last executing test programs:

56.324784401s ago: executing program 0 (id=574):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$evdev(0x0, 0xfffffffffffffffd, 0x2100)
syz_usb_disconnect(r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000580)='io_uring_register\x00', r1, 0x0, 0x3}, 0x18)
r2 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x0, 0x210}, &(0x7f0000ff0000), &(0x7f0000000380))
r3 = creat(&(0x7f0000000540)='./file0\x00', 0x0)
write(r3, &(0x7f0000000040)="7301ed01f2d31b3e9059dcea59cdc8fa3cc33a8133863a22a1d8a618743ba239ebfa83d283c3c0d243e3f6eaaaa2e7bac91cf6dfe0c004e6880fc1f1", 0x3c)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f000001aa40)=""/102400, 0x19000)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
close(r3)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18020000040000000000000000000000850000004100000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000180000850000008200000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$RTC_EPOCH_SET(r3, 0x4008700e, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000480)=0xd0)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x18, 0x0, 0x1)

51.973428576s ago: executing program 0 (id=581):
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x1, 0x0, 0x1, 0x80, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x3}, 0x50) (async)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x1, 0x0, 0x1, 0x80, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x3}, 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r0, &(0x7f00000000c0)="1eaf723b96a47d110c0732f270812e4ecfcc9b1111af", &(0x7f0000000100)=""/64, 0x4}, 0x20)
r1 = accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)=0x10, 0x800)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000240)=0x4)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x58, r3, 0x8, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x2, 0x7a}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xbd}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3ff}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xfffa}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x6}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x2}]}, 0x58}}, 0x800) (async)
sendmsg$NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x58, r3, 0x8, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x2, 0x7a}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xbd}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3ff}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xfffa}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x6}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x2}]}, 0x58}}, 0x800)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r5, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10008000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x34, 0x0, 0x800, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x34}, 0x1, 0x0, 0x0, 0x810}, 0x4000)
syz_open_dev$ndb(&(0x7f0000000540), 0x0, 0x400000) (async)
r6 = syz_open_dev$ndb(&(0x7f0000000540), 0x0, 0x400000)
ioctl$BLKGETSIZE(r6, 0x1260, &(0x7f0000000580)) (async)
ioctl$BLKGETSIZE(r6, 0x1260, &(0x7f0000000580))
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) (async)
r7 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
setsockopt$IP_VS_SO_SET_DEL(r7, 0x0, 0x484, &(0x7f00000005c0)={0x4, @rand_addr=0x64010101, 0x4e20, 0x1, 'rr\x00', 0x32, 0x5, 0x1f}, 0x2c)
r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000600)='ext4_get_implied_cluster_alloc_exit\x00', r7, 0x0, 0x4}, 0x18)
ioctl$PPPIOCSACTIVE(r7, 0x40107446, &(0x7f00000006c0)={0x4, &(0x7f0000000680)=[{0x6, 0x2, 0x8, 0x1732c71b}, {0x0, 0x5, 0x8, 0xe1}, {0x6, 0x10, 0x4, 0xdde5}, {0x6, 0x0, 0xfc, 0x8}]}) (async)
ioctl$PPPIOCSACTIVE(r7, 0x40107446, &(0x7f00000006c0)={0x4, &(0x7f0000000680)=[{0x6, 0x2, 0x8, 0x1732c71b}, {0x0, 0x5, 0x8, 0xe1}, {0x6, 0x10, 0x4, 0xdde5}, {0x6, 0x0, 0xfc, 0x8}]})
ioctl$sock_ifreq(r7, 0x8914, &(0x7f0000000700)={'gre0\x00', @ifru_addrs=@ax25={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}})
r9 = creat(&(0x7f0000000740)='./file0\x00', 0x108)
pidfd_getfd(r7, r8, 0x0) (async)
r10 = pidfd_getfd(r7, r8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x1d, 0x1c, &(0x7f0000000780)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r7}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r9}}, @cb_func={0x18, 0x4, 0x4, 0x0, 0xfffffffffffffffc}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x1}, @jmp={0x5, 0x0, 0x8, 0xb, 0x3, 0xfffffffffffffff0, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}], &(0x7f0000000880)='syzkaller\x00', 0x2, 0xb4, &(0x7f00000008c0)=""/180, 0x40e00, 0x40, '\x00', r2, @fallback=0x33, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000980)={0x1, 0x4, 0x1, 0x80000}, 0x10, 0xffffffffffffffff, r10, 0x5, &(0x7f00000009c0)=[r0, r7], &(0x7f0000000a00)=[{0x1, 0x1, 0xf, 0xb}, {0x2, 0x2, 0xb, 0x6}, {0x0, 0x2, 0x6, 0x2}, {0x3, 0x4, 0x1, 0x4}, {0x2, 0x4, 0x7, 0x9}], 0x10, 0x9}, 0x94)
r11 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000b40)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0)
syz_io_uring_complete(0x0) (async)
r12 = syz_io_uring_complete(0x0)
ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000b80)={0x1, 0x9, 0x5, 0x0, 0x0, [{{r12}, 0x4dee}, {{r11}, 0x7}, {{r1}, 0x200}, {{r8}, 0x1}, {{r1}, 0x7}]}) (async)
ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000b80)={0x1, 0x9, 0x5, 0x0, 0x0, [{{r12}, 0x4dee}, {{r11}, 0x7}, {{r1}, 0x200}, {{r8}, 0x1}, {{r1}, 0x7}]})
r13 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000c40), 0x2, 0x0)
read$FUSE(r11, &(0x7f0000000c80)={0x2020, 0x0, <r14=>0x0}, 0x2020)
write$FUSE_INIT(r13, &(0x7f0000002cc0)={0x50, 0xfffffffffffffff5, r14, {0x7, 0x2b, 0x3, 0x50050, 0x8, 0x5, 0x1, 0x2ebd, 0x0, 0x0, 0x20, 0x3}}, 0x50)
fchmod(r0, 0x4a)
ioctl$TUNATTACHFILTER(r10, 0x401054d5, &(0x7f0000002d80)={0x1, &(0x7f0000002d40)=[{0x8000, 0x6, 0x2, 0x766}]})
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000002dc0), 0x4)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r10, &(0x7f0000002ec0)={&(0x7f0000002e00)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000002e80)={&(0x7f0000002e40)={0x14, 0x4, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0x3}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x280080c4}, 0x40801)

50.671614657s ago: executing program 0 (id=585):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000000), 0x4)
r2 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r2, 0x0, 0xb7, 0x1000, &(0x7f0000000080)="28c4a65c9435c2ef3af76599726f567bf2f1b1ab583140677684d68d3e2093339d1d65d4def41b9fb94cb7cc0d5f346c28fc0910e6783291408b0da93463cb6231b312aa6ace427ef8c95d10732de9bf3fbabdc1401547df6a28f3cf8af610841e2f8dadcfbbeaff5c7c8d4c477b5087898f04eb7c419171c231a6e5a37a50ffef4242a2fad421b2fbc28da3be9dcbe47dc1d37abb9716a17da492f0bec2b5cf6f680eb02caf33583fc01a53ab7d148a0f868e4f7972a0", &(0x7f00000009c0)=""/4096, 0x9, 0x0, 0xa9, 0xec, &(0x7f0000000140)="943cb25c439b36cbdfd9430f37a158645c5f9b3cbb1cd95a933445bb00e356594f8505e622dff3e8cd0c9108d95ddac868678703c9129f7931ca7eca1a617e77a8e6f0ea15d20d818924bf849e50bd576694a4990555b2bd4310f0368f1340a0de180ca555a80fbd7976357be7b1482d3f7dbef795b66cc40884684e79f860519d69c9546b5edc787d91b17af08cbe38f26af0250f876fb65ba46a4d1a4e7fdddc743aeda4e3a2aab8", &(0x7f0000000300)="80525679c303a85e772acabfde2b74ff8594fc588e8ead4eb04175d3c55e6794781f9dc97f09866919fdee5eb8de820959c9eb6ce94a1a81b9abc97ef51759bba29bb4aadb8094ac62859caf1e8c7baeb6b3d58e5126dab7d6ccab31380f4cc149849ef9ed9dc30adf0a1709d89fe57df34b61b56113cf9820b90b21032fabca14825e05343e98e592846840c4385948e07289043f260fd636e40f8f5133a82f271f5fa43ae18a338f5f9cbe5002b042301e32da599167cf72774ac6bb65dfc3ff89a9da142ae838b1ba2305195ccfb7e3e686e4a4ba32a778fc5fb980d737aa56e7c62af0570db36d918a63", 0x6, 0x0, 0x1}, 0x50)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x42, 0x9, 0xfffffffc, 0x25dfdbfd, {0x3}}, 0x14}}, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000280)={0x0, r1, 0x9, 0x71e133e7, 0x8})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0x0, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_BOS={0x5, 0x44, 0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4811}, 0x2008c014)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x6)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r2, &(0x7f0000000480)="59c405cd7bb686ac1bfe342a03ec1129926010ac8e3a010f9c94d658823c62eb5db953e3a3ab378d41cbeba5808cc1d91925c5d9185ec53ba2cecaa4e87da66aec53b5efb9a7affa2c7d786c015c3e679fc3c547c2811cfdd306cad660cf9a3698991f69db41f7", &(0x7f0000000600)=""/226, 0x4}, 0x20)
r8 = syz_open_dev$evdev(&(0x7f0000000040), 0x6, 0x0)
ioctl$EVIOCSKEYCODE(r8, 0x40084504, &(0x7f00000002c0)=[0x0, 0x7])
getpeername(r2, &(0x7f0000000400)=@qipcrtr, &(0x7f0000000000)=0x80)

46.43396746s ago: executing program 0 (id=595):
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback, 0xa22c}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c00000002030300000000000000000000f8ffff0700010001000000"], 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="100000000303010100000000000000000a0000000c00020000000003000000ffdbfad9c5d378b82f5fdcb094c7b9581d6e90c2dd34211900ead3c6cf8b29c0c19b13fdc965c081efe4e6d1924ff5680c710a36df04630efcb8fd770188382f92334473e3f5871b688bfb932d6ab9da3a1b053dba3fddbf705df3c8058786d1ed8a3e790757cd51b0ddc531dab46e82f895"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000100)={0x1d, r5, 0x3, {0x0, 0xf0, 0x4}, 0xfe}, 0x18)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80383, 0x0)
r7 = io_uring_setup(0x6c15, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r8 = io_uring_setup(0x7d0f, &(0x7f0000000500)={0x0, 0x84cd, 0x800, 0x0, 0x271, 0x0, r7})
r9 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r9, 0x0)
io_uring_register$IORING_REGISTER_RING_FDS(r8, 0x13, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000400))
sendmmsg(r4, &(0x7f0000000040)=[{{&(0x7f0000000140)=@can={0x1d, r5}, 0x80}}], 0x1, 0x20044801)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)

43.62178146s ago: executing program 0 (id=601):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(r1)
r5 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0)
r6 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r7 = syz_io_uring_setup(0x72ae, &(0x7f0000000280)={0x0, 0x0, 0x10100, 0x0, 0x36}, &(0x7f0000000500), &(0x7f0000000000)=<r8=>0x0)
syz_io_uring_setup(0x2287, &(0x7f0000000200)={0x0, 0x6e79, 0x2, 0x1, 0x290}, &(0x7f00000004c0)=<r9=>0x0, &(0x7f0000001540))
syz_io_uring_submit(r9, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r7, 0x184c, 0x0, 0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6c9ecbf09d6dd7be5a06dfd645630500c1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc", 0x0, 0x48)
ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000})
r10 = semget$private(0x0, 0x4000000009, 0x0)
semop(r10, &(0x7f00000002c0)=[{0x0, 0xec7b, 0x1000}], 0x1)
semop(r10, &(0x7f0000000000)=[{0x0, 0xffff}, {0x0, 0x8, 0x800}], 0x2)
semctl$GETNCNT(r10, 0x0, 0xe, 0x0)
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_clone3(&(0x7f00000001c0)={0xad021080, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r12, 0x4140aecd, &(0x7f0000000100))

43.294064852s ago: executing program 0 (id=603):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000db7b3e4bff8ae5543c4baa32d07aa10b461e0b64d4bb27806965a54cf8ecc3787948bb9283449db53e9b033c2ad62c1995bc96b9760227a07c86829748f6046d508e5a72d68de83ea0aa1e2641946561eb930e2efe98eb6d6287ddffa535851758bf343ce2ca79c2", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, &(0x7f0000000200))
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000080)={0xb, <r0=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r1}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a85352, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="dfffffffffffffff00001c00000018000180140002006c6f"], 0x2c}}, 0x0)

42.50992584s ago: executing program 32 (id=603):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000db7b3e4bff8ae5543c4baa32d07aa10b461e0b64d4bb27806965a54cf8ecc3787948bb9283449db53e9b033c2ad62c1995bc96b9760227a07c86829748f6046d508e5a72d68de83ea0aa1e2641946561eb930e2efe98eb6d6287ddffa535851758bf343ce2ca79c2", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, &(0x7f0000000200))
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000080)={0xb, <r0=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r1}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a85352, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="dfffffffffffffff00001c00000018000180140002006c6f"], 0x2c}}, 0x0)

14.755263567s ago: executing program 1 (id=664):
prlimit64(0x0, 0xe, &(0x7f0000000440)={0x6, 0x8c}, 0x0) (async)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x7)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000002140)=""/4096, 0x1000}], 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) (async)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x20, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64)
ioctl$BLKFINISHZONE(0xffffffffffffffff, 0x40101288, &(0x7f00000000c0)={0x7}) (async, rerun: 64)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019380)=""/102400, 0x19000) (async)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000009640), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r2, 0x401c5504, 0x0) (async)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x1, 0x0) (async)
umount2(&(0x7f0000000000)='./file0\x00', 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
bind$alg(0xffffffffffffffff, 0x0, 0x0) (async)
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x2}) (async)
ioctl$VIDIOC_PREPARE_BUF(r3, 0xc058565d, &(0x7f0000000500)=@multiplanar_userptr={0x9, 0xa, 0x4, 0x400, 0x4, {0x0, 0xea60}, {0x1, 0x8, 0x7, 0x82, 0xe, 0x0, "bc8feb13"}, 0x8, 0x2, {&(0x7f0000000440)=[{0x8001, 0x7fffffff, {0x0}, 0x1000}, {0x3, 0xdf9, {0x0}, 0xd90b}]}, 0x6}) (async, rerun: 32)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async, rerun: 32)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0) (async)
getrandom(&(0x7f0000000000)=""/153, 0x21, 0x0) (async)
r4 = syz_open_dev$I2C(&(0x7f0000000040), 0xb54, 0x1)
ioctl$I2C_RDWR(r4, 0x707, &(0x7f0000000180)={&(0x7f00000018c0)=[{0x7, 0x5000, 0x0, 0x0}], 0x1})
r5 = socket$kcm(0x1e, 0x5, 0x0)
sendmsg$kcm(r5, 0x0, 0x0) (async)
recvmsg(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000100)=""/5, 0x5}, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

14.041790554s ago: executing program 1 (id=666):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe6)
prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000040)={0x0, &(0x7f0000000040), 0x0, 0x0, 0xcccccccc})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r3, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x10000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r3, 0x0, <r4=>0x0, 0x1})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r3, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x1fff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x18)
r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000001580)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x0, r5, &(0x7f0000000080)='d', 0x2}])
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})

14.041314404s ago: executing program 2 (id=667):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x10000802, 0x80, 0x0, 0x40000}, 0x10)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0xa0902)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f0000000c40)={0x2000000b})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x70bd2d, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0xfe, 0x4, 0x20000000}}, 0x1c}, 0x1, 0x0, 0x0, 0x404e095}, 0x4010)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="280000005200010004000000000000001c0000001400", @ANYRES16=r0], 0x28}}, 0x0)

12.459903685s ago: executing program 2 (id=669):
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
mount(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='cramfs\x00', 0x2a00000, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f0000003540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000200001701000002000000"], 0x18}, 0x340000c1)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000280)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x950f3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000c40)=@filter={'filter\x00', 0x42, 0x4, 0xb20, 0xffffffff, 0x8d8, 0x8d8, 0x8d8, 0xffffffff, 0xffffffff, 0xa88, 0xa88, 0xa88, 0xffffffff, 0x5, 0x0, {[{{@uncond, 0x74000002, 0x878, 0x8d8, 0x1ba, {0x46010000, 0x2c000000000000}, [@common=@unspec=@u32={{0x7e0}, {[{[{0x3, 0x3}, {0x7, 0x2}, {0x9, 0x1}, {0xfffffffc}, {0x401, 0x2}, {0x8, 0x2}, {0xfffffff0, 0x3}, {0xfffffffd}, {0x8000, 0x2}, {}, {0x8, 0x2}], [{0x43ee, 0x1ff}, {0x4, 0x6}, {0x3, 0x9}, {0x8, 0x2}, {0x4}, {0x4, 0x90}, {0xf7d, 0x2}, {0x7, 0x341}, {0x3ff, 0x7fffffff}, {0xfffffc00, 0x3}, {0x401, 0x3b1}], 0x0, 0xb}, {[{0x0, 0x2}, {0x5, 0x2}, {0x6, 0x2}, {0x7fff, 0x1}, {0x7, 0x2}, {0x80000000, 0x1}, {0x9, 0x3}, {0x1, 0x1}, {0x1, 0x3}, {0x4e, 0x3}, {0x80000000}], [{0x3, 0x5}, {0x5, 0xfffffffa}, {0x1000, 0x400}, {0x71a, 0x1}, {0x0, 0xfffffff9}, {0x3, 0x6}, {0xfb99}, {0x7fff, 0x3f8000}, {0x26, 0x80000000}, {0xd, 0x1da}, {0x8, 0x6}], 0xa, 0xa}, {[{0x7, 0x1}, {0x7, 0x1}, {0xfffffff8, 0x1}, {0x546, 0x3}, {0x8, 0x1}, {0x0, 0x2}, {0x9, 0x2}, {0x9, 0x1}, {0x7f, 0x2}, {0x0, 0x2}, {0xf6, 0x2}], [{0xc0000000, 0xffffffff}, {0x0, 0x3}, {0x9, 0x309b68d6}, {0x2, 0xb0}, {0x0, 0x5ac}, {0x5, 0x8000}, {0x7ff, 0x7ff}, {0x2, 0x7}, {0x9, 0x81}, {0x41, 0x1}, {0xfffffffb, 0x7ff}], 0x0, 0x4}, {[{0x2, 0x1}, {0x6, 0x2}, {0x15}, {0x40}, {0x5, 0x1}, {0xf, 0x2}, {0x1, 0x3}, {0x3, 0x1}, {0xffff8000, 0x1}, {0x0, 0x2}, {0x81, 0x2}], [{0xfffff000, 0x1c1}, {0x7f1, 0xdfd9}, {0x8001, 0x9}, {0x4, 0xcde6}, {0x8f77, 0x1ff}, {0xffffff80, 0x1}, {0x9, 0x6}, {0x7fffffff, 0xe000000}, {0x3, 0x7}, {0xd9, 0x9}, {0x1, 0x400}], 0x4, 0x6}, {[{0x1, 0x3}, {0x5, 0x1}, {0x5, 0x1}, {0x1, 0x3}, {0x2fd, 0x1}, {0x8a5, 0x1}, {0x9}, {0xd}, {0x6, 0x3}, {0x2, 0x2}, {0x6, 0x2}], [{0x2, 0x4}, {0xc, 0x2}, {0x6, 0x1000}, {0xda0a, 0xf855}, {0x0, 0xfff}, {0x2, 0x9}, {0x68, 0x100}, {0x3, 0x2}, {0x4, 0x3ff}, {0xee2}, {0x9, 0x9}], 0x5, 0x9}, {[{0x2, 0x3}, {0x8, 0x1}, {0x95872047, 0x1}, {0x2, 0x1}, {0x1}, {0x2}, {0x40}, {0x6, 0x3}, {0x7}, {0x3, 0x1}, {0x17, 0x1}], [{0x32a6, 0x6}, {0x7}, {0x7, 0x56bde36a}, {0x15, 0x401}, {0x9, 0x200}, {0x9, 0x1000}, {0x1, 0x401}, {0x7}, {0x7, 0x2}, {0xb, 0x7d}, {0x41, 0x6}], 0x5, 0x2}, {[{0xfffff45f}, {0x2}, {0x800, 0x1}, {0x7fff}, {0x7fffffff}, {0x81, 0x2}, {0x5, 0x3}, {0xff}, {0x7}, {0x3ff, 0x3}, {0x100}], [{0x8a50, 0x3}, {0x1, 0x6d}, {0x6, 0x7fff}, {0x1, 0x3}, {0x6, 0xfff}, {0x4000000, 0x7}, {0x400}, {0x1}, {0xb65, 0x9}, {0x5f8, 0x5}, {0x1, 0xd4}], 0x2, 0x6}, {[{0x101, 0x2}, {0x9}, {0x4, 0x2}, {0x8, 0x2}, {0x80000000}, {0x4}, {0x6, 0x2}, {0x6}, {0x6, 0x3}, {0x767, 0x3}, {0x3, 0x3}], [{0xffff7ba7, 0x2}, {0x9, 0x8}, {0x4, 0x9}, {0x9, 0x101}, {0x69, 0x1}, {0x1, 0x5}, {0x9, 0x3}, {0x5, 0x8}, {0x3, 0xb29d}, {0x40, 0x2}, {0x4, 0x1}], 0x5, 0xa}, {[{0x8, 0x1}, {0x4, 0x3}, {0xffffffff, 0x2}, {0x2, 0x3}, {0x9}, {0x7, 0x3}, {0x6, 0x1}, {0x6}, {0x3, 0x3}, {0x3, 0x1}, {0x9, 0x3}], [{0x8001, 0x1}, {0xfffffff8, 0x7fffffff}, {0x4, 0x1000}, {0x0, 0xeb}, {0x3, 0x6}, {}, {0x200, 0x7ff}, {0x112, 0xd}, {0x81, 0x3}, {0x8, 0x53c}, {0x8, 0x7}], 0x9, 0xa}, {[{0x6, 0x1}, {0x1, 0x2}, {0x2, 0x2}, {0x1, 0x2}, {0x200}, {0x7, 0x2}, {0x4, 0x3}, {0x6, 0x2}, {0x9}, {0x3c8, 0x3}, {0x2a, 0x1}], [{0x7}, {0x1, 0x1ff}, {0x8000, 0xec1}, {0x9, 0x5d5}, {0x1}, {0x9183, 0x2}, {0x8, 0x9bc}, {0x12d, 0x7}, {0x97, 0x7}, {0xffffffff, 0x7}, {0x1, 0xc934}], 0x8, 0x7}, {[{0xa22, 0x1}, {0x6da, 0x1}, {0xb2fe}, {0x9, 0x2}, {0x5, 0x2}, {0x7, 0x3}, {0x400}, {}, {0xff0, 0x3}, {0x80000001, 0x1}, {0xffffffff, 0x2}], [{0x20, 0x101}, {0x4, 0xf}, {0x81, 0x9}, {0x10000, 0x5}, {0x9, 0x2}, {0x9, 0x122}, {0x9, 0x1}, {0xb0ab, 0x8}, {0x438, 0x1f6}, {0x5, 0x1e2}, {0x2, 0xffffffff}], 0x0, 0x5}], 0x4, 0x1}}, @common=@unspec=@connlabel={{0x28}, {0x5, 0x3}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x6, 0x6, 0x0, 0x6, 0x4], 0x6, 0x1}, {0x0, [0x8, 0xa, 0x0, 0x6, 0x7, 0x5], 0x1}}}}, {{@uncond, 0x287, 0xe0, 0x108, 0x0, {}, [@common=@unspec=@cpu={{0x28}}, @common=@unspec=@limit={{0x48}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0xa8}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x2, 0x4}, {0x0, 0x4, 0x1}, {0xffffffffffffffff, 0x6, 0x1}, 0x3, 0xa}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xb80)
clock_gettime(0x3, &(0x7f00000000c0))
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(0x0, 0x80000, 0x11b)

11.789185668s ago: executing program 1 (id=670):
socket$unix(0x1, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100}, &(0x7f0000000200), &(0x7f00000001c0))
socket$packet(0x11, 0x2, 0x300)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt(0xffffffffffffffff, 0x114, 0x271d, 0x0, &(0x7f00000000c0))
pipe2$watch_queue(0x0, 0x80)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}}, 0x0)
r6 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNDEL(r6, 0x400442c9, &(0x7f00000000c0)={0x0, @multicast})
getdents64(0xffffffffffffffff, 0x0, 0x18)
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000340)={0x3}, 0x2000, 0x0)
socket$unix(0x1, 0x2, 0x0)

11.10537089s ago: executing program 5 (id=604):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x20, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x6}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet(0x2, 0x3, 0x4)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_enter(0xffffffffffffffff, 0x894, 0x3a7b, 0x0, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
connect$inet6(r2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
futex(0x0, 0x8d, 0xfffffffd, 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)='usrquota')
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1, 0x103)
mount(&(0x7f0000000300), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)

9.98827822s ago: executing program 5 (id=673):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz2\x00'}, @NFTA_DYNSET_FLAGS={0x8}, @NFTA_DYNSET_OP={0x8}, @NFTA_DYNSET_SREG_KEY={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xac}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000)
madvise(&(0x7f0000329000/0x3000)=nil, 0x3000, 0x14)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000800000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000a0000000bf090000000000005509010000030000950000000000000085100000f5ffffffbf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @sk_reuseport, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000580)=@generic={&(0x7f0000000400)='./cgroup\x00', 0x0, 0x8}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x12, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5}, @generic={0xfc, 0x1, 0x3, 0x1, 0x3}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0xe4a7, 0x8b, &(0x7f00000004c0)=""/139, 0x41000, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x4, 0xd, 0xfffffffe, 0x403fbcda}, 0x10, 0x0, 0x0, 0x2, &(0x7f00000005c0)=[r6, r3, r3, r7, r3], &(0x7f0000000600)=[{0x1, 0x1, 0x0, 0x3}, {0x5, 0x2, 0x3, 0x6}], 0x10, 0x81}, 0x94)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
socket$unix(0x1, 0x2, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0x12)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='jfs\x00', 0x1a0c000, 0x0)

8.149737972s ago: executing program 3 (id=678):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
r1 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600}}, 0x20)
bpf$LINK_DETACH(0x22, &(0x7f0000000100)=r1, 0x4)
syz_emit_ethernet(0x5a, &(0x7f0000000200)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0xe, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @rand_addr=0x64010102, {[@timestamp_addr={0x44, 0x14, 0x5, 0x3, 0x0, [{@multicast2}, {@empty=0x2000000, 0x9}]}, @ssrr={0x89, 0xb, 0x77, [@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @generic={0x83, 0x2}]}}, {{0x4, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)

7.901768979s ago: executing program 2 (id=679):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100000000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0xd49f, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000001200)=0x6d7c, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
r3 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r3, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r3, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
eventfd(0x0)
recvmmsg(r3, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)

7.856116414s ago: executing program 3 (id=680):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000009800)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x20014d2}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000002180)=""/4090, 0xffa}, {&(0x7f0000003180)=""/177, 0xb1}, {&(0x7f00000032c0)=""/246, 0xf6}, {&(0x7f0000000580)=""/231, 0xe7}, {&(0x7f0000001b00)=""/214, 0xd6}, {&(0x7f0000000b80)=""/60, 0x3c}, {&(0x7f0000000100)=""/235, 0xeb}, {&(0x7f0000000940)=""/164, 0xa4}, {&(0x7f0000000780)=""/83, 0x53}, {&(0x7f0000000380)=""/113, 0x71}], 0xa}, 0x81}], 0x3, 0x2100, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r2, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000380)="e13650b5", 0x4}, {0x0}, {0x0}], 0x3}}], 0x1, 0x4)
setsockopt$sock_int(r2, 0x1, 0x12, &(0x7f0000000000)=0x4, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@can_newroute={0x14c, 0x18, 0x1, 0x70bd29, 0x25dfdbfe, {0x1d, 0x1, 0x5}, [@CGW_CS_CRC8={0x11e, 0x6, {0x5, 0x2c, 0x31, 0xfe, 0x4, "376b7a2a873c1a8ecc4da245ca39173d934859d620daf963a7328e80ffd00e690a4ef64930de462bc35c85f36db0898dcc0d03bbcda1ebf61c3465b6659995eff36bad2ef6163c03e7fabc525cdf7514e281b17d58503a26d943329a08e9c845f2b98c0d8aa1b1fbd349fbdde1092f4169eca41d72a04391b11c49f79c8032e328e0da259605c93fabcb99b3840e01e4d7ba843459e11870d2c3c6b918bed9861876ed178ec66d589a8d4f870e6977a20b4df8f02b27f4e6c8fdecf20dda9582bb2cc9ae7fa8cb0d3826398ba4eaaca719fb9a8e0be7c382261847d159b6f4b98016c14feb17bd8b689d0f6a2740c06731578a8abe696bcef2746a87ac79ffdb", 0x1, "3f4e0c272024116890a9108b9adc85dae91aba17"}}, @CGW_MOD_SET={0x15, 0x4, {{{0x4}, 0x3, 0x3, 0x0, 0x0, "b377781aeecabf6b"}, 0x2}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x40}, 0x0)

7.7858406s ago: executing program 4 (id=681):
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)
recvmsg$kcm(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x12000)

6.377614745s ago: executing program 3 (id=682):
r0 = accept4$unix(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x6e, 0x0)
r1 = accept$unix(r0, 0x0, &(0x7f00000000c0))
r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)=@generic={&(0x7f0000000100)='./file0\x00'}, 0x18) (async)
r3 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r4 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r3)
add_key$fscrypt_provisioning(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000300)={0x1, 0x0, @auto=[0x1a]}, 0x9, r4) (async)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r2, &(0x7f0000000340)={0x2000})
r6 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x60c600, 0x0)
fcntl$setstatus(r6, 0x4, 0xc6800) (async)
keyctl$clear(0x7, r3)
read$FUSE(r6, &(0x7f00000003c0)={0x2020, 0x0, <r7=>0x0, <r8=>0x0, 0x0, <r9=>0x0}, 0x2020)
write$FUSE_INIT(r6, &(0x7f0000002400)={0x50, 0xfffffffffffffffe, r7, {0x7, 0x2b, 0x7fffffff, 0x8000008, 0xfff9, 0x7f, 0x8, 0x0, 0x0, 0x0, 0x2, 0x5309}}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000002480)=@bloom_filter={0x1e, 0x3, 0xea, 0x5, 0x1040a, 0xffffffffffffffff, 0x71ee, '\x00', 0x0, r6, 0x1, 0x0, 0x4, 0x4, @void, @value, @value=r2}, 0x50) (async)
add_key$fscrypt_provisioning(&(0x7f0000002500), &(0x7f0000002540)={'syz', 0x1}, &(0x7f0000002580)={0x0, 0x0, @auto=[0x18]}, 0x9, r4) (async)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r6, 0x5) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000025c0)={'batadv0\x00', <r10=>0x0}) (async)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r6, 0xc0105303, &(0x7f0000002600)={0xb, 0x9, 0xb5}) (async)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r6, &(0x7f0000002700)={&(0x7f0000002640)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000026c0)={&(0x7f0000002680)={0x28, 0x0, 0x8, 0x401, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x138}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)
r12 = syz_genetlink_get_family_id$batadv(&(0x7f0000002780), r6)
sendmsg$BATADV_CMD_GET_VLAN(r6, &(0x7f0000002840)={&(0x7f0000002740)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000002800)={&(0x7f00000027c0)={0x2c, r12, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1001}, 0x40000) (async)
r13 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000002880), 0x105000, 0x0)
r14 = openat$audio1(0xffffffffffffff9c, &(0x7f00000028c0), 0x240080, 0x0)
sendfile(r13, r14, &(0x7f0000002900)=0xd, 0x9)
sched_setaffinity(r9, 0x8, &(0x7f0000002940)=0x6) (async)
keyctl$get_persistent(0x16, r8, r4)
ioctl$sock_kcm_SIOCKCMUNATTACH(r6, 0x89e1, &(0x7f0000002980)={r11}) (async)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000029c0)={0x0, 0x0, 0xfffffffffffffffc, 0x8}) (async)
clock_adjtime(0x0, &(0x7f0000002a00)={0x8000000000000000, 0x4, 0x6, 0x0, 0xfffffffffffffff7, 0x5, 0x7, 0x6, 0x5, 0xffffffffffffffff, 0x9, 0x7, 0x1, 0x5000000000000, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x4, 0x364, 0x8, 0x34e, 0xffffffffffffff94, 0x42e8, 0x3ed})

6.323299505s ago: executing program 4 (id=683):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x20, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x6}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet(0x2, 0x3, 0x4)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_enter(0xffffffffffffffff, 0x894, 0x3a7b, 0x0, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x2c}, 0xd}, 0x1c)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
futex(0x0, 0x8d, 0xfffffffd, 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)='usrquota')
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1, 0x103)
mount(&(0x7f0000000300), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)

6.036426215s ago: executing program 2 (id=684):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000240)={0x2a, 0xffffffffffffffff, 0x7fff}, 0xc)
r1 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x7c7f, 0x400, 0x3, 0x289}, &(0x7f00000004c0)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
pipe2$9p(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000006118b0000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a}, 0x94)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0})
io_uring_enter(r1, 0x40f9, 0x217, 0xa5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000040))
sendmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001240)={0xf78, 0x10a, 0x3, "cb24a78108cdb435c9d3ce8754e650f9cdd5da40416d8af2266be8860a93e813470197efda2d940ad729a965a709d84a83150911f11acc002f5a388fcb608197471274b19464854d2fbedc516e213bb9286f11da618efd4086b0f78d25603bb402e12c902162be37f28f53e45b43e8952bf2c96f6362a57554d891b0aad7daeb754e36aba965c1067a5b0c91a3521f32b605584205f1f10be950ffbe4cb6e86a6fa55cf3bd62beaf43041b60227524ee803421327192d06e93eeaa10d2258eab85095558793df229d46dcba77e68aabd82827cfe279b07c46deb8a19acf2ddd64346a8b36bf1df242567232270f92f979f0fbbd070549cd0927eca095651e64bbd4fb5030e600a0cc28bd285679578f066e9fd24e248ead44ef1e2d818c1380d1ffaa19f0329102dc5640fba2f0f1c1977f3f36229005216c55c2fee3590081a755277419e99a4b02a94a4080a48c5c3897b703e40c38334f28168975af63f6e8856582bb3f093ea1464fc34a5f5fd51a6327f3daae73d05d71ff13952e6d27b8d9346a83b8b9333bd98e3c15a6359654a7347797d427cd3b97e2a21629f5a9f8893cf09131960a6686251bdd8dc860b019dcea7257c715520da3a48fae6b504e84e48be6834afe8c55a54331dbdcb4d7e420be17eb60e053eff4759c296150858089128a6753da0e8212652b733ddd582e0729d0418391e5d0386f101672e11e9acd9e18d56a37610f561bbf647a089fcc3d220ff92f406beb1f09815aeeccd76442b306b24caa49b564120ce6deae8a2aaa21db57ec5dea7b0e5650ff88ddc8f987ac3b0226d62eb998cc160d7952ac7a49de9ab1c84a0ae8f06aad0718f90e831fc790cf5f84c08c109bd7eaaf00c44639799983de3ba55fcea07c78d0845523d21596a3ef2152e818598422a31559197a538c2078cc38ef628af21dcfba078be25dcdd0390ab9195cf98439e58830e9a6d3198115ae6565ff0761e139188ec2e2def0ae3b464e474bf968ce27ce0f6b2bdab210eaa04c0570afe0af8a8409bb4eeb54740bc89604b91eaace1c9cb0eb14a961a988127f1e8df73099f9e4c7adfd43000c3c87d237964a8672555ae460bde4a735ec53665ba0633e084f32692521c4b5ef2bcc9748a586f00bf6b6f50f34253cc72e83790266fed12ab432e2f4b5d0d0f94a3eb45cbd3555f3f8f2dec4b68eb184df3ffe0b5a2e3134623537a7ca8ac4ab629472b81156d3f4861f67ae555dfc1f6c9473eeb99217fb7b80f07e5029ac3a86ba91f64b61916e4a7803946a04a5abd55b7725e70ba294b45a6a808d843d267b7b75832fe33f8e69f841ce8fd669f6038832dfa2d2a8f820de1d967c521222bfb6e4a5394956b1c6537bb6c6bd8d647e98b84d6ad117d5e5e0a733d5af937b542689da4196562645df3b4e32e6cf7c31376078a6df4890681525fddba5db07a3ee98942a6b84f8faa9fea4886f9ad7218e9585dc25e8e1c2a3efd8ec9477f23478a90b9ee23f1acd171689e339a026cf7fbc9bbe41a0616c8c377e11be8c90a13d158b6792621f080c50fa1e8622648b300eecbbdd4bc8d5178d9c52cf641bbc303f54170992bb4cf20164c9ca83f3fbde8f81c192a1c2c16d83aa616c0038b9b659d7f0c678e6a9f5bbaa903b7198987135a04cac612a4c03618b40a516dc71f4050fe20d092be750c4b46f28460560766465eddcea4877788b61862095b98ad414436b8acd47f8f514470015e5f05e5506b355a5c237462b875dcc6d617c85d180d096ef03caeb3efa119761d01c379d05ec5533a415d05d6b1d9bf0b6f886fa50bd723b092e28990eccd0f526e0a6095497ab9c5cbe01897cd173890dd61d6fd5d17f44e400bfd20f0bb3aeb56292708e29bb7f91b9aec6c2657537bdbbff558465aa590fccfe1d674c27835804a3104b9382a82c5bf3cfba5e3d2e825eec6d67a527424fa123c9784b80f9f5506f128befb75511d1eda62723298fa9afb083172508b1aea879b66cb7df9e333ecc32b8b0d6c1f12d198cfa617b7124cbc74cddf2d592905a1d2ad81809f229e60c700f6f3e23416b611f089f3f23d3a899d32e75ccc1d17067ef26d0bf7230024dfeb2ddd5837638d8e9637460bc507cbae04b5224f7140caf49cfe152720936d7fcf767dc4983b82555cf8795d4884b97ad1025cf94b21e1e221bfaf3f5e6ca80b9d9f3901b233a0c363f7b2ee327d6a79abe8dd0f25e13118d30439ef0ed8c6ed5bd30a2971ac9e15715e4bb472a09892c4acfb01195d798da14f54c34a3fef35fde2b44e2f967d2241b42e1f28afbf34bb475ff07912705f27442bdd805a3ed81e343cb00341245139264eff8fc29c9182e2ac1e67fdef904300a6cd9a6792f7d1ec566a9130b24a1348e666c3ed46bd1ce204338d0f9397a8708e7add5b00bd62989c0116b6561aab72ad76e1dd6264bc42678c0ee8e6d6273c259b317cf771964e0187e8492ddeb99884ccfbaf9c8a7d6a3944e6a103e848403bfe244e8ede09087fe8611601010d50086695e8b3aed0ce974d5656b18ea0a2ebfdbd9f8b20c12fe02b9ed39969983921b99bf619e94fd457e5d631c3f107d4f9104e3763bbe4e04339339944e98db0ca0f07d735dffa6442fa6520608eb68ad468b6361968f18a0036437762503f7b0f5f32d2af9441d40565e011200d0e0ec4808e3210547d350024bc5a2a082d3e7cbcbae1313c3535298af00e3f4542f4613955b9eaa4741e99a53a01ea5cb69a5321a95a5dea3e2b92e767611289bfd5c01ce70d1f4a77540c87f94d4c8e3c8b4377a0cc22d737b50dc1fb29f2ee9e63824dcce8cf8b22b8b7b9aa2dc3494959d520362d8429e4e6d91c716fe594aa369267ffe773c7168bd75857b83ad28e60f74e4be1c25bbd3662a8ed02e8ae838df02b05f5afb3a4c4b1cb640d67a11794942838473dbe081efbfd42a4528cd7a43145b9c0d604162d2d8f4863c05a294edfbe1719e66770072fb57afd8ee0e8a2d8eaa3745705567729da36e875bc8630e71ded6fb1ea6b4d834c582459840feeba6dcbdbde4d347ad5b89981d48405c0fdf6fef9acbc3d5a452506ed73fe0c662e8a9581cf8c0f3f5e9a378f23b0a38da9d3d9ee4bae516f1fb303b48f8bac0a5e9e61988f5bccf279c17ee483533deef5e8cca641da91d74586996aac73d26868c3d2dfa4400c74661003207a2c14ec631110687a526dced71eb699bd064af0277088c82456163b516b4d24baf8dd919d555545a58fa91abf6567eb4fe2431ddad5a94b9e25f45a37795f441c94213104d208675a6cf60b50bfb34be48fde3d2fc6a430b8d30c09a5e34770830b245c702cf4554a546e507213314c4c089a644c040da6f8f070f0ef91cc7cff9b31f1096dd3562228d3edc57f30e776165e722da4bc798f721a4b792120f18ef1be30a75664e5c42e218c5face95c72dc58fed14b2e61b4909d819478bf4ad700aed7763562cb60c9f1523ac4ba971dda3b78f65f09f3563c3951a6622a6504ce06bb6a9171102dd02fd2585ad39ef29261026f841bddfbbf1092fc01e1c472dab14f2523a5041bd97635fe571e4265bc207525b9cbfa0dee7007741120a1f673a19e12d0cae6b36382a822b8cc5fad7ace9dad846374901ce4b6a2b8b2b3798c6e86957ba1cb22d6db011b33a35232bbf7a47ed0bad7f27c25adc4fbec76952de8b35e66f329599db9e62617532c052d41b7c37013671d60df45a8c9cb6b1edb6992b297e5cf01b626d399dd93b52b8229211c0e63830ac7ec84b82a8c98898eaaf39a66ecf93797901549bcc6727d6695ef7661163be9db5b4e1ba80fa9b79b2a38bde86415c92598cd360f764d2bc0a387c219aab9d0b7411a2c71ac3053a30a2295e3cfbadec28abc9dfe8783ea13bcc128356c4f5d624b058af1dba823f7525ef86d7dc799381955b802ef54c27f40e0dabba574912b19d5cf36e642f3094aca48ffa716a95f5e90ba77c6af2da27dff3d736959418055fc6aa09d4fb3eb68c3867a2ba54f22f3293c3b235f274cf4d74a685a460c2e4a41121e541e7f46a75bb68f3935295f4afccc7b95aa7ddf1e1024e72e18806fd80b52733b0d25e2bfdf0d19b6b8f7c77b9eaa10b41b4e61f844675ce284f5f6105e4cf922b0494db32ef32575bdef00d23d436c75702767ccdab93f96a4cc44a136f9902d497da2c2061c6ab6618f582bcd624cf45cb252ff763cca8e5d053916875e038b75e95cb1acf4956fcce1a3a4079a5d582346b21638c7515c5e2df80d03debdef1675a84463188d1b307d7feeaab1744d4e847bf624aa26cf325837b9aece774dc7547156b7163c86063e837d54998acd031d2f82402952f3fd53e2b104f3e5ddca7d345de790ae83962a7152ad573d3f8fe114edd747a15726645fb4ef2b1dff9639d89b1afaf06c7520826449983061b9dba0bccd14818a47239a66be0eed1c8b1d1f7e30e0eecde17b0218fbc41ed2e987f3806c63708d46d5db7d1d575dc42ea7bce88ebf0927055ad0f82b91ef4b546b41f132ffaefd673915ae973830e30a9e101b2b40ac69f042862bc74d4cbc3277bf5a86762fd2d4c16f9dd4972eb812371be4b10e229a90132b0caf65f1b8b7f7127ecdba58187993ce275d3127f6e1b2f0a5b09fb44b94f6be0e57c0a4306d7c0a97bac52ec8040cd8ce0a53c11e05eaaeb4b30d0f3b9857f004efbe44c57987f7f818d0c0f656bd7f9eaac546ba20a728511724f80dd1c0de9f4e027a69c7dd3af6861dfdfde1f97676dd9f33e662863473e544c569f15e7eb56df21a71c2157ab975d5a064fea03957347f7f7355c3256a04cdbb9834a7822a2136d49c492d9b1fbba349480f61d1fe829c616e85d5f0b706e78e16dd68c905b9597abdeb7b9c9333f619503434a4120a4ae50dca9b129ca7c239e327c784117a13ceda61eabc203f126fc4e95f1b927d3a895ae215369e679f2ce8c99b3d0d48e54c4906742f5f4c0df1a68f87238959a987a20104ab4172f33016087a660b6bc9a6981d497eca5ef0355817d998f407e7edeead103f11b4257b8f585c37a63057471dd057e925f17e9c6c41d16d7863f34ab9afd639a4edae408dd7fa618638081e6a00d3bd60196981573acacee27d0cf291de6f229e0e13382d7b60e7202852ec816ade7d591e0c13f7c229172c83e440e2c6336c31cfb25ba6a2811d8ef1be4c82908445669457c0b9ec1758861e06139e1a7d8a83af6927e07380b47f55c0dbf0509ac2c7ffa83fb57a3d1db830d75911f7c417b78d23638e70b698edaa3bac9fe86a57e0b0294c8007c12e4320673059f88068ed012de05140ec7816569c0d73e2d695a302d72d73bea5185b65a5aa7af0c25dbe1e5635f601607f4f1b48f4dc0d42f6de4020f098501d28fe449cadb1372e64a90b0b59259b9e04604253a41f666d6ac587e4f74f51c7fa0c3d5e0f5a54ec3c9b3313182c7f6cde1ddd55ab01b1c154075e45c6b921a621bfb860feff1cf1786effcdb4164ef8d825a2223c600ee907dd633cdc3d39542ff274ea70f26b199330662d48ab4eb22d07"}, 0xf78}, 0x24000000)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0)

5.777087742s ago: executing program 3 (id=685):
prlimit64(0x0, 0xe, &(0x7f0000000440)={0x6, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000180)=0x3)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300))
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x20, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000000000005, 0x0)
read$msr(r0, &(0x7f0000001900)=""/102393, 0x18ff9)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$UI_ABS_SETUP(r1, 0x401c5504, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x1, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x9)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$NS_GET_OWNER_UID(r2, 0xb704, &(0x7f0000000280)=<r3=>0x0)
mount$afs(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000007c0)=ANY=[@ANYRESHEX, @ANYRESDEC=r3, @ANYBLOB="2c646566636f6e746578743d757365725f752c736d61636b66737472616e736d7574653d2f6465762f75696e70757473757569643d63653838346500362d613262342d363439372d393130362d65347235033832622c61756469742c0065e2c9423ec2dc4b661e08e5a2dcf443430ee3236dfe3c6f2573c8fbd04fb8aa639975c43b21fd9d593338c74a1fc2638895f18aa35552af1306f4097cf8b713216a04ffe88606706b74ee0000009487e3010c022689e1c92829b6be59f0f74c2ee824c7769681f8202e607e1636bc107f3434c8d96fbaba1dbb5b681ee5480f79805b626e8a2385d661e74774cca6471b3624dccd4cae47b293cecefe5cdeafa90b8f4a751c0b80c361", @ANYRESDEC])
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x42003, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000000000085902000000000000000002"])
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="183000000100de00000000000300289300000000ba6cd025b408771c1449350636ad052e4a6540123c0e29c1"], &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00}, 0x94)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x30, 0xffffffffffffffff, 0x2bf67000)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)
getrandom(&(0x7f0000000000)=""/153, 0x21, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000000c0), 0x20082)
r7 = syz_open_dev$I2C(&(0x7f0000000040), 0xb54, 0x1)
ioctl$I2C_RDWR(r7, 0x707, &(0x7f0000000180)={&(0x7f00000018c0)=[{0x7, 0x5000, 0x0, 0x0}], 0x1})
socket$kcm(0x1e, 0x5, 0x0)

3.73641917s ago: executing program 4 (id=686):
mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0)
stat(&(0x7f0000000100)='./file1\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
setuid(r0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f00000002c0)=ANY=[@ANYBLOB="b7000000010003c3bfa30000000002000703000020feffff720af0fff8ffffff71a4f0ff0000000065040200000000ff2d400500000000003400000001ed00007b030000000000001d440000000000007a0a00fe00ffffffdb03000000000000b5000000000000009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e51815548000000000000000275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc00eec36574a8f6456e2ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2400000000000000800643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d64364c82770c8204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f4720082f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eaeb883418f562ae00003ea96d10f172c0374d6eed826407000000000000004a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d851680f6f2f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f4ca2195234648e0a1ca50db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145eb6dc5f6a9037d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba583fef3ec7932f5954f31a878e2fae6691df8b4b7ecd27ce82f7df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d6d0355f3be6135425f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd0000000069ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fd691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a000000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae630b8234fb46351f5d7d68f93d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc00956d2227db60c0a461ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d680aa1af102d97681656bf56ff0674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ff6d4c5dbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ae7c5f58af43866ca64750f43e583ca1ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656859db4cb06aaaf9f02cfab5b9e61cc00e8e19429921b8df4c4c53bddea4cc48737842952ff08aeac15685df194ca89da8cf6d29a2be9779181fd5d105af5786094d9130f5826b18b9667b971a994f3fd069629a1052f441e96884f90c91f4a974242aabfc8adbadc9ca27955b5c90f0bd9a46ed044272383d3768871a9c8cfd7948aea445c55684351002ed4a4af45341de8e5e1f33624bd2ec1591dd00bbe05000000f89a928662e9b9449db34394fc5e946fadaee576e28ac0feab4e3585ed43d206218f524083840a78b7236bb7f5e42b5376642f8ad4028d4ead407240e7467d1b37afe20690d7672c7e926fded95cf805516ad836eb730619a05af36fb28329d6feb33219cc9164461a8ba3afd5949b9a6046c53663df30a049414089c1ae8f3476236b05dde8dda4843a62c591f8d2b1a62d0db8dc826219bd87398b33e140792297d023ef52de2e75b9dbbfb8712ccc15c69cfb4c6c1bc2ae74621e536b9d3f09a15dada1561a8192d65cc59d7ed5a6bd61000000000000000000000000000000000000000000000000000000000000000000000000f637782e317d492b2392fd0ea81397a80227f271bad21d688af35a2bd02c15d20f3d62a50e20260642c25f304c8034a5f4d8e45e701dbd84294d1096e715662b8223e10e98c4c38451fc5c702084e3fa9b184e0d0fba44acf3bb8a846cf680dfbf312cddfdb2043288fa6b67fa762c8b75d4478756ef240f2b314e4d77a3afb4fcec92248327004d1dac7ac87a6f8cb04d82acc307d60e4713bd9a8f29091d3048c669a5f5439e0a906ce098d177b9579882586511cfe6a23e57c44d1654899f077b5636e4181f3de6b814bedcac5290ad8018bbe4424edc6d9b0e61b404bb7a2d4883bbc200de8332029cbc04a0bc52fa83bac200c486555ac097239cbab397527d1a861f13ecbe58245a06e3aeddf0768889a16b53d63c8af48030f16350259147edc7854bf6f8d0a9bb3391eded5c61a80fc008777fce152934970530672aa97794d4de4b596c9f3dd095286d4012d440213ae73ebe95e3c92cb3787d426963f2295df0e7be334af7822036d20cade5d0808fc19759959bb9e2789c37d7249510671873b650408ad814f0c8e287e5687b88a8c51c6ef3cb61a8cab9c6"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)

3.603494491s ago: executing program 1 (id=687):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x3, &(0x7f0000000000)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}, {0x9, 0x9, 0x0, 0x6}, {0x4003, 0x9, 0x6}]})
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000006c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x4b0, 0x98, 0x0, 0x248, 0x358, 0x358, 0x418, 0x418, 0x418, 0x418, 0x418, 0x6, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1_macvtap\x00', 'veth0_to_team\x00', {}, {}, 0x11, 0x0, 0x41}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x3f}, @loopback, 0xff, 0xffffff00, 'ip6gre0\x00', 'macvlan1\x00', {0xff}, {0xff}, 0x33, 0x1, 0xa}, 0x0, 0xd8, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@set={{0x40}, {{0x0, [0x7, 0x1, 0x1, 0x4, 0x1d], 0x0, 0x6}}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x2, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e24}}}, {{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @empty, 0x0, 0x0, 'macvlan1\x00', 'rose0\x00', {}, {}, 0x0, 0x0, 0x1d}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0xe8, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @TTL={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'nr0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@ttl={{0x28}}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x21, 0x6, 0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x548)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000100)=0x100000001)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000140)=<r4=>0x0)
ptrace$setregset(0x4205, r4, 0x6, &(0x7f00000001c0)={0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x0, 0x0, 0x0, 0xfffffffd}}}}]}, 0x4c}}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x20008000)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r6, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x44}}, 0x0)

3.54633396s ago: executing program 2 (id=688):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socket$inet(0x2, 0x1, 0x100)
socket$inet6_udplite(0xa, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x4c, &(0x7f0000000040)=0x8, 0x4)
r6 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000b40)='source', 0x0, 0x0)
r7 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
tkill(r7, 0xb)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r9, 0x0, 0xea8d}, 0x18)
socket$rds(0x15, 0x5, 0x0)

2.453297744s ago: executing program 1 (id=689):
socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000180)={0x2, {0x2, 0x8, 0x0, 0x7fff, 0x8, 0x3}})
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
syz_fuse_handle_req(r0, &(0x7f00000021c0)="000000000000000000000000000000000000000000000000000000d455b4da00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd1d8811cd8a942e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x2000, &(0x7f00000041c0)={&(0x7f00000001c0)={0x50, 0x0, 0x0, {0x7, 0x29, 0x7, 0x2110029, 0x100, 0x0, 0x1, 0x57, 0x0, 0x0, 0x80, 0x4020}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b", 0x130, 0x40040, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x20, @rand_addr=0xa9fe0000}, 0x10, 0x0, 0x0, &(0x7f0000007880)=ANY=[], 0x28}, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r3, 0xfffffffc)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
open(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x40)
write$FUSE_NOTIFY_STORE(r0, &(0x7f00000000c0)={0x28, 0x4, 0x0, {0x1, 0x5}}, 0x28)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
setreuid(0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f0000004300)="d5c2280baf4e05cfa1d1112770cf43a123827586f0f2675b130041ff58ba6533ea7947f2f65b1d458fe88a96133ea3927f41fa6976fad8c967c88679769ee674b80debcd1ec6ce1eb490888bd66a52141fa82f51882b22a8e36ff462b51560307cd0048156800ad137f359719a9c5d6ad6a8c999984f22461c4ca6614ca4cbbd5e9103a3459228e3bd35e3c1cd5f2a83fbefafe7c5a39617ba1d856f37977da077ffcf4d52f5bb3feffa9e100b0279cb635a61ae9f5f4491bb1c9f04c041818a1ae9a25cbca38c4b4754a8be4f52db20ca464b3b4faf0ea8ff193b414e7b7a4ec8aec2e77adc43d09c62d37fc0aa6296a56a9445f264a245d41e77de43c2694cc5885ebd454a3b78b60172e3e6a2fd79efa8b5fbbe827512aa0656920858da51616244ad32e53ed039a270c042662bc966a8fa05e23a51c76585a6f753e57c63b5a1dd11c4ce8773702c5c759471b79ee9bed600d99853afda9b675f071bdf6ff4eb99cb1ae0128ac1f8132f9b7bef82221276395e59f1323c9f9f6bb937a9db0bc2088670ffc3e6233ba73d4e324df7bc866e84e82ab707ab8aadd593913dd3533cddb396e804a63155ad6911962bc49bad21faba90b5570b62d98eb5328214a7198b36ea6df9a72dc248311040e01539112e1d6bcb4ed9d7fb70d22768ec6603e4727b6ed2616eb9108524985ccd70f1361f68b1fb7088829acdd59ec5af9e84409737f0d852a3c55993cb7398b5640c458bc036115b86de7b8e68f1cff882ee5707040571c3e5c9602c773459cfecad4917d8ba2902bd64a676e2c6e507d06dbc806c13c0fd18175087440ce7d7300dfe745b8e98ac63b400e449a3f2518c6112c9864fde68f580ebc2d72e4bbd03f16a7289be813c258b02f76ce901afdafc69046c947c9e801ac635b2a95cca291c052c7f8149c92aaeaab41edb34a70604a7538c4bb6486b983416843fe6a65d7b828d66deb991e71526b7627e71c6a795a02e787bc561ec4b65d4742a129c59bc71b323850cb416f3d32494d6dbfe3ea73cb473b093ae0b0ebbbd3e3251ece756b3cc381f05ea1b8c3f7fbcbb16fc446fc084725e6c3a608221aad8d8179112f9e5ee3697346a0dc0645e530df523cf4daea14764c25da2da863adebaccefc2c83a9257b3131ac2fe04a27bf3aea8979b6f3091b4fef99e203725368d297bad3b020273d0b606d2368e2ecb0776349cb86bbcbaa5c910636527e3cbeca06b4135170d8808c5f113fcd77ecb2f099d1e663617a46ffc5275c8fcc339d315ca1583f66fe7a7e6430405c0be889826c07fcafa17f04e08bc39570a1f499092d390c5dba82d259f652307ff941e9f1f569a48144da846f14452df295553de6ef4e9ba0cd98dd16cf89d8bead08eacd4eea71cc5f8232349f2d8519b1172c724d3bbc415c19c9e679b5a96bc9051cf6f243f243366622023ab1b7039a89152e7db97f291bb3f0213c445c25caf5f0a5a2b382c841cd8a490dc97d008966e94ed0b5ce07bcc0c13b39c349e4b596147a633f3a73ab6012a1582d3d283293bd7c01f99cdbad8e18d24867c39ed0dc3fc3cc800edd23af24b225acb2cca5aa264bcda40e1432cf2cc0050efdff48fd49ae4225a983d1b12facbaaba73294eb225fff64a677d0ed2cd71bab61b3fde8a1fdae638d2036283a8a4ff5a548d05cb706f56ce7e3f55a688fa6c70393c53c33be11f34a38f61f80c8e94e50fc9d7c3695d234705bb9e0b2a8316cf54d7963f548d49f153bf796d0970ed1264c19d79eb77fd0aad4844796cec73a08206b9eca76f2ad76318a20d52e7d3338eac40d03775cca0c2b29a451cb10bc141289c2703198e7137200a360463000fab97d0da72a7b4e8aadfa8a2e559a7d06bf49d6d4a932cb29994ef7ca0c1beabf05b898bb2338e89a67373d50614300f13523fe451d4058e5a522d364ec884099ee3c6e6db8d4ec1e5dc08d127b6301a308a1d6798878c28ef828b91b529a22b7519d249a189a7eb942b94ce26148ea8bf16a44261cd9691ba980ec2d0c710dbee41756cb39b88213ad5763239ae7636e983580c41a40b0f3a3af9fa6f995ed1981d073f63a623554bb01869bdfda190bc8d9507cc067b897e1c5f0d087cf8dfcb171169541fa3cce7c3a620544c74f2d3234935a0acf6c804c43992812925cbaaa24f497e7a00efb20c45c7acb80adb3322cbe0f08d1015b40f5ae1366003ebea977b7b95f803487d10aedca3fd018cfa7b267dae604ed0ada202cbebd731f86b7c6764911d4ff0c75a318ee43b1b556781ac58fbd773b2bd0dd693f9b12fa149bbe392cb2d6bf72015912f4a120e47654d42d14107c67b4502b5ad62044d0022c7f8b255a3e46da4bb8f9e44515e4076ce7b1aefd57c4e264b2cbee4a9e8612ce8517b028067644c927a9ce7564449c8fb0471a87b9b76f374c7c2559379a3004326bdc91be5ec52672dc5fac0883ec527f2a1248601bb9267c3123568b815b90b40ba06c250e3068dee2d7fc232141eaaa130443a5775d049464ec454a7c980d9eebaa4f67a75075a6bc28ded9a5f07fe658a2b9eafa37f14055155409d1aa50be6343d13d515d0531b84644d2f58c280d6d008dee95607f67eb74c900f664d97f411f4ac6afc18f11b6fb75e78b3ff25680ed3bbf5b20969678475b86faa02a751e4cec87735645753f245047371c9e6e2e7ab5a9ea3182b4c96934a21b9df3628b478f5ef705aeda49a0609d4b8f5bf34424581557d029438306002fd4e9cff5a2d4e7d5e23c2992032d314b8fbb46ccda250070fc1b679c9c8646c5fe22d8fe2e0fff73d8153fc46ef7885aeaa2d1eabbe455544d46fdef8e3ef9debfe589870942bcc7196e62736e927c311782b5e4da2889d530a7c1550bff4909d2055941655cbcc5c924a477c80fc3b8a904cd9e62f5fb005b5b00154db5becbe327c0f3ec8314ef3fb53977ec24ff7d15aa83a13b23ab99c5332306023005d2dfb70d3ea2aefababd019ae16d304c083e38997cc94bdeb746fc151849c98dc2a23554e6fe789d3aba8bf4e31133c7f93a3cdcd884271dfdd2c45be398a5349ef5d08456178dfafa31cb4c607f09394d71b3405b3d615c7c59c125db88f72380140345d24c56094711dd833221d6b7c5864d049585605c1301c31982d19e403b601b797fe99d0bbfe30d647a913da72b4c5306f6123e7c572828308a9a8f4c686d07125d0006229c2e890ff7d3c354dde61ccd3b26069a81a98e112e61a930f253d607cda5023f002a09df6b1371638d9661c5a06bed166434f07120ad21476de8ad47296af4b449d581cddc74f9be42a84596fb0634f330a856216a9b32b080c8b66e9f51a758b9ca2e1215ddfe633714ca512032f6547217b1a60fcdb27ac8a04bc7851718b38607bc92c13118a323c3221bad99a8639762abcc4a08654da9938aeb301c55546f5ae7f61439dd883a1b2dede156a57c805ab12337d5381a2fb25b32916a8827fc4de8e2ecc70eeebeb01659d6bf88055477b863fb897d5db275a0c222d261e7df79474858b721e57747fe8997faaf36f5f175b23dd3c5efb2b93fb5824da18d635cd7027a3b0b1c87e7c90a5681682b8a7c47dc82fdd3f329c7b60270100dec8ccdd310245b92f4b0bd9a92e1f2a5733b1b91966be15a4761b06f6fe3b05b60ee7964b4d028257c2210ca88031db0590190d3714c1b6ec86e2821dca03db2fc0c9f0ad9800d1773c8037e9b38c7eb7c99618b731e0526f8453c7e1bb67cffcc2d96cc297e1f917b13dd7dda2a8b12191ed107c1e076ffd4965b9415f830be97935cac23a87f07e26354273c2663c7ef19a27dfe08543fa057e1285c909051602981f5929078214058684bc80bed493f6ef853012cb654d180e414fd484f5cb2cfd06c9b753f417697ff42794649e05fcaa3d53ad0fdfbb0db57dc549115e59978b14dd621370d136176098af2f39a2de72482a29b616e8b308b3d9b46ac9abf3d57ff89fe59b5a97966cc4b97d06c20ee4fd765e1c2abce54dc271a7c7efe656648800c27a9988583b4b76572222cb28916b9ff5f6f649de93923179809405c879a90cb450f604cbe8af55cf2a6d844a59ab0393b394e09c79e1b3c403af6eba69330f6969f78a49eb7022e77a39363f11e07fcc69f670f63c11497352f3f5bfea0aee446da35428cebe28f1c2d23ef3ff97e16ceeb2f88ab19b2b69dcdcc81b947b483cc06c776c52232489f86f4c377eb38056042e2e9e0943fc0ef1490df472b9b244235598894a2ffc296f0a2e4257baca6a3ea8cfb1a22ea8295ab9e5faaa2a9e964ae7625dbf945cdbb369265f429d475ab69413cc5bcb89af57b1b966bd0076f799a401d4b46e5045aceb1ef36e5bbfb037bb7681f2a38ef1df9b84baa3598201d13a813165355bf052bb5e456dc0abdefed995b4eb37a39b313af800f6029243a6a7bec75a23389a90034cac8df6713b919028a14649d756d0093550278aad494de2dfeb76220fd3ee5be31f73839ace7f0d6da650e26f5ded30471ed55d2e814fc1b89102e5917b4e58840ecc211eaffa5a2937abeb882ccdf29308e3ac30e23d66ee79c29b4fb7e793a55e344cac298e30f1ca3333df8b58f43126a3404a61501ce06b75e6e6a4bf13dbfb05efd7b9b4219efd428c8f7f345884640d19f5515abcce05f315f00e65d9aa8022890a23da45ede06f455d66e0c96bbf7e9cc74eddca999a51174b4784eba8a9ebed13415de6bd0f160443d43b78181cfa381313a54e25f6751a38f290e5972ff7f70692e18c4737af2a7f6d4eac52ea594a22be4fd00fac1484e6d2d4d3196b49212b49598f5bc77b34d8a3633cf7212c869557d6eb27bf0d0a02555d9318194e9de9c9730ac72daee7cad6c2d4b248a8744515670766a8f1c739917fb859d98974532477989f4c24345f120f5320fdb8d8d56fa6ff2511e701bab399513cecb3e740e3761d02685a765f5267554d0f9243b51620197adc3b561b59c58f334307220db357c1121d7dbf593898b5d2c505f333445c084a6cbc6a7e5252724c83fcee85e304534780a01e7ecceb2ef53ffb6bc6cb9051b1400493ce55d62c01e972fff3cc7d0b68a2dd4d263c9191df1b629e323797f570083f122db3df6abb6fd6c4a351bb7500c7241e4392ac76e04259968e517a43e907cb0b0533d6750b9587a1a5d852639c6b789d333e848e3ad66cbf19c5ee5a641036cb7a858f822f657dec36cc134d6c1a629cfce1f1e24dbb73d09fba04f53b2c6309d71d92211a1f08535244eefcbb52e095626bcc78b950db1cb8facc3660fa705dceef155b00aef3291367ffcea06b5abe588bbdcea2637761308dc65509798b6a494dae4a75c1922c1234248dbfcabfaab3088a0dad09a135a45d75105314020f3ba8901dc39ee624a32e9f863ff55844974b44e57b30302cd0c349f3cc091befd5665f918c298ba89454fb811ce573e41f27490853a52abd6144e85d77de88c3f2e5506c8de40a3957e65936f3b294ce92610b63cec888cb16fe0e8a7af3dd142da96b57f602cc64ba69966724584c2872e5fc42348a324ff082a3ecfded82c3e5b7292d3726c4800176acab6a7a1479a0b5fea79f299e90ffdb1b3843e2349b8f8dc7881145b3796380474c2ceb57e27726c9e50b746a2b12a214fea9cfd6c668363fe6e402710665118928fedb2f4900322b0c7d2c348881ea52278dae765c14b51fd5e8f000602aa3978d83b76056410c2260931e35d841793c8a36b191f93c33c0e4e6367ef45a1cf5145d774861224afbb11a7b77bb94492ec49827f713f8309d80d22e17701046e04c5b277f7b423cbbada01e6d40beb56e755e583b8f3de4b67c4b5ac83771b805fa7af49de2fc8b9a223293d83e7eb4eea3a3af1d1221e5d458e7cab60eaf1b51550a1b125ce018d76096f16d922f4aba48a728ec1b7d4812fe2ca789261b6d8e0c8edb3ba9007649084899c4f6b7986c1cb4a98d412c801fb91675ee42e2bb511bff6700772d3c03a7cb6adb41cbddc33053f8f65c164e9bd47b931510046506b169216d0a04edc479bc51c28acc536ced3834a7a9ce8fb55b72fa186a559437bf41f04b733e05986c915bc19f1b2f99d3bae6c13873d32e3c809b71881c3075f8dd1746f36409ac7934c25236ee2752560fcdd5175037a6fc5f0da58a229418ce30f3e64f9eb6ff3fe4498f47fdd69ceac5e792c8c9f087316f334b7f75e3432d3f1d03ee97c8f16485ec906c94e6c9580f7d03d98a8da85ec118b77c6c1d3b2e99fbf4b45e66cb4f8817f786d1f90e1e5e250be8c240a9648a219a02e62acbd72d1b0c0b42c75065a35664ea6a03cb05ea179f2e8e50e3d7ed53d31cdc10cf5fce48781fa338e3ee819f410540f045cb0edd7b2d219993faaa97cf95aa6144e889a02069421291d05eade30693a751039fece452c22d1afba081d1c40178fed7684cae475fcc365484118a184670cd7aa2758bdb01058ea9b244d5241f627bc5be11c9395e3cb839b0eac7842a312e1fc8b4ddae2aa4ef907ca5c9b847785051323e16d5497c4424289496277475bba67da750fa05bd8be730e4aabaeb94641fa2263dd3d4eb511b4fa40b8cf8b16d7aded1163f2258add79b04e1eb888afa27d057de2523863fc2da38d44cc69ae2d455900eede5fce69d7e9f8707cdb2456a45dda14d257eee4982f86259b855a0293068aa4aeff9439bc06c8ed5a370fe46fa88fa9bb92872166ac69152d1cbb4720eec5b9a057890cbb838aef12091454fe721395b46f9fa29ec1829fedf65aaec1176bb9eb15511bd77e7d4fe7321b3e0dfda95e5c90c3663956477885d6d94b280f58edbc77e864dca73536cd4988bcde2a3edb91704ad59148d85a001e393cebdb56ee088fa1033cdc6fbcbea30e2974035bfe29cee1eace13e30950bb4658886dae7e565ffd7b71e41feecbcac35fd97c81a8fff9d2a1d43f183c6e984671e06645eb0a60228d1b6c12c28bc6eaa4b9125c57b48ced2e199ed3acf12dbe10af4a56f2f5dca829fd07fc3f7e0de6913c73be0ada3e43bcbe70de784de699d0b51d7a56a3eacaf5d7dcd77d73cfb82e04633574213e05dc98850d822bc6dc90dc3fd6184296287342e2243fe6f0cf94e6d02a1b900d0c718e2afbe7fea2fafa375f209fb9cef5d844b861a1029aa3dd7081e81fe6501bbb413dcd23e013f279ef87e082335ade324b7688054992ccc63fbf9153213ab6d07ed0b79945d19639aaa5dd10e53aafe57f1e323300246cb1d6ede1eb1f319ca6fe1b0cc8e733b34818425888110b6eabe2db302310d0a8bcdd5342146b29c535cc9a95a455c8926d77323a31b948d47dc611815a329654a252fd09dbcec5f3cd8bc7e465759eb8e72ff6fd4ef1f375e4e8762a58148622d14480b7bb9aca2eeab3367a7376c9c85e6ba1735e56a2fcc6baf92c8d21942883f318eab7a568fc7ff01885a7089aa7661b15d73799bc0b8f8ce6a3b61adb6949965a223850b6825616c036e099952e04fde7cf086b5e76d45b86ab78b322f9af580173f2e798a39df7cade0d365c9d46d3fb36970f8a99d7b20a1b275afff852126f21ac24ca8c34deb49ba511f4d9edb4f56941aaaa477253f9bfc9a25a2694bbbe3b917074dd4eb6f1be20395ac33dd932a7ccf0604d64257b5af3faf271c145c190a528e471a7f23a53b5f9ea1bd0cc36410e9c538e91dd01d162edde856087b60dcba2042e65b6ae7b81787bd3308db9eb025b6fd930a9eb74a30883b83cfa8be5270dd3ee3408db7f7b136adebb3ee30f0e0b8835a0ded325363e4a2991cafd4a73483954c0f5d3358b25780608fa48f3f527c7e617ec12eb017df33f5088676d8bc476da251e608394e3d8fc0883fd4d1804f8e07f5e12ffa4ee80365a88abf29936bf1b255539fef95f5cf3bebcd26817edb28e7b6adf4851dcfe8aa1aa097f67c51557326ccf9c46ee2780d491e87774324d4dcf26f2e472a5e199b0cdef01094ea72bd5ad5fe1be6c9d545df3dc5de550665d220718a2c0baed2833cfb1428e2d1c2b9ea1e29f4b07fd6c51492643d4000716cd1e8a4f9d58b6b04b805d8962495323fd62949b17348418201664c6f2f651f99d73f8d17bb5e52dba2e6f94fa33f816d74bb6a45bd6cbdbd07f530406227c8fd11f390e805bbc17bc0e81076a27c0be023b64777afec0a7a0c3f53f03bc2ca72ae2873d68217a1a6905f414c2cb1b9561dfd07850a026da5f5775a66f8f3a6bc29b48c8a81b06ba30994ba8e7e233e3a3a5d886767ea6de91fbfc0a594c2375d62e71c7209d87d0f6c7a79a0d80da328e93f08650ec745495c771410913d094e4190075b7225761172eb420c82ab493548f6de38e17d3e687a89ce77c67c58b875c48c8a4d1664cbc6f67df357e040444fcd515d92d5823fc3ef6485208b6f3eda8cd09ea3b004f7eb06ac268ae8c3bf571aa3f619222a47540f9af340c80c587f7226e3d715b18c3ee41f64777d3a0a09f32190ad67922f6ecc63c956a715c3c42a6aaaf5e588d119210083ceaa414820b62fef87a678cd3f24f8fa3cdb6629b041cd7555974313f56d1b0e117ea925dc95e18b5d3f4ba9812f1067022945c3f5d547370d45853c4db3c9ca4436d7e649e1ac3ec02f9c1e9139849b46027d4b276cb0eb4b09848999f466f528290e47ba9540ceca89390db3fcbacb1d566e22e917f01f4442bd4dd0d350d057ffdf5b3549ca559901e6ff5147bdc25c11b23f1678f02c20e4e2e6f339b262e2b82eae0b15b4227f1d514f99ec78fbcf80c8f6f243536f2d7a809de05ae5e1d676fe950ad3513f801bbe4d16737def4b5ec4b62f8562cd5432bd372645202edeb286662d7e8d0dadac5b91c903c2756bdc4f5a7c931f2c3f7feace2b83f5459a196000e2ed1e1b2accaa9d637d5e408340161331c4b0047bf2ab31d317bb1c8f6e1b3d52f9f240bd971a447942dd4b73301781656aad9ce9b01aed907b7eb3a78397b97e601b04a4cb028d327ef32cf20c34e8dad9c9b1f981ab5c06a2b0271852e2a1016ee460d8568391c9ece5a2b8f29cbc6f2d6cc2e66c30c96df548e67dd6ad8c1ff09dfa22b2e8b2c52a3948c4febb0910c2d34c0604a5ef930cd53be69a4bed9c9ee057178ece02a6b4df4624191590952888bdfafd2dbeca128d500872a8b236fba9623672c4dc15f56a761ee0c54026112fc464f72d3039587f009b94930dac0dbe444a939b38c0f5bce7aa366bfc2bb909db231178228846f71a56ab219e28cef1b102c1bfadbe8f0916d10a573b8cb38cc2cc2ec496a410a4e82847006d2ed4bac927a63a00416d0bfce59cc69aaf78ddc9566f23582999a655c8ad3b217486fb5a037ce089baf344d55bbd475be4e90b10e92c9c1bae3202c2d63355549f0ac95058724fea81ff9cec027e7b93e2cee43af81c6978fee5faf6216118785251b8ca023115b2f87d5d4b10c29aa3616628ab40a8ef36668ef57d7f9be505eabc01947ca222362818a71b3d63e5725a4d8a2c619b1867f70daa07703360d026d6f65247330be1ba84ddaaa7779591ca261beda4f4c094af65c5c276fe3bfb89f067c8c54af67e78f61bdc114ed4aa869c3adf282d7a8e7272579e9fd9e47611e0dc89f97561110e0141c69b1fa114e27b3d1e2c825ea008a370e08cd0a0610edef20cdd8a7cda0922fff046edfd2ff391a10ffce5dd6045619ce9af6b03f4193d858a76b201ed5beb0f11321707b7b593b23adaee4a0c0caf39dfeebcbd2948030435dc94ca00990c728502ec4686194f0f454304a422023c1b2c5b1ebbcd8cd50fa2d11361e3bbdc306e2739e27de300eda27b1c1ea62d773104cea77c18037c6bcc76423621b45abbe789b384bfdfb46efa1627ff29d9d840bf6e1f05e7e13fae6383e42ce153dcb062fa0cefd0fe9298ddbe77fd78d7036b5a815504b48267203da08ca685bfe8ae89c031074bbe5d3d6dcc6a3a8a8a4d3102765c3b714867f4516df62f214351b97bb8b5697a9f9a9dd78627342b239c524a3943d1d70f8cdd7391f05e7395731a8fc05210c6733ea256040bbbb53389229b84dafaaa3db1d5eca2971d9e550149461f1a672eae2319a99beed48934520666bc54b63085a744b5fc9a9b089b16c50ae945f74adcd4c5d064a12a6e103ef59bcc035a755ad31836eb7d04e5900d3800c822b96b466a9f6611f46b8a7d6131f91c625a5604de5bf01e5ca5d99a714c8dc1160260010f8d55f9125ee453b61c911bdf0824caa804c76d6512802875c5433de9b2e8b6c579a67fec5d2bc64ed3d1c313854221b75c9a0ed42af6f5354e7b1d1bf8661baa1261e68fc20d14b5652d25a536f208bff2b90fefa163a232696e655bcf95bed39355ec865e272fed582aae18858f5096ece40b9108efb00147f9c2ced59bfe2a79826851850ed95b35908dfb4d9ab7da0668a1fa8933ac4f6534e9598481477791fd1a1c269011ac9fe81f0491790e8aac121ffc00e38a7619a1855e6899abc2c670375a3ba4ac0cf652da89a70628cee1a35ae17b3490102e3c88ca324d06fce2151bc9de49472cf6e76ccb16d2a9cbf4161812e2c7758d73631024190fe9b71935de6968b289d3503b497f3f4b6306446ae9c312f8f1c63c1f7e62652173d9ed48cb128815bd44a12061f9b73fbdc6674ab9e0d01807f7bcfa0aa59168420e5ad8b72d7b576e273a1d229934fce2867689a41cb17767cf9defe1a96515a677ba08e10e187a3ce2f1d78e6b43b0d46c36163a1967b203df4f53379ee98422e973ab5c090adff21b5cc84fc78358021f681a0f0fd744f687e4f6c295470bf8f548d2d3dc841481dd51db9124cacde83bc9fef44a3e69e1cb28579d897f3013ac6133395328247fdcc152e5563678258936576196ced017c79bb6a4ea501a44cb25e5af1697afbdb3abb316837470ffdbe985ac3967334a90731602d3fac4f5c2758f04ec9c161a7cf330b7c7549fb62e6c15d07a7203c94edd3a8141c91b2029d6a90b14322337e6610822d9d7bff58c10d9c6cff71822f6456a421a65fdaa5d2c793f256a4e7a39f0d85d65fb95479eff79345c0615c9bbb4fb3324f9360b70dc709b0200042e8461b8cee9ce30beab3e276df48f41f001262fc14153f9764e13b50397442e00d7b11266bde10a3b7f83818086ff0015409679e4472d9e0215804fa9d21cebfa5cb5099cf88750cbeaaf58c2743f2746ea4cb73760ba88a07b91b68553716d563af5d7702219d0c600916dc54242d825c6d68320baf234a39f0b9ea9e6a4a72c4d5829b2f28508f54b33c7e0394a43fe23e7940d9b04bbe790d903a2d2c979e0ea79931b934d094fa2d5948c05cf278c341d788f2061ff617c9fa4700b1e1f0fbfa1b8c42848f2ea01cd318a8748c3336622ead25527ddbcd8a12ba3a5183f4419deb13558ed0ec99e73448c21ede0dbee9c01fc7675e54c60d4dee29c0f8fe81af6fe7b726f5d3c50dac634aefbf1ca6aa4df1b340a4109acf30939f6094c8591218729788111bfde98cd96d4b04b25bcd1bcb7f826241995573bae", 0x2000, &(0x7f0000008c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x78, 0x0, 0x7, {0x9, 0xcbff, 0x0, {0x5, 0x5, 0x1, 0x800000000000006c, 0x7, 0x6, 0x1, 0x6, 0x101, 0x4000, 0xfffffffe, 0x0, 0x0, 0x3, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, r5, 0x0, 0x2, 0x0)

2.309828618s ago: executing program 4 (id=690):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000054000000030a01040000000000000000010000000900030073797a31000000000900010073797a3100000000280004800800014000000005090002401b2fd2c5140003006970366772653000000000000000000014000000110001"], 0x9c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x6, 0x1000, 0x6, 0x86c}})
socket$netlink(0x10, 0x3, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xd, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a300000000040000000030a01080000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d657461000000001400028008000140000000120800024000000019140000001100"], 0xd8}}, 0x80)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
getpid()
r6 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCSETS(r6, 0x40045431, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x20040442)

2.302167047s ago: executing program 3 (id=691):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
getcwd(&(0x7f00000002c0)=""/247, 0xf7)
socket(0x40000000015, 0x5, 0x0) (async)
r2 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000380)={0xc}) (async)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r5}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc}) (async)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r7=>0x0})
r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000002500), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4cb717950744651acff508182c98b102bc886b584a35b7d8230844a708d40fdda8d389e715cfe7729db0e5446235124ad5", @ANYRES16=r8, @ANYBLOB="010027bd7000fcdbdf2507000000080004007f0000011400020000000000000000000000ffff6401010114000300ff010000000000000000000000000001"], 0x44}, 0x1, 0x0, 0x0, 0x8010}, 0x4040) (async)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4cb717950744651acff508182c98b102bc886b584a35b7d8230844a708d40fdda8d389e715cfe7729db0e5446235124ad5", @ANYRES16=r8, @ANYBLOB="010027bd7000fcdbdf2507000000080004007f0000011400020000000000000000000000ffff6401010114000300ff010000000000000000000000000001"], 0x44}, 0x1, 0x0, 0x0, 0x8010}, 0x4040)
ioctl$IOMMU_HWPT_ALLOC$TEST(r4, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r6, r7, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) (async)
ioctl$IOMMU_HWPT_ALLOC$TEST(r4, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r6, r7, <r9=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000480)={0x28, 0x4, r7, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4})
r10 = syz_clone(0x812000, &(0x7f0000000580)="868064c682e23768ae6693a97177fcf9fef21a20d0fe5d6f25bdd6cac1ee252b5a888681bb58f1b14166f431c48fb40bf2cc41e505cd62fd87744469245f7085126104b0eaf05285e97dd85404762991fb3d7d5f7a20f2e64ddc4eaf1d34ca16d9283afa97733df79c643bb577a78caf3728e3ba11e3784dbc5a531fa49054feb087546d43edc9593aade9d7909b5bdaa5ac595547dd507b6bab8c38e0ddf9bbf56caf26e5d136da0835710599b8cb1c199d1ad9303f3573861ee85082", 0xbd, &(0x7f0000000040), &(0x7f0000000180), &(0x7f00000001c0)="c76cff82b8baf0d9c4c468abba01e8bba3a7cbbfb2771f31ba4b9b721289386db7ef0aa2f8d7f629")
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r10, 0x3, &(0x7f0000000440))
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r4, 0x3b8b, &(0x7f0000000080)={0x10, 0x1, r9})
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(0xffffffffffffffff, 0x3b8b, &(0x7f00000000c0)={0xfffffffffffffebd, 0x0, r9})
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x100007c8)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460d04000c028000000000000003003e00ecffffff940200000000000040000000000000004d020000000000000000000000003800010001017f000800030000006400"], 0x78)
close(r3) (async)
close(r3)

2.097448458s ago: executing program 5 (id=692):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpid()
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000380)={'ip6_vti0\x00', 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, @mcast1, @empty, 0x20, 0x0, 0x0, 0xa}})
mmap(&(0x7f00003e6000/0x4000)=nil, 0x4000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="180200002e0600000000000008000000950000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x99, &(0x7f0000001300)=""/153, 0x0, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000100), &(0x7f0000000180)=0x4)
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r4, &(0x7f0000001600)='./file1\x00', 0x6000, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')

1.653915328s ago: executing program 4 (id=693):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000380)={<r1=>0x0, 0x5}, &(0x7f00000003c0)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000400)={r1, @in={{0x2, 0x4e20, @loopback}}, 0xe, 0x2}, &(0x7f00000004c0)=0x90)
socket$tipc(0x1e, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x140, 0x40000000, 0x41000000}], 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r3, &(0x7f0000000200)='m', 0x1)
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000100))
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r5=>r3}, './file0\x00'})
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r5, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r6, 0x200, 0x70bd27, 0x25dfdbfd, {}, [""]}, 0x1c}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000004000000000000000000850000004600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_REWIND(r7, 0xc0844123, &(0x7f0000000180)=0x4)

573.425483ms ago: executing program 5 (id=694):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100000000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0xd49f, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000001200)=0x6d7c, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
r3 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r3, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r3, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
eventfd(0x0)
recvmmsg(r3, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)

123.466354ms ago: executing program 4 (id=695):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x151000, 0x20)
read$FUSE(r1, &(0x7f0000002c80)={0x2020}, 0x2020)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r1, 0x4068aea3, &(0x7f0000000140)={0xc1, 0x0, 0x2})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = dup(r2)
r4 = socket$inet(0x10, 0x3, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r8, 0x3, 0x11, r7, 0x0)
mmap$KVM_VCPU(&(0x7f0000012000/0x1000)=nil, r8, 0x6, 0x4001010, r3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', <r9=>0x0})
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0xb4, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r9, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x84, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x28, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}, {0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x80000001}]}, {0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x400}]}]}]}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r9, 0x25, 0x1e, @void}, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r11 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000080)="0f21f5d9e945ddc866ba420066ed0fc79eab1d0000b9800000c00f3235001000000f3048b804000000000000000f23c00f21f835020006000f23f80f01587c0f01c3260fc7b16275c806", 0x4a}], 0x1, 0x13, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)

4.372672ms ago: executing program 1 (id=696):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x20, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x6}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet(0x2, 0x3, 0x4)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_enter(0xffffffffffffffff, 0x894, 0x3a7b, 0x0, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x2c}, 0xd}, 0x1c)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
futex(0x0, 0x8d, 0xfffffffd, 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)='usrquota')
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1, 0x103)
mount(&(0x7f0000000300), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)

266.705µs ago: executing program 2 (id=697):
socket$unix(0x1, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100}, &(0x7f0000000200), &(0x7f00000001c0))
socket$packet(0x11, 0x2, 0x300)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt(0xffffffffffffffff, 0x114, 0x271d, 0x0, &(0x7f00000000c0))
pipe2$watch_queue(0x0, 0x80)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}}, 0x0)
r7 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNDEL(r7, 0x400442c9, &(0x7f00000000c0)={0x0, @multicast})
getdents64(0xffffffffffffffff, 0x0, 0x18)
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000340)={0x3}, 0x2000, 0x0)
socket$unix(0x1, 0x2, 0x0)

0s ago: executing program 3 (id=698):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd4, 0x0, 0x0)
ioctl$BLKBSZGET(r1, 0x80081270, &(0x7f0000000500))
r3 = socket$rxrpc(0x21, 0x2, 0xa)
sendto$rxrpc(r3, 0x0, 0x0, 0x20004000, 0x0, 0x0)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r4, &(0x7f0000000080)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x0, 0xdc, @empty}}, 0x24)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="13010000bd460e10490d1070900c010203010902120001000000000904000000d2", @ANYRES16=r0], 0x0)

kernel console output (not intermixed with test programs):

eating new IBSS network, BSSID 50:50:50:50:50:50
[   96.354765][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.432003][ T5836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.443275][ T5836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.480349][ T5836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.489211][ T5836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.529169][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.537523][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.576557][ T5849] veth0_macvtap: entered promiscuous mode
[   96.607440][ T5849] veth1_macvtap: entered promiscuous mode
[   96.664155][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   96.742907][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.823528][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.854087][ T5849] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.857321][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   96.880490][ T5849] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.892635][ T5849] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.902616][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   96.920577][ T5849] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.928071][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[   96.957529][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.972721][ T5847] Bluetooth: hci2: command tx timeout
[   97.000439][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.008676][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.025216][    T9] usb 3-1: config 0 descriptor??
[   97.051486][ T5847] Bluetooth: hci3: command tx timeout
[   97.056989][ T5847] Bluetooth: hci4: command tx timeout
[   97.063664][ T5844] Bluetooth: hci0: command tx timeout
[   97.069595][ T5844] Bluetooth: hci1: command tx timeout
[   97.149781][ T1324] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.203323][ T1324] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.221241][ T5920] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   97.314173][ T3503] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.341648][ T3503] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.398764][ T3503] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.411038][ T5920] usb 4-1: Using ep0 maxpacket: 16
[   97.416837][ T3503] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.428516][ T5920] usb 4-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config
[   97.463897][ T5920] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[   97.488771][    T9] usbhid 3-1:0.0: can't add hid device: -71
[   97.512063][    T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[   97.513314][ T5920] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   97.534597][    T9] usb 3-1: USB disconnect, device number 2
[   97.597135][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.616183][ T5920] usb 4-1: Product: syz
[   97.632986][ T5920] usb 4-1: Manufacturer: syz
[   97.644879][ T5920] usb 4-1: SerialNumber: syz
[   97.652172][ T5842] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   97.741586][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   97.840356][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   97.853019][ T5985] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   97.891684][ T5920] usb 4-1: 0:2 : does not exist
[   97.947931][ T5920] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[   97.950749][ T5842] usb 2-1: Using ep0 maxpacket: 16
[   98.006402][ T5842] usb 2-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=9b.5e
[   98.044162][ T5842] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.054000][ T5842] usb 2-1: Product: syz
[   98.058217][ T5842] usb 2-1: Manufacturer: syz
[   98.073797][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   98.082471][ T5920] usb 4-1: USB disconnect, device number 2
[   98.117875][ T5842] usb 2-1: SerialNumber: syz
[   98.161985][ T5842] usb 2-1: config 0 descriptor??
[   98.193945][ T5842] kalmia 2-1:0.0: probe with driver kalmia failed with error -22
[   98.320684][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   98.391880][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[   98.497086][ T5920] usb 2-1: USB disconnect, device number 2
[   98.523271][ T5903] udevd[5903]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   99.002829][ T5999] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   99.091148][ T6001] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   99.285748][ T6004] 8021q: VLANs not supported on nlmon0
[   99.342033][ T6007] 8021q: VLANs not supported on nlmon0
[   99.496356][ T5975] kernel write not supported for file bpf-prog (pid: 5975 comm: kworker/0:6)
[   99.510125][ T6013] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   99.580752][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  100.520663][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  100.528992][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  100.544506][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  100.553359][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  101.137042][ T6035] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  101.900483][ T5978] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  101.964757][   T30] audit: type=1800 audit(1755365509.908:2): pid=6042 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.23" name="/" dev="9p" ino=2 res=0 errno=0
[  102.173546][ T5978] usb 5-1: Using ep0 maxpacket: 16
[  102.410084][ T6052] syz.2.25: attempt to access beyond end of device
[  102.410084][ T6052] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  102.424504][ T6052] syz.2.25: attempt to access beyond end of device
[  102.424504][ T6052] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0
[  102.437731][ T6052] Mount JFS Failure: -5
[  102.940499][ T5978] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  102.961112][ T5978] usb 5-1: config 0 has no interface number 0
[  102.979873][ T5978] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[  103.101155][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.138150][ T5978] usb 5-1: Product: syz
[  103.145609][ T5978] usb 5-1: Manufacturer: syz
[  103.154613][ T5978] usb 5-1: SerialNumber: syz
[  103.202952][ T5978] usb 5-1: config 0 descriptor??
[  103.275385][ T6055] 9pnet_fd: Insufficient options for proto=fd
[  103.401125][ T6055] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  103.794738][ T5976] libceph: connect (1)[c::]:6789 error -101
[  104.502273][ T5976] libceph: mon0 (1)[c::]:6789 connect error
[  104.560741][ T5976] libceph: connect (1)[c::]:6789 error -101
[  104.656038][ T5976] libceph: mon0 (1)[c::]:6789 connect error
[  104.704813][ T6066] ceph: No mds server is up or the cluster is laggy
[  105.353182][ T5978] usb 5-1: selecting invalid altsetting 1
[  105.400371][ T5978] speedtch 5-1:0.1: speedtch_bind: setting interface to  1 failed (-22)!
[  105.421604][ T5978] speedtch 5-1:0.1: usbatm_usb_probe: bind failed: -22!
[  105.428691][ T5978] speedtch 5-1:0.1: probe with driver speedtch failed with error -22
[  105.430755][ T5976] libceph: connect (1)[c::]:6789 error -101
[  105.494806][ T5978] usb 5-1: USB disconnect, device number 2
[  105.976243][ T5976] libceph: mon0 (1)[c::]:6789 connect error
[  107.157409][ T5976] libceph: connect (1)[c::]:6789 error -101
[  107.164818][ T6085] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  107.233300][ T5976] libceph: mon0 (1)[c::]:6789 connect error
[  108.000328][   T43] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  108.269878][ T6102] netlink: 'syz.4.36': attribute type 10 has an invalid length.
[  108.294765][ T6102] team0: Device hsr_slave_0 failed to register rx_handler
[  108.764301][ T6102] syz.4.36 (6102) used greatest stack depth: 20072 bytes left
[  108.943408][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  108.953561][   T43] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  108.987998][   T43] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  109.038077][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.047109][ T6105] capability: warning: `syz.4.38' uses deprecated v2 capabilities in a way that may be insecure
[  109.153873][   T43] usb 2-1: config 0 descriptor??
[  109.251036][ T6107] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  109.375899][ T6091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  109.534913][ T6091] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.343264][ T6116] process 'syz.1.35' launched '/dev/fd/5' with NULL argv: empty string added
[  110.471934][   T43] usbhid 2-1:0.0: can't add hid device: -71
[  110.479447][   T43] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  110.599864][   T43] usb 2-1: USB disconnect, device number 3
[  111.160402][ T5976] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  111.592469][ T5976] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  111.832966][ T5976] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  111.890381][ T5976] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  111.923477][ T5976] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  111.950390][ T5976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.132718][ T5976] usb 1-1: Product: syz
[  112.136951][ T5976] usb 1-1: Manufacturer: syz
[  112.212808][ T6141] Invalid source name
[  112.222671][ T6141] UBIFS error (pid: 6141): cannot open "usrquota", error -22
[  112.423983][ T5976] usb 1-1: SerialNumber: syz
[  112.552314][ T5976] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found
[  112.592846][ T5976] cdc_ncm 1-1:1.0: bind() failure
[  112.747706][ T6125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  112.767099][ T6125] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  112.877297][ T5976] usb 1-1: USB disconnect, device number 2
[  113.054234][ T6156] kAFS: unable to lookup cell '/,'
[  113.310701][ T6164] netlink: 24 bytes leftover after parsing attributes in process `syz.3.53'.
[  113.335512][ T6163] netlink: 'syz.3.53': attribute type 6 has an invalid length.
[  113.496676][ T6164] syz.3.53 (6164): attempted to duplicate a private mapping with mremap.  This is not supported.
[  113.705678][   T30] audit: type=1326 audit(1755365521.658:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6158 comm="syz.3.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb9678ebe9 code=0x7ffc0000
[  113.838014][   T30] audit: type=1326 audit(1755365521.678:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6158 comm="syz.3.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb9678ebe9 code=0x7ffc0000
[  113.920375][   T43] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  114.133105][   T43] usb 2-1: Using ep0 maxpacket: 8
[  114.408753][ T6173] FAULT_INJECTION: forcing a failure.
[  114.408753][ T6173] name failslab, interval 1, probability 0, space 0, times 1
[  114.424301][   T30] audit: type=1326 audit(1755365522.358:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6158 comm="syz.3.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb9678ebe9 code=0x7ffc0000
[  114.446108][   T43] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  114.467925][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.491483][ T6173] CPU: 1 UID: 0 PID: 6173 Comm: syz.4.57 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  114.491511][ T6173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  114.491523][ T6173] Call Trace:
[  114.491532][ T6173]  <TASK>
[  114.491541][ T6173]  dump_stack_lvl+0x189/0x250
[  114.491571][ T6173]  ? __pfx____ratelimit+0x10/0x10
[  114.491596][ T6173]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.491619][ T6173]  ? __pfx__printk+0x10/0x10
[  114.491652][ T6173]  ? __pfx___might_resched+0x10/0x10
[  114.491674][ T6173]  ? fs_reclaim_acquire+0x7d/0x100
[  114.491705][ T6173]  should_fail_ex+0x414/0x560
[  114.491732][ T6173]  should_failslab+0xa8/0x100
[  114.491756][ T6173]  __kmalloc_noprof+0xcb/0x4f0
[  114.491774][ T6173]  ? kfree+0x4d/0x440
[  114.491801][ T6173]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  114.491833][ T6173]  tomoyo_realpath_from_path+0xe3/0x5d0
[  114.491861][ T6173]  ? tomoyo_domain+0xda/0x130
[  114.491894][ T6173]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  114.491916][ T6173]  tomoyo_path_number_perm+0x1e8/0x5a0
[  114.491943][ T6173]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  114.491984][ T6173]  ? __lock_acquire+0xab9/0xd20
[  114.492026][ T6173]  ? __fget_files+0x2a/0x420
[  114.492054][ T6173]  ? __fget_files+0x2a/0x420
[  114.492073][ T6173]  ? __fget_files+0x3a0/0x420
[  114.492093][ T6173]  ? __fget_files+0x2a/0x420
[  114.492120][ T6173]  security_file_ioctl+0xcb/0x2d0
[  114.492147][ T6173]  __se_sys_ioctl+0x47/0x170
[  114.492179][ T6173]  do_syscall_64+0xfa/0x3b0
[  114.492211][ T6173]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.492233][ T6173]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.492252][ T6173]  ? clear_bhb_loop+0x60/0xb0
[  114.492275][ T6173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.492294][ T6173] RIP: 0033:0x7f74f6d8ebe9
[  114.492313][ T6173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.492328][ T6173] RSP: 002b:00007f74f7c39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  114.492350][ T6173] RAX: ffffffffffffffda RBX: 00007f74f6fb6090 RCX: 00007f74f6d8ebe9
[  114.492363][ T6173] RDX: 0000000000000000 RSI: 0000000040049366 RDI: 0000000000000003
[  114.492375][ T6173] RBP: 00007f74f7c39090 R08: 0000000000000000 R09: 0000000000000000
[  114.492387][ T6173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  114.492398][ T6173] R13: 00007f74f6fb6128 R14: 00007f74f6fb6090 R15: 00007ffc3d5b8408
[  114.492432][ T6173]  </TASK>
[  114.493715][ T6173] ERROR: Out of memory at tomoyo_realpath_from_path.
[  114.523389][   T30] audit: type=1326 audit(1755365522.378:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6158 comm="syz.3.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb9678ebe9 code=0x7ffc0000
[  114.823723][   T43] usb 2-1: config 0 descriptor??
[  115.080441][   T43] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  116.020888][   T43] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  116.031430][   T43] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  116.043482][   T43] asix 2-1:0.0: probe with driver asix failed with error -71
[  116.055675][   T43] usb 2-1: USB disconnect, device number 4
[  116.193922][ T6193] FAULT_INJECTION: forcing a failure.
[  116.193922][ T6193] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  116.236790][   T30] audit: type=1326 audit(1755365524.168:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6190 comm="syz.2.62" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f44f998ebe9 code=0x80000
[  116.320574][ T6193] CPU: 0 UID: 0 PID: 6193 Comm: syz.3.60 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  116.320602][ T6193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  116.320613][ T6193] Call Trace:
[  116.320621][ T6193]  <TASK>
[  116.320629][ T6193]  dump_stack_lvl+0x189/0x250
[  116.320659][ T6193]  ? __pfx____ratelimit+0x10/0x10
[  116.320681][ T6193]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.320703][ T6193]  ? __pfx__printk+0x10/0x10
[  116.320729][ T6193]  ? __might_fault+0xb0/0x130
[  116.320763][ T6193]  should_fail_ex+0x414/0x560
[  116.320789][ T6193]  _copy_from_user+0x2d/0xb0
[  116.320817][ T6193]  __sys_bpf+0x1ed/0x860
[  116.320849][ T6193]  ? __pfx___sys_bpf+0x10/0x10
[  116.320889][ T6193]  ? ksys_write+0x22a/0x250
[  116.320912][ T6193]  ? __pfx_ksys_write+0x10/0x10
[  116.320928][ T6193]  ? rcu_is_watching+0x15/0xb0
[  116.320959][ T6193]  __x64_sys_bpf+0x7c/0x90
[  116.320997][ T6193]  do_syscall_64+0xfa/0x3b0
[  116.321017][ T6193]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.321038][ T6193]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.321056][ T6193]  ? clear_bhb_loop+0x60/0xb0
[  116.321080][ T6193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.321099][ T6193] RIP: 0033:0x7fbb9678ebe9
[  116.321117][ T6193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.321132][ T6193] RSP: 002b:00007fbb976de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  116.321162][ T6193] RAX: ffffffffffffffda RBX: 00007fbb969b5fa0 RCX: 00007fbb9678ebe9
[  116.321176][ T6193] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[  116.321188][ T6193] RBP: 00007fbb976de090 R08: 0000000000000000 R09: 0000000000000000
[  116.321200][ T6193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  116.321211][ T6193] R13: 00007fbb969b6038 R14: 00007fbb969b5fa0 R15: 00007fffc2ad61a8
[  116.321242][ T6193]  </TASK>
[  116.527302][ T6199] netlink: 24 bytes leftover after parsing attributes in process `syz.1.63'.
[  120.290660][ T5920] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  120.645042][ T5920] usb 4-1: unable to get BOS descriptor or descriptor too short
[  121.012001][ T5920] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  121.034710][ T5920] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  121.044621][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.053147][ T5920] usb 4-1: Product: syz
[  121.057608][ T5920] usb 4-1: Manufacturer: syz
[  121.078349][ T5920] usb 4-1: SerialNumber: syz
[  121.257522][ T6224] netlink: 8 bytes leftover after parsing attributes in process `syz.4.70'.
[  121.287418][ T6224] netlink: 'syz.4.70': attribute type 3 has an invalid length.
[  121.300163][ T6224] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.70'.
[  121.317698][ T6222] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  121.331596][ T6222] Cannot find set identified by id 0 to match
[  122.494342][ T6232] FAULT_INJECTION: forcing a failure.
[  122.494342][ T6232] name failslab, interval 1, probability 0, space 0, times 0
[  122.515209][ T5920] usb 4-1: USB disconnect, device number 3
[  122.611012][ T6232] CPU: 0 UID: 0 PID: 6232 Comm: syz.0.74 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  122.611042][ T6232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  122.611053][ T6232] Call Trace:
[  122.611060][ T6232]  <TASK>
[  122.611067][ T6232]  dump_stack_lvl+0x189/0x250
[  122.611089][ T6232]  ? __pfx____ratelimit+0x10/0x10
[  122.611102][ T6232]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.611116][ T6232]  ? __pfx__printk+0x10/0x10
[  122.611134][ T6232]  ? __pfx___might_resched+0x10/0x10
[  122.611150][ T6232]  should_fail_ex+0x414/0x560
[  122.611166][ T6232]  should_failslab+0xa8/0x100
[  122.611181][ T6232]  __kmalloc_cache_node_noprof+0x73/0x3d0
[  122.611194][ T6232]  ? __get_vm_area_node+0x13f/0x300
[  122.611209][ T6232]  __get_vm_area_node+0x13f/0x300
[  122.611224][ T6232]  __vmalloc_node_range_noprof+0x301/0x12f0
[  122.611237][ T6232]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  122.611257][ T6232]  ? is_bpf_text_address+0x26/0x2b0
[  122.611284][ T6232]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  122.611303][ T6232]  ? __might_fault+0xb0/0x130
[  122.611316][ T6232]  ? _parse_integer_limit+0x1ae/0x1f0
[  122.611333][ T6232]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  122.611349][ T6232]  __vmalloc_noprof+0xb1/0xf0
[  122.611362][ T6232]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  122.611381][ T6232]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[  122.611402][ T6232]  bpf_prog_alloc+0x3c/0x1a0
[  122.611421][ T6232]  bpf_prog_load+0x735/0x1930
[  122.611446][ T6232]  ? __pfx_bpf_prog_load+0x10/0x10
[  122.611477][ T6232]  ? bpf_lsm_bpf+0x9/0x20
[  122.611490][ T6232]  ? security_bpf+0x7e/0x300
[  122.611506][ T6232]  __sys_bpf+0x5f1/0x860
[  122.611524][ T6232]  ? __pfx___sys_bpf+0x10/0x10
[  122.611548][ T6232]  ? ksys_write+0x22a/0x250
[  122.611561][ T6232]  ? __pfx_ksys_write+0x10/0x10
[  122.611570][ T6232]  ? rcu_is_watching+0x15/0xb0
[  122.611588][ T6232]  __x64_sys_bpf+0x7c/0x90
[  122.611604][ T6232]  do_syscall_64+0xfa/0x3b0
[  122.611616][ T6232]  ? lockdep_hardirqs_on+0x9c/0x150
[  122.611629][ T6232]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.611640][ T6232]  ? clear_bhb_loop+0x60/0xb0
[  122.611654][ T6232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.611665][ T6232] RIP: 0033:0x7fe5cd78ebe9
[  122.611677][ T6232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  122.611687][ T6232] RSP: 002b:00007fe5ce68f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  122.611701][ T6232] RAX: ffffffffffffffda RBX: 00007fe5cd9b5fa0 RCX: 00007fe5cd78ebe9
[  122.611710][ T6232] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[  122.611718][ T6232] RBP: 00007fe5ce68f090 R08: 0000000000000000 R09: 0000000000000000
[  122.611725][ T6232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  122.611732][ T6232] R13: 00007fe5cd9b6038 R14: 00007fe5cd9b5fa0 R15: 00007fff0fbc2b38
[  122.611750][ T6232]  </TASK>
[  122.635552][ T6232] syz.0.74: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  123.277512][ T5920] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  123.420372][ T6232] CPU: 1 UID: 0 PID: 6232 Comm: syz.0.74 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  123.420400][ T6232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  123.420410][ T6232] Call Trace:
[  123.420418][ T6232]  <TASK>
[  123.420426][ T6232]  dump_stack_lvl+0x189/0x250
[  123.420454][ T6232]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  123.420485][ T6232]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.420506][ T6232]  ? __pfx__printk+0x10/0x10
[  123.420529][ T6232]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  123.420551][ T6232]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  123.420580][ T6232]  warn_alloc+0x214/0x310
[  123.420611][ T6232]  ? __pfx_warn_alloc+0x10/0x10
[  123.420636][ T6232]  ? __get_vm_area_node+0x13f/0x300
[  123.420661][ T6232]  ? __get_vm_area_node+0x2b5/0x300
[  123.420687][ T6232]  __vmalloc_node_range_noprof+0x326/0x12f0
[  123.420711][ T6232]  ? is_bpf_text_address+0x26/0x2b0
[  123.420757][ T6232]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  123.420778][ T6232]  ? __might_fault+0xb0/0x130
[  123.420800][ T6232]  ? _parse_integer_limit+0x1ae/0x1f0
[  123.420830][ T6232]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  123.420858][ T6232]  __vmalloc_noprof+0xb1/0xf0
[  123.420880][ T6232]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  123.420913][ T6232]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[  123.420949][ T6232]  bpf_prog_alloc+0x3c/0x1a0
[  123.420982][ T6232]  bpf_prog_load+0x735/0x1930
[  123.421026][ T6232]  ? __pfx_bpf_prog_load+0x10/0x10
[  123.421082][ T6232]  ? bpf_lsm_bpf+0x9/0x20
[  123.421104][ T6232]  ? security_bpf+0x7e/0x300
[  123.421131][ T6232]  __sys_bpf+0x5f1/0x860
[  123.421163][ T6232]  ? __pfx___sys_bpf+0x10/0x10
[  123.421206][ T6232]  ? ksys_write+0x22a/0x250
[  123.421228][ T6232]  ? __pfx_ksys_write+0x10/0x10
[  123.421244][ T6232]  ? rcu_is_watching+0x15/0xb0
[  123.421275][ T6232]  __x64_sys_bpf+0x7c/0x90
[  123.421311][ T6232]  do_syscall_64+0xfa/0x3b0
[  123.421333][ T6232]  ? lockdep_hardirqs_on+0x9c/0x150
[  123.421353][ T6232]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.421373][ T6232]  ? clear_bhb_loop+0x60/0xb0
[  123.421399][ T6232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.421418][ T6232] RIP: 0033:0x7fe5cd78ebe9
[  123.421436][ T6232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.421453][ T6232] RSP: 002b:00007fe5ce68f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  123.421475][ T6232] RAX: ffffffffffffffda RBX: 00007fe5cd9b5fa0 RCX: 00007fe5cd78ebe9
[  123.421490][ T6232] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[  123.421502][ T6232] RBP: 00007fe5ce68f090 R08: 0000000000000000 R09: 0000000000000000
[  123.421514][ T6232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  123.421525][ T6232] R13: 00007fe5cd9b6038 R14: 00007fe5cd9b5fa0 R15: 00007fff0fbc2b38
[  123.421558][ T6232]  </TASK>
[  123.421568][ T6232] Mem-Info:
[  123.767657][ T6232] active_anon:256 inactive_anon:5554 isolated_anon:0
[  123.767657][ T6232]  active_file:5201 inactive_file:37003 isolated_file:0
[  123.767657][ T6232]  unevictable:768 dirty:30 writeback:0
[  123.767657][ T6232]  slab_reclaimable:10097 slab_unreclaimable:97678
[  123.767657][ T6232]  mapped:30959 shmem:1362 pagetables:1213
[  123.767657][ T6232]  sec_pagetables:0 bounce:0
[  123.767657][ T6232]  kernel_misc_reclaimable:0
[  123.767657][ T6232]  free:1326437 free_pcp:16407 free_cma:0
[  123.840433][ T5920] usb 4-1: Using ep0 maxpacket: 16
[  124.141900][ T6232] Node 0 active_anon:1024kB inactive_anon:33604kB active_file:20600kB inactive_file:148012kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:135068kB dirty:132kB writeback:0kB shmem:15312kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12088kB pagetables:4564kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  124.167830][ T5920] usb 4-1: device descriptor read/all, error -71
[  124.198309][ T6247] mmap: syz.2.75 (6247) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  124.229090][   T30] audit: type=1326 audit(1755365532.168:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6243 comm="syz.2.75" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f44f998ebe9 code=0x0
[  124.302862][ T6232] Node 1 active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  125.340404][ T6232] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  125.490023][ T6232] lowmem_reserve[]: 0 2500 2502 2502 2502
[  125.505230][ T6232] Node 0 DMA32 free:1403924kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1020kB inactive_anon:22620kB active_file:18852kB inactive_file:148044kB unevictable:1536kB writepending:132kB present:3129332kB managed:2560996kB mlocked:0kB bounce:0kB free_pcp:44156kB local_pcp:22152kB free_cma:0kB
[  125.611696][ T6232] lowmem_reserve[]: 0 0 1 1 1
[  125.626115][ T6232] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:48kB active_file:1748kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  125.766932][ T6263] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  126.121347][ T6232] lowmem_reserve[]: 0 0 0 0 0
[  126.182968][ T6232] Node 1 Normal free:3897660kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:19904kB local_pcp:9952kB free_cma:0kB
[  126.262131][ T6253] netlink: 8 bytes leftover after parsing attributes in process `syz.3.77'.
[  126.270980][ T6253] netlink: 24 bytes leftover after parsing attributes in process `syz.3.77'.
[  126.290124][ T6267] overlayfs: upper fs does not support file handles, falling back to index=off.
[  126.304609][ T6232] lowmem_reserve[]: 0 0 0 0 0
[  126.309512][ T6232] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  126.337374][ T6268] overlay: filesystem on ./bus not supported as upperdir
[  126.345318][ T6232] Node 0 DMA32: 376*4kB (UME) 786*8kB (UM) 278*16kB (UME) 172*32kB (UME) 54*64kB (UME) 28*128kB (UME) 14*256kB (UME) 6*512kB (UM) 6*1024kB (M) 3*2048kB (UME) 332*4096kB (UM) = 1403600kB
[  126.564825][ T6232] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  126.612270][ T6232] Node 1 Normal: 207*4kB (UME) 54*8kB (UME) 39*16kB (UME) 63*32kB (UME) 24*64kB (UME) 6*128kB (UME) 3*256kB (UM) 5*512kB (UME) 3*1024kB (UME) 1*2048kB (E) 948*4096kB (M) = 3897660kB
[  126.635931][ T6232] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  126.645726][ T6232] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  126.744057][ T6232] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  126.800335][ T6232] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  127.296976][ T6232] 46536 total pagecache pages
[  127.320797][ T6232] 0 pages in swap cache
[  127.325021][ T6232] Free swap  = 124996kB
[  127.329233][ T6232] Total swap = 124996kB
[  127.362914][ T6232] 2097051 pages RAM
[  127.366896][ T6232] 0 pages HighMem/MovableOnly
[  127.405332][ T6232] 424695 pages reserved
[  127.415099][ T6232] 0 pages cma reserved
[  127.724658][ T6286] Cannot find set identified by id 0 to match
[  128.820361][ T5975] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  129.406448][ T6301] autofs: Unknown parameter 'žW¥'
[  130.860411][ T5975] usb 1-1: Using ep0 maxpacket: 32
[  131.354763][ T5975] usb 1-1: device descriptor read/all, error -71
[  131.989861][ T6319] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  133.101180][ T6334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.96'.
[  133.190368][ T5978] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  133.211303][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  133.217840][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  133.470626][ T6338] syz.1.97: attempt to access beyond end of device
[  133.470626][ T6338] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  133.484467][ T6338] syz.1.97: attempt to access beyond end of device
[  133.484467][ T6338] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[  133.497831][ T6338] Mount JFS Failure: -5
[  134.596466][ T5978] usb 4-1: Using ep0 maxpacket: 8
[  134.872166][ T5978] usb 4-1: unable to get BOS descriptor or descriptor too short
[  134.889256][ T5978] usb 4-1: config 4 has an invalid interface number: 147 but max is 0
[  134.890590][ T6340] Cannot find set identified by id 0 to match
[  134.898490][ T5978] usb 4-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[  134.919933][ T5978] usb 4-1: config 4 has no interface number 0
[  136.278238][ T5978] usb 4-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  136.290890][ T5978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.299118][ T5978] usb 4-1: Product: syz
[  136.303467][ T5978] usb 4-1: Manufacturer: syz
[  136.332393][ T5978] usb 4-1: can't set config #4, error -71
[  136.353003][   T43] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  136.413962][ T5978] usb 4-1: USB disconnect, device number 6
[  136.510367][   T43] usb 2-1: device descriptor read/64, error -71
[  136.921285][ T6362] FAULT_INJECTION: forcing a failure.
[  136.921285][ T6362] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  136.938717][ T6362] CPU: 1 UID: 0 PID: 6362 Comm: syz.0.102 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  136.938736][ T6362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  136.938744][ T6362] Call Trace:
[  136.938749][ T6362]  <TASK>
[  136.938754][ T6362]  dump_stack_lvl+0x189/0x250
[  136.938772][ T6362]  ? __pfx____ratelimit+0x10/0x10
[  136.938786][ T6362]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.938800][ T6362]  ? __pfx__printk+0x10/0x10
[  136.938823][ T6362]  should_fail_ex+0x414/0x560
[  136.938840][ T6362]  _copy_to_user+0x31/0xb0
[  136.938858][ T6362]  simple_read_from_buffer+0xe1/0x170
[  136.938878][ T6362]  proc_fail_nth_read+0x1df/0x250
[  136.938896][ T6362]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  136.938912][ T6362]  ? rw_verify_area+0x258/0x650
[  136.938930][ T6362]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  136.938945][ T6362]  vfs_read+0x200/0x980
[  136.938966][ T6362]  ? __pfx___mutex_lock+0x10/0x10
[  136.938981][ T6362]  ? __pfx_vfs_read+0x10/0x10
[  136.938999][ T6362]  ? __fget_files+0x2a/0x420
[  136.939015][ T6362]  ? __fget_files+0x3a0/0x420
[  136.939028][ T6362]  ? __fget_files+0x2a/0x420
[  136.939046][ T6362]  ksys_read+0x145/0x250
[  136.939059][ T6362]  ? __pfx_ksys_read+0x10/0x10
[  136.939073][ T6362]  ? do_syscall_64+0xbe/0x3b0
[  136.939089][ T6362]  do_syscall_64+0xfa/0x3b0
[  136.939101][ T6362]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.939113][ T6362]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.939132][ T6362]  ? clear_bhb_loop+0x60/0xb0
[  136.939147][ T6362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.939158][ T6362] RIP: 0033:0x7fe5cd78d5fc
[  136.939170][ T6362] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  136.939180][ T6362] RSP: 002b:00007fe5ce68f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  136.939194][ T6362] RAX: ffffffffffffffda RBX: 00007fe5cd9b5fa0 RCX: 00007fe5cd78d5fc
[  136.939203][ T6362] RDX: 000000000000000f RSI: 00007fe5ce68f0a0 RDI: 0000000000000004
[  136.939210][ T6362] RBP: 00007fe5ce68f090 R08: 0000000000000000 R09: 0000000000000000
[  136.939217][ T6362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.939224][ T6362] R13: 00007fe5cd9b6038 R14: 00007fe5cd9b5fa0 R15: 00007fff0fbc2b38
[  136.939243][ T6362]  </TASK>
[  137.343563][   T43] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  137.480317][   T43] usb 2-1: device descriptor read/64, error -71
[  137.591114][   T43] usb usb2-port1: attempt power cycle
[  139.619908][ T6379] IPVS: set_ctl: invalid protocol: 60 127.0.0.1:20002
[  141.827949][ T6398] syz.0.109: attempt to access beyond end of device
[  141.827949][ T6398] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  141.841776][ T6398] syz.0.109: attempt to access beyond end of device
[  141.841776][ T6398] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0
[  141.855395][ T6398] Mount JFS Failure: -5
[  142.601803][ T6403] Invalid source name
[  142.606060][ T6403] UBIFS error (pid: 6403): cannot open "usrquota", error -22
[  143.323889][ T6406] Invalid source name
[  143.335884][ T6406] UBIFS error (pid: 6406): cannot open "usrquota", error -22
[  143.791170][ T6416] delete_channel: no stack
[  144.073553][ T6415] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  144.303415][ T6421] netlink: 24 bytes leftover after parsing attributes in process `syz.4.116'.
[  144.560512][ T5975] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  144.771973][ T6424] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  145.622641][ T6437] netlink: 'syz.4.116': attribute type 10 has an invalid length.
[  145.645297][ T6434] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  145.823726][ T5975] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  145.844768][ T5975] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  145.860429][ T5975] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  145.871851][ T5975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.903566][ T6422] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  145.936356][ T5975] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  145.991116][ T6437] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  147.581455][ T5975] usb 1-1: USB disconnect, device number 5
[  147.911031][ T5920] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  147.965387][ T6464] Invalid source name
[  147.969548][ T6464] UBIFS error (pid: 6464): cannot open "usrquota", error -22
[  148.372193][ T6460] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  148.513949][ T5920] usb 3-1: Using ep0 maxpacket: 32
[  148.580547][ T5920] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  148.625635][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.689570][ T5920] usb 3-1: config 0 descriptor??
[  148.728695][ T5920] gspca_main: sunplus-2.14.0 probing 041e:400b
[  149.382730][ T6478] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  149.885988][ T5920] gspca_sunplus: reg_r err -110
[  149.913521][ T5920] sunplus 3-1:0.0: probe with driver sunplus failed with error -110
[  150.532041][ T6487] xt_hashlimit: max too large, truncated to 1048576
[  150.543883][ T6487] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  150.565150][ T6486] hub 8-0:1.0: USB hub found
[  150.572733][ T6486] hub 8-0:1.0: 1 port detected
[  150.628110][ T6486] warning: `syz.3.132' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  151.577275][    T9] usb 3-1: USB disconnect, device number 3
[  153.951590][ T6515] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  154.455469][ T6520] No such timeout policy "syz1"
[  154.807775][ T6527] syz_tun: entered allmulticast mode
[  154.868628][ T6527] binder: 6525:6527 ioctl 3b88 200000000100 returned -22
[  154.885161][ T6525] syz_tun: left allmulticast mode
[  156.449108][ T5920] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  157.314348][ T5920] usb 5-1: config 201 has an invalid interface number: 249 but max is 0
[  157.330452][ T5920] usb 5-1: config 201 has no interface number 0
[  157.348278][ T5920] usb 5-1: config 201 interface 249 has no altsetting 0
[  157.375313][ T5920] usb 5-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df
[  157.384936][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.396085][ T5920] usb 5-1: Product: syz
[  157.405848][ T5920] usb 5-1: Manufacturer: syz
[  157.411216][ T5920] usb 5-1: SerialNumber: syz
[  157.742360][ T5920] ath6kl: Failed to submit usb control message: -71
[  157.814646][ T5920] ath6kl: unable to send the bmi data to the device: -71
[  157.839270][ T5920] ath6kl: Unable to send get target info: -71
[  157.849577][ T5920] ath6kl: Failed to init ath6kl core: -71
[  157.863530][ T5920] ath6kl_usb 5-1:201.249: probe with driver ath6kl_usb failed with error -71
[  157.904444][ T6569] netlink: 36 bytes leftover after parsing attributes in process `syz.0.157'.
[  157.911540][ T5920] usb 5-1: USB disconnect, device number 3
[  158.094185][   T30] audit: type=1326 audit(1755365566.048:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6535 comm="syz.3.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb9678ebe9 code=0x7fc00000
[  160.445831][ T6593] __vm_enough_memory: pid: 6593, comm: syz.0.160, bytes: 21199837962240 not enough memory for the allocation
[  162.804991][ T6603] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  162.868009][ T6608] netlink: 'syz.1.167': attribute type 29 has an invalid length.
[  162.975675][   T30] audit: type=1107 audit(1755365570.918:10): pid=6609 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=''
[  164.830889][ T6641] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  166.060609][ T6651] 8021q: VLANs not supported on ip6_vti0
[  166.399816][ T6659] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  166.441818][ T5975] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  166.630647][ T5975] usb 2-1: Using ep0 maxpacket: 16
[  166.653517][ T5975] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  166.685150][ T5975] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x33, changing to 0x3
[  166.746710][ T5975] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  166.792390][ T5975] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 51807, setting to 1024
[  166.850854][ T5975] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024
[  166.880043][ T5975] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  166.924991][ T5975] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  166.995204][ T5975] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  167.085082][ T5975] usb 2-1: Manufacturer: syz
[  167.209418][ T5975] usb 2-1: config 0 descriptor??
[  167.763098][ T6656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  167.849220][ T6656] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  168.726114][ T6656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  168.813304][ T6656] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.013963][    T9] usb 2-1: USB disconnect, device number 8
[  170.119484][ T6684] netlink: 'syz.3.185': attribute type 1 has an invalid length.
[  170.908268][ T6695] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  175.203465][ T6722] netlink: 16 bytes leftover after parsing attributes in process `syz.3.196'.
[  175.371181][   T43] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  176.181301][    T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  176.300294][   T43] usb 1-1: Using ep0 maxpacket: 16
[  176.446003][   T43] usb 1-1: config 0 has an invalid interface number: 203 but max is 0
[  176.454726][    T9] usb 4-1: Using ep0 maxpacket: 16
[  176.565228][   T43] usb 1-1: config 0 has no interface number 0
[  176.632422][    T9] usb 4-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  176.659932][   T43] usb 1-1: config 0 interface 203 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80
[  176.795446][   T43] usb 1-1: New USB device found, idVendor=0499, idProduct=1026, bcdDevice=e8.af
[  176.803265][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  176.818212][ T6736] __vm_enough_memory: pid: 6736, comm: syz.2.198, bytes: 21200051445760 not enough memory for the allocation
[  176.840512][    T9] usb 4-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00
[  176.850323][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.880396][   T43] usb 1-1: Product: syz
[  176.890270][   T43] usb 1-1: Manufacturer: syz
[  176.895180][   T43] usb 1-1: SerialNumber: syz
[  176.900838][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.916340][   T43] usb 1-1: config 0 descriptor??
[  176.929188][    T9] usb 4-1: config 0 descriptor??
[  176.936888][ T6718] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  176.966880][   T43] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  177.216167][ T6740] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  177.329723][ T6726] syz.3.196 uses obsolete (PF_INET,SOCK_PACKET)
[  177.363687][ T6740] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  177.377791][ T6722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  177.408704][ T6722] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  177.426910][ T6722] IPv6: NLM_F_CREATE should be specified when creating new route
[  177.450455][   T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  177.622212][   T10] usb 3-1: config 1 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  177.645814][   T10] usb 3-1: config 1 interface 0 has no altsetting 0
[  177.659109][   T10] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.40
[  177.683282][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.704766][   T10] usb 3-1: Product: syz
[  177.710143][   T10] usb 3-1: Manufacturer: syz
[  177.720031][   T10] usb 3-1: SerialNumber: syz
[  177.857636][ T6718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  177.875719][ T6718] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  177.893867][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  177.900029][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  177.937163][ T6739] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  177.997953][ T6749] befs: (nullb0): invalid magic header
[  178.532023][ T6740] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  178.586379][ T6740] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  178.828656][   T10] usbhid 3-1:1.0: can't add hid device: -71
[  178.840976][    T9] usb 4-1: USB disconnect, device number 7
[  178.843300][ T6753] Cannot find set identified by id 0 to match
[  178.857797][   T10] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[  178.880323][   T10] usb 3-1: USB disconnect, device number 4
[  178.955418][ T5976] usb 1-1: USB disconnect, device number 6
[  181.001095][ T5976] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  181.167611][ T5976] usb 4-1: device descriptor read/64, error -71
[  181.380406][ T5913] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  181.590386][ T5976] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  181.600509][ T5913] usb 1-1: Using ep0 maxpacket: 16
[  181.709692][ T5913] usb 1-1: config 0 has an invalid interface number: 148 but max is 0
[  181.719465][ T5913] usb 1-1: config 0 has no interface number 0
[  181.834528][ T5913] usb 1-1: config 0 interface 148 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 32
[  181.870260][ T5913] usb 1-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[  181.881505][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.900303][ T5913] usb 1-1: config 0 descriptor??
[  182.212148][ T5976] usb 4-1: device descriptor read/64, error -71
[  182.212953][ T6777] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  182.330873][ T5976] usb usb4-port1: attempt power cycle
[  182.504522][   T30] audit: type=1326 audit(1755365590.458:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6775 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5cd78ebe9 code=0x7ffc0000
[  182.783835][   T30] audit: type=1326 audit(1755365590.458:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6775 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5cd78ebe9 code=0x7ffc0000
[  182.784306][ T5976] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  182.805717][    C0] vkms_vblank_simulate: vblank timer overrun
[  182.888290][ T6796] netlink: 8 bytes leftover after parsing attributes in process `syz.0.209'.
[  182.991335][ T5976] usb 4-1: device descriptor read/8, error -71
[  183.014230][   T30] audit: type=1326 audit(1755365590.458:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6775 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7fe5cd78ebe9 code=0x7ffc0000
[  183.264863][ T6804] Cannot find set identified by id 0 to match
[  183.399365][   T30] audit: type=1326 audit(1755365590.458:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6775 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5cd78ebe9 code=0x7ffc0000
[  183.420960][    C0] vkms_vblank_simulate: vblank timer overrun
[  183.427840][   T30] audit: type=1326 audit(1755365590.478:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6775 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe5cd78ebe9 code=0x7ffc0000
[  183.449432][   T30] audit: type=1326 audit(1755365590.478:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6775 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5cd78ebe9 code=0x7ffc0000
[  183.470859][    C0] vkms_vblank_simulate: vblank timer overrun
[  183.478046][   T30] audit: type=1326 audit(1755365590.478:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6775 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5cd78ebe9 code=0x7ffc0000
[  184.210544][   T30] audit: type=1326 audit(1755365590.478:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6775 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe5cd78ebe9 code=0x7ffc0000
[  184.239417][   T30] audit: type=1326 audit(1755365590.478:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6775 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5cd78ebe9 code=0x7ffc0000
[  184.314315][   T30] audit: type=1326 audit(1755365590.478:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6775 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5cd78ebe9 code=0x7ffc0000
[  185.813569][ T5913] usb 1-1: USB disconnect, device number 7
[  186.307872][ T5913] libceph: connect (1)[c::]:6789 error -101
[  186.317749][ T5913] libceph: mon0 (1)[c::]:6789 connect error
[  186.601481][ T5913] libceph: connect (1)[c::]:6789 error -101
[  186.624167][ T5913] libceph: mon0 (1)[c::]:6789 connect error
[  187.185214][ T5978] libceph: connect (1)[c::]:6789 error -101
[  187.273508][ T5978] libceph: mon0 (1)[c::]:6789 connect error
[  187.506246][ T6829] ceph: No mds server is up or the cluster is laggy
[  187.670137][ T6848] tun0: tun_chr_ioctl cmd 1074025675
[  187.675800][ T6848] tun0: persist enabled
[  187.682374][ T6848] tun0: tun_chr_ioctl cmd 1074025675
[  187.690438][ T6848] tun0: persist enabled
[  189.207381][ T6858] xt_TPROXY: Can be used only with -p tcp or -p udp
[  191.234835][ T6867] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  191.614383][ T6894] autofs: Bad value for 'fd'
[  191.911210][    T9] usb 1-1: new low-speed USB device number 9 using dummy_hcd
[  192.089736][    T9] usb 1-1: device descriptor read/64, error -71
[  192.400391][    T9] usb 1-1: new low-speed USB device number 10 using dummy_hcd
[  192.480960][   T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  192.554703][    T9] usb 1-1: device descriptor read/64, error -71
[  192.710918][    T9] usb usb1-port1: attempt power cycle
[  192.755313][   T10] usb 3-1: Using ep0 maxpacket: 8
[  193.691491][   T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  193.810155][   T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  193.995446][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  194.031227][    T9] usb 1-1: new low-speed USB device number 11 using dummy_hcd
[  194.414011][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  194.528871][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  194.588657][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  194.652260][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  194.684989][   T10] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  194.717840][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  194.800673][    T9] usb 1-1: device not accepting address 11, error -71
[  195.014716][   T10] usb 3-1: Product: syz
[  195.018979][   T10] usb 3-1: Manufacturer: syz
[  195.034831][   T10] usb 3-1: SerialNumber: syz
[  195.070301][ T5976] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  195.091071][   T10] usb 3-1: config 0 descriptor??
[  195.163600][   T10] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -71
[  195.209641][   T10] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -5
[  195.270325][ T5976] usb 2-1: Using ep0 maxpacket: 8
[  195.288119][ T5976] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  195.330848][   T10] usb 3-1: USB disconnect, device number 5
[  195.339011][ T5976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.378326][ T5976] usb 2-1: Product: syz
[  195.388590][ T5976] usb 2-1: Manufacturer: syz
[  195.393383][ T5976] usb 2-1: SerialNumber: syz
[  195.575775][ T5976] usb 2-1: config 0 descriptor??
[  195.628056][ T5976] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  195.676412][ T6920] =======================================================
[  195.676412][ T6920] WARNING: The mand mount option has been deprecated and
[  195.676412][ T6920]          and is ignored by this kernel. Remove the mand
[  195.676412][ T6920]          option from the mount to silence this warning.
[  195.676412][ T6920] =======================================================
[  195.711429][    C0] vkms_vblank_simulate: vblank timer overrun
[  196.323220][ T5976] usb 2-1: setting power ON
[  196.363098][ T5976] dvb-usb: bulk message failed: -22 (2/0)
[  196.398064][ T5976] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  196.415071][ T5978] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  196.431394][ T5976] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  196.466944][ T5976] usb 2-1: media controller created
[  196.558448][ T5976] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  196.567379][   T30] kauditd_printk_skb: 38 callbacks suppressed
[  196.567397][   T30] audit: type=1326 audit(1755365604.508:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6925 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb9678ebe9 code=0x7ffc0000
[  196.596232][ T5978] usb 5-1: device descriptor read/64, error -71
[  196.608461][   T30] audit: type=1326 audit(1755365604.508:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6925 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7fbb9678ebe9 code=0x7ffc0000
[  196.627986][ T5976] usb 2-1: selecting invalid altsetting 6
[  196.630582][   T30] audit: type=1326 audit(1755365604.528:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6925 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb9678ebe9 code=0x7ffc0000
[  196.651740][ T5976] usb 2-1: digital interface selection failed (-22)
[  196.658732][   T30] audit: type=1326 audit(1755365604.528:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6925 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb9678ebe9 code=0x7ffc0000
[  196.682988][ T5976] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  196.738517][ T5976] usb 2-1: setting power OFF
[  196.744995][ T5976] dvb-usb: bulk message failed: -22 (2/0)
[  196.755973][ T5976] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  196.766510][ T5976] (NULL device *): no alternate interface
[  196.780289][ T5927] usb 1-1: new low-speed USB device number 13 using dummy_hcd
[  196.851189][ T5978] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  196.945899][ T5976] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  196.980873][ T5927] usb 1-1: device descriptor read/64, error -71
[  196.998823][ T5976] usb 2-1: USB disconnect, device number 9
[  197.211293][ T5978] usb 5-1: device descriptor read/64, error -71
[  197.324146][ T6939] syz.1.249: attempt to access beyond end of device
[  197.324146][ T6939] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  197.338056][ T6939] syz.1.249: attempt to access beyond end of device
[  197.338056][ T6939] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[  197.351350][ T6939] Mount JFS Failure: -5
[  197.376634][ T5978] usb usb5-port1: attempt power cycle
[  197.394647][ T5927] usb 1-1: new low-speed USB device number 14 using dummy_hcd
[  198.161948][ T5927] usb 1-1: device descriptor read/64, error -71
[  198.344041][ T5927] usb usb1-port1: attempt power cycle
[  198.943878][ T5927] usb 1-1: new low-speed USB device number 15 using dummy_hcd
[  198.983897][ T5927] usb 1-1: device descriptor read/8, error -71
[  199.280818][ T5927] usb 1-1: new low-speed USB device number 16 using dummy_hcd
[  199.363158][ T5927] usb 1-1: device descriptor read/8, error -71
[  199.538818][ T5927] usb usb1-port1: unable to enumerate USB device
[  200.820344][ T5976] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  201.112775][ T5976] usb 5-1: device descriptor read/64, error -71
[  201.171117][    T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  201.440333][ T5976] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  201.692964][ T5976] usb 5-1: device descriptor read/64, error -71
[  201.801461][ T5976] usb usb5-port1: attempt power cycle
[  201.882684][ T6997] syz.2.262: attempt to access beyond end of device
[  201.882684][ T6997] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  201.896493][ T6997] syz.2.262: attempt to access beyond end of device
[  201.896493][ T6997] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0
[  201.910275][ T6997] Mount JFS Failure: -5
[  203.523530][ T7002] netlink: 4 bytes leftover after parsing attributes in process `syz.2.265'.
[  205.830367][ T5976] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  206.051469][ T5976] usb 4-1: Using ep0 maxpacket: 8
[  206.072950][ T5976] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  206.121917][ T5976] usb 4-1: config 179 has no interface number 0
[  206.128295][ T5976] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  206.173540][ T5976] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  206.188872][ T5976] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  206.200258][ T5976] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  206.211803][ T5976] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  206.228154][ T5976] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  206.237369][ T5976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.651990][ T7026] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  208.555104][ T7059] syz.1.276: attempt to access beyond end of device
[  208.555104][ T7059] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  208.570428][ T7059] syz.1.276: attempt to access beyond end of device
[  208.570428][ T7059] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[  208.585175][ T7059] Mount JFS Failure: -5
[  209.258964][    T9] usb 4-1: USB disconnect, device number 13
[  209.259032][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  209.273429][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  209.761314][ T7075] FAULT_INJECTION: forcing a failure.
[  209.761314][ T7075] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  209.777739][ T7075] CPU: 1 UID: 0 PID: 7075 Comm: syz.2.281 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  209.777765][ T7075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  209.777777][ T7075] Call Trace:
[  209.777786][ T7075]  <TASK>
[  209.777795][ T7075]  dump_stack_lvl+0x189/0x250
[  209.777824][ T7075]  ? __pfx____ratelimit+0x10/0x10
[  209.777847][ T7075]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.777871][ T7075]  ? __pfx__printk+0x10/0x10
[  209.777897][ T7075]  ? __might_fault+0xb0/0x130
[  209.777932][ T7075]  should_fail_ex+0x414/0x560
[  209.777960][ T7075]  _copy_from_user+0x2d/0xb0
[  209.777988][ T7075]  bpf_obj_get_info_by_fd+0x474/0x2f70
[  209.778026][ T7075]  ? __pv_queued_spin_lock_slowpath+0xa05/0xb60
[  209.778062][ T7075]  ? __pfx_bpf_obj_get_info_by_fd+0x10/0x10
[  209.778095][ T7075]  ? __lock_acquire+0xab9/0xd20
[  209.778174][ T7075]  ? bpf_lsm_bpf+0x9/0x20
[  209.778196][ T7075]  ? security_bpf+0x7e/0x300
[  209.778224][ T7075]  __sys_bpf+0x77a/0x860
[  209.778255][ T7075]  ? __pfx___sys_bpf+0x10/0x10
[  209.778320][ T7075]  __x64_sys_bpf+0x7c/0x90
[  209.778347][ T7075]  do_syscall_64+0xfa/0x3b0
[  209.778376][ T7075]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.778397][ T7075]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.778418][ T7075]  ? clear_bhb_loop+0x60/0xb0
[  209.778443][ T7075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.778462][ T7075] RIP: 0033:0x7f44f998ebe9
[  209.778481][ T7075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.778497][ T7075] RSP: 002b:00007f44fa739038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  209.778520][ T7075] RAX: ffffffffffffffda RBX: 00007f44f9bb6180 RCX: 00007f44f998ebe9
[  209.778535][ T7075] RDX: 000000000000003d RSI: 0000200000000100 RDI: 000000000000000f
[  209.778547][ T7075] RBP: 00007f44fa739090 R08: 0000000000000000 R09: 0000000000000000
[  209.778560][ T7075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.778572][ T7075] R13: 00007f44f9bb6218 R14: 00007f44f9bb6180 R15: 00007ffee4316a68
[  209.778606][ T7075]  </TASK>
[  210.051979][ T7076] Illegal XDP return value 3846737841 on prog  (id 193) dev N/A, expect packet loss!
[  210.740356][ T7087] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  210.806924][ T7088] xt_TPROXY: Can be used only with -p tcp or -p udp
[  211.720735][ T5978] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  211.816189][ T7093] x_tables: ip_tables: limit.0 match: invalid size 40 (kernel) != (user) 48
[  212.124138][ T5978] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  212.220821][ T5978] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  212.294639][ T5843] Bluetooth: hci1: command 0x0406 tx timeout
[  212.301186][ T5843] Bluetooth: hci2: command 0x0406 tx timeout
[  212.307713][ T5843] Bluetooth: hci3: command 0x0406 tx timeout
[  212.542997][ T5978] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  212.708050][ T5978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  212.969088][ T5978] usb 3-1: SerialNumber: syz
[  213.177427][ T7106] syz.1.289: attempt to access beyond end of device
[  213.177427][ T7106] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  213.191980][ T7106] syz.1.289: attempt to access beyond end of device
[  213.191980][ T7106] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[  213.205899][ T7106] Mount JFS Failure: -5
[  214.262033][ T7110] xt_CT: You must specify a L4 protocol and not use inversions on it
[  214.368605][ T5844] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  214.404164][ T5844] Bluetooth: hci1: Injecting HCI hardware error event
[  214.413904][ T5844] Bluetooth: hci1: hardware error 0x00
[  214.763533][ T7110] netlink: 12 bytes leftover after parsing attributes in process `syz.3.291'.
[  214.913360][ T5978] usb 3-1: 0:2 : does not exist
[  214.919609][ T5978] usb 3-1: unit 5 not found!
[  215.192163][ T5978] usb 3-1: USB disconnect, device number 6
[  215.562428][ T6318] udevd[6318]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  215.578712][ T7127] netlink: 4 bytes leftover after parsing attributes in process `syz.2.295'.
[  215.841183][ T7132] netlink: 'syz.1.297': attribute type 3 has an invalid length.
[  216.275962][ T7132] netlink: 224 bytes leftover after parsing attributes in process `syz.1.297'.
[  216.577269][ T7132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.297'.
[  216.900480][ T5844] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  217.054309][ T7132] netlink: 56 bytes leftover after parsing attributes in process `syz.1.297'.
[  217.066203][ T7132] netlink: 8 bytes leftover after parsing attributes in process `syz.1.297'.
[  221.956289][ T5913] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  222.168526][ T7175] fuseblk: Bad value for 'fd'
[  222.189050][ T7175] bad cache= option: no%e
[  222.189050][ T7175] 
[  222.197043][ T7175] CIFS: VFS: bad cache= option: no%e
[  222.216669][ T7178] netlink: 4 bytes leftover after parsing attributes in process `syz.1.306'.
[  222.313753][   T43] usb 3-1: new low-speed USB device number 7 using dummy_hcd
[  222.330448][ T5844] Bluetooth: hci4: command 0x0406 tx timeout
[  222.513642][   T43] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  222.524057][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.536251][   T43] usb 3-1: config 0 descriptor??
[  223.665800][ T7198] netlink: 8 bytes leftover after parsing attributes in process `syz.3.315'.
[  224.237008][ T5978] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  224.466149][ T5978] usb 4-1: Using ep0 maxpacket: 8
[  224.968387][ T5978] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  224.993082][ T5978] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  225.005158][ T5978] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  225.249272][ T5978] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  225.260441][ T5978] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  225.273504][ T5978] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  225.348618][ T5978] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  225.509330][ T5978] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  225.525831][ T5978] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  225.627606][ T5978] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  225.643627][ T5978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.660624][ T5978] usb 4-1: Product: syz
[  225.673902][ T5978] usb 4-1: Manufacturer: syz
[  225.708159][ T5978] usb 4-1: SerialNumber: syz
[  226.212511][ T7172] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  226.307315][   T43] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x8001: -71
[  226.360590][   T43] asix 3-1:0.0: probe with driver asix failed with error -71
[  226.435002][   T43] usb 3-1: USB disconnect, device number 7
[  226.536683][ T7202] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  226.536683][ T7202] The task syz.3.315 (7202) triggered the difference, watch for misbehavior.
[  227.407201][ T7237] IPVS: set_ctl: invalid protocol: 92 0.0.0.0:20002
[  227.593662][ T7239] program syz.0.327 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  227.771296][ T5978] adutux 4-1:168.0: interrupt endpoints not found
[  227.809573][ T5978] usb 4-1: USB disconnect, device number 14
[  229.438242][ T7259] netlink: 248 bytes leftover after parsing attributes in process `syz.1.334'.
[  229.995876][ T7267] netlink: 8 bytes leftover after parsing attributes in process `syz.3.337'.
[  235.081119][ T7332] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  235.663109][    T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  236.063390][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  236.779359][ T7344] syz.4.350: attempt to access beyond end of device
[  236.779359][ T7344] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  236.793096][ T7344] syz.4.350: attempt to access beyond end of device
[  236.793096][ T7344] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0
[  236.806269][ T7344] Mount JFS Failure: -5
[  237.043654][    T9] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  237.062136][    T9] usb 2-1: config 1 has no interface number 1
[  237.068309][    T9] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  237.081314][    T9] usb 2-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[  237.418047][ T7347] Invalid source name
[  237.422779][ T7347] UBIFS error (pid: 7347): cannot open "usrquota", error -22
[  237.929891][    T9] usb 2-1: string descriptor 0 read error: -71
[  237.982205][    T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  238.020740][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.061049][    T9] usb 2-1: can't set config #1, error -71
[  238.074986][   T30] audit: type=1326 audit(1755365646.018:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7348 comm="syz.4.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f74f6d8ebe9 code=0x7ffc0000
[  238.108509][    T9] usb 2-1: USB disconnect, device number 10
[  239.313207][   T30] audit: type=1326 audit(1755365646.018:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7348 comm="syz.4.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f74f6d8ebe9 code=0x7ffc0000
[  240.087666][   T30] audit: type=1326 audit(1755365646.018:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7348 comm="syz.4.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f74f6d8ebe9 code=0x7ffc0000
[  240.110573][   T30] audit: type=1326 audit(1755365646.018:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7348 comm="syz.4.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f74f6d8ebe9 code=0x7ffc0000
[  240.136378][   T30] audit: type=1326 audit(1755365646.018:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7348 comm="syz.4.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f74f6d8ebe9 code=0x7ffc0000
[  240.158976][   T30] audit: type=1326 audit(1755365646.018:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7348 comm="syz.4.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f74f6d8ebe9 code=0x7ffc0000
[  240.230339][   T30] audit: type=1326 audit(1755365646.018:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7348 comm="syz.4.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f74f6d8ebe9 code=0x7ffc0000
[  240.570388][   T30] audit: type=1326 audit(1755365646.018:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7348 comm="syz.4.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f74f6d8ebe9 code=0x7ffc0000
[  240.575296][ T7368] Cannot find set identified by id 0 to match
[  240.704444][   T30] audit: type=1326 audit(1755365646.018:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7348 comm="syz.4.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f74f6d8ebe9 code=0x7ffc0000
[  240.779469][ T7374] netlink: 4 bytes leftover after parsing attributes in process `syz.2.360'.
[  241.289922][   T30] audit: type=1326 audit(1755365646.018:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7348 comm="syz.4.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f74f6d8ebe9 code=0x7ffc0000
[  241.338707][ T7380] netlink: 16 bytes leftover after parsing attributes in process `syz.2.360'.
[  243.080736][ T5976] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  244.291120][ T5976] usb 4-1: Using ep0 maxpacket: 32
[  244.303225][ T5976] usb 4-1: config 0 has an invalid interface number: 235 but max is 0
[  244.470320][ T5976] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  244.500244][ T5976] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  244.551553][ T5976] usb 4-1: config 0 has no interface number 1
[  244.565516][ T5976] usb 4-1: config 0 interface 235 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  244.597205][ T5976] usb 4-1: config 0 interface 235 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  245.361833][ T7410] Invalid source name
[  245.366741][ T7410] UBIFS error (pid: 7410): cannot open "usrquota", error -22
[  245.817454][ T5976] usb 4-1: New USB device found, idVendor=085a, idProduct=0009, bcdDevice=a3.47
[  245.895489][ T5976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.166619][ T5976] usb 4-1: Product: syz
[  246.348392][ T5976] usb 4-1: config 0 descriptor??
[  246.400557][ T5976] usb 4-1: can't set config #0, error -71
[  246.454979][ T5976] usb 4-1: USB disconnect, device number 15
[  247.159799][ T7431] 9pnet_fd: Insufficient options for proto=fd
[  247.177285][ T7434] syz.0.371: attempt to access beyond end of device
[  247.177285][ T7434] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  247.190841][ T7434] syz.0.371: attempt to access beyond end of device
[  247.190841][ T7434] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0
[  247.204236][ T7434] Mount JFS Failure: -5
[  249.631655][ T7468] syzkaller0: entered promiscuous mode
[  249.639413][ T7468] syzkaller0: entered allmulticast mode
[  249.788062][ T7478] xt_TPROXY: Can be used only with -p tcp or -p udp
[  250.805947][ T7485] Invalid source name
[  250.810089][ T7485] UBIFS error (pid: 7485): cannot open "usrquota", error -22
[  251.746231][ T5844] Bluetooth: hci3: ACL packet too small
[  252.014083][ T7487] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  252.192346][ T7496] syz.1.386: attempt to access beyond end of device
[  252.192346][ T7496] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  252.225089][ T7496] syz.1.386: attempt to access beyond end of device
[  252.225089][ T7496] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[  252.278668][ T7496] Mount JFS Failure: -5
[  252.400668][ T5976] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  252.629078][ T5976] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.655283][ T5976] usb 4-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[  252.948360][ T5976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.366330][ T5976] usb 4-1: config 0 descriptor??
[  253.866031][ T5976] nintendo 0003:057E:200E.0001: hidraw0: USB HID v80.00 Device [HID 057e:200e] on usb-dummy_hcd.3-1/input0
[  254.009878][ T5976] nintendo 0003:057E:200E.0001: Failed charging grip handshake
[  254.020625][ T5976] nintendo 0003:057E:200E.0001: Failed to initialize controller; ret=-110
[  254.117278][ T7516] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  254.127173][ T7516] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  254.440783][ T5976] nintendo 0003:057E:200E.0001: probe - fail = -110
[  254.656248][ T5976] nintendo 0003:057E:200E.0001: probe with driver nintendo failed with error -110
[  255.865931][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  255.879759][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  257.698452][ T7491] netlink: 4 bytes leftover after parsing attributes in process `syz.3.387'.
[  257.824744][ T5976] usb 4-1: USB disconnect, device number 16
[  258.330264][ T1966] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  258.501841][ T7549] Invalid source name
[  258.506091][ T7549] UBIFS error (pid: 7549): cannot open "usrquota", error -22
[  258.540934][ T1966] usb 5-1: device descriptor read/64, error -71
[  259.248105][ T7551] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  259.408853][ T7554] Cannot find set identified by id 0 to match
[  259.450428][ T1966] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  260.329349][ T7561] netlink: 20 bytes leftover after parsing attributes in process `syz.0.401'.
[  260.340606][ T1966] usb 5-1: device descriptor read/64, error -71
[  260.420454][ T7570] Cannot find set identified by id 0 to match
[  260.586635][ T1966] usb usb5-port1: attempt power cycle
[  261.021251][ T1966] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  261.669911][ T7580] netlink: 12 bytes leftover after parsing attributes in process `syz.1.405'.
[  261.737052][ T1966] usb 5-1: device not accepting address 13, error -71
[  261.786805][ T7580] netlink: 'syz.1.405': attribute type 11 has an invalid length.
[  262.145226][ T1966] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  262.221019][ T1966] usb 5-1: device descriptor read/8, error -71
[  262.320740][ T7588] program syz.1.408 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  262.363136][ T1966] usb usb5-port1: unable to enumerate USB device
[  262.374058][ T7589] program syz.1.408 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.295292][ T7596] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  263.408671][ T7604] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  263.418862][ T7604] overlayfs: failed to set xattr on upper
[  263.425170][ T7604] overlayfs: ...falling back to redirect_dir=nofollow.
[  263.432518][ T7604] overlayfs: ...falling back to uuid=null.
[  263.744149][ T7606] Cannot find set identified by id 0 to match
[  264.750531][ T7608] Invalid source name
[  264.754558][ T7608] UBIFS error (pid: 7608): cannot open "usrquota", error -22
[  264.938134][ T7616] netlink: 4 bytes leftover after parsing attributes in process `syz.1.415'.
[  265.048303][ T7616] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  266.130788][ T5976] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  266.313178][ T5976] usb 5-1: no configurations
[  266.317835][ T5976] usb 5-1: can't read configurations, error -22
[  266.633153][ T5976] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  267.010940][ T5976] usb 5-1: no configurations
[  267.015753][ T5976] usb 5-1: can't read configurations, error -22
[  267.022573][ T5976] usb usb5-port1: attempt power cycle
[  267.560365][ T5976] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  267.853340][ T7651] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  267.857679][ T5976] usb 5-1: no configurations
[  267.955649][ T5976] usb 5-1: can't read configurations, error -22
[  268.027850][ T7660] misc userio: Invalid payload size
[  268.576338][ T7663] GUP no longer grows the stack in syz.1.428 (7663): 200000005000-200000008000 (200000004000)
[  268.597612][ T7663] CPU: 0 UID: 0 PID: 7663 Comm: syz.1.428 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  268.597641][ T7663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  268.597653][ T7663] Call Trace:
[  268.597662][ T7663]  <TASK>
[  268.597673][ T7663]  dump_stack_lvl+0x189/0x250
[  268.597702][ T7663]  ? irqentry_exit+0x74/0x90
[  268.597723][ T7663]  ? __pfx_dump_stack_lvl+0x10/0x10
[  268.597758][ T7663]  fixup_user_fault+0x661/0x720
[  268.597797][ T7663]  fault_in_user_writeable+0x72/0xe0
[  268.597817][ T7663]  futex_lock_pi+0x283/0xa60
[  268.597847][ T7663]  ? __pfx_futex_lock_pi+0x10/0x10
[  268.597867][ T7663]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  268.597922][ T7663]  ? __pfx_futex_wake_mark+0x10/0x10
[  268.597960][ T7663]  ? rcu_is_watching+0x15/0xb0
[  268.597978][ T7663]  ? trace_sched_exit_tp+0x38/0x120
[  268.598005][ T7663]  do_futex+0x292/0x420
[  268.598031][ T7663]  ? __pfx_do_futex+0x10/0x10
[  268.598060][ T7663]  __se_sys_futex+0x36f/0x400
[  268.598080][ T7663]  ? __pfx___schedule+0x10/0x10
[  268.598099][ T7663]  ? __pfx___se_sys_futex+0x10/0x10
[  268.598120][ T7663]  ? rcu_is_watching+0x15/0xb0
[  268.598141][ T7663]  ? __x64_sys_futex+0x21/0xf0
[  268.598164][ T7663]  do_syscall_64+0xfa/0x3b0
[  268.598183][ T7663]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.598197][ T7663]  ? asm_sysvec_call_function_single+0x1a/0x20
[  268.598213][ T7663]  ? clear_bhb_loop+0x60/0xb0
[  268.598232][ T7663]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.598246][ T7663] RIP: 0033:0x7fb9bd38ebe9
[  268.598262][ T7663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  268.598275][ T7663] RSP: 002b:00007fb9be17d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  268.598294][ T7663] RAX: ffffffffffffffda RBX: 00007fb9bd5b6090 RCX: 00007fb9bd38ebe9
[  268.598305][ T7663] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000
[  268.598316][ T7663] RBP: 00007fb9bd411e19 R08: 0000000000000000 R09: 0000000000000000
[  268.598325][ T7663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  268.598334][ T7663] R13: 00007fb9bd5b6128 R14: 00007fb9bd5b6090 R15: 00007fff4b27fe68
[  268.598363][ T7663]  </TASK>
[  269.294298][ T7675] tun0: tun_chr_ioctl cmd 1074025675
[  269.442875][ T7675] tun0: persist enabled
[  269.496869][ T7668] tun0: tun_chr_ioctl cmd 1074025675
[  269.526793][ T7676] Invalid source name
[  269.531358][ T7676] UBIFS error (pid: 7676): cannot open "usrquota", error -22
[  269.764413][ T7668] tun0: persist enabled
[  269.928815][ T7678] slcan: can't register candev
[  269.951050][ T7678] Falling back ldisc for ptm0.
[  270.417315][ T7700] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[7700]
[  270.700411][ T5913] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  270.840357][ T5913] usb 2-1: device descriptor read/64, error -71
[  272.418921][ T5913] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  274.360271][ T5949] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  274.401347][ T5913] usb usb2-port1: attempt power cycle
[  274.524153][ T5949] usb 3-1: config 0 has an invalid interface number: 32 but max is 0
[  274.550468][ T5949] usb 3-1: config 0 has no interface number 0
[  274.562223][ T5949] usb 3-1: config 0 interface 32 altsetting 0 endpoint 0x6 has invalid maxpacket 56166, setting to 64
[  274.600440][ T5949] usb 3-1: config 0 interface 32 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  274.639278][ T5949] usb 3-1: config 0 interface 32 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  274.685231][ T5949] usb 3-1: config 0 interface 32 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  274.716557][ T5949] usb 3-1: New USB device found, idVendor=0586, idProduct=3401, bcdDevice=ef.53
[  274.749198][ T5949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.760381][ T5913] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  274.761164][ T5949] usb 3-1: Product: syz
[  274.774485][ T5949] usb 3-1: Manufacturer: syz
[  274.779605][ T5949] usb 3-1: SerialNumber: syz
[  274.815956][ T5949] usb 3-1: config 0 descriptor??
[  274.899306][ T5913] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  274.980293][ T5913] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  275.022504][ T7745] Invalid source name
[  275.027252][ T7745] UBIFS error (pid: 7745): cannot open "usrquota", error -22
[  275.048047][ T5913] usb 2-1: config 0 interface 0 has no altsetting 0
[  275.133166][ T5913] usb 2-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00
[  275.146325][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.200731][ T5913] usb 2-1: config 0 descriptor??
[  275.746886][ T5949] usb 3-1: USB disconnect, device number 8
[  275.831888][ T7752] netlink: 188 bytes leftover after parsing attributes in process `syz.0.446'.
[  275.939734][ T7759] netlink: 8 bytes leftover after parsing attributes in process `syz.4.448'.
[  275.963981][ T5913] hid-alps 0003:044E:120B.0002: hidraw0: USB HID v0.00 Device [HID 044e:120b] on usb-dummy_hcd.1-1/input0
[  275.990566][ T7762] Zero length message leads to an empty skb
[  276.203629][ T5976] usb 2-1: USB disconnect, device number 13
[  276.830512][ T7765] fido_id[7765]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  277.514574][ T5978] IPVS: starting estimator thread 0...
[  277.581795][ T7785] dvmrp0: entered allmulticast mode
[  277.641592][ T7784] IPVS: using max 29 ests per chain, 69600 per kthread
[  277.676438][ T7789] dvmrp8: entered allmulticast mode
[  277.699029][ T7782] dvmrp0: left allmulticast mode
[  277.712699][ T7782] dvmrp8: left allmulticast mode
[  277.841942][ T5978] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  277.994126][ T5978] usb 3-1: device descriptor read/64, error -71
[  278.483415][ T7806] Invalid source name
[  278.488513][ T7806] UBIFS error (pid: 7806): cannot open "usrquota", error -22
[  278.634776][ T5978] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  278.860238][ T5978] usb 3-1: device descriptor read/64, error -71
[  279.731267][ T5978] usb usb3-port1: attempt power cycle
[  280.150610][ T5978] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  280.399525][ T7823] Cannot find set identified by id 0 to match
[  280.547551][ T5978] usb 3-1: device not accepting address 11, error -71
[  280.582445][ T7828] xt_TPROXY: Can be used only with -p tcp or -p udp
[  283.194626][ T7844] capability: warning: `syz.3.468' uses 32-bit capabilities (legacy support in use)
[  283.301916][ T7844] netlink: 16 bytes leftover after parsing attributes in process `syz.3.468'.
[  284.177254][ T5978] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  284.474325][ T5978] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  284.499822][ T5978] usb 4-1: config 0 has no interface number 0
[  284.528430][ T5978] usb 4-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  284.591484][ T5978] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 24929, setting to 64
[  284.620769][ T5978] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.04
[  284.631050][ T5978] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  284.639359][ T5978] usb 4-1: Product: syz
[  284.670432][ T5978] usb 4-1: SerialNumber: syz
[  284.710612][ T5978] usb 4-1: config 0 descriptor??
[  284.728098][ T7844] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  284.753715][ T5978] cm109 4-1:0.8: invalid payload size 64, expected 4
[  284.800616][ T5978] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input7
[  284.840277][   T43] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  285.567548][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  285.567908][   T10] usb 4-1: USB disconnect, device number 17
[  285.574753][    C1] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  285.590849][   T43] usb 2-1: Using ep0 maxpacket: 16
[  285.601767][   T43] usb 2-1: unable to get BOS descriptor or descriptor too short
[  285.611770][   T43] usb 2-1: config 159 has an invalid interface number: 195 but max is 0
[  285.620291][   T43] usb 2-1: config 159 has no interface number 0
[  285.626936][   T43] usb 2-1: config 159 interface 195 altsetting 5 endpoint 0x1 has invalid wMaxPacketSize 0
[  285.657999][   T43] usb 2-1: config 159 interface 195 has no altsetting 0
[  285.738977][   T43] usb 2-1: New USB device found, idVendor=17e9, idProduct=b889, bcdDevice=ec.5c
[  285.750951][   T10] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  285.769887][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.789042][   T43] usb 2-1: Product: syz
[  285.809551][   T43] usb 2-1: Manufacturer: syz
[  285.829944][   T43] usb 2-1: SerialNumber: syz
[  286.110782][   T43] udl 2-1:159.195: [drm] Unrecognized vendor firmware descriptor
[  286.128108][   T43] [drm:udl_init] *ERROR* Selecting channel failed
[  286.178234][   T43] [drm] Initialized udl 0.0.1 for 2-1:159.195 on minor 2
[  286.180342][ T5949] usb 5-1: new low-speed USB device number 19 using dummy_hcd
[  286.195679][   T43] [drm] Initialized udl on minor 2
[  286.222504][   T43] udl 2-1:159.195: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  286.303698][   T43] udl 2-1:159.195: [drm] Cannot find any crtc or sizes
[  286.316961][ T7874] xt_TPROXY: Can be used only with -p tcp or -p udp
[  286.337940][ T5913] udl 2-1:159.195: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  286.355073][   T43] usb 2-1: USB disconnect, device number 14
[  286.361756][ T5913] udl 2-1:159.195: [drm] Cannot find any crtc or sizes
[  286.491980][ T5949] usb 5-1: Invalid ep0 maxpacket: 64
[  287.579815][ T5949] usb 5-1: new low-speed USB device number 20 using dummy_hcd
[  287.923114][   T10] libceph: connect (1)[c::]:6789 error -101
[  287.930088][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  288.099533][ T5949] usb 5-1: Invalid ep0 maxpacket: 64
[  288.105890][ T5949] usb usb5-port1: attempt power cycle
[  288.882513][   T10] libceph: connect (1)[c::]:6789 error -101
[  288.888574][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  289.068838][ T7902] netlink: 4 bytes leftover after parsing attributes in process `syz.1.484'.
[  289.570849][   T10] libceph: connect (1)[c::]:6789 error -101
[  289.593825][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  290.126088][ T7887] ceph: No mds server is up or the cluster is laggy
[  290.439775][ T7912] Invalid source name
[  290.444096][ T7912] UBIFS error (pid: 7912): cannot open "usrquota", error -22
[  290.899443][ T7921] Cannot find set identified by id 0 to match
[  292.185375][ T7916] netlink: 52 bytes leftover after parsing attributes in process `syz.3.488'.
[  292.645493][ T7916] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  294.363991][ T7931] bridge0: port 2(bridge_slave_1) entered disabled state
[  294.372831][ T7931] bridge0: port 1(bridge_slave_0) entered disabled state
[  294.828177][ T7951] syz.0.494: attempt to access beyond end of device
[  294.828177][ T7951] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  294.841911][ T7951] syz.0.494: attempt to access beyond end of device
[  294.841911][ T7951] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0
[  294.855395][ T7951] Mount JFS Failure: -5
[  295.565904][ T7953] netlink: 'syz.4.492': attribute type 11 has an invalid length.
[  295.608532][ T7953] netlink: 224 bytes leftover after parsing attributes in process `syz.4.492'.
[  296.205986][ T7931] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  296.235419][ T7931] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  296.423049][ T5913] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  296.637573][ T5913] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  296.662009][ T5913] usb 4-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53
[  296.698814][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.738403][ T7931] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  296.748389][ T5913] usb 4-1: config 0 descriptor??
[  296.796756][ T7931] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  296.806384][ T7931] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  296.820099][ T7931] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  297.052717][ T7967] pim6reg: entered allmulticast mode
[  297.171520][ T5913] usb 4-1: USB disconnect, device number 18
[  297.210578][ T7969] pim6reg: left allmulticast mode
[  298.331651][ T7983] Invalid source name
[  298.335804][ T7983] UBIFS error (pid: 7983): cannot open "usrquota", error -22
[  298.943043][ T7986] Cannot find set identified by id 0 to match
[  300.296285][   T43] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  300.567871][ T8003] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  300.599109][   T43] usb 4-1: Using ep0 maxpacket: 32
[  300.612210][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  300.660579][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  300.703246][   T43] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  301.188664][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.282464][   T43] usb 4-1: config 0 descriptor??
[  301.922123][   T43] koneplus 0003:1E7D:2D51.0003: unknown main item tag 0x0
[  301.929913][   T43] koneplus 0003:1E7D:2D51.0003: unknown main item tag 0x0
[  301.991677][   T43] koneplus 0003:1E7D:2D51.0003: unknown main item tag 0x0
[  301.999405][   T43] koneplus 0003:1E7D:2D51.0003: unknown main item tag 0x0
[  302.010650][   T43] koneplus 0003:1E7D:2D51.0003: unknown main item tag 0x0
[  302.092623][   T43] koneplus 0003:1E7D:2D51.0003: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.3-1/input0
[  302.166198][   T43] koneplus 0003:1E7D:2D51.0003: couldn't init struct koneplus_device
[  302.266479][   T43] koneplus 0003:1E7D:2D51.0003: couldn't install mouse
[  302.353779][   T43] koneplus 0003:1E7D:2D51.0003: probe with driver koneplus failed with error -71
[  302.419623][   T43] usb 4-1: USB disconnect, device number 19
[  302.556468][ T8041] overlay: ./file1 is not a directory
[  302.660454][ T8037] fido_id[8037]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  302.873417][ T8040] Invalid source name
[  302.877552][ T8040] UBIFS error (pid: 8040): cannot open "usrquota", error -22
[  302.906725][ T8051] xt_TPROXY: Can be used only with -p tcp or -p udp
[  303.815545][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  303.815560][   T30] audit: type=1804 audit(1755365711.768:97): pid=8058 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.517" name="/newroot/95/file0" dev="tmpfs" ino=542 res=1 errno=0
[  304.539028][ T8077] syz.3.519: attempt to access beyond end of device
[  304.539028][ T8077] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  304.552105][ T8077] syz.3.519: attempt to access beyond end of device
[  304.552105][ T8077] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0
[  304.565053][ T8077] Mount JFS Failure: -5
[  305.668837][ T8072] Unsupported ieee802154 address type: 0
[  306.659573][ T8084] fuse: Bad value for 'fd'
[  308.078358][ T8119] Invalid source name
[  308.082819][ T8119] UBIFS error (pid: 8119): cannot open "usrquota", error -22
[  308.763999][ T8123] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  309.200297][ T5976] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  309.220540][ T8136] xt_TPROXY: Can be used only with -p tcp or -p udp
[  309.917570][ T5976] usb 3-1: Using ep0 maxpacket: 32
[  310.410533][ T5976] usb 3-1: unable to get BOS descriptor or descriptor too short
[  310.432839][ T5976] usb 3-1: config 128 has an invalid interface number: 127 but max is 3
[  310.492419][ T5976] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  310.526821][ T5976] usb 3-1: config 128 has 1 interface, different from the descriptor's value: 4
[  310.551129][ T5976] usb 3-1: config 128 has no interface number 0
[  310.661922][ T8148] netlink: 12 bytes leftover after parsing attributes in process `syz.0.538'.
[  310.715658][ T5976] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  311.115730][ T5976] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[  311.148070][ T5976] usb 3-1: config 128 interface 127 has no altsetting 0
[  311.232309][ T5976] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  311.246603][ T8154] netlink: 4 bytes leftover after parsing attributes in process `syz.3.537'.
[  311.273524][ T5976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.296631][ T5976] usb 3-1: Product: syz
[  311.329092][ T5976] usb 3-1: Manufacturer: syz
[  311.334035][ T5976] usb 3-1: SerialNumber: syz
[  311.345782][   T30] audit: type=1400 audit(1755365719.278:98): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=8147 comm="syz.3.537" saddr=172.30.0.4 daddr=172.20.20.170 netif=wpan0
[  311.408001][ T8156] macsec1: entered promiscuous mode
[  311.413699][ T8156] ip6gretap0: entered promiscuous mode
[  311.420146][ T8156] macsec1: entered allmulticast mode
[  311.463057][ T8156] ip6gretap0: entered allmulticast mode
[  311.665183][ T5976] usb 3-1: USB disconnect, device number 13
[  311.901780][ T6318] udevd[6318]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  312.048790][ T8171] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  312.190472][ T5978] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  312.414060][ T5978] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  313.490000][ T5978] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  313.508722][ T5978] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  313.518273][ T5978] usb 2-1: config 1 has no interface number 0
[  313.524764][ T5978] usb 2-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30
[  313.536518][ T5978] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32
[  313.552805][ T5978] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  313.562111][ T5978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.570716][ T5978] usb 2-1: Product: syz
[  313.620270][ T5978] usb 2-1: Manufacturer: syz
[  313.624957][ T5978] usb 2-1: SerialNumber: syz
[  313.800356][ T5976] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  314.750274][ T5976] usb 5-1: Using ep0 maxpacket: 16
[  314.845130][ T5976] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  314.880359][ T5976] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  314.949376][ T5829] usb 2-1: USB disconnect, device number 15
[  314.959310][ T5976] usb 5-1: config 1 has no interface number 1
[  314.969633][ T8191] Cannot find set identified by id 0 to match
[  314.990330][ T5976] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  315.079113][ T5976] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 247, changing to 7
[  315.150848][ T8195] unsupported nla_type 52263
[  315.461114][ T5976] usb 5-1: string descriptor 0 read error: -71
[  315.637263][ T5976] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  315.840299][ T5976] usb 5-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3
[  316.015104][ T5976] usb 5-1: can't set config #1, error -71
[  316.081805][ T5976] usb 5-1: USB disconnect, device number 22
[  316.759932][ T8220] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  316.812565][ T8220] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  317.340715][ T5976] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  317.349589][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  317.401662][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  317.600210][ T5976] usb 5-1: Using ep0 maxpacket: 16
[  317.641137][ T5976] usb 5-1: too many configurations: 212, using maximum allowed: 8
[  317.701512][ T5976] usb 5-1: unable to read config index 0 descriptor/start: -61
[  317.739861][ T5976] usb 5-1: can't read configurations, error -61
[  318.030609][ T5976] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  318.485112][ T5976] usb 5-1: Using ep0 maxpacket: 16
[  318.517798][ T5976] usb 5-1: too many configurations: 212, using maximum allowed: 8
[  318.648002][ T5976] usb 5-1: unable to read config index 0 descriptor/start: -61
[  318.656681][ T5978] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  318.826575][ T5976] usb 5-1: can't read configurations, error -61
[  318.828169][ T5978] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  318.845179][ T5976] usb usb5-port1: attempt power cycle
[  318.925663][ T5978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  319.083175][ T5978] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  319.169513][ T5978] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  319.218979][ T5978] usb 2-1: Manufacturer: syz
[  319.231920][ T5978] usb 2-1: config 0 descriptor??
[  319.290278][ T5976] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  319.510617][ T5976] usb 5-1: device not accepting address 25, error -71
[  319.535993][ T8233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  319.552862][ T8233] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  319.570347][ T5978] rc_core: IR keymap rc-hauppauge not found
[  319.600396][ T5978] Registered IR keymap rc-empty
[  319.625979][ T5978] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  319.706564][ T5978] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input8
[  319.952874][ T8257] rc rc0: two consecutive events of type space
[  319.984494][ T8263] xt_TPROXY: Can be used only with -p tcp or -p udp
[  320.942881][ T8268] Invalid source name
[  320.947027][ T8268] UBIFS error (pid: 8268): cannot open "usrquota", error -22
[  321.613835][ T5949] usb 2-1: USB disconnect, device number 16
[  321.719601][ T8274] loop8: detected capacity change from 0 to 8
[  321.846796][ T8274] Dev loop8: unable to read RDB block 8
[  321.874924][ T8274]  loop8: unable to read partition table
[  321.907851][ T8274] loop8: partition table beyond EOD, truncated
[  321.970417][ T8274] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  322.405280][ T8292] netlink: 'syz.2.567': attribute type 1 has an invalid length.
[  322.437250][ T8292] netlink: 228 bytes leftover after parsing attributes in process `syz.2.567'.
[  323.428935][ T5829] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  323.465425][ T8300] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  323.556387][ T8307] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  323.778742][ T8300] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.138541][ T5829] usb 2-1: Using ep0 maxpacket: 32
[  324.169609][ T5829] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  324.203329][ T5829] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  324.275753][ T5829] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  324.316874][ T8300] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.380320][ T5829] usb 2-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=d2.a2
[  324.430381][ T5829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.454093][ T5829] usb 2-1: Product: syz
[  324.473394][ T8300] bond0: (slave netdevsim0): Releasing backup interface
[  324.483379][ T8300] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.538354][ T5829] usb 2-1: Manufacturer: syz
[  324.567774][ T5829] usb 2-1: SerialNumber: syz
[  324.649524][ T8300] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  324.664954][ T8300] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  324.681450][ T8300] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  324.699210][ T8300] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  324.893114][ T5829] usb 2-1: config 0 descriptor??
[  325.140446][ T5829] keyspan 2-1:0.0: Keyspan 1 port adapter converter detected
[  325.148139][ T5829] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 87
[  325.166057][ T5829] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 7
[  325.305823][ T5829] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 1
[  325.316735][ T5829] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 2
[  325.342976][ T5829] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 85
[  325.390613][ T5829] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 5
[  325.614571][ T5829] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  326.814247][ T5829] usb 2-1: USB disconnect, device number 17
[  326.864685][ T5829] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  326.898110][ T5829] keyspan 2-1:0.0: device disconnected
[  327.741085][ T8349] Invalid source name
[  327.745215][ T8349] UBIFS error (pid: 8349): cannot open "usrquota", error -22
[  330.183842][ T8377] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  331.196008][ T8387] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  333.431687][ T8422] Invalid source name
[  333.435953][ T8422] UBIFS error (pid: 8422): cannot open "usrquota", error -22
[  333.965819][ T8430] netlink: 28 bytes leftover after parsing attributes in process `syz.4.591'.
[  335.667532][ T8445] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  336.467716][ T8475] netlink: 16 bytes leftover after parsing attributes in process `syz.3.598'.
[  336.956614][ T8474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.598'.
[  337.432255][ T8487] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  337.587051][   T30] audit: type=1326 audit(1755365745.528:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8434 comm="syz.0.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5cd78ebe9 code=0x7fc00000
[  339.243362][ T8498] vlan2: entered allmulticast mode
[  339.248650][ T8498] hsr0: entered allmulticast mode
[  339.258294][ T8498] hsr_slave_0: entered allmulticast mode
[  339.264562][ T8498] hsr_slave_1: entered allmulticast mode
[  341.260532][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  341.280441][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  341.292207][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  341.310346][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  341.319356][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  341.813909][ T8542] loop2: detected capacity change from 0 to 14
[  341.838913][ T6318] Dev loop2: unable to read RDB block 14
[  341.985904][ T6318]  loop2: unable to read partition table
[  342.006429][ T6318] loop2: partition table beyond EOD, truncated
[  343.038618][ T8563] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  343.354399][ T8570] 8021q: VLANs not supported on ip_vti0
[  343.378119][   T51] Bluetooth: hci1: command tx timeout
[  344.550256][ T5829] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  345.230223][ T5829] usb 4-1: Using ep0 maxpacket: 16
[  345.242712][ T5829] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  345.242769][ T5829] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  345.242795][ T5829] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.254198][ T5829] usb 4-1: config 0 descriptor??
[  345.451031][   T51] Bluetooth: hci1: command tx timeout
[  345.497449][ T5829] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  345.497504][ T5829] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  345.497533][ T5829] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  345.497560][ T5829] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  345.497588][ T5829] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  345.498612][ T5829] mcp2221 0003:04D8:00DD.0004: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  345.565938][ T8535] chnl_net:caif_netlink_parms(): no params data found
[  345.646684][ T5930] IPVS: starting estimator thread 0...
[  345.649599][ T5829] usb 4-1: USB disconnect, device number 20
[  345.821933][ T8592] IPVS: using max 24 ests per chain, 57600 per kthread
[  346.847504][ T8606] netlink: 9280 bytes leftover after parsing attributes in process `syz.2.629'.
[  346.857320][ T5976] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  346.962207][ T8535] bridge0: port 1(bridge_slave_0) entered blocking state
[  347.009393][ T8535] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.030687][ T5976] usb 4-1: Using ep0 maxpacket: 16
[  347.039172][ T5976] usb 4-1: config 1 has an invalid interface number: 105 but max is 0
[  347.047717][ T8535] bridge_slave_0: entered allmulticast mode
[  347.064380][ T5976] usb 4-1: config 1 has no interface number 0
[  347.079158][ T5976] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  347.083675][ T8535] bridge_slave_0: entered promiscuous mode
[  347.095377][ T5976] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  347.095413][ T5976] usb 4-1: config 1 interface 105 has no altsetting 0
[  347.098303][ T5976] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  347.124806][ T5976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.137877][ T5976] usb 4-1: Product: syz
[  347.142374][ T5976] usb 4-1: Manufacturer: syz
[  347.147020][ T5976] usb 4-1: SerialNumber: syz
[  347.216945][ T8602] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  347.237521][ T8602] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  347.384593][ T8535] bridge0: port 2(bridge_slave_1) entered blocking state
[  347.397749][ T8535] bridge0: port 2(bridge_slave_1) entered disabled state
[  347.409650][ T8535] bridge_slave_1: entered allmulticast mode
[  347.421820][ T8535] bridge_slave_1: entered promiscuous mode
[  347.550271][   T51] Bluetooth: hci1: command tx timeout
[  348.388064][ T8602] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  348.439007][ T8602] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  349.391982][ T5976] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  349.392350][ T8535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  349.547715][ T8535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  349.610594][   T51] Bluetooth: hci1: command tx timeout
[  349.632577][ T5976] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  349.985639][ T8535] team0: Port device team_slave_0 added
[  350.045415][ T8535] team0: Port device team_slave_1 added
[  350.534872][ T5976] aqc111 4-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, da:bf:e9:f6:f6:27
[  350.892660][ T5976] usb 4-1: USB disconnect, device number 21
[  350.894771][ T5976] aqc111 4-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  351.007010][ T8535] batman_adv: batadv0: Adding interface: batadv_slave_0
[  351.007037][ T8535] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  351.007076][ T8535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  351.009399][ T8535] batman_adv: batadv0: Adding interface: batadv_slave_1
[  351.009414][ T8535] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  351.009451][ T8535] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  351.682544][ T5976] aqc111 4-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  351.682633][ T5976] aqc111 4-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  351.682717][ T5976] aqc111 4-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  351.702344][   T30] audit: type=1800 audit(1755365759.658:100): pid=8642 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.634" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  351.707291][ T8642] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  351.707330][ T8642] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  351.707344][ T8642] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  351.768894][ T8535] hsr_slave_0: entered promiscuous mode
[  351.778331][ T8535] hsr_slave_1: entered promiscuous mode
[  351.779281][ T8535] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  351.779343][ T8535] Cannot create hsr debugfs directory
[  351.813803][ T8642] syz.3.634 (8642) used greatest stack depth: 18392 bytes left
[  352.234638][ T8655] binder: 8651:8655 ioctl c018620c 200000000280 returned -22
[  352.526732][ T8660] tipc: Started in network mode
[  352.542924][ T8660] tipc: Node identity ac14140f, cluster identity 4711
[  352.554543][ T8660] tipc: New replicast peer: 255.255.255.255
[  352.572952][ T8660] tipc: Enabled bearer <udp:syz2>, priority 10
[  353.000215][ T5829] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  353.180227][ T5829] usb 2-1: Using ep0 maxpacket: 32
[  353.194888][ T5829] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  353.203941][ T5829] usb 2-1: config 0 has no interface number 0
[  353.269387][ T5829] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  353.293984][ T5829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.324773][ T5829] usb 2-1: Product: syz
[  353.344551][ T5829] usb 2-1: Manufacturer: syz
[  353.365164][ T5829] usb 2-1: SerialNumber: syz
[  353.396809][ T5829] usb 2-1: config 0 descriptor??
[  353.422324][ T5829] smsc95xx v2.0.0
[  353.509463][ T8535] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  353.536624][ T8535] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  353.586728][ T8535] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  353.623606][ T8535] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  353.692208][ T5976] tipc: Node number set to 2886997007
[  353.828648][ T5829] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  353.850289][ T5829] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  353.960698][ T5978] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  354.016997][ T8535] 8021q: adding VLAN 0 to HW filter on device bond0
[  354.072059][ T5829] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  354.090759][ T5829] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -61
[  354.145144][ T8535] 8021q: adding VLAN 0 to HW filter on device team0
[  354.174983][ T1001] bridge0: port 1(bridge_slave_0) entered blocking state
[  354.182246][ T1001] bridge0: port 1(bridge_slave_0) entered forwarding state
[  354.259286][ T1001] bridge0: port 2(bridge_slave_1) entered blocking state
[  354.266658][ T1001] bridge0: port 2(bridge_slave_1) entered forwarding state
[  354.277892][ T5978] usb 3-1: config 0 has an invalid interface number: 178 but max is 0
[  354.286497][ T5978] usb 3-1: config 0 has no interface number 0
[  354.297984][ T5978] usb 3-1: config 0 interface 178 altsetting 0 bulk endpoint 0xE has invalid maxpacket 8
[  354.308208][ T5978] usb 3-1: New USB device found, idVendor=05da, idProduct=00a3, bcdDevice=9d.36
[  354.318050][ T5978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.040501][ T8690] netlink: 12 bytes leftover after parsing attributes in process `syz.1.638'.
[  355.061461][ T8690] tipc: Disabling bearer <udp:syz2>
[  355.080286][ T5978] usb 3-1: config 0 descriptor??
[  355.091197][ T8675] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  355.992083][ T8699] overlayfs: conflicting lowerdir path
[  356.036815][ T8701] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  357.392857][ T5978] usb 3-1: string descriptor 0 read error: -71
[  357.401235][ T5978] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 6 is not bulk.
[  357.407947][ T5949] usb 2-1: USB disconnect, device number 18
[  357.411016][ T5978] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 11 is not bulk.
[  357.411038][ T5978] microtek usb (rev 0.4.3): couldn't find two input bulk endpoints. Bailing out.
[  357.416594][ T5978] usb 3-1: USB disconnect, device number 14
[  358.121918][ T5976] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  358.280353][ T5976] usb 4-1: Using ep0 maxpacket: 8
[  358.338809][ T5976] usb 4-1: config 150 has an invalid interface number: 204 but max is 1
[  358.417256][ T5976] usb 4-1: config 150 has no interface number 0
[  358.475408][ T5976] usb 4-1: config 150 interface 204 has no altsetting 0
[  358.547092][ T5976] usb 4-1: config 150 interface 1 has no altsetting 0
[  358.582389][ T5976] usb 4-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  358.830080][ T5976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.838707][ T5976] usb 4-1: Product: syz
[  358.843308][ T5976] usb 4-1: Manufacturer: syz
[  358.843814][ T8535] 8021q: adding VLAN 0 to HW filter on device batadv0
[  358.847926][ T5976] usb 4-1: SerialNumber: syz
[  359.927864][ T8740] tmpfs: Unknown parameter 'gr@'
[  360.730722][ T5976] xr_serial 4-1:150.204: xr_serial converter detected
[  360.890621][ T5976] xr_serial ttyUSB0: Failed to set reg 0x60: -71
[  360.919005][ T5976] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  361.180812][ T5976] usb 4-1: USB disconnect, device number 22
[  361.190003][ T5976] xr_serial 4-1:150.204: device disconnected
[  362.614981][ T8755] libceph: resolve '4' (ret=-3): failed
[  363.532349][ T5949] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  363.891519][ T8535] veth0_vlan: entered promiscuous mode
[  363.979368][ T8535] veth1_vlan: entered promiscuous mode
[  364.125341][ T8535] veth0_macvtap: entered promiscuous mode
[  364.145593][ T5949] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  364.176476][ T8535] veth1_macvtap: entered promiscuous mode
[  364.182909][ T5949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.197672][ T5949] usb 3-1: Product: syz
[  364.216408][ T5949] usb 3-1: Manufacturer: syz
[  364.231200][ T5949] usb 3-1: SerialNumber: syz
[  364.358149][ T8535] batman_adv: batadv0: Interface activated: batadv_slave_0
[  364.381294][ T5949] usb 3-1: config 0 descriptor??
[  365.195965][ T8535] batman_adv: batadv0: Interface activated: batadv_slave_1
[  365.207671][ T8535] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  365.222534][ T8535] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  365.232363][ T8535] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  365.241700][ T8535] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  365.316607][ T8775] xt_TPROXY: Can be used only with -p tcp or -p udp
[  365.319890][ T5949] usb 3-1: USB disconnect, device number 15
[  365.402633][ T5903] udevd[5903]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  367.740464][ T5949] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  367.776769][ T1324] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  367.801252][ T1324] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  368.913005][ T5949] usb 5-1: config 0 has an invalid interface number: 128 but max is 0
[  368.954089][ T5949] usb 5-1: config 0 has no interface number 0
[  369.198657][ T5949] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  369.241726][ T5949] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.272149][ T6581] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  369.280032][ T6581] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  369.309712][ T5949] usb 5-1: Product: syz
[  369.319459][ T5949] usb 5-1: Manufacturer: syz
[  369.328269][ T5949] usb 5-1: SerialNumber: syz
[  369.380970][ T5949] usb 5-1: config 0 descriptor??
[  370.099772][ T5949] usb 5-1: Firmware version (0.0) predates our first public release.
[  370.197486][ T5949] usb 5-1: Please update to version 0.2 or newer
[  370.615139][ T5949] usb 5-1: USB disconnect, device number 27
[  371.133489][ T8827] Invalid source name
[  371.137752][ T8827] UBIFS error (pid: 8827): cannot open "usrquota", error -22
[  372.379616][ T8840] Cannot find set identified by id 0 to match
[  373.146604][ T8848] veth0_to_team: entered promiscuous mode
[  373.152773][ T8848] veth0_to_team: entered allmulticast mode
[  374.191624][ T8857] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  376.021317][ T8872] Invalid source name
[  376.025592][ T8872] UBIFS error (pid: 8872): cannot open "usrquota", error -22
[  378.149902][ T8881] Cannot find set identified by id 0 to match
[  378.805760][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  378.819134][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  379.468966][ T8890] netlink: 'syz.4.690': attribute type 2 has an invalid length.
[  379.501211][ T8890] netlink: 16 bytes leftover after parsing attributes in process `syz.4.690'.
[  379.842655][   T30] audit: type=1326 audit(1755365787.788:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8894 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbb96785ba7 code=0x7ffc0000
[  379.892689][ T8898] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  379.914895][   T30] audit: type=1326 audit(1755365787.788:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8894 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb9672add9 code=0x7ffc0000
[  379.946816][   T30] audit: type=1326 audit(1755365787.788:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8894 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb9678ebe9 code=0x7ffc0000
[  379.971857][   T30] audit: type=1326 audit(1755365787.788:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8894 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbb96785ba7 code=0x7ffc0000
[  379.977316][ T8895] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  379.996288][   T30] audit: type=1326 audit(1755365787.788:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8894 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb9672add9 code=0x7ffc0000
[  380.091161][   T30] audit: type=1326 audit(1755365787.788:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8894 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7fbb9678ebe9 code=0x7ffc0000
[  380.270065][   T30] audit: type=1326 audit(1755365787.798:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8894 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbb96785ba7 code=0x7ffc0000
[  380.294323][   T30] audit: type=1326 audit(1755365787.798:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8894 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb9672add9 code=0x7ffc0000
[  380.433667][ T8909] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  380.441026][ T8909] overlayfs: failed to set xattr on upper
[  380.446907][ T8909] overlayfs: ...falling back to redirect_dir=nofollow.
[  380.454058][ T8909] overlayfs: ...falling back to index=off.
[  380.459936][ T8909] overlayfs: ...falling back to uuid=null.
[  381.450807][   T30] audit: type=1326 audit(1755365787.798:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8894 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb9678ebe9 code=0x7ffc0000
[  381.472528][   T30] audit: type=1326 audit(1755365787.798:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8894 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbb96785ba7 code=0x7ffc0000
[  381.815288][ T8920] ------------[ cut here ]------------
[  381.821227][ T8920] WARNING: CPU: 1 PID: 8920 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310
[  381.831091][ T8920] Modules linked in:
[  381.835755][ T8920] CPU: 1 UID: 0 PID: 8920 Comm: syz.4.695 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  381.846276][ T8920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  381.856663][ T8920] RIP: 0010:folio_memcg+0x1a8/0x310
[  381.862062][ T8920] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7f 20 65 09 cc e8 19 e3 bb ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  381.881858][ T8920] RSP: 0018:ffffc90004a7f250 EFLAGS: 00010283
[  381.888068][ T8920] RAX: ffffffff820442a7 RBX: 0000000000000000 RCX: 0000000000080000
[  381.896138][ T8920] RDX: ffffc9000d05e000 RSI: 0000000000001d74 RDI: 0000000000001d75
[  381.904368][ T8920] RBP: 0000000000000000 R08: ffffea000164a4c7 R09: 1ffffd40002c9498
[  381.912553][ T8920] R10: dffffc0000000000 R11: fffff940002c9499 R12: ffffea000164a4f0
[  381.920913][ T8920] R13: dffffc0000000000 R14: ffff88814c14cb00 R15: 0000000000000002
[  381.929136][ T8920] FS:  00007f74f7c396c0(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  381.939510][ T8920] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  381.947407][ T8920] CR2: 0000000000000000 CR3: 0000000033aa6000 CR4: 00000000003526f0
[  381.955609][ T8920] Call Trace:
[  381.959018][ T8920]  <TASK>
[  381.962036][ T8920]  workingset_activation+0x5f/0x4a0
[  381.967288][ T8920]  ? folio_mark_accessed+0x361/0x4a0
[  381.972831][ T8920]  folio_mark_accessed+0x3b5/0x4a0
[  381.978017][ T8920]  kvm_release_page_clean+0x9a/0xe0
[  381.983400][ T8920]  kvm_tdp_page_fault+0x2dd/0x370
[  381.988477][ T8920]  kvm_mmu_do_page_fault+0x2c5/0x640
[  381.994082][ T8920]  ? vmx_vcpu_run+0xd8b/0x25d0
[  381.998915][ T8920]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  382.004898][ T8920]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  382.010764][ T8920]  kvm_mmu_page_fault+0x22f/0xb70
[  382.015864][ T8920]  ? __pfx_handle_ept_violation+0x10/0x10
[  382.021696][ T8920]  vmx_handle_exit+0x1090/0x18a0
[  382.026685][ T8920]  ? vcpu_run+0x361c/0x6f70
[  382.031465][ T8920]  vcpu_run+0x432e/0x6f70
[  382.036670][ T8920]  ? vcpu_run+0x361c/0x6f70
[  382.041816][ T8920]  ? __pfx_vcpu_run+0x10/0x10
[  382.046643][ T8920]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  382.053321][ T8920]  ? rcu_is_watching+0x15/0xb0
[  382.058171][ T8920]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  382.063894][ T8920]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  382.069669][ T8920]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  382.075999][ T8920]  ? rcu_is_watching+0x15/0xb0
[  382.080874][ T8920]  ? look_up_lock_class+0x74/0x170
[  382.086053][ T8920]  ? register_lock_class+0x51/0x320
[  382.091804][ T8920]  ? __lock_acquire+0xab9/0xd20
[  382.096750][ T8920]  kvm_vcpu_ioctl+0x95c/0xe90
[  382.101554][ T8920]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  382.106803][ T8920]  ? __lock_acquire+0xab9/0xd20
[  382.111886][ T8920]  ? __asan_memset+0x22/0x50
[  382.116563][ T8920]  ? smack_file_ioctl+0x302/0x340
[  382.121856][ T8920]  ? __pfx_smack_file_ioctl+0x10/0x10
[  382.127259][ T8920]  ? __fget_files+0x2a/0x420
[  382.131902][ T8920]  ? __fget_files+0x3a0/0x420
[  382.136685][ T8920]  ? __fget_files+0x2a/0x420
[  382.141357][ T8920]  ? bpf_lsm_file_ioctl+0x9/0x20
[  382.146710][ T8920]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  382.152464][ T8920]  __se_sys_ioctl+0xfc/0x170
[  382.157071][ T8920]  do_syscall_64+0xfa/0x3b0
[  382.161650][ T8920]  ? lockdep_hardirqs_on+0x9c/0x150
[  382.166856][ T8920]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.173062][ T8920]  ? clear_bhb_loop+0x60/0xb0
[  382.177743][ T8920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.183770][ T8920] RIP: 0033:0x7f74f6d8ebe9
[  382.188254][ T8920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  382.207959][ T8920] RSP: 002b:00007f74f7c39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  382.216437][ T8920] RAX: ffffffffffffffda RBX: 00007f74f6fb6090 RCX: 00007f74f6d8ebe9
[  382.224459][ T8920] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000b
[  382.232490][ T8920] RBP: 00007f74f6e11e19 R08: 0000000000000000 R09: 0000000000000000
[  382.240801][ T8920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  382.249053][ T8920] R13: 00007f74f6fb6128 R14: 00007f74f6fb6090 R15: 00007ffc3d5b8408
[  382.257338][ T8920]  </TASK>
[  382.260402][ T8920] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  382.267682][ T8920] CPU: 1 UID: 0 PID: 8920 Comm: syz.4.695 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  382.277491][ T8920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  382.287653][ T8920] Call Trace:
[  382.290958][ T8920]  <TASK>
[  382.293916][ T8920]  dump_stack_lvl+0x99/0x250
[  382.298541][ T8920]  ? __asan_memcpy+0x40/0x70
[  382.303142][ T8920]  ? __pfx_dump_stack_lvl+0x10/0x10
[  382.308355][ T8920]  ? __pfx__printk+0x10/0x10
[  382.312957][ T8920]  panic+0x2db/0x790
[  382.316854][ T8920]  ? __pfx_panic+0x10/0x10
[  382.321319][ T8920]  __warn+0x31b/0x4b0
[  382.325318][ T8920]  ? folio_memcg+0x1a8/0x310
[  382.330077][ T8920]  ? folio_memcg+0x1a8/0x310
[  382.334731][ T8920]  report_bug+0x2be/0x4f0
[  382.339271][ T8920]  ? folio_memcg+0x1a8/0x310
[  382.343901][ T8920]  ? folio_memcg+0x1a8/0x310
[  382.348529][ T8920]  ? folio_memcg+0x1aa/0x310
[  382.353155][ T8920]  handle_bug+0x84/0x160
[  382.357487][ T8920]  exc_invalid_op+0x1a/0x50
[  382.361995][ T8920]  asm_exc_invalid_op+0x1a/0x20
[  382.366843][ T8920] RIP: 0010:folio_memcg+0x1a8/0x310
[  382.372045][ T8920] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7f 20 65 09 cc e8 19 e3 bb ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  382.391753][ T8920] RSP: 0018:ffffc90004a7f250 EFLAGS: 00010283
[  382.397896][ T8920] RAX: ffffffff820442a7 RBX: 0000000000000000 RCX: 0000000000080000
[  382.405976][ T8920] RDX: ffffc9000d05e000 RSI: 0000000000001d74 RDI: 0000000000001d75
[  382.413978][ T8920] RBP: 0000000000000000 R08: ffffea000164a4c7 R09: 1ffffd40002c9498
[  382.421967][ T8920] R10: dffffc0000000000 R11: fffff940002c9499 R12: ffffea000164a4f0
[  382.429975][ T8920] R13: dffffc0000000000 R14: ffff88814c14cb00 R15: 0000000000000002
[  382.437955][ T8920]  ? folio_memcg+0x1a7/0x310
[  382.442573][ T8920]  workingset_activation+0x5f/0x4a0
[  382.447777][ T8920]  ? folio_mark_accessed+0x361/0x4a0
[  382.453074][ T8920]  folio_mark_accessed+0x3b5/0x4a0
[  382.458306][ T8920]  kvm_release_page_clean+0x9a/0xe0
[  382.463645][ T8920]  kvm_tdp_page_fault+0x2dd/0x370
[  382.469210][ T8920]  kvm_mmu_do_page_fault+0x2c5/0x640
[  382.474521][ T8920]  ? vmx_vcpu_run+0xd8b/0x25d0
[  382.479403][ T8920]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  382.485321][ T8920]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  382.491005][ T8920]  kvm_mmu_page_fault+0x22f/0xb70
[  382.496079][ T8920]  ? __pfx_handle_ept_violation+0x10/0x10
[  382.502000][ T8920]  vmx_handle_exit+0x1090/0x18a0
[  382.506997][ T8920]  ? vcpu_run+0x361c/0x6f70
[  382.511647][ T8920]  vcpu_run+0x432e/0x6f70
[  382.515996][ T8920]  ? vcpu_run+0x361c/0x6f70
[  382.520668][ T8920]  ? __pfx_vcpu_run+0x10/0x10
[  382.525550][ T8920]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  382.531314][ T8920]  ? rcu_is_watching+0x15/0xb0
[  382.536268][ T8920]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  382.541830][ T8920]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  382.547554][ T8920]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  382.553560][ T8920]  ? rcu_is_watching+0x15/0xb0
[  382.558522][ T8920]  ? look_up_lock_class+0x74/0x170
[  382.563637][ T8920]  ? register_lock_class+0x51/0x320
[  382.568841][ T8920]  ? __lock_acquire+0xab9/0xd20
[  382.573707][ T8920]  kvm_vcpu_ioctl+0x95c/0xe90
[  382.578390][ T8920]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  382.583587][ T8920]  ? __lock_acquire+0xab9/0xd20
[  382.588439][ T8920]  ? __asan_memset+0x22/0x50
[  382.593057][ T8920]  ? smack_file_ioctl+0x302/0x340
[  382.598077][ T8920]  ? __pfx_smack_file_ioctl+0x10/0x10
[  382.603456][ T8920]  ? __fget_files+0x2a/0x420
[  382.608083][ T8920]  ? __fget_files+0x3a0/0x420
[  382.612756][ T8920]  ? __fget_files+0x2a/0x420
[  382.617346][ T8920]  ? bpf_lsm_file_ioctl+0x9/0x20
[  382.622284][ T8920]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  382.627486][ T8920]  __se_sys_ioctl+0xfc/0x170
[  382.632082][ T8920]  do_syscall_64+0xfa/0x3b0
[  382.636586][ T8920]  ? lockdep_hardirqs_on+0x9c/0x150
[  382.641868][ T8920]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.647929][ T8920]  ? clear_bhb_loop+0x60/0xb0
[  382.652628][ T8920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.658535][ T8920] RIP: 0033:0x7f74f6d8ebe9
[  382.662965][ T8920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  382.682591][ T8920] RSP: 002b:00007f74f7c39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  382.691016][ T8920] RAX: ffffffffffffffda RBX: 00007f74f6fb6090 RCX: 00007f74f6d8ebe9
[  382.698994][ T8920] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000b
[  382.706967][ T8920] RBP: 00007f74f6e11e19 R08: 0000000000000000 R09: 0000000000000000
[  382.714955][ T8920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  382.722927][ T8920] R13: 00007f74f6fb6128 R14: 00007f74f6fb6090 R15: 00007ffc3d5b8408
[  382.730929][ T8920]  </TASK>
[  382.734221][ T8920] Kernel Offset: disabled
[  382.738554][ T8920] Rebooting in 86400 seconds..