASK>
[ 1010.462132][ T6095] Kernel Offset: disabled
[ 1010.466456][ T6095] Rebooting in 86400 seconds..