last executing test programs:

11m0.26710199s ago: executing program 4 (id=24):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES32], 0x50)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, 0x0}], 0x1, 0x31, 0x0, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@x86={0x3, 0x1, 0xfb, 0x0, 0x10005, 0x5, 0x3, 0xd4, 0x7, 0x2, 0x4, 0x1, 0x0, 0x7, 0x3, 0xd6, 0x5, 0x9, 0x6, '\x00', 0x8, 0x1})
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

10m59.580959392s ago: executing program 4 (id=30):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000980)=@bridge_delneigh={0x28, 0x1c, 0xc07, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x976e2df3e7542dc7, 0xa4, 0x2}, [@NDA_DST_MAC={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}}]}, 0x28}}, 0x8000)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x6, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000300), &(0x7f0000000000)=""/10, 0x2}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r1, &(0x7f0000000180)}, 0x20)

10m59.207850306s ago: executing program 4 (id=32):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c)
recvfrom$inet6(r0, 0x0, 0x0, 0x40000060, 0x0, 0x0)

10m59.056919637s ago: executing program 4 (id=33):
socket$nl_generic(0x10, 0x3, 0x10)
socket$key(0xf, 0x3, 0x2)
setgroups(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
syz_emit_ethernet(0x72, &(0x7f0000000440)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaabb86dd60004000003c3c002001fff2ff0000000000000000000000ff0200000000000000000000000000010004000000000000c910"], 0x0)

10m57.859138413s ago: executing program 4 (id=36):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f00000003c0)={{0x14}, [], {0x14}}, 0x28}}, 0x0)

10m57.348793073s ago: executing program 4 (id=39):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$unix(0x1, 0x2, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x7)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @broadcast})
sendto$packet(r3, &(0x7f0000000380)='\x00', 0x1, 0x40000c5, &(0x7f00000001c0)={0x11, 0xf7, r2, 0x1, 0x2f, 0x6, @random="52a929fe9c6c"}, 0x14)

10m42.979693445s ago: executing program 32 (id=35):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@loopback, 0x0, 0x0, 0x4e23, 0x0, 0x2, 0x0, 0x20}, {0x0, 0x0, 0x803, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x1, 0x105}, 0xa, 0x1, 0x1, 0x0, 0xbcef9cd1b0ec8f17}}, 0xb8}, 0x1, 0x0, 0x0, 0x88c0}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
inotify_init1(0x180800)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f00000005c0), &(0x7f0000000600)=0x1)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000001640)=@raw={'raw\x00', 0x8, 0x3, 0x228, 0x0, 0xffffffff, 0xffffffff, 0xe8, 0xffffffff, 0x1b8, 0xffffffff, 0xffffffff, 0x1b8, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xa}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x5, 0x2}, {0x0, 0x1, 0x2}}}}, {{@ip={@local, @dev={0xac, 0x14, 0x14, 0x3e}, 0xffffffff, 0xff000000, 'veth0_to_team\x00', 'team_slave_0\x00', {}, {0xff}, 0x6c, 0x3, 0x41}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0x3, 0x0, 0x3, 0x2, 0x7, 0x6], 0x4, 0x7}, {0xbfff, [0x3, 0x5, 0x5, 0x4, 0x1, 0x1], 0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x288)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
unshare(0x6020400)
r6 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
setns(r6, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
signalfd(r5, &(0x7f0000000040)={[0xffffffffffffff98]}, 0x8)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in=@dev={0xac, 0x14, 0x14, 0xe}, 0x8000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x8000, 0x3, 0x1}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0)
sendmsg$nl_xfrm(r7, &(0x7f00000000c0)={0x0, 0xa00, &(0x7f0000000080)={&(0x7f0000000040)=@flushpolicy={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@policy_type={0xa, 0x10, {0x1}}]}, 0x1c}}, 0x0)

10m41.990637301s ago: executing program 33 (id=39):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$unix(0x1, 0x2, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x7)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @broadcast})
sendto$packet(r3, &(0x7f0000000380)='\x00', 0x1, 0x40000c5, &(0x7f00000001c0)={0x11, 0xf7, r2, 0x1, 0x2f, 0x6, @random="52a929fe9c6c"}, 0x14)

10m36.757144566s ago: executing program 0 (id=95):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000079100000000000006b0ae0ff000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x4, 0xc4, &(0x7f00000002c0)=""/196}, 0x80)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000071122900000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x80)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x3, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0xc3200, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0/file0\x00', 0x116)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
close(r0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0xfffffffc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)

10m36.654148388s ago: executing program 0 (id=97):
bpf$MAP_CREATE(0x0, 0x0, 0x17)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
userfaultfd(0x80801)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
r3 = add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000005c0), 0x0, 0xffffffffffffffff)
keyctl$read(0xb, r3, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_xfrm(r4, 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
write$UHID_INPUT(r5, &(0x7f0000000e00)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383163030890e0879b0a71c6e70a9b336c959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d074d090acd3b78130daa61d8e8040000065802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae13f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea77b5602984e4de7c6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6932fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cff7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f2157322c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f19880f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060085ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e606000000e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999b596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f203903dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efe5496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5ca00000000000000008734dd73583df292892448039ef799cf0630becdcce04579f5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebd078ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9dec58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6b331b4603b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0006087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c2769310123cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f4647b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1de51f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d4db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72932b99b380000000000000006859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec8982b6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f900000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000002601e87b162dadc600", 0x1000}}, 0x1006)

10m35.391687631s ago: executing program 0 (id=101):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
r1 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3f}}, 0x10, &(0x7f00000000c0), 0x0, &(0x7f0000000100)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x4}}], 0x18}, 0x24008004)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x1c1903, 0x0)
ioctl$TIOCGRS485(r5, 0x542e, &(0x7f0000000000))
ioctl$KDGKBTYPE(r4, 0x4b33, &(0x7f0000000180))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800002, 0xe)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
keyctl$session_to_parent(0x12)
r6 = dup(0xffffffffffffffff)
write$UHID_INPUT(r6, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b32323b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdc69c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d9560ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f733b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

10m34.150997595s ago: executing program 0 (id=102):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chdir(&(0x7f0000000780)='./file0\x00')
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')

10m33.940231908s ago: executing program 0 (id=105):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000079100000000000006b0ae0ff000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x4, 0xc4, &(0x7f00000002c0)=""/196}, 0x80)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000071122900000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x80)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x3, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0xc3200, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0/file0\x00', 0x116)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
close(r0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0xfffffffc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)

10m33.337609327s ago: executing program 0 (id=107):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1800}], 0x0, 0x14720000, 0x0})

10m32.932958297s ago: executing program 34 (id=107):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1800}], 0x0, 0x14720000, 0x0})

8m42.469104328s ago: executing program 2 (id=353):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)

8m38.705790278s ago: executing program 2 (id=361):
socket$inet6(0xa, 0x80002, 0x88)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='map_files\x00')
readlinkat(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000540)=""/76, 0x4c)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x800, 0x0, 0xfe, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", "1f00", '#\x00\x00@\x00'}, 0x28)

8m35.894425566s ago: executing program 5 (id=364):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "231b"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, "0100"}, @local=@item_012={0x2, 0x2, 0x2, "9006"}, @main=@item_4={0x3, 0x0, 0x8, "749e821c"}, @local=@item_4={0x3, 0x2, 0x0, "8b923659"}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @main=@item_4={0x3, 0x0, 0x9, "85900eb7"}]}}, 0x0}, 0x0)

8m35.426042726s ago: executing program 2 (id=365):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x7ffffff7, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000400)={0x2, 0x4e24, @empty}, 0x10)
sendmmsg$inet(r1, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000280)="5338a3848b25", 0x6}], 0x1}}], 0x1, 0x20008000)
recvmsg(r1, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380)}, 0x123)
shutdown(r1, 0x1)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x10c}}, 0x0)
socket$unix(0x1, 0x5, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x84}, 0x8000)
sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x40000)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r5, 0x400448cb, 0x0)

8m34.457406601s ago: executing program 2 (id=367):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')

8m29.71354194s ago: executing program 2 (id=371):
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8=r1, @ANYRES64=r0], 0x0)

8m25.567391778s ago: executing program 5 (id=374):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r3, 0x0)

8m20.433920254s ago: executing program 5 (id=382):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, 0x0, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000140)={0x28, 0x2, 0x0, 0x0, &(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x1})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f00000000c0)={0x48})

8m20.39730915s ago: executing program 2 (id=383):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/udp6\x00')
preadv(r2, &(0x7f00000006c0)=[{0x0}, {&(0x7f0000000200)=""/136, 0x88}, {&(0x7f00000005c0)=""/241, 0xf1}], 0x3, 0x1, 0x804)

8m19.857945718s ago: executing program 5 (id=387):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r1, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x604ab000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff87}, &(0x7f0000000000)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcdf, 0x1, 0x0}, &(0x7f00000000c0)=0x40)

8m19.250950088s ago: executing program 5 (id=388):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000640), r0)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0)
r4 = syz_clone(0x11, 0x0, 0xfffffffffffffede, 0x0, 0x0, 0x0)
r5 = syz_open_procfs(r4, &(0x7f0000000100)='oom_score\x00')
pread64(r5, &(0x7f0000000500)=""/31, 0x1f, 0x6677)

8m15.679684268s ago: executing program 5 (id=390):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000c, 0x11, 0xffffffffffffffff, 0x100000000)
mremap(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000ffb000/0x3000)=nil)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
openat$cgroup_ro(r3, &(0x7f0000000100)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0xffffff04, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1, 0x4}})
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x40)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r4, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$key(r4, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)={0x2, 0x9, 0x0, 0x9, 0x2, 0x0, 0xffffffff, 0x25dfdbfe}, 0x10}}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)

8m3.285402254s ago: executing program 35 (id=383):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/udp6\x00')
preadv(r2, &(0x7f00000006c0)=[{0x0}, {&(0x7f0000000200)=""/136, 0x88}, {&(0x7f00000005c0)=""/241, 0xf1}], 0x3, 0x1, 0x804)

7m59.073569207s ago: executing program 36 (id=390):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000c, 0x11, 0xffffffffffffffff, 0x100000000)
mremap(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000ffb000/0x3000)=nil)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
openat$cgroup_ro(r3, &(0x7f0000000100)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0xffffff04, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1, 0x4}})
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x40)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r4, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$key(r4, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)={0x2, 0x9, 0x0, 0x9, 0x2, 0x0, 0xffffffff, 0x25dfdbfe}, 0x10}}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)

2m21.114569927s ago: executing program 9 (id=1191):
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
setuid(0xee00)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x10f, &(0x7f0000000380)={0x0, 0x46ee, 0x400, 0xffffdffe, 0x32e}, &(0x7f0000000140)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
io_uring_register$IORING_REGISTER_BUFFERS2(r2, 0xf, &(0x7f0000000300)={0x6, 0x1, 0x0, &(0x7f0000000a40)=[{&(0x7f00000004c0)=""/208, 0xd0}, {&(0x7f00000005c0)=""/156, 0x9c}, {&(0x7f0000000680)=""/196, 0xc4}, {&(0x7f0000000780)=""/194, 0xc2}, {&(0x7f0000000880)=""/208, 0xd0}, {&(0x7f00000009c0)=""/68, 0x44}], &(0x7f00000001c0)=[0xea96, 0x6, 0x9, 0x400]}, 0x20)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
prctl$PR_SET_IO_FLUSHER(0x39, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)={0x60, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0xfffd}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x8}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}}, 0x80)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r1, 0x22, &(0x7f00000000c0)=@un=@file={0x1, './file0\x00'}, 0x0, 0x0, 0x1})
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000ac0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffff}, 0x50)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xb, 0x1c, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b70300001b0000008500000086000000bf0900000000000055090100000000009500000000000000bf080000000000007b9af8ff00000000b5090500000000007baaf0ff00000000bda804000000000007080000f8ffffffbfa400000000000007000000f0ffffffb70200000800000018220000", @ANYRES32=r6, @ANYRESDEC=r2], &(0x7f0000000980)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r2, 0x3516, 0x67f, 0x64, 0x0, 0x0)

2m20.868812107s ago: executing program 9 (id=1193):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[], 0x454}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8)

2m20.828820739s ago: executing program 9 (id=1194):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000cc0)="adf802e5370fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412b", 0xf}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead", 0x51}], 0x2}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x21)

2m20.779315613s ago: executing program 9 (id=1195):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r0, 0xc040aed5, &(0x7f0000000240)={0x0, 0x107000})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x8000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_PRE_FAULT_MEMORY(r0, 0xc040aed5, &(0x7f0000000340)={0xeeef0000, 0x1f000})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
shutdown(0xffffffffffffffff, 0x1)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000140)={0x0, 0x9, 0x9, 0x1, 0x3}, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r2 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x8084)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_DELRULE={0x2c, 0x6, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x54}, 0x1, 0x0, 0x0, 0x20040804}, 0x0)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x7, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000800)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000001c0)={<r3=>0x0, @multicast2, @multicast1}, &(0x7f0000000280)=0xc)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x6, [@enum={0x6, 0x4, 0x0, 0x6, 0x4, [{0xf, 0x7ff}, {0x5, 0x9}, {0x0, 0x1}, {0xc, 0xa81}]}, @typedef]}, {0x0, [0x30, 0x0, 0x0, 0x5f]}}, &(0x7f0000000700)=""/93, 0x56, 0x5d, 0x0, 0x7d5876ae, 0x10000}, 0x28)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000ac0)={0xffffffffffffffff, 0xe0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000540)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, &(0x7f0000000780)=[0x0, 0x0], &(0x7f00000007c0)=[0x0], <r5=>0x0, 0xf4, &(0x7f0000000800)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000880), &(0x7f00000008c0), 0x8, 0x36, 0x8, 0x8, &(0x7f0000000980)}}, 0x10)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/unix\x00')
lseek(r6, 0x38, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x20, 0x1d, &(0x7f0000000600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x9}, {}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3b1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, &(0x7f0000000180), 0x41100, 0x4c, '\x00', r3, @netfilter, r4, 0x8, &(0x7f00000003c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0x4, 0x4, 0xe}, 0x10, r5, r6, 0x2, 0x0, &(0x7f0000000b00)=[{0x2, 0x3, 0x6, 0x3}, {0x0, 0x5, 0xb, 0x4}], 0x10, 0x4}, 0x94)

2m15.256246771s ago: executing program 9 (id=1211):
r0 = syz_genetlink_get_family_id$gtp(&(0x7f0000000200), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="5701000000000000000000000000080005000a010102080002000100000008000900010000"], 0x34}}, 0x0)

2m15.155073231s ago: executing program 9 (id=1212):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, 0x0, 0x0)

1m59.597616849s ago: executing program 37 (id=1212):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, 0x0, 0x0)

25.293798562s ago: executing program 6 (id=1597):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x9)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000180)={0x1, 0x6}, 0x8)

23.79380459s ago: executing program 6 (id=1602):
r0 = syz_io_uring_setup(0x2532, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x3, 0x20e}, &(0x7f0000000080), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {0x0}], 0x0, 0x2}, 0x20)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x34, 0x40, 0x1, 0x7fffc, 0x4, {0x1}, [@nested={0x4, 0x48}, @nested={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x10, 0x0, 0x1, [@nested={0x4, 0xb}, @nested={0x4, 0xf}]}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64}]}, 0x34}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b7020000b96871dfbfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000003c6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000301b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a9a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae58e99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472ad529cefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc979ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa09acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b183940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f009db49c6b8b19613e4d792cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x54}, 0x42)
pipe2(&(0x7f00000003c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000001d711839000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc1002}]})
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0xe7030000, 0x2, 0xffffffff, 0x3, 0x22}, 0x7})
r8 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x88400, 0x0)
ioctl$TCGETS2(r8, 0x802c542a, &(0x7f0000000040))
syz_init_net_socket$rose(0xb, 0x5, 0x0)
creat(&(0x7f0000000040)='./file2\x00', 0x118)

21.219394813s ago: executing program 6 (id=1607):
syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, 0x0)

21.023778556s ago: executing program 6 (id=1610):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r0)
mount$tmpfs(0x0, 0x0, 0x0, 0x2000, 0x0)
r1 = getpid()
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0)
r2 = syz_pidfd_open(r1, 0x0)
setns(r2, 0x24020000)
r3 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r3, 0x0)
mount$bind(0x0, &(0x7f00000002c0)='.\x00', 0x0, 0x1002831, 0x0)

20.127626295s ago: executing program 6 (id=1612):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3)
openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x20602, 0x0)
unshare(0x20040600)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x800, 0x0, 0x100000}, 0x0, &(0x7f0000000240)={0x1f, 0x2, 0xffff, 0x3, 0x4, 0x80000000000000, 0x6a9}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

19.13442719s ago: executing program 6 (id=1618):
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448c9, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000040)={0x0, 0x7a120, 0x5c})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040e0402030c"], 0x7)

6.710323428s ago: executing program 3 (id=1666):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f0000000240)={0x89}, 0x8)
r1 = socket(0xa, 0x1, 0x84)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f00000002c0)={0x1, {{0x2, 0x4e22, @multicast2}}, {{0x2, 0x4e22, @multicast2}}}, 0x108)
setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000400)={0x1, {{0x2, 0x4e20, @multicast2}}}, 0x90)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x2, @mcast1, 0x2}, 0x1c)
pipe2(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80880)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000040)={0x0, 0x0, "d607f8f9951e76c13f64323723e7eecdf40cf82223eb3d259266ec9c37865c6c1a4640ce1b22bb3327ef4f001d34c09f39c3539e4f8d3ee0878ae95bc7f52363c468b257ff3e24852548deb0091554f11ed2c41d078b9cf1fc8f725616b694bb4a6e4606c3fb19d1d2bd3c8c4e97da2213f9d5c3b90400000000000000c279f03558083906666827d61dcc3a633b72fad6265a293e3877adc1660edbc9a0307a25720a170e7f5670e419dc44febf7ddc73fd4a5a0b6c28665f7f46c7084e17c80926a103a2584ab40a68e528329dffafc3612e325c1eb4a3a92e156a97444800", "0615e456c196e819a321fdb3690bfab19538829a732a01781564ef7738cb5b82a704b3952f81c68bb4ceeaad63206f88201638e87c4981cbf9332cbc1c4d69e392bd33237ece7ad91e44edac0da8dacad81adf2e08c21ad6b44ce1f90bd618c255ca40cdb411485fb48a51d329c816b3488c7d032ef69c502c6e1236bd381efd410165988847c1dcb98a18ca2b853910e52044fa3b3026cb88de269537c8f26ffc3b15cbf279832bfc90bd95939043182e88050dfd2a4784a5d1453610fb1f1c2bac36c3ecd3e6fb756ef8880debeef3636afd981d8af4ab119928448f90351aec113335eacf52a18c87738d9679d3acc032a16fbefc64776f36c410a15b37bcd36e6a7cba931151b9c9ba5779d550e9ab21603a43a25f3b4895d8dc4f3ce0e7d5e964e888169ea79a0848e9338b3d34d62e963fbf98834f4455419907f0ffdb76373af77a34edee7789f56e7f01bdab9614a0d460f791a06e6cf5243bf2b3a1624a80ec7e1116f1c81f5ef4b895be74bf67eea9193428b58a8b62b7976d3d2e59796c46ec918c83cd49c3f43dbd2967586966c19ace7b0bef5f94eb333b362649f1bfa114f8b1f126e97ec672cff77e2130823fa7a1df6760c6a8917815e9f0a409ed32b133df7dc9afceffcd472b35145c83c9167764d25ce214133c6170adeb6653b30b226a3b6ff1363ac862a540c7fab584cd051ce7ee951e0f121d43cff75afbdec6bc6f6e8f7db58c8086751320d22ee8582e915cabc536e3767e9a9230c9ae8b92398f0ca2a7141ea4588af7afde10e5ec2a6fe85ba5712e126629d4e3998fc4721cb638f2ef8356049e3448466e2c400d5e8baf843fa399907cb526b791c5350ce29204cb6f0000000000000000cc28f032a745738faa12c2a34222942fef0ec0511da5fe0b565ceac429da7cc25cfe0320b40a514723e2392a6a251032343edb79fd83cd0a354837153542fd61b3156b54c566036e493250c3a3214738e3cacc24a50d5dfd17d5008b4ca629c3062f3417cb69c48b8b888ae51256bb4e6c68e95a71a00383ad9df263f6a775ded64fef20ed5cb5f31c33cb86f839d00a12e40cd31219113619c4e0585454cb1776278bfd7f5c4275792afb790e83ff0fc6925355c7aee7a070477d9ec2292366e39b9dc66f7adcf449a1a718e5217183faf0f679efc5cef20bcdcf2d12ea0684084ec0d693256e280025b23b5a08b7b1ebe7d41fb045793f971d6ee066604818cb09d86c1eda99a44c35476a113fd5d1a7543f8f99424ebb78dd9e00d719502a6eafa743a061fa3fa55e4deaa0a011b6b9d633f10e0c9446b5a2e3f6d6014ab00695366c1a6bf0c32f703aebb7988c7d4d322681458e85626302c70f37628835e1fcfff1da3099c0b4af433eb9a51f9609f2c0c09a98b18880c846b34d6ac0210f073765666100976ee1d928893f983580ea47a012144633b98e02c3e81869534ab985eb3a73e0bac892dac949f85db949285a6a7a490b1075467226af23df82d8dd09b7282490fbb3ada9ed4cae8f761aefbe0701de6b132f12044c58ac1c2607c8f51361de5bed021dea13fd0a440263cf0b304522a324b581ab274e7bdae5994316657b5c0ab0220d9b08739729f7a35d436878c182aec4f08dd161c11ee5b7937fae7835e8bfe98a44c8d4bbb2e0eee0cb5d7c93517e96a9fc8132e60f3ef7c735bea1934b37df451f981c8d9210e61278c871e6dad6ceb89aa4d7245658a63e65cec7b81d307426a60a31cc917844a14e1d9ad83bef1c9f736d1836687c950d1275caece0d46ab9f3b0e95d9cf560eb8134e8346b35e0a6f60e6a87a14c4aeb3e0d06158390660a52a6e44b524c1e16de2bf99870f78fc81d267072bc63e97d3f26d23fd59799ff2c847f6a724cebc2377a582ba73d99a610a095c28d66c60910ac64b7d18847fa98fd8528b72e0a149b082c731575b2e2763e67c821ba29eecd8b8c87981c4fb1fbbaaa4e8aa077ec98de1362fc7af7a0ac5e3297fd0d924124b2e255b5cc4f6b0873f3d34418d5ae0d6f734628f38cb9b856b2db3fbb2fafb76983eabc51a348e55789e997fa25cbe6e5031bd2e33d4e2686f964a65d1abf7f96a20a8b270b1522ace4adf6fdade5cd3f101574960d13267e2382f70027ebe5ef7f9418e14e6a8a130d2aec2253c8fe21825e3295774db0c9b1340ea28a96589ba0d9f79aa61b92aea6f704ef7f716d849b8c77e6922e198a086d8133491d0bb85b925825a6d307d7cc8f09c655aa3edabf84c75560dfb279ee3e8b825323279edc58c3161e72cf9ae02ef80d500da922c0abeb8b164abd9c17ef7c02e89000d67b0c2ddd078cacbf37c4826be3845948d598980d63c1d7aaf90cc20d17fc514926914e68e5de54b861200ffa4ce1cbc16e4ecf342a1176cdb561f7dea38b3ae0fd81260f72d34e6f33d364cf313d3b3161410dcbf5f0f0579a1d235b49bb5d27f85825b94f1899e7846d0292ad912d934574f9d55d2152dbfb39d662e6e0f2496182d012af8b4bebbdfa1d68e3e98c869fb5cd9612db97e6cc574444f4b5025ec9827bafc55341bf6ad3fd4fab2ee43f343cb9bcec0c38384b5699e5c6d5973ba591978275c51a40200d340b9ed3681f08c69f58320f538f9cd78a34eb6ed55710d2478ea4bd15813921817b42f88f1bb038033b519668f0a2e8693b9a19c7bcf96eec04bda625b31c32f4286be922ab2c87aa30310c8f46551450d5bc26b5fbfdedaae0f756384023bb9a28d3200cfeaedd63d6afe076513e8ad73d16607cd4ede16344e60d8707357e82b1089258c56d851a435e23ce0919825e04471dd61a44c43e87c2959d4e89311a30ee8be010094d0ef109bb210dda58b21b685b9e9c078c9ded6117d9a88dd7799291969851cd4c3f22b5f870a275a692188dafcf6e89ba87b0eb61011de031fda25fb3349901d40da2bbdb76eda41ec9fafd90fb23504ab150ca0033ea1d00000000000086ba3aaa79d0df4f2e4e4afa565e66d28aa167f835d080bf1d41d0e52dbf81c671f8eacae234bf4fc328302671fab46613b73daf2ace80aff2f80f6a9d84b82480178cc612aa90adfc80ab3bba7d1527fc6ab04f009011bf093494a0d329df4e53d855b1c0ff6a25d22052b3a778e1ca2fbe59c9eeedf99e13682d06da2695605200ee958ceba09a051e27a620fb78e7a352c182c8c2981ce822eeaf6323965b4b3f322d40d406a158b6f3cf5d74822de952fefc341d0dead6c1c8fed8e48e0a85b51c1dcc7796d3f45bb1f50467a475da76c356c9e031b096867da1dbb89c3a038d475dbcdb2df1278d5dba55c2fb5ba6a9778c2a244198491f0f7118db2ef0332f347afffb1b098b4c59041ccb0c286bb2dd40e7ec713f6ffe0b1067678c748615dae3c1e090f3739a9035767fb9972580d19fdef49a5071f99c3706b8fa4991f430721cf3ca11af0e3bd7c4d0cd0ab5b7d98ee66730c20a098110e4a15ce0bfc88c41fe375f261fe3557e14eb5ff4a2cdf6a008fd7b6702951b8456e940fbd269a0f3ed515ac03cfecce67027d579e1226bd7b7381827453550343566508d38790ee838c3bf85c6c91a45e7a44752f57313533a3e82e4042e65d346afb20c0527575f79080aef4e1aa8d5868d190c8d37bdae7592e41bed37b9d4c30d8126d3debde02dff25f5ef1e48133e2a41cd55347bd23dcce57a00189619db629c530dc112d22ac72bce353681264b5175be40b3ba84408d0f56762cc720e96c128447be7128748e185be2640115556bac64d060207e629b0144e501c1c49c6abd15c7982b01e22da2ad04bb28df1a27f31e18040c16406071d798bb40d901d001e22cc5ed870d08702f49f0021814cdd814901a13c7ab061bb4b8172c639b3449e24f656fee58186e69e6874ea95d946da781b49ca080ffb4a3c87746c661f43e9be52d0ba2ee368b9c143687c8846abac599069decf41e69fddcadf31c5f715917df12df4eedbfcc5805fe8e661b8fcd7b130d7bcc4a9a152de93a15dddacf3cf52479956185a3c5000d18ddce0236d5858c0d8761bca7446e3d30f3e8f48d5e8f86a60cbe46f038b1028ffd35590bdacfeebb86e28d42a923bdc3f9a307b919341a2a7dda096d41070db245c2c424aedd4a4bb9863169454d09f25fd0aa2da7bfc97ad7aca886dd998e041133e07899ad48f7cda600de48ac3951152dfbe6331b8acae24cfd2dd2b14696c75040685c756942a0d049ee9863a2e480388f93876f3910ecb3a59fa16c25b2b3636a542f92744495e10a4ce37f19f5c2256e2d61775d388e2a86b52f76add2f956aa02501f5badb94da12595b2bbf88b05dc70caae6766fd3df4f299d0ff71c8787249b255ea49b3d33b3f1a8c9403cb75d64264465c3578538382b23d721f8a49134020ca2d9e887d9949624ac6d63322b6507e277a0020db9bfa2928736b96c72fa3406a95adfe6b374ffa27001d37d3bbe725e75c257834572026c511f57dce67153a4008f9e75e07ed9237f600005800ee667c137fc78bc4fd4ebf4d228979ab0ccafbcd8b8daad76fb2abcfc585377ea6e19f170db898b950a7b0f4e75466a2ba26e7d60e0a6f5c54a3fe78677f3362c5b01ae791b62ee8a5d0fd65b739ece4f3b758d05a8e4e4ea7e4866ee67750ce2769f72a9f45780eadfae73b42d4dd4c614c797c694ece8af88cc732edabfa26ace57de54835c7551154dfa3be11a0d3b584c0887b2da84410a652e72cd563acbb2b02bb59370cebaaa80014e3ad280944eae6fbf8d5f85237257bb5b8e5ec3e52dc06f8394176b325a577804e9eb78d7015172d17ed15f905f705d56687f53988bb207c74fbeb2b03a700258e835362886239f4d8f1c2cf6d4d10ff26d2579ea40a5fb99e5b6d01cdeda050d3faa78ed674f2899be08332086c8bf0410a7d06099c50a2d949d49a0f21b43bcdfbdf435875cf5a9def46db63746574ee8a5b1fbcef411154e914dd9e5bb1b1bd2944581083fb66a017e7972df3daefc487e4198cb281d3a80637d52b41738b7f1a57c867d5b2ee5d72465657593339506fd0c3807cd6445eb54cfb5ca9d35ef93eec6383224ebf85197eb6ed75f6c324f6a0345a25be6bb52ed347e57ccb059b903fb7db4e9f46513a4158ce29c1f5d6081b556bbc471e89225cad81aed34dae0f90ee8e7237b3b286e29b49d7a1700c537b28571f7d7e2a55e10792d6f7779ddefa3febdea5693048372a45903c04f1035a96c6cfbe6f6c2b754581aac02f8a70e698be6e37fd411cf4b76317b47683f6b0f80dfdeef3a9767c7e5c30dff786093a21477431fea0458023953700"})
openat2$dir(0xffffffffffffff9c, &(0x7f0000001040)='./file0\x00', &(0x7f0000000140)={0x454a83, 0xc, 0x8}, 0x18)
ioctl$BTRFS_IOC_SPACE_INFO(r2, 0xc0109414, 0x0)
r4 = socket(0x15, 0x5, 0x0)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r6=>0x0})
connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f00000010c0)={@private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x26}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xb, 0x5, 0x4, 0x500, 0x5, 0x110040, r6})
bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-ce\x00'}, 0x58)
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000200000006110600000000000c6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1ad}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000004c0)=ANY=[@ANYRES32=r8, @ANYRES32=r7, @ANYRES64=r8], 0x10)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x12000, 0x0)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000000c0)={<r9=>0x0, 0x3}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000000140)={r9, 0x4d, "82d8fb0f5f749d1f03a0f190026cc52519ce20ec5e67b30e175cfbf043776f8ca536b33bc2e457c43764b3c4310d5ef04050da642fa67014bac9c7cb8854c47c382f961678361024e3c5d63dcb"}, &(0x7f00000001c0)=0x55)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r3, 0xc0406619, &(0x7f0000001080)={@desc={0x1, 0x0, @desc1}})
sendmmsg$inet6(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x897)

6.486738309s ago: executing program 1 (id=1669):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f0000000140)={0xc7, "405f05d329e426cee7d309d2952b0d4fe2da7450ed9fb97ae5252684da83c9fa86c6a923f8541b38955becfd52f558d68fbd552bbc721f4ef47bb7f19893cc6cb427542f1dd2770db8a1f551cf7648117fc330a92e404145bb893eb1d3d5177d833d4a19342959bdf1cbc37339be35f1a63f1b6d40be58f465f4d6979c7c37f544ab0e5008cfda15c399df15fe0ee877d6a86cd898ce5ffa9cada281f63e5ee0b3ce6877285ae7cb89afe475767d8bca93b9ff02b64d52187c98c7ba5eda9270d312da7add098c"})
r3 = io_uring_setup(0xdd4, &(0x7f0000000180)={0x0, 0xeb7f, 0x40, 0x2, 0x26c})
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r3, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = eventfd2(0x7, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r3, 0x7, &(0x7f00000000c0)=r4, 0x1)

6.33918728s ago: executing program 8 (id=1671):
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', 0x0, 0x208000, 0x0)

6.148825272s ago: executing program 8 (id=1672):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = fcntl$dupfd(r0, 0x406, 0xffffffffffffffff)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r1)

6.071918571s ago: executing program 3 (id=1673):
r0 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000000), &(0x7f0000000040)=0x4)

6.028217509s ago: executing program 1 (id=1674):
r0 = gettid()
timer_create(0x8, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0xffff, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0)

5.885708727s ago: executing program 7 (id=1675):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000003c0), 0x4d01, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000400)={0x1b})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r2 = accept$alg(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000009, 0x31, 0xffffffffffffffff, 0x802000)
r3 = socket$inet(0x2, 0x3, 0x14)
getsockopt$inet_buf(r3, 0x0, 0x20, 0x0, &(0x7f0000000200))
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x4, &(0x7f0000000580)=@framed={{0x18, 0x2, 0x0, 0x0, 0x77, 0x0, 0x0, 0x0, 0xffffffef}, [@call={0x85, 0x0, 0x0, 0x28}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
socket$alg(0x26, 0x5, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x5c, r8, 0x917, 0xa7, 0x1000000, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x3f}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @loopback}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @empty}}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}]}, 0x5c}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0x77, 0xfffffffffffffe2b, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x40, 0x972, &(0x7f0000006680))
getgid()
r9 = syz_open_dev$media(&(0x7f0000000000), 0x3, 0x0)
r10 = syz_open_dev$media(&(0x7f0000000380), 0x3, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r10, 0xc0287c02, &(0x7f0000000280)={0x80000000, 0x0, &(0x7f00000004c0)=[{{0x80000000, <r11=>0x0}}, {{<r12=>0x80000000}, {<r13=>0x80000000, <r14=>0x0}}]})
ioctl$MEDIA_IOC_SETUP_LINK(r10, 0xc0347c03, &(0x7f00000001c0)={{r12, r11, 0x1, [0x104, 0xf7df]}, {r13, r14, 0x4, [0x6, 0xfffff7ff]}, 0x2, [0x2, 0x3]})
ioctl$MEDIA_IOC_ENUM_LINKS(r9, 0xc0287c02, &(0x7f0000000140)={r12, &(0x7f0000000040), &(0x7f00000000c0)})
sendmsg$alg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000340)={0x0, 'bond_slave_1\x00', {0x3}, 0x2})

5.793933795s ago: executing program 3 (id=1676):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
r1 = socket$kcm(0x10, 0x2, 0x4)
add_key(&(0x7f0000000080)='blacklist\x00', 0x0, &(0x7f00000001c0)="030000000001000000b36d380977147683", 0x11, 0xffffffffffffffff)
close(r1)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x0, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x2}, 0x50)
socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)="5c00000013006bcc9e3be35c6e17aa33074b876c1d0000007ea60864160af36514000cc0080019000900000006001cc00200bc24eab5008000001e618294ff4051f60a84c9f4d4938037e786a6d00010000400000000000000c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4004004)
ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000000440)={0x2b, 0x1})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000000)={0x2, 0x0, 0xd, 0x5, 0x0, 0x101})
syz_clone(0x480, &(0x7f0000000040)="97a68586838137900afc312a05cfdb1fd4cc802c83aab9daf25c84b39bdf4dd1398e6d6fef33566cd322faef1f0ae58f115a73cb0b78a2a6", 0x38, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)="1cf0c0f387d6323963b52e67dcc29876b8e6f5d0d0f767ea7a618d7cde0b67fbeb87cbf9a0acc653078460ee2dd1ba9a34a60b10f355f576862d79e5d6e281d3086674158af7a19b35bc2216f8021779b7286805438cf135f518cdfc9be969c5491556c5c58ab1819ccfe619ba80148014739bdae6c3510781d82b588ebb686b1d463107dbc0a0e206355d2f23c72c89d695fd58f94da53aeceef1e0eed58b0f09f023e0cfe57192a7c1df60a68f1f0cc4")

5.79248038s ago: executing program 1 (id=1677):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'ip6erspan0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0xb, 0x80)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$EVIOCGABS2F(r2, 0x8018456f, &(0x7f0000000180)=""/23)
socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x48)
socket$packet(0x11, 0x3, 0x300)
mq_open(&(0x7f0000000000)='batadv_slave_1\xbb', 0x8c2, 0x30, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1d, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8a1}, 0x94)
close(0x3)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x50)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r4, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

5.756979252s ago: executing program 8 (id=1678):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x9, 0x0)
listen(r0, 0x9)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000480)={@local, @random="18c45d9979c9", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x7, 0x2, 0xfffe, 0x0, 0x8000, {[@generic={0x22, 0x2}, @exp_fastopen={0xfe, 0x4}, @nop]}}}}}}}, 0x0)

5.470042051s ago: executing program 8 (id=1679):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x100, 0xf3)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x48, 0x6, 0xfc, 0x8}, {0x28, 0x1, 0xf7, 0xfffff038}, {0x6, 0x6, 0x0, 0x1057f}]}, 0x10)
write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0xa052)
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000000140)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x66, @private2, 0x1}, 0x80, &(0x7f0000000180)=[{&(0x7f00000000c0)="83", 0x1}], 0x1}, 0x4000000)

3.552881281s ago: executing program 3 (id=1680):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c0000000a000000000000000000000202000000000000000300000d000000000300000003000000000000000300000004000000030000000000000000000005000000000000002e5f"], 0x0, 0x5e, 0x0, 0x1, 0x3}, 0x28)
r1 = syz_open_dev$video4linux(&(0x7f0000001240), 0x3, 0x109180)
ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f0000001340)={0xf010000, 0xfd, 0x7, 0xffffffffffffffff, 0x0, &(0x7f0000001300)={0x98090d, 0xffff, '\x00', @p_u16=0x0}})
syz_usb_connect$uac1(0x3, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="120150020000004035120e00400001020301090260000301e46003090400"], &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x5, {{0x6, 0x4, 0x0, 0x4, 0x18, 0x65, 0x4, 0x80, 0x29, 0x0, @local, @private=0xa010101, {[@timestamp_prespec={0x44, 0x4, 0xcf, 0x3, 0x8}]}}}}})
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35}, 0x28)
ioctl$XFS_IOC_SCRUB_METADATA(0xffffffffffffffff, 0xc040583c, &(0x7f0000000240)={0x1a, 0x162, 0x2, 0x4, 0x200})
prlimit64(0x0, 0x1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180005000000ffff000077b9080000009500000000d3a07e"], &(0x7f0000000080)='GPL\x00', 0x7, 0x4fa, &(0x7f0000000cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x1, 0x0, 0x0, 0xff3e, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x7, 0x1, 0x1, 0x0, 0x80}]}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000240)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
ioctl$VIDIOC_QUERYBUF_DMABUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000a80)={0x2, 0x1, 0x4, 0x800, 0xc, {}, {0x2, 0xc, 0x7, 0x7, 0x3, 0x52, "acac1f7a"}, 0x2, 0x4, {<r5=>0xffffffffffffffff}, 0xef85})
ioctl$XFS_IOC_GETVERSION(r5, 0x80087601, &(0x7f0000000b00))
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x1085, 0x0, 0x0, 0x0, 0x8, 0xffffffba, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94)
r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0xffffffffffffbf9f, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000cc0)={0x1, @pix_mp={0x0, 0x4, 0x31384142, 0x0, 0x2, [{0xfffffffc}, {}, {}, {}, {}, {}, {}, {0xfffffffe}], 0x0, 0x0, 0x0, 0x0, 0x7}})
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="201006000000065f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect$uac1(0x4, 0xb0, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0xff, 0x1235, 0x800c, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9e, 0x3, 0x1, 0x0, 0xe0, 0x4, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x9, 0x1b}, [@processing_unit={0x8, 0x24, 0x7, 0x4, 0x4, 0xbf, 's'}, @output_terminal={0x9, 0x24, 0x3, 0x2, 0x1ff, 0x5, 0x1, 0xa}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0xfd, 0x4, 0x6, 0x6, "74b1c4"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x0, 0x1, 0x8, 0x1}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x3, 0xa, 0x86, 0x4, "322b85"}, @as_header={0x7, 0x24, 0x1, 0x2, 0x2}, @as_header={0x7, 0x24, 0x1, 0x1, 0x2}]}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x1, 0xa, 0xf, {0x7, 0x25, 0x1, 0xc, 0x91, 0xf43}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x7ef, 0x7f, 0x5, 0x9b, {0x7, 0x25, 0x1, 0xc, 0x3, 0xfff}}}}}}}}]}}, &(0x7f0000000600)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x310, 0x6, 0x8, 0xd, 0x8, 0x3}, 0x3e, &(0x7f0000000140)={0x5, 0xf, 0x3e, 0x4, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "20701c321ffb734e6f569d8993fd6257"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x6, 0x76, 0x1}, @ssp_cap={0x18, 0x10, 0xa, 0x17, 0x3, 0x7, 0xff00, 0x101, [0xf, 0x3fc0, 0xffff0f]}]}, 0x7, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0xf0f4}}, {0x102, &(0x7f00000001c0)=@string={0x102, 0x3, "7ebe92f8e4f94a9f20d0c38d37075c320f7e5763f61cf742459cd2fbe7f298bac1f72a884d1dbde2b6851a54ae9380116490c7dee4c7df58b336fd21572905ac361af0aa316c1da509c5840d88adc85e0dbc1632a53f9432e4763ecff02727333a8792869c0959bd35f9ec5ea765e268a47089085d6dd53fc581bbdb339a374c467c2ec72339541b532f2ab3545ddd2ca1c48c2f19a701d843d164e9baa3d55b6792f15abb0135f6bdfee84c69d8a16d046350dfd52dcad4e9856675b215112c26b85184486a5afda3a386e1223d5f060ef002e318ef89bf3091614d99ddf73cb512826a8288d1d2c69a84092fabb4023a95cf2c6c62997c623540e9ed9b7873"}}, {0x8a, &(0x7f0000000380)=@string={0x8a, 0x3, "95b0199c7fc927ebd591e514de07ac43a6fd4606d0c6873f7b44a62cc37e540be045f7079dd7d97f812096560954774a4776817bab928f03b47f0be4ae3814937d1cbc18bf5041d0fb9bac498dad9e550634e3ff78894591ed2556dd4011114333bcee34ab05b03b200df70316bfa8e794ea172d11c6fa039b49db4a163d0fa5e570e9dc48a2c02a"}}, {0x7, &(0x7f0000000300)=@string={0x7, 0x3, "04bc3f980e"}}, {0x4a, &(0x7f0000000480)=@string={0x4a, 0x3, "9be40036bc756985e1f30cd70f594356bb4b2c71076863e9ecdb725128ddfa5b9ad82f3ff79761b337bccdcaa909554f758f6daa2810ef363edab16ba07a307d4cf290feb859d193"}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x810}}, {0xb7, &(0x7f0000000540)=@string={0xb7, 0x3, "540d5e485eb267e89eacd5b316874c6ab417ca4be10c3bd7a60c98fc9ec156f2791a173072084a1253cdc546e9fa7d32bd5391f6c93052af1871c8db43108df9c1cdbc913eb1d09fa9caf6170d4c3ba41a87a92f32767052fb72fca1b9c4cbecf3d5aeec5e6f4ed6ec531525e316d20d196bdb8691989fa654b4c305c04cee1f34d434a3082d3b75028b06a7eca2d3daceef2e9e0cc6a476a19d4866758e83acae6b12f422d6843e231fd969f9ea2fd1d03d4f2935"}}]})
syz_usb_connect$cdc_ecm(0x5, 0x5c, &(0x7f0000000740)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4a, 0x1, 0x1, 0x2, 0x20, 0x8, "", [{{0x9, 0x4, 0x0, 0x1, 0x3, 0x2, 0x6, 0x0, 0x1, {{0xb, 0x24, 0x6, 0x0, 0x0, "2a1f31c34589"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0xc076, 0x52, 0x6, 0x9}}, {[{{0x9, 0x5, 0x81, 0x3, 0x480, 0xff, 0x10, 0x2}}], {{0x9, 0x5, 0x82, 0x2, 0x400, 0xf8, 0x80, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x8, 0xd, 0x9}}}}}]}}]}}, &(0x7f0000000a40)={0xa, &(0x7f00000007c0)={0xa, 0x6, 0x201, 0x98, 0x56, 0x3, 0xff, 0x69}, 0x14f, &(0x7f0000000800)={0x5, 0xf, 0x14f, 0x5, [@generic={0x90, 0x10, 0x1, "c36a31d844a5e9533c26f24c2fd769290d8e905da426889ff34157e26f1b39f585dc1b5debed7e3c5c403d90b9900b7983ba204e05e3eb428263599d52fe64548bda827db742d694dd5ec7b912103f3c0a588be9ed9045a490f6d8daee250ead84d03b322a1217ab7efcbc729e7cc969db61dba72cca6bdd474a1e8a8d09d4d6448d11d34ae8a6dfd239868397"}, @ptm_cap={0x3}, @generic={0x99, 0x10, 0x4, "e1dddba2bacb81c2833e207cab2821a2da538ecee83027d1f45bb6583c9b7fe9e644a73160107b455d23245cd70d1caed87caf21503bf765889324b555a9fb38e2d86db6f94d2d51a8e547b5590af104ff3706733438b206368eeb640bb3ee3bb91be7ad577500be5bd23553620989913a80881cfd73b7702b6112def2da08771b59a53798efede99b351501633f490296d776df946c"}, @ss_container_id={0x14, 0x10, 0x4, 0x7f, "1de2b1f401957adcfa99b88f54f20d11"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x36}]}, 0x3, [{0x4, &(0x7f0000000980)=@string={0x4, 0x3, "67ca"}}, {0x4, &(0x7f00000009c0)=@lang_id={0x4, 0x3, 0x820}}, {0x4, &(0x7f0000000a00)=@lang_id={0x4, 0x3, 0x41c}}]})
r7 = syz_open_dev$midi(&(0x7f0000000b40), 0x3, 0x8000)
cachestat(r7, &(0x7f0000000b80)={0x2, 0x7fffffff}, &(0x7f0000000bc0), 0x0)
socket$nl_route(0x10, 0x3, 0x0)

3.536942224s ago: executing program 7 (id=1681):
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="0032b7a0c9003257000000e0ff5b9e00000000a9e9c97a874101631a7e92ce6d"], 0x6)
syz_emit_ethernet(0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000005c0)={0x2020}, 0x2020)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000140)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f00003b6000/0x4000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r1 = io_uring_setup(0x3e68, &(0x7f0000000040)={0x0, 0xc89a, 0x400, 0x8003, 0x62})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}}, 0x0)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
chroot(&(0x7f00000000c0)='./file1/file0\x00')
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

3.375879181s ago: executing program 7 (id=1682):
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@redirect_dir_nofollow}]})
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file7\x00', 0x1ac)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x541b, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', r0, &(0x7f0000000000)='./file7/file0\x00', 0xa)
r1 = open(&(0x7f0000000040)='.\x00', 0x20000, 0x5c)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file7\x00', 0x200901, 0x40)
renameat2(r2, &(0x7f0000000140)='./file0\x00', r1, &(0x7f0000000180)='./file0\x00', 0x4)

3.219926858s ago: executing program 1 (id=1683):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

3.179598436s ago: executing program 7 (id=1684):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f0000000140)={0xc7, "405f05d329e426cee7d309d2952b0d4fe2da7450ed9fb97ae5252684da83c9fa86c6a923f8541b38955becfd52f558d68fbd552bbc721f4ef47bb7f19893cc6cb427542f1dd2770db8a1f551cf7648117fc330a92e404145bb893eb1d3d5177d833d4a19342959bdf1cbc37339be35f1a63f1b6d40be58f465f4d6979c7c37f544ab0e5008cfda15c399df15fe0ee877d6a86cd898ce5ffa9cada281f63e5ee0b3ce6877285ae7cb89afe475767d8bca93b9ff02b64d52187c98c7ba5eda9270d312da7add098c"})
r3 = io_uring_setup(0xdd4, &(0x7f0000000180)={0x0, 0xeb7f, 0x40, 0x2, 0x26c})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = eventfd2(0x7, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r3, 0x7, &(0x7f00000000c0)=r4, 0x1)

1.302366019s ago: executing program 1 (id=1685):
socket(0x40000000015, 0x5, 0x0)
r0 = openat$vcsa(0xffffff9c, 0x0, 0x2000, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
r2 = syz_io_uring_setup(0x54d, &(0x7f0000000040)={0x0, 0x735a, 0x1, 0x804, 0x388, 0x0, r0}, &(0x7f0000000100)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x5}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x1, 0x2007, @fd=r1, 0xffffffffffffff7f, 0x0, 0x0, 0x4})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)

1.035717839s ago: executing program 7 (id=1686):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000240)={0x80000011})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40))

933.646195ms ago: executing program 1 (id=1687):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x21eae}}, 0x20}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
socket$unix(0x1, 0x1, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})

903.388356ms ago: executing program 7 (id=1688):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0)
write$rfkill(r0, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="98e0b5fb10000d03ffffffffea00000000000000", @ANYRES32=0x0, @ANYBLOB="000000000c1000001c0012800c0001006d6163766c616e000c0002800800090001000000140035006d6163766c616e300000000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x81}, 0x8000)

395.743941ms ago: executing program 3 (id=1689):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x4e0682, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0xe)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
fsetxattr$trusted_overlay_opaque(r0, &(0x7f00000000c0), &(0x7f0000000100), 0x2, 0x0)

368.052664ms ago: executing program 8 (id=1690):
r0 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x5c, r0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, r2, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x8001}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0xc}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast2}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x9}, @L2TP_ATTR_UDP_CSUM={0x5, 0xd, 0x1}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x46}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40800}, 0x1) (async, rerun: 64)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r1)
sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r3, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x80, r4, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x80}, 0x1, 0x0, 0x0, 0x8c0}, 0x20004040) (async)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, 0x1, 0x9, 0x3, 0x0, 0x0, {0x1}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4018980) (async)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
getsockname$l2tp6(r5, &(0x7f0000000580)={0xa, 0x0, 0x0, @dev}, &(0x7f00000005c0)=0x20) (async)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, r7, 0x100, 0x70bd2b, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x14}}, 0x80) (async, rerun: 32)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000740), r8)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000007c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_REGISTER_FRAME(r1, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x24, r4, 0x200, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000820}, 0x20004880) (async)
r10 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000900)) (async, rerun: 32)
r11 = syz_clone(0x48400, &(0x7f0000000940)="732371e53b23857f0531a5b6594ea0888fb00920476bdf4ee27731abded60d5b481c230d1b0f6d3cadab79dbc62fd6384ceb901ef37a3a69f407ec288a3e56ab3f1210fefcfff0f1dee0ed327452dedec60b556fccc67cf058f2c3f90496881139d681f98585aa0d826d4d889d181f989898be03dfb6c4b84bbc8777a0b9483782799aabc4a73ef56aec2834f631189b5cc70fbf0f296600683d11665a3fbe1fb4360368b1c869070139fee8de8d90d9c9fe3066fe076592df3e4106054bceaff8ab567323c3d23d616876b80b84416088685962fc462ba48e8b9bbaf22a81dba1ad9c60404e0ca744239d1be0095e", 0xef, &(0x7f0000000a40), &(0x7f0000000a80), &(0x7f0000000ac0)="1bbf49f135b9695f7118a40f5d46ff0e864e3ad404cf5f017c7cae3eacf8da3ff67462f87581f9a47f7f31541d4b82174e4d471ad9b75457e79087456bb87777789634e3d1c2b5387badb24a9416de56649bcb4f109afb6ad19f800d8a0f42e0ed88a3d7888489520c4b2780088e1dea422bd35f69eaaa74760384c73ce9b14425c07f6512b877bab5c1d1f0b4cabdb5e50754be37463cdbbcbf00aa131ac4413069f9cc40170021113c6f9a22327c8773d096") (rerun: 32)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f0000000c40)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x4c, r4, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x4}, @val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r9}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r9}, @NL80211_ATTR_NETNS_FD={0x8}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r10}, @NL80211_ATTR_PID={0x8, 0x52, r11}]}, 0x4c}, 0x1, 0x0, 0x0, 0x85069a660d62ae34}, 0x4000) (async)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000c80), r3) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000cc0)='./binderfs/binder0\x00', 0x800, 0x0)
r12 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000d40), r1)
sendmsg$IPVS_CMD_NEW_DEST(r3, &(0x7f0000000f40)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000f00)={&(0x7f0000000d80)={0x15c, r12, 0x30b, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@private=0xa010101}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xe, 0x2}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2, 0x4}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xffffffff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x56}]}, @IPVS_CMD_ATTR_SERVICE={0x8c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@rand_addr=' \x01\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private0}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@loopback}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x15c}, 0x1, 0x0, 0x0, 0x1}, 0x40011) (async)
sendmsg$NBD_CMD_CONNECT(r8, &(0x7f0000001040)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)={0x2c, 0x0, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x7}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xc}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x1) (async, rerun: 64)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000001080), r6) (async, rerun: 64)
sched_setscheduler(r11, 0x1, &(0x7f00000010c0)=0x3) (async, rerun: 64)
r13 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001140), r1) (rerun: 64)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000001200)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000011c0)={&(0x7f0000001180)={0x34, r13, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

214.884798ms ago: executing program 3 (id=1691):
request_key(&(0x7f00000010c0)='dns_resolver\x00', &(0x7f0000001100)={'syz', 0x2}, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)={0x40, 0x144, 0x5}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
mount$overlay(0x0, 0x0, 0x0, 0x21, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x2400, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1, 0x1, 0x7f})
sendmsg$IPCTNL_MSG_CT_GET_DYING(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0x2, 0x0, 0x7}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8924, &(0x7f0000001300)={'nr0\x00'})
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20)

0s ago: executing program 8 (id=1692):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr\x00')
r2 = open_tree(r1, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r2)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x800, &(0x7f0000001dc0)={0xf, 0x0, 0x40000}, 0x20)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000400)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000700)="ebe3a0e9796cfd0600e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0958730c5af785f0b6acb07f73e6b493e177d0f41ea9f444c9b1c759e26c0a0fcb0fc7811b38c9f091a22dfbb6cea5b", 0x78}], 0x2, 0x0, 0x0, 0x20040890}], 0x1, 0x20000090)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

kernel console output (not intermixed with test programs):

33307, setting to 1024
[  624.797916][   T31] usb 9-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  624.797930][   T31] usb 9-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[  624.797944][   T31] usb 9-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  624.797956][   T31] usb 9-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  624.811666][   T31] usb 9-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  624.811700][   T31] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  624.811720][   T31] usb 9-1: Product: syz
[  624.811731][   T31] usb 9-1: Manufacturer: syz
[  624.811744][   T31] usb 9-1: SerialNumber: syz
[  624.827875][   T31] usb 9-1: config 0 descriptor??
[  624.829432][T10568] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  624.897703][   T31] microtek usb (rev 0.4.3): expecting 3 got 2 endpoints! Bailing out.
[  625.260328][    T9] usb 8-1: new high-speed USB device number 46 using dummy_hcd
[  625.420027][    T9] usb 8-1: Using ep0 maxpacket: 16
[  625.424881][    T9] usb 8-1: config 0 has an invalid interface number: 251 but max is 0
[  625.424911][    T9] usb 8-1: config 0 has no interface number 0
[  625.424961][    T9] usb 8-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  625.424987][    T9] usb 8-1: config 0 interface 251 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  625.425010][    T9] usb 8-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  625.428946][    T9] usb 8-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  625.428965][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.428977][    T9] usb 8-1: Product: syz
[  625.428988][    T9] usb 8-1: Manufacturer: syz
[  625.429001][    T9] usb 8-1: SerialNumber: syz
[  626.552400][    T9] usb 8-1: config 0 descriptor??
[  626.553329][T10575] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  626.561264][    T9] asix 8-1:0.251: probe with driver asix failed with error -22
[  626.637434][ T5868] usb 9-1: USB disconnect, device number 24
[  626.844615][T10581] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1208'.
[  627.795982][T10590] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1211'.
[  628.006973][   T36] usb 8-1: USB disconnect, device number 46
[  628.110036][   T31] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[  628.250010][   T31] usb 9-1: device descriptor read/64, error -71
[  628.361816][T10594] mkiss: ax0: crc mode is auto.
[  628.515127][   T31] usb 9-1: new high-speed USB device number 26 using dummy_hcd
[  628.540028][   T36] usb 8-1: new high-speed USB device number 47 using dummy_hcd
[  628.660047][   T31] usb 9-1: device descriptor read/64, error -71
[  628.690105][   T36] usb 8-1: Using ep0 maxpacket: 32
[  628.713185][   T36] usb 8-1: config index 0 descriptor too short (expected 35577, got 27)
[  628.713216][   T36] usb 8-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  628.713237][   T36] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  628.713340][   T36] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 92
[  628.713364][   T36] usb 8-1: config 1 has no interface number 0
[  628.713495][   T36] usb 8-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  628.713523][   T36] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  628.770697][   T31] usb usb9-port1: attempt power cycle
[  628.817293][   T36] snd_usb_pod 8-1:1.1: Line 6 Pocket POD found
[  629.025624][   T36] snd_usb_pod 8-1:1.1: endpoint not available, using fallback values
[  629.026075][   T36] snd_usb_pod 8-1:1.1: invalid control EP
[  629.026093][   T36] snd_usb_pod 8-1:1.1: cannot start listening: -22
[  629.026420][   T36] snd_usb_pod 8-1:1.1: Line 6 Pocket POD now disconnected
[  629.027065][   T36] snd_usb_pod 8-1:1.1: probe with driver snd_usb_pod failed with error -22
[  629.260054][   T31] usb 9-1: new high-speed USB device number 27 using dummy_hcd
[  629.280960][   T31] usb 9-1: device descriptor read/8, error -71
[  629.288563][   T36] usb 8-1: USB disconnect, device number 47
[  629.520615][   T31] usb 9-1: new high-speed USB device number 28 using dummy_hcd
[  629.561997][   T31] usb 9-1: device descriptor read/8, error -71
[  629.671781][   T31] usb usb9-port1: unable to enumerate USB device
[  630.472474][ T5943] usb 8-1: new high-speed USB device number 48 using dummy_hcd
[  630.630052][ T5943] usb 8-1: Using ep0 maxpacket: 32
[  630.631959][ T5943] usb 8-1: config 0 has an invalid interface number: 146 but max is 0
[  630.631977][ T5943] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  630.631988][ T5943] usb 8-1: config 0 has no interface number 0
[  630.632013][ T5943] usb 8-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  630.632025][ T5943] usb 8-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  630.632040][ T5943] usb 8-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  630.632055][ T5943] usb 8-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  630.632069][ T5943] usb 8-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[  630.632084][ T5943] usb 8-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  630.632096][ T5943] usb 8-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  630.634860][ T5943] usb 8-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  630.634881][ T5943] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.634894][ T5943] usb 8-1: Product: syz
[  630.634902][ T5943] usb 8-1: Manufacturer: syz
[  630.634911][ T5943] usb 8-1: SerialNumber: syz
[  630.646499][ T5943] usb 8-1: config 0 descriptor??
[  630.647809][T10617] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  630.658570][ T5943] microtek usb (rev 0.4.3): expecting 3 got 2 endpoints! Bailing out.
[  633.372471][ T5943] usb 8-1: USB disconnect, device number 48
[  633.872599][T10632] FAULT_INJECTION: forcing a failure.
[  633.872599][T10632] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  633.872684][T10632] CPU: 0 UID: 0 PID: 10632 Comm: syz.6.1224 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  633.872699][T10632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  633.872707][T10632] Call Trace:
[  633.872712][T10632]  <TASK>
[  633.872718][T10632]  dump_stack_lvl+0xe8/0x150
[  633.872740][T10632]  should_fail_ex+0x46b/0x600
[  633.872760][T10632]  _copy_from_user+0x2d/0xb0
[  633.872778][T10632]  __sys_bpf+0x229/0x950
[  633.872794][T10632]  ? __pfx___sys_bpf+0x10/0x10
[  633.872807][T10632]  ? rt_mutex_slowunlock+0x1cb/0x300
[  633.872833][T10632]  ? ksys_write+0x248/0x270
[  633.872852][T10632]  ? __pfx_ksys_write+0x10/0x10
[  633.872874][T10632]  __x64_sys_bpf+0x7c/0x90
[  633.872888][T10632]  do_syscall_64+0x14d/0xf80
[  633.872900][T10632]  ? trace_irq_disable+0x3b/0x150
[  633.872913][T10632]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.872925][T10632]  ? clear_bhb_loop+0x40/0x90
[  633.872939][T10632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.872951][T10632] RIP: 0033:0x7f3a6830c799
[  633.872963][T10632] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  633.872974][T10632] RSP: 002b:00007f3a6655e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  633.872988][T10632] RAX: ffffffffffffffda RBX: 00007f3a68585fa0 RCX: 00007f3a6830c799
[  633.872997][T10632] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  633.873005][T10632] RBP: 00007f3a6655e090 R08: 0000000000000000 R09: 0000000000000000
[  633.873012][T10632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  633.873020][T10632] R13: 00007f3a68586038 R14: 00007f3a68585fa0 R15: 00007ffdef562ab8
[  633.873038][T10632]  </TASK>
[  637.602039][T10666] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1236'.
[  637.637502][ T9390] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  637.637995][ T9390] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  637.638058][ T9390] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  637.638098][ T9390] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  637.989361][T10672] FAULT_INJECTION: forcing a failure.
[  637.989361][T10672] name failslab, interval 1, probability 0, space 0, times 0
[  637.989397][T10672] CPU: 0 UID: 0 PID: 10672 Comm: syz.7.1238 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  637.989421][T10672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  637.989435][T10672] Call Trace:
[  637.989443][T10672]  <TASK>
[  637.989453][T10672]  dump_stack_lvl+0xe8/0x150
[  637.989490][T10672]  should_fail_ex+0x46b/0x600
[  637.989524][T10672]  should_failslab+0xa8/0x100
[  637.989560][T10672]  __kmalloc_noprof+0xdf/0x7b0
[  637.989593][T10672]  ? tomoyo_encode+0x28b/0x550
[  637.989626][T10672]  tomoyo_encode+0x28b/0x550
[  637.989658][T10672]  tomoyo_realpath_from_path+0x58d/0x5d0
[  637.989696][T10672]  ? tomoyo_path_number_perm+0x219/0x630
[  637.989729][T10672]  tomoyo_path_number_perm+0x246/0x630
[  637.989766][T10672]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  637.989801][T10672]  ? __lock_acquire+0x6b5/0x2cf0
[  637.989866][T10672]  ? __fget_files+0x2a/0x420
[  637.989894][T10672]  ? __fget_files+0x2a/0x420
[  637.989919][T10672]  ? __fget_files+0x3a6/0x420
[  637.989944][T10672]  ? __fget_files+0x2a/0x420
[  637.989976][T10672]  security_file_ioctl+0xc3/0x2a0
[  637.990001][T10672]  __se_sys_ioctl+0x47/0x170
[  637.990027][T10672]  do_syscall_64+0x14d/0xf80
[  637.990049][T10672]  ? trace_irq_disable+0x3b/0x150
[  637.990073][T10672]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  637.990096][T10672]  ? clear_bhb_loop+0x40/0x90
[  637.990123][T10672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  637.990144][T10672] RIP: 0033:0x7f9ce0c8c799
[  637.990165][T10672] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  637.990183][T10672] RSP: 002b:00007f9cdeede028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  637.990206][T10672] RAX: ffffffffffffffda RBX: 00007f9ce0f05fa0 RCX: 00007f9ce0c8c799
[  637.990221][T10672] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000003
[  637.990234][T10672] RBP: 00007f9cdeede090 R08: 0000000000000000 R09: 0000000000000000
[  637.990245][T10672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  637.990257][T10672] R13: 00007f9ce0f06038 R14: 00007f9ce0f05fa0 R15: 00007ffc12e3ab58
[  637.990289][T10672]  </TASK>
[  637.994457][T10672] ERROR: Out of memory at tomoyo_realpath_from_path.
[  637.995277][T10672] loop8: detected capacity change from 0 to 7
[  638.007078][T10672] Dev loop8: unable to read RDB block 7
[  638.007125][T10672]  loop8: unable to read partition table
[  638.007392][T10672] loop8: partition table beyond EOD, truncated
[  638.007411][T10672] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  638.790188][   T36] usb 8-1: new high-speed USB device number 49 using dummy_hcd
[  638.946428][   T36] usb 8-1: config 0 has too many interfaces: 253, using maximum allowed: 32
[  638.946460][   T36] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 253
[  638.969825][   T36] usb 8-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac
[  638.969958][   T36] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  638.969977][   T36] usb 8-1: Product: syz
[  638.969985][   T36] usb 8-1: Manufacturer: syz
[  638.969994][   T36] usb 8-1: SerialNumber: syz
[  638.981614][   T36] usb 8-1: config 0 descriptor??
[  639.040792][   T36] gspca_main: sunplus-2.14.0 probing 055f:c630
[  639.203541][T10687] loop8: detected capacity change from 0 to 7
[  639.226339][T10687] Dev loop8: unable to read RDB block 7
[  639.226391][T10687]  loop8: unable to read partition table
[  639.226648][T10687] loop8: partition table beyond EOD, truncated
[  639.226684][T10687] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  639.796674][T10695] FAULT_INJECTION: forcing a failure.
[  639.796674][T10695] name failslab, interval 1, probability 0, space 0, times 0
[  639.796710][T10695] CPU: 0 UID: 0 PID: 10695 Comm: syz.6.1248 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  639.796735][T10695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  639.796747][T10695] Call Trace:
[  639.796755][T10695]  <TASK>
[  639.796765][T10695]  dump_stack_lvl+0xe8/0x150
[  639.796801][T10695]  should_fail_ex+0x46b/0x600
[  639.796835][T10695]  should_failslab+0xa8/0x100
[  639.796860][T10695]  __kmalloc_noprof+0xdf/0x7b0
[  639.796890][T10695]  ? tomoyo_encode+0x28b/0x550
[  639.796921][T10695]  tomoyo_encode+0x28b/0x550
[  639.796954][T10695]  tomoyo_realpath_from_path+0x58d/0x5d0
[  639.796992][T10695]  ? tomoyo_path_number_perm+0x219/0x630
[  639.797027][T10695]  tomoyo_path_number_perm+0x246/0x630
[  639.797061][T10695]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  639.797096][T10695]  ? __lock_acquire+0x6b5/0x2cf0
[  639.797153][T10695]  ? __fget_files+0x2a/0x420
[  639.797181][T10695]  ? __fget_files+0x2a/0x420
[  639.797203][T10695]  ? __fget_files+0x3a6/0x420
[  639.797228][T10695]  ? __fget_files+0x2a/0x420
[  639.797258][T10695]  security_file_ioctl+0xc3/0x2a0
[  639.797282][T10695]  __se_sys_ioctl+0x47/0x170
[  639.797305][T10695]  do_syscall_64+0x14d/0xf80
[  639.797326][T10695]  ? trace_irq_disable+0x3b/0x150
[  639.797350][T10695]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.797369][T10695]  ? clear_bhb_loop+0x40/0x90
[  639.797395][T10695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.797416][T10695] RIP: 0033:0x7f3a6830c799
[  639.797436][T10695] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  639.797454][T10695] RSP: 002b:00007f3a6655e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  639.797479][T10695] RAX: ffffffffffffffda RBX: 00007f3a68585fa0 RCX: 00007f3a6830c799
[  639.797495][T10695] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000003
[  639.797509][T10695] RBP: 00007f3a6655e090 R08: 0000000000000000 R09: 0000000000000000
[  639.797520][T10695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  639.797533][T10695] R13: 00007f3a68586038 R14: 00007f3a68585fa0 R15: 00007ffdef562ab8
[  639.797568][T10695]  </TASK>
[  639.861233][T10695] ERROR: Out of memory at tomoyo_realpath_from_path.
[  639.905257][T10695] loop8: detected capacity change from 0 to 8
[  640.018752][ T9281] Dev loop8: unable to read RDB block 8
[  640.018795][ T9281]  loop8: unable to read partition table
[  640.095054][ T9281] loop8: partition table beyond EOD, truncated
[  640.135921][T10695] Dev loop8: unable to read RDB block 8
[  640.135988][T10695]  loop8: unable to read partition table
[  640.136229][T10695] loop8: partition table beyond EOD, truncated
[  640.136275][T10695] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  640.404838][   T36] gspca_sunplus: reg_r err -32
[  640.404943][   T36] sunplus 8-1:0.0: probe with driver sunplus failed with error -32
[  640.432899][   T36] usb 8-1: USB disconnect, device number 49
[  642.933448][    T9] usb 8-1: new high-speed USB device number 50 using dummy_hcd
[  643.105368][    T9] usb 8-1: Using ep0 maxpacket: 32
[  643.124683][    T9] usb 8-1: config index 0 descriptor too short (expected 35577, got 27)
[  643.124714][    T9] usb 8-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  643.124736][    T9] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  643.124755][    T9] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 92
[  643.124777][    T9] usb 8-1: config 1 has no interface number 0
[  643.124826][    T9] usb 8-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  643.124850][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.469096][    T9] snd_usb_pod 8-1:1.1: Line 6 Pocket POD found
[  643.638824][    T9] snd_usb_pod 8-1:1.1: endpoint not available, using fallback values
[  643.639327][    T9] snd_usb_pod 8-1:1.1: invalid control EP
[  643.639344][    T9] snd_usb_pod 8-1:1.1: cannot start listening: -22
[  643.639693][    T9] snd_usb_pod 8-1:1.1: Line 6 Pocket POD now disconnected
[  643.670593][    T9] snd_usb_pod 8-1:1.1: probe with driver snd_usb_pod failed with error -22
[  643.873448][ T8814] usb 8-1: USB disconnect, device number 50
[  644.303328][ T5113] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  644.319557][ T5113] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  644.323225][ T5113] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  644.327949][ T5113] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  644.329248][ T5113] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  644.714991][T10749] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1263'.
[  645.265530][T10749] ip6erspan0: entered allmulticast mode
[  646.032089][   T94] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  646.157628][T10772] FAULT_INJECTION: forcing a failure.
[  646.157628][T10772] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  646.157656][T10772] CPU: 0 UID: 0 PID: 10772 Comm: syz.6.1273 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  646.157671][T10772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  646.157679][T10772] Call Trace:
[  646.157685][T10772]  <TASK>
[  646.157692][T10772]  dump_stack_lvl+0xe8/0x150
[  646.157715][T10772]  should_fail_ex+0x46b/0x600
[  646.157733][T10772]  _copy_to_iter+0x404/0x17d0
[  646.157757][T10772]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  646.157774][T10772]  ? __pfx__copy_to_iter+0x10/0x10
[  646.157787][T10772]  ? rt_spin_lock+0x1e0/0x400
[  646.157804][T10772]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  646.157826][T10772]  __skb_datagram_iter+0xf8/0x980
[  646.157841][T10772]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  646.157860][T10772]  skb_copy_datagram_iter+0xb5/0x270
[  646.157880][T10772]  netlink_recvmsg+0x2c3/0xa50
[  646.157896][T10772]  ? __lock_acquire+0x6b5/0x2cf0
[  646.157912][T10772]  ? __pfx_netlink_recvmsg+0x10/0x10
[  646.157935][T10772]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  646.157952][T10772]  ? security_socket_recvmsg+0x7e/0x2c0
[  646.157971][T10772]  ? __pfx_netlink_recvmsg+0x10/0x10
[  646.157987][T10772]  sock_recvmsg+0x172/0x1b0
[  646.158007][T10772]  ____sys_recvmsg+0x1f2/0x4b0
[  646.158025][T10772]  ? __pfx_____sys_recvmsg+0x10/0x10
[  646.158046][T10772]  ? import_iovec+0x73/0xa0
[  646.158064][T10772]  ___sys_recvmsg+0x215/0x590
[  646.158081][T10772]  ? __pfx____sys_recvmsg+0x10/0x10
[  646.158107][T10772]  ? __fget_files+0x3a6/0x420
[  646.158128][T10772]  do_recvmmsg+0x33a/0x800
[  646.158146][T10772]  ? __pfx_do_recvmmsg+0x10/0x10
[  646.158166][T10772]  ? rt_mutex_slowunlock+0x1cb/0x300
[  646.158189][T10772]  __x64_sys_recvmmsg+0x198/0x250
[  646.158205][T10772]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  646.158225][T10772]  do_syscall_64+0x14d/0xf80
[  646.158237][T10772]  ? trace_irq_disable+0x3b/0x150
[  646.158250][T10772]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.158262][T10772]  ? clear_bhb_loop+0x40/0x90
[  646.158275][T10772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.158288][T10772] RIP: 0033:0x7f3a6830c799
[  646.158300][T10772] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  646.158310][T10772] RSP: 002b:00007f3a6653d028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  646.158324][T10772] RAX: ffffffffffffffda RBX: 00007f3a68586090 RCX: 00007f3a6830c799
[  646.158333][T10772] RDX: 0000000000000007 RSI: 0000200000002b00 RDI: 0000000000000003
[  646.158340][T10772] RBP: 00007f3a6653d090 R08: 0000000000000000 R09: 0000000000000000
[  646.158347][T10772] R10: 0000000000000102 R11: 0000000000000246 R12: 0000000000000001
[  646.158354][T10772] R13: 00007f3a68586128 R14: 00007f3a68586090 R15: 00007ffdef562ab8
[  646.158372][T10772]  </TASK>
[  646.532660][   T94] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  646.600115][ T5807] Bluetooth: hci3: command tx timeout
[  647.260388][T10797] mmap: syz.3.1281 (10797) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  647.331354][   T94] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  647.600984][    T9] usb 9-1: new high-speed USB device number 29 using dummy_hcd
[  647.780205][    T9] usb 9-1: Using ep0 maxpacket: 32
[  647.782665][    T9] usb 9-1: config index 0 descriptor too short (expected 35577, got 27)
[  647.782692][    T9] usb 9-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  647.782713][    T9] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 92
[  647.782734][    T9] usb 9-1: config 1 has no interface number 0
[  647.782810][    T9] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  647.782837][    T9] usb 9-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  647.782881][    T9] usb 9-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  647.782905][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.815972][    T9] snd_usb_pod 9-1:1.1: Line 6 Pocket POD found
[  647.870306][ T8814] usb 7-1: new full-speed USB device number 50 using dummy_hcd
[  647.958115][   T94] batman_adv: batadv0: Removing interface: netdevsim0
[  648.017304][    T9] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now attached
[  648.038811][ T8814] usb 7-1: unable to get BOS descriptor or descriptor too short
[  648.039578][ T8814] usb 7-1: not running at top speed; connect to a high speed hub
[  648.071065][ T8814] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  648.071092][ T8814] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  648.074922][ T8814] usb 7-1: New USB device found, idVendor=0582, idProduct=0114, bcdDevice= 0.40
[  648.074942][ T8814] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.074953][ T8814] usb 7-1: Product: Ȇ易Ӆ᭓哳⽰�뒷㹈䫎뇹點匔䓪Զ䆡꧂�紘Կ⨀툽ܤ��芹饿ಧ�딵㕰沉⵨ż货榺圗䳟숃᪜摙쒚�陘�枿뤱립瀨��딛콓ꙷ�碼㆕뭨仵쭆䴹螛ߦ嵔�钷酙봺�隘굞鯂ᢴ�諞僅ኖ᯻㇉�ᅹ�팫킦좉䉰쿧䃥㋶觛漋쟉륃殳䲓ഘ협
[  648.074970][ T8814] usb 7-1: Manufacturer: І
[  648.075723][ T8814] usb 7-1: SerialNumber: 御᢫�椦ｫ떺顕⒴꽠茊㩗䴱浲孒�뷀钌䨮찇鳽쾼얓ᖥ쵛䢷䎛ջ射퀢ꕞ蠼줗媅ↂ쨟▞�岼
[  648.190961][   T94] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  648.520078][   T36] usb 9-1: USB disconnect, device number 29
[  648.523266][   T36] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now disconnected
[  648.671111][T10802] libceph: resolve '0..' (ret=-3): failed
[  648.683690][ T5807] Bluetooth: hci3: command tx timeout
[  648.792598][ T8814] usb 7-1: USB disconnect, device number 50
[  648.860108][   T36] usb 8-1: new high-speed USB device number 51 using dummy_hcd
[  648.989126][T10741] chnl_net:caif_netlink_parms(): no params data found
[  649.015638][   T36] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 237, changing to 7
[  649.037563][   T36] usb 8-1: New USB device found, idVendor=0e41, idProduct=414d, bcdDevice= 0.40
[  649.037585][   T36] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.037597][   T36] usb 8-1: Product: 쳶
[  649.037605][   T36] usb 8-1: Manufacturer: 躂䦘⾀ṷf凣᪻윃ᕣ莉ᜭ茬늺膦굴褠踊귮秭ϭᇯ繜ꔽ錱그�涇௠钡ऽԵ蚭ㆼ柡��̋ㅷ쪀ꖺ�䬴ᵊ绾㞊墲懧▕ꭃ�鼓￾
[  649.037619][   T36] usb 8-1: SerialNumber: з
[  649.426131][   T36] usb 8-1: 1:1: invalid format type 0x1002 is detected, processed as PCM
[  649.426154][   T36] usb 8-1: 1:1 : invalid UAC_FORMAT_TYPE desc
[  649.426558][   T36] usb 8-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  649.642801][   T94] bridge_slave_1: left allmulticast mode
[  649.642833][   T94] bridge_slave_1: left promiscuous mode
[  649.643006][   T94] bridge0: port 2(bridge_slave_1) entered disabled state
[  649.647367][   T36] usb 8-1: USB disconnect, device number 51
[  649.650041][ T8814] usb 9-1: new high-speed USB device number 30 using dummy_hcd
[  649.762552][ T9282] udevd[9282]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  649.809533][   T94] bridge_slave_0: left allmulticast mode
[  649.809566][   T94] bridge_slave_0: left promiscuous mode
[  649.810128][ T8814] usb 9-1: Using ep0 maxpacket: 32
[  649.815959][ T8814] usb 9-1: config index 0 descriptor too short (expected 35577, got 27)
[  649.815984][ T8814] usb 9-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  649.816003][ T8814] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  649.816019][ T8814] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 92
[  649.816038][ T8814] usb 9-1: config 1 has no interface number 0
[  649.816083][ T8814] usb 9-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  649.816104][ T8814] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.820556][   T94] bridge0: port 1(bridge_slave_0) entered disabled state
[  649.896444][ T8814] snd_usb_pod 9-1:1.1: Line 6 Pocket POD found
[  650.075386][ T8814] snd_usb_pod 9-1:1.1: set_interface failed
[  650.075719][ T8814] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now disconnected
[  650.075957][ T8814] snd_usb_pod 9-1:1.1: probe with driver snd_usb_pod failed with error -71
[  650.113478][ T8814] usb 9-1: USB disconnect, device number 30
[  650.352026][T10825] FAULT_INJECTION: forcing a failure.
[  650.352026][T10825] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  650.352243][T10825] CPU: 0 UID: 0 PID: 10825 Comm: syz.6.1289 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  650.352268][T10825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  650.352280][T10825] Call Trace:
[  650.352288][T10825]  <TASK>
[  650.352297][T10825]  dump_stack_lvl+0xe8/0x150
[  650.352334][T10825]  should_fail_ex+0x46b/0x600
[  650.352367][T10825]  strncpy_from_user+0x36/0x2b0
[  650.352395][T10825]  do_getname+0x77/0x250
[  650.352422][T10825]  do_sys_openat2+0xca/0x200
[  650.352468][T10825]  ? __pfx_do_sys_openat2+0x10/0x10
[  650.352491][T10825]  ? ksys_write+0x248/0x270
[  650.352517][T10825]  ? __pfx_ksys_write+0x10/0x10
[  650.352544][T10825]  __x64_sys_openat+0x138/0x170
[  650.352570][T10825]  do_syscall_64+0x14d/0xf80
[  650.352591][T10825]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.352611][T10825]  ? clear_bhb_loop+0x40/0x90
[  650.352635][T10825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.352654][T10825] RIP: 0033:0x7f3a6830c799
[  650.352674][T10825] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  650.352691][T10825] RSP: 002b:00007f3a6653d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  650.352724][T10825] RAX: ffffffffffffffda RBX: 00007f3a68586090 RCX: 00007f3a6830c799
[  650.352740][T10825] RDX: 0000000000000041 RSI: 0000200000000300 RDI: ffffffffffffff9c
[  650.352753][T10825] RBP: 00007f3a6653d090 R08: 0000000000000000 R09: 0000000000000000
[  650.352766][T10825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  650.352780][T10825] R13: 00007f3a68586128 R14: 00007f3a68586090 R15: 00007ffdef562ab8
[  650.352813][T10825]  </TASK>
[  650.784136][ T5807] Bluetooth: hci3: command tx timeout
[  652.916572][ T5807] Bluetooth: hci3: command tx timeout
[  653.497730][T10851] FAULT_INJECTION: forcing a failure.
[  653.497730][T10851] name fail_futex, interval 1, probability 0, space 0, times 1
[  653.497781][T10851] CPU: 0 UID: 0 PID: 10851 Comm: syz.7.1295 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  653.497806][T10851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  653.497818][T10851] Call Trace:
[  653.497827][T10851]  <TASK>
[  653.497836][T10851]  dump_stack_lvl+0xe8/0x150
[  653.497873][T10851]  should_fail_ex+0x46b/0x600
[  653.497906][T10851]  get_futex_key+0x1ac/0x1690
[  653.497949][T10851]  ? perf_lock_task_context+0xf3/0x850
[  653.497976][T10851]  ? __lock_acquire+0x6b5/0x2cf0
[  653.497998][T10851]  ? __pfx_get_futex_key+0x10/0x10
[  653.498031][T10851]  ? __lock_acquire+0x6b5/0x2cf0
[  653.498063][T10851]  futex_wake+0x114/0x580
[  653.498088][T10851]  ? __lock_acquire+0x6b5/0x2cf0
[  653.498113][T10851]  ? __pfx_futex_wake+0x10/0x10
[  653.498139][T10851]  ? do_raw_spin_lock+0x12b/0x2f0
[  653.498182][T10851]  do_futex+0x395/0x420
[  653.498210][T10851]  ? __pfx_do_futex+0x10/0x10
[  653.498237][T10851]  ? __might_fault+0xaf/0x130
[  653.498274][T10851]  mm_release+0x103/0x290
[  653.498308][T10851]  exit_mm+0x51/0x220
[  653.498328][T10851]  ? unwind_deferred_task_exit+0x67/0xa0
[  653.498355][T10851]  do_exit+0x6a2/0x23c0
[  653.498381][T10851]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  653.498410][T10851]  ? __pfx_do_exit+0x10/0x10
[  653.498430][T10851]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  653.498458][T10851]  ? reacquire_held_locks+0x104/0x190
[  653.498482][T10851]  ? rt_spin_lock+0x1e0/0x400
[  653.498522][T10851]  do_group_exit+0x21b/0x2d0
[  653.498546][T10851]  ? rt_spin_unlock+0x160/0x200
[  653.498577][T10851]  get_signal+0x125c/0x1310
[  653.498629][T10851]  arch_do_signal_or_restart+0xbc/0x830
[  653.498662][T10851]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  653.498698][T10851]  ? __x64_sys_recvmmsg+0x198/0x250
[  653.498735][T10851]  exit_to_user_mode_loop+0x86/0x480
[  653.498774][T10851]  ? rcu_is_watching+0x15/0xb0
[  653.498803][T10851]  do_syscall_64+0x32d/0xf80
[  653.498823][T10851]  ? trace_irq_disable+0x3b/0x150
[  653.498848][T10851]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.498869][T10851]  ? clear_bhb_loop+0x40/0x90
[  653.498895][T10851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.498917][T10851] RIP: 0033:0x7f9ce0c8c799
[  653.498937][T10851] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  653.498955][T10851] RSP: 002b:00007f9cdeebd028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  653.498979][T10851] RAX: fffffffffffffe00 RBX: 00007f9ce0f06090 RCX: 00007f9ce0c8c799
[  653.498995][T10851] RDX: 0000000000000001 RSI: 0000200000000d80 RDI: 0000000000000003
[  653.499009][T10851] RBP: 00007f9cdeebd090 R08: 0000000000000000 R09: 0000000000000000
[  653.499022][T10851] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000001
[  653.499035][T10851] R13: 00007f9ce0f06128 R14: 00007f9ce0f06090 R15: 00007ffc12e3ab58
[  653.499071][T10851]  </TASK>
[  654.764428][T10863] syz.6.1299 (10863): drop_caches: 2
[  655.847018][   T94] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  655.902021][   T94] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  655.933395][   T94] bond0 (unregistering): Released all slaves
[  656.321891][T10877] FAULT_INJECTION: forcing a failure.
[  656.321891][T10877] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  656.321928][T10877] CPU: 1 UID: 0 PID: 10877 Comm: syz.6.1303 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  656.321951][T10877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  656.321963][T10877] Call Trace:
[  656.321971][T10877]  <TASK>
[  656.321980][T10877]  dump_stack_lvl+0xe8/0x150
[  656.322016][T10877]  should_fail_ex+0x46b/0x600
[  656.322050][T10877]  _copy_from_user+0x2d/0xb0
[  656.322082][T10877]  sg_write+0x9ef/0xf00
[  656.322107][T10877]  ? arch_stack_walk+0xfb/0x150
[  656.322137][T10877]  ? __pfx_sg_write+0x10/0x10
[  656.322205][T10877]  ? rw_verify_area+0x25b/0x4e0
[  656.322240][T10877]  vfs_writev+0x4c6/0x9a0
[  656.322266][T10877]  ? __pfx_sg_write+0x10/0x10
[  656.322296][T10877]  ? __pfx_vfs_writev+0x10/0x10
[  656.322335][T10877]  ? __fget_files+0x2a/0x420
[  656.322367][T10877]  ? __fget_files+0x3a6/0x420
[  656.322392][T10877]  ? __fget_files+0x2a/0x420
[  656.322427][T10877]  do_writev+0x15a/0x2e0
[  656.322453][T10877]  ? __pfx_do_writev+0x10/0x10
[  656.322489][T10877]  do_syscall_64+0x14d/0xf80
[  656.322511][T10877]  ? trace_irq_disable+0x3b/0x150
[  656.322534][T10877]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.322556][T10877]  ? clear_bhb_loop+0x40/0x90
[  656.322582][T10877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.322602][T10877] RIP: 0033:0x7f3a6830c799
[  656.322621][T10877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  656.322637][T10877] RSP: 002b:00007f3a6655e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  656.322662][T10877] RAX: ffffffffffffffda RBX: 00007f3a68585fa0 RCX: 00007f3a6830c799
[  656.322677][T10877] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000003
[  656.322690][T10877] RBP: 00007f3a6655e090 R08: 0000000000000000 R09: 0000000000000000
[  656.322712][T10877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  656.322725][T10877] R13: 00007f3a68586038 R14: 00007f3a68585fa0 R15: 00007ffdef562ab8
[  656.322759][T10877]  </TASK>
[  656.637928][T10884] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1307'.
[  657.417638][T10891] FAULT_INJECTION: forcing a failure.
[  657.417638][T10891] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  657.417698][T10891] CPU: 0 UID: 0 PID: 10891 Comm: syz.6.1306 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  657.417721][T10891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  657.417734][T10891] Call Trace:
[  657.417742][T10891]  <TASK>
[  657.417752][T10891]  dump_stack_lvl+0xe8/0x150
[  657.417789][T10891]  should_fail_ex+0x46b/0x600
[  657.417822][T10891]  _copy_from_iter+0x1d3/0x1670
[  657.417863][T10891]  ? rcu_is_watching+0x15/0xb0
[  657.417888][T10891]  ? __pfx__copy_from_iter+0x10/0x10
[  657.417913][T10891]  ? trace_kmalloc+0x2a/0x110
[  657.417949][T10891]  ? __kvmalloc_node_noprof+0x3df/0x8e0
[  657.417973][T10891]  ? proc_sys_call_handler+0x3d2/0x830
[  657.418011][T10891]  proc_sys_call_handler+0x426/0x830
[  657.418049][T10891]  ? __pfx_proc_sys_call_handler+0x10/0x10
[  657.418091][T10891]  do_iter_readv_writev+0x62b/0x8d0
[  657.418117][T10891]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  657.418159][T10891]  vfs_writev+0x345/0x9a0
[  657.418195][T10891]  ? __pfx_vfs_writev+0x10/0x10
[  657.418239][T10891]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  657.418269][T10891]  ? mutex_lock_nested+0x152/0x1d0
[  657.418296][T10891]  ? fdget_pos+0x252/0x320
[  657.418335][T10891]  do_writev+0x15a/0x2e0
[  657.418363][T10891]  ? __pfx_do_writev+0x10/0x10
[  657.418402][T10891]  do_syscall_64+0x14d/0xf80
[  657.418423][T10891]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.418445][T10891]  ? clear_bhb_loop+0x40/0x90
[  657.418472][T10891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.418493][T10891] RIP: 0033:0x7f3a6830c799
[  657.418514][T10891] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  657.418532][T10891] RSP: 002b:00007f3a6651c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  657.418561][T10891] RAX: ffffffffffffffda RBX: 00007f3a68586180 RCX: 00007f3a6830c799
[  657.418577][T10891] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000005
[  657.418590][T10891] RBP: 00007f3a6651c090 R08: 0000000000000000 R09: 0000000000000000
[  657.418604][T10891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  657.418616][T10891] R13: 00007f3a68586218 R14: 00007f3a68586180 R15: 00007ffdef562ab8
[  657.418653][T10891]  </TASK>
[  657.946939][T10894] netlink: 56 bytes leftover after parsing attributes in process `syz.6.1309'.
[  659.798511][T10741] bridge0: port 1(bridge_slave_0) entered blocking state
[  659.820179][T10741] bridge0: port 1(bridge_slave_0) entered disabled state
[  659.820439][T10741] bridge_slave_0: entered allmulticast mode
[  659.823436][T10741] bridge_slave_0: entered promiscuous mode
[  659.857662][T10741] bridge0: port 2(bridge_slave_1) entered blocking state
[  659.876908][T10741] bridge0: port 2(bridge_slave_1) entered disabled state
[  659.877173][T10741] bridge_slave_1: entered allmulticast mode
[  660.010483][T10741] bridge_slave_1: entered promiscuous mode
[  660.505975][T10919] overlayfs: missing 'lowerdir'
[  660.547295][T10919] FAULT_INJECTION: forcing a failure.
[  660.547295][T10919] name failslab, interval 1, probability 0, space 0, times 0
[  660.547321][T10919] CPU: 0 UID: 0 PID: 10919 Comm: syz.7.1319 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  660.547336][T10919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  660.547343][T10919] Call Trace:
[  660.547347][T10919]  <TASK>
[  660.547352][T10919]  dump_stack_lvl+0xe8/0x150
[  660.547375][T10919]  should_fail_ex+0x46b/0x600
[  660.547403][T10919]  should_failslab+0xa8/0x100
[  660.547417][T10919]  kmem_cache_alloc_noprof+0x87/0x680
[  660.547434][T10919]  ? do_getname+0x2e/0x250
[  660.547450][T10919]  do_getname+0x2e/0x250
[  660.547461][T10919]  ? getname_flags+0x11/0x20
[  660.547475][T10919]  path_setxattrat+0x32d/0x440
[  660.547497][T10919]  ? __pfx_path_setxattrat+0x10/0x10
[  660.547527][T10919]  ? ksys_write+0x248/0x270
[  660.547546][T10919]  ? __pfx_ksys_write+0x10/0x10
[  660.547565][T10919]  __x64_sys_lsetxattr+0xbf/0xe0
[  660.547589][T10919]  do_syscall_64+0x14d/0xf80
[  660.547606][T10919]  ? trace_irq_disable+0x3b/0x150
[  660.547629][T10919]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.547649][T10919]  ? clear_bhb_loop+0x40/0x90
[  660.547674][T10919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.547694][T10919] RIP: 0033:0x7f9ce0c8c799
[  660.547711][T10919] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  660.547721][T10919] RSP: 002b:00007f9cdeede028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  660.547735][T10919] RAX: ffffffffffffffda RBX: 00007f9ce0f05fa0 RCX: 00007f9ce0c8c799
[  660.547744][T10919] RDX: 0000200000000400 RSI: 00002000000003c0 RDI: 0000200000000380
[  660.547752][T10919] RBP: 00007f9cdeede090 R08: 0000000000000001 R09: 0000000000000000
[  660.547759][T10919] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  660.547766][T10919] R13: 00007f9ce0f06038 R14: 00007f9ce0f05fa0 R15: 00007ffc12e3ab58
[  660.547784][T10919]  </TASK>
[  660.926149][T10741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  661.012173][T10741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  661.124391][T10741] team0: Port device team_slave_0 added
[  661.128366][T10741] team0: Port device team_slave_1 added
[  661.170534][ T8814] usb 8-1: new high-speed USB device number 52 using dummy_hcd
[  661.382953][ T8814] usb 8-1: Using ep0 maxpacket: 32
[  661.388824][ T8814] usb 8-1: config index 0 descriptor too short (expected 35577, got 27)
[  661.388856][ T8814] usb 8-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  661.388878][ T8814] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 92
[  661.388899][ T8814] usb 8-1: config 1 has no interface number 0
[  661.388961][ T8814] usb 8-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  661.388988][ T8814] usb 8-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  661.389033][ T8814] usb 8-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  661.389058][ T8814] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.125357][ T8814] snd_usb_pod 8-1:1.1: Line 6 Pocket POD found
[  662.164003][ T8814] snd_usb_pod 8-1:1.1: Line 6 Pocket POD now attached
[  662.400106][   T94] hsr_slave_0: left promiscuous mode
[  662.440207][   T94] hsr_slave_1: left promiscuous mode
[  662.471130][   T94] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  662.481962][   T94] batman_adv: batadv0: Removing interface: batadv_slave_0
[  662.531280][   T94] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  662.531312][   T94] batman_adv: batadv0: Removing interface: batadv_slave_1
[  662.565708][ T8814] usb 8-1: USB disconnect, device number 52
[  662.586457][ T8814] snd_usb_pod 8-1:1.1: Line 6 Pocket POD now disconnected
[  662.652422][   T94] veth1_macvtap: left promiscuous mode
[  662.652543][   T94] veth0_macvtap: left promiscuous mode
[  662.652826][   T94] veth1_vlan: left promiscuous mode
[  662.653019][   T94] veth0_vlan: left promiscuous mode
[  662.750049][ T5868] usb 7-1: new full-speed USB device number 51 using dummy_hcd
[  662.931910][ T5868] usb 7-1: unable to read config index 0 descriptor/start: -71
[  662.931952][ T5868] usb 7-1: can't read configurations, error -71
[  663.370075][   T37] kauditd_printk_skb: 42 callbacks suppressed
[  663.370092][   T37] audit: type=1326 audit(1774708134.523:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10962 comm="syz.7.1330" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ce0c8c799 code=0x0
[  663.962288][   T94] team0 (unregistering): Port device team_slave_1 removed
[  664.020992][   T94] team0 (unregistering): Port device team_slave_0 removed
[  664.030169][ T5868] usb 7-1: new high-speed USB device number 52 using dummy_hcd
[  664.202934][ T5868] usb 7-1: Using ep0 maxpacket: 32
[  664.215638][ T5868] usb 7-1: config 0 has an invalid interface number: 146 but max is 0
[  664.215666][ T5868] usb 7-1: config 0 has no interface number 0
[  664.215709][ T5868] usb 7-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  664.215730][ T5868] usb 7-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  664.215753][ T5868] usb 7-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  664.215778][ T5868] usb 7-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  664.215800][ T5868] usb 7-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[  664.215822][ T5868] usb 7-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  664.215842][ T5868] usb 7-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  664.215862][ T5868] usb 7-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  664.215881][ T5868] usb 7-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  664.240507][ T5868] usb 7-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  664.240537][ T5868] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.240557][ T5868] usb 7-1: Product: syz
[  664.240570][ T5868] usb 7-1: Manufacturer: syz
[  664.240583][ T5868] usb 7-1: SerialNumber: syz
[  664.313380][T10970] netlink: 364 bytes leftover after parsing attributes in process `syz.7.1333'.
[  664.373189][ T5868] usb 7-1: config 0 descriptor??
[  664.378719][T10966] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  664.381137][T10966] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  664.438140][ T5868] microtek usb (rev 0.4.3): expecting 3 got 2 endpoints! Bailing out.
[  664.825234][T10741] batman_adv: batadv0: Adding interface: batadv_slave_0
[  664.825253][T10741] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  664.825282][T10741] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  664.882246][T10741] batman_adv: batadv0: Adding interface: batadv_slave_1
[  664.882260][T10741] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  664.882276][T10741] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  665.128400][ T5868] usb 7-1: USB disconnect, device number 52
[  665.826550][T10741] hsr_slave_0: entered promiscuous mode
[  665.866825][T10741] hsr_slave_1: entered promiscuous mode
[  665.871688][T10741] debugfs: 'hsr0' already exists in 'hsr'
[  665.871715][T10741] Cannot create hsr debugfs directory
[  666.240762][T10990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  666.241884][T10990] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.546802][ T8814] usb 8-1: new high-speed USB device number 54 using dummy_hcd
[  667.872510][ T8814] usb 8-1: Using ep0 maxpacket: 32
[  667.878194][ T8814] usb 8-1: config 0 has an invalid interface number: 146 but max is 0
[  667.878225][ T8814] usb 8-1: config 0 has no interface number 0
[  667.878274][ T8814] usb 8-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  667.878296][ T8814] usb 8-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  667.878323][ T8814] usb 8-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  667.878358][ T8814] usb 8-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  667.878382][ T8814] usb 8-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[  667.878406][ T8814] usb 8-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  667.878428][ T8814] usb 8-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  667.878451][ T8814] usb 8-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 19968, setting to 1024
[  667.878479][ T8814] usb 8-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  667.878525][   T37] audit: type=1326 audit(1774708139.043:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11023 comm="syz.8.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  667.878993][   T37] audit: type=1326 audit(1774708139.043:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11023 comm="syz.8.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  667.879041][   T37] audit: type=1326 audit(1774708139.043:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11023 comm="syz.8.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  667.879085][   T37] audit: type=1326 audit(1774708139.043:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11023 comm="syz.8.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcc672bcfce code=0x7ffc0000
[  667.879128][   T37] audit: type=1326 audit(1774708139.043:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11023 comm="syz.8.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  667.879185][ T8814] usb 8-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  667.879714][   T37] audit: type=1326 audit(1774708139.043:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11023 comm="syz.8.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fcc672fda97 code=0x7ffc0000
[  667.902224][   T37] audit: type=1326 audit(1774708139.073:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11023 comm="syz.8.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  667.907716][ T8814] usb 8-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  667.907745][ T8814] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.907763][ T8814] usb 8-1: Product: syz
[  667.907775][ T8814] usb 8-1: Manufacturer: syz
[  667.907789][ T8814] usb 8-1: SerialNumber: syz
[  667.910442][   T37] audit: type=1326 audit(1774708139.083:1190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11023 comm="syz.8.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fcc672fda97 code=0x7ffc0000
[  667.910743][   T37] audit: type=1326 audit(1774708139.083:1191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11023 comm="syz.8.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fcc672bcfce code=0x7ffc0000
[  667.926175][ T8814] usb 8-1: config 0 descriptor??
[  667.928608][T11012] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  667.929084][T11012] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  667.943878][ T8814] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3
[  667.943897][ T8814] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2
[  667.983736][ T8814] scsi host1: microtekX6
[  668.788287][ T5983] usb 8-1: USB disconnect, device number 54
[  669.606105][   T37] kauditd_printk_skb: 40 callbacks suppressed
[  669.606126][   T37] audit: type=1326 audit(1774708140.773:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11070 comm="syz.6.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a6830c799 code=0x7ffc0000
[  669.606791][   T37] audit: type=1326 audit(1774708140.773:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11070 comm="syz.6.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a6830c799 code=0x7ffc0000
[  669.606839][   T37] audit: type=1326 audit(1774708140.773:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11070 comm="syz.6.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a6830c799 code=0x7ffc0000
[  669.608787][   T37] audit: type=1326 audit(1774708140.773:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11070 comm="syz.6.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3a682ccfce code=0x7ffc0000
[  669.609980][   T37] audit: type=1326 audit(1774708140.773:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11070 comm="syz.6.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f3a6830da97 code=0x7ffc0000
[  669.610025][   T37] audit: type=1326 audit(1774708140.773:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11070 comm="syz.6.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3a6830c799 code=0x7ffc0000
[  669.656983][   T37] audit: type=1326 audit(1774708140.823:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11070 comm="syz.6.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f3a6830da97 code=0x7ffc0000
[  669.657034][   T37] audit: type=1326 audit(1774708140.823:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11070 comm="syz.6.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3a682ccfce code=0x7ffc0000
[  669.657073][   T37] audit: type=1326 audit(1774708140.823:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11070 comm="syz.6.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a6830c799 code=0x7ffc0000
[  669.657112][   T37] audit: type=1326 audit(1774708140.823:1241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11070 comm="syz.6.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a6830c799 code=0x7ffc0000
[  670.298434][T11092] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1366'.
[  671.324758][    T9] usb 7-1: new high-speed USB device number 53 using dummy_hcd
[  671.512755][    T9] usb 7-1: Using ep0 maxpacket: 32
[  671.515781][    T9] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  671.519332][    T9] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  671.519364][    T9] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  671.519385][    T9] usb 7-1: Product: syz
[  671.519399][    T9] usb 7-1: Manufacturer: syz
[  671.519414][    T9] usb 7-1: SerialNumber: syz
[  671.536803][T10741] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  671.552976][    T9] usb 7-1: config 0 descriptor??
[  671.554498][T11109] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  671.564980][    T9] hub 7-1:0.0: bad descriptor, ignoring hub
[  671.565025][    T9] hub 7-1:0.0: probe with driver hub failed with error -5
[  671.776513][T11125] afs: Unknown parameter 'smackfshatd'
[  671.790972][T10741] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  672.029683][T10741] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  672.172726][T10741] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  672.211141][ T5943] usb 7-1: USB disconnect, device number 53
[  672.619231][T10741] 8021q: adding VLAN 0 to HW filter on device bond0
[  672.659606][T10741] 8021q: adding VLAN 0 to HW filter on device team0
[  672.679505][   T94] bridge0: port 1(bridge_slave_0) entered blocking state
[  672.679735][   T94] bridge0: port 1(bridge_slave_0) entered forwarding state
[  672.710907][   T94] bridge0: port 2(bridge_slave_1) entered blocking state
[  672.711134][   T94] bridge0: port 2(bridge_slave_1) entered forwarding state
[  672.948532][T11153] fuse: Unknown parameter '000000000000000000030x0000000000000004'
[  673.709973][ T5983] usb 7-1: new high-speed USB device number 54 using dummy_hcd
[  673.781656][T10741] 8021q: adding VLAN 0 to HW filter on device batadv0
[  673.865638][ T5983] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 237, changing to 7
[  673.870481][ T5983] usb 7-1: New USB device found, idVendor=0e41, idProduct=414d, bcdDevice= 0.40
[  673.870510][ T5983] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.870529][ T5983] usb 7-1: Product: 쳶
[  673.870542][ T5983] usb 7-1: Manufacturer: 躂䦘⾀ṷf凣᪻윃ᕣ莉ᜭ茬늺膦굴褠踊귮秭ϭᇯ繜ꔽ錱그�涇௠钡ऽԵ蚭ㆼ柡��̋ㅷ쪀ꖺ�䬴ᵊ绾㞊墲懧▕ꭃ�鼓￾
[  673.870563][ T5983] usb 7-1: SerialNumber: з
[  674.106940][T10741] veth0_vlan: entered promiscuous mode
[  674.187611][T10741] veth1_vlan: entered promiscuous mode
[  674.253726][ T5983] usb 7-1: 1:1: invalid format type 0x1002 is detected, processed as PCM
[  674.253759][ T5983] usb 7-1: 1:1 : invalid UAC_FORMAT_TYPE desc
[  674.257843][ T5983] usb 7-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  674.513588][T10741] veth0_macvtap: entered promiscuous mode
[  674.553036][T10741] veth1_macvtap: entered promiscuous mode
[  674.656828][T11183] sctp: [Deprecated]: syz.3.1385 (pid 11183) Use of struct sctp_assoc_value in delayed_ack socket option.
[  674.656828][T11183] Use struct sctp_sack_info instead
[  674.658239][ T5983] usb 7-1: USB disconnect, device number 54
[  674.709518][T10741] batman_adv: batadv0: Interface activated: batadv_slave_0
[  674.735258][T10741] batman_adv: batadv0: Interface activated: batadv_slave_1
[  674.756521][ T9282] udevd[9282]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  674.805087][ T8472] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  674.805432][ T8472] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  674.814980][ T8472] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  674.819119][ T8472] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  675.365374][ T8360] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  675.365395][ T8360] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  675.575164][   T37] kauditd_printk_skb: 40 callbacks suppressed
[  675.575205][   T37] audit: type=1326 audit(1774708146.743:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11189 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745a2cc799 code=0x7ffc0000
[  675.575256][   T37] audit: type=1326 audit(1774708146.743:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11189 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745a2cc799 code=0x7ffc0000
[  675.575546][   T37] audit: type=1326 audit(1774708146.743:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11189 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745a2cc799 code=0x7ffc0000
[  675.575974][   T37] audit: type=1326 audit(1774708146.743:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11189 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745a2cc799 code=0x7ffc0000
[  675.576255][   T37] audit: type=1326 audit(1774708146.743:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11189 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f745a28cfce code=0x7ffc0000
[  675.576735][   T37] audit: type=1326 audit(1774708146.743:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11189 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745a2cc799 code=0x7ffc0000
[  675.576973][   T37] audit: type=1326 audit(1774708146.743:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11189 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745a2cc799 code=0x7ffc0000
[  675.578845][   T37] audit: type=1326 audit(1774708146.743:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11189 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745a2cc799 code=0x7ffc0000
[  675.579149][   T37] audit: type=1326 audit(1774708146.743:1290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11189 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745a2cc799 code=0x7ffc0000
[  675.579404][   T37] audit: type=1326 audit(1774708146.743:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11189 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f745a2cc799 code=0x7ffc0000
[  676.143101][ T1126] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  676.143134][ T1126] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  678.018030][T11235] sch_tbf: burst 1447 is lower than device macvtap0 mtu (1514) !
[  681.214371][T11274] netlink: 272 bytes leftover after parsing attributes in process `syz.3.1407'.
[  681.349070][   T37] kauditd_printk_skb: 107 callbacks suppressed
[  681.349090][   T37] audit: type=1326 audit(1774708152.503:1399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11270 comm="syz.1.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f515c20c799 code=0x7ffc0000
[  681.349124][   T37] audit: type=1326 audit(1774708152.513:1400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11270 comm="syz.1.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f515c20c799 code=0x7ffc0000
[  681.362253][   T37] audit: type=1326 audit(1774708152.533:1401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11270 comm="syz.1.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f515c20c799 code=0x7ffc0000
[  681.362312][   T37] audit: type=1326 audit(1774708152.533:1402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11270 comm="syz.1.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f515c20c799 code=0x7ffc0000
[  681.364600][   T37] audit: type=1326 audit(1774708152.533:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11270 comm="syz.1.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f515c1ccfce code=0x7ffc0000
[  681.364648][   T37] audit: type=1326 audit(1774708152.533:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11270 comm="syz.1.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f515c20da97 code=0x7ffc0000
[  681.364687][   T37] audit: type=1326 audit(1774708152.533:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11270 comm="syz.1.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f515c20c799 code=0x7ffc0000
[  681.364725][   T37] audit: type=1326 audit(1774708152.533:1406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11270 comm="syz.1.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f515c20da97 code=0x7ffc0000
[  681.364763][   T37] audit: type=1326 audit(1774708152.533:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11270 comm="syz.1.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f515c1ccfce code=0x7ffc0000
[  681.364801][   T37] audit: type=1326 audit(1774708152.533:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11270 comm="syz.1.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f515c20c799 code=0x7ffc0000
[  685.020564][T11331] openvswitch: netlink: IPv4 tun info is not correct
[  685.554941][T11341] netlink: 'syz.1.1425': attribute type 4 has an invalid length.
[  685.554966][T11341] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1425'.
[  685.633278][T11344] netlink: 364 bytes leftover after parsing attributes in process `syz.1.1425'.
[  685.783628][T11341] .`: renamed from bond0 (while UP)
[  686.030668][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  686.030748][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  687.841348][T11370] netlink: 'syz.8.1431': attribute type 21 has an invalid length.
[  687.841427][T11370] netlink: 'syz.8.1431': attribute type 6 has an invalid length.
[  687.841442][T11370] netlink: 132 bytes leftover after parsing attributes in process `syz.8.1431'.
[  688.350177][ T5868] usb 9-1: new high-speed USB device number 31 using dummy_hcd
[  688.500927][ T5868] usb 9-1: Using ep0 maxpacket: 32
[  688.518427][ T5868] usb 9-1: config index 0 descriptor too short (expected 35577, got 27)
[  688.518461][ T5868] usb 9-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  688.518483][ T5868] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  688.518502][ T5868] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 92
[  688.518523][ T5868] usb 9-1: config 1 has no interface number 0
[  688.518578][ T5868] usb 9-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  688.518603][ T5868] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  688.634792][ T5868] snd_usb_pod 9-1:1.1: Line 6 Pocket POD found
[  688.811877][ T5868] snd_usb_pod 9-1:1.1: endpoint not available, using fallback values
[  688.812368][ T5868] snd_usb_pod 9-1:1.1: invalid control EP
[  688.812384][ T5868] snd_usb_pod 9-1:1.1: cannot start listening: -22
[  688.812727][ T5868] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now disconnected
[  688.813360][ T5868] snd_usb_pod 9-1:1.1: probe with driver snd_usb_pod failed with error -22
[  689.021732][ T5908] usb 9-1: USB disconnect, device number 31
[  691.792229][ T5868] usb 9-1: new high-speed USB device number 32 using dummy_hcd
[  691.950109][ T5868] usb 9-1: Using ep0 maxpacket: 32
[  692.023634][ T5868] usb 9-1: config index 0 descriptor too short (expected 35577, got 27)
[  692.023668][ T5868] usb 9-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  692.027362][ T5868] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 92
[  692.027429][ T5868] usb 9-1: config 1 has no interface number 0
[  692.027553][ T5868] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  692.027583][ T5868] usb 9-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  692.027709][ T5868] usb 9-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  692.027782][ T5868] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  692.722283][ T5868] snd_usb_pod 9-1:1.1: Line 6 Pocket POD found
[  692.927156][ T5868] snd_usb_pod 9-1:1.1: set_interface failed
[  692.927388][ T5868] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now disconnected
[  692.927769][ T5868] snd_usb_pod 9-1:1.1: probe with driver snd_usb_pod failed with error -71
[  692.963703][ T5868] usb 9-1: USB disconnect, device number 32
[  695.375782][T11451] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.1455' sets config #236
[  695.483160][T11452] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1456'.
[  695.483390][T11452] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1456'.
[  695.557785][T11452] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1456'.
[  695.751308][T11456] netlink: 'syz.6.1457': attribute type 3 has an invalid length.
[  695.752234][T11456] FAULT_INJECTION: forcing a failure.
[  695.752234][T11456] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  695.752257][T11456] CPU: 0 UID: 0 PID: 11456 Comm: syz.6.1457 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  695.752271][T11456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  695.752279][T11456] Call Trace:
[  695.752284][T11456]  <TASK>
[  695.752289][T11456]  dump_stack_lvl+0xe8/0x150
[  695.752311][T11456]  should_fail_ex+0x46b/0x600
[  695.752331][T11456]  _copy_from_iter+0x1d3/0x1670
[  695.752352][T11456]  ? trace_kmem_cache_alloc+0x29/0xf0
[  695.752369][T11456]  ? __alloc_skb+0x27d/0x7d0
[  695.752387][T11456]  ? __pfx__copy_from_iter+0x10/0x10
[  695.752401][T11456]  ? kmem_cache_alloc_node_noprof+0x27c/0x6e0
[  695.752418][T11456]  ? __alloc_skb+0x27d/0x7d0
[  695.752439][T11456]  ? netlink_sendmsg+0x650/0xb40
[  695.752457][T11456]  ? skb_put+0x11b/0x210
[  695.752470][T11456]  netlink_sendmsg+0x6c0/0xb40
[  695.752492][T11456]  ? __pfx_netlink_sendmsg+0x10/0x10
[  695.752509][T11456]  ? unwind_get_return_address+0x4d/0x90
[  695.752524][T11456]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  695.752543][T11456]  ____sys_sendmsg+0x94c/0x9c0
[  695.752559][T11456]  ? __pfx_____sys_sendmsg+0x10/0x10
[  695.752577][T11456]  ? import_iovec+0x73/0xa0
[  695.752596][T11456]  ___sys_sendmsg+0x2a5/0x360
[  695.752612][T11456]  ? __pfx____sys_sendmsg+0x10/0x10
[  695.752644][T11456]  ? __fget_files+0x2a/0x420
[  695.752660][T11456]  ? __fget_files+0x3a6/0x420
[  695.752680][T11456]  __x64_sys_sendmsg+0x1c3/0x2a0
[  695.752695][T11456]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  695.752713][T11456]  ? __pfx_ksys_write+0x10/0x10
[  695.752737][T11456]  do_syscall_64+0x14d/0xf80
[  695.752749][T11456]  ? trace_irq_disable+0x3b/0x150
[  695.752763][T11456]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  695.752775][T11456]  ? clear_bhb_loop+0x40/0x90
[  695.752789][T11456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  695.752801][T11456] RIP: 0033:0x7f3a6830c799
[  695.752813][T11456] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  695.752824][T11456] RSP: 002b:00007f3a6653d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  695.752838][T11456] RAX: ffffffffffffffda RBX: 00007f3a68586090 RCX: 00007f3a6830c799
[  695.752847][T11456] RDX: 0000000024000840 RSI: 0000200000009b40 RDI: 0000000000000004
[  695.752855][T11456] RBP: 00007f3a6653d090 R08: 0000000000000000 R09: 0000000000000000
[  695.752862][T11456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  695.752869][T11456] R13: 00007f3a68586128 R14: 00007f3a68586090 R15: 00007ffdef562ab8
[  695.752887][T11456]  </TASK>
[  697.370230][ T8814] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  697.550289][ T8814] usb 2-1: Using ep0 maxpacket: 32
[  697.552713][ T8814] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  697.552740][ T8814] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  697.552760][ T8814] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  697.552781][ T8814] usb 2-1: config 1 has no interface number 0
[  697.552828][ T8814] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  697.552998][ T8814] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  697.553044][ T8814] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  697.553068][ T8814] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.674861][ T8814] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  697.883837][ T8814] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[  699.472669][ T8814] snd_usb_pod 2-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  699.568020][  T808] usb 2-1: USB disconnect, device number 3
[  699.680902][  T808] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  699.967638][T11489] fuse: Bad value for 'user_id'
[  699.967659][T11489] fuse: Bad value for 'user_id'
[  701.774692][T11524] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1475'.
[  701.839961][ T5868] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  702.180728][ T8814] usb 7-1: new high-speed USB device number 55 using dummy_hcd
[  702.391384][ T8814] usb 7-1: Using ep0 maxpacket: 8
[  703.446849][ T5868] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 237, changing to 7
[  703.465675][ T5868] usb 2-1: New USB device found, idVendor=0e41, idProduct=414d, bcdDevice= 0.40
[  703.465715][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.465788][ T5868] usb 2-1: Product: 쳶
[  703.465803][ T5868] usb 2-1: Manufacturer: 躂䦘⾀ṷf凣᪻윃ᕣ莉ᜭ茬늺膦굴褠踊귮秭ϭᇯ繜ꔽ錱그�涇௠钡ऽԵ蚭ㆼ柡��̋ㅷ쪀ꖺ�䬴ᵊ绾㞊墲懧▕ꭃ�鼓￾
[  703.465827][ T5868] usb 2-1: SerialNumber: з
[  703.587370][ T8814] usb 7-1: device descriptor read/all, error -71
[  703.826055][ T5868] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  703.826562][ T5868] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  703.913664][ T5868] usb 2-1: USB disconnect, device number 4
[  704.026344][ T9282] udevd[9282]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  704.412275][T11547] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  704.650934][T11563] kernel profiling enabled (shift: 63)
[  704.650958][T11563] profiling shift: 63 too large
[  707.890006][ T5983] usb 8-1: new high-speed USB device number 55 using dummy_hcd
[  708.057407][ T5983] usb 8-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  708.057442][ T5983] usb 8-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  708.057463][ T5983] usb 8-1: Product: syz
[  708.057477][ T5983] usb 8-1: Manufacturer: syz
[  708.057491][ T5983] usb 8-1: SerialNumber: syz
[  708.089099][ T5983] usb 8-1: config 0 descriptor??
[  708.095625][ T5983] ch341 8-1:0.0: ch341-uart converter detected
[  708.301983][T11591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  708.302579][T11591] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  708.306541][ T5983] usb 8-1: failed to receive control message: -71
[  708.306610][ T5983] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  708.357139][ T5983] usb 8-1: USB disconnect, device number 55
[  708.359326][ T5983] ch341 8-1:0.0: device disconnected
[  708.379999][ T8814] usb 9-1: new high-speed USB device number 33 using dummy_hcd
[  708.480066][ T5908] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  708.547531][ T8814] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 237, changing to 7
[  708.573844][ T8814] usb 9-1: New USB device found, idVendor=0e41, idProduct=414d, bcdDevice= 0.40
[  708.573876][ T8814] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.573897][ T8814] usb 9-1: Product: 쳶
[  708.573911][ T8814] usb 9-1: Manufacturer: 躂䦘⾀ṷf凣᪻윃ᕣ莉ᜭ茬늺膦굴褠踊귮秭ϭᇯ繜ꔽ錱그�涇௠钡ऽԵ蚭ㆼ柡��̋ㅷ쪀ꖺ�䬴ᵊ绾㞊墲懧▕ꭃ�鼓￾
[  708.573984][ T8814] usb 9-1: SerialNumber: з
[  708.630285][ T5908] usb 2-1: Using ep0 maxpacket: 32
[  708.642739][ T5908] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  708.642767][ T5908] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  708.642787][ T5908] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  708.642806][ T5908] usb 2-1: config 1 has no interface number 0
[  708.642849][ T5908] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  708.642873][ T5908] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  708.642911][ T5908] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  708.642933][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  708.908177][ T5908] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  709.042956][ T8814] usb 9-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  709.044728][ T8814] usb 9-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  709.099998][ T5908] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[  709.165887][ T8814] usb 9-1: USB disconnect, device number 33
[  709.401827][ T9282] udevd[9282]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  709.538116][ T8814] usb 2-1: USB disconnect, device number 5
[  709.575849][ T8814] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  713.306735][T11661] FAULT_INJECTION: forcing a failure.
[  713.306735][T11661] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  713.306771][T11661] CPU: 1 UID: 0 PID: 11661 Comm: syz.6.1506 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  713.306795][T11661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  713.306808][T11661] Call Trace:
[  713.306816][T11661]  <TASK>
[  713.306826][T11661]  dump_stack_lvl+0xe8/0x150
[  713.306863][T11661]  should_fail_ex+0x46b/0x600
[  713.306898][T11661]  __kvm_read_guest_page+0x18d/0x240
[  713.306928][T11661]  kvm_vcpu_read_guest+0x75/0x150
[  713.306957][T11661]  read_emulate+0x2c/0x50
[  713.306983][T11661]  emulator_read_write_onepage+0x6a6/0xa10
[  713.307021][T11661]  emulator_read_write+0x1c9/0x560
[  713.307051][T11661]  ? __pfx_emulator_read_emulated+0x10/0x10
[  713.307084][T11661]  segmented_read+0x1ba/0x3f0
[  713.307120][T11661]  x86_emulate_insn+0x36a/0x43d0
[  713.307166][T11661]  ? __pfx_x86_emulate_insn+0x10/0x10
[  713.307193][T11661]  ? __pfx_vmx_vcpu_pi_load+0x10/0x10
[  713.307217][T11661]  ? __kernel_text_address+0xd/0x30
[  713.307241][T11661]  ? unwind_get_return_address+0x4d/0x90
[  713.307268][T11661]  x86_emulate_instruction+0xf23/0x21c0
[  713.307314][T11661]  ? __pfx_x86_emulate_instruction+0x10/0x10
[  713.307338][T11661]  ? complete_emulated_mmio+0x18e/0x7a0
[  713.307373][T11661]  ? __asan_memcpy+0x40/0x70
[  713.307403][T11661]  ? complete_emulated_mmio+0x4d2/0x7a0
[  713.307445][T11661]  ? __pfx_complete_emulated_mmio+0x10/0x10
[  713.307471][T11661]  kvm_arch_vcpu_ioctl_run+0x17f7/0x20d0
[  713.307514][T11661]  ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0
[  713.307541][T11661]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  713.307589][T11661]  ? kasan_quarantine_put+0xbb/0x1f0
[  713.307638][T11661]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  713.307663][T11661]  ? lockdep_hardirqs_on+0x7a/0x110
[  713.307686][T11661]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  713.307709][T11661]  ? _mutex_lock_killable+0x152/0x1d0
[  713.307737][T11661]  ? kvm_vcpu_ioctl+0x283/0xfe0
[  713.307765][T11661]  kvm_vcpu_ioctl+0xa65/0xfe0
[  713.307796][T11661]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  713.307824][T11661]  ? __asan_memset+0x22/0x50
[  713.307852][T11661]  ? smack_file_ioctl+0x331/0x360
[  713.307888][T11661]  ? __pfx_smack_file_ioctl+0x10/0x10
[  713.307931][T11661]  ? __fget_files+0x2a/0x420
[  713.307958][T11661]  ? __fget_files+0x3a6/0x420
[  713.307983][T11661]  ? __fget_files+0x2a/0x420
[  713.308014][T11661]  ? bpf_lsm_file_ioctl+0x9/0x20
[  713.308037][T11661]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  713.308061][T11661]  __se_sys_ioctl+0xff/0x170
[  713.308085][T11661]  do_syscall_64+0x14d/0xf80
[  713.308106][T11661]  ? trace_irq_disable+0x3b/0x150
[  713.308130][T11661]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  713.308152][T11661]  ? clear_bhb_loop+0x40/0x90
[  713.308180][T11661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  713.308201][T11661] RIP: 0033:0x7f3a6830c799
[  713.308221][T11661] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  713.308239][T11661] RSP: 002b:00007f3a6655e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  713.308262][T11661] RAX: ffffffffffffffda RBX: 00007f3a68585fa0 RCX: 00007f3a6830c799
[  713.308277][T11661] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  713.308290][T11661] RBP: 00007f3a6655e090 R08: 0000000000000000 R09: 0000000000000000
[  713.308303][T11661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  713.308315][T11661] R13: 00007f3a68586038 R14: 00007f3a68585fa0 R15: 00007ffdef562ab8
[  713.308359][T11661]  </TASK>
[  715.269168][T11667] netlink: 'syz.7.1507': attribute type 83 has an invalid length.
[  717.957915][  T808] usb 8-1: new high-speed USB device number 56 using dummy_hcd
[  718.450813][  T808] usb 8-1: Using ep0 maxpacket: 8
[  719.071725][  T808] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  719.071780][  T808] usb 8-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 1056, setting to 1024
[  719.116120][  T808] usb 8-1: New USB device found, idVendor=0582, idProduct=0121, bcdDevice= 0.40
[  719.116153][  T808] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.116172][  T808] usb 8-1: Product: syz
[  719.116186][  T808] usb 8-1: Manufacturer: syz
[  719.116200][  T808] usb 8-1: SerialNumber: syz
[  719.355335][T11719] FAULT_INJECTION: forcing a failure.
[  719.355335][T11719] name failslab, interval 1, probability 0, space 0, times 0
[  719.355372][T11719] CPU: 0 UID: 0 PID: 11719 Comm: syz.1.1519 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  719.355395][T11719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  719.355408][T11719] Call Trace:
[  719.355416][T11719]  <TASK>
[  719.355425][T11719]  dump_stack_lvl+0xe8/0x150
[  719.355462][T11719]  should_fail_ex+0x46b/0x600
[  719.355496][T11719]  should_failslab+0xa8/0x100
[  719.355519][T11719]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  719.355551][T11719]  ? __alloc_skb+0x1d0/0x7d0
[  719.355579][T11719]  ? lockdep_hardirqs_on+0x7a/0x110
[  719.355606][T11719]  __alloc_skb+0x1d0/0x7d0
[  719.355635][T11719]  ? __lock_acquire+0x6b5/0x2cf0
[  719.355660][T11719]  alloc_skb_with_frags+0xca/0x890
[  719.355685][T11719]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  719.355715][T11719]  sock_alloc_send_pskb+0x884/0x9a0
[  719.355758][T11719]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  719.355784][T11719]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  719.355808][T11719]  ? is_bpf_text_address+0x292/0x2b0
[  719.355837][T11719]  ? is_bpf_text_address+0x26/0x2b0
[  719.355866][T11719]  ? kernel_text_address+0xa5/0xe0
[  719.355892][T11719]  hci_sock_sendmsg+0x208/0xf40
[  719.355927][T11719]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  719.355959][T11719]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  719.355992][T11719]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  719.356018][T11719]  sock_write_iter+0x4a1/0x4f0
[  719.356055][T11719]  ? __pfx_sock_write_iter+0x10/0x10
[  719.356098][T11719]  ? rw_verify_area+0x25b/0x4e0
[  719.356126][T11719]  ? import_ubuf+0xfb/0x1d0
[  719.356158][T11719]  aio_write+0x5df/0x880
[  719.356184][T11719]  ? __pfx_aio_write+0x10/0x10
[  719.356237][T11719]  io_submit_one+0x7bb/0x14c0
[  719.356273][T11719]  ? irqentry_exit+0x59e/0x620
[  719.356297][T11719]  ? trace_irq_disable+0x3b/0x150
[  719.356326][T11719]  ? __pfx_io_submit_one+0x10/0x10
[  719.356371][T11719]  ? __might_fault+0xaf/0x130
[  719.356407][T11719]  __se_sys_io_submit+0x195/0x340
[  719.356438][T11719]  ? __pfx___se_sys_io_submit+0x10/0x10
[  719.356463][T11719]  ? ksys_write+0x248/0x270
[  719.356510][T11719]  do_syscall_64+0x14d/0xf80
[  719.356531][T11719]  ? trace_irq_disable+0x3b/0x150
[  719.356552][T11719]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  719.356574][T11719]  ? clear_bhb_loop+0x40/0x90
[  719.356599][T11719]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  719.356619][T11719] RIP: 0033:0x7f515c20c799
[  719.356639][T11719] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  719.356657][T11719] RSP: 002b:00007f515a45e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  719.356680][T11719] RAX: ffffffffffffffda RBX: 00007f515c485fa0 RCX: 00007f515c20c799
[  719.356694][T11719] RDX: 0000200000001240 RSI: 0000000000000001 RDI: 00007f515cfc4000
[  719.356707][T11719] RBP: 00007f515a45e090 R08: 0000000000000000 R09: 0000000000000000
[  719.356721][T11719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  719.356734][T11719] R13: 00007f515c486038 R14: 00007f515c485fa0 R15: 00007fffa580dfd8
[  719.356766][T11719]  </TASK>
[  719.712058][  T808] usb 8-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  719.712580][  T808] usb 8-1: unit 1 not found!
[  719.873609][  T808] usb 8-1: USB disconnect, device number 56
[  719.963381][ T9282] udevd[9282]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  723.467490][T11763] FAULT_INJECTION: forcing a failure.
[  723.467490][T11763] name failslab, interval 1, probability 0, space 0, times 0
[  723.467533][T11763] CPU: 1 UID: 0 PID: 11763 Comm: syz.6.1531 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  723.467561][T11763] Tainted: [L]=SOFTLOCKUP
[  723.467569][T11763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  723.467581][T11763] Call Trace:
[  723.467590][T11763]  <TASK>
[  723.467599][T11763]  dump_stack_lvl+0xe8/0x150
[  723.467638][T11763]  should_fail_ex+0x46b/0x600
[  723.467675][T11763]  should_failslab+0xa8/0x100
[  723.467700][T11763]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  723.467732][T11763]  ? __alloc_skb+0x1d0/0x7d0
[  723.467772][T11763]  __alloc_skb+0x1d0/0x7d0
[  723.467811][T11763]  tipc_buf_acquire+0x2b/0xe0
[  723.467845][T11763]  tipc_named_withdraw+0x203/0x790
[  723.467885][T11763]  tipc_nametbl_withdraw+0xd5/0x2c0
[  723.467911][T11763]  ? tipc_nametbl_withdraw+0x70/0x2c0
[  723.467938][T11763]  tipc_sk_withdraw+0x301/0x650
[  723.467982][T11763]  ? __pfx_tipc_sk_withdraw+0x10/0x10
[  723.468011][T11763]  ? __local_bh_enable_ip+0x1ae/0x2b0
[  723.468041][T11763]  ? lockdep_hardirqs_on+0x7a/0x110
[  723.468071][T11763]  tipc_sk_bind+0x234/0x300
[  723.468096][T11763]  ? tipc_bind+0x6c/0x260
[  723.468126][T11763]  __sys_bind+0x2e9/0x410
[  723.468161][T11763]  ? __pfx___sys_bind+0x10/0x10
[  723.468217][T11763]  ? __pfx_ksys_write+0x10/0x10
[  723.468261][T11763]  __x64_sys_bind+0x7a/0x90
[  723.468294][T11763]  do_syscall_64+0x14d/0xf80
[  723.468315][T11763]  ? trace_irq_disable+0x3b/0x150
[  723.468341][T11763]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.468363][T11763]  ? clear_bhb_loop+0x40/0x90
[  723.468390][T11763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.468412][T11763] RIP: 0033:0x7f3a6830c799
[  723.468434][T11763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  723.468451][T11763] RSP: 002b:00007f3a6655e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  723.468475][T11763] RAX: ffffffffffffffda RBX: 00007f3a68585fa0 RCX: 00007f3a6830c799
[  723.468492][T11763] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  723.468505][T11763] RBP: 00007f3a6655e090 R08: 0000000000000000 R09: 0000000000000000
[  723.468519][T11763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  723.468532][T11763] R13: 00007f3a68586038 R14: 00007f3a68585fa0 R15: 00007ffdef562ab8
[  723.468570][T11763]  </TASK>
[  724.515212][T11763] tipc: Withdrawal distribution failure
[  726.883901][   T37] kauditd_printk_skb: 95 callbacks suppressed
[  726.883921][   T37] audit: type=1326 audit(1774708198.043:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11797 comm="syz.8.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  726.883968][   T37] audit: type=1326 audit(1774708198.043:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11797 comm="syz.8.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  726.884010][   T37] audit: type=1326 audit(1774708198.043:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11797 comm="syz.8.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  726.884054][   T37] audit: type=1326 audit(1774708198.043:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11797 comm="syz.8.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  726.884099][   T37] audit: type=1326 audit(1774708198.043:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11797 comm="syz.8.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  726.884145][   T37] audit: type=1326 audit(1774708198.043:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11797 comm="syz.8.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  726.884199][   T37] audit: type=1326 audit(1774708198.043:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11797 comm="syz.8.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  726.884245][   T37] audit: type=1326 audit(1774708198.043:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11797 comm="syz.8.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  726.884291][   T37] audit: type=1326 audit(1774708198.043:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11797 comm="syz.8.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  726.884337][   T37] audit: type=1326 audit(1774708198.043:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11797 comm="syz.8.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  727.460978][T11812] netlink: 48 bytes leftover after parsing attributes in process `syz.8.1545'.
[  727.485662][T11811] FAULT_INJECTION: forcing a failure.
[  727.485662][T11811] name failslab, interval 1, probability 0, space 0, times 0
[  727.485701][T11811] CPU: 0 UID: 0 PID: 11811 Comm: syz.1.1546 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  727.485735][T11811] Tainted: [L]=SOFTLOCKUP
[  727.485742][T11811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  727.485754][T11811] Call Trace:
[  727.485762][T11811]  <TASK>
[  727.485771][T11811]  dump_stack_lvl+0xe8/0x150
[  727.485806][T11811]  should_fail_ex+0x46b/0x600
[  727.485838][T11811]  should_failslab+0xa8/0x100
[  727.485862][T11811]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  727.485893][T11811]  ? __alloc_skb+0x1d0/0x7d0
[  727.485922][T11811]  ? lockdep_hardirqs_on+0x7a/0x110
[  727.485950][T11811]  __alloc_skb+0x1d0/0x7d0
[  727.485988][T11811]  netlink_sendmsg+0x5d4/0xb40
[  727.486029][T11811]  ? __pfx_netlink_sendmsg+0x10/0x10
[  727.486062][T11811]  ? unwind_get_return_address+0x4d/0x90
[  727.486089][T11811]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  727.486125][T11811]  ____sys_sendmsg+0x94c/0x9c0
[  727.486155][T11811]  ? __pfx_____sys_sendmsg+0x10/0x10
[  727.486196][T11811]  ? import_iovec+0x73/0xa0
[  727.486231][T11811]  ___sys_sendmsg+0x2a5/0x360
[  727.486260][T11811]  ? __pfx____sys_sendmsg+0x10/0x10
[  727.486323][T11811]  ? __fget_files+0x2a/0x420
[  727.486348][T11811]  ? __fget_files+0x3a6/0x420
[  727.486386][T11811]  __x64_sys_sendmsg+0x1c3/0x2a0
[  727.486413][T11811]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  727.486447][T11811]  ? __pfx_ksys_write+0x10/0x10
[  727.486491][T11811]  do_syscall_64+0x14d/0xf80
[  727.486512][T11811]  ? trace_irq_disable+0x3b/0x150
[  727.486537][T11811]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.486558][T11811]  ? clear_bhb_loop+0x40/0x90
[  727.486584][T11811]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.486605][T11811] RIP: 0033:0x7f515c20c799
[  727.486626][T11811] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  727.486644][T11811] RSP: 002b:00007f515a45e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  727.486667][T11811] RAX: ffffffffffffffda RBX: 00007f515c485fa0 RCX: 00007f515c20c799
[  727.486682][T11811] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 0000000000000004
[  727.486695][T11811] RBP: 00007f515a45e090 R08: 0000000000000000 R09: 0000000000000000
[  727.486708][T11811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  727.486719][T11811] R13: 00007f515c486038 R14: 00007f515c485fa0 R15: 00007fffa580dfd8
[  727.486751][T11811]  </TASK>
[  727.725867][T11817] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  728.324066][T11830] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  728.329652][ T8113] bond0: (slave bond_slave_0): interface is now down
[  728.329713][ T8113] bond0: (slave bond_slave_1): interface is now down
[  728.336632][ T8113] bond0: now running without any active interface!
[  728.553102][T11834] FAULT_INJECTION: forcing a failure.
[  728.553102][T11834] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  728.553155][T11834] CPU: 0 UID: 0 PID: 11834 Comm: syz.6.1554 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  728.553185][T11834] Tainted: [L]=SOFTLOCKUP
[  728.553192][T11834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  728.553205][T11834] Call Trace:
[  728.553213][T11834]  <TASK>
[  728.553222][T11834]  dump_stack_lvl+0xe8/0x150
[  728.553260][T11834]  should_fail_ex+0x46b/0x600
[  728.553296][T11834]  _copy_to_user+0x31/0xb0
[  728.553331][T11834]  quota_getquota+0x44e/0x540
[  728.553377][T11834]  ? __pfx_quota_getquota+0x10/0x10
[  728.553436][T11834]  ? do_quotactl+0x796/0x860
[  728.553477][T11834]  __se_sys_quotactl_fd+0x278/0x410
[  728.553514][T11834]  do_syscall_64+0x14d/0xf80
[  728.553536][T11834]  ? trace_irq_disable+0x3b/0x150
[  728.553561][T11834]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  728.553584][T11834]  ? clear_bhb_loop+0x40/0x90
[  728.553612][T11834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  728.553633][T11834] RIP: 0033:0x7f3a6830c799
[  728.553655][T11834] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  728.553673][T11834] RSP: 002b:00007f3a6655e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001bb
[  728.553697][T11834] RAX: ffffffffffffffda RBX: 00007f3a68585fa0 RCX: 00007f3a6830c799
[  728.553713][T11834] RDX: 0000000000000000 RSI: ffffffff80000701 RDI: 0000000000000003
[  728.553728][T11834] RBP: 00007f3a6655e090 R08: 0000000000000000 R09: 0000000000000000
[  728.553742][T11834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  728.553755][T11834] R13: 00007f3a68586038 R14: 00007f3a68585fa0 R15: 00007ffdef562ab8
[  728.553791][T11834]  </TASK>
[  732.909965][ T5908] usb 8-1: new full-speed USB device number 57 using dummy_hcd
[  733.062844][ T5908] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  733.062882][ T5908] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  733.062924][ T5908] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  733.062949][ T5908] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.170057][ T5908] usb 8-1: config 0 descriptor??
[  733.191056][ T5908] hub 8-1:0.0: USB hub found
[  733.374991][ T5908] hub 8-1:0.0: 7 ports detected
[  733.375518][ T5908] hub 8-1:0.0: insufficient power available to use all downstream ports
[  733.618377][T11891] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1570'.
[  733.691536][T11868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  733.692146][T11868] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  734.336171][ T5908] hub 8-1:0.0: hub_hub_status failed (err = -71)
[  734.336203][ T5908] hub 8-1:0.0: config failed, can't get hub status (err -71)
[  734.368399][ T5908] usbhid 8-1:0.0: can't add hid device: -71
[  734.368550][ T5908] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  734.526875][ T5908] usb 8-1: USB disconnect, device number 57
[  734.861942][ T5807] Bluetooth: hci0: unexpected event for opcode 0x0800
[  735.168364][T11915] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  735.171014][T11915] FAULT_INJECTION: forcing a failure.
[  735.171014][T11915] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  735.171047][T11915] CPU: 0 UID: 0 PID: 11915 Comm: syz.1.1578 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  735.171073][T11915] Tainted: [L]=SOFTLOCKUP
[  735.171079][T11915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  735.171090][T11915] Call Trace:
[  735.171097][T11915]  <TASK>
[  735.171105][T11915]  dump_stack_lvl+0xe8/0x150
[  735.171145][T11915]  should_fail_ex+0x46b/0x600
[  735.171174][T11915]  _copy_from_user+0x2d/0xb0
[  735.171202][T11915]  iommufd_fops_ioctl+0x461/0x5d0
[  735.171231][T11915]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  735.171268][T11915]  ? __fget_files+0x2a/0x420
[  735.171295][T11915]  ? bpf_lsm_file_ioctl+0x9/0x20
[  735.171315][T11915]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  735.171340][T11915]  __se_sys_ioctl+0xff/0x170
[  735.171383][T11915]  do_syscall_64+0x14d/0xf80
[  735.171403][T11915]  ? trace_irq_disable+0x3b/0x150
[  735.171424][T11915]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.171443][T11915]  ? clear_bhb_loop+0x40/0x90
[  735.171466][T11915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.171484][T11915] RIP: 0033:0x7f515c20c799
[  735.171502][T11915] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  735.171519][T11915] RSP: 002b:00007f515a45e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  735.171538][T11915] RAX: ffffffffffffffda RBX: 00007f515c485fa0 RCX: 00007f515c20c799
[  735.171552][T11915] RDX: 0000200000000280 RSI: 0000000000003b8d RDI: 0000000000000003
[  735.171564][T11915] RBP: 00007f515a45e090 R08: 0000000000000000 R09: 0000000000000000
[  735.171576][T11915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  735.171588][T11915] R13: 00007f515c486038 R14: 00007f515c485fa0 R15: 00007fffa580dfd8
[  735.171618][T11915]  </TASK>
[  735.401016][T11919] FAULT_INJECTION: forcing a failure.
[  735.401016][T11919] name failslab, interval 1, probability 0, space 0, times 0
[  735.401057][T11919] CPU: 0 UID: 0 PID: 11919 Comm: syz.6.1580 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  735.401087][T11919] Tainted: [L]=SOFTLOCKUP
[  735.401095][T11919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  735.401107][T11919] Call Trace:
[  735.401116][T11919]  <TASK>
[  735.401125][T11919]  dump_stack_lvl+0xe8/0x150
[  735.401161][T11919]  should_fail_ex+0x46b/0x600
[  735.401196][T11919]  should_failslab+0xa8/0x100
[  735.401221][T11919]  __kmalloc_noprof+0xdf/0x7b0
[  735.401253][T11919]  ? kfree+0x4d/0x6c0
[  735.401279][T11919]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  735.401313][T11919]  tomoyo_realpath_from_path+0xe3/0x5d0
[  735.401351][T11919]  ? tomoyo_path_number_perm+0x219/0x630
[  735.401386][T11919]  tomoyo_path_number_perm+0x246/0x630
[  735.401423][T11919]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  735.401460][T11919]  ? __lock_acquire+0x6b5/0x2cf0
[  735.401522][T11919]  ? __fget_files+0x2a/0x420
[  735.401553][T11919]  ? __fget_files+0x2a/0x420
[  735.401578][T11919]  ? __fget_files+0x3a6/0x420
[  735.401603][T11919]  ? __fget_files+0x2a/0x420
[  735.401634][T11919]  security_file_ioctl+0xc3/0x2a0
[  735.401660][T11919]  __se_sys_ioctl+0x47/0x170
[  735.401684][T11919]  do_syscall_64+0x14d/0xf80
[  735.401706][T11919]  ? trace_irq_disable+0x3b/0x150
[  735.401731][T11919]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.401753][T11919]  ? clear_bhb_loop+0x40/0x90
[  735.401779][T11919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.401800][T11919] RIP: 0033:0x7f3a6830c799
[  735.401820][T11919] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  735.401838][T11919] RSP: 002b:00007f3a6655e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  735.401862][T11919] RAX: ffffffffffffffda RBX: 00007f3a68585fa0 RCX: 00007f3a6830c799
[  735.401877][T11919] RDX: 0000200000000280 RSI: 0000000040047452 RDI: 0000000000000003
[  735.401891][T11919] RBP: 00007f3a6655e090 R08: 0000000000000000 R09: 0000000000000000
[  735.401912][T11919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  735.401925][T11919] R13: 00007f3a68586038 R14: 00007f3a68585fa0 R15: 00007ffdef562ab8
[  735.401960][T11919]  </TASK>
[  735.401968][T11919] ERROR: Out of memory at tomoyo_realpath_from_path.
[  735.726292][T11924] FAULT_INJECTION: forcing a failure.
[  735.726292][T11924] name failslab, interval 1, probability 0, space 0, times 0
[  735.726333][T11924] CPU: 0 UID: 0 PID: 11924 Comm: syz.1.1582 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  735.726364][T11924] Tainted: [L]=SOFTLOCKUP
[  735.726371][T11924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  735.726383][T11924] Call Trace:
[  735.726392][T11924]  <TASK>
[  735.726401][T11924]  dump_stack_lvl+0xe8/0x150
[  735.726439][T11924]  should_fail_ex+0x46b/0x600
[  735.726473][T11924]  should_failslab+0xa8/0x100
[  735.726498][T11924]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  735.726530][T11924]  ? __alloc_skb+0x1d0/0x7d0
[  735.726562][T11924]  ? lockdep_hardirqs_on+0x7a/0x110
[  735.726590][T11924]  __alloc_skb+0x1d0/0x7d0
[  735.726627][T11924]  alloc_skb_with_frags+0xca/0x890
[  735.726665][T11924]  sock_alloc_send_pskb+0x884/0x9a0
[  735.726688][T11924]  ? __lock_acquire+0x6b5/0x2cf0
[  735.726729][T11924]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  735.726755][T11924]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  735.726785][T11924]  ? __lock_acquire+0x6b5/0x2cf0
[  735.726813][T11924]  hci_sock_sendmsg+0x208/0xf40
[  735.726849][T11924]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  735.726893][T11924]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  735.726926][T11924]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  735.726954][T11924]  sock_write_iter+0x4a1/0x4f0
[  735.726984][T11924]  ? __pfx_sock_write_iter+0x10/0x10
[  735.727035][T11924]  vfs_write+0x629/0xba0
[  735.727076][T11924]  ? __pfx_vfs_write+0x10/0x10
[  735.727117][T11924]  ? __fget_files+0x2a/0x420
[  735.727154][T11924]  ksys_write+0x156/0x270
[  735.727189][T11924]  ? __pfx_ksys_write+0x10/0x10
[  735.727232][T11924]  do_syscall_64+0x14d/0xf80
[  735.727254][T11924]  ? trace_irq_disable+0x3b/0x150
[  735.727279][T11924]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.727302][T11924]  ? clear_bhb_loop+0x40/0x90
[  735.727329][T11924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.727350][T11924] RIP: 0033:0x7f515c20c799
[  735.727371][T11924] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  735.727390][T11924] RSP: 002b:00007f515a45e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  735.727414][T11924] RAX: ffffffffffffffda RBX: 00007f515c485fa0 RCX: 00007f515c20c799
[  735.727430][T11924] RDX: 000000000000000d RSI: 0000200000000000 RDI: 0000000000000015
[  735.727443][T11924] RBP: 00007f515a45e090 R08: 0000000000000000 R09: 0000000000000000
[  735.727456][T11924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  735.727469][T11924] R13: 00007f515c486038 R14: 00007f515c485fa0 R15: 00007fffa580dfd8
[  735.727503][T11924]  </TASK>
[  738.963604][   T37] kauditd_printk_skb: 8 callbacks suppressed
[  738.963625][   T37] audit: type=1326 audit(1774708210.133:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11982 comm="syz.8.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  738.963677][   T37] audit: type=1326 audit(1774708210.133:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11982 comm="syz.8.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  738.963961][   T37] audit: type=1326 audit(1774708210.133:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11982 comm="syz.8.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  738.964600][   T37] audit: type=1326 audit(1774708210.133:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11982 comm="syz.8.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  738.965045][   T37] audit: type=1326 audit(1774708210.133:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11982 comm="syz.8.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  738.965104][   T37] audit: type=1326 audit(1774708210.133:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11982 comm="syz.8.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcc672bcfce code=0x7ffc0000
[  739.167964][   T37] audit: type=1326 audit(1774708210.133:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11982 comm="syz.8.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fcc672fda97 code=0x7ffc0000
[  739.168024][   T37] audit: type=1326 audit(1774708210.333:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11982 comm="syz.8.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  739.168071][   T37] audit: type=1326 audit(1774708210.333:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11982 comm="syz.8.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fcc672fda97 code=0x7ffc0000
[  739.168116][   T37] audit: type=1326 audit(1774708210.333:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11982 comm="syz.8.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fcc672bcfce code=0x7ffc0000
[  739.953903][T11988] FAULT_INJECTION: forcing a failure.
[  739.953903][T11988] name failslab, interval 1, probability 0, space 0, times 0
[  739.953943][T11988] CPU: 1 UID: 0 PID: 11988 Comm: syz.7.1599 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  739.953971][T11988] Tainted: [L]=SOFTLOCKUP
[  739.953979][T11988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  739.953991][T11988] Call Trace:
[  739.954000][T11988]  <TASK>
[  739.954009][T11988]  dump_stack_lvl+0xe8/0x150
[  739.954046][T11988]  should_fail_ex+0x46b/0x600
[  739.954090][T11988]  should_failslab+0xa8/0x100
[  739.954115][T11988]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  739.954146][T11988]  ? __alloc_skb+0x1d0/0x7d0
[  739.954177][T11988]  ? lockdep_hardirqs_on+0x7a/0x110
[  739.954206][T11988]  __alloc_skb+0x1d0/0x7d0
[  739.954242][T11988]  alloc_skb_with_frags+0xca/0x890
[  739.954280][T11988]  sock_alloc_send_pskb+0x884/0x9a0
[  739.954326][T11988]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  739.954363][T11988]  ? iov_iter_advance+0x8b/0x1c0
[  739.954397][T11988]  tun_get_user+0x92d/0x3de0
[  739.954421][T11988]  ? kernel_text_address+0xa5/0xe0
[  739.954453][T11988]  ? arch_stack_walk+0xfb/0x150
[  739.954483][T11988]  ? __pfx_tun_get_user+0x10/0x10
[  739.954511][T11988]  ? __lock_acquire+0x6b5/0x2cf0
[  739.954544][T11988]  ? ref_tracker_alloc+0x332/0x4a0
[  739.954575][T11988]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  739.954610][T11988]  ? tun_get+0x1c/0x2f0
[  739.954648][T11988]  ? tun_get+0x1c/0x2f0
[  739.954679][T11988]  ? tun_get+0x1c/0x2f0
[  739.954714][T11988]  tun_chr_write_iter+0x119/0x200
[  739.954750][T11988]  vfs_write+0x629/0xba0
[  739.954791][T11988]  ? __pfx_vfs_write+0x10/0x10
[  739.954832][T11988]  ? __fget_files+0x2a/0x420
[  739.954869][T11988]  ksys_write+0x156/0x270
[  739.954903][T11988]  ? __pfx_ksys_write+0x10/0x10
[  739.954947][T11988]  do_syscall_64+0x14d/0xf80
[  739.954969][T11988]  ? trace_irq_disable+0x3b/0x150
[  739.954994][T11988]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  739.955016][T11988]  ? clear_bhb_loop+0x40/0x90
[  739.955042][T11988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  739.955070][T11988] RIP: 0033:0x7f9ce0c8c799
[  739.955090][T11988] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  739.955109][T11988] RSP: 002b:00007f9cdeede028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  739.955133][T11988] RAX: ffffffffffffffda RBX: 00007f9ce0f05fa0 RCX: 00007f9ce0c8c799
[  739.955149][T11988] RDX: 0000000000000066 RSI: 0000200000001400 RDI: 0000000000000003
[  739.955163][T11988] RBP: 00007f9cdeede090 R08: 0000000000000000 R09: 0000000000000000
[  739.955177][T11988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  739.955190][T11988] R13: 00007f9ce0f06038 R14: 00007f9ce0f05fa0 R15: 00007ffc12e3ab58
[  739.955226][T11988]  </TASK>
[  740.041035][T11996] openvswitch: netlink: Multiple metadata blocks provided
[  741.124843][T12001] netlink: 'syz.3.1603': attribute type 8 has an invalid length.
[  743.584411][ T6691] syz_tun (unregistering): left allmulticast mode
[  743.640058][ T5983] usb 8-1: new high-speed USB device number 58 using dummy_hcd
[  743.687289][T12046] overlayfs: failed to clone upperpath
[  743.790024][ T5983] usb 8-1: Using ep0 maxpacket: 16
[  743.792994][ T5983] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  743.793029][ T5983] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  743.793053][ T5983] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  743.793095][ T5983] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  743.793118][ T5983] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  743.829242][ T5983] usb 8-1: config 0 descriptor??
[  744.103435][T12048] mkiss: ax0: crc mode is auto.
[  745.282355][ T5983] input: HID 045e:07da as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:045E:07DA.000D/input/input10
[  745.458165][ T5983] microsoft 0003:045E:07DA.000D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.7-1/input0
[  745.530023][ T5983] usb 8-1: USB disconnect, device number 58
[  745.612716][T12062] fido_id[12062]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/8-1/report_descriptor': No such file or directory
[  746.191987][T12069] FAULT_INJECTION: forcing a failure.
[  746.191987][T12069] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  746.192013][T12069] CPU: 0 UID: 0 PID: 12069 Comm: syz.8.1622 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  746.192031][T12069] Tainted: [L]=SOFTLOCKUP
[  746.192035][T12069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  746.192042][T12069] Call Trace:
[  746.192047][T12069]  <TASK>
[  746.192053][T12069]  dump_stack_lvl+0xe8/0x150
[  746.192081][T12069]  should_fail_ex+0x46b/0x600
[  746.192101][T12069]  _copy_from_iter+0x1d3/0x1670
[  746.192117][T12069]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  746.192134][T12069]  ? __pfx_policy_nodemask+0x10/0x10
[  746.192148][T12069]  ? __pfx__copy_from_iter+0x10/0x10
[  746.192166][T12069]  ? set_page_refcounted+0xa0/0x1e0
[  746.192179][T12069]  ? page_copy_sane+0x4e/0x270
[  746.192195][T12069]  copy_page_from_iter+0xdd/0x170
[  746.192214][T12069]  tun_get_user+0x1d4b/0x3de0
[  746.192224][T12069]  ? tun_get_user+0x6ff/0x3de0
[  746.192246][T12069]  ? __pfx_tun_get_user+0x10/0x10
[  746.192267][T12069]  ? ref_tracker_alloc+0x332/0x4a0
[  746.192284][T12069]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  746.192302][T12069]  ? tun_get+0x1c/0x2f0
[  746.192322][T12069]  ? tun_get+0x1c/0x2f0
[  746.192339][T12069]  ? tun_get+0x1c/0x2f0
[  746.192358][T12069]  tun_chr_write_iter+0x119/0x200
[  746.192376][T12069]  vfs_write+0x629/0xba0
[  746.192398][T12069]  ? __pfx_vfs_write+0x10/0x10
[  746.192420][T12069]  ? __fget_files+0x2a/0x420
[  746.192439][T12069]  ksys_write+0x156/0x270
[  746.192457][T12069]  ? __pfx_ksys_write+0x10/0x10
[  746.192480][T12069]  do_syscall_64+0x14d/0xf80
[  746.192493][T12069]  ? trace_irq_disable+0x3b/0x150
[  746.192507][T12069]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  746.192518][T12069]  ? clear_bhb_loop+0x40/0x90
[  746.192532][T12069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  746.192544][T12069] RIP: 0033:0x7fcc672bcfce
[  746.192556][T12069] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  746.192566][T12069] RSP: 002b:00007fcc6554dfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  746.192580][T12069] RAX: ffffffffffffffda RBX: 00007fcc6554e6c0 RCX: 00007fcc672bcfce
[  746.192589][T12069] RDX: 0000000000000074 RSI: 0000200000000000 RDI: 00000000000000c8
[  746.192596][T12069] RBP: 00007fcc6554e090 R08: 0000000000000000 R09: 0000000000000000
[  746.192604][T12069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  746.192611][T12069] R13: 00007fcc67576038 R14: 00007fcc67575fa0 R15: 00007fffdf5d64e8
[  746.192629][T12069]  </TASK>
[  746.583788][ T8360] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  746.713676][ T5113] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  746.739752][ T5113] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  746.748729][ T5113] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  746.769096][ T5113] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  746.782639][ T5113] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  746.903890][T12079] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  747.271149][T12088] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1626'.
[  747.271177][T12088] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1626'.
[  747.420963][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  747.421043][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  747.752385][ T5908] usb 8-1: new high-speed USB device number 59 using dummy_hcd
[  747.922838][ T5908] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  747.922904][ T5908] usb 8-1: New USB device found, idVendor=0471, idProduct=030c, bcdDevice=e4.df
[  747.922928][ T5908] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  747.931377][ T5908] usb 8-1: config 0 descriptor??
[  747.945079][ T5908] pwc: Philips PCVC690K (Vesta Pro Scan) USB webcam detected.
[  748.049259][ T8360] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  748.432108][T12106] netlink: 'syz.7.1628': attribute type 5 has an invalid length.
[  748.896118][ T8360] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  748.923910][ T5113] Bluetooth: hci2: command tx timeout
[  749.640024][ T5807] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  749.757444][ T8360] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.128688][T12134] FAULT_INJECTION: forcing a failure.
[  750.128688][T12134] name failslab, interval 1, probability 0, space 0, times 0
[  750.128729][T12134] CPU: 1 UID: 0 PID: 12134 Comm: syz.8.1636 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  750.128765][T12134] Tainted: [L]=SOFTLOCKUP
[  750.128773][T12134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  750.128785][T12134] Call Trace:
[  750.128794][T12134]  <TASK>
[  750.128812][T12134]  dump_stack_lvl+0xe8/0x150
[  750.128849][T12134]  should_fail_ex+0x46b/0x600
[  750.128883][T12134]  should_failslab+0xa8/0x100
[  750.128908][T12134]  __kmalloc_noprof+0xdf/0x7b0
[  750.128941][T12134]  ? video_usercopy+0x1b1/0x14b0
[  750.128977][T12134]  video_usercopy+0x1b1/0x14b0
[  750.129013][T12134]  ? smk_tskacc+0x311/0x3a0
[  750.129042][T12134]  ? __pfx___video_do_ioctl+0x10/0x10
[  750.129073][T12134]  ? __pfx_video_usercopy+0x10/0x10
[  750.129100][T12134]  ? smack_file_ioctl+0x2c2/0x360
[  750.129148][T12134]  ? __fget_files+0x2a/0x420
[  750.129174][T12134]  ? __fget_files+0x3a6/0x420
[  750.129205][T12134]  v4l2_ioctl+0x190/0x1e0
[  750.129235][T12134]  ? __pfx_v4l2_ioctl+0x10/0x10
[  750.129264][T12134]  __se_sys_ioctl+0xff/0x170
[  750.129289][T12134]  do_syscall_64+0x14d/0xf80
[  750.129310][T12134]  ? trace_irq_disable+0x3b/0x150
[  750.129335][T12134]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.129357][T12134]  ? clear_bhb_loop+0x40/0x90
[  750.129384][T12134]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.129404][T12134] RIP: 0033:0x7fcc672fc799
[  750.129425][T12134] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  750.129443][T12134] RSP: 002b:00007fcc6554e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  750.129468][T12134] RAX: ffffffffffffffda RBX: 00007fcc67575fa0 RCX: 00007fcc672fc799
[  750.129483][T12134] RDX: 0000200000001600 RSI: 00000000c0cc5616 RDI: 0000000000000003
[  750.129497][T12134] RBP: 00007fcc6554e090 R08: 0000000000000000 R09: 0000000000000000
[  750.129509][T12134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  750.129522][T12134] R13: 00007fcc67576038 R14: 00007fcc67575fa0 R15: 00007fffdf5d64e8
[  750.129557][T12134]  </TASK>
[  750.745423][ T5908] pwc: send_video_command error -71
[  750.745444][ T5908] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  750.745575][ T5908] Philips webcam 8-1:0.0: probe with driver Philips webcam failed with error -71
[  750.783432][ T5908] usb 8-1: USB disconnect, device number 59
[  750.810277][T12076] chnl_net:caif_netlink_parms(): no params data found
[  750.846442][T12140] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1637'.
[  751.001747][ T5807] Bluetooth: hci2: command tx timeout
[  752.054152][T12076] bridge0: port 1(bridge_slave_0) entered blocking state
[  752.054378][T12076] bridge0: port 1(bridge_slave_0) entered disabled state
[  752.054604][T12076] bridge_slave_0: entered allmulticast mode
[  752.057694][T12076] bridge_slave_0: entered promiscuous mode
[  752.223973][   T37] kauditd_printk_skb: 71 callbacks suppressed
[  752.223994][   T37] audit: type=1326 audit(1774708223.393:1603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12184 comm="syz.8.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  752.224401][   T37] audit: type=1326 audit(1774708223.393:1604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12184 comm="syz.8.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  752.224749][   T37] audit: type=1326 audit(1774708223.393:1605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12184 comm="syz.8.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  752.225439][   T37] audit: type=1326 audit(1774708223.393:1606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12184 comm="syz.8.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  752.225720][   T37] audit: type=1326 audit(1774708223.393:1607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12184 comm="syz.8.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  752.226066][   T37] audit: type=1326 audit(1774708223.393:1608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12184 comm="syz.8.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  752.226516][   T37] audit: type=1326 audit(1774708223.393:1609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12184 comm="syz.8.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  752.226807][   T37] audit: type=1326 audit(1774708223.393:1610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12184 comm="syz.8.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  752.227157][   T37] audit: type=1326 audit(1774708223.393:1611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12184 comm="syz.8.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  752.227737][   T37] audit: type=1326 audit(1774708223.393:1612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12184 comm="syz.8.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc672fc799 code=0x7ffc0000
[  752.241154][T12076] bridge0: port 2(bridge_slave_1) entered blocking state
[  752.241320][T12076] bridge0: port 2(bridge_slave_1) entered disabled state
[  752.241577][T12076] bridge_slave_1: entered allmulticast mode
[  752.281820][T12076] bridge_slave_1: entered promiscuous mode
[  752.538985][ T8360] bridge_slave_1: left allmulticast mode
[  752.539007][ T8360] bridge_slave_1: left promiscuous mode
[  752.539176][ T8360] bridge0: port 2(bridge_slave_1) entered disabled state
[  752.590155][  T808] usb 8-1: new high-speed USB device number 60 using dummy_hcd
[  752.621780][ T8360] bridge_slave_0: left allmulticast mode
[  752.621813][ T8360] bridge_slave_0: left promiscuous mode
[  752.622112][ T8360] bridge0: port 1(bridge_slave_0) entered disabled state
[  752.750345][  T808] usb 8-1: Using ep0 maxpacket: 32
[  752.752802][  T808] usb 8-1: config index 0 descriptor too short (expected 35577, got 27)
[  752.752831][  T808] usb 8-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  752.752852][  T808] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 92
[  752.752874][  T808] usb 8-1: config 1 has no interface number 0
[  752.752920][  T808] usb 8-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  752.752947][  T808] usb 8-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  752.752990][  T808] usb 8-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  752.753013][  T808] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  752.776968][  T808] snd_usb_pod 8-1:1.1: Line 6 Pocket POD found
[  752.992636][  T808] snd_usb_pod 8-1:1.1: Line 6 Pocket POD now attached
[  753.122331][ T5807] Bluetooth: hci2: command tx timeout
[  753.915182][  T808] usb 8-1: USB disconnect, device number 60
[  753.919028][  T808] snd_usb_pod 8-1:1.1: Line 6 Pocket POD now disconnected
[  755.159930][ T5807] Bluetooth: hci2: command tx timeout
[  755.209947][ T5943] usb 8-1: new high-speed USB device number 61 using dummy_hcd
[  755.260950][ T8360] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  755.341020][ T8360] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  755.381019][ T5943] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  755.381049][ T5943] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  755.381067][ T5943] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  755.384475][ T5943] usb 8-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  755.384496][ T5943] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  755.384507][ T5943] usb 8-1: Product: syz
[  755.384516][ T5943] usb 8-1: Manufacturer: syz
[  755.384524][ T5943] usb 8-1: SerialNumber: syz
[  755.387562][ T8360] bond0 (unregistering): Released all slaves
[  755.466419][ T5943] usb 8-1: config 0 descriptor??
[  755.470279][T12214] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  755.470403][T12214] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  755.497680][ T5943] usb 8-1: ucan: probing device on interface #0
[  755.773341][T12076] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  755.794085][T12076] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  755.897732][ T5943] usb 8-1: ucan: failed to retrieve device info
[  755.897758][ T5943] usb 8-1: ucan: probe failed; try to update the device firmware
[  755.931172][ T5943] usb 8-1: USB disconnect, device number 61
[  756.209499][T12076] team0: Port device team_slave_0 added
[  756.215102][T12076] team0: Port device team_slave_1 added
[  756.251346][T12228] netlink: 'syz.3.1665': attribute type 7 has an invalid length.
[  756.251362][T12228] netlink: 'syz.3.1665': attribute type 8 has an invalid length.
[  756.251369][T12228] netlink: 209788 bytes leftover after parsing attributes in process `syz.3.1665'.
[  756.825832][T12076] batman_adv: batadv0: Adding interface: batadv_slave_0
[  756.825852][T12076] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  756.825882][T12076] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  756.925797][T12076] batman_adv: batadv0: Adding interface: batadv_slave_1
[  756.925826][T12076] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  756.925856][T12076] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  757.438125][ T8360] hsr_slave_0: left promiscuous mode
[  757.470414][ T8360] hsr_slave_1: left promiscuous mode
[  757.471401][ T8360] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  757.471430][ T8360] batman_adv: batadv0: Removing interface: batadv_slave_0
[  757.512628][ T8360] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  757.512658][ T8360] batman_adv: batadv0: Removing interface: batadv_slave_1
[  757.626790][ T8360] veth1_macvtap: left promiscuous mode
[  757.636567][ T8360] veth0_macvtap: left promiscuous mode
[  757.648270][ T8360] veth1_vlan: left promiscuous mode
[  757.648507][ T8360] veth0_vlan: left promiscuous mode
[  759.005271][ T8360] team0 (unregistering): Port device team_slave_1 removed
[  759.073224][ T8360] team0 (unregistering): Port device team_slave_0 removed
[  759.398567][T12253] netlink: 'syz.3.1676': attribute type 25 has an invalid length.
[  759.398590][T12253] netlink: 'syz.3.1676': attribute type 28 has an invalid length.
[  759.675363][T12076] hsr_slave_0: entered promiscuous mode
[  759.686007][T12076] hsr_slave_1: entered promiscuous mode
[  759.686618][T12076] debugfs: 'hsr0' already exists in 'hsr'
[  759.686643][T12076] Cannot create hsr debugfs directory
[  761.560138][T12274] syz.1.1683 (12274): drop_caches: 2
[  761.800616][T12278] netlink: 'syz.3.1680': attribute type 1 has an invalid length.
[  762.848672][T12287] mac80211_hwsim hwsim24 wlan1: entered allmulticast mode
[  762.955495][T12309] overlayfs: failed to clone upperpath
[  762.993796][T12294] mac80211_hwsim hwsim24 syzkaller0: entered promiscuous mode
[  762.993861][T12294] mac80211_hwsim hwsim24 syzkaller0: entered allmulticast mode
[  763.112069][T12289] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  763.112095][T12289] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  763.114384][T12289] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  763.114411][T12289] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  763.115260][T12289] ==================================================================
[  763.115277][T12289] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x92/0x190
[  763.115313][T12289] Read of size 8 at addr ffff88805baae780 by task syz.7.1688/12289
[  763.115333][T12289] 
[  763.115349][T12289] CPU: 1 UID: 0 PID: 12289 Comm: syz.7.1688 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  763.115380][T12289] Tainted: [L]=SOFTLOCKUP
[  763.115388][T12289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  763.115400][T12289] Call Trace:
[  763.115408][T12289]  <TASK>
[  763.115416][T12289]  dump_stack_lvl+0xe8/0x150
[  763.115459][T12289]  print_report+0xba/0x230
[  763.115491][T12289]  ? __list_del_entry_valid_or_report+0x92/0x190
[  763.115514][T12289]  kasan_report+0x117/0x150
[  763.115536][T12289]  ? __list_del_entry_valid_or_report+0x92/0x190
[  763.115564][T12289]  __list_del_entry_valid_or_report+0x92/0x190
[  763.115589][T12289]  bt_accept_unlink+0x39/0x260
[  763.115614][T12289]  l2cap_sock_teardown_cb+0x17e/0x490
[  763.115650][T12289]  l2cap_chan_del+0xb5/0x610
[  763.115677][T12289]  ? l2cap_conn_del+0x331/0x570
[  763.115705][T12289]  l2cap_conn_del+0x33d/0x570
[  763.115745][T12289]  ? __pfx_l2cap_disconn_cfm+0x10/0x10
[  763.115772][T12289]  hci_conn_hash_flush+0x10d/0x260
[  763.115804][T12289]  hci_dev_close_sync+0x821/0x10e0
[  763.115832][T12289]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  763.115857][T12289]  ? lockdep_hardirqs_on+0x7a/0x110
[  763.115878][T12289]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  763.115899][T12289]  ? mutex_lock_nested+0x152/0x1d0
[  763.115924][T12289]  ? hci_dev_do_close+0x28/0xc0
[  763.115949][T12289]  hci_dev_do_close+0x30/0xc0
[  763.115974][T12289]  hci_rfkill_set_block+0x1f4/0x290
[  763.115994][T12289]  ? __pfx_hci_rfkill_set_block+0x10/0x10
[  763.116017][T12289]  rfkill_set_block+0x1e5/0x450
[  763.116045][T12289]  rfkill_fop_write+0x464/0x5a0
[  763.116066][T12289]  ? __pfx_rfkill_fop_write+0x10/0x10
[  763.116088][T12289]  ? rw_verify_area+0x25b/0x4e0
[  763.116118][T12289]  ? __pfx_rfkill_fop_write+0x10/0x10
[  763.116138][T12289]  vfs_write+0x2a3/0xba0
[  763.116168][T12289]  ? __pfx_vfs_write+0x10/0x10
[  763.116196][T12289]  ? __fget_files+0x2a/0x420
[  763.116225][T12289]  ? __fget_files+0x2a/0x420
[  763.116247][T12289]  ? __fget_files+0x3a6/0x420
[  763.116270][T12289]  ? __fget_files+0x2a/0x420
[  763.116299][T12289]  ksys_write+0x156/0x270
[  763.116330][T12289]  ? __pfx_ksys_write+0x10/0x10
[  763.116364][T12289]  do_syscall_64+0x14d/0xf80
[  763.116384][T12289]  ? trace_irq_disable+0x3b/0x150
[  763.116409][T12289]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  763.116429][T12289]  ? clear_bhb_loop+0x40/0x90
[  763.116451][T12289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  763.116471][T12289] RIP: 0033:0x7f9ce0c8c799
[  763.116490][T12289] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  763.116508][T12289] RSP: 002b:00007f9cdeede028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  763.116533][T12289] RAX: ffffffffffffffda RBX: 00007f9ce0f05fa0 RCX: 00007f9ce0c8c799
[  763.116549][T12289] RDX: 0000000000000008 RSI: 0000200000000300 RDI: 0000000000000003
[  763.116562][T12289] RBP: 00007f9ce0d22c99 R08: 0000000000000000 R09: 0000000000000000
[  763.116577][T12289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  763.116590][T12289] R13: 00007f9ce0f06038 R14: 00007f9ce0f05fa0 R15: 00007ffc12e3ab58
[  763.116614][T12289]  </TASK>
[  763.116623][T12289] 
[  763.116628][T12289] Allocated by task 12076:
[  763.116638][T12289]  kasan_save_track+0x3e/0x80
[  763.116667][T12289]  __kasan_kmalloc+0x93/0xb0
[  763.116693][T12289]  __kmalloc_node_track_caller_noprof+0x372/0x7e0
[  763.116722][T12289]  pskb_expand_head+0x228/0x1320
[  763.116755][T12289]  netlink_trim+0x1b3/0x2c0
[  763.116780][T12289]  netlink_broadcast_filtered+0xd6/0x1010
[  763.116802][T12289]  nlmsg_notify+0xf0/0x1a0
[  763.116824][T12289]  __dev_notify_flags+0xf2/0x310
[  763.116840][T12289]  netif_change_flags+0xe8/0x1a0
[  763.116856][T12289]  do_setlink+0xf82/0x4590
[  763.116873][T12289]  rtnl_newlink+0x15a9/0x1be0
[  763.116898][T12289]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  763.116935][T12289]  netlink_rcv_skb+0x232/0x4b0
[  763.116960][T12289]  netlink_unicast+0x831/0x9f0
[  763.116980][T12289]  netlink_sendmsg+0x813/0xb40
[  763.117005][T12289]  __sys_sendto+0x67f/0x710
[  763.117023][T12289]  __x64_sys_sendto+0xde/0x100
[  763.117040][T12289]  do_syscall_64+0x14d/0xf80
[  763.117058][T12289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  763.117077][T12289] 
[  763.117082][T12289] Freed by task 12076:
[  763.117092][T12289]  kasan_save_track+0x3e/0x80
[  763.117118][T12289]  kasan_save_free_info+0x46/0x50
[  763.117141][T12289]  __kasan_slab_free+0x5c/0x80
[  763.117167][T12289]  kfree+0x1c1/0x6c0
[  763.117188][T12289]  skb_release_data+0x6f0/0x940
[  763.117206][T12289]  __kfree_skb+0x5d/0x210
[  763.117223][T12289]  netlink_broadcast_filtered+0xede/0x1010
[  763.117248][T12289]  nlmsg_notify+0xf0/0x1a0
[  763.117272][T12289]  __dev_notify_flags+0xf2/0x310
[  763.117288][T12289]  netif_change_flags+0xe8/0x1a0
[  763.117304][T12289]  do_setlink+0xf82/0x4590
[  763.117320][T12289]  rtnl_newlink+0x15a9/0x1be0
[  763.117346][T12289]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  763.117373][T12289]  netlink_rcv_skb+0x232/0x4b0
[  763.117396][T12289]  netlink_unicast+0x831/0x9f0
[  763.117417][T12289]  netlink_sendmsg+0x813/0xb40
[  763.117443][T12289]  __sys_sendto+0x67f/0x710
[  763.117459][T12289]  __x64_sys_sendto+0xde/0x100
[  763.117476][T12289]  do_syscall_64+0x14d/0xf80
[  763.117492][T12289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  763.117510][T12289] 
[  763.117515][T12289] The buggy address belongs to the object at ffff88805baae000
[  763.117515][T12289]  which belongs to the cache kmalloc-2k of size 2048
[  763.117533][T12289] The buggy address is located 1920 bytes inside of
[  763.117533][T12289]  freed 2048-byte region [ffff88805baae000, ffff88805baae800)
[  763.117552][T12289] 
[  763.117558][T12289] The buggy address belongs to the physical page:
[  763.117567][T12289] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805baac000 pfn:0x5baa8
[  763.117587][T12289] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  763.117602][T12289] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[  763.117620][T12289] page_type: f5(slab)
[  763.117639][T12289] raw: 0080000000000240 ffff88813fe1a000 ffffea0000a07e10 ffffea0000a04210
[  763.117658][T12289] raw: ffff88805baac000 0000000800080007 00000000f5000000 0000000000000000
[  763.117676][T12289] head: 0080000000000240 ffff88813fe1a000 ffffea0000a07e10 ffffea0000a04210
[  763.117693][T12289] head: ffff88805baac000 0000000800080007 00000000f5000000 0000000000000000
[  763.117712][T12289] head: 0080000000000003 ffffea00016eaa01 00000000ffffffff 00000000ffffffff
[  763.117741][T12289] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  763.117752][T12289] page dumped because: kasan: bad access detected
[  763.117762][T12289] page_owner tracks the page as allocated
[  763.117770][T12289] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5809, tgid 5809 (syz-executor), ts 89061837644, free_ts 0
[  763.117806][T12289]  post_alloc_hook+0x231/0x280
[  763.117836][T12289]  get_page_from_freelist+0x28bb/0x2950
[  763.117856][T12289]  __alloc_frozen_pages_noprof+0x18d/0x380
[  763.117876][T12289]  allocate_slab+0x77/0x660
[  763.117899][T12289]  refill_objects+0x334/0x3c0
[  763.117918][T12289]  __pcs_replace_empty_main+0x35c/0x710
[  763.117939][T12289]  __kmalloc_node_track_caller_noprof+0x60b/0x7e0
[  763.117970][T12289]  pskb_expand_head+0x228/0x1320
[  763.117990][T12289]  netlink_trim+0x1b3/0x2c0
[  763.118012][T12289]  netlink_broadcast_filtered+0xd6/0x1010
[  763.118036][T12289]  nlmsg_notify+0xf0/0x1a0
[  763.118060][T12289]  __dev_notify_flags+0xf2/0x310
[  763.118077][T12289]  rtnl_newlink_create+0x657/0xb70
[  763.118093][T12289]  rtnl_newlink+0x1666/0x1be0
[  763.118119][T12289]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  763.118144][T12289]  netlink_rcv_skb+0x232/0x4b0
[  763.118170][T12289] page_owner free stack trace missing
[  763.118177][T12289] 
[  763.118182][T12289] Memory state around the buggy address:
[  763.118194][T12289]  ffff88805baae680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  763.118208][T12289]  ffff88805baae700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  763.118223][T12289] >ffff88805baae780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  763.118234][T12289]                    ^
[  763.118244][T12289]  ffff88805baae800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  763.118258][T12289]  ffff88805baae880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  763.118269][T12289] ==================================================================
[  763.118283][T12289] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  763.118302][T12289] CPU: 1 UID: 0 PID: 12289 Comm: syz.7.1688 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  763.118331][T12289] Tainted: [L]=SOFTLOCKUP
[  763.118340][T12289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  763.118353][T12289] Call Trace:
[  763.118361][T12289]  <TASK>
[  763.118369][T12289]  vpanic+0x56c/0xa60
[  763.118400][T12289]  ? __pfx_vpanic+0x10/0x10
[  763.118435][T12289]  panic+0xc5/0xd0
[  763.118462][T12289]  ? __pfx_panic+0x10/0x10
[  763.118494][T12289]  ? __list_del_entry_valid_or_report+0x92/0x190
[  763.118525][T12289]  ? __list_del_entry_valid_or_report+0x92/0x190
[  763.118548][T12289]  check_panic_on_warn+0x89/0xb0
[  763.118570][T12289]  ? __list_del_entry_valid_or_report+0x92/0x190
[  763.118594][T12289]  end_report+0x73/0x180
[  763.118613][T12289]  ? __list_del_entry_valid_or_report+0x92/0x190
[  763.118637][T12289]  kasan_report+0x128/0x150
[  763.118657][T12289]  ? __list_del_entry_valid_or_report+0x92/0x190
[  763.118684][T12289]  __list_del_entry_valid_or_report+0x92/0x190
[  763.118710][T12289]  bt_accept_unlink+0x39/0x260
[  763.118745][T12289]  l2cap_sock_teardown_cb+0x17e/0x490
[  763.118777][T12289]  l2cap_chan_del+0xb5/0x610
[  763.118806][T12289]  ? l2cap_conn_del+0x331/0x570
[  763.118834][T12289]  l2cap_conn_del+0x33d/0x570
[  763.118861][T12289]  ? __pfx_l2cap_disconn_cfm+0x10/0x10
[  763.118899][T12289]  hci_conn_hash_flush+0x10d/0x260
[  763.118930][T12289]  hci_dev_close_sync+0x821/0x10e0
[  763.118957][T12289]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  763.118978][T12289]  ? lockdep_hardirqs_on+0x7a/0x110
[  763.118997][T12289]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  763.119017][T12289]  ? mutex_lock_nested+0x152/0x1d0
[  763.119043][T12289]  ? hci_dev_do_close+0x28/0xc0
[  763.119068][T12289]  hci_dev_do_close+0x30/0xc0
[  763.119090][T12289]  hci_rfkill_set_block+0x1f4/0x290
[  763.119112][T12289]  ? __pfx_hci_rfkill_set_block+0x10/0x10
[  763.119134][T12289]  rfkill_set_block+0x1e5/0x450
[  763.119162][T12289]  rfkill_fop_write+0x464/0x5a0
[  763.119183][T12289]  ? __pfx_rfkill_fop_write+0x10/0x10
[  763.119204][T12289]  ? rw_verify_area+0x25b/0x4e0
[  763.119232][T12289]  ? __pfx_rfkill_fop_write+0x10/0x10
[  763.119253][T12289]  vfs_write+0x2a3/0xba0
[  763.119286][T12289]  ? __pfx_vfs_write+0x10/0x10
[  763.119317][T12289]  ? __fget_files+0x2a/0x420
[  763.119343][T12289]  ? __fget_files+0x2a/0x420
[  763.119368][T12289]  ? __fget_files+0x3a6/0x420
[  763.119392][T12289]  ? __fget_files+0x2a/0x420
[  763.119419][T12289]  ksys_write+0x156/0x270
[  763.119450][T12289]  ? __pfx_ksys_write+0x10/0x10
[  763.119485][T12289]  do_syscall_64+0x14d/0xf80
[  763.119505][T12289]  ? trace_irq_disable+0x3b/0x150
[  763.119529][T12289]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  763.119549][T12289]  ? clear_bhb_loop+0x40/0x90
[  763.119572][T12289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  763.119592][T12289] RIP: 0033:0x7f9ce0c8c799
[  763.119609][T12289] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  763.119625][T12289] RSP: 002b:00007f9cdeede028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  763.119643][T12289] RAX: ffffffffffffffda RBX: 00007f9ce0f05fa0 RCX: 00007f9ce0c8c799
[  763.119653][T12289] RDX: 0000000000000008 RSI: 0000200000000300 RDI: 0000000000000003
[  763.119661][T12289] RBP: 00007f9ce0d22c99 R08: 0000000000000000 R09: 0000000000000000
[  763.119670][T12289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  763.119678][T12289] R13: 00007f9ce0f06038 R14: 00007f9ce0f05fa0 R15: 00007ffc12e3ab58
[  763.119692][T12289]  </TASK>
[  763.119881][T12289] Kernel Offset: disabled