last executing test programs:

4m44.132271742s ago: executing program 3 (id=2719):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000000)={0x2020000, 0xbf, 0x100}, 0xc)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x402)
process_mrelease(r1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000080), 0x4)
ioctl$KVM_CAP_STEAL_TIME(r1, 0x4068aea3, &(0x7f00000000c0))
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000140)={0x0, r1, 0x0, 0x5, 0xd, 0x8000000000000001})
r2 = fcntl$dupfd(r1, 0x0, r1)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000180)={<r3=>0x0, @in={{0x2, 0x4e21, @broadcast}}, [0x7, 0x8, 0x97c2, 0x7, 0x2, 0x8, 0x7, 0x5d8, 0x3, 0xbd, 0xfffffffffffffffb, 0x5, 0x4, 0xc, 0x1]}, &(0x7f0000000280)=0x100)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x23, &(0x7f00000002c0)={r3, 0x400}, 0x8)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vxcan1\x00'})
munmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
read$msr(r2, &(0x7f0000000340)=""/51, 0x33)
ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000380))
r4 = syz_open_dev$MSR(&(0x7f0000000400), 0x8, 0x0)
remap_file_pages(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x3, 0x1, 0x1000)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000440)=<r5=>0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(r4, 0x40089416, &(0x7f0000000480)=r5)
sendmsg$key(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000004c0)={0x2, 0x2, 0x5, 0x9, 0x6, 0x0, 0x70bd2c, 0x25dfdbfc, [@sadb_address={0x3, 0x6, 0x33, 0x20, 0x0, @in={0x2, 0x4e23, @private=0xa010101}}, @sadb_x_nat_t_type={0x1, 0x14, 0x1}]}, 0x30}}, 0x50)
r6 = getpgrp(0x0)
r7 = syz_open_procfs(r6, &(0x7f0000000580)='oom_score\x00')
ioctl$BTRFS_IOC_SNAP_DESTROY(r2, 0x5000940f, &(0x7f00000005c0)={{r4}, "1f738f42c18b2bce0f96d95372cd4fbbcfc15228cc1927db23aaaf580bd440eab029ba99c85b44633600e232aab83a2535525bc047e2a44dc56ea230bf7e17c41774f47e0f45144b3b0fa48b39134534fb101e2a53f05ed4df25b2d0aa1c0c0e9b2fd5788204af5ba9f84741cb521fbac8cb995f43d3b17e1a698b1a1c49ee7f08afd0af48f8b868e7329e05ff17d1df3afdb26f0dc03529c3e4289ba0f0a9f7950f98077cefe9cc55bade5226f0af45a4673b07e1d5b7341489297f337c121c16fa751d9743947c0d0d23ac8c573e2ed4be477f71f25ffe34f7a315e6f419afe5050f02f4d25708608205c199b4277efc61a3834fee89671a79b89c2e1417f4a359a79cea283872077d0800011a6ca010dfa401798cb8c463376c4b30d1c401adbf0251a62fd3d3ae0dfe9d1915348a7b3fce1e25e92f550069cee0f1e195e87651453a461108963b78d3e9576e79eaac8c28958b65582751074a008a3710807591e3839e412cfaee09e9f27f1bca7123513ee30f4457b7a3aef76d8e4a93844a007a61ff0306087bf434b25d777ab92abe728b2df0194a20784e2bc212f520495aecbe000f6cfcb00904ae3f06af4da197896ab474c472cf8cc5f37a9702013b27e1c41fd965a5a2ceca7f803a78a40c5f7d1c911dde38f2bea12c96a41f2af327aba722b45a1e10bb4e07c0b4288168db2218be3a43b9dab35eadb8f5eba47bbed134cc7080cc9d0c53efcac32c57b630ae98e064b1ab3c8e2a1936f59645899ab6c57b370f13c6f2df214f8b4d7933a2eb52a0ff4d5ac699ce365acaf9a934dee005ff4fc48945d1e3ecf9d593c54a1e161e51a9efbba22306c65b1966985d3ccfe921b63467bd2a5abdced9f3e042c7b9b09dc61d50a59d62f4c6bf067a9adeea073e53a88db886e0a226c96fc9d7a5c1c143a350cc771d25f331753c922d1f3d81d0413b555ac403883e0847f130688440ae5fe44c2263d9aecb4b144a7d760f0c6f63cf6e6a17cd90469a51cbcdd5872597d0587f0e2ee9e6c96eba8153dd0fc6154a86c66b90c4a04368845928a596b96857de1e023957eff769abbd9101e29e08a8069974b906849e673b8f0bb7c6b20a84a49455c78b866bdce042512b4d46db74e0beb9603bb67175246b03d01a28b8da35440b6a08c515683b327e42a5df25f708aeddcc5a68eb8248f60bd8612ff389b6de02fd6e120010ca371ff2ba00468a1cf738ab2308e1c7b97678023d4876d97b979f29768a8f93daa1a0441960df7099cb5ea33a7c0afb4a81b969fc0ff16da8a8f78666d183bcb1e61a1cdf07d34c3a8c444a077d62aa5fe81e55b5c8e729698d5da4c58dbf4f88bc8314eb2381db5ad2550b5559ca95bd379bbc5a1e51c61b731c62845cdbd91e9bcb483787289ed9d37342e0465e4328e540c5683db72e94a63eb9bb87b33988cdb3146396c9d4548e2707e896f5a6b74d541b6c9612cc1ad6253aad801ba06977b7ed7ce58c6f29476320460cc0e480eca2cf48de64b9acd27d5a8cd15a919f1792af783cdc13f846005972c87a3eeaa40ea05b641968b0e3613b79135ed626c4b4dc0c2e9f735554eb55ec38d62c678068ce8a9a65f735598563c55afe770c42112fc8b88085ed41897f4bc616dc0c0e448b96b9602dcb60642dda954603a57e609a6efb5fb5f7ee79db735fa71782fc04313a31b1c307dcb04b116296c843bd24ee3ed67e1c9127b8b8629367b32fca843cc489e99f2cff70b8001c19d010571586c49871f954d3f9fc04ab254aa3f6408c097a2a796b50f1993611bc9ad655047d47397ff384ee6a4142fa8ffb2bb935385412f6ae2176f201b6b4e20af134c46428dbfae23a85eef2cbf31a6c6b364d3e1214b6e4ee37754c060f7b7b65d4c9b1965d29ea80176341fbd03adfebc7bd2869e094ba31fb805749693225fb7ca6f13e630c2001249c68bf177a9965327b7a8f17b24408ab1b77dc5714b66fb8acb515650e45b6efbac01a37cf22e210122b578092b6caf8ac9245602e520f8a51e96abcb069dba82cbf96c5188efab056c1c962841594f9ebe7ed7370724fa1eebf3181bbceba4088d353f329503fbbbf6136b5b0fab331502f42f1264154d00f9d9da4fa836a8aa3ab340b176351cac01296b5061aa14b5a60ce8867d731bd132094ddc76406af9bf81698bc1b82f5abba462f63e880e19330cf014a17b7aecd215bd6ed50807682475a804a9f428df01e8279a2165557e7734ea6cd3908377e84c53bb28fb7627a56936553a360a69a32ef4d8cbd90bed11ec9ae09c2ac9fdc21be33b5e849590268ed3f10e97350981288502f27f7265f49e8dbb8e3111d1ff7601b86dc8c6bcb61839d3c95a21188f594791fbb183449469275c86f3a74c08b6733938bfcca511e5abf9e19f71d2aac4d8424614c3de4a6d2f49c3f52ae8c63f069d5da6a7f4fd820c3a0d7f3b87078599679f12740a44e2e516b369250ea881ab73b9d3c3db09cf559ce3250985ba656fdd1c5e3cfb87e407a0fbce2b2642f0ef56bfd081b26cdc076a0e9d336ee4e5146a0cf41b7fbad5aac61ffd9a7e3ea90c44bf50f3999f6c336b57ae23ceb92ab45751950f02f836473505af65813b5b6f472f6e94f54eb1e74f1703048c488fff0b51de0a8fbb1684fff29f86523e26b6e4011acfb00131958aa357ce1d73133b5e1d65f3b5ab91ccf4a011d37b4c0ee82326aace6192a3c0348241a5e5b320c16ff741402b8d271ff18a16a6cc31e53bd639fd37b764416cc54b337f79d296bfceec5867c219b888ce59a959d0e680f5aa52686e8a5a3be4d8e0271ce291b7aa2aede8585f72b3035790f90a06d85de68dc30e0e100be85fd744e46a57c4108ac6d0595e8cff5fc24acddbda182c6620766ac6e0f8f4e445909096d38742d91920a00f7f403144130e8ef8bc1f520cf0d145b10ca8a4ea084fda1bb99091a9f41beff266068dce7ea78094af2d98837a5c8e0a4f49c638e7bd7a224b76aa96abd0f134244af2274854b222d43695965c655bccd7ba11149256b821ea31f6911cf57c1f23f2bcf15647061e34a0332082106624de283b539676f8c8f0e553739909987c1945967d0093d505b99e2216dbea6b6d68f594b37c5a27847059eb26ce07bf45ea59a3ff3208f005213195c5d20e5381e89e50fdb987558eb2eaf96b93f819d4ce5328e7f76309f1f91c68936007f3a4950e77bc96ccb1c20189502fffd23f564292893334d6cafc30730e4759c3769cfe7072ab59b3da3fae84ed04b8668b2e952b66243e0995cb7f99c6497666d757f47cc23d8e208dca7fb3a4eb748fe3c9bb418b9a00bba8ff1a62123d1dadefa3dd6fc5d36b51dc8a2a6983085086aacaf5d72dddd9d38b95489e6789ed6bb182f69127099146f1e591c91ba9f06969773c829fbbeab25442a028eb02e5dc467fa8c35ef05cbde539dceddae777d3b56537c65e72889c166e5a2c30c2cab8782d7168077dbc27a6e992021e11123dc865fd240c19a37ef9bdd6be70a20acf128f05eb8b4979d550be229454d113ff64473784202df259a938fa0ef9e19ebaa2e83650f6f91c89a4afe7bc3d2a03675933c0122597ae10d3588e437e9c0629cf771da6e3f5f8700a4a760319ce06461bee6f1828fb69a36d34009515e2af1acee9b8ff674afd1e30b2ae11517074544f2fb7773fd5851f2987c158018b69379df1e9b739db7155a01356ee829d03edf73e30cccf981e292da6a246cfb38ecb5d9bb3fabb736e6a6a5f2c8b7770ba9d6b20d327d53a18203fadf4e3d60c8b461a661fe17c980bb4ce0de331c2df1ed5ceac763691dd97dd4294577571453405ee04befdff363002ce61d4f4c2ec93bbfc9c78739f4fd26e5a8b1037a87a867dfaa0200e38ae606ba0d3ffdd5f9d9786ee4671b2ece1807ff3956e55c4d6e17a14427f72d7b694eb229a2e5d7282eb2736bc2dccde079cf18f6e3e09d319147ec4c22954d591e1d5a553b2796a3c93c57fb9c0b196160ef8752b7c0bc8ebcc59c7f48cc005e282cf32101f09f0a9eac8ef9d4cd1d75ebe071029cf16b4c1786808e42e2f23c69246e13b111187f15da89dd09472ea6ea24c41d0866525ec507a8af5beb378194bf868dc2b8f5b782a09e9f2b72a1ee98cf435e9f8e2c4ede781e56f9d9565536a95eabf51a9cf4a9c6f1fc5b7ab7b7d53b4b3e87ff56ed07cfe899c1c4c1a0d3f64677cfdea7dc1cbeec0d3dbeccbd919cb9806f04c8ea058453ef32d9f7d2086c453ec442be198e3efe52732bfca2350b4be410cdad04569edf69719d0b3499f65b9d083394d4caaa6ef4c08cdf56052bb497cc66f203d4b5354a814354a9a3f33db21705c2af546ecd4c1e6357e8910db837c12331b750ba64475955bfb1ffb6fb6a7cfc0dcdcdb30a10f88acfdf83c3c083c1f18eb9f548da125fe33dae3d862a6f7e60c30b828d1abc90653c6c1d775af7f7e8fad8e2b2d1fab777868e2eebc86b7d3a0232c226c68fa0de7bee1cca92c79613171fa82e8f3a2e21e651c07bda6d3fb4a53393236a19cd6cd7afa72842dac17632538822a61098ce176ecc2f3d81ac6f29272ce743cca68dbd438366d1b09c3cd9dfc8d297a84de97503a43742ab49267cd394db376022af2d98540c67258c01a386ceefe560508af57c5d82ec29172cfa9ef2b388a6ccdabbe4b26e1fa0145f47e814288ab9e49f8043563112d2e61895bb3f947ffcd1bb3751cf889befb5918d6a163318d04c02ed3eee4b1bf834971c0b2fbe9fcc638823d8b9feef5150d9497ce56ff732082606382e35ed62689819bd6b69b49def2cc4b67e567c0e501b9154526fd93d52ddbf5a8a77cd951e8d8cc4153aad6d05d1d9e77db63e7f2b39c8bff85ea60e5ba13ca31a0fec94b8361eb5cb372863084b97d131317d775eaa01bdba14b2adfcc0a940d3153bf3ecd9f6482d1100af57c7750292914d45e7fecdee2ed4979eb7dd0f520209f4946991f45b806771c31aefd80dd3e796e23a76755b4cb332303a78056342b3b85d3f29f64d4dc0ec40da0842cbb7a9c073296e19026eda4c4a6b8e7b8fdbf8e6ef7ebc3c64a60136c877b05c11df10b282d6ae039a409383b1d6c98d40bd15c6603173ab1ba914868bfc48a4224a3a2f2bc5e29b73a90f27106a6ebcbdcf149cf884e4ad14265363b8bee77c0c64e2ccbac85a9cee73a1b336e043d567a9bc09941412cae6c220bbf8a0aac5506842af8eb85045dc7e798107c2c583d99d7920bb7c39079673036f9e992a81bf67da92ad8546ef13fda64a874745fad5575ca1fbd722b6834bd4d04212392dc6b72d0d32dce7b2d9faff0bb827de55a3ee5afcca80ea318f15f563377c32cb2b1d95d18aa880b19d8a10a29fe401409888ae55d597dfa9097eb7cdff9d1128ac8b848d79d3727d7e70f3d0840ff1760ffbf42a6de3529546eab1a7f3d828d1fef5ada8822b589c04363ea984b2edb4004922bbfba95382987677f3a5610362e24c253a5362d5f97a0a8e74d616f1c502a437634758c0808d2632b5f3eb25526e2befb4b158ccccc23db10d48583f2bd33d76b4b3d25d16db82f29e85f11895a5ef44abbe25a17de019dbf007fa8de8b49b843be426d55b749a1d45e48fe69e3cd88dca7094c6b5ed056a3577c4a063aff5553dfa469f045b7db14339b40cfb782bd46bf117697708f225112320d194b73e85c32bc068abc813a86c118a00c5d3592cda280448a92aeebc04bfd9b8d6e63a092a89c0c6357dd4b274aaea7c"})
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r2, 0x6628)
setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f00000015c0)=r2, 0x4)
socket$inet6_udp(0xa, 0x2, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001640), r2)
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000001740)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001700)={&(0x7f0000001680)={0x6c, r8, 0x800, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0x14, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}], @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x6c}, 0x1, 0x0, 0x0, 0x2004c004}, 0xc8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000001780)={r3, @in6={{0xa, 0x4e22, 0x98000000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}}, 0x1, 0x81, 0x9, 0x9, 0xa1, 0x0, 0x20}, 0x9c)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000001840)="c5b32383353db59bd51b282d8618a746404613f229227e56ecfad7943a0a7bdf405667b871d6d28dde4cb8aea00f6654495364aadb0f94098c0a9967b16df82b72adb59b2d9feba2dee46e6ece62ac0677b161a578f50a06b22c4bc7b56a767dde15a0556a521207c2474f6f3739b519d5a5bacf5c0525de1c2104188c4eb17b348a15ea3e4775e1636cbe106a9ab6d93d122f63e9e0f38e2081c269151ab5173fb79abd8135d33951d779df4787793f157549b1f017ea7c1d16f8e38764d51e3d4d0a6e93fec8fc50d40b57e56758eec8eb5d7cff395d19674d3f0e0d4a12944997a44c8fed", 0xe6)
sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f0000001a80)={&(0x7f0000001940)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001a40)={&(0x7f00000019c0)={0x44, 0x0, 0x4, 0x70bd26, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x44}, 0x1, 0x0, 0x0, 0x40010}, 0x80)

4m42.751079829s ago: executing program 3 (id=2724):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x80}, &(0x7f0000000180)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r0], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r4)
syz_io_uring_submit(r2, r3, &(0x7f00000005c0)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index=0x1, 0x5, {0x0, r4}, 0xfffffffe, 0x2, 0x0, {0x0, 0x0, r4}})
r5 = socket$netlink(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000006800)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="15060000000002000000010000003000018014000400fc0100000000000000000000000000010600050000000000060001000a"], 0x44}, 0x5}, 0x0)
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)

4m42.410296468s ago: executing program 3 (id=2728):
r0 = io_uring_setup(0x4a86, &(0x7f0000000240)={0x0, 0x417a, 0x40, 0x8001002, 0x3d5})
r1 = socket(0x1e, 0x4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r7, 0xc0d05640, &(0x7f0000000340)={0x1, @pix={0x0, 0x43, 0x32344d59, 0x0, 0xfffffffd, 0x0, 0x9, 0xfeedcafe, 0x3, 0x8, 0x0, 0x1}})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r11, @ANYBLOB="050027bd700000a668bc25ef288195c062ae860000000600000008000300", @ANYRES32=r10, @ANYBLOB="08004d01"], 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x4)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xffffefff}, {0x6}]}, 0x10)
sendmmsg(r5, &(0x7f0000000180), 0x4000190, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10)
r12 = socket(0x1e, 0x4, 0x0)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r13, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r14, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}}, 0x0)
setsockopt$packet_tx_ring(r12, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r1, &(0x7f0000003240), 0x4000000000000e4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

4m40.181088195s ago: executing program 3 (id=2733):
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r2, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x7, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}}, 0x10)
socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x1, 0x2, 0xa}, {0x2}], 0x10, 0x8}, 0x94)
r3 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)}, 0x2000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018"], 0x0, 0x32}, 0x20)
setsockopt$sock_attach_bpf(r3, 0x84, 0x6e, &(0x7f0000000000), 0x10)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r6, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r6, &(0x7f0000000b00)=[{{&(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0x1}, {0x0}], 0x2, 0x0, 0x0, 0xc000}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000280)='z', 0x1}], 0x1}}], 0x3, 0x0)

4m38.789820845s ago: executing program 3 (id=2735):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x14)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f00000000c0)={0x4, 0xb8})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='afs_sent_data\x00', r1, 0x0, 0x8c6f}, 0x18)
sendmsg$NFC_CMD_DISABLE_SE(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x24, r3, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc0}]}, 0x24}, 0x1, 0x0, 0x0, 0x20008840}, 0x40000)

4m38.63703501s ago: executing program 3 (id=2736):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_emit_ethernet(0xe2, &(0x7f0000000500)={@remote, @empty, @val={@val={0x88a8, 0x3, 0x1, 0x1}, {0x8100, 0x4}}, {@mpls_mc={0x8848, {[{0x401}, {0x9, 0x0, 0x1}, {0x68, 0x0, 0x1}, {0x891, 0x0, 0x1}, {0x3}, {0x6}], @generic="7924a36366daedd69485c564a94b57aed52f0bcb89fe2fc33b5591dd0d4ee8a31732132b58b471e740734cc747f3ce23f544a86fe7a0ad66cf7b348acf8bbcbd60588c7486affc27433025c5a5ad6232225111181b4d88e5f9af6d86b2768351d43f11f3cd0db2ba2e3c66660701baa6c561efc56fbd37eb230b8fd0dc6edd35c9e92c6ab7ab90cc936d9760c207f7c3a6aca72ac885134944dbd2a5e339dc67ea94b456eaecb3850225113aca83adfe5dac2304"}}}}, &(0x7f00000002c0)={0x0, 0x4, [0x972, 0x559, 0x8dd, 0xee9]})
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000100)=0x1, 0xfed3)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000400)=0x1, 0xa)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e22, @private=0xa010100}, 0x49)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}})
sendto(r2, &(0x7f00000001c0)="8bf4", 0x2, 0x24004074, 0x0, 0x0)
close(0x3)
write$UHID_INPUT(r1, &(0x7f0000001040)={0xa, {"a2e3ad08ed6b52f99cfbf4c087f71e9b3d0963ff7fc6e5539b9b3b0a8b9b441b4552101b080d29558f0e1ac6e7049b3468959b189a242a9b4bf3988f7ef319520700ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f00000004c0), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB=',msize=0x000000000e058'])
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r4=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, r4, 0x3, &(0x7f0000000040))
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
accept(r5, 0x0, 0x0)
syz_open_dev$cec(&(0x7f0000000140), 0x0, 0x2)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000200)={0x7, {{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x88)

4m22.779670027s ago: executing program 32 (id=2736):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_emit_ethernet(0xe2, &(0x7f0000000500)={@remote, @empty, @val={@val={0x88a8, 0x3, 0x1, 0x1}, {0x8100, 0x4}}, {@mpls_mc={0x8848, {[{0x401}, {0x9, 0x0, 0x1}, {0x68, 0x0, 0x1}, {0x891, 0x0, 0x1}, {0x3}, {0x6}], @generic="7924a36366daedd69485c564a94b57aed52f0bcb89fe2fc33b5591dd0d4ee8a31732132b58b471e740734cc747f3ce23f544a86fe7a0ad66cf7b348acf8bbcbd60588c7486affc27433025c5a5ad6232225111181b4d88e5f9af6d86b2768351d43f11f3cd0db2ba2e3c66660701baa6c561efc56fbd37eb230b8fd0dc6edd35c9e92c6ab7ab90cc936d9760c207f7c3a6aca72ac885134944dbd2a5e339dc67ea94b456eaecb3850225113aca83adfe5dac2304"}}}}, &(0x7f00000002c0)={0x0, 0x4, [0x972, 0x559, 0x8dd, 0xee9]})
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000100)=0x1, 0xfed3)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000400)=0x1, 0xa)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e22, @private=0xa010100}, 0x49)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}})
sendto(r2, &(0x7f00000001c0)="8bf4", 0x2, 0x24004074, 0x0, 0x0)
close(0x3)
write$UHID_INPUT(r1, &(0x7f0000001040)={0xa, {"a2e3ad08ed6b52f99cfbf4c087f71e9b3d0963ff7fc6e5539b9b3b0a8b9b441b4552101b080d29558f0e1ac6e7049b3468959b189a242a9b4bf3988f7ef319520700ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f00000004c0), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB=',msize=0x000000000e058'])
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r4=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, r4, 0x3, &(0x7f0000000040))
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
accept(r5, 0x0, 0x0)
syz_open_dev$cec(&(0x7f0000000140), 0x0, 0x2)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000200)={0x7, {{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x88)

13.428435971s ago: executing program 4 (id=3525):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x52, 0x64, 0x2b, 0x10, 0x17cc, 0x41c, 0x9c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x5, 0x0, 0xad, 0xd6, 0xdd}}]}}]}}, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000000)={0x1, {{0x2, 0x4e21, @empty=0xe0000000}}, {{0x2, 0x4e25, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x8000000010, 0x2, 0x0)
write(r1, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
ioctl$sock_inet_SIOCSARP(r2, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}})

12.676870616s ago: executing program 5 (id=3527):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x13f, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000400)={0x2020}, 0x2020)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002900)=[{{&(0x7f0000000200)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000580)=[{&(0x7f0000002680)}, {&(0x7f0000000380)}], 0x2, 0x0, 0x0, 0x10}}], 0x1, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r4=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r4, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r4, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x10, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000013ff0000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000000700000007000000bf91000000000000b7020000020000008500000085000000b700000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x60083, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_MAP(r6, 0x3b85, &(0x7f0000000440)={0x28, 0x5, r7, 0x0, &(0x7f0000000480)='L', 0x1, 0x400000001})
ioctl$IOMMU_IOAS_UNMAP(r6, 0x3b86, &(0x7f0000000000)={0x18, r7, 0x0, 0x10001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r4})

10.894727026s ago: executing program 2 (id=3530):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @local}, 0x10)
socket$packet(0x11, 0x3, 0x300)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0xbd84, 0x0, 0x1, 0x101}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000640)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x8, 0x0, 0x4}]}, 0x10)
socket$packet(0x11, 0x3, 0x300)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_TEE={0x21, 0xda1a0b6210925d15, 0x0, @fd=r0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x22d2, 0x20, 0x0, 0x0, 0x0)

10.814050909s ago: executing program 5 (id=3531):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18200000000000000000000000000020180c000000008000000000000000000018"], &(0x7f00000003c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x8}, 0x94)

10.679325035s ago: executing program 2 (id=3532):
socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$userio(0xffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000400)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x40, 0x2, 0x5e51, 0x0, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x9, 0x7, 0x4, 0x0, 0x5, 0x5}, 0x0, 0x0)

10.431104891s ago: executing program 5 (id=3533):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffffffe}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xd4}}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000d00)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd60000000001406"], 0x0)

10.004500002s ago: executing program 4 (id=3534):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x1, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000300)={0xa, @win={{0x5, 0x6, 0x46, 0x1}, 0x5, 0x5, 0x0, 0xfffffeff, 0x0, 0x5f}})
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2d)
ioctl$KVM_CAP_X2APIC_API(r2, 0x4068aea3, &(0x7f0000000000)={0x81, 0x0, 0x2})
bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x20000840}, 0x4008800)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001280), 0x0)
socket(0xa, 0x5, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000540), 0x4, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x10, 0x148, 0x34324142, 0x4, 0xfffefffe, 0x0, 0x5, 0x10, 0x0, 0x2}})
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000001c0)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000240)=0x1)
socket$kcm(0xa, 0x5, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x3, @loopback}, 0x10)
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

9.826003526s ago: executing program 5 (id=3535):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000080)=0x81, 0x43)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'ip6gretap0\x00'})
r1 = socket(0x11, 0xa, 0x3)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000ce34000000000000000000850000002e00000095"], &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000280)=r3, 0x4)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x4805)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_int(r0, 0x0, 0x17, 0x0, 0x0)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x2e, &(0x7f0000000500)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)

9.298922284s ago: executing program 2 (id=3537):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="2001d4"], 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x0, 0x8, 0x6, &(0x7f0000000140)={0xb, "a517e9a76eff2245eae6036557dbda48a97569b7d49cc449808dc51478a22d0506"}})

8.776274056s ago: executing program 5 (id=3539):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=ANY=[@ANYBLOB="480000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="020000000000000014001280090001007665746800000000040002800a0001002aaaaaaaaa00000008000400f2"], 0x48}}, 0x0)
r2 = socket(0x10, 0x803, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = creat(&(0x7f00000016c0)='./file0\x00', 0x63)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000001a40)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0, 0x0, r4}, 0x68)
syz_open_dev$sndpcmp(&(0x7f0000000180), 0x1, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0xc, 0x2, [@TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x8000}]}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002100)=@newtfilter={0x4c, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfb, {0x0, 0x0, 0x0, r5, {0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_fw={{0x7}, {0x20, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x10, 0xa}}, @TCA_FW_INDEV={0x14, 0x3, 'veth1_virt_wifi\x00'}]}}]}, 0x4c}}, 0x24040084)
getsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000180), &(0x7f00000001c0)=0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000080000de00"], 0x48)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000073013b000000000095b77dfab61f788e826493ce3ef8d0a0fee66ada5861dae372f8643bc8b106074dceda80cbb8c3271b9591c8d1799e441aafa5db0894edff2e2083d6aacc61df0e03d9d47c0d8727f6e755569064ebc0ec89f5318a99815f75"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x75af706d0e25357, 0x27, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb30f}, 0x94)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$KVM_SET_IRQCHIP(r8, 0x4020aeb2, &(0x7f0000000740)={0x0, 0x12c, @pic={0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x14}})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000100)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000005f4f7deb0008000300", @ANYRES32=r9], 0x55}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000a00)=ANY=[@ANYBLOB="aaaaaaaaaaaaf2c4a6a27b6e0800450000380000000000019078ac141425ac1414aa03019078030000004500000000000004002f0000000000006401010104006558000002006e962ead47035fbff56f1a14586e44aa94885e3bafdd52d69387121a93a82d48c88718dce4d6ac2edbf95e6f361f064780754a1b2e6cc2d9d07d254adc774bf642f923d6bb8c2762ed6dbcd25a0b1b85b6bec6e6"], 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xffffffffffffff7c, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYRESDEC=0x0], 0x1c0}, 0x1, 0x0, 0x0, 0x20000814}, 0x4008805)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

8.573514489s ago: executing program 4 (id=3540):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x22004810)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_STATX(r0, &(0x7f00000001c0)={0x130, 0x0, 0x0, {0x3b, 0x1, 0x0, '\x00', {0x8000, 0x387, 0xd06, 0x1, 0x0, 0x0, 0x2000, '\x00', 0x10f09557, 0x1, 0x4, 0x4, {0x4, 0x9}, {0x100, 0x5bc}, {0x1, 0x485}, {0x9, 0x2}, 0x3, 0xe20, 0x6, 0x8}}}, 0x130)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r2 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000280)=<r3=>0x0, &(0x7f00000005c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x4, 0x1cd83f7c25e05491, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100, 0x1, {0x3}})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)

8.059561597s ago: executing program 5 (id=3543):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
r3 = getpid()
sendmsg$AUDIT_SET(r2, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, 0x3e9, 0x400, 0x70bd29, 0x25dfdbfe, {0x4, 0x1, 0x0, r3, 0xd, 0x8, 0x8, 0xe0, 0x0, 0x8, 0xfff}, ["", "", "", "", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x8004}, 0x4000)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0xaee2, 0x0, 0x5, 0xbfdffffc}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r7=>0xffffffffffffffff})
connect$unix(r7, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004540), 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r4, 0x0, &(0x7f0000000040)='./file0\x00', 0x50, 0x183000, 0x12345})
openat$audio1(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
io_uring_enter(r4, 0x47f6, 0x40, 0x2, 0x0, 0x0)

7.907086992s ago: executing program 0 (id=3545):
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000040)={0x190, 0x258, 0x1e0, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4})
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0xb7e, 0x0)
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/185)

7.837384569s ago: executing program 4 (id=3547):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000680)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x78, 0xfffe, 0x0, 0xfd, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x19, 0x4, 0x2, 0x0, 0x932, {[@timestamp={0x8, 0xa, 0x200, 0xb}, @exp_smc={0xfe, 0x6}, @sack={0x5, 0x12, [0x5, 0x5, 0x1, 0x0]}, @mptcp=@add_addr={0x1e, 0xb, 0x0, 0xb, 0x16, @broadcast, 0x1, '&'}, @sack={0x5, 0xe, [0x5, 0x9, 0x7f]}, @md5sig={0x13, 0x12, "16ad84474dde46ec16d1a7611db5ab2a"}]}}}}}}}, 0x0)

7.297763469s ago: executing program 0 (id=3548):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0xa4e4, @remote, 0x3}, 0x1c)
sendmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000004c0)="8eef9700c4e4fa99643e9ec4bcd30d0ec0a5443c20021eaf43430b12accb", 0x1e}], 0x1}}], 0x1, 0x4010)

7.195015157s ago: executing program 4 (id=3549):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x29e9c934, 0x3, 0x0, 0x4}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB="180000001600010a00000000000000000a80"], 0x20}, 0x1, 0x0, 0x0, 0x200c0801}, 0x0)

6.967024181s ago: executing program 0 (id=3551):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000080)={0x9, 0x100, 0x3, {0x2, 0xb, 0x3, 0x411cad0}})

6.714980489s ago: executing program 4 (id=3552):
syz_open_dev$video4linux(&(0x7f0000000080), 0x200, 0x8000)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000002240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$alg(r0, 0x0, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r3, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x1)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, r6, 0x303, 0x0, 0x25dfdbfd, {0x3d}}, 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x0)
execve(0x0, 0x0, 0x0)
read$FUSE(r4, 0x0, 0x0)
sendmsg$SMC_PNETID_GET(r0, 0x0, 0x0)
r7 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$int_in(r7, 0x5452, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r7, 0xc0045516, &(0x7f0000000000)=0xffb)
fcntl$setstatus(r7, 0x4, 0x0)
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)

6.685410328s ago: executing program 0 (id=3553):
socket$kcm(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0)
syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100, 0x2, 0x4, 0x0, r0}, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x26e1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="340000003e000701fcffffff00000000017c0000040042800c00018006000600ab230000100002800c001780080001800400", @ANYRES64=r1], 0x34}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x10)

6.271791436s ago: executing program 0 (id=3556):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs(0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000480)={0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000000000004f000000000000000f33a067420f01c9"], 0x97})
ioctl$KVM_CAP_DISABLE_QUIRKS2(r2, 0x4068aea3, &(0x7f0000000000)={0xd5, 0x0, 0x43})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6.011090818s ago: executing program 2 (id=3557):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {0x1, 0x6}, {0x7}, {0x3}}}, 0x24}}, 0x0)

5.249914296s ago: executing program 1 (id=3558):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x3, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

4.503502635s ago: executing program 1 (id=3559):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000)=0x1, 0x0)
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x10b, 0x4, 0x0, &(0x7f00000000c0), 0x0)

2.364280117s ago: executing program 1 (id=3560):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010)

2.078790544s ago: executing program 2 (id=3561):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'netdevsim0\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)

1.66348168s ago: executing program 1 (id=3562):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f00000001c0)={0x880100, 0x5, 0x40000003, 0xe1db, 0x1101, 0x8100})

1.250354487s ago: executing program 1 (id=3563):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x7)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x1000000000000, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000080)={0x1, 0xfffffdfe, 0x0, 0x8, 0x8000, 0x0, 0x1, 0x0, 0x0, 0x1, 0xfffffffe, 0x1})
close(r1)

1.142412278s ago: executing program 2 (id=3564):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_HASH_LEN={0x8}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x12}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x24008080)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x107b000)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

799.567688ms ago: executing program 0 (id=3565):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

0s ago: executing program 1 (id=3566):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000280)="ca70", 0x2}], 0x1}}], 0x1, 0x4400c800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0xad3394dc192dae8b, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd)

kernel console output (not intermixed with test programs):

_create_media_entity: media entity 'dvb-demux' registered.
[ 1088.235451][T16037] 9pnet_fd: Insufficient options for proto=fd
[ 1088.630767][   T24] usb 2-1: USB disconnect, device number 34
[ 1092.061391][T16079] sctp: [Deprecated]: syz.2.2738 (pid 16079) Use of int in max_burst socket option.
[ 1092.061391][T16079] Use struct sctp_assoc_value instead
[ 1092.526943][T16082] 9pnet_fd: Insufficient options for proto=fd
[ 1092.754555][T16086] program syz.1.2741 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1092.799963][T16086] netlink: 'syz.1.2741': attribute type 4 has an invalid length.
[ 1092.808406][T16086] netlink: 'syz.1.2741': attribute type 9 has an invalid length.
[ 1092.822510][T16086] netlink: 'syz.1.2741': attribute type 10 has an invalid length.
[ 1092.830367][T16086] netlink: 'syz.1.2741': attribute type 11 has an invalid length.
[ 1092.871513][T16086] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2741'.
[ 1093.412761][T16097] netlink: 187476 bytes leftover after parsing attributes in process `syz.1.2745'.
[ 1093.424215][T16097] netlink: zone id is out of range
[ 1093.429826][T16097] netlink: zone id is out of range
[ 1093.442825][T16097] netlink: zone id is out of range
[ 1093.456123][T16097] netlink: zone id is out of range
[ 1093.461253][T16097] netlink: zone id is out of range
[ 1093.490155][T16097] netlink: zone id is out of range
[ 1093.499317][T16097] netlink: zone id is out of range
[ 1093.504778][T16097] netlink: zone id is out of range
[ 1093.510352][T16097] netlink: zone id is out of range
[ 1093.519366][T16097] netlink: zone id is out of range
[ 1093.882646][ T5995] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[ 1094.185990][ T5995] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1094.228371][ T5995] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[ 1094.252725][ T5995] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1094.304135][ T5995] usb 2-1: config 0 descriptor??
[ 1094.332623][T16108] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1094.732750][T16119] netlink: 'syz.2.2751': attribute type 10 has an invalid length.
[ 1094.781335][ T5995] video4linux radio48: keene_cmd_main failed (-71)
[ 1094.798086][ T5995] radio-keene 2-1:0.0: V4L2 device registered as radio48
[ 1094.926210][ T5995] usb 2-1: USB disconnect, device number 35
[ 1098.100444][T16156] FAULT_INJECTION: forcing a failure.
[ 1098.100444][T16156] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1098.114296][T16156] CPU: 1 UID: 0 PID: 16156 Comm: syz.1.2761 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1098.114320][T16156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1098.114332][T16156] Call Trace:
[ 1098.114340][T16156]  <TASK>
[ 1098.114347][T16156]  dump_stack_lvl+0x189/0x250
[ 1098.114375][T16156]  ? __pfx____ratelimit+0x10/0x10
[ 1098.114396][T16156]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1098.114418][T16156]  ? __pfx__printk+0x10/0x10
[ 1098.114443][T16156]  ? __might_fault+0xb0/0x130
[ 1098.114476][T16156]  should_fail_ex+0x414/0x560
[ 1098.114502][T16156]  _copy_from_user+0x2d/0xb0
[ 1098.114530][T16156]  kstrtouint_from_user+0xc4/0x170
[ 1098.114554][T16156]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1098.114595][T16156]  proc_fail_nth_write+0x88/0x240
[ 1098.114618][T16156]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1098.114649][T16156]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1098.114674][T16156]  vfs_write+0x27e/0xa90
[ 1098.114703][T16156]  ? __pfx_vfs_write+0x10/0x10
[ 1098.114724][T16156]  ? __fget_files+0x2a/0x420
[ 1098.114750][T16156]  ? __fget_files+0x3a0/0x420
[ 1098.114770][T16156]  ? __fget_files+0x2a/0x420
[ 1098.114800][T16156]  ksys_write+0x145/0x250
[ 1098.114840][T16156]  ? __pfx_ksys_write+0x10/0x10
[ 1098.114856][T16156]  ? rcu_is_watching+0x15/0xb0
[ 1098.114882][T16156]  ? do_syscall_64+0xbe/0x3b0
[ 1098.114908][T16156]  do_syscall_64+0xfa/0x3b0
[ 1098.114927][T16156]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1098.114947][T16156]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1098.114966][T16156]  ? clear_bhb_loop+0x60/0xb0
[ 1098.114990][T16156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1098.115008][T16156] RIP: 0033:0x7f308258d69f
[ 1098.115026][T16156] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1098.115041][T16156] RSP: 002b:00007f308346a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1098.115060][T16156] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f308258d69f
[ 1098.115073][T16156] RDX: 0000000000000001 RSI: 00007f308346a0a0 RDI: 0000000000000004
[ 1098.115085][T16156] RBP: 00007f308346a090 R08: 0000000000000000 R09: 0000000000000000
[ 1098.115098][T16156] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[ 1098.115109][T16156] R13: 00007f30827b6038 R14: 00007f30827b5fa0 R15: 00007ffc50da41f8
[ 1098.115140][T16156]  </TASK>
[ 1099.857246][T16166] 9pnet_fd: Insufficient options for proto=fd
[ 1102.485114][   T30] kauditd_printk_skb: 8 callbacks suppressed
[ 1102.485130][   T30] audit: type=1326 audit(1755885177.068:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16188 comm="syz.1.2768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f308258ebe9 code=0x7ffc0000
[ 1102.533679][T16199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2769'.
[ 1102.552628][T16199] netlink: 7 bytes leftover after parsing attributes in process `syz.2.2769'.
[ 1102.668427][   T30] audit: type=1326 audit(1755885177.068:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16188 comm="syz.1.2768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f308258ebe9 code=0x7ffc0000
[ 1102.854319][   T30] audit: type=1326 audit(1755885177.068:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16188 comm="syz.1.2768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f308258ebe9 code=0x7ffc0000
[ 1102.915520][T16192] net_ratelimit: 12 callbacks suppressed
[ 1102.915535][T16192] sctp: failed to load transform for md5: -2
[ 1102.999592][   T30] audit: type=1326 audit(1755885177.068:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16188 comm="syz.1.2768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f308258ebe9 code=0x7ffc0000
[ 1103.095442][   T30] audit: type=1326 audit(1755885177.068:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16188 comm="syz.1.2768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f308258ebe9 code=0x7ffc0000
[ 1103.207601][   T30] audit: type=1326 audit(1755885177.068:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16188 comm="syz.1.2768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f308258ebe9 code=0x7ffc0000
[ 1103.325980][   T30] audit: type=1326 audit(1755885177.068:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16188 comm="syz.1.2768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f308258ebe9 code=0x7ffc0000
[ 1103.380791][   T30] audit: type=1326 audit(1755885177.068:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16188 comm="syz.1.2768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f308258ebe9 code=0x7ffc0000
[ 1103.406753][   T30] audit: type=1326 audit(1755885177.068:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16188 comm="syz.1.2768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f308258ebe9 code=0x7ffc0000
[ 1103.460231][   T30] audit: type=1326 audit(1755885177.068:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16188 comm="syz.1.2768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f308258ebe9 code=0x7ffc0000
[ 1104.725585][T16221] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2777'.
[ 1105.119655][T16231] afs: Unknown parameter 'ÿÿÿÿ
'
[ 1105.142494][T10845] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1105.314154][T10845] usb 3-1: Using ep0 maxpacket: 8
[ 1105.345120][T10845] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1105.395844][T10845] usb 3-1: config 4 interface 0 has no altsetting 0
[ 1105.682344][T10845] usb 3-1: string descriptor 0 read error: -22
[ 1105.728240][T10845] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1105.787347][T10845] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[ 1106.254520][T10845] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1106.293560][T10845] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1106.320810][T10845] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1106.328858][T10845] usb 3-1: media controller created
[ 1106.454475][T10845] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1107.243354][T10845] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1107.546286][T10845] usb 3-1: USB disconnect, device number 35
[ 1109.713648][T16266] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2792'.
[ 1110.273506][ T5854] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1110.286017][ T5854] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1110.294874][ T5854] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1110.304732][ T5854] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1110.321012][ T5854] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1110.412158][T16274] lo speed is unknown, defaulting to 1000
[ 1110.419798][T16274] lo speed is unknown, defaulting to 1000
[ 1111.062052][T16280] trusted_key: syz.4.2797 sent an empty control message without MSG_MORE.
[ 1111.216127][T16274] chnl_net:caif_netlink_parms(): no params data found
[ 1112.346524][T16274] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1112.354545][T16274] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1112.361884][T16274] bridge_slave_0: entered allmulticast mode
[ 1112.362545][ T5854] Bluetooth: hci5: command tx timeout
[ 1112.370337][T16274] bridge_slave_0: entered promiscuous mode
[ 1112.386216][T16274] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1112.394259][T16274] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1112.401720][T16274] bridge_slave_1: entered allmulticast mode
[ 1112.410932][T16274] bridge_slave_1: entered promiscuous mode
[ 1112.462051][T16274] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1112.476449][T16274] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1112.536997][T16274] team0: Port device team_slave_0 added
[ 1112.548856][T16274] team0: Port device team_slave_1 added
[ 1112.585608][   T92] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[ 1112.603890][T16274] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1112.611281][T16274] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1112.641399][T16274] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1112.859015][   T92] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1112.877863][   T92] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1112.979525][   T92] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1113.188904][   T92] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1113.205904][T16274] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1113.212970][T16274] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1113.239085][T16274] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1113.359999][   T92] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1113.374541][   T92] usb 2-1: config 0 descriptor??
[ 1114.389400][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[ 1114.402641][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[ 1114.425793][   T92] usbhid 2-1:0.0: can't add hid device: -32
[ 1114.443409][ T5854] Bluetooth: hci5: command tx timeout
[ 1114.487397][   T92] usbhid 2-1:0.0: probe with driver usbhid failed with error -32
[ 1114.514011][T16274] hsr_slave_0: entered promiscuous mode
[ 1114.569598][T16274] hsr_slave_1: entered promiscuous mode
[ 1114.593191][   T92] usb 2-1: USB disconnect, device number 36
[ 1114.625227][T16274] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1114.679693][T16274] Cannot create hsr debugfs directory
[ 1115.517933][T16334] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2809'.
[ 1115.527803][T16334] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1116.091450][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.098227][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.210225][T16341] FAULT_INJECTION: forcing a failure.
[ 1116.210225][T16341] name failslab, interval 1, probability 0, space 0, times 0
[ 1116.223974][T16341] CPU: 0 UID: 0 PID: 16341 Comm: syz.2.2810 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1116.223998][T16341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1116.224011][T16341] Call Trace:
[ 1116.224018][T16341]  <TASK>
[ 1116.224026][T16341]  dump_stack_lvl+0x189/0x250
[ 1116.224053][T16341]  ? __pfx____ratelimit+0x10/0x10
[ 1116.224074][T16341]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1116.224095][T16341]  ? __pfx__printk+0x10/0x10
[ 1116.224126][T16341]  ? __pfx___might_resched+0x10/0x10
[ 1116.224152][T16341]  should_fail_ex+0x414/0x560
[ 1116.224178][T16341]  should_failslab+0xa8/0x100
[ 1116.224201][T16341]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1116.224222][T16341]  ? __alloc_skb+0x112/0x2d0
[ 1116.224253][T16341]  __alloc_skb+0x112/0x2d0
[ 1116.224284][T16341]  netlink_sendmsg+0x5c6/0xb30
[ 1116.224321][T16341]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1116.224365][T16341]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1116.224393][T16341]  __sock_sendmsg+0x21c/0x270
[ 1116.224419][T16341]  ____sys_sendmsg+0x505/0x830
[ 1116.224455][T16341]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1116.224493][T16341]  ? import_iovec+0x74/0xa0
[ 1116.224524][T16341]  ___sys_sendmsg+0x21f/0x2a0
[ 1116.224556][T16341]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1116.224624][T16341]  ? __fget_files+0x2a/0x420
[ 1116.224645][T16341]  ? __fget_files+0x3a0/0x420
[ 1116.224678][T16341]  __x64_sys_sendmsg+0x19b/0x260
[ 1116.224705][T16341]  ? schedule+0x165/0x360
[ 1116.224725][T16341]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1116.224774][T16341]  ? do_syscall_64+0xbe/0x3b0
[ 1116.224800][T16341]  do_syscall_64+0xfa/0x3b0
[ 1116.224822][T16341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1116.224840][T16341]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1116.224859][T16341]  ? clear_bhb_loop+0x60/0xb0
[ 1116.224883][T16341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1116.224901][T16341] RIP: 0033:0x7f14f098ebe9
[ 1116.224918][T16341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1116.224936][T16341] RSP: 002b:00007f14f1716038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1116.224956][T16341] RAX: ffffffffffffffda RBX: 00007f14f0bb6180 RCX: 00007f14f098ebe9
[ 1116.224971][T16341] RDX: 0000000000008004 RSI: 0000200000000000 RDI: 0000000000000008
[ 1116.224984][T16341] RBP: 00007f14f1716090 R08: 0000000000000000 R09: 0000000000000000
[ 1116.224996][T16341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1116.225007][T16341] R13: 00007f14f0bb6218 R14: 00007f14f0bb6180 R15: 00007fff7c880588
[ 1116.225039][T16341]  </TASK>
[ 1116.524195][ T5854] Bluetooth: hci5: command tx timeout
[ 1117.610128][T16355] netlink: 165 bytes leftover after parsing attributes in process `syz.2.2814'.
[ 1117.743561][T16356] Bluetooth: hci0: invalid length 0, exp 2 for type 18
[ 1117.939290][T16274] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1117.974728][T16274] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1118.002176][T16274] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1118.031507][T16274] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1118.523269][T16274] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1118.603601][ T5854] Bluetooth: hci5: command tx timeout
[ 1118.611726][T16274] 8021q: adding VLAN 0 to HW filter on device team0
[ 1118.698741][ T2980] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1118.706098][ T2980] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1118.745944][ T7283] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1118.753185][ T7283] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1118.938452][T16385] Illegal XDP return value 4294967294 on prog  (id 588) dev N/A, expect packet loss!
[ 1119.191418][T16387] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1119.231013][T16387] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1119.277279][T16384] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2821'.
[ 1119.442027][T16274] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1120.042933][T16406] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2826'.
[ 1120.588829][T16401] syzkaller1: entered promiscuous mode
[ 1120.594582][T16401] syzkaller1: entered allmulticast mode
[ 1121.415372][T16274] veth0_vlan: entered promiscuous mode
[ 1121.431230][T16274] veth1_vlan: entered promiscuous mode
[ 1121.469785][T16274] veth0_macvtap: entered promiscuous mode
[ 1121.481527][T16274] veth1_macvtap: entered promiscuous mode
[ 1121.717727][T16274] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1121.749334][T16274] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1121.761441][T16274] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1121.771964][T16274] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1121.780757][T16274] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1121.790646][T16274] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1121.992480][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1122.018449][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1122.036265][T16428] af_packet: tpacket_rcv: packet too big, clamped from 328 to 4294967272. macoff=96
[ 1122.056825][T16428] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2831'.
[ 1122.110709][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1122.126980][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1122.280901][T16431] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1122.288659][T16431] IPv6: NLM_F_CREATE should be set when creating new route
[ 1122.301816][T16431] lo: entered allmulticast mode
[ 1122.318412][T16431] tunl0: entered allmulticast mode
[ 1122.344396][T16431] gre0: entered allmulticast mode
[ 1122.411238][T16431] gretap0: entered allmulticast mode
[ 1122.506037][T16431] erspan0: entered allmulticast mode
[ 1122.518716][T16431] ip_vti0: entered allmulticast mode
[ 1122.558922][T16431] ip6_vti0: entered allmulticast mode
[ 1122.598961][T16442] netlink: 165 bytes leftover after parsing attributes in process `syz.4.2834'.
[ 1122.622380][   T92] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1122.650635][T16431] sit0: entered allmulticast mode
[ 1122.674564][T16431] ip6tnl0: entered allmulticast mode
[ 1122.689511][T16431] ip6gre0: entered allmulticast mode
[ 1122.701091][T16431] syz_tun: entered allmulticast mode
[ 1122.722474][T16431] ip6gretap0: entered allmulticast mode
[ 1122.743918][T16431] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1122.751118][T16431] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1122.761322][T16431] bridge0: entered allmulticast mode
[ 1122.783125][   T92] usb 6-1: Using ep0 maxpacket: 16
[ 1122.791094][   T92] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1122.802720][   T92] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1122.818432][   T92] usb 6-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00
[ 1122.828853][   T92] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1122.838841][T12989] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[ 1122.856828][   T92] usb 6-1: config 0 descriptor??
[ 1122.862668][T16431] bond0: entered allmulticast mode
[ 1122.870241][T16431] bond_slave_0: entered allmulticast mode
[ 1122.902124][T16431] bond_slave_1: entered allmulticast mode
[ 1122.931857][T16431] batadv0: entered allmulticast mode
[ 1122.951523][T16431] team0: entered allmulticast mode
[ 1122.957669][T16431] team_slave_0: entered allmulticast mode
[ 1122.964868][T16431] team_slave_1: entered allmulticast mode
[ 1122.977994][T16431] !
: entered allmulticast mode
[ 1122.997632][T16431] nlmon0: entered allmulticast mode
[ 1123.087383][T16447] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.2836'.
[ 1123.135265][T16431] caif0: entered allmulticast mode
[ 1123.151908][T16431] vxcan0: entered allmulticast mode
[ 1123.152342][T12989] usb 2-1: Using ep0 maxpacket: 8
[ 1123.559715][T12989] usb 2-1: config 162 has an invalid interface number: 197 but max is 0
[ 1123.572902][T12989] usb 2-1: config 162 has no interface number 0
[ 1123.585756][T16431] vxcan1: entered allmulticast mode
[ 1123.589627][T12989] usb 2-1: config 162 interface 197 has no altsetting 0
[ 1123.610537][T16431] veth0: entered allmulticast mode
[ 1123.631684][T12989] usb 2-1: New USB device found, idVendor=0c10, idProduct=0000, bcdDevice=95.a7
[ 1123.642723][T12989] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1123.657023][T12989] usb 2-1: Product: syz
[ 1123.661270][T12989] usb 2-1: Manufacturer: syz
[ 1123.672552][T12989] usb 2-1: SerialNumber: syz
[ 1123.675867][T16431] veth1: entered allmulticast mode
[ 1123.721465][T16431] wg0: entered allmulticast mode
[ 1123.753335][T16431] wg1: entered allmulticast mode
[ 1123.791173][T16431] wg2: entered allmulticast mode
[ 1123.804202][   T92] waltop 0003:172F:0034.0009: item fetching failed at offset 0/2
[ 1123.873180][T16431] veth0_to_bridge: entered allmulticast mode
[ 1123.900605][T12989] usb 2-1: USB disconnect, device number 37
[ 1123.908999][   T92] waltop 0003:172F:0034.0009: probe with driver waltop failed with error -22
[ 1123.923360][T16431] veth1_to_bridge: entered allmulticast mode
[ 1123.966798][T16431] veth0_to_bond: entered allmulticast mode
[ 1124.011847][   T92] usb 6-1: USB disconnect, device number 2
[ 1124.024766][T16431] veth1_to_bond: entered allmulticast mode
[ 1124.048987][T16431] veth0_to_team: entered allmulticast mode
[ 1124.069270][T16431] veth1_to_team: entered allmulticast mode
[ 1124.094920][T16431] veth0_to_batadv: entered allmulticast mode
[ 1124.111149][T16431] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1124.119962][T16431] batadv_slave_0: entered allmulticast mode
[ 1124.131669][T16431] veth1_to_batadv: entered allmulticast mode
[ 1124.144212][T16431] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1124.163897][T16431] batadv_slave_1: entered allmulticast mode
[ 1124.211399][T16431] xfrm0: entered allmulticast mode
[ 1124.226830][T16431] veth0_to_hsr: entered allmulticast mode
[ 1124.235456][T16431] hsr_slave_0: entered allmulticast mode
[ 1124.250188][T16431] veth1_to_hsr: entered allmulticast mode
[ 1124.280764][T16431] hsr_slave_1: entered allmulticast mode
[ 1124.303947][T16431] hsr0: entered allmulticast mode
[ 1124.323652][T16431] veth1_virt_wifi: entered allmulticast mode
[ 1124.351833][T16431] veth0_virt_wifi: entered allmulticast mode
[ 1124.371833][T16431] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[ 1124.381713][T16431] veth1_vlan: entered allmulticast mode
[ 1124.420002][T16431] veth0_vlan: entered allmulticast mode
[ 1124.440778][T16431] vlan1: entered allmulticast mode
[ 1124.468637][T16431] macvlan1: entered allmulticast mode
[ 1124.498979][T16431] ipvlan0: entered allmulticast mode
[ 1124.512731][T16431] ipvlan1: entered allmulticast mode
[ 1124.519071][T16431] veth1_macvtap: entered allmulticast mode
[ 1124.648517][T16431] veth0_macvtap: entered allmulticast mode
[ 1124.794336][T16431] macvtap0: entered allmulticast mode
[ 1124.829424][T16431] macsec0: entered allmulticast mode
[ 1124.893957][T16431] geneve0: entered allmulticast mode
[ 1124.939943][T16431] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1124.952076][T16431] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1124.961803][T16431] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1124.975813][T16431] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1125.132656][T16431] geneve1: entered allmulticast mode
[ 1125.448599][T16475] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.2847'.
[ 1125.700704][T16476] binder: 16467:16476 ioctl 4018620d 0 returned -22
[ 1125.880304][T16431] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[ 1125.920750][T16431] netdevsim netdevsim2 netdevsim1: entered allmulticast mode
[ 1125.966270][T16431] netdevsim netdevsim2 netdevsim2: entered allmulticast mode
[ 1126.023445][T16431] netdevsim netdevsim2 netdevsim3: entered allmulticast mode
[ 1126.104449][T16431] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[ 1126.161141][T16431] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[ 1126.187676][T16431] batadv0.5: entered allmulticast mode
[ 1126.216977][T16431] syztnl0: entered allmulticast mode
[ 1126.241133][T16431] bridge1: entered allmulticast mode
[ 1126.267551][T16431] bridge2: entered allmulticast mode
[ 1126.418549][T16491] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2851'.
[ 1126.473330][T16492] netlink: 165 bytes leftover after parsing attributes in process `syz.0.2850'.
[ 1126.962748][T16496] batman_adv: batadv0: Adding interface: macsec1
[ 1127.001966][T16496] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1127.050057][T16496] batman_adv: batadv0: Interface activated: macsec1
[ 1131.312514][T16541] tipc: Started in network mode
[ 1131.317525][T16541] tipc: Node identity 4, cluster identity 4711
[ 1131.324801][T16541] tipc: Node number set to 4
[ 1131.685020][T16544] input: syz1 as /devices/virtual/input/input15
[ 1134.983609][T16565] syzkaller1: entered promiscuous mode
[ 1134.989217][T16565] syzkaller1: entered allmulticast mode
[ 1135.573013][T16574] netlink: 'syz.0.2873': attribute type 10 has an invalid length.
[ 1135.616756][T16574] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1135.661938][T16574] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1140.226048][T16625] fuse: Bad value for 'group_id'
[ 1140.232236][T16625] fuse: Bad value for 'group_id'
[ 1140.312562][ T5961] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[ 1140.474756][ T5961] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1140.486549][ T5961] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1140.496239][ T5961] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1140.523261][ T5961] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1140.548005][ T5961] usb 6-1: config 0 descriptor??
[ 1140.566013][ T5961] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1140.578128][ T5961] dvb-usb: bulk message failed: -22 (3/0)
[ 1140.612734][ T5961] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1140.643418][ T5961] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1140.650531][ T5961] usb 6-1: media controller created
[ 1140.677015][ T5961] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1140.879294][T16623] dibusb: i2c wr: len=61 is too big!
[ 1140.879294][T16623] 
[ 1140.894875][T16636] dibusb: i2c wr: len=61 is too big!
[ 1140.894875][T16636] 
[ 1140.935346][T16623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1140.958136][ T5961] dvb-usb: bulk message failed: -22 (6/0)
[ 1141.234298][ T5961] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1141.242949][T16623] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1141.329756][ T5961] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input16
[ 1141.393212][ T5961] dvb-usb: schedule remote query interval to 150 msecs.
[ 1141.418434][ T5961] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1141.575205][T16425] dvb-usb: bulk message failed: -22 (1/0)
[ 1141.581344][T16425] dvb-usb: error while querying for an remote control event.
[ 1142.092802][T16631] 9pnet_fd: Insufficient options for proto=fd
[ 1142.446328][ T5961] usb 6-1: USB disconnect, device number 3
[ 1142.601687][ T5961] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1142.790739][T16657] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2893'.
[ 1142.992694][   T30] kauditd_printk_skb: 8 callbacks suppressed
[ 1142.992713][   T30] audit: type=1326 audit(1755885217.588:1246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16654 comm="syz.2.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14f098ebe9 code=0x7ffc0000
[ 1143.041816][   T30] audit: type=1326 audit(1755885217.588:1247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16654 comm="syz.2.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f14f098ebe9 code=0x7ffc0000
[ 1143.080746][   T30] audit: type=1326 audit(1755885217.588:1248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16654 comm="syz.2.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14f098ebe9 code=0x7ffc0000
[ 1143.136586][   T30] audit: type=1326 audit(1755885217.588:1249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16654 comm="syz.2.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f14f098ebe9 code=0x7ffc0000
[ 1143.160942][   T30] audit: type=1326 audit(1755885217.588:1250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16654 comm="syz.2.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14f098ebe9 code=0x7ffc0000
[ 1143.240013][T16672] IPVS: set_ctl: invalid protocol: 8 255.255.255.255:20001
[ 1143.278579][   T30] audit: type=1326 audit(1755885217.588:1251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16654 comm="syz.2.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f14f098ebe9 code=0x7ffc0000
[ 1143.326434][   T30] audit: type=1326 audit(1755885217.598:1252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16654 comm="syz.2.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14f098ebe9 code=0x7ffc0000
[ 1143.352745][   T30] audit: type=1326 audit(1755885217.598:1253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16654 comm="syz.2.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f14f098ebe9 code=0x7ffc0000
[ 1143.376174][   T30] audit: type=1326 audit(1755885217.598:1254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16654 comm="syz.2.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14f098ebe9 code=0x7ffc0000
[ 1143.398710][   T30] audit: type=1326 audit(1755885217.598:1255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16654 comm="syz.2.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14f098ebe9 code=0x7ffc0000
[ 1143.561417][T16677] netlink: 'syz.5.2898': attribute type 1 has an invalid length.
[ 1144.983759][T16696] netlink: 128 bytes leftover after parsing attributes in process `syz.5.2902'.
[ 1145.129870][ T5961] IPVS: starting estimator thread 0...
[ 1145.372461][T16701] IPVS: using max 49 ests per chain, 117600 per kthread
[ 1145.804026][T16713] fanotify: failed to encode fid (type=0, len=0, err=-2)
[ 1145.815896][T16713] fanotify: failed to encode fid (type=0, len=0, err=-2)
[ 1147.644182][T16738] IPv6: sit1: Disabled Multicast RS
[ 1147.667079][T16738] sit1: entered allmulticast mode
[ 1148.530691][   T13] nci: nci_add_new_protocol: the target found does not have the desired protocol
[ 1149.929298][T16764] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2919'.
[ 1149.939816][T16764] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2919'.
[ 1150.302486][T16426] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[ 1150.497374][T16426] usb 2-1: config 0 has an invalid descriptor of length 129, skipping remainder of the config
[ 1150.543232][T16426] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1150.588474][T16426] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[ 1150.648292][T16426] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1150.891014][T16426] usb 2-1: config 0 descriptor??
[ 1150.911158][T16426] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 1150.948857][T16778] 9pnet_fd: Insufficient options for proto=fd
[ 1152.244100][   T30] kauditd_printk_skb: 18 callbacks suppressed
[ 1152.244129][   T30] audit: type=1326 audit(1755885226.888:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16772 comm="syz.5.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1152.670214][   T30] audit: type=1326 audit(1755885226.888:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16772 comm="syz.5.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1153.248501][T16775] pim6reg: entered allmulticast mode
[ 1153.299665][   T30] audit: type=1326 audit(1755885227.868:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16772 comm="syz.5.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1153.322180][   T30] audit: type=1326 audit(1755885227.868:1277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16772 comm="syz.5.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1153.347525][   T30] audit: type=1326 audit(1755885227.868:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16772 comm="syz.5.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1153.457067][   T30] audit: type=1326 audit(1755885227.868:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16772 comm="syz.5.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1153.557259][   T30] audit: type=1326 audit(1755885227.868:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16772 comm="syz.5.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1153.620795][   T30] audit: type=1326 audit(1755885227.868:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16772 comm="syz.5.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1153.697376][   T30] audit: type=1326 audit(1755885227.878:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16772 comm="syz.5.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1153.786480][   T30] audit: type=1326 audit(1755885227.878:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16772 comm="syz.5.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1155.683871][ T5995] usb 2-1: USB disconnect, device number 38
[ 1158.608451][T16845] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[ 1159.082477][ T5995] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[ 1159.274563][ T5995] usb 2-1: device descriptor read/64, error -71
[ 1159.512396][ T5995] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[ 1159.611936][T16871] netlink: 'syz.0.2945': attribute type 10 has an invalid length.
[ 1159.671217][ T5995] usb 2-1: device descriptor read/64, error -71
[ 1159.802919][ T5995] usb usb2-port1: attempt power cycle
[ 1160.172532][ T5995] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[ 1160.233027][ T5995] usb 2-1: device descriptor read/8, error -71
[ 1160.472727][ T5995] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[ 1160.535286][ T5995] usb 2-1: device descriptor read/8, error -71
[ 1160.612627][ T5854] Bluetooth: hci1: command 0x0406 tx timeout
[ 1160.619033][T16848] Bluetooth: hci1: Opcode 0x0401 failed: -110
[ 1160.686249][ T5995] usb usb2-port1: unable to enumerate USB device
[ 1162.562755][T16902] netlink: 'syz.1.2952': attribute type 10 has an invalid length.
[ 1165.332469][ T5961] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[ 1165.605062][T16929] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1166.122933][ T5961] usb 5-1: Using ep0 maxpacket: 32
[ 1166.141218][ T5961] usb 5-1: config 0 has an invalid interface number: 106 but max is 0
[ 1166.152464][ T5961] usb 5-1: config 0 has no interface number 0
[ 1166.162414][ T5961] usb 5-1: config 0 interface 106 has no altsetting 0
[ 1166.182036][ T5961] usb 5-1: New USB device found, idVendor=0421, idProduct=6901, bcdDevice=2d.1d
[ 1166.202390][ T5961] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.221398][ T5961] usb 5-1: Product: syz
[ 1166.252512][ T5961] usb 5-1: Manufacturer: syz
[ 1166.257210][ T5961] usb 5-1: SerialNumber: syz
[ 1166.287105][ T5961] usb 5-1: config 0 descriptor??
[ 1166.303748][ T5961] cdc_phonet 5-1:0.106: probe with driver cdc_phonet failed with error -22
[ 1169.176688][T16426] usb 5-1: USB disconnect, device number 27
[ 1169.278831][T16952] netlink: 'syz.1.2966': attribute type 10 has an invalid length.
[ 1169.901144][T16958] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input17
[ 1170.229284][T16967] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1171.333113][T16967] bond0: (slave rose0): Enslaving as an active interface with an up link
[ 1174.066206][T17009] TCP: TCP_TX_DELAY enabled
[ 1174.356434][T14444] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1174.474129][T14444] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1174.489483][T14444] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1174.503050][T14444] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1174.510943][T14444] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1174.791339][   T30] kauditd_printk_skb: 11 callbacks suppressed
[ 1174.791355][   T30] audit: type=1326 audit(1755885249.428:1295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17010 comm="syz.5.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1174.848700][   T30] audit: type=1326 audit(1755885249.488:1296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17010 comm="syz.5.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1174.890251][T17020] lo speed is unknown, defaulting to 1000
[ 1174.939026][   T30] audit: type=1326 audit(1755885249.518:1297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17010 comm="syz.5.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1174.961475][   T30] audit: type=1326 audit(1755885249.518:1298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17010 comm="syz.5.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1175.056698][   T30] audit: type=1326 audit(1755885249.518:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17010 comm="syz.5.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1175.080429][ T5995] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 1175.151609][   T30] audit: type=1326 audit(1755885249.518:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17010 comm="syz.5.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1175.287031][ T5995] usb 3-1: Using ep0 maxpacket: 16
[ 1175.295295][   T30] audit: type=1326 audit(1755885249.548:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17010 comm="syz.5.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1175.303927][T17020] lo speed is unknown, defaulting to 1000
[ 1175.362987][ T5995] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1175.385677][ T5995] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1175.406108][   T30] audit: type=1326 audit(1755885249.568:1302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17010 comm="syz.5.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1175.435267][ T5995] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1175.472620][ T5995] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1175.501798][   T30] audit: type=1326 audit(1755885249.568:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17010 comm="syz.5.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1175.542493][ T5995] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.604374][ T5995] usb 3-1: config 0 descriptor??
[ 1175.609619][   T30] audit: type=1326 audit(1755885249.568:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17010 comm="syz.5.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1175.893942][T17046] 9pnet_fd: Insufficient options for proto=fd
[ 1176.260791][T17032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1176.324586][T17032] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1176.398853][ T5995] usbhid 3-1:0.0: can't add hid device: -71
[ 1176.411371][ T5995] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1176.464759][ T5995] usb 3-1: USB disconnect, device number 36
[ 1176.941310][ T5854] Bluetooth: hci6: command tx timeout
[ 1177.448535][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.457000][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.582683][T17020] chnl_net:caif_netlink_parms(): no params data found
[ 1178.953309][T17092] netlink: 165 bytes leftover after parsing attributes in process `syz.2.2993'.
[ 1179.066941][ T5854] Bluetooth: hci6: command tx timeout
[ 1179.565889][T17020] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1179.603158][T17020] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1179.623215][T17020] bridge_slave_0: entered allmulticast mode
[ 1179.750416][T17020] bridge_slave_0: entered promiscuous mode
[ 1179.781265][T17020] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1179.812532][T17020] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1179.846745][T17020] bridge_slave_1: entered allmulticast mode
[ 1179.875975][T17020] bridge_slave_1: entered promiscuous mode
[ 1179.903672][ T2943] bridge_slave_1: left promiscuous mode
[ 1180.003084][ T2943] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1180.903749][ T2943] bridge_slave_0: left promiscuous mode
[ 1180.909673][ T2943] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1181.082634][ T5854] Bluetooth: hci6: command tx timeout
[ 1181.412066][T17130] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3002'.
[ 1182.663610][T17140] netlink: 165 bytes leftover after parsing attributes in process `syz.2.3004'.
[ 1182.794308][ T2943] batman_adv: batadv0: Interface deactivated: macsec1
[ 1182.952256][ T2943] batman_adv: batadv0: Removing interface: macsec1
[ 1183.175153][ T5854] Bluetooth: hci6: command tx timeout
[ 1183.340023][T17146] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3007'.
[ 1183.488935][ T2943] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1183.500004][ T2943] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1183.515643][ T2943] bond0 (unregistering): (slave dummy0): Releasing backup interface
[ 1183.528607][ T2943] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1183.539188][ T2943] bond0 (unregistering): Released all slaves
[ 1183.801872][T17154] netlink: 'syz.5.3009': attribute type 10 has an invalid length.
[ 1184.228792][T17154] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1184.375285][T17154] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1184.391725][T17020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1184.411073][ T2943] tipc: Left network mode
[ 1185.021604][T17020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1185.222710][ T5961] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[ 1185.297437][T17020] team0: Port device team_slave_0 added
[ 1185.346986][T17020] team0: Port device team_slave_1 added
[ 1185.788215][ T5961] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[ 1185.826287][ T5961] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1185.859823][T17171] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[ 1185.860979][ T5961] usb 3-1: Product: syz
[ 1185.890552][ T5961] usb 3-1: Manufacturer: syz
[ 1185.902357][ T5961] usb 3-1: SerialNumber: syz
[ 1185.935886][ T5961] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1186.212234][ T5961] r8152-cfgselector 3-1: config 0 descriptor??
[ 1186.755741][T17020] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1186.810399][T17020] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1186.895286][T17020] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1186.939094][ T5961] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1186.975590][T17020] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1186.983031][T17020] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1187.010973][T17020] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1187.031316][ T5961] r8152-cfgselector 3-1: bad CDC descriptors
[ 1187.119140][ T5961] r8152-cfgselector 3-1: USB disconnect, device number 38
[ 1187.580566][T17020] hsr_slave_0: entered promiscuous mode
[ 1187.588944][T17020] hsr_slave_1: entered promiscuous mode
[ 1187.595822][T17020] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1187.603708][T17020] Cannot create hsr debugfs directory
[ 1187.896841][T17212] RDS: rds_bind could not find a transport for ::4000:0:20:0, load rds_tcp or rds_rdma?
[ 1188.585495][T17224] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3023'.
[ 1190.093615][T17241] netlink: 165 bytes leftover after parsing attributes in process `syz.0.3026'.
[ 1190.866024][T17248] netlink: 'syz.0.3029': attribute type 5 has an invalid length.
[ 1191.444451][T17248] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3029'.
[ 1191.614099][T17253] 9pnet_fd: Insufficient options for proto=fd
[ 1193.179175][T17279] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3038'.
[ 1195.292895][   T30] kauditd_printk_skb: 2 callbacks suppressed
[ 1195.292940][   T30] audit: type=1326 audit(1755885269.878:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17286 comm="syz.5.3039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1195.328138][   T30] audit: type=1326 audit(1755885269.878:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17286 comm="syz.5.3039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1195.330152][T17301] netlink: 165 bytes leftover after parsing attributes in process `syz.2.3040'.
[ 1195.822524][ T2943] hsr_slave_0: left promiscuous mode
[ 1195.830931][   T30] audit: type=1326 audit(1755885269.888:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17286 comm="syz.5.3039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1195.890995][ T2943] hsr_slave_1: left promiscuous mode
[ 1195.897415][ T2943] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1195.985568][ T2943] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1196.112494][   T30] audit: type=1326 audit(1755885269.888:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17286 comm="syz.5.3039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1196.171171][   T30] audit: type=1326 audit(1755885269.888:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17286 comm="syz.5.3039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1196.896691][ T2943] batman_adv: batadv0: Interface deactivated: virt_wifi0
[ 1196.918930][   T30] audit: type=1326 audit(1755885269.888:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17286 comm="syz.5.3039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1196.952575][   T30] audit: type=1326 audit(1755885269.888:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17286 comm="syz.5.3039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1196.974949][ T2943] batman_adv: batadv0: Removing interface: virt_wifi0
[ 1196.984750][   T30] audit: type=1326 audit(1755885269.888:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17286 comm="syz.5.3039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1197.209187][   T30] audit: type=1326 audit(1755885269.888:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17286 comm="syz.5.3039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1197.351557][   T30] audit: type=1326 audit(1755885269.888:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17286 comm="syz.5.3039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17e418ebe9 code=0x7ffc0000
[ 1198.784344][ T2943] team0 (unregistering): Port device team_slave_1 removed
[ 1198.845961][ T2943] team0 (unregistering): Port device team_slave_0 removed
[ 1200.011936][T17346] vxcan0: tx drop: invalid da for name 0x0000040000000000
[ 1200.913559][T17020] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1201.019854][T17020] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1201.528780][T17020] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1203.083391][T17020] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1203.220957][ T2943] IPVS: stop unused estimator thread 0...
[ 1204.349783][T17020] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1204.393510][T17020] 8021q: adding VLAN 0 to HW filter on device team0
[ 1204.494928][ T2980] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1204.502417][ T2980] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1204.638663][ T2980] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1204.646055][ T2980] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1206.919861][T17020] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1207.130755][T17020] veth0_vlan: entered promiscuous mode
[ 1207.178547][T17020] veth1_vlan: entered promiscuous mode
[ 1208.068846][T17020] veth0_macvtap: entered promiscuous mode
[ 1208.168185][T17020] veth1_macvtap: entered promiscuous mode
[ 1208.241011][T17020] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1208.756014][T17020] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1208.882515][T17020] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1208.916531][T17020] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1208.948008][T17020] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1208.975101][T17020] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1210.933309][ T2943] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1210.941299][ T2943] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1211.881809][T17476] program syz.5.3071 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1211.896884][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1211.916715][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1213.302382][   T92] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[ 1213.656944][   T92] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1213.781720][   T92] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1213.959728][   T92] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1213.993770][   T92] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1214.002086][   T92] usb 2-1: Manufacturer: syz
[ 1214.078916][T17495] FAULT_INJECTION: forcing a failure.
[ 1214.078916][T17495] name failslab, interval 1, probability 0, space 0, times 0
[ 1214.091997][T17495] CPU: 0 UID: 0 PID: 17495 Comm: syz.5.3078 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1214.092104][T17495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1214.092112][T17495] Call Trace:
[ 1214.092121][T17495]  <TASK>
[ 1214.092128][T17495]  dump_stack_lvl+0x189/0x250
[ 1214.092147][T17495]  ? __pfx____ratelimit+0x10/0x10
[ 1214.092159][T17495]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1214.092171][T17495]  ? __pfx__printk+0x10/0x10
[ 1214.092187][T17495]  ? __pfx___might_resched+0x10/0x10
[ 1214.092199][T17495]  ? fs_reclaim_acquire+0x7d/0x100
[ 1214.092215][T17495]  should_fail_ex+0x414/0x560
[ 1214.092230][T17495]  should_failslab+0xa8/0x100
[ 1214.092243][T17495]  __kmalloc_noprof+0xcb/0x4f0
[ 1214.092253][T17495]  ? kfree+0x4d/0x440
[ 1214.092276][T17495]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1214.092301][T17495]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1214.092336][T17495]  tomoyo_check_open_permission+0x1c1/0x3b0
[ 1214.092354][T17495]  ? tomoyo_check_open_permission+0x16a/0x3b0
[ 1214.092371][T17495]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[ 1214.092421][T17495]  ? mnt_get_write_access+0x68/0x2a0
[ 1214.092446][T17495]  ? tomoyo_file_open+0x166/0x220
[ 1214.092481][T17495]  security_file_open+0xb1/0x270
[ 1214.092502][T17495]  do_dentry_open+0x35e/0x1970
[ 1214.092534][T17495]  vfs_open+0x3b/0x340
[ 1214.092547][T17495]  ? path_openat+0x2ecd/0x3830
[ 1214.092563][T17495]  path_openat+0x2ee5/0x3830
[ 1214.092590][T17495]  ? preempt_schedule_irq+0xb5/0x150
[ 1214.092611][T17495]  ? __pfx_path_openat+0x10/0x10
[ 1214.092637][T17495]  do_filp_open+0x1fa/0x410
[ 1214.092651][T17495]  ? __lock_acquire+0xab9/0xd20
[ 1214.092663][T17495]  ? __pfx_do_filp_open+0x10/0x10
[ 1214.092690][T17495]  ? _raw_spin_unlock+0x28/0x50
[ 1214.092705][T17495]  ? alloc_fd+0x64c/0x6c0
[ 1214.092722][T17495]  do_sys_openat2+0x121/0x1c0
[ 1214.092738][T17495]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1214.092750][T17495]  ? irqentry_exit+0x74/0x90
[ 1214.092768][T17495]  __x64_sys_openat+0x138/0x170
[ 1214.092785][T17495]  do_syscall_64+0xfa/0x3b0
[ 1214.092798][T17495]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1214.092808][T17495]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1214.092818][T17495]  ? clear_bhb_loop+0x60/0xb0
[ 1214.092831][T17495]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1214.092842][T17495] RIP: 0033:0x7f17e418ebe9
[ 1214.092854][T17495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1214.092863][T17495] RSP: 002b:00007f17e4f36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1214.092876][T17495] RAX: ffffffffffffffda RBX: 00007f17e43b6090 RCX: 00007f17e418ebe9
[ 1214.092889][T17495] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 00000000ffffff9c
[ 1214.092897][T17495] RBP: 00007f17e4f36090 R08: 0000000000000000 R09: 0000000000000000
[ 1214.092903][T17495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1214.092909][T17495] R13: 00007f17e43b6128 R14: 00007f17e43b6090 R15: 00007ffd13545f08
[ 1214.092926][T17495]  </TASK>
[ 1214.389320][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1214.402615][T17495] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1214.808238][   T92] usb 2-1: config 0 descriptor??
[ 1214.928243][T14444] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1214.939037][T14444] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1214.948175][T14444] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1214.956304][T14444] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1214.982833][T14444] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1215.131179][T17496] lo speed is unknown, defaulting to 1000
[ 1215.152580][   T92] rc_core: IR keymap rc-hauppauge not found
[ 1215.186096][   T92] Registered IR keymap rc-empty
[ 1215.317435][   T92] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 1215.666088][   T92] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input18
[ 1215.834992][    C1] igorplugusb 2-1:0.0: Error: urb status = -32
[ 1215.860688][   T92] usb 2-1: USB disconnect, device number 43
[ 1217.468841][ T5854] Bluetooth: hci3: command tx timeout
[ 1217.539092][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1218.606316][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1218.702018][T17533] tipc: Started in network mode
[ 1218.707376][T17533] tipc: Node identity 4, cluster identity 4711
[ 1218.717014][T17533] tipc: Node number set to 4
[ 1218.905711][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1219.435537][T17496] chnl_net:caif_netlink_parms(): no params data found
[ 1219.494243][ T5854] Bluetooth: hci3: command tx timeout
[ 1219.517354][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1220.263865][T17496] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1220.271048][T17496] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1220.373159][T17496] bridge_slave_0: entered allmulticast mode
[ 1220.865404][T17496] bridge_slave_0: entered promiscuous mode
[ 1220.968879][T17496] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1220.993056][T17496] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1221.000403][T17496] bridge_slave_1: entered allmulticast mode
[ 1221.404200][T17496] bridge_slave_1: entered promiscuous mode
[ 1221.564142][ T5854] Bluetooth: hci3: command tx timeout
[ 1221.811150][T17565] FAULT_INJECTION: forcing a failure.
[ 1221.811150][T17565] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1221.824701][T17565] CPU: 0 UID: 0 PID: 17565 Comm: syz.0.3094 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1221.824727][T17565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1221.824739][T17565] Call Trace:
[ 1221.824748][T17565]  <TASK>
[ 1221.824757][T17565]  dump_stack_lvl+0x189/0x250
[ 1221.824782][T17565]  ? __pfx____ratelimit+0x10/0x10
[ 1221.824802][T17565]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1221.824825][T17565]  ? __pfx__printk+0x10/0x10
[ 1221.824851][T17565]  ? __might_fault+0xb0/0x130
[ 1221.824883][T17565]  should_fail_ex+0x414/0x560
[ 1221.824909][T17565]  _copy_from_user+0x2d/0xb0
[ 1221.824938][T17565]  ___sys_sendmsg+0x158/0x2a0
[ 1221.824972][T17565]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1221.825034][T17565]  ? __fget_files+0x2a/0x420
[ 1221.825052][T17565]  ? __fget_files+0x3a0/0x420
[ 1221.825081][T17565]  __x64_sys_sendmsg+0x19b/0x260
[ 1221.825108][T17565]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1221.825146][T17565]  ? __pfx_ksys_write+0x10/0x10
[ 1221.825163][T17565]  ? rcu_is_watching+0x15/0xb0
[ 1221.825191][T17565]  ? do_syscall_64+0xbe/0x3b0
[ 1221.825217][T17565]  do_syscall_64+0xfa/0x3b0
[ 1221.825240][T17565]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1221.825258][T17565]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1221.825278][T17565]  ? clear_bhb_loop+0x60/0xb0
[ 1221.825314][T17565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1221.825334][T17565] RIP: 0033:0x7fc51c98ebe9
[ 1221.825352][T17565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1221.825370][T17565] RSP: 002b:00007fc51d7a6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1221.825392][T17565] RAX: ffffffffffffffda RBX: 00007fc51cbb6090 RCX: 00007fc51c98ebe9
[ 1221.825407][T17565] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000005
[ 1221.825420][T17565] RBP: 00007fc51d7a6090 R08: 0000000000000000 R09: 0000000000000000
[ 1221.825434][T17565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1221.825446][T17565] R13: 00007fc51cbb6128 R14: 00007fc51cbb6090 R15: 00007ffec88614f8
[ 1221.825476][T17565]  </TASK>
[ 1222.042496][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1222.335590][T17496] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1222.431297][T17496] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1222.957489][T17496] team0: Port device team_slave_0 added
[ 1223.187517][T17496] team0: Port device team_slave_1 added
[ 1223.203039][   T12] bridge_slave_1: left allmulticast mode
[ 1223.208737][   T12] bridge_slave_1: left promiscuous mode
[ 1223.232250][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1223.642421][ T5854] Bluetooth: hci3: command tx timeout
[ 1223.649224][   T12] bridge_slave_0: left allmulticast mode
[ 1223.658514][   T12] bridge_slave_0: left promiscuous mode
[ 1223.666295][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1223.947882][T17586] syz.2.3097: attempt to access beyond end of device
[ 1223.947882][T17586] loop2: rw=0, sector=16, nr_sectors = 2 limit=0
[ 1226.149255][T17620] FAULT_INJECTION: forcing a failure.
[ 1226.149255][T17620] name failslab, interval 1, probability 0, space 0, times 0
[ 1226.162566][T17620] CPU: 0 UID: 0 PID: 17620 Comm: syz.2.3102 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1226.162590][T17620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1226.162601][T17620] Call Trace:
[ 1226.162617][T17620]  <TASK>
[ 1226.162625][T17620]  dump_stack_lvl+0x189/0x250
[ 1226.162650][T17620]  ? __pfx____ratelimit+0x10/0x10
[ 1226.162671][T17620]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1226.162691][T17620]  ? __pfx__printk+0x10/0x10
[ 1226.162715][T17620]  ? __pfx___might_resched+0x10/0x10
[ 1226.162735][T17620]  ? fs_reclaim_acquire+0x7d/0x100
[ 1226.162764][T17620]  should_fail_ex+0x414/0x560
[ 1226.162791][T17620]  should_failslab+0xa8/0x100
[ 1226.162815][T17620]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1226.162835][T17620]  ? seq_open+0x5f/0x140
[ 1226.162876][T17620]  seq_open+0x5f/0x140
[ 1226.162903][T17620]  ? __pfx_smk_open_relabel_self+0x10/0x10
[ 1226.162928][T17620]  do_dentry_open+0xdf0/0x1970
[ 1226.162970][T17620]  vfs_open+0x3b/0x340
[ 1226.162992][T17620]  ? path_openat+0x2ecd/0x3830
[ 1226.163022][T17620]  path_openat+0x2ee5/0x3830
[ 1226.163048][T17620]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1226.163104][T17620]  ? __pfx_path_openat+0x10/0x10
[ 1226.163151][T17620]  do_filp_open+0x1fa/0x410
[ 1226.163182][T17620]  ? __pfx_do_filp_open+0x10/0x10
[ 1226.163207][T17620]  ? preempt_schedule_common+0x83/0xd0
[ 1226.163249][T17620]  ? _raw_spin_unlock+0x3f/0x50
[ 1226.163277][T17620]  ? alloc_fd+0x64c/0x6c0
[ 1226.163316][T17620]  do_sys_openat2+0x121/0x1c0
[ 1226.163345][T17620]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1226.163372][T17620]  ? ksys_write+0x22a/0x250
[ 1226.163394][T17620]  ? __pfx_ksys_write+0x10/0x10
[ 1226.163411][T17620]  ? rcu_is_watching+0x15/0xb0
[ 1226.163437][T17620]  __x64_sys_openat+0x138/0x170
[ 1226.163469][T17620]  do_syscall_64+0xfa/0x3b0
[ 1226.163490][T17620]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1226.163510][T17620]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1226.163531][T17620]  ? clear_bhb_loop+0x60/0xb0
[ 1226.163556][T17620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1226.163575][T17620] RIP: 0033:0x7f14f098ebe9
[ 1226.163594][T17620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1226.163612][T17620] RSP: 002b:00007f14f1737038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1226.163633][T17620] RAX: ffffffffffffffda RBX: 00007f14f0bb6090 RCX: 00007f14f098ebe9
[ 1226.163649][T17620] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 00000000ffffff9c
[ 1226.163663][T17620] RBP: 00007f14f1737090 R08: 0000000000000000 R09: 0000000000000000
[ 1226.163676][T17620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1226.163688][T17620] R13: 00007f14f0bb6128 R14: 00007f14f0bb6090 R15: 00007fff7c880588
[ 1226.163720][T17620]  </TASK>
[ 1226.446713][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1226.933464][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1226.949267][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1226.961013][   T12] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1226.973294][   T12] bond0 (unregistering): Released all slaves
[ 1227.401666][T17628] netlink: 165 bytes leftover after parsing attributes in process `syz.1.3104'.
[ 1227.846484][T17496] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1227.882427][T17496] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1227.972419][T17496] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1228.022518][   T12] tipc: Left network mode
[ 1228.039473][T17496] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1228.092584][T17496] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1228.792482][T17496] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1229.274224][T17651] FAULT_INJECTION: forcing a failure.
[ 1229.274224][T17651] name failslab, interval 1, probability 0, space 0, times 0
[ 1229.287380][T17651] CPU: 0 UID: 0 PID: 17651 Comm: syz.0.3109 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1229.287405][T17651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1229.287418][T17651] Call Trace:
[ 1229.287426][T17651]  <TASK>
[ 1229.287435][T17651]  dump_stack_lvl+0x189/0x250
[ 1229.287462][T17651]  ? __pfx____ratelimit+0x10/0x10
[ 1229.287492][T17651]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1229.287519][T17651]  ? __pfx__printk+0x10/0x10
[ 1229.287554][T17651]  ? __pfx___might_resched+0x10/0x10
[ 1229.287581][T17651]  should_fail_ex+0x414/0x560
[ 1229.287608][T17651]  should_failslab+0xa8/0x100
[ 1229.287631][T17651]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1229.287652][T17651]  ? __alloc_skb+0x112/0x2d0
[ 1229.287683][T17651]  __alloc_skb+0x112/0x2d0
[ 1229.287714][T17651]  netlink_sendmsg+0x5c6/0xb30
[ 1229.287739][T17651]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1229.287768][T17651]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1229.287798][T17651]  ? __sanitizer_cov_trace_pc+0x18/0x70
[ 1229.287827][T17651]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1229.287847][T17651]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1229.287876][T17651]  __sock_sendmsg+0x21c/0x270
[ 1229.287903][T17651]  ____sys_sendmsg+0x505/0x830
[ 1229.287938][T17651]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1229.287978][T17651]  ? import_iovec+0x74/0xa0
[ 1229.288009][T17651]  ___sys_sendmsg+0x21f/0x2a0
[ 1229.288041][T17651]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1229.288077][T17651]  ? rcu_read_unlock_special+0x3fe/0x4c0
[ 1229.288134][T17651]  ? __fget_files+0x2a/0x420
[ 1229.288156][T17651]  ? __fget_files+0x3a0/0x420
[ 1229.288189][T17651]  __x64_sys_sendmsg+0x19b/0x260
[ 1229.288221][T17651]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1229.288261][T17651]  ? __pfx_ksys_write+0x10/0x10
[ 1229.288286][T17651]  ? do_syscall_64+0xbe/0x3b0
[ 1229.288312][T17651]  do_syscall_64+0xfa/0x3b0
[ 1229.288335][T17651]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1229.288354][T17651]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1229.288374][T17651]  ? clear_bhb_loop+0x60/0xb0
[ 1229.288398][T17651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1229.288418][T17651] RIP: 0033:0x7fc51c98ebe9
[ 1229.288435][T17651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1229.288454][T17651] RSP: 002b:00007fc51d785038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1229.288475][T17651] RAX: ffffffffffffffda RBX: 00007fc51cbb6180 RCX: 00007fc51c98ebe9
[ 1229.288499][T17651] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 000000000000000d
[ 1229.288512][T17651] RBP: 00007fc51d785090 R08: 0000000000000000 R09: 0000000000000000
[ 1229.288525][T17651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1229.288538][T17651] R13: 00007fc51cbb6218 R14: 00007fc51cbb6180 R15: 00007ffec88614f8
[ 1229.288570][T17651]  </TASK>
[ 1230.708856][T17496] hsr_slave_0: entered promiscuous mode
[ 1230.723524][T17496] hsr_slave_1: entered promiscuous mode
[ 1230.751523][T17496] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1230.776121][T17496] Cannot create hsr debugfs directory
[ 1233.727696][T17693] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3118'.
[ 1233.761479][T17693] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3118'.
[ 1233.778815][T17693] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3118'.
[ 1234.410812][   T12] hsr_slave_0: left promiscuous mode
[ 1234.431929][   T12] hsr_slave_1: left promiscuous mode
[ 1234.896259][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1235.159736][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1235.251961][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1235.297160][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1235.431226][   T12] veth1_macvtap: left promiscuous mode
[ 1235.462717][   T12] veth0_macvtap: left promiscuous mode
[ 1235.468555][   T12] veth1_vlan: left promiscuous mode
[ 1235.477207][   T12] veth0_vlan: left promiscuous mode
[ 1235.912756][   T12] pim6reg (unregistering): left allmulticast mode
[ 1236.341324][   T12] hsr0 (unregistering): left allmulticast mode
[ 1236.730207][   T12] team0 (unregistering): Port device team_slave_1 removed
[ 1237.385146][   T12] team0 (unregistering): Port device team_slave_0 removed
[ 1238.971249][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.995351][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1243.093123][T17496] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1243.229369][T17496] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1243.306716][T17496] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1243.367083][T17496] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1243.376847][   T12] IPVS: stop unused estimator thread 0...
[ 1243.906423][T17496] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1243.998295][T17496] 8021q: adding VLAN 0 to HW filter on device team0
[ 1244.054548][ T2980] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1244.061739][ T2980] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1244.147083][ T2980] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1244.154310][ T2980] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1244.608118][T17813] FAULT_INJECTION: forcing a failure.
[ 1244.608118][T17813] name failslab, interval 1, probability 0, space 0, times 0
[ 1244.621763][T17813] CPU: 0 UID: 0 PID: 17813 Comm: syz.0.3139 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1244.621790][T17813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1244.621803][T17813] Call Trace:
[ 1244.621812][T17813]  <TASK>
[ 1244.621821][T17813]  dump_stack_lvl+0x189/0x250
[ 1244.621849][T17813]  ? __pfx____ratelimit+0x10/0x10
[ 1244.621872][T17813]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1244.621894][T17813]  ? __pfx__printk+0x10/0x10
[ 1244.621937][T17813]  ? ref_tracker_alloc+0x318/0x460
[ 1244.621964][T17813]  should_fail_ex+0x414/0x560
[ 1244.621990][T17813]  should_failslab+0xa8/0x100
[ 1244.622014][T17813]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1244.622034][T17813]  ? skb_clone+0x212/0x3a0
[ 1244.622060][T17813]  skb_clone+0x212/0x3a0
[ 1244.622083][T17813]  __netlink_deliver_tap+0x404/0x850
[ 1244.622131][T17813]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1244.622160][T17813]  netlink_deliver_tap+0x19c/0x1b0
[ 1244.622182][T17813]  netlink_unicast+0x730/0x8e0
[ 1244.622213][T17813]  netlink_sendmsg+0x805/0xb30
[ 1244.622241][T17813]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1244.622271][T17813]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1244.622303][T17813]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1244.622322][T17813]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1244.622349][T17813]  __sock_sendmsg+0x21c/0x270
[ 1244.622376][T17813]  ____sys_sendmsg+0x505/0x830
[ 1244.622412][T17813]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1244.622453][T17813]  ? import_iovec+0x74/0xa0
[ 1244.622484][T17813]  ___sys_sendmsg+0x21f/0x2a0
[ 1244.622517][T17813]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1244.622587][T17813]  ? __fget_files+0x2a/0x420
[ 1244.622614][T17813]  ? __fget_files+0x3a0/0x420
[ 1244.622649][T17813]  __x64_sys_sendmsg+0x19b/0x260
[ 1244.622682][T17813]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1244.622723][T17813]  ? __pfx_ksys_write+0x10/0x10
[ 1244.622748][T17813]  ? do_syscall_64+0xbe/0x3b0
[ 1244.622775][T17813]  do_syscall_64+0xfa/0x3b0
[ 1244.622797][T17813]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1244.622816][T17813]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1244.622836][T17813]  ? clear_bhb_loop+0x60/0xb0
[ 1244.622860][T17813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1244.622879][T17813] RIP: 0033:0x7fc51c98ebe9
[ 1244.622897][T17813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1244.622921][T17813] RSP: 002b:00007fc51d785038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1244.622943][T17813] RAX: ffffffffffffffda RBX: 00007fc51cbb6180 RCX: 00007fc51c98ebe9
[ 1244.622959][T17813] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 000000000000000d
[ 1244.622972][T17813] RBP: 00007fc51d785090 R08: 0000000000000000 R09: 0000000000000000
[ 1244.622985][T17813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1244.622997][T17813] R13: 00007fc51cbb6218 R14: 00007fc51cbb6180 R15: 00007ffec88614f8
[ 1244.623031][T17813]  </TASK>
[ 1244.964711][T17807] block device autoloading is deprecated and will be removed.
[ 1247.557771][T17496] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1248.768723][T17496] veth0_vlan: entered promiscuous mode
[ 1248.807862][T17496] veth1_vlan: entered promiscuous mode
[ 1249.330458][T17496] veth0_macvtap: entered promiscuous mode
[ 1249.397118][T17496] veth1_macvtap: entered promiscuous mode
[ 1249.645811][T17496] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1249.658552][T17496] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1249.670057][T17496] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1249.679359][T17496] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1249.691827][T17496] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1250.052066][T17496] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1250.871296][ T7284] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1251.036493][ T7284] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1251.513549][T12989] IPVS: starting estimator thread 0...
[ 1251.732742][T17899] IPVS: using max 27 ests per chain, 64800 per kthread
[ 1252.029937][ T2980] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1252.038142][T17892] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3152'.
[ 1252.087457][ T2980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1255.217818][T17947] netlink: 128 bytes leftover after parsing attributes in process `syz.5.3167'.
[ 1255.698418][T14444] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1255.708639][T14444] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1255.720262][T14444] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1255.734185][T14444] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1255.751486][T14444] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1255.961083][T17952] netlink: 'syz.2.3168': attribute type 1 has an invalid length.
[ 1255.971091][T17952] netlink: 'syz.2.3168': attribute type 1 has an invalid length.
[ 1256.214745][T16523] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1256.367653][T16523] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1256.577803][T16523] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1257.994391][ T5854] Bluetooth: hci2: command tx timeout
[ 1258.210000][T17984] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3177'.
[ 1258.278857][T17986] SET target dimension over the limit!
[ 1258.304633][T16523] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1259.150918][T17948] chnl_net:caif_netlink_parms(): no params data found
[ 1259.412465][   T24] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[ 1259.493062][T18003] vxcan0: tx drop: invalid da for name 0xfffffffffffffff5
[ 1259.632603][   T24] usb 3-1: Using ep0 maxpacket: 32
[ 1259.652886][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1259.697088][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1259.729003][   T24] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1259.746684][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1259.806867][   T24] usb 3-1: config 0 descriptor??
[ 1260.043148][ T5854] Bluetooth: hci2: command tx timeout
[ 1260.872543][T18015] netlink: 'syz.2.3181': attribute type 21 has an invalid length.
[ 1261.043807][   T24] savu 0003:1E7D:2D5A.000A: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[ 1262.209223][ T5854] Bluetooth: hci2: command tx timeout
[ 1263.463943][T16523] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1263.475039][T16523] bond0 (unregistering): Released all slaves
[ 1263.721242][T16523] bond1 (unregistering): Released all slaves
[ 1263.914486][T16426] usb 3-1: USB disconnect, device number 39
[ 1264.069974][T17948] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1265.052471][ T5854] Bluetooth: hci2: command tx timeout
[ 1265.075270][T17948] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1265.083729][ T5854] Bluetooth: hci3: Unable to find connection for big 0x00
[ 1265.104430][T17948] bridge_slave_0: entered allmulticast mode
[ 1265.829876][T17948] bridge_slave_0: entered promiscuous mode
[ 1265.873643][T16523] tipc: Left network mode
[ 1265.912020][T17948] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1265.952551][T17948] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1265.959878][T17948] bridge_slave_1: entered allmulticast mode
[ 1265.976369][T17948] bridge_slave_1: entered promiscuous mode
[ 1266.701905][T17948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1266.746116][T17948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1267.060393][T17948] team0: Port device team_slave_0 added
[ 1267.108081][T17948] team0: Port device team_slave_1 added
[ 1267.402963][T17948] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1267.415473][T17948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1267.454419][T17948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1267.501490][T17948] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1267.520663][T17948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1267.603618][T17948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1268.438347][T17948] hsr_slave_0: entered promiscuous mode
[ 1268.570744][T17948] hsr_slave_1: entered promiscuous mode
[ 1268.613273][T17948] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1268.620890][T17948] Cannot create hsr debugfs directory
[ 1268.854907][    C1] Unknown status report in ack skb
[ 1277.231870][T18191] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3235'.
[ 1278.243972][T18206] 9pnet_fd: Insufficient options for proto=fd
[ 1278.269431][T17948] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1278.571794][T16523] hsr_slave_0: left promiscuous mode
[ 1278.625372][T16523] hsr_slave_1: left promiscuous mode
[ 1278.650338][T16523] veth1_macvtap: left promiscuous mode
[ 1278.659069][T16523] veth0_macvtap: left promiscuous mode
[ 1278.668576][T16523] veth1_vlan: left promiscuous mode
[ 1278.681905][T16523] veth0_vlan: left promiscuous mode
[ 1280.841736][T16523] pim6reg (unregistering): left allmulticast mode
[ 1282.079892][T17948] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1282.092255][T18218] netlink: 'syz.5.3244': attribute type 1 has an invalid length.
[ 1282.107529][T18218] netlink: 'syz.5.3244': attribute type 2 has an invalid length.
[ 1282.133072][T17948] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1282.193167][T17948] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1282.580934][T18254] input: syz1 as /devices/virtual/input/input19
[ 1282.649050][T17948] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1282.774045][T17948] 8021q: adding VLAN 0 to HW filter on device team0
[ 1282.846362][ T2959] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1282.853690][ T2959] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1282.921272][ T2959] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1282.928527][ T2959] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1283.103548][T16523] IPVS: stop unused estimator thread 0...
[ 1283.209396][T17948] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1283.858927][T18299] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3266'.
[ 1283.936760][T18271] input: syz0 as /devices/virtual/input/input20
[ 1285.009375][T14444] Bluetooth: hci2: command 0x0405 tx timeout
[ 1285.020898][T17948] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1285.230276][T18307] kvm: pic: non byte read
[ 1285.235153][T18307] kvm: pic: non byte read
[ 1285.239802][T18307] kvm: pic: single mode not supported
[ 1285.239873][T18307] kvm: pic: non byte read
[ 1285.257607][T18307] kvm: pic: non byte read
[ 1285.278032][T18307] kvm: pic: non byte read
[ 1285.283219][T18307] kvm: pic: single mode not supported
[ 1285.283269][T18307] kvm: pic: non byte read
[ 1285.344547][T18307] kvm: pic: single mode not supported
[ 1285.344610][T18307] kvm: pic: non byte read
[ 1285.422774][T18307] kvm: pic: non byte read
[ 1285.429302][T18307] kvm: pic: non byte read
[ 1285.496120][T17948] veth0_vlan: entered promiscuous mode
[ 1285.636835][T17948] veth1_vlan: entered promiscuous mode
[ 1285.748119][T17948] veth0_macvtap: entered promiscuous mode
[ 1285.816258][T17948] veth1_macvtap: entered promiscuous mode
[ 1285.925602][T17948] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1286.011512][T17948] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1286.071692][T17948] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1286.099108][T17948] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1286.109571][T18325] netlink: 6 bytes leftover after parsing attributes in process `syz.1.3272'.
[ 1286.148177][T17948] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1286.177220][T18325] IPv6: Can't replace route, no match found
[ 1286.199448][T17948] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1286.458611][ T2959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1286.520435][ T2959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1286.788499][ T2980] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1286.880790][ T2980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1287.012442][ T5926] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[ 1287.194356][ T5926] usb 3-1: Using ep0 maxpacket: 32
[ 1287.590268][ T5926] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[ 1287.615474][ T5926] usb 3-1: config 0 has no interface number 0
[ 1287.626847][ T5926] usb 3-1: config 0 interface 184 has no altsetting 0
[ 1287.650921][ T5926] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1287.676722][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1287.686295][ T5926] usb 3-1: Product: syz
[ 1287.694569][ T5926] usb 3-1: Manufacturer: syz
[ 1287.699254][ T5926] usb 3-1: SerialNumber: syz
[ 1287.703844][T18362] tipc: Started in network mode
[ 1287.703865][T18362] tipc: Node identity 4, cluster identity 4711
[ 1287.703877][T18362] tipc: Node number set to 4
[ 1287.869665][ T5926] usb 3-1: config 0 descriptor??
[ 1287.905932][ T5926] smsc75xx v1.0.0
[ 1287.910475][ T5926] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[ 1287.950382][ T5926] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -22
[ 1288.914028][T18379] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1288.921610][T18340] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1288.931642][T18340] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[ 1289.006030][T18379] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1289.164072][T18386] fuse: Bad value for 'fd'
[ 1289.393476][T18383] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1289.404862][T18383] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1289.480210][T18379] bond0: (slave batadv0): Releasing backup interface
[ 1289.512899][T18393] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3283'.
[ 1289.555538][T18393] netlink: 'syz.1.3283': attribute type 7 has an invalid length.
[ 1289.613603][T18393] netlink: 'syz.1.3283': attribute type 8 has an invalid length.
[ 1289.653384][T18393] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3283'.
[ 1289.801617][T18401] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3285'.
[ 1289.888206][T18340] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1289.894547][T18340] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[ 1289.970155][T18340] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1289.978548][T18340] Bluetooth: hci6: Error when powering off device on rfkill (-4)
[ 1290.217864][T18401] bridge_slave_1: left allmulticast mode
[ 1290.237595][T18401] bridge_slave_1: left promiscuous mode
[ 1290.277687][T18340] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1290.284193][T18340] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[ 1290.315924][T18401] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1290.481879][T18340] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1290.489252][T18340] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[ 1290.513857][T18401] bridge_slave_0: left allmulticast mode
[ 1290.527576][T18401] bridge_slave_0: left promiscuous mode
[ 1290.616847][T18401] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1291.165477][T18410] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3289'.
[ 1291.197639][T18410] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[ 1291.833023][   T24] usb 3-1: USB disconnect, device number 40
[ 1292.941555][T18426] tipc: Enabling of bearer <eth:s> rejected, failed to enable media
[ 1293.183565][T18430] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3296'.
[ 1293.457176][T18434] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1293.554564][T18438] syzkaller0: entered promiscuous mode
[ 1293.587341][T18438] syzkaller0: entered allmulticast mode
[ 1293.631638][T18434] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[ 1293.889344][T18441] tipc: Resetting bearer <eth:syzkaller0>
[ 1293.896424][T18438] sch_tbf: burst 4 is lower than device syzkaller0 mtu (313) !
[ 1294.136259][T18431] tipc: Resetting bearer <eth:syzkaller0>
[ 1294.193186][T18447] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3300'.
[ 1294.323756][T18431] tipc: Disabling bearer <eth:syzkaller0>
[ 1294.638351][T14444] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1294.653695][T14444] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1294.665616][T14444] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1294.675536][T14444] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1294.684793][T14444] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1294.728415][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1294.753198][T18458] kvm: pic: non byte read
[ 1294.766194][T18458] kvm: pic: non byte read
[ 1294.775606][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1294.794264][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1294.795586][T18458] kvm: pic: non byte read
[ 1294.823589][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1294.836581][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1296.037588][T18454] chnl_net:caif_netlink_parms(): no params data found
[ 1296.100923][   T49] bridge_slave_1: left promiscuous mode
[ 1296.125017][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1296.205476][   T49] bridge_slave_0: left promiscuous mode
[ 1296.211530][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1296.926453][T14444] Bluetooth: hci1: command tx timeout
[ 1297.007954][   T24] usb 2-1: new full-speed USB device number 44 using dummy_hcd
[ 1297.178498][   T24] usb 2-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[ 1297.212327][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1297.273085][   T24] usb 2-1: config 0 descriptor??
[ 1297.419265][   T24] usb 2-1: selecting invalid altsetting 3
[ 1297.438355][   T24] comedi comedi5: could not set alternate setting 3 in high speed
[ 1297.512765][   T24] usbduxsigma 2-1:0.0: driver 'usbduxsigma' failed to auto-configure device.
[ 1297.536453][   T24] usbduxsigma 2-1:0.0: probe with driver usbduxsigma failed with error -22
[ 1297.899446][T18503] input: syz0 as /devices/virtual/input/input21
[ 1298.625604][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1298.665632][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1298.684539][   T49] bond0 (unregistering): Released all slaves
[ 1298.972511][   T49] tipc: Left network mode
[ 1299.009879][T14444] Bluetooth: hci1: command tx timeout
[ 1300.062121][T16425] usb 2-1: USB disconnect, device number 44
[ 1300.114486][T18454] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1300.130461][T18454] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1300.138319][T18454] bridge_slave_0: entered allmulticast mode
[ 1300.157893][T18454] bridge_slave_0: entered promiscuous mode
[ 1300.296887][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.311952][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.322641][T18454] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1300.331625][T18454] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1300.442758][T18454] bridge_slave_1: entered allmulticast mode
[ 1300.486206][T18454] bridge_slave_1: entered promiscuous mode
[ 1300.714101][T18454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1300.737665][   T30] kauditd_printk_skb: 15 callbacks suppressed
[ 1300.737684][   T30] audit: type=1804 audit(1755885375.378:1332): pid=18542 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.3325" name="/newroot/11/file1" dev="fuse" ino=1 res=1 errno=0
[ 1300.741132][T18454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1300.746547][   T30] audit: type=1800 audit(1755885375.388:1333): pid=18542 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.3325" name="/" dev="fuse" ino=1 res=0 errno=0
[ 1301.091303][T14444] Bluetooth: hci1: command tx timeout
[ 1301.458483][T18454] team0: Port device team_slave_0 added
[ 1301.699362][T18454] team0: Port device team_slave_1 added
[ 1301.866096][T16426] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[ 1301.988011][T18454] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1302.129328][T18454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1302.206251][T16426] usb 5-1: Using ep0 maxpacket: 8
[ 1302.502493][T18454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1302.543861][T16426] usb 5-1: config index 0 descriptor too short (expected 28277, got 36)
[ 1302.575220][T16426] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1302.642440][T16426] usb 5-1: config 0 has no interfaces?
[ 1302.658279][T18454] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1302.706884][T16426] usb 5-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[ 1302.727284][T18454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1302.775121][T16426] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1302.788934][T16426] usb 5-1: config 0 descriptor??
[ 1302.803270][T18454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1303.007340][T18454] hsr_slave_0: entered promiscuous mode
[ 1303.065652][T18454] hsr_slave_1: entered promiscuous mode
[ 1303.169039][T14444] Bluetooth: hci1: command tx timeout
[ 1304.517076][T18562] libceph: resolve '4.' (ret=-3): failed
[ 1304.636642][T18562] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[ 1304.646184][T10845] IPVS: starting estimator thread 0...
[ 1304.803065][T18593] IPVS: using max 48 ests per chain, 115200 per kthread
[ 1304.958396][T18562] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3330'.
[ 1305.803679][ T5926] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1305.990185][ T5926] usb 6-1: config 17 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1306.003803][ T5926] usb 6-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1306.026973][ T5926] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1306.081660][ T5926] aiptek 6-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 1306.621662][T16426] usb 5-1: USB disconnect, device number 28
[ 1306.708099][   T49] hsr_slave_0: left promiscuous mode
[ 1306.770973][   T49] hsr_slave_1: left promiscuous mode
[ 1307.565046][T18624] loop2: detected capacity change from 0 to 7
[ 1307.586756][T18624]  loop2: p1 p4
[ 1307.590412][T18624] loop2: partition table partially beyond EOD, truncated
[ 1307.600815][T18624] loop2: p1 size 1919251295 extends beyond EOD, truncated
[ 1307.684970][T18624] loop2: p4 start 2495 is beyond EOD, truncated
[ 1308.443791][T14418] udevd[14418]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[ 1309.094743][T10845] usb 6-1: USB disconnect, device number 4
[ 1309.296083][T18631] program syz.5.3342 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1309.506605][   T30] audit: type=1326 audit(1755885384.148:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18638 comm="syz.5.3346" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f17e418ebe9 code=0x0
[ 1309.527791][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1309.820357][   T49] team0 (unregistering): Port device team_slave_1 removed
[ 1309.926178][   T49] team0 (unregistering): Port device team_slave_0 removed
[ 1310.927519][T18654] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3350'.
[ 1310.990489][T18654] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3350'.
[ 1311.782591][ T5995] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[ 1311.845372][   T49] IPVS: stop unused estimator thread 0...
[ 1311.932071][T18454] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1311.963578][ T5995] usb 2-1: Using ep0 maxpacket: 32
[ 1311.989847][T18454] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1312.015615][ T5995] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1312.029580][ T5995] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1312.051731][T18454] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1312.073869][ T5995] usb 2-1: config 0 descriptor??
[ 1312.101226][T18454] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1312.295666][ T5995] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1312.314131][ T5995] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1312.355066][ T5995] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1312.376080][ T5995] usb 2-1: media controller created
[ 1312.386179][T18454] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1312.471051][T18454] 8021q: adding VLAN 0 to HW filter on device team0
[ 1312.480840][ T5995] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1312.496528][T18660] az6027: more than 2 i2c messages at a time is not handled yet. TODO.
[ 1312.567193][ T3010] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1312.574506][ T3010] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1312.607584][ T5995] az6027: usb out operation failed. (-71)
[ 1312.622168][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1312.629548][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1312.637311][ T5995] az6027: usb out operation failed. (-71)
[ 1312.646238][ T5995] stb0899_attach: Driver disabled by Kconfig
[ 1312.678547][ T5995] az6027: no front-end attached
[ 1312.678547][ T5995] 
[ 1312.686410][T18683] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3357'.
[ 1312.712896][ T5995] az6027: usb out operation failed. (-71)
[ 1312.741526][ T5995] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1312.758194][ T5995] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input23
[ 1312.796268][ T5995] dvb-usb: schedule remote query interval to 400 msecs.
[ 1312.809551][ T5995] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1312.871839][ T5995] usb 2-1: USB disconnect, device number 45
[ 1313.068857][ T5995] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1313.430641][T18701] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3359'.
[ 1313.443443][T18701] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3359'.
[ 1313.678306][T18454] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1313.808942][T18454] veth0_vlan: entered promiscuous mode
[ 1313.851571][T18454] veth1_vlan: entered promiscuous mode
[ 1314.152129][T18454] veth0_macvtap: entered promiscuous mode
[ 1314.342316][T18454] veth1_macvtap: entered promiscuous mode
[ 1314.998008][T18454] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1315.270339][T18454] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1315.330567][T18454] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1315.339987][T18454] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1315.416497][T18454] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1315.444388][T18454] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1315.826223][T12832] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1315.881520][T12832] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1316.091431][T16523] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1316.190675][T16523] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1317.158442][T18761] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1317.177751][T18758] syzkaller0: entered promiscuous mode
[ 1317.186947][T18758] syzkaller0: entered allmulticast mode
[ 1317.328042][T18757] tipc: Resetting bearer <eth:syzkaller0>
[ 1317.340745][T18754] tipc: Resetting bearer <eth:syzkaller0>
[ 1317.537675][ T5995] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1317.549452][T18754] tipc: Disabling bearer <eth:syzkaller0>
[ 1317.727255][ T5995] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1317.741428][ T5995] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1317.802908][ T5995] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1317.857254][ T5995] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1317.919093][ T5995] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1317.930905][ T5995] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1317.954105][ T5995] usb 6-1: config 0 descriptor??
[ 1318.429927][ T5995] plantronics 0003:047F:FFFF.000B: ignoring exceeding usage max
[ 1318.543010][ T5995] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1318.844289][T12989] usb 6-1: USB disconnect, device number 5
[ 1319.070807][ T5995] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[ 1319.229095][T18792] fido_id[18792]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[ 1319.273392][ T5995] usb 3-1: Using ep0 maxpacket: 32
[ 1319.281954][ T5995] usb 3-1: config 0 has an invalid interface number: 183 but max is 0
[ 1319.291747][ T5995] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1319.313884][ T5995] usb 3-1: config 0 has no interface number 0
[ 1319.442471][ T5995] usb 3-1: config 0 interface 183 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 528
[ 1319.452838][ T5995] usb 3-1: config 0 interface 183 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1319.491317][ T5995] usb 3-1: New USB device found, idVendor=06d0, idProduct=0622, bcdDevice=70.f8
[ 1319.500896][ T5995] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1319.525076][ T5995] usb 3-1: Product: syz
[ 1319.529572][ T5995] usb 3-1: Manufacturer: syz
[ 1319.544913][ T5995] usb 3-1: SerialNumber: syz
[ 1319.581378][ T5995] usb 3-1: config 0 descriptor??
[ 1319.601688][T18796] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 1319.615789][ T5995] net1080 3-1:0.183: probe with driver net1080 failed with error -22
[ 1320.002221][T18812] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3380'.
[ 1320.572620][ T5961] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[ 1320.742836][ T5961] usb 2-1: Using ep0 maxpacket: 8
[ 1320.754023][ T5961] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 1320.770757][ T5961] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1320.798534][ T5961] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1320.844519][ T5961] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1320.875484][ T5961] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1320.958792][ T5961] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1320.983290][T12989] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1321.026117][ T5961] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1321.200641][T12989] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1321.240675][T12989] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1321.294283][T12989] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1321.337328][ T5961] usb 2-1: GET_CAPABILITIES returned 0
[ 1321.358105][ T5961] usbtmc 2-1:16.0: can't read capabilities
[ 1321.384563][T12989] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1321.432869][T12989] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1321.478526][T12989] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1321.509209][T12989] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1321.541154][ T5961] usb 2-1: USB disconnect, device number 46
[ 1321.556197][T12989] usb 6-1: Product: syz
[ 1321.574843][T12989] usb 6-1: Manufacturer: syz
[ 1321.612727][T12989] cdc_wdm 6-1:1.0: skipping garbage
[ 1321.640048][T12989] cdc_wdm 6-1:1.0: skipping garbage
[ 1321.664500][T12989] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[ 1321.682528][T12989] cdc_wdm 6-1:1.0: Unknown control protocol
[ 1322.027172][ T5926] usb 3-1: USB disconnect, device number 41
[ 1322.220114][    C1] cdc_wdm 6-1:1.0: Unexpected error -71
[ 1322.221401][ T5961] usb 6-1: USB disconnect, device number 6
[ 1322.228281][    C1] wdm_int_callback: 215 callbacks suppressed
[ 1322.228307][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[ 1322.244943][    C1] wdm_int_callback: 215 callbacks suppressed
[ 1322.244957][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[ 1322.257003][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1322.537362][ T5926] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[ 1322.952361][ T5926] usb 5-1: Using ep0 maxpacket: 8
[ 1322.961697][ T5926] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1322.978930][ T5926] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1323.109924][ T5926] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1323.432471][ T5926] usb 5-1: config 0 descriptor??
[ 1323.993914][ T5926] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1324.445020][T10845] usb 5-1: USB disconnect, device number 29
[ 1326.219543][T18888] create_pit_timer: 5 callbacks suppressed
[ 1326.219556][T18888] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1327.076157][T10845] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[ 1327.433889][T10845] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1327.457343][T10845] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1327.604554][T10845] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1327.625800][T10845] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1327.693990][T18902] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1327.794457][T10845] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1327.824071][T18911] program syz.5.3410 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1329.194340][T18902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1329.224190][T18902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1329.781461][T18924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1329.885495][T18924] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1330.444936][   T30] audit: type=1326 audit(1755885404.548:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18895 comm="syz.2.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacdb8ebe9 code=0x7ffc0000
[ 1330.489287][T18935] netlink: 'syz.0.3417': attribute type 1 has an invalid length.
[ 1330.489783][   T30] audit: type=1326 audit(1755885404.548:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18895 comm="syz.2.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacdb8ebe9 code=0x7ffc0000
[ 1330.540240][   T30] audit: type=1326 audit(1755885405.078:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18895 comm="syz.2.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7ffacdb8ebe9 code=0x7ffc0000
[ 1330.657107][T18936] batadv_slave_1: entered promiscuous mode
[ 1330.755648][T18932] batadv_slave_1: left promiscuous mode
[ 1330.800803][   T30] audit: type=1326 audit(1755885405.078:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18895 comm="syz.2.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacdb8ebe9 code=0x7ffc0000
[ 1330.938309][   T30] audit: type=1326 audit(1755885405.208:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18895 comm="syz.2.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7ffacdb8ebe9 code=0x7ffc0000
[ 1331.131035][   T30] audit: type=1326 audit(1755885405.208:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18895 comm="syz.2.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacdb8ebe9 code=0x7ffc0000
[ 1331.329563][   T30] audit: type=1326 audit(1755885405.208:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18895 comm="syz.2.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7ffacdb8ebe9 code=0x7ffc0000
[ 1331.526519][   T30] audit: type=1326 audit(1755885405.228:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18895 comm="syz.2.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacdb8ebe9 code=0x7ffc0000
[ 1331.727383][   T30] audit: type=1326 audit(1755885405.228:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18895 comm="syz.2.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7ffacdb8ebe9 code=0x7ffc0000
[ 1331.750093][   T30] audit: type=1326 audit(1755885405.318:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18895 comm="syz.2.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacdb8ebe9 code=0x7ffc0000
[ 1332.742823][ T5995] usb 3-1: USB disconnect, device number 42
[ 1332.898134][T18961] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3429'.
[ 1332.930866][T18961] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3429'.
[ 1333.199838][T18970] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3428'.
[ 1333.395789][T12989] usb 5-1: new low-speed USB device number 30 using dummy_hcd
[ 1333.415204][T18970] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1333.677649][T18956] delete_channel: no stack
[ 1333.721462][T12989] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1333.729766][T12989] usb 5-1: config 0 has no interface number 0
[ 1333.737329][T12989] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1333.753862][T12989] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1333.846812][T12989] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1333.902741][T12989] usb 5-1: config 0 descriptor??
[ 1333.948746][T12989] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1334.138161][T10845] usb 5-1: USB disconnect, device number 30
[ 1336.025425][T19000] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1336.972605][T12989] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[ 1337.142543][T12989] usb 3-1: Using ep0 maxpacket: 8
[ 1337.154959][T12989] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[ 1337.179137][T12989] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1337.199197][T12989] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1337.231828][T12989] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1337.261925][T12989] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1337.334070][T12989] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1337.369893][T12989] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1337.615873][T12989] usb 3-1: usb_control_msg returned -32
[ 1337.621572][T12989] usbtmc 3-1:16.0: can't read capabilities
[ 1337.683306][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 1337.683323][   T30] audit: type=1326 audit(1755885412.328:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19023 comm="syz.0.3447" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1a7c18ebe9 code=0x0
[ 1337.812614][T16425] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[ 1338.444568][T12989] usb 3-1: USB disconnect, device number 43
[ 1338.462978][T19030] usbtmc 3-1:16.0: usb_control_msg returned -71
[ 1338.614879][T16425] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1338.630952][T16425] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1338.643868][T16425] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1338.655424][T16425] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1338.670259][T16425] usb 2-1: config 0 descriptor??
[ 1339.163131][T16425] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1339.229028][T16425] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1339.446578][T16425] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1339.462572][T16425] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1339.469667][T16425] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1339.477279][T16425] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1339.485373][T16425] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1339.503350][T16425] cp2112 0003:10C4:EA90.000C: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0
[ 1339.673168][T16425] cp2112 0003:10C4:EA90.000C: Part Number: 0x00 Device Version: 0x00
[ 1339.764528][T19048] ucma_write: process 44 (syz.2.3453) changed security contexts after opening file descriptor, this is not allowed.
[ 1339.957567][T19056] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3452'.
[ 1340.122880][T16425] cp2112 0003:10C4:EA90.000C: error reading lock byte: -71
[ 1340.214560][T16425] usb 2-1: USB disconnect, device number 47
[ 1342.903356][T19094] hub 9-0:1.0: USB hub found
[ 1342.930326][T19094] hub 9-0:1.0: 1 port detected
[ 1345.252958][T19126] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3477'.
[ 1345.433028][T19132] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.3480'.
[ 1345.495542][T19132] netlink: zone id is out of range
[ 1345.510572][T19132] netlink: get zone limit has 8 unknown bytes
[ 1346.407503][T19145] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1346.439628][T19126] bond0: (slave bond_slave_1): Releasing backup interface
[ 1347.292353][T12989] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 1347.292420][ T5995] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1347.542376][ T5995] usb 6-1: Using ep0 maxpacket: 8
[ 1347.562462][T12989] usb 2-1: Using ep0 maxpacket: 16
[ 1347.562968][ T5995] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64
[ 1347.571840][T12989] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1347.605772][ T5995] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1347.663783][T12989] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1347.673704][ T5995] usb 6-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76
[ 1347.709372][T12989] usb 2-1: Product: syz
[ 1347.731980][ T5995] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1347.732642][T12989] usb 2-1: Manufacturer: syz
[ 1347.785153][ T5995] usb 6-1: Product: syz
[ 1347.794566][T12989] usb 2-1: SerialNumber: syz
[ 1347.801048][ T5995] usb 6-1: Manufacturer: syz
[ 1347.809590][T12989] r8152-cfgselector 2-1: Unknown version 0x0000
[ 1347.824050][ T5995] usb 6-1: SerialNumber: syz
[ 1347.826465][T12989] r8152-cfgselector 2-1: config 0 descriptor??
[ 1347.857153][ T5995] usb 6-1: config 0 descriptor??
[ 1347.930525][ T5995] snd_usb_toneport 6-1:0.0: Line 6 TonePort UX2 found
[ 1347.957974][T19174] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1348.060240][T12989] r8152-cfgselector 2-1: Needed 1 retries to read version
[ 1348.068588][T12989] r8152-cfgselector 2-1: Unknown version 0x0000
[ 1348.085720][T12989] r8152-cfgselector 2-1: bad CDC descriptors
[ 1348.151214][ T5995] snd_usb_toneport 6-1:0.0: cannot get proper max packet size
[ 1348.178650][ T5995] snd_usb_toneport 6-1:0.0: Line 6 TonePort UX2 now disconnected
[ 1348.208605][ T5995] snd_usb_toneport 6-1:0.0: probe with driver snd_usb_toneport failed with error -22
[ 1348.242828][ T5961] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[ 1348.298467][T12989] r8152-cfgselector 2-1: USB disconnect, device number 48
[ 1348.358379][T19182] program syz.0.3498 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1348.429519][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1348.457336][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1348.489759][ T5961] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1348.508387][ T5961] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1348.547729][ T5961] usb 3-1: config 0 descriptor??
[ 1349.040141][ T5961] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1349.062385][ T5961] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1349.192001][ T5961] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1349.336686][ T5961] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1349.344613][ T5961] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1349.351630][ T5961] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1349.358737][ T5961] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1349.544622][ T5961] cp2112 0003:10C4:EA90.000D: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[ 1349.852826][ T5961] cp2112 0003:10C4:EA90.000D: Part Number: 0x00 Device Version: 0x00
[ 1350.145959][ T5961] cp2112 0003:10C4:EA90.000D: error setting SMBus config
[ 1350.157889][ T5961] cp2112 0003:10C4:EA90.000D: probe with driver cp2112 failed with error -71
[ 1350.248935][ T5961] usb 3-1: USB disconnect, device number 44
[ 1351.156999][T10845] usb 6-1: USB disconnect, device number 7
[ 1354.910596][T16425] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1355.152510][T16425] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1355.214750][T16425] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1355.268515][T19268] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3521'.
[ 1355.291796][T16425] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1355.346664][T16425] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1355.381099][T16425] usb 6-1: config 0 descriptor??
[ 1355.866960][T16425] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1355.875585][T16425] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1355.905947][T16425] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1355.992395][T16425] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1355.999517][T16425] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1356.052657][T16425] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1356.086057][T16425] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1356.142994][T16425] cp2112 0003:10C4:EA90.000E: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0
[ 1356.268980][T16425] cp2112 0003:10C4:EA90.000E: Part Number: 0x00 Device Version: 0x00
[ 1356.638859][T16425] cp2112 0003:10C4:EA90.000E: error setting SMBus config
[ 1356.703902][T16425] cp2112 0003:10C4:EA90.000E: probe with driver cp2112 failed with error -71
[ 1356.800306][T16425] usb 6-1: USB disconnect, device number 8
[ 1356.987944][   T24] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[ 1357.192476][   T24] usb 5-1: Using ep0 maxpacket: 16
[ 1357.229952][   T24] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1357.239899][   T24] usb 5-1: New USB device found, idVendor=17cc, idProduct=041c, bcdDevice= 0.9c
[ 1357.258876][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1357.302903][   T24] usb 5-1: Product: syz
[ 1357.318981][   T24] usb 5-1: Manufacturer: syz
[ 1357.352386][   T24] usb 5-1: SerialNumber: syz
[ 1357.374020][   T24] usb 5-1: config 0 descriptor??
[ 1357.402151][   T24] usb 5-1: selecting invalid altsetting 1
[ 1357.414822][   T24] snd-usb-caiaq 5-1:0.0: can't set alt interface.
[ 1357.427040][   T24] usb 5-1: unable to init card! (ret=-5)
[ 1357.437813][   T24] snd-usb-caiaq 5-1:0.0: probe with driver snd-usb-caiaq failed with error -5
[ 1357.602032][T19278] netlink: 'syz.4.3525': attribute type 12 has an invalid length.
[ 1357.710220][T19287] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1359.839178][T16425] usb 5-1: USB disconnect, device number 31
[ 1360.428977][T19310] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:16x328 (0x34324142, 5, 0, 0, 0)
[ 1361.262457][ T5961] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[ 1361.426213][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1361.438538][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1361.497932][ T5961] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1361.546038][ T5961] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1361.604924][ T5961] usb 3-1: config 0 descriptor??
[ 1361.728230][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.737692][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.830266][T19334] input: syz0 as /devices/virtual/input/input24
[ 1362.049763][ T5961] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1362.102405][ T5961] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1362.109531][ T5961] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1362.200397][ T5961] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1362.619320][ T5961] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1362.693467][ T5961] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1362.700499][ T5961] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1362.750470][ T5961] cp2112 0003:10C4:EA90.000F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[ 1363.050429][ T5961] cp2112 0003:10C4:EA90.000F: Part Number: 0x00 Device Version: 0x00
[ 1363.223095][T19359] loop3: detected capacity change from 0 to 1
[ 1363.285230][T19359] Dev loop3: unable to read RDB block 1
[ 1363.310692][T19359]  loop3: unable to read partition table
[ 1363.312212][ T5961] cp2112 0003:10C4:EA90.000F: error setting SMBus config
[ 1363.353788][T19359] loop3: partition table beyond EOD, truncated
[ 1363.363676][ T5961] cp2112 0003:10C4:EA90.000F: probe with driver cp2112 failed with error -71
[ 1363.380515][T19362] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1363.386270][T19359] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1363.470943][ T5961] usb 3-1: USB disconnect, device number 45
[ 1364.039685][T19374] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3557'.
[ 1364.114735][T19374] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1364.530559][T19374] bridge_slave_1 (unregistering): left allmulticast mode
[ 1364.540725][T19374] bridge_slave_1 (unregistering): left promiscuous mode
[ 1364.564736][T19374] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1367.760740][T19384] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3560'.
[ 1378.832308][    C0] sched: DL replenish lagged too much
[ 1511.412315][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1511.419419][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P10379/1:b..l P17020/1:b..l P5502/1:b..l P2/1:b..l P5197/1:b..l
[ 1511.432752][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=89765, q=1168093 ncpus=2)
[ 1511.440908][    C0] task:klogd           state:R  running task     stack:23816 pid:5197  tgid:5197  ppid:1      task_flags:0x400100 flags:0x00004002
[ 1511.456102][    C0] Call Trace:
[ 1511.459407][    C0]  <TASK>
[ 1511.462445][    C0]  __schedule+0x16aa/0x4c90
[ 1511.466950][    C0]  ? sched_clock+0x3f/0x60
[ 1511.471359][    C0]  ? sched_clock_cpu+0x74/0x430
[ 1511.476235][    C0]  ? preempt_schedule_common+0x83/0xd0
[ 1511.481921][    C0]  ? psi_task_change+0xe5/0x250
[ 1511.486783][    C0]  ? __pfx___schedule+0x10/0x10
[ 1511.491643][    C0]  ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[ 1511.497800][    C0]  ? psi_task_change+0xe5/0x250
[ 1511.502661][    C0]  ? preempt_schedule+0xae/0xc0
[ 1511.507573][    C0]  preempt_schedule_common+0x83/0xd0
[ 1511.512901][    C0]  preempt_schedule+0xae/0xc0
[ 1511.517596][    C0]  ? __pfx_preempt_schedule+0x10/0x10
[ 1511.522958][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1511.528940][    C0]  preempt_schedule_thunk+0x16/0x30
[ 1511.534139][    C0]  _raw_spin_unlock_irqrestore+0xfd/0x110
[ 1511.539850][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1511.546174][    C0]  ? autoremove_wake_function+0x39/0x100
[ 1511.551803][    C0]  __wake_up_common_lock+0x190/0x1f0
[ 1511.557105][    C0]  sock_def_readable+0x1fb/0x550
[ 1511.562118][    C0]  ? sock_def_readable+0xbe/0x550
[ 1511.567152][    C0]  unix_dgram_sendmsg+0xd78/0x17d0
[ 1511.572260][    C0]  ? kasan_quarantine_put+0xdd/0x220
[ 1511.577615][    C0]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[ 1511.583184][    C0]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1511.588623][    C0]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[ 1511.594348][    C0]  __sock_sendmsg+0x21c/0x270
[ 1511.599026][    C0]  __sys_sendto+0x3bd/0x520
[ 1511.603623][    C0]  ? __pfx___sys_sendto+0x10/0x10
[ 1511.608844][    C0]  ? __rseq_handle_notify_resume+0x37e/0x11f0
[ 1511.614925][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1511.619706][    C0]  __x64_sys_sendto+0xde/0x100
[ 1511.624623][    C0]  do_syscall_64+0xfa/0x3b0
[ 1511.629129][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1511.635313][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1511.641570][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1511.646272][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1511.652176][    C0] RIP: 0033:0x7f48202c0407
[ 1511.656611][    C0] RSP: 002b:00007ffe15e9d410 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[ 1511.665049][    C0] RAX: ffffffffffffffda RBX: 00007f4820170c80 RCX: 00007f48202c0407
[ 1511.673012][    C0] RDX: 0000000000000055 RSI: 00007ffe15e9d550 RDI: 0000000000000003
[ 1511.680989][    C0] RBP: 00007ffe15e9d980 R08: 0000000000000000 R09: 0000000000000000
[ 1511.689085][    C0] R10: 0000000000004000 R11: 0000000000000202 R12: 00007ffe15e9d998
[ 1511.697070][    C0] R13: 00007ffe15e9d550 R14: 000000000000003a R15: 00007ffe15e9d550
[ 1511.705053][    C0]  </TASK>
[ 1511.708361][    C0] task:kthreadd        state:R  running task     stack:23936 pid:2     tgid:2     ppid:0      task_flags:0x208040 flags:0x00004000
[ 1511.721833][    C0] Call Trace:
[ 1511.725107][    C0]  <TASK>
[ 1511.728030][    C0]  __schedule+0x16aa/0x4c90
[ 1511.732546][    C0]  ? preempt_schedule_irq+0xb5/0x150
[ 1511.737910][    C0]  ? __pfx___schedule+0x10/0x10
[ 1511.742751][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1511.747857][    C0]  ? preempt_schedule_irq+0xaa/0x150
[ 1511.753134][    C0]  preempt_schedule_irq+0xb5/0x150
[ 1511.758249][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1511.763996][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[ 1511.769833][    C0]  irqentry_exit+0x6f/0x90
[ 1511.774243][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1511.780210][    C0] RIP: 0010:lock_release+0x2b5/0x3e0
[ 1511.785513][    C0] Code: 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b 05 fb 42 fe 10 <48> 3b 44 24 28 0f 85 8b 00 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e
[ 1511.805654][    C0] RSP: 0018:ffffc900000771b0 EFLAGS: 00000206
[ 1511.811768][    C0] RAX: 8630c88a13a4ff00 RBX: 0000000000000202 RCX: 8630c88a13a4ff00
[ 1511.819933][    C0] RDX: 0000000000000001 RSI: ffffffff8db6fcc6 RDI: ffffffff8be1ba40
[ 1511.828008][    C0] RBP: ffff8881404d2918 R08: ffffc90000077bf0 R09: 0000000000000000
[ 1511.836059][    C0] R10: ffffc90000077338 R11: fffff5200000ee69 R12: 0000000000000001
[ 1511.844108][    C0] R13: 0000000000000001 R14: ffffffff8e13f0e0 R15: ffff8881404d1e00
[ 1511.852549][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1511.857665][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1511.863137][    C0]  unwind_next_frame+0x19a9/0x2390
[ 1511.868257][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1511.873376][    C0]  ? kernel_clone+0x224/0x7f0
[ 1511.878157][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1511.884390][    C0]  arch_stack_walk+0x11c/0x150
[ 1511.889184][    C0]  ? kernel_thread+0x10c/0x160
[ 1511.893947][    C0]  stack_trace_save+0x9c/0xe0
[ 1511.898616][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1511.904005][    C0]  save_stack+0xf7/0x1f0
[ 1511.908246][    C0]  ? __pfx_save_stack+0x10/0x10
[ 1511.913086][    C0]  ? __free_frozen_pages+0xc65/0xe60
[ 1511.918362][    C0]  ? __put_partials+0x161/0x1c0
[ 1511.923307][    C0]  ? put_cpu_partial+0x17c/0x250
[ 1511.928233][    C0]  ? __slab_free+0x2f7/0x400
[ 1511.932985][    C0]  ? qlist_free_all+0x97/0x140
[ 1511.937748][    C0]  ? kasan_quarantine_reduce+0x148/0x160
[ 1511.943414][    C0]  ? __kasan_kmalloc+0x22/0xb0
[ 1511.948248][    C0]  ? __kmalloc_noprof+0x27a/0x4f0
[ 1511.953404][    C0]  ? security_prepare_creds+0x52/0x390
[ 1511.958934][    C0]  ? prepare_creds+0x497/0x6c0
[ 1511.963718][    C0]  ? copy_creds+0x106/0xa10
[ 1511.968215][    C0]  ? copy_process+0x95d/0x3b80
[ 1511.973055][    C0]  ? kernel_clone+0x224/0x7f0
[ 1511.977740][    C0]  ? page_ext_put+0x97/0xc0
[ 1511.982243][    C0]  __reset_page_owner+0x71/0x1f0
[ 1511.987537][    C0]  __free_frozen_pages+0xc65/0xe60
[ 1511.992668][    C0]  __put_partials+0x161/0x1c0
[ 1511.997335][    C0]  put_cpu_partial+0x17c/0x250
[ 1512.002188][    C0]  ? put_cpu_partial+0x6d/0x250
[ 1512.007029][    C0]  __slab_free+0x2f7/0x400
[ 1512.011523][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1512.017846][    C0]  ? __phys_addr+0xd3/0x180
[ 1512.022342][    C0]  qlist_free_all+0x97/0x140
[ 1512.026926][    C0]  kasan_quarantine_reduce+0x148/0x160
[ 1512.032466][    C0]  __kasan_kmalloc+0x22/0xb0
[ 1512.037039][    C0]  __kmalloc_noprof+0x27a/0x4f0
[ 1512.041874][    C0]  ? security_prepare_creds+0x52/0x390
[ 1512.047321][    C0]  security_prepare_creds+0x52/0x390
[ 1512.052610][    C0]  prepare_creds+0x497/0x6c0
[ 1512.057212][    C0]  copy_creds+0x106/0xa10
[ 1512.061624][    C0]  copy_process+0x95d/0x3b80
[ 1512.066205][    C0]  ? preempt_schedule_common+0x83/0xd0
[ 1512.071657][    C0]  ? __pfx_preempt_schedule+0x10/0x10
[ 1512.077017][    C0]  ? preempt_schedule_thunk+0x16/0x30
[ 1512.082385][    C0]  ? __pfx_copy_process+0x10/0x10
[ 1512.087433][    C0]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 1512.093434][    C0]  ? __pfx_kthread+0x10/0x10
[ 1512.098033][    C0]  kernel_clone+0x224/0x7f0
[ 1512.102546][    C0]  ? __pfx_kernel_clone+0x10/0x10
[ 1512.107567][    C0]  ? __schedule+0x16c8/0x4c90
[ 1512.112242][    C0]  ? __pfx_kthread+0x10/0x10
[ 1512.116844][    C0]  kernel_thread+0x10c/0x160
[ 1512.121602][    C0]  ? __pfx_kernel_thread+0x10/0x10
[ 1512.126715][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1512.131586][    C0]  ? __pfx_kthread+0x10/0x10
[ 1512.136270][    C0]  ? do_raw_spin_unlock+0x122/0x240
[ 1512.141523][    C0]  kthreadd+0x575/0x770
[ 1512.145696][    C0]  ? kthreadd+0x30b/0x770
[ 1512.150026][    C0]  ? __pfx_kthreadd+0x10/0x10
[ 1512.154726][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1512.160008][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1512.165211][    C0]  ? __pfx_kthreadd+0x10/0x10
[ 1512.169889][    C0]  ret_from_fork+0x3fc/0x770
[ 1512.174479][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1512.179585][    C0]  ? __switch_to_asm+0x39/0x70
[ 1512.184480][    C0]  ? __switch_to_asm+0x33/0x70
[ 1512.189338][    C0]  ? __pfx_kthreadd+0x10/0x10
[ 1512.194278][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1512.199059][    C0]  </TASK>
[ 1512.202074][    C0] task:dhcpcd          state:R  running task     stack:25032 pid:5502  tgid:5502  ppid:1      task_flags:0x400140 flags:0x00004002
[ 1512.215571][    C0] Call Trace:
[ 1512.218858][    C0]  <TASK>
[ 1512.221799][    C0]  __schedule+0x16aa/0x4c90
[ 1512.226325][    C0]  ? __lock_acquire+0x9c0/0xd20
[ 1512.231455][    C0]  ? preempt_schedule_irq+0xb5/0x150
[ 1512.236739][    C0]  ? __pfx___schedule+0x10/0x10
[ 1512.241682][    C0]  ? preempt_schedule_irq+0xaa/0x150
[ 1512.247051][    C0]  preempt_schedule_irq+0xb5/0x150
[ 1512.252333][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1512.258082][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[ 1512.263898][    C0]  irqentry_exit+0x6f/0x90
[ 1512.268303][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1512.274264][    C0] RIP: 0010:deref_stack_reg+0x1a7/0x230
[ 1512.279881][    C0] Code: 46 49 8d 40 08 48 39 d8 0f 97 c1 4c 39 f0 0f 96 c0 20 c8 3c 01 75 30 4c 89 c7 49 89 f7 e8 11 08 00 00 49 89 c6 48 8b 5c 24 18 <48> 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 e3 3b ad 00
[ 1512.299766][    C0] RSP: 0018:ffffc90003637500 EFLAGS: 00000202
[ 1512.305915][    C0] RAX: 0000000000000286 RBX: ffffc90003637668 RCX: 0000000000000001
[ 1512.314148][    C0] RDX: ffffc90003637668 RSI: dffffc0000000000 RDI: ffffc90003637990
[ 1512.322132][    C0] RBP: 1ffff920006c6ec5 R08: ffffc90003637990 R09: 0000000000000000
[ 1512.330199][    C0] R10: ffffc90003637678 R11: fffff520006c6ed1 R12: 1ffff920006c6ec6
[ 1512.338369][    C0] R13: 1ffff920006c6ec7 R14: 0000000000000286 R15: dffffc0000000000
[ 1512.346360][    C0]  unwind_next_frame+0x17c4/0x2390
[ 1512.352171][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1512.357291][    C0]  ? __put_partials+0x161/0x1c0
[ 1512.362131][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1512.368278][    C0]  arch_stack_walk+0x11c/0x150
[ 1512.373053][    C0]  ? put_cpu_partial+0x17c/0x250
[ 1512.377977][    C0]  stack_trace_save+0x9c/0xe0
[ 1512.382727][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1512.388198][    C0]  save_stack+0xf7/0x1f0
[ 1512.392428][    C0]  ? __pfx_save_stack+0x10/0x10
[ 1512.397280][    C0]  ? __free_frozen_pages+0xc65/0xe60
[ 1512.402600][    C0]  ? __put_partials+0x161/0x1c0
[ 1512.407548][    C0]  ? page_ext_put+0x97/0xc0
[ 1512.412150][    C0]  __reset_page_owner+0x71/0x1f0
[ 1512.417091][    C0]  __free_frozen_pages+0xc65/0xe60
[ 1512.422198][    C0]  __put_partials+0x161/0x1c0
[ 1512.426869][    C0]  put_cpu_partial+0x17c/0x250
[ 1512.431617][    C0]  ? put_cpu_partial+0x6d/0x250
[ 1512.436474][    C0]  __slab_free+0x2f7/0x400
[ 1512.440892][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1512.446791][    C0]  ? __phys_addr+0xd3/0x180
[ 1512.451481][    C0]  qlist_free_all+0x97/0x140
[ 1512.456156][    C0]  kasan_quarantine_reduce+0x148/0x160
[ 1512.461636][    C0]  __kasan_kmalloc+0x22/0xb0
[ 1512.466234][    C0]  __kmalloc_noprof+0x27a/0x4f0
[ 1512.471181][    C0]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1512.477081][    C0]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1512.483075][    C0]  ? tomoyo_domain+0xda/0x130
[ 1512.487766][    C0]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1512.493491][    C0]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1512.498992][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1512.503773][    C0]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1512.509772][    C0]  ? __seccomp_filter+0x765/0x1a40
[ 1512.514886][    C0]  ? __pfx___seccomp_filter+0x10/0x10
[ 1512.520330][    C0]  security_file_ioctl+0xcb/0x2d0
[ 1512.525420][    C0]  __se_sys_ioctl+0x47/0x170
[ 1512.530102][    C0]  do_syscall_64+0xfa/0x3b0
[ 1512.534601][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1512.540834][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1512.546990][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1512.551673][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1512.557575][    C0] RIP: 0033:0x7f0b77a5e378
[ 1512.561987][    C0] RSP: 002b:00007fffeff2d958 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1512.570496][    C0] RAX: ffffffffffffffda RBX: 000055b4dcd8cc50 RCX: 00007f0b77a5e378
[ 1512.578472][    C0] RDX: 00007fffeff2d960 RSI: 0000000000008921 RDI: 000000000000000f
[ 1512.586465][    C0] RBP: 00007fffeff2d960 R08: 0000000000000000 R09: 0000000000000000
[ 1512.594513][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 000055b4dcd703f0
[ 1512.602571][    C0] R13: 000055b4dcd8cc50 R14: 000055b4dcd703f0 R15: 00007fffeff2dbb0
[ 1512.610589][    C0]  </TASK>
[ 1512.613600][    C0] task:syz-executor    state:R  running task     stack:21160 pid:17020 tgid:17020 ppid:16995  task_flags:0x400140 flags:0x00004002
[ 1512.627512][    C0] Call Trace:
[ 1512.630817][    C0]  <TASK>
[ 1512.633854][    C0]  __schedule+0x16aa/0x4c90
[ 1512.638476][    C0]  ? preempt_schedule_irq+0xb5/0x150
[ 1512.643867][    C0]  ? __pfx___schedule+0x10/0x10
[ 1512.648754][    C0]  ? is_bpf_text_address+0x292/0x2b0
[ 1512.654221][    C0]  ? preempt_schedule_irq+0xaa/0x150
[ 1512.659606][    C0]  preempt_schedule_irq+0xb5/0x150
[ 1512.664721][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1512.670505][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[ 1512.676561][    C0]  irqentry_exit+0x6f/0x90
[ 1512.680967][    C0]  asm_common_interrupt+0x26/0x40
[ 1512.685981][    C0] RIP: 0010:lock_acquire+0x175/0x360
[ 1512.691261][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 6b 55 fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[ 1512.711069][    C0] RSP: 0018:ffffc9001bc774d0 EFLAGS: 00000206
[ 1512.717317][    C0] RAX: 924872d5a5fe7800 RBX: 0000000000000000 RCX: 924872d5a5fe7800
[ 1512.725633][    C0] RDX: 0000000000000000 RSI: ffffffff8db6fcc6 RDI: ffffffff8be1ba40
[ 1512.733637][    C0] RBP: ffffffff82295c1e R08: 0000000000000000 R09: ffffffff82295c1e
[ 1512.741614][    C0] R10: 000000000000000e R11: ffffffff81acfd40 R12: 0000000000000002
[ 1512.749595][    C0] R13: ffffffff8e13f0e0 R14: 0000000000000000 R15: 0000000000000246
[ 1512.757669][    C0]  ? __update_page_owner_free_handle+0x2e/0x470
[ 1512.763906][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1512.770072][    C0]  ? __update_page_owner_free_handle+0x2e/0x470
[ 1512.776412][    C0]  ? __slab_free+0x326/0x400
[ 1512.781004][    C0]  ? qlist_free_all+0x97/0x140
[ 1512.785763][    C0]  ? kasan_quarantine_reduce+0x148/0x160
[ 1512.791410][    C0]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1512.797046][    C0]  ? vm_area_dup+0x2b/0x680
[ 1512.801639][    C0]  ? dup_mmap+0x90c/0x1ac0
[ 1512.806071][    C0]  ? copy_mm+0x13c/0x4b0
[ 1512.810456][    C0]  ? __update_page_owner_free_handle+0x2e/0x470
[ 1512.816702][    C0]  __update_page_owner_free_handle+0x4b/0x470
[ 1512.822773][    C0]  ? __update_page_owner_free_handle+0x2e/0x470
[ 1512.829019][    C0]  ? page_ext_put+0x97/0xc0
[ 1512.833512][    C0]  __reset_page_owner+0x85/0x1f0
[ 1512.838444][    C0]  __free_frozen_pages+0xc65/0xe60
[ 1512.843630][    C0]  __slab_free+0x326/0x400
[ 1512.848043][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1512.854377][    C0]  ? __phys_addr+0xd3/0x180
[ 1512.859041][    C0]  qlist_free_all+0x97/0x140
[ 1512.863712][    C0]  kasan_quarantine_reduce+0x148/0x160
[ 1512.869164][    C0]  __kasan_slab_alloc+0x22/0x80
[ 1512.874011][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1512.879540][    C0]  ? vm_area_dup+0x2b/0x680
[ 1512.884030][    C0]  vm_area_dup+0x2b/0x680
[ 1512.888388][    C0]  dup_mmap+0x90c/0x1ac0
[ 1512.892629][    C0]  ? __pfx_dup_mmap+0x10/0x10
[ 1512.897293][    C0]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 1512.903170][    C0]  ? mm_init+0xc68/0xec0
[ 1512.907488][    C0]  copy_mm+0x13c/0x4b0
[ 1512.911589][    C0]  ? copy_process+0x978/0x3b80
[ 1512.916351][    C0]  copy_process+0x16d3/0x3b80
[ 1512.921016][    C0]  ? copy_process+0x978/0x3b80
[ 1512.925944][    C0]  ? __pfx_copy_process+0x10/0x10
[ 1512.931041][    C0]  ? __handle_mm_fault+0x1144/0x5620
[ 1512.936325][    C0]  kernel_clone+0x224/0x7f0
[ 1512.940829][    C0]  ? __pfx_kernel_clone+0x10/0x10
[ 1512.945857][    C0]  __x64_sys_clone+0x18b/0x1e0
[ 1512.950605][    C0]  ? count_memcg_event_mm+0x21/0x260
[ 1512.955901][    C0]  ? __pfx___x64_sys_clone+0x10/0x10
[ 1512.961177][    C0]  ? do_user_addr_fault+0xc8a/0x1390
[ 1512.966543][    C0]  ? do_syscall_64+0xbe/0x3b0
[ 1512.971208][    C0]  do_syscall_64+0xfa/0x3b0
[ 1512.975701][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1512.980881][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1512.986930][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1512.991592][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1512.997493][    C0] RIP: 0033:0x7f6b5a585453
[ 1513.001889][    C0] RSP: 002b:00007fffd815bcc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1513.010285][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6b5a585453
[ 1513.018253][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1513.026395][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[ 1513.034361][    C0] R10: 000055557a62f7d0 R11: 0000000000000246 R12: 0000000000000000
[ 1513.042321][    C0] R13: 00000000000927c0 R14: 000000000014e600 R15: 00007fffd815be60
[ 1513.050284][    C0]  </TASK>
[ 1513.053289][    C0] task:kworker/u8:4    state:R  running task     stack:19672 pid:10379 tgid:10379 ppid:2      task_flags:0x24248060 flags:0x00004000
[ 1513.066919][    C0] Workqueue: writeback wb_workfn (flush-8:0)
[ 1513.072897][    C0] Call Trace:
[ 1513.076157][    C0]  <TASK>
[ 1513.079075][    C0]  __schedule+0x16aa/0x4c90
[ 1513.083573][    C0]  ? virtqueue_add+0x3202/0x4290
[ 1513.088524][    C0]  ? preempt_schedule_irq+0xb5/0x150
[ 1513.093802][    C0]  ? __pfx___schedule+0x10/0x10
[ 1513.098721][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1513.103990][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1513.109869][    C0]  ? preempt_schedule_irq+0xaa/0x150
[ 1513.115245][    C0]  preempt_schedule_irq+0xb5/0x150
[ 1513.120400][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1513.126108][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[ 1513.131910][    C0]  irqentry_exit+0x6f/0x90
[ 1513.136398][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1513.142385][    C0] RIP: 0010:lock_acquire+0x175/0x360
[ 1513.147754][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 6b 55 fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[ 1513.167526][    C0] RSP: 0018:ffffc9001bcee078 EFLAGS: 00000206
[ 1513.173585][    C0] RAX: fc145b65c0e27400 RBX: 0000000000000000 RCX: fc145b65c0e27400
[ 1513.181539][    C0] RDX: 0000000000000000 RSI: ffffffff8db6fcc6 RDI: ffffffff8be1ba40
[ 1513.189514][    C0] RBP: ffffffff8172aae5 R08: 0000000000000000 R09: ffffffff8172aae5
[ 1513.197471][    C0] R10: ffffc9001bcee298 R11: fffff5200379dc55 R12: 0000000000000002
[ 1513.205428][    C0] R13: ffffffff8e13f0e0 R14: 0000000000000000 R15: 0000000000000246
[ 1513.213415][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1513.218616][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1513.223730][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1513.228839][    C0]  ? arch_stack_walk+0xe4/0x150
[ 1513.233684][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1513.238782][    C0]  unwind_next_frame+0xc2/0x2390
[ 1513.243702][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1513.248883][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1513.254075][    C0]  ? __unwind_start+0xf8/0x760
[ 1513.258928][    C0]  __unwind_start+0x5b9/0x760
[ 1513.263679][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1513.269819][    C0]  arch_stack_walk+0xe4/0x150
[ 1513.274521][    C0]  ? arch_stack_walk+0xe4/0x150
[ 1513.279379][    C0]  stack_trace_save+0x9c/0xe0
[ 1513.284040][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1513.289395][    C0]  ? update_io_ticks+0x21f/0x260
[ 1513.294333][    C0]  ? __pfx_update_io_ticks+0x10/0x10
[ 1513.299703][    C0]  kasan_save_track+0x3e/0x80
[ 1513.304400][    C0]  __kasan_slab_alloc+0x6c/0x80
[ 1513.309233][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1513.314765][    C0]  ? mempool_alloc_noprof+0x1a4/0x510
[ 1513.320242][    C0]  ? __pfx_mempool_alloc_slab+0x10/0x10
[ 1513.326038][    C0]  mempool_alloc_noprof+0x1a4/0x510
[ 1513.331270][    C0]  ? submit_bio_noacct_nocheck+0x938/0xb50
[ 1513.337080][    C0]  ? __pfx_mempool_alloc_noprof+0x10/0x10
[ 1513.342820][    C0]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[ 1513.348981][    C0]  bio_alloc_bioset+0x241/0x1110
[ 1513.354023][    C0]  ext4_bio_write_folio+0x10d9/0x1f20
[ 1513.359634][    C0]  mpage_submit_folio+0x27d/0x3f0
[ 1513.364679][    C0]  mpage_process_page_bufs+0x6d1/0xa00
[ 1513.370143][    C0]  mpage_prepare_extent_to_map+0xe49/0x1760
[ 1513.376132][    C0]  ? __pfx_mpage_prepare_extent_to_map+0x10/0x10
[ 1513.382462][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1513.387302][    C0]  ? trace_kmem_cache_alloc+0x1f/0xc0
[ 1513.392654][    C0]  ? kmem_cache_alloc_noprof+0x21a/0x3c0
[ 1513.398267][    C0]  ? ext4_init_io_end+0x29/0x130
[ 1513.403209][    C0]  ext4_do_writepages+0xbf3/0x3f30
[ 1513.408376][    C0]  ? __pfx_blk_mq_submit_bio+0x10/0x10
[ 1513.413848][    C0]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 1513.419403][    C0]  ? filemap_get_folios_tag+0xed/0x630
[ 1513.424871][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1513.429837][    C0]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1513.435307][    C0]  ext4_writepages+0x205/0x350
[ 1513.440061][    C0]  ? __pfx_ext4_writepages+0x10/0x10
[ 1513.445331][    C0]  ? blkdev_writepages+0x10e/0x170
[ 1513.450437][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1513.455275][    C0]  ? __pfx_ext4_writepages+0x10/0x10
[ 1513.460572][    C0]  do_writepages+0x32b/0x550
[ 1513.465160][    C0]  ? reacquire_held_locks+0x127/0x1d0
[ 1513.470612][    C0]  ? writeback_sb_inodes+0x372/0x1000
[ 1513.475986][    C0]  __writeback_single_inode+0x145/0xff0
[ 1513.481537][    C0]  ? do_raw_spin_unlock+0x122/0x240
[ 1513.486755][    C0]  writeback_sb_inodes+0x6b5/0x1000
[ 1513.491956][    C0]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 1513.497777][    C0]  ? __pfx___up_read+0x10/0x10
[ 1513.502649][    C0]  __writeback_inodes_wb+0x111/0x240
[ 1513.507929][    C0]  wb_writeback+0x44f/0xaf0
[ 1513.512430][    C0]  ? queue_io+0x3d1/0x590
[ 1513.516747][    C0]  ? __pfx_wb_writeback+0x10/0x10
[ 1513.521943][    C0]  wb_workfn+0xaef/0xef0
[ 1513.526453][    C0]  ? __pfx_wb_workfn+0x10/0x10
[ 1513.531236][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1513.536093][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[ 1513.541810][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1513.547000][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[ 1513.552722][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[ 1513.558450][    C0]  process_scheduled_works+0xade/0x17b0
[ 1513.564094][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1513.570068][    C0]  worker_thread+0x8a0/0xda0
[ 1513.574652][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1513.581081][    C0]  ? __kthread_parkme+0x7b/0x200
[ 1513.586020][    C0]  kthread+0x70e/0x8a0
[ 1513.590358][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1513.595483][    C0]  ? __pfx_kthread+0x10/0x10
[ 1513.600072][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1513.605288][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1513.610502][    C0]  ? __pfx_kthread+0x10/0x10
[ 1513.615456][    C0]  ret_from_fork+0x3fc/0x770
[ 1513.620039][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1513.625139][    C0]  ? __switch_to_asm+0x39/0x70
[ 1513.630281][    C0]  ? __switch_to_asm+0x33/0x70
[ 1513.635040][    C0]  ? __pfx_kthread+0x10/0x10
[ 1513.639620][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1513.644378][    C0]  </TASK>
[ 1513.647378][    C0] rcu: rcu_preempt kthread starved for 10544 jiffies! g89765 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1513.658551][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1513.668508][    C0] rcu: RCU grace-period kthread stack dump:
[ 1513.674378][    C0] task:rcu_preempt     state:R  running task     stack:27128 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[ 1513.687947][    C0] Call Trace:
[ 1513.691231][    C0]  <TASK>
[ 1513.694150][    C0]  __schedule+0x16aa/0x4c90
[ 1513.698674][    C0]  ? schedule+0x165/0x360
[ 1513.702987][    C0]  ? __pfx___schedule+0x10/0x10
[ 1513.707840][    C0]  ? schedule+0x91/0x360
[ 1513.712124][    C0]  schedule+0x165/0x360
[ 1513.716280][    C0]  schedule_timeout+0x12b/0x270
[ 1513.721131][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 1513.726490][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1513.732385][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 1513.737674][    C0]  ? prepare_to_swait_event+0x341/0x380
[ 1513.743216][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[ 1513.748053][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[ 1513.754291][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1513.759567][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1513.764933][    C0]  rcu_gp_kthread+0x99/0x390
[ 1513.769618][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1513.774799][    C0]  ? __kthread_parkme+0x7b/0x200
[ 1513.779732][    C0]  ? __kthread_parkme+0x1a1/0x200
[ 1513.785022][    C0]  kthread+0x70e/0x8a0
[ 1513.789088][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1513.794566][    C0]  ? __pfx_kthread+0x10/0x10
[ 1513.799169][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1513.804347][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1513.809534][    C0]  ? __pfx_kthread+0x10/0x10
[ 1513.814110][    C0]  ret_from_fork+0x3fc/0x770
[ 1513.818700][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1513.823884][    C0]  ? __switch_to_asm+0x39/0x70
[ 1513.828638][    C0]  ? __switch_to_asm+0x33/0x70
[ 1513.833395][    C0]  ? __pfx_kthread+0x10/0x10
[ 1513.837973][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1513.842777][    C0]  </TASK>
[ 1513.845806][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1513.852221][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1513.857457][    C1] NMI backtrace for cpu 1
[ 1513.857474][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1513.857494][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1513.857506][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1513.857529][    C1] Code: 53 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 ad 21 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1513.857545][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c2
[ 1513.857561][    C1] RAX: d640f7c6a1819200 RBX: ffffffff81976918 RCX: d640f7c6a1819200
[ 1513.857575][    C1] RDX: 0000000000000001 RSI: ffffffff8d982fba RDI: ffffffff8be1ba40
[ 1513.857588][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb
[ 1513.857602][    C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa0b3f0
[ 1513.857616][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a57b40
[ 1513.857627][    C1] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[ 1513.857642][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1513.857654][    C1] CR2: 0000200000021030 CR3: 000000005378e000 CR4: 00000000003526f0
[ 1513.857670][    C1] Call Trace:
[ 1513.857680][    C1]  <TASK>
[ 1513.857687][    C1]  default_idle+0x13/0x20
[ 1513.857708][    C1]  default_idle_call+0x74/0xb0
[ 1513.857729][    C1]  do_idle+0x1e8/0x510
[ 1513.857751][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1513.857768][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1513.857793][    C1]  cpu_startup_entry+0x44/0x60
[ 1513.857812][    C1]  start_secondary+0x101/0x110
[ 1513.857835][    C1]  common_startup_64+0x13e/0x147
[ 1513.857864][    C1]  </TASK>
[ 1514.043555][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1514.049920][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1514.167273][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1514.212444][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1514.682690][   T31] INFO: task syz.5.3543:19345 blocked for more than 143 seconds.
[ 1514.690478][   T31]       Not tainted 6.16.0-syzkaller #0
[ 1516.752484][T17950] Bluetooth: hci1: command 0x0406 tx timeout
[ 1516.822426][   T31]       Blocked by coredump.
[ 1516.827074][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1516.992524][   T31] task:syz.5.3543      state:D stack:23560 pid:19345 tgid:19335 ppid:16274  task_flags:0x400448 flags:0x00024006
[ 1518.572396][   T31] Call Trace:
[ 1518.575734][   T31]  <TASK>
[ 1518.578698][   T31]  __schedule+0x16aa/0x4c90
[ 1519.032508][   T31]  ? schedule+0x165/0x360
[ 1519.036980][   T31]  ? __pfx___schedule+0x10/0x10
[ 1519.042066][   T31]  ? schedule+0x91/0x360
[ 1519.682386][   T31]  schedule+0x165/0x360
[ 1519.686711][   T31]  schedule_timeout+0x9a/0x270
[ 1519.691537][   T31]  ? __pfx_schedule_timeout+0x10/0x10