last executing test programs:

1m21.915808958s ago: executing program 1 (id=227):
r0 = syz_usb_connect(0x0, 0x4b, &(0x7f0000000040)=ANY=[@ANYBLOB="120100003f9aab106d04f0080d50010203010902390001000016470904"], 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
r2 = epoll_create1(0x0)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x8}}, 0x6}, 0x1c)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r5 = socket(0xa, 0x1, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r6, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c)
listen(r6, 0x8)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, 0x0, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, 0x0, 0x0)
r7 = fcntl$dupfd(r4, 0x0, r4)
shutdown(r7, 0x1)
r8 = dup3(r7, r5, 0x80000)
recvmmsg(r8, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000180)=""/52, 0x34}, {&(0x7f00000005c0)=""/25, 0x19}, {0x0}, {&(0x7f0000000840)=""/2, 0x2}], 0x4, &(0x7f0000000900)=""/208, 0xd0}, 0x2}], 0x1, 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000780)={0x10000000})
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a", 0x10)
ioctl$SNDCTL_DSP_GETIPTR(r3, 0x800c5011, &(0x7f0000000000))
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='hpfs\x00', 0x0, 0x0)

1m18.799740511s ago: executing program 1 (id=241):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d000018000000000000000000000005000600002000000a00004000000000fc010000000000000000000000000000000000000000000005000500000000000a000000000000000000000000000000000000000000000000000000000000000200120002000200000000000000000006003200000000000000000000000000fe880000000000000000000000000001ac141432000000000000000000000000040003"], 0xc0}}, 0x8000)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x208080, 0x0)

1m18.614550888s ago: executing program 1 (id=242):
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000000)=[{&(0x7f00000015c0)="580000001400192340834b80040d8c560a0677bc45ff810500000300000058000b480400945f6402ff07000028925a01000000000000008000f0fffeffe809000000fff5dd00e1661000010002081000418e00000004fcff", 0x58}], 0x1)

1m18.503353806s ago: executing program 1 (id=245):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r0, &(0x7f0000002080)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f38336e030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8049bff005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b2f38f0106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f330000000000000003d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9870af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xa75}}, 0x1006)

1m18.323837929s ago: executing program 1 (id=248):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x44, 0x0, &(0x7f0000000440)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x1600, 0x1800, 0x15, 0x0, 0x0}}], 0x0, 0x0, 0x0})

1m18.21027619s ago: executing program 1 (id=250):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x80421, 0x0)
r0 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x98, &(0x7f0000000400)={0x0, 0x8000, 0x10}})
r1 = syz_usb_connect(0x5, 0x3f, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r3, &(0x7f0000000380)={0x2a, 0xffffffff00000002, 0x7ffe}, 0xc)
getpeername$qrtr(r3, 0x0, &(0x7f0000000080))
sendto$inet6(r2, &(0x7f0000000300), 0x5dc, 0x3b00, 0x0, 0xfffffffffffffdfd)
syz_usb_control_io(r1, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf411119ed8bebbb9, 0x20011, r4, 0x658e000)
socket$unix(0x1, 0x1, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
timer_create(0x4, &(0x7f0000000080)={0x0, 0x38, 0x4}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r5=>0x0)
timer_settime(r5, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
timer_gettime(r5, &(0x7f0000000000))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

1m5.630612636s ago: executing program 2 (id=388):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="1400000010000100000000000000001c0500000a28000000000a0300000000681f334a000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)

1m5.46020269s ago: executing program 2 (id=393):
r0 = syz_open_dev$mouse(&(0x7f0000000240), 0x4, 0x20100)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000280))
creat(&(0x7f0000001380)='./file0\x00', 0x4)
syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_open_dev$evdev(&(0x7f00000000c0), 0x1000, 0x2000)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f00000001c0)={0xc, 0x8, 0xfa00, {0x0}}, 0x10)
mount$binder(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140), 0x24040, &(0x7f0000000180)=ANY=[@ANYBLOB="6d61783d30303030302c6d61783d30303030303030303030303030303030303030322c6d61783d30303030303030303030303030000030303030302c66736e616d653d7375626a5f757365722c6f626a5f747970653d2f6465762f72666b696c6c002c7375626a5faf6465762fdbbc7229bc5a2c00"/132])
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x31a5098, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
write$rfkill(r2, &(0x7f0000000080)={0xbc, 0x2, 0x4}, 0x8)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x1, 0x0)

1m5.26785438s ago: executing program 2 (id=397):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000001fc0)={0x4bc, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xffffffff}, @NL80211_ATTR_FRAME={0x3f7, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_a, @broadcast, @from_mac, {0x9}, @value=@ver_80211n={0x0, 0x6, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x1}}, 0x1012, 0x7, @device_a, {0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x2, [{0x12}, {0xc}]}, @val={0x2d, 0x1a, {0x300, 0x0, 0x0, 0x0, {0x10001, 0x3, 0x0, 0x259, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x8, 0x800, 0x3}}, [{0xdd, 0x13, "c0178b979ea0907e64f86dc8c879099b75bee1"}, {0xdd, 0x9a, "88d9b8d5c21239e0b21953bdfe843cd036b2d09fe760cde293125a05811e5b983addd14710acc51caeb0966ed41097077157afaf9385d1fe3303b163b88cafe118d234b5ff37c231ced120ba0f36522819481494b0f3cccd1a7c0f5e9292c5b98f08405436b43d1943b75befd8cf732371b66eaf5e2a8de5445ba39c8eb372bd7866e58eefb8d4713523cedb1d4b873b43e603f3fa21c30edb99"}, {0xdd, 0x9f, "d5a4d8297fbb8c8028ba2426756193db09436af3f391e9f8fb57810d3b71d9ae99301a8de0d3e711b4427a346d4a60ffcf7cb078cdbe2b2f2b685075b465f009a64dc2314feb46d32d6297160bb4c33660855abac6a3f721001d14f2ebe8cb924c0324bce143b348195b390aaacc68ba9f94e18aea4eddc69af2cac48020347429fe058daf5ff505cdae3d25fd9ef4fbd934a34be741d9c3499e5176116e20"}, {0xdd, 0x94, "e40d9b7894cdaf3963247290e8bc27036e97a326d1167f1edca6c27def93331b627994b9cc997bdbbaab5eb4a0d8dd5d0f465717b4949e8e5ae7abb2322969cd470445bd60b3c6f1777295fff0f928c58f0b2f4ad7a02597cc2fc309ca27787e1300158ff2cf258c7b685400a6508c28762f3d783bcf1a8c50a1ddc108c56b7edcf8b6d20938bb8fd59c22f0557470c10b543ac3"}, {0xdd, 0xd5, "2c3a0de19d84258be5670c8b009a46515ee3b108a03f155dd97b1790ff57c2f1803b26cc9e776ad948f39111b449a685f6808c988471f98cb87ebf5c177eabc67a48c63b39de322fbb397e9191661ddc4b90c164f6535f86ecf858a1d4e09dd1585b87428463251a153629f9b8834b0f881fc6a34af1feccc60fa3ee6266645588f238e684c9c86f41562c962862a24d31ee7b8e234bd127467668fab21465d359ad01bc0b7abc878ef37e1b68afbb05f53d0a7a3084305c6d7faabdd16c41cc98262d71cdc121c8fae5491a669cffba6dab60dfb7"}, {0xdd, 0x6a, "f48e7192a754ab5f2dcdd09e083dbf93438466070cec5f40d1fbff00074eee0ac62178866a45c6b02174638bdbc4c7aa9390e672864aec7b4c2f2e0703619300256db29560a5736fd0196f32315a643cd23b0ef29943c1b6e512251ec8f5f97714b9cd3fabe4633465c9"}, {0xdd, 0x78, "c7eb2efa02debe2c942e23933974f567a22ea8e4212a8738de284f2c37d6959159eb7691a0bb8e01593b5798fc53a843a2781805fe02bb45bba707f1ccd30fbda62a097693785d8ef747ef40d7cfff8177948def618aa0c026672ffc91e4805cd289f724e46a63d4e7b7b1bb9a86c505a9cc3398fd1363c5"}]}}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xef}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1725}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xbb0}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1000}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xd48}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1478}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x153}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x28e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2e0}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x4bc}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@canfd={{0x1, 0x1}, 0x39, 0x0, 0x0, 0x0, "3992ca995e968b0b065f7922b761528f0199602d1e09faf0c0f1c2db040f957a34b2aa413157e3ec06fdcf6128269e6763e9c19b00d4eb026a6375a22b930a64"}, 0x48}, 0x1, 0x0, 0x0, 0x8490}, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0adff010000000000000dd6e4edef3d93452a09004b43370e9703890723f97e46bb5c0754", 0xd6}], 0x1}, 0x20004804)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

1m5.227165968s ago: executing program 2 (id=398):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000001fc0)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@canfd={{0x1, 0x1}, 0x39, 0x0, 0x0, 0x0, "3992ca995e968b0b065f7922b761528f0199602d1e09faf0c0f1c2db040f957a34b2aa413157e3ec06fdcf6128269e6763e9c19b00d4eb026a6375a22b930a64"}, 0x48}, 0x1, 0x0, 0x0, 0x8490}, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0adff010000000000000dd6e4edef3d93452a09004b43370e9703890723f97e46bb5c0754", 0xd6}], 0x1}, 0x20004804)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0x204}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

1m5.112159631s ago: executing program 2 (id=400):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000026c0), r0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000002700)={<r2=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000002800)={0x0, 0x0, &(0x7f00000027c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c0000e4", @ANYRES16=r1, @ANYBLOB="010025bd700002dcdf2501000000100007800c00018008000100", @ANYRES32=r2, @ANYBLOB="0c00020001000000010001000c00050026"], 0x3c}, 0x1, 0x0, 0x0, 0x24040001}, 0x0)

1m5.09768901s ago: executing program 2 (id=401):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x62800)
r2 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
r3 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x81044804, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
r6 = dup3(r1, r1, 0x80000)
sendto$inet(r6, &(0x7f0000000380)="993339d46320d854351c620cf93c37b31d47734f2945d5f02db6b4f3940807349fd31f4b65e59b3021cae488d871d2cb2415a878c9d6b17ad21d030d2998c1f502a6dc20a6077f0cfb69643eaf49ebd9448981af85849f71d89255fb69a71ab6c640aec3ea706761e7482a2f4e150f97033b5d7a38e92d52c915c76dc45b01cc2ae08dd0dc4abf40c3d71f76caa61b5fc1dd0d4c9d", 0x95, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @broadcast}, 0x10)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="14008e8a", @ANYRES16=r5, @ANYBLOB="01002bbd70000800000002000000"], 0x14}}, 0x20000084)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5, 0x12, r1, 0x0)
r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x10080)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r7, 0xc0045516, &(0x7f00000000c0))
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff})
fstat(r8, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setreuid(0x0, r9)
r10 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000000240)={0x0, <r11=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r11)
setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0)

1m3.172670748s ago: executing program 32 (id=250):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x80421, 0x0)
r0 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x98, &(0x7f0000000400)={0x0, 0x8000, 0x10}})
r1 = syz_usb_connect(0x5, 0x3f, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r3, &(0x7f0000000380)={0x2a, 0xffffffff00000002, 0x7ffe}, 0xc)
getpeername$qrtr(r3, 0x0, &(0x7f0000000080))
sendto$inet6(r2, &(0x7f0000000300), 0x5dc, 0x3b00, 0x0, 0xfffffffffffffdfd)
syz_usb_control_io(r1, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf411119ed8bebbb9, 0x20011, r4, 0x658e000)
socket$unix(0x1, 0x1, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
timer_create(0x4, &(0x7f0000000080)={0x0, 0x38, 0x4}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r5=>0x0)
timer_settime(r5, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
timer_gettime(r5, &(0x7f0000000000))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

53.823837843s ago: executing program 4 (id=479):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003e80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b040000000000000002020000004000048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000e08000340000000040900010073797a30000000000900020073797a320000000070000000050a010300000000000000000200000008000b4000000002090001"], 0x3518}}, 0x0)

53.685228511s ago: executing program 4 (id=481):
pipe2$9p(&(0x7f0000000000), 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r3, &(0x7f0000001f00)={@val={0x8, 0x800}, @val={0x6, 0x0, 0x6, 0x0, 0x14}, @ipv4=@gre={{0x8, 0x4, 0x0, 0x0, 0x64, 0x64, 0x0, 0x80, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0xd}, {[@generic={0x83, 0x7, "884353a933"}, @ssrr={0x89, 0x3, 0x77}]}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}, {0x8, 0x88be, 0x0, {{0x7, 0x1, 0x6, 0x1, 0x1, 0x3, 0x3, 0x81}, 0x1, {0x7}}}, {0x8, 0x22eb, 0x1, {{0x4, 0x2, 0xb, 0x0, 0x0, 0x1, 0x5, 0x3}, 0x2, {0x8, 0x2, 0x1, 0x1e, 0x0, 0x1, 0x0, 0x1}}}}}}, 0x72)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_4ADDR={0x5}]}, 0x24}}, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000080)={{{@in6=@local, @in=@local}}, {{@in6=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000000180)=0xe8)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x101802, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x17, 0x7, 0x6, 0xfffa}, 0x1b, [0x1, 0xc95a, 0xffffffef, 0x9, 0x5, 0x2, 0x8, 0x7f, 0x40006, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff02, 0x6, 0x3, 0x0, 0x5, 0x4, 0x7, 0x804, 0x3c5b, 0x1, 0x24, 0x4000009, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x1, 0x71, 0x2, 0x6, 0x7, 0x2, 0x5, 0x40, 0x8f, 0x6, 0x6, 0x0, 0x92a3, 0x4, 0x1, 0x0, 0x80, 0x4, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000004, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x1000, 0xfffffffc, 0x3, 0x0, 0x7, 0x5, 0x2f, 0x10, 0x312, 0x78, 0xea4, 0x0, 0x40, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0x6, 0x1, 0xff, 0x5, 0x5, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7, 0x8000, 0x1, 0xfe000000, 0x9, 0x2, 0x7f, 0x9, 0x3, 0x3, 0x5, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x23ff02a1, 0x2], [0xf, 0x6, 0x0, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x5, 0x3, 0x4, 0x1, 0x8, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x404f47, 0x8, 0x4, 0x8001, 0x6, 0x38, 0x800003, 0x200, 0x81, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0xb, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x10002, 0x3, 0x7ff, 0xfffffff9, 0x0, 0xfffffffd, 0xffff, 0x0, 0x6, 0x1c, 0x3, 0x3, 0x6, 0xaaed, 0x4, 0x25], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x3d9, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x2, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x8, 0x7fff, 0xffff, 0x2, 0x2, 0x5, 0x9, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000003, 0x5, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0xb, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x2, 0x80000001, 0x1, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYRES16, @ANYBLOB="01000000000000000000030000005800018044000400200001"], 0x6c}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="a400000054000100000000000000800007"], 0xa4}], 0x1, 0x0, 0x0, 0x4000001}, 0x0)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r0)
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x3c, r7, 0x400, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x4}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0xec}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x2)
writev(r5, &(0x7f0000000300)=[{&(0x7f0000000680)="580000004b8004023655fdbaded39d65000b4824ca940417a3cd3639e431e8e2125f6c00940f6a0325010ebc0000000000000080001328baf0fffeffe809005300fff5dd02000000000000000c10003d5bcf6916b4114b32793792c395da89991a8be619c7ce1ecf8b6e3501aeb67cdb99f356f9518492cbf6d88e98f0df275f9f6dd0e185ac9b0b8902c883e0b63cf78a6f36b97cab227f62b6d35dcd058a8957d1bbf401e51d4302cbc17c3201e7b12fa4daac244b96d402183b429bbe400236cd1f8d50f2568ac466a6d40024f87588cbe7808c481b157f18acb07cee62b1d238ba704435ee1c055697eb1ee0e2cfa36d2efbf1ac9fa85fe4", 0xfdae}], 0x1)

53.473319984s ago: executing program 4 (id=484):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000001fc0)={0x434, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xffffffff}, @NL80211_ATTR_FRAME={0x36d, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_a, @broadcast, @from_mac, {0x9}, @value=@ver_80211n={0x0, 0x6, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x1}}, 0x1012, 0x7, @device_a, {0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x2, [{0x12}, {0xc}]}, @val={0x2d, 0x1a, {0x300, 0x0, 0x0, 0x0, {0x10001, 0x3, 0x0, 0x259, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x8, 0x800, 0x3}}, [{0xdd, 0x13, "c0178b979ea0907e64f86dc8c879099b75bee1"}, {0xdd, 0x6, "88d9b8d5c212"}, {0xdd, 0xa9, "d5a4d8297fbb8c8028ba2426756193db09436af3f391e9f8fb57810d3b71d9ae99301a8de0d3e711b4427a346d4a60ffcf7cb078cdbe2b2f2b685075b465f009a64dc2314feb46d32d6297160bb4c33660855abac6a3f721001d14f2ebe8cb924c0324bce143b348195b390aaacc68ba9f94e18aea4eddc69af2cac48020347429fe058daf5ff505cdae3d25fd9ef4fbd934a34be741d9c3499e5176116e20e5aa7f09bace36812885"}, {0xdd, 0x94, "e40d9b7894cdaf3963247290e8bc27036e97a326d1167f1edca6c27def93331b627994b9cc997bdbbaab5eb4a0d8dd5d0f465717b4949e8e5ae7abb2322969cd470445bd60b3c6f1777295fff0f928c58f0b2f4ad7a02597cc2fc309ca27787e1300158ff2cf258c7b685400a6508c28762f3d783bcf1a8c50a1ddc108c56b7edcf8b6d20938bb8fd59c22f0557470c10b543ac3"}, {0xdd, 0xd5, "2c3a0de19d84258be5670c8b009a46515ee3b108a03f155dd97b1790ff57c2f1803b26cc9e776ad948f39111b449a685f6808c988471f98cb87ebf5c177eabc67a48c63b39de322fbb397e9191661ddc4b90c164f6535f86ecf858a1d4e09dd1585b87428463251a153629f9b8834b0f881fc6a34af1feccc60fa3ee6266645588f238e684c9c86f41562c962862a24d31ee7b8e234bd127467668fab21465d359ad01bc0b7abc878ef37e1b68afbb05f53d0a7a3084305c6d7faabdd16c41cc98262d71cdc121c8fae5491a669cffba6dab60dfb7"}, {0xdd, 0x6a, "f48e7192a754ab5f2dcdd09e083dbf93438466070cec5f40d1fbff00074eee0ac62178866a45c6b02174638bdbc4c7aa9390e672864aec7b4c2f2e0703619300256db29560a5736fd0196f32315a643cd23b0ef29943c1b6e512251ec8f5f97714b9cd3fabe4633465c9"}, {0xdd, 0x78, "c7eb2efa02debe2c942e23933974f567a22ea8e4212a8738de284f2c37d6959159eb7691a0bb8e01593b5798fc53a843a2781805fe02bb45bba707f1ccd30fbda62a097693785d8ef747ef40d7cfff8177948def618aa0c026672ffc91e4805cd289f724e46a63d4e7b7b1bb9a86c505a9cc3398fd1363c5"}]}}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xef}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1725}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xbb0}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1000}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xd48}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1478}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x153}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x28e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2e0}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x434}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@canfd={{0x1, 0x1}, 0x39, 0x0, 0x0, 0x0, "3992ca995e968b0b065f7922b761528f0199602d1e09faf0c0f1c2db040f957a34b2aa413157e3ec06fdcf6128269e6763e9c19b00d4eb026a6375a22b930a64"}, 0x48}, 0x1, 0x0, 0x0, 0x8490}, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0adff010000000000000dd6e4edef3d93452a09004b43370e9703890723f97e46bb5c0754", 0xd6}], 0x1}, 0x20004804)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

53.472753543s ago: executing program 4 (id=485):
socketpair(0x18, 0x1, 0x8, &(0x7f0000000080))
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x208002, 0x0)

53.372160613s ago: executing program 4 (id=486):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r0, &(0x7f0000002080)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f38336e030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040030005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b2f38f0106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f330000000000000003d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9870af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xa75}}, 0x1006)

53.358670273s ago: executing program 4 (id=487):
ioprio_set$pid(0x1, 0x0, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002fc0), 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, 0x0, 0x810)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x42000) (async)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x42000)
r2 = socket$kcm(0x2, 0x200000000000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x806, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100a, 0x8000800000002})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000640)={@fda={0x66646185, 0x7, 0x1, 0x29}, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x1, &(0x7f0000000540)=""/244, 0xf4, 0x0, 0x15}}, &(0x7f0000000300)={0x0, 0x20, 0x38}}, 0x440}], 0x0, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x10000000000) (async)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000180)={0xc, 0x0, &(0x7f0000000740)=[@dead_binder_done], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000180)={0xc, 0x0, &(0x7f0000000740)=[@dead_binder_done], 0x0, 0x0, 0x0})
r9 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r9, 0x851, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000500)=ANY=[@ANYBLOB="7fdf5521", @ANYRES16=r4, @ANYBLOB="210f00000000000000002000000008000300", @ANYRESHEX=r10, @ANYRES16], 0x1c}}, 0x44000)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r3)
ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0x6)
socket$inet(0x2, 0x4000000000000001, 0x0) (async)
socket$inet(0x2, 0x4000000000000001, 0x0)

49.747806719s ago: executing program 33 (id=401):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x62800)
r2 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
r3 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x81044804, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
r6 = dup3(r1, r1, 0x80000)
sendto$inet(r6, &(0x7f0000000380)="993339d46320d854351c620cf93c37b31d47734f2945d5f02db6b4f3940807349fd31f4b65e59b3021cae488d871d2cb2415a878c9d6b17ad21d030d2998c1f502a6dc20a6077f0cfb69643eaf49ebd9448981af85849f71d89255fb69a71ab6c640aec3ea706761e7482a2f4e150f97033b5d7a38e92d52c915c76dc45b01cc2ae08dd0dc4abf40c3d71f76caa61b5fc1dd0d4c9d", 0x95, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @broadcast}, 0x10)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="14008e8a", @ANYRES16=r5, @ANYBLOB="01002bbd70000800000002000000"], 0x14}}, 0x20000084)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5, 0x12, r1, 0x0)
r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x10080)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r7, 0xc0045516, &(0x7f00000000c0))
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff})
fstat(r8, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setreuid(0x0, r9)
r10 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000000240)={0x0, <r11=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r11)
setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0)

38.639187362s ago: executing program 5 (id=604):
syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x200)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket(0x10, 0x2, 0x0)
pipe(&(0x7f0000000080))
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16, @ANYBLOB="010026bd7000fcdbdf2515000000080003", @ANYRES32], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$l2tp6(0xa, 0x2, 0x73)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$igmp(0x2, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0xb)
socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000080))
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$pppoe(0x18, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400006008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x840)

38.622752174s ago: executing program 5 (id=605):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42"], 0x120}}, 0x0) (async)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) (async)
sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYRES32=r0], 0x38}}, 0x20004000)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0), 0x480001, 0x0)
epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x400, &(0x7f0000000240)={[0x3]}, 0x8) (async)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0)
mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x8) (async)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0))
read$dsp(r2, &(0x7f0000000300)=""/79, 0x4f) (async)
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}, 0x1})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3) (async)
ptrace$setregset(0x4205, r3, 0x202, &(0x7f0000000000)={0x0})
sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) (async)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r4, 0x5708e000)

38.436069021s ago: executing program 5 (id=607):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
io_setup(0x0, &(0x7f0000000340))
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xbe)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000100))
close(0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0)

38.184277744s ago: executing program 34 (id=487):
ioprio_set$pid(0x1, 0x0, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002fc0), 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, 0x0, 0x810)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x42000) (async)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x42000)
r2 = socket$kcm(0x2, 0x200000000000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x806, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100a, 0x8000800000002})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000640)={@fda={0x66646185, 0x7, 0x1, 0x29}, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x1, &(0x7f0000000540)=""/244, 0xf4, 0x0, 0x15}}, &(0x7f0000000300)={0x0, 0x20, 0x38}}, 0x440}], 0x0, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x10000000000) (async)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000180)={0xc, 0x0, &(0x7f0000000740)=[@dead_binder_done], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000180)={0xc, 0x0, &(0x7f0000000740)=[@dead_binder_done], 0x0, 0x0, 0x0})
r9 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r9, 0x851, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000500)=ANY=[@ANYBLOB="7fdf5521", @ANYRES16=r4, @ANYBLOB="210f00000000000000002000000008000300", @ANYRESHEX=r10, @ANYRES16], 0x1c}}, 0x44000)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r3)
ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0x6)
socket$inet(0x2, 0x4000000000000001, 0x0) (async)
socket$inet(0x2, 0x4000000000000001, 0x0)

37.519255133s ago: executing program 5 (id=611):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async)
r1 = socket(0x2, 0x80805, 0x0) (async, rerun: 32)
r2 = creat(&(0x7f0000000080)='.\x00', 0x1) (rerun: 32)
setsockopt$pppl2tp_PPPOL2TP_SO_SENDSEQ(r2, 0x111, 0x3, 0x1, 0x4) (async)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000440)=[@in={0x2, 0x4e22, @private=0xa010101}]}, &(0x7f00000003c0)=0x10)
getsockopt$TIPC_NODE_RECVQ_DEPTH(r1, 0x10f, 0x83, &(0x7f0000000000), &(0x7f0000000040)=0x4)
fadvise64(r0, 0x7, 0x1ff, 0x1)
sendfile(r0, r0, &(0x7f0000001000)=0x7fffffff, 0x7ffff000)

36.519384569s ago: executing program 5 (id=617):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d214"], 0x68}, 0x1, 0x0, 0x0, 0x4006000}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000040a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x4c850)

36.428442925s ago: executing program 5 (id=618):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
sendto$x25(r0, 0x0, 0x0, 0x40, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x8800, 0x0)
read(r1, &(0x7f0000000280)=""/4096, 0x1000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
unshare(0x22020600)
ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @ioapic={0x2, 0xffffffff, 0x101, 0x5, 0x0, [{0xd, 0x9, 0x6, '\x00', 0x1}, {0x6, 0x2, 0x26, '\x00', 0xfc}, {0x2, 0xef, 0xd, '\x00', 0xee}, {0xfb, 0x7, 0xd}, {0x13, 0x9, 0x2, '\x00', 0x62}, {0x0, 0x3, 0x2, '\x00', 0xd3}, {0xf, 0x0, 0x8, '\x00', 0x4}, {0x9, 0xdb, 0x1}, {0x81, 0x23, 0x5, '\x00', 0x2}, {0xde, 0x20, 0x3}, {0x40, 0x4, 0x10, '\x00', 0x1}, {0xf5, 0x5, 0x4, '\x00', 0xb5}, {0x7, 0x3, 0x2b, '\x00', 0x6}, {0x4, 0x0, 0x0, '\x00', 0xe9}, {0x10, 0x39, 0x40, '\x00', 0xcf}, {0x6c, 0x3f, 0x0, '\x00', 0x72}, {0x6e, 0x4, 0x4, '\x00', 0xe}, {0x7, 0x2, 0x8, '\x00', 0x7}, {0xf, 0x7, 0x5, '\x00', 0x8}, {0x1, 0x6, 0x29}, {0x4, 0x6, 0xff, '\x00', 0x49}, {0xee, 0x2, 0x91, '\x00', 0xba}, {0x2, 0x8, 0x2, '\x00', 0xc3}, {0x8, 0x9, 0x54, '\x00', 0x9}]}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
r6 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x0)
ioctl$BLKTRACESETUP(r6, 0x1263, 0x0)
sendmsg$key(r5, &(0x7f0000000000)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x2, 0x4, 0x0, 0x9, 0x7, 0x0, 0x0, 0x25dfdbfe, [@sadb_address={0x5, 0x5, 0x3c, 0xa0, 0x0, @in6={0xa, 0x4e23, 0x2, @remote}}]}, 0x38}, 0x1, 0x7}, 0x0)
personality(0x5400004)
r7 = add_key(&(0x7f0000000140)='.dead\x00', &(0x7f0000001280)={'syz', 0x1}, &(0x7f00000012c0)="c1e5c8403dda957c6c2699a6506359cd75b49d79da646f08547ff070207e861715c3efdc681bbd198da0c93eb983d2ce82b9c0a4cd9d1602c1176e33f764ca418dcf99ee8751fa48d111fa52a5cfebb9c74c2413557d5bb424fc0b437a5011ee29d2dcb6930089ca", 0x68, 0x0)
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f00000001c0)={0x0, "5c91c2f62dce1d2d756c66ea99302b896c191ed83c1cb0d30d723246b753c51fdbb3010b714a03ff3909d102eb56032d87c057a7df35fcc82ea056915f1dff92", 0x13}, 0x48, r7)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
r8 = socket$kcm(0x2d, 0x2, 0x0)
r9 = socket$nl_audit(0x10, 0x3, 0x9)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
sendmsg$AUDIT_ADD_RULE(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000001340)=ANY=[@ANYBLOB="20040000f30304002cbd7000fcdbdf2501000000020000002c000000030000007f00000001000000080000000000000000040000020000000100000001000000020000000000000004000000c5000000080000006c040000070000006d96cc78000000c005000000050000000c0000000000000004000000018000000000000009000000010000800b00000004000000000000000400000005000000630000000e00000004000000030000000200000046000000070000207d050000040000000c0000000100000001800000810000000e8e000017fd00004cb3000009000000ad000000c700000000000000020000000180000006000000ff7f00000600000004000000fdffffff01000000080000000800000004000000010000000700000000000000ff00000007000000350000000800000041570000080000000300000004000000010000007d00000000000003010000000400000000000080010000000000000001000000b4000000fdffffff01000080000000000100000000000020000000009f000000020000000a0000003d0000000300000003000000e40000000008000003ff000000000000070000000e000000070000001a0000000300000005000000800000008000000004000000300400000500000005000000fdffffff0600000006000000b900000004000000030000000800000000fffffff9ffffffffffffff0101000000000000ff07000005000000fdffffffc600000002000000020000000000000003000000000000000900000002000000040000000080040010000000ff03000000000000020000000300000003000000fdffffff0900000009000000ffff00000d000000020000000800000002000000ff03000055f6e93f8001000008000000e88e000007000000000000000500000001000100ffffff7f03000000420000000100000086884b4b7fffffff08000000000000c008000000030000000d0000000002000080000000ff070000030000000000000000000080000000000300000005000000010000000000010002000000ff7f00000001000002000000090000003d770000ff01000002000000fa00000003000000e7000000010000000008000000000000d4ffffff0500000001000080001000000000002000002000020000000a000000ff7f0000ba000000020000000600000008000000080000000a9a00000000000009000000310000006e280000000400000b000000a00000000cffffff030000000300000008000000fdffffff00000000fd2567ff204b1366307af90900000002000000f000000000100000020000000900000002000000c0650000ff000000ff01000000000048030000000800000010400000000100007c0000000100000001040000ffff00000600000004000000070000000400000001000000ffffffff08000000040000000800000000000100ffffffff00000000"], 0x420}, 0x1, 0x0, 0x0, 0x1}, 0x40000)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89e2, &(0x7f0000000340)={r8})
r10 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r10, 0x0, 0x0)

22.620900924s ago: executing program 0 (id=722):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x1, 0xfe, 0x2000, @vifc_lcl_ifindex, @dev}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='ns\x00')
r2 = socket$xdp(0x2c, 0x3, 0x0)
bind$xdp(r2, 0x0, 0x0)
getdents64(r1, &(0x7f0000000300)=""/44, 0x2b)
getdents64(r1, &(0x7f0000000380)=""/103, 0x67)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000140)=0x8, 0x4)
r4 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000200)='source', &(0x7f00000007c0)='\\\\\xe9\x838\x9d<\f\x91\a\xd4$\xae$\x91&6n @\xf4M\xba\xf2<\xd6A\xdb\xd7\xbeY@g\xcc\xca\n@\x06\xa3\xfe%\x11\xc9\xc5\xc4\x96\xb7b\xa7\x15R\x11\xad\x89\xd1\xb8\xe0h\\.\xa3`fv\xdc\x8b\x18r\x8e\x9ac\x182q\xb8\xca\xb09Blk\x8e\xb1\xc3j\x03\xb7\x00\x00\x00\x00\x00\x00\xfc\xe3\xb8\xc7\x0f\xaaQ\x98F*T\xd5\xcd4g+\xbd\b\xe0R\x9d\x18\x19a:\xa2\xa1\xcb\xd7jx\x94\v1\xb7\xb5\xdb\x9a\b\xf9\xb4\x8c\xab{\x1dU \r\xc1\x19!\x86~\xa9\x01\xda\x020\xe7\xc0\x9b\xf8NtV\xf5\xe7\xb2\xc6\x16A\xa9\xe8\xea\x95?I\xf9}\a\xc66}a)\xb4\xa9C\xc4\xfa\xf9L\x8d}\xf2>\xc5p4\x16\x91G\xe3\x9ef\xe7\xdc9;\x1c|\x1b.q\xb2\xc7\xed\xa8{\xac\x0e\xe5\xb7\x9d\xa4\xa6\xdd\xe4\x16\a\x13+\'\x05i\x7f\xd2\xc0\xd0f&\xbc\xd0M\xe9\x0e\x819\x02\x9b\xe6\xef\xe0\x1fD=A\xdf\x10\xd5]\xcbL|-\xe8\xf4Q\xd1\x0e\x81v]\xb9\xfc\xf0\x89\"\xc2]{\xa7\xe6:\x87\r\xf2-\xd1Z\xbd\xef\xe04\xa2\'\xca\x92\xe1\x91uy\xe1\x1d\xa7\x00\x00\x00\x00\x00\x00\xbeE\a\xd2\x96\xb3_)*\x1c\xf8Z\xbd\xfaI\xe4\x9c\xc93f\xe5\xd8\xdeXh\x9a\xd5\xd9n\x80\x00\x02\xc0 =W\xbcq\x19\x90\xd9\xdb\x87!\xees\xcajZ^\x94\"k\xaeqg\x92\x90\xa3!Z\xb5\xac\x8f\x9e\x8c8\x83 DI\x8c5\x9cwX\xb1_\xb0S\x15\x0f{\x1fa\x92 \xfa\xfa\x16izQ\xeaw\x967V\'\x11=\xac\xd1V*\xfeUt\xf9`\xb1+\xcc\x7f&j\x15T\xe5r\x8a{#\xf3\x8f\x8c/:\xb8\xf7\xad\xdc1\xd1U)\x9e\xa1\xad|\xf3\x83\xe3%\xc0\xbc\x91\xeaZox \xac\xfa}A\xb5\"B\xe6\x7f\xe9\xf0\xfc\xf2\\S\x1c\xc8\xe1\xa5\x8c\x84p]\xa9C\x13D\x1fa\xb8\xb7&(\xe9\xfcqx\xf4\xfe\xec\xd7\x99Fa\xf8\xee\xb1\xc3\xbb\x04PO\x91)G\xa0\x9a\x8e\x89h\xd3lE\x03\x1eJ\xc2\xa8N\xcd\x1a\\o\xb6\xef\xa2q$\xbdu\xa9\xd2', 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x38, r6, 0x101, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @random="289d13311534"}, @NL80211_ATTR_IE={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4044014}, 0x48000)
r8 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000036c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x172f, 0x32, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r8, 0x0, 0x0)
syz_usb_control_io(r8, &(0x7f0000000000)={0xc, &(0x7f00000000c0)={0x20, 0x12, 0x5, {0x5, 0x1, "a0f4eaea4ea165f3f96a4f009940bd8b922a1daa44fb13de86afaafc2324c33a5a67ef43a5dbd186d3f6d3437d654bbeca95b95ea980546e3df62336ff9b25e86df67edb1518b089bf83b3ac4fc76abe72d7dd43770bc90900123770808ca807938ddf6d6603c90bc1af1a6553eff3a1c7a904635fbd2be73110ae2c"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r9, 0x2c39000)

21.394098316s ago: executing program 35 (id=618):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
sendto$x25(r0, 0x0, 0x0, 0x40, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x8800, 0x0)
read(r1, &(0x7f0000000280)=""/4096, 0x1000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
unshare(0x22020600)
ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @ioapic={0x2, 0xffffffff, 0x101, 0x5, 0x0, [{0xd, 0x9, 0x6, '\x00', 0x1}, {0x6, 0x2, 0x26, '\x00', 0xfc}, {0x2, 0xef, 0xd, '\x00', 0xee}, {0xfb, 0x7, 0xd}, {0x13, 0x9, 0x2, '\x00', 0x62}, {0x0, 0x3, 0x2, '\x00', 0xd3}, {0xf, 0x0, 0x8, '\x00', 0x4}, {0x9, 0xdb, 0x1}, {0x81, 0x23, 0x5, '\x00', 0x2}, {0xde, 0x20, 0x3}, {0x40, 0x4, 0x10, '\x00', 0x1}, {0xf5, 0x5, 0x4, '\x00', 0xb5}, {0x7, 0x3, 0x2b, '\x00', 0x6}, {0x4, 0x0, 0x0, '\x00', 0xe9}, {0x10, 0x39, 0x40, '\x00', 0xcf}, {0x6c, 0x3f, 0x0, '\x00', 0x72}, {0x6e, 0x4, 0x4, '\x00', 0xe}, {0x7, 0x2, 0x8, '\x00', 0x7}, {0xf, 0x7, 0x5, '\x00', 0x8}, {0x1, 0x6, 0x29}, {0x4, 0x6, 0xff, '\x00', 0x49}, {0xee, 0x2, 0x91, '\x00', 0xba}, {0x2, 0x8, 0x2, '\x00', 0xc3}, {0x8, 0x9, 0x54, '\x00', 0x9}]}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
r6 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x0)
ioctl$BLKTRACESETUP(r6, 0x1263, 0x0)
sendmsg$key(r5, &(0x7f0000000000)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x2, 0x4, 0x0, 0x9, 0x7, 0x0, 0x0, 0x25dfdbfe, [@sadb_address={0x5, 0x5, 0x3c, 0xa0, 0x0, @in6={0xa, 0x4e23, 0x2, @remote}}]}, 0x38}, 0x1, 0x7}, 0x0)
personality(0x5400004)
r7 = add_key(&(0x7f0000000140)='.dead\x00', &(0x7f0000001280)={'syz', 0x1}, &(0x7f00000012c0)="c1e5c8403dda957c6c2699a6506359cd75b49d79da646f08547ff070207e861715c3efdc681bbd198da0c93eb983d2ce82b9c0a4cd9d1602c1176e33f764ca418dcf99ee8751fa48d111fa52a5cfebb9c74c2413557d5bb424fc0b437a5011ee29d2dcb6930089ca", 0x68, 0x0)
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f00000001c0)={0x0, "5c91c2f62dce1d2d756c66ea99302b896c191ed83c1cb0d30d723246b753c51fdbb3010b714a03ff3909d102eb56032d87c057a7df35fcc82ea056915f1dff92", 0x13}, 0x48, r7)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
r8 = socket$kcm(0x2d, 0x2, 0x0)
r9 = socket$nl_audit(0x10, 0x3, 0x9)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
sendmsg$AUDIT_ADD_RULE(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000001340)=ANY=[@ANYBLOB="20040000f30304002cbd7000fcdbdf2501000000020000002c000000030000007f00000001000000080000000000000000040000020000000100000001000000020000000000000004000000c5000000080000006c040000070000006d96cc78000000c005000000050000000c0000000000000004000000018000000000000009000000010000800b00000004000000000000000400000005000000630000000e00000004000000030000000200000046000000070000207d050000040000000c0000000100000001800000810000000e8e000017fd00004cb3000009000000ad000000c700000000000000020000000180000006000000ff7f00000600000004000000fdffffff01000000080000000800000004000000010000000700000000000000ff00000007000000350000000800000041570000080000000300000004000000010000007d00000000000003010000000400000000000080010000000000000001000000b4000000fdffffff01000080000000000100000000000020000000009f000000020000000a0000003d0000000300000003000000e40000000008000003ff000000000000070000000e000000070000001a0000000300000005000000800000008000000004000000300400000500000005000000fdffffff0600000006000000b900000004000000030000000800000000fffffff9ffffffffffffff0101000000000000ff07000005000000fdffffffc600000002000000020000000000000003000000000000000900000002000000040000000080040010000000ff03000000000000020000000300000003000000fdffffff0900000009000000ffff00000d000000020000000800000002000000ff03000055f6e93f8001000008000000e88e000007000000000000000500000001000100ffffff7f03000000420000000100000086884b4b7fffffff08000000000000c008000000030000000d0000000002000080000000ff070000030000000000000000000080000000000300000005000000010000000000010002000000ff7f00000001000002000000090000003d770000ff01000002000000fa00000003000000e7000000010000000008000000000000d4ffffff0500000001000080001000000000002000002000020000000a000000ff7f0000ba000000020000000600000008000000080000000a9a00000000000009000000310000006e280000000400000b000000a00000000cffffff030000000300000008000000fdffffff00000000fd2567ff204b1366307af90900000002000000f000000000100000020000000900000002000000c0650000ff000000ff01000000000048030000000800000010400000000100007c0000000100000001040000ffff00000600000004000000070000000400000001000000ffffffff08000000040000000800000000000100ffffffff00000000"], 0x420}, 0x1, 0x0, 0x0, 0x1}, 0x40000)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89e2, &(0x7f0000000340)={r8})
r10 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r10, 0x0, 0x0)

20.67306014s ago: executing program 0 (id=745):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in=@multicast1, @in6=@mcast2, 0x4e21, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0xff}}, [@migrate={0x50, 0x11, [{@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2={0xfc, 0x2, '\x00', 0x20}, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x8}]}]}, 0xa0}}, 0x44)
write$cgroup_pid(r1, &(0x7f00000001c0), 0x12)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
lremovexattr(0x0, &(0x7f00000000c0)=@random={'btrfs.', '^[@}+\x00'})
mmap(&(0x7f000078a000/0x11000)=nil, 0x11000, 0x5a051feb1f984a1d, 0x202812, r3, 0x7dfff000)

20.626289818s ago: executing program 0 (id=746):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000001fc0)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@canfd={{0x1, 0x1}, 0x39, 0x0, 0x0, 0x0, "3992ca995e968b0b065f7922b761528f0199602d1e09faf0c0f1c2db040f957a34b2aa413157e3ec06fdcf6128269e6763e9c19b00d4eb026a6375a22b930a64"}, 0x48}, 0x1, 0x0, 0x0, 0x8490}, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0adff010000000000000dd6e4edef3d93452a09004b43370e9703890723f97e46bb5c0754", 0xd6}], 0x1}, 0x20004804)
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000440)={r1, 0x0, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78d09843d601010000000000080d0ec0c1b4e9b1c4369d03740250ceaac594b1b3c741dd17c18e8438ef2a565e04603323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}})
ioctl$LOOP_CHANGE_FD(r2, 0x4c05, 0xffffffffffffffff)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

20.570984929s ago: executing program 0 (id=747):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x80421, 0x0)
r0 = syz_usb_connect(0x6, 0x0, 0x0, 0x0) (async)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x8, 0x0, 0x0, 0x7fff7ffa}]})
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r2, &(0x7f0000000300)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, [@null, @default, @default, @default, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) (async)
close_range(r1, 0xffffffffffffffff, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendto$inet6(r3, &(0x7f0000000100)="c10e000018001f06b9409b0dffff110d0207be040205060506100a044300050018000000fac8388827a685a168d9a44604094565360c648dcaaf6c26c291214549932fde4a460c89b6ec0cff3959547f509058ba86c902fc3a10004a320c0400160012000a00000000000000000000080756ede4ccbe5880", 0xec1, 0x0, 0x0, 0x9e5e111c47e3504f) (async, rerun: 32)
syz_usb_control_io(r0, 0x0, 0x0) (async, rerun: 32)
syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf411119ed8bebbb9, 0x20011, r4, 0x658e000) (async)
r5 = socket$unix(0x1, 0x1, 0x0) (async, rerun: 64)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) (async, rerun: 64)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wg1\x00'}) (async)
r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000040)={0x80109, "fa02946a000000001dda524f03000000000000000000003673000000002000", <r7=>0xffffffffffffffff})
prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0) (async)
ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, 0x0)
timer_create(0x1, &(0x7f0000000080)={0x0, 0xb, 0x4}, 0x0) (async)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r3) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r9=>0x0}) (rerun: 64)
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x5c, r8, 0x400, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0xfff, 0x76}}}}, [@NL80211_ATTR_REASON_CODE={0x6}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x79}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x8, 0x13, [{0x36, 0x1}, {0x16}, {0x3, 0x1}, {0x24, 0x1}]}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x68}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0xff}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2000c881}, 0x40000)

20.457258117s ago: executing program 0 (id=748):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000440)=0x8, 0x4)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x3b5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a00100063fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x0)

19.609191715s ago: executing program 0 (id=754):
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=<r0=>0x0)
ioprio_set$pid(0x1, r0, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
r3 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000ec0)=""/4071, 0xfe7}, {&(0x7f0000001ec0)=""/4076, 0xfec}, {&(0x7f0000000700)=""/238, 0xee}, {&(0x7f0000000340)=""/198, 0xc6}, {&(0x7f0000000500)=""/42, 0x2a}], 0x5}, 0x40000100)
sendmsg$inet(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000900)="5c00000012006bab9a3fe3d86e17aa0a046b4877c4aaf68187bae53dca2ba35bda6a876c1d0048007ea608649e7524765f0ef82e3c0000a705259a3651f60a84c9f4d4938037e70e4509c5bb00000000e513aeac9bf2bee150d5fe86", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000000)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002fc0), 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, 0x0, 0x810)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x42000)
socket$kcm(0x2, 0x200000000000001, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r7, @ANYBLOB="84a3760e6abee67a49767478fc88c5b87095dee46ef1ffacf8d31120199572503a98f6c1459544df7092603414c3f6fa84ac629974356c9764a9c1825a3e4cfe23f3ebbe31f93faefa0bc7aa643fbed20997b568d12910270f5dbd3a91a16e82598ff57cabc5079fb0e607a9eee3a7205d86fa48cbd24eedb65b8fe0d7c6e260dff95435fe930145306e77de509d6d7eee37a4f9302fbd7936023d667405a9556c7b386e4c0763def7231040d47201dde9d684812e6f9049fa97bdadf6ac1273d4c15c4726ef505be07128726d27f050c98421581b1b8d280fe2b4f5a93790b0"], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r5)
ioctl$NBD_SET_SIZE_BLOCKS(r4, 0xab07, 0x6)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket(0x10, 0x803, 0x0)
r9 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}})
socket$inet_mptcp(0x2, 0x1, 0x106)
sendfile(r1, r1, 0x0, 0x7ffff000)

9.116135503s ago: executing program 7 (id=833):
prlimit64(0x0, 0xd, &(0x7f0000000000)={0x4, 0x4a}, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = accept(r2, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x40045)
recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4112, 0x0, 0x0)
r5 = dup(r3)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
sendfile(r0, r0, 0x0, 0x7ffff000)

7.89890483s ago: executing program 7 (id=842):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
timer_create(0x0, &(0x7f0000000100)={0x0, 0x32, 0x2, @thr={0x0, &(0x7f0000000280)="e0a991fe00fd1a86c7c1780665acf6fc77b83a50e8da28630d41bf6ff4610dd8fed3ca81203bf10f"}}, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400ff8960ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef)

7.659208947s ago: executing program 7 (id=843):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x40, 0x0, 0x1, 0x70bd29, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x401, 0x3f}}}}, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x25e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x12c}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4008080)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@mcast2, @in6=@mcast1, 0x0, 0x0, 0x4e20, 0x400, 0x2}, {0x0, 0x0, 0x0, 0x1, 0x0, 0x401}, {}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@rand_addr=' \x01\x00', 0x0, 0x6c}, 0x2, @in6=@private2, 0x0, 0x4}}, 0xe8)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000100), 0x6e02, 0x0)
ioctl$SOUND_MIXER_READ_RECSRC(r4, 0x80044dfd, 0xffffffffffffffff)
ioctl$TCSETA(r2, 0x5434, 0x0)
fadvise64(r1, 0x7, 0x1ff, 0x1)
sendfile(r1, r1, &(0x7f0000000140)=0x6, 0x7ffff000)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x40, 0x0, 0x1, 0x70bd29, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x401, 0x3f}}}}, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x25e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x12c}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4008080) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async)
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
socket$inet6(0xa, 0x3, 0x84) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@mcast2, @in6=@mcast1, 0x0, 0x0, 0x4e20, 0x400, 0x2}, {0x0, 0x0, 0x0, 0x1, 0x0, 0x401}, {}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@rand_addr=' \x01\x00', 0x0, 0x6c}, 0x2, @in6=@private2, 0x0, 0x4}}, 0xe8) (async)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) (async)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000100), 0x6e02, 0x0) (async)
ioctl$SOUND_MIXER_READ_RECSRC(r4, 0x80044dfd, 0xffffffffffffffff) (async)
ioctl$TCSETA(r2, 0x5434, 0x0) (async)
fadvise64(r1, 0x7, 0x1ff, 0x1) (async)
sendfile(r1, r1, &(0x7f0000000140)=0x6, 0x7ffff000) (async)

7.444253728s ago: executing program 7 (id=844):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003e80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b040000fffffff50000020000004000048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000e08000340000000040900010073797a30000000000900020073797a320000000070000000050a010300000000000000000200000008000b4000000002090001"], 0x3518}}, 0x0)

7.393480931s ago: executing program 7 (id=845):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x44f, 0xb323, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7f, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f00000065c0)={0x0, 0x0, &(0x7f0000006580)={&(0x7f00000003c0)=ANY=[@ANYBLOB="281000001400110200001000fcdbdf25280068fdfa"], 0x28}}, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, 0x0, 0x0)
readv(r2, &(0x7f0000000140)=[{&(0x7f0000000240)=""/116, 0x74}], 0x1)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0xa, "1be98be0"}]}}, 0x0}, 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x92, &(0x7f0000000140)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x80, 0x2, 0x1, 0x10, 0x0, 0x80, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x1, "450c14"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x7ff, 0x80, 0x101, 0x8}, {0x6, 0x24, 0x1a, 0xe52, 0x23}, [@obex={0x5, 0x24, 0x15, 0x8000}, @mdlm={0x15, 0x24, 0x12, 0xffff}, @network_terminal={0x7, 0x24, 0xa, 0x0, 0x0, 0x7f}]}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0xa, 0x5, 0xa}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x6, 0xf, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x46, 0x5, 0x80}}}}}}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x250, 0xa, 0x81, 0xde, 0x8, 0x3}, 0xc, &(0x7f0000000280)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x3, 0x5}]}, 0x5, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x419}}, {0xcb, &(0x7f0000000300)=@string={0xcb, 0x3, "1122c3dac6d58ae56318a312be90aa136e05169b4bd816cfe52b04db3d5ba1d89d1ff107bc5cb3682b86fbfcc1aaeeecebcf8601faf5d30d2b0f8c46977dd190005e0a0930dbc6fc4d4cd86219e35526752dbf8ef3646e3bb943c20602b4e19330834da73e58e2ce71b3030062c8f53439aa7b02dd0731adca9ee8bc1331831c330055794ecf2e2af12869be2663dc2d1b4fbd4c1dfd957255d5e9a2a20f060891406f22097bede6c034d4749a51bbe2fbef92a1ed7ab0aec6cf8f02ff5ad1826b1978046c10e4c126"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x421}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x861}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x420}}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x20011, r0, 0xf648d000)
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040))
quotactl_fd$Q_GETQUOTA(r0, 0xffffffff80000702, 0x0, &(0x7f0000000540))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x18, 0x15, 0x301, 0x70bd29, 0x0, {0xc}, [@typed={0x4, 0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0xc040}, 0x4000000)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0)
r6 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r5, 0x4008af22, &(0x7f00000001c0)={0x0, r6})
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000000)={0x0, r6})
close(0x3)
madvise(&(0x7f00002a7000/0x1000)=nil, 0x1000, 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

4.401382665s ago: executing program 36 (id=754):
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=<r0=>0x0)
ioprio_set$pid(0x1, r0, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
r3 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000ec0)=""/4071, 0xfe7}, {&(0x7f0000001ec0)=""/4076, 0xfec}, {&(0x7f0000000700)=""/238, 0xee}, {&(0x7f0000000340)=""/198, 0xc6}, {&(0x7f0000000500)=""/42, 0x2a}], 0x5}, 0x40000100)
sendmsg$inet(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000900)="5c00000012006bab9a3fe3d86e17aa0a046b4877c4aaf68187bae53dca2ba35bda6a876c1d0048007ea608649e7524765f0ef82e3c0000a705259a3651f60a84c9f4d4938037e70e4509c5bb00000000e513aeac9bf2bee150d5fe86", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000000)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002fc0), 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, 0x0, 0x810)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x42000)
socket$kcm(0x2, 0x200000000000001, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r7, @ANYBLOB="84a3760e6abee67a49767478fc88c5b87095dee46ef1ffacf8d31120199572503a98f6c1459544df7092603414c3f6fa84ac629974356c9764a9c1825a3e4cfe23f3ebbe31f93faefa0bc7aa643fbed20997b568d12910270f5dbd3a91a16e82598ff57cabc5079fb0e607a9eee3a7205d86fa48cbd24eedb65b8fe0d7c6e260dff95435fe930145306e77de509d6d7eee37a4f9302fbd7936023d667405a9556c7b386e4c0763def7231040d47201dde9d684812e6f9049fa97bdadf6ac1273d4c15c4726ef505be07128726d27f050c98421581b1b8d280fe2b4f5a93790b0"], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r5)
ioctl$NBD_SET_SIZE_BLOCKS(r4, 0xab07, 0x6)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket(0x10, 0x803, 0x0)
r9 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}})
socket$inet_mptcp(0x2, 0x1, 0x106)
sendfile(r1, r1, 0x0, 0x7ffff000)

4.279164511s ago: executing program 7 (id=856):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r1, 0x800448d3, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r3, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(r4, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000400)={r3, @in6={{0xa, 0x4e20, 0xffffffff, @private2, 0xffffffff}}}, 0x90)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
r6 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r8, 0x7}}, 0x48)
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r10=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r9, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r10, 0x7}}, 0x48)
r11 = dup(r6)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r11, 0x40045542, &(0x7f00000000c0)=0x2)
r12 = openat$nci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
read$nci(r12, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f00000001c0)={0x400, 0x300, 0x0, 0x4b0, 0xbbba, 0x2, 0x0, 0x0, {}, {0x4, 0x2}, {0x4000000}, {0x0, 0x8, 0x8000}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x2})
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x1200051, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r11, 0xc0709411, &(0x7f0000000280)={{0x0, 0xa7, 0x0, 0x4967, 0x8, 0x8, 0x76908937, 0xcb, 0x4, 0x4, 0x8, 0x100, 0x3ff, 0x310a, 0x1}, 0x18, [0x0, 0x0, 0x0]})

2.641865604s ago: executing program 6 (id=867):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000001fc0)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@canfd={{0x1, 0x1}, 0x39, 0x0, 0x0, 0x0, "3992ca995e968b0b065f7922b761528f0199602d1e09faf0c0f1c2db040f957a34b2aa413157e3ec06fdcf6128269e6763e9c19b00d4eb026a6375a22b930a64"}, 0x48}, 0x1, 0x0, 0x0, 0x8490}, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0adff010000000000000dd6e4edef3d93452a09004b43370e9703890723f97e46bb5c0754", 0xd6}], 0x1}, 0x20004804)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0x2040000}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

2.553033723s ago: executing program 6 (id=868):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
recvmmsg(r3, &(0x7f0000004400)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000000c0)=[{0xfffffffffffffffd}, {0x0}], 0x2}}], 0x2, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = epoll_create1(0x0)
r5 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r5, &(0x7f0000001500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000080fe00000000000000000000100000000100009914f70e0415cf3a6ead898fece9053d78dd8d120ebb8d82b3916c0d3627"], 0x18}}], 0x1, 0x4000000)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f0000000300)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a117436c37900000000000fff0058000b4824cac9446400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100070c7599165753a0caf92810", 0x58}], 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r0, &(0x7f0000000000)={0xa0000001})

1.686487627s ago: executing program 8 (id=854):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000440)=0x8, 0x4)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x3b5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a00100063fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x0)

1.631589614s ago: executing program 8 (id=870):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0xfffffcf4}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000018000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)

1.563995381s ago: executing program 6 (id=871):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000001fc0)={0x4c8, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xffffffff}, @NL80211_ATTR_FRAME={0x401, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_a, @broadcast, @from_mac, {0x9}, @value=@ver_80211n={0x0, 0x6, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x1}}, 0x1012, 0x7, @device_a, {0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x2, [{0x12}, {0xc}]}, @val={0x2d, 0x1a, {0x300, 0x0, 0x0, 0x0, {0x10001, 0x3, 0x0, 0x259, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x8, 0x800, 0x3}}, [{0xdd, 0x13, "c0178b979ea0907e64f86dc8c879099b75bee1"}, {0xdd, 0x9a, "88d9b8d5c21239e0b21953bdfe843cd036b2d09fe760cde293125a05811e5b983addd14710acc51caeb0966ed41097077157afaf9385d1fe3303b163b88cafe118d234b5ff37c231ced120ba0f36522819481494b0f3cccd1a7c0f5e9292c5b98f08405436b43d1943b75befd8cf732371b66eaf5e2a8de5445ba39c8eb372bd7866e58eefb8d4713523cedb1d4b873b43e603f3fa21c30edb99"}, {0xdd, 0xa9, "d5a4d8297fbb8c8028ba2426756193db09436af3f391e9f8fb57810d3b71d9ae99301a8de0d3e711b4427a346d4a60ffcf7cb078cdbe2b2f2b685075b465f009a64dc2314feb46d32d6297160bb4c33660855abac6a3f721001d14f2ebe8cb924c0324bce143b348195b390aaacc68ba9f94e18aea4eddc69af2cac48020347429fe058daf5ff505cdae3d25fd9ef4fbd934a34be741d9c3499e5176116e20e5aa7f09bace36812885"}, {0xdd, 0x94, "e40d9b7894cdaf3963247290e8bc27036e97a326d1167f1edca6c27def93331b627994b9cc997bdbbaab5eb4a0d8dd5d0f465717b4949e8e5ae7abb2322969cd470445bd60b3c6f1777295fff0f928c58f0b2f4ad7a02597cc2fc309ca27787e1300158ff2cf258c7b685400a6508c28762f3d783bcf1a8c50a1ddc108c56b7edcf8b6d20938bb8fd59c22f0557470c10b543ac3"}, {0xdd, 0xd5, "2c3a0de19d84258be5670c8b009a46515ee3b108a03f155dd97b1790ff57c2f1803b26cc9e776ad948f39111b449a685f6808c988471f98cb87ebf5c177eabc67a48c63b39de322fbb397e9191661ddc4b90c164f6535f86ecf858a1d4e09dd1585b87428463251a153629f9b8834b0f881fc6a34af1feccc60fa3ee6266645588f238e684c9c86f41562c962862a24d31ee7b8e234bd127467668fab21465d359ad01bc0b7abc878ef37e1b68afbb05f53d0a7a3084305c6d7faabdd16c41cc98262d71cdc121c8fae5491a669cffba6dab60dfb7"}, {0xdd, 0x6a, "f48e7192a754ab5f2dcdd09e083dbf93438466070cec5f40d1fbff00074eee0ac62178866a45c6b02174638bdbc4c7aa9390e672864aec7b4c2f2e0703619300256db29560a5736fd0196f32315a643cd23b0ef29943c1b6e512251ec8f5f97714b9cd3fabe4633465c9"}, {0xdd, 0x78, "c7eb2efa02debe2c942e23933974f567a22ea8e4212a8738de284f2c37d6959159eb7691a0bb8e01593b5798fc53a843a2781805fe02bb45bba707f1ccd30fbda62a097693785d8ef747ef40d7cfff8177948def618aa0c026672ffc91e4805cd289f724e46a63d4e7b7b1bb9a86c505a9cc3398fd1363c5"}]}}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xef}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1725}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xbb0}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1000}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xd48}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1478}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x153}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x28e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2e0}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x4c8}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@canfd={{0x1, 0x1}, 0x39, 0x0, 0x0, 0x0, "3992ca995e968b0b065f7922b761528f0199602d1e09faf0c0f1c2db040f957a34b2aa413157e3ec06fdcf6128269e6763e9c19b00d4eb026a6375a22b930a64"}, 0x48}, 0x1, 0x0, 0x0, 0x8490}, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20004804)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

1.563858393s ago: executing program 8 (id=872):
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224000100000000090400"], 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb000000010902"], 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e", 0x5}], 0x1}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef5"], 0xf8)

1.516671608s ago: executing program 6 (id=873):
sched_setscheduler(0x0, 0x1, 0x0)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = accept(r2, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x40045)
recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4112, 0x0, 0x0)
r5 = dup(r3)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
sendfile(r0, r0, 0x0, 0x7ffff000)

1.222222888s ago: executing program 3 (id=878):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000440)=0x8, 0x4)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x3b5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a00100063fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x0)

1.221670296s ago: executing program 3 (id=879):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d214"], 0x68}, 0x1, 0x0, 0x0, 0x4006000}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000f0ffffff0a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x4c850)

1.135987486s ago: executing program 3 (id=880):
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='nilfs2\x00', 0x200808, 0x0)
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
getpeername(r0, 0x0, 0x0) (async)
getpeername(r0, 0x0, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/comedi3\x00', 0x20400, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
dup(r2) (async)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x280000, 0x0)
r6 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0xfffff000, 0x100000000})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r7, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/213, 0xd5}, {&(0x7f0000000900)=""/242, 0xf2}, {&(0x7f0000003e00)=""/4098, 0x103c}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000540)=""/130, 0x82}, {&(0x7f0000001900)=""/229, 0xe5}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f0000000240)=""/112, 0x70}, {&(0x7f0000000040)=""/113, 0x71}], 0x6}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0) (async)
recvmmsg(r7, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/213, 0xd5}, {&(0x7f0000000900)=""/242, 0xf2}, {&(0x7f0000003e00)=""/4098, 0x103c}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000540)=""/130, 0x82}, {&(0x7f0000001900)=""/229, 0xe5}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f0000000240)=""/112, 0x70}, {&(0x7f0000000040)=""/113, 0x71}], 0x6}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0)
flock(r8, 0x5) (async)
flock(r8, 0x5)
r9 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x40800, 0x0)
r10 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000001c0), 0x40000, 0x0)
ppoll(&(0x7f0000000200)=[{r1, 0x3f6}, {r3, 0x200}, {r4, 0x8008}, {r5, 0x5000}, {r6, 0x80}, {r7, 0x4e0}, {r8, 0x2000}, {r9, 0x10}, {r10, 0xa86a266dde9bfea5}], 0x9, &(0x7f0000000280), &(0x7f00000002c0)={[0x2]}, 0x8) (async)
ppoll(&(0x7f0000000200)=[{r1, 0x3f6}, {r3, 0x200}, {r4, 0x8008}, {r5, 0x5000}, {r6, 0x80}, {r7, 0x4e0}, {r8, 0x2000}, {r9, 0x10}, {r10, 0xa86a266dde9bfea5}], 0x9, &(0x7f0000000280), &(0x7f00000002c0)={[0x2]}, 0x8)
socket$pppl2tp(0x18, 0x1, 0x1)

1.061924387s ago: executing program 3 (id=881):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
timer_create(0x0, &(0x7f0000000100)={0x0, 0x32, 0x2, @thr={0x0, &(0x7f0000000280)="e0a991fe00fd1a86c7c1780665acf6fc77b83a50e8da28630d41bf6ff4610dd8fed3ca81203bf10f"}}, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400ffa160ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef)

916.88751ms ago: executing program 3 (id=882):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000440)=0x8, 0x4)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x34000}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a00100063fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x0)

587.177465ms ago: executing program 6 (id=883):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003e80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000f500000000020000004000048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000e08000340000000040900010073797a30000000000900020073797a320000000070000000050a010300000000000000000200000008000b4000000002090001"], 0x3518}}, 0x0)

492.197082ms ago: executing program 6 (id=884):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x10000, 0x0, 0x2, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
sendfile(r0, r0, &(0x7f0000001000)=0x7fffffff, 0x7ffff000)

266.74482ms ago: executing program 8 (id=885):
syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x200)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket(0x10, 0x2, 0x0)
pipe(&(0x7f0000000080))
socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$l2tp6(0xa, 0x2, 0x73)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$igmp(0x2, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0xb)
socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000080))
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$pppoe(0x18, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000200000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

201.119899ms ago: executing program 8 (id=886):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0xfffa, r0, 0x0, 0x0, 0x4, 0x0, 0xfcfdffff}])

63.974285ms ago: executing program 8 (id=887):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x145342, 0x0)
sendfile(r1, r0, 0x0, 0x7fffefff)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7})
r2 = socket$kcm(0x2d, 0x2, 0x0)
r3 = socket$kcm(0x2d, 0x2, 0x0)
r4 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0xe, 0x80800)
connect$bt_l2cap(r4, &(0x7f0000000100)={0x1f, 0x4}, 0xe)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000380)={<r5=>r2})
bind$xdp(r5, &(0x7f0000000080)={0x2d, 0x0, 0x0, 0xa}, 0x10)
sendfile(r0, r0, 0x0, 0x7ffff000)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x145342, 0x0) (async)
sendfile(r1, r0, 0x0, 0x7fffefff) (async)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7}) (async)
socket$kcm(0x2d, 0x2, 0x0) (async)
socket$kcm(0x2d, 0x2, 0x0) (async)
accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0xe, 0x80800) (async)
connect$bt_l2cap(r4, &(0x7f0000000100)={0x1f, 0x4}, 0xe) (async)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000380)={r2}) (async)
bind$xdp(r5, &(0x7f0000000080)={0x2d, 0x0, 0x0, 0xa}, 0x10) (async)
sendfile(r0, r0, 0x0, 0x7ffff000) (async)

0s ago: executing program 3 (id=888):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000026c0), r0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000002700)={<r2=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000002800)={0x0, 0x0, &(0x7f00000027c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c0000ff", @ANYRES16=r1, @ANYBLOB="010025bd700002dcdf2501000000100007800c00018008000100", @ANYRES32=r2, @ANYBLOB="0c00020001000000010001000c00050026"], 0x3c}, 0x1, 0x0, 0x0, 0x24040001}, 0x0)

kernel console output (not intermixed with test programs):

 R14: 00007f446b1b5fa0 R15: 00007ffef46bcd18
[   93.231242][ T6566]  </TASK>
[   93.688553][ T6567] netlink: 12 bytes leftover after parsing attributes in process `syz.2.234'.
[   94.064944][  T920] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   94.214894][  T920] usb 1-1: Using ep0 maxpacket: 16
[   94.221493][  T920] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   94.236288][  T920] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   94.250395][  T920] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.289363][  T920] usb 1-1: config 0 descriptor??
[   94.525798][ T6572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.534538][ T6572] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.566043][ T5871] Bluetooth: hci2: Malformed LE Event: 0x0d
[   94.568182][  T920] usb 1-1: USB disconnect, device number 6
[   95.136219][ T6125] STV06xx 2-1:0.0: probe with driver STV06xx failed with error -71
[   95.164980][ T6125] usb 2-1: USB disconnect, device number 5
[   95.195305][ T6581] syz.1.241: attempt to access beyond end of device
[   95.195305][ T6581] loop1: rw=0, sector=2, nr_sectors = 1 limit=0
[   95.683154][ T6599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   95.694165][ T6599] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   95.721895][ T6599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   95.751577][ T6599] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   95.766835][ T5871] Bluetooth: hci0: Malformed LE Event: 0x0d
[   95.820249][ T6553] Set syz1 is full, maxelem 65536 reached
[   95.932737][ T6605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.251'.
[   95.941823][ T6605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.251'.
[   96.074191][ T6610] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   96.269220][ T6618] /dev/rnullb0: Can't open blockdev
[   96.276958][ T6618] /dev/rnullb0: Can't open blockdev
[   96.406751][ T6620] netlink: 'syz.2.257': attribute type 9 has an invalid length.
[   96.516162][ T6628] IPv4: Oversized IP packet from 172.20.20.24
[   96.522811][    C1] IPv4: Oversized IP packet from 172.20.20.24
[   96.529348][    C1] IPv4: Oversized IP packet from 172.20.20.24
[   96.651233][ T6636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   96.670289][ T6636] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   96.685983][   T43] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   96.689626][ T6636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   96.710791][ T6636] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   96.721615][ T5871] Bluetooth: hci0: Malformed LE Event: 0x0d
[   96.834876][   T43] usb 1-1: Using ep0 maxpacket: 16
[   96.842043][   T43] usb 1-1: unable to get BOS descriptor or descriptor too short
[   96.850896][   T43] usb 1-1: config 1 has an invalid interface number: 111 but max is 0
[   96.860674][   T43] usb 1-1: config 1 has no interface number 0
[   96.867489][   T43] usb 1-1: config 1 interface 111 has no altsetting 0
[   96.879480][   T43] usb 1-1: New USB device found, idVendor=045e, idProduct=0c5e, bcdDevice= 2.95
[   96.889159][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.899108][   T43] usb 1-1: Product: syz
[   96.905071][   T43] usb 1-1: Manufacturer: syz
[   96.915124][   T43] usb 1-1: SerialNumber: syz
[   96.950799][   T43] r8152-cfgselector 1-1: Unknown version 0x0000
[   97.299756][ T6652] netlink: 8 bytes leftover after parsing attributes in process `syz.3.270'.
[   97.306811][   T43] r8152 1-1:1.111: Expected endpoints are not found
[   97.318991][   T43] r8152-cfgselector 1-1: USB disconnect, device number 7
[   98.046892][  T920] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[   98.204911][  T920] usb 4-1: Using ep0 maxpacket: 16
[   98.211980][  T920] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   98.222583][  T920] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   98.231806][  T920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.242324][  T920] usb 4-1: config 0 descriptor??
[   98.244941][ T6097] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[   98.416315][ T6097] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   98.427560][ T6097] usb 1-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00
[   98.436883][ T6097] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.449996][ T6097] usb 1-1: config 0 descriptor??
[   98.456289][ T6674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   98.467848][ T6674] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   98.477459][ T5871] Bluetooth: hci3: Malformed LE Event: 0x0d
[   98.477941][  T920] usb 4-1: USB disconnect, device number 12
[   98.752926][ T6690] netlink: 4 bytes leftover after parsing attributes in process `syz.2.287'.
[   98.870365][ T6097] elecom 0003:056E:00E6.0001: unknown main item tag 0x0
[   98.889355][ T6097] elecom 0003:056E:00E6.0001: unknown main item tag 0x0
[   98.900090][ T6097] elecom 0003:056E:00E6.0001: unknown main item tag 0x0
[   98.909490][ T6097] elecom 0003:056E:00E6.0001: unknown main item tag 0x0
[   98.917287][ T6097] elecom 0003:056E:00E6.0001: unknown main item tag 0x0
[   98.939947][ T6097] elecom 0003:056E:00E6.0001: unknown main item tag 0x0
[   98.947991][ T6097] elecom 0003:056E:00E6.0001: unknown main item tag 0x0
[   98.955880][ T6097] elecom 0003:056E:00E6.0001: unknown main item tag 0x0
[   98.963094][ T6097] elecom 0003:056E:00E6.0001: unknown main item tag 0x0
[   98.970327][ T6097] elecom 0003:056E:00E6.0001: unknown main item tag 0x0
[   99.012549][ T6699] random: crng reseeded on system resumption
[   99.012751][ T6097] elecom 0003:056E:00E6.0001: hidraw0: USB HID v0.00 Device [HID 056e:00e6] on usb-dummy_hcd.0-1/input0
[   99.161306][ T5914] usb 1-1: USB disconnect, device number 8
[   99.170179][ T6708] netlink: 72 bytes leftover after parsing attributes in process `syz.3.292'.
[   99.200215][ T6700] fido_id[6700]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[   99.281437][ T6715] netlink: 'syz.3.295': attribute type 20 has an invalid length.
[   99.434330][ T6728] FAULT_INJECTION: forcing a failure.
[   99.434330][ T6728] name failslab, interval 1, probability 0, space 0, times 0
[   99.454349][ T6728] CPU: 1 UID: 0 PID: 6728 Comm: syz.3.299 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) 
[   99.454378][ T6728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   99.454388][ T6728] Call Trace:
[   99.454406][ T6728]  <TASK>
[   99.454414][ T6728]  dump_stack_lvl+0x189/0x250
[   99.454446][ T6728]  ? __pfx____ratelimit+0x10/0x10
[   99.454465][ T6728]  ? __pfx_dump_stack_lvl+0x10/0x10
[   99.454490][ T6728]  ? __pfx__printk+0x10/0x10
[   99.454515][ T6728]  ? fs_reclaim_acquire+0x7d/0x100
[   99.454536][ T6728]  ? __pfx___might_resched+0x10/0x10
[   99.454557][ T6728]  ? lock_acquire+0x5f/0x360
[   99.454577][ T6728]  should_fail_ex+0x414/0x560
[   99.454603][ T6728]  should_failslab+0xa8/0x100
[   99.454622][ T6728]  kmem_cache_alloc_noprof+0x73/0x3c0
[   99.454639][ T6728]  ? _sctp_make_chunk+0x14e/0x430
[   99.454659][ T6728]  _sctp_make_chunk+0x14e/0x430
[   99.454678][ T6728]  sctp_make_datafrag_empty+0x122/0x230
[   99.454695][ T6728]  ? __pfx_sctp_make_datafrag_empty+0x10/0x10
[   99.454713][ T6728]  ? sctp_user_addto_chunk+0xa8/0x240
[   99.454730][ T6728]  sctp_datamsg_from_user+0x729/0xef0
[   99.454762][ T6728]  sctp_sendmsg_to_asoc+0x1003/0x1810
[   99.454785][ T6728]  ? up_write+0x1c4/0x420
[   99.454820][ T6728]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[   99.454838][ T6728]  ? sctp_sendmsg+0xb97/0x2810
[   99.454858][ T6728]  ? __local_bh_enable_ip+0x12d/0x1c0
[   99.454879][ T6728]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   99.454901][ T6728]  ? sctp_sendmsg_check_sflags+0x18d/0x2e0
[   99.454923][ T6728]  sctp_sendmsg+0x1941/0x2810
[   99.454949][ T6728]  ? __pfx_sctp_sendmsg+0x10/0x10
[   99.454968][ T6728]  ? rcu_is_watching+0x15/0xb0
[   99.454992][ T6728]  ? aa_sk_perm+0x81e/0x950
[   99.455017][ T6728]  ? __pfx_aa_sk_perm+0x10/0x10
[   99.455040][ T6728]  ? sock_rps_record_flow+0x19/0x410
[   99.455068][ T6728]  ? inet_sendmsg+0x2f4/0x370
[   99.455093][ T6728]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   99.455118][ T6728]  __sock_sendmsg+0x19c/0x270
[   99.455148][ T6728]  ____sys_sendmsg+0x52d/0x830
[   99.455173][ T6728]  ? __pfx_____sys_sendmsg+0x10/0x10
[   99.455199][ T6728]  ? import_iovec+0x74/0xa0
[   99.455222][ T6728]  ___sys_sendmsg+0x21f/0x2a0
[   99.455246][ T6728]  ? __pfx____sys_sendmsg+0x10/0x10
[   99.455271][ T6728]  ? kstrtouint+0x6e/0xe0
[   99.455308][ T6728]  ? rcu_is_watching+0x15/0xb0
[   99.455330][ T6728]  ? lock_release+0x4b/0x3e0
[   99.455349][ T6728]  ? __might_fault+0xcc/0x130
[   99.455369][ T6728]  __sys_sendmmsg+0x227/0x430
[   99.455403][ T6728]  ? __pfx___sys_sendmmsg+0x10/0x10
[   99.455424][ T6728]  ? __mutex_unlock_slowpath+0x1a1/0x760
[   99.455455][ T6728]  ? ksys_write+0x22a/0x250
[   99.455478][ T6728]  ? __pfx_ksys_write+0x10/0x10
[   99.455497][ T6728]  ? rcu_is_watching+0x15/0xb0
[   99.455521][ T6728]  __x64_sys_sendmmsg+0xa0/0xc0
[   99.455546][ T6728]  do_syscall_64+0xfa/0x3b0
[   99.455565][ T6728]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.455582][ T6728]  ? clear_bhb_loop+0x60/0xb0
[   99.455603][ T6728]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.455620][ T6728] RIP: 0033:0x7fdb9098ebe9
[   99.455636][ T6728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.455649][ T6728] RSP: 002b:00007fdb917f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   99.455670][ T6728] RAX: ffffffffffffffda RBX: 00007fdb90bb5fa0 RCX: 00007fdb9098ebe9
[   99.455684][ T6728] RDX: 0000000000000002 RSI: 0000200000004900 RDI: 0000000000000003
[   99.455695][ T6728] RBP: 00007fdb917f9090 R08: 0000000000000000 R09: 0000000000000000
[   99.455707][ T6728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   99.455717][ T6728] R13: 00007fdb90bb6038 R14: 00007fdb90bb5fa0 R15: 00007ffc30e2ff68
[   99.455737][ T6728]  </TASK>
[   99.821717][    C1] vkms_vblank_simulate: vblank timer overrun
[   99.990643][ T6738] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  100.950021][ T6765] /dev/rnullb0: Can't open blockdev
[  101.042330][ T6770] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  101.067650][ T6771] netlink: 12 bytes leftover after parsing attributes in process `syz.3.317'.
[  101.222216][ T6779] /dev/rnullb0: Can't open blockdev
[  101.486197][ T6799] netlink: 8 bytes leftover after parsing attributes in process `syz.3.327'.
[  101.506687][ T6799] netlink: 8 bytes leftover after parsing attributes in process `syz.3.327'.
[  101.599846][ T6803] netlink: 92 bytes leftover after parsing attributes in process `syz.3.330'.
[  101.599846][ T6804] netlink: 92 bytes leftover after parsing attributes in process `syz.3.330'.
[  101.644492][ T6806] Invalid logical block size (1)
[  101.653729][ T6806] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  101.662009][ T6806] /dev/rnullb0: Can't open blockdev
[  101.759077][ T6808] netlink: 'syz.3.332': attribute type 20 has an invalid length.
[  101.861405][ T6814] IPv4: Oversized IP packet from 172.20.20.24
[  101.868419][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  101.874736][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  102.088652][ T6821] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  103.167777][   T55] block nbd0: Possible stuck request ffff8880252b7000: control (read@0,4096B). Runtime 30 seconds
[  103.182701][ T6847] netlink: 'syz.0.347': attribute type 10 has an invalid length.
[  104.054092][ T6880] /dev/rnullb0: Can't open blockdev
[  104.482469][ T6889] netlink: 'syz.2.363': attribute type 2 has an invalid length.
[  104.494226][ T6889] netlink: 'syz.2.363': attribute type 1 has an invalid length.
[  104.506933][ T6889] netlink: 'syz.2.363': attribute type 8 has an invalid length.
[  104.514760][ T6889] netlink: 44 bytes leftover after parsing attributes in process `syz.2.363'.
[  105.315081][ T5914] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  105.344996][ T6097] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  105.357276][ T6913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  105.367278][ T6913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  105.377552][ T6914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  105.389649][ T6914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  105.399387][ T6914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  105.408240][ T6914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  105.417106][ T6914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  105.426596][ T6914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  105.435124][ T6914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  105.443769][ T6914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  105.455137][ T6914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  105.463758][ T6914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  105.465319][ T5914] usb 4-1: Using ep0 maxpacket: 32
[  105.479614][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  105.490977][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 34047, setting to 1024
[  105.496768][ T6097] usb 1-1: device descriptor read/64, error -71
[  105.503620][ T5914] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  105.518799][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  105.541622][ T5914] usb 4-1: config 0 descriptor??
[  105.547420][ T6909] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  105.557151][ T5914] hub 4-1:0.0: USB hub found
[  105.757881][ T5914] hub 4-1:0.0: 1 port detected
[  105.771236][ T6097] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  105.904928][ T6097] usb 1-1: device descriptor read/64, error -71
[  106.016364][ T6097] usb usb1-port1: attempt power cycle
[  106.364987][ T6097] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  106.415957][ T6097] usb 1-1: device descriptor read/8, error -71
[  106.468670][ T6909] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  106.476468][ T6926] tipc: Invalid UDP bearer configuration
[  106.477895][ T6926] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  106.483951][ T6909] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  106.503100][ T5914] hub 4-1:0.0: hub_ext_port_status failed (err = -71)
[  106.503252][   T43] usb 4-1: USB disconnect, device number 13
[  106.581225][ T6932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  106.590759][ T6932] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  106.600909][ T6932] netlink: 'syz.2.377': attribute type 4 has an invalid length.
[  106.612579][ T6932] netlink: 'syz.2.377': attribute type 4 has an invalid length.
[  106.666698][ T6097] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  106.685405][ T6097] usb 1-1: device descriptor read/8, error -71
[  106.795199][ T6097] usb usb1-port1: unable to enumerate USB device
[  106.964880][ T5914] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  106.996215][  T763] block nbd1: Possible stuck request ffff8880252e7000: control (read@0,4096B). Runtime 30 seconds
[  107.114953][ T5914] usb 4-1: Using ep0 maxpacket: 32
[  107.121583][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  107.134551][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 34047, setting to 1024
[  107.146344][ T5914] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  107.158396][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.172183][ T5914] usb 4-1: config 0 descriptor??
[  107.179075][ T6909] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  107.188557][ T5914] hub 4-1:0.0: USB hub found
[  107.478133][ T5914] hub 4-1:0.0: config failed, can't read hub descriptor (err -22)
[  107.496753][ T5914] usbhid 4-1:0.0: can't add hid device: -71
[  107.508228][ T5914] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  107.536136][ T5914] usb 4-1: USB disconnect, device number 14
[  108.106785][ T6950] /dev/rnullb0: Can't open blockdev
[  108.131305][ T6950] /dev/rnullb0: Can't open blockdev
[  108.363132][ T6967] netlink: 12 bytes leftover after parsing attributes in process `syz.2.388'.
[  108.496632][ T6981] netlink: 20 bytes leftover after parsing attributes in process `syz.3.391'.
[  108.547240][ T6984] /dev/rnullb0: Can't open blockdev
[  108.570977][ T6985] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  108.907583][ T7001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.944030][ T7001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  111.014996][ T5880] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  111.023195][ T5880] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  111.030648][ T5880] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  111.038572][ T5880] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  111.046251][ T5880] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  111.208685][ T7045] chnl_net:caif_netlink_parms(): no params data found
[  111.217936][ T7058] netlink: 8 bytes leftover after parsing attributes in process `syz.3.419'.
[  111.227197][ T7058] netlink: 8 bytes leftover after parsing attributes in process `syz.3.419'.
[  111.277975][ T7045] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.285326][ T7045] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.293194][ T7045] bridge_slave_0: entered allmulticast mode
[  111.301112][ T7045] bridge_slave_0: entered promiscuous mode
[  111.309987][ T7045] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.318836][ T7045] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.326433][ T7045] bridge_slave_1: entered allmulticast mode
[  111.333149][ T7045] bridge_slave_1: entered promiscuous mode
[  111.352288][ T7045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.364283][ T7045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.406835][ T7045] team0: Port device team_slave_0 added
[  111.417312][ T7045] team0: Port device team_slave_1 added
[  111.452678][ T7045] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.462072][ T7045] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.489089][ T7045] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.502086][ T7045] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.509254][ T7045] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.537596][ T7045] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.586970][ T7045] hsr_slave_0: entered promiscuous mode
[  111.593504][ T7045] hsr_slave_1: entered promiscuous mode
[  111.602171][ T7045] debugfs: 'hsr0' already exists in 'hsr'
[  111.612276][ T7045] Cannot create hsr debugfs directory
[  111.748379][ T7045] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  111.760766][ T7045] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  111.773180][ T7045] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  111.784065][ T7045] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  111.861571][ T7045] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.868807][ T7045] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.876354][ T7045] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.883568][ T7045] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.951247][ T7045] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.972283][   T72] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.982529][   T72] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.001621][ T7045] 8021q: adding VLAN 0 to HW filter on device team0
[  112.050754][ T3537] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.057946][ T3537] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.092287][   T72] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.099486][   T72] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.119559][  T763] block nbd2: Possible stuck request ffff888025325080: control (read@0,4096B). Runtime 30 seconds
[  112.334487][ T7045] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.639801][ T7045] veth0_vlan: entered promiscuous mode
[  112.653247][ T7045] veth1_vlan: entered promiscuous mode
[  112.686184][ T7045] veth0_macvtap: entered promiscuous mode
[  112.697285][ T7045] veth1_macvtap: entered promiscuous mode
[  112.717600][ T7045] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.733404][ T7045] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.747786][   T72] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.759269][   T72] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.782140][   T72] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.792336][   T72] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.857468][   T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.871242][   T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.893940][ T1017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.908245][ T1017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.078262][ T5880] Bluetooth: hci4: command tx timeout
[  113.173767][ T7110] tipc: Invalid UDP bearer configuration
[  113.173810][ T7110] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  113.655504][ T5914] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  113.826427][ T5914] usb 5-1: config 0 has an invalid interface number: 214 but max is 0
[  113.835035][ T5914] usb 5-1: config 0 has no interface number 0
[  113.841315][ T5914] usb 5-1: config 0 interface 214 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  113.854087][ T5914] usb 5-1: config 0 interface 214 has no altsetting 0
[  113.867627][ T5914] usb 5-1: New USB device found, idVendor=07c9, idProduct=000e, bcdDevice=5d.4f
[  113.880873][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.890294][ T5914] usb 5-1: Product: syz
[  113.894574][ T5914] usb 5-1: Manufacturer: syz
[  113.901170][ T5914] usb 5-1: SerialNumber: syz
[  113.908581][ T5914] usb 5-1: config 0 descriptor??
[  113.914409][ T7120] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  114.127346][ T7120] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  114.518609][ T7134] netlink: 40 bytes leftover after parsing attributes in process `syz.3.441'.
[  114.529249][ T7134] /dev/rnullb0: Can't open blockdev
[  114.692486][ T7140] netlink: 'syz.3.443': attribute type 5 has an invalid length.
[  115.064748][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71
[  115.081271][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0006: -71
[  115.092772][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): invalid MAC address, using random
[  115.119988][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0006: -71
[  115.138493][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0005: -71
[  115.150085][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  115.162079][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  115.166418][ T5880] Bluetooth: hci4: command tx timeout
[  115.173560][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  115.191531][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  115.203485][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0002: -71
[  115.214751][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  115.226477][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0002: -71
[  115.238223][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71
[  115.249750][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71
[  115.261054][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  115.272540][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x001f: -71
[  115.284752][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0019: -71
[  115.298663][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x001f: -71
[  115.310008][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  115.322634][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71
[  115.334076][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  115.345805][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x000e: -71
[  115.357824][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  115.358997][ T7149] netlink: 8 bytes leftover after parsing attributes in process `syz.0.446'.
[  115.369262][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71
[  115.377875][ T7149] netlink: 8 bytes leftover after parsing attributes in process `syz.0.446'.
[  115.401359][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  115.412894][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71
[  115.424461][ T5914] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  115.456505][ T5914] ax88179_178a 5-1:0.214 eth1: register 'ax88179_178a' at usb-dummy_hcd.4-1, AT-UMC2000 USB 3.0/USB 3.1 Gen 1 to Gigabit Ethernet Adapter, 12:79:55:45:e7:bd
[  115.457540][ T7151] FAULT_INJECTION: forcing a failure.
[  115.457540][ T7151] name failslab, interval 1, probability 0, space 0, times 0
[  115.475625][ T5914] usb 5-1: USB disconnect, device number 2
[  115.492942][ T7151] CPU: 1 UID: 0 PID: 7151 Comm: syz.0.447 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) 
[  115.492970][ T7151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  115.492981][ T7151] Call Trace:
[  115.492988][ T7151]  <TASK>
[  115.492996][ T7151]  dump_stack_lvl+0x189/0x250
[  115.493028][ T7151]  ? __pfx____ratelimit+0x10/0x10
[  115.493047][ T7151]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.493073][ T7151]  ? __pfx__printk+0x10/0x10
[  115.493096][ T7151]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  115.493122][ T7151]  should_fail_ex+0x414/0x560
[  115.493150][ T7151]  should_failslab+0xa8/0x100
[  115.493171][ T7151]  kmem_cache_alloc_noprof+0x73/0x3c0
[  115.493189][ T7151]  ? skb_clone+0x212/0x3a0
[  115.493214][ T7151]  skb_clone+0x212/0x3a0
[  115.493239][ T7151]  __netlink_deliver_tap+0x404/0x850
[  115.493264][ T7151]  ? netlink_deliver_tap+0x2e/0x1b0
[  115.493283][ T7151]  netlink_deliver_tap+0x19c/0x1b0
[  115.493302][ T7151]  netlink_dump+0x92b/0xe90
[  115.493324][ T7151]  ? __pfx_netlink_dump+0x10/0x10
[  115.493359][ T7151]  ? kmem_cache_free+0x18f/0x400
[  115.493378][ T7151]  netlink_recvmsg+0x676/0xa30
[  115.493401][ T7151]  ? __pfx_netlink_recvmsg+0x10/0x10
[  115.493422][ T7151]  ? aa_sock_msg_perm+0xf1/0x1d0
[  115.493448][ T7151]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  115.493471][ T7151]  ? security_socket_recvmsg+0x7e/0x2e0
[  115.493488][ T7151]  ? __pfx_netlink_recvmsg+0x10/0x10
[  115.493508][ T7151]  sock_recvmsg+0x22c/0x270
[  115.493526][ T7151]  ____sys_recvmsg+0x1c9/0x460
[  115.493553][ T7151]  ? __pfx_____sys_recvmsg+0x10/0x10
[  115.493582][ T7151]  ? import_iovec+0x74/0xa0
[  115.493603][ T7151]  ___sys_recvmsg+0x1b5/0x510
[  115.493628][ T7151]  ? __pfx____sys_recvmsg+0x10/0x10
[  115.493653][ T7151]  ? __fget_files+0x2a/0x420
[  115.493675][ T7151]  ? rcu_is_watching+0x15/0xb0
[  115.493704][ T7151]  ? __fget_files+0x3a0/0x420
[  115.493731][ T7151]  do_recvmmsg+0x307/0x770
[  115.493758][ T7151]  ? __pfx_do_recvmmsg+0x10/0x10
[  115.493781][ T7151]  ? rcu_is_watching+0x15/0xb0
[  115.493807][ T7151]  ? _copy_from_user+0x94/0xb0
[  115.493835][ T7151]  __x64_sys_recvmmsg+0x1af/0x240
[  115.493859][ T7151]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  115.493881][ T7151]  ? rcu_is_watching+0x15/0xb0
[  115.493904][ T7151]  ? rcu_is_watching+0x15/0xb0
[  115.493927][ T7151]  do_syscall_64+0xfa/0x3b0
[  115.493946][ T7151]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.493963][ T7151]  ? clear_bhb_loop+0x60/0xb0
[  115.493983][ T7151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.494000][ T7151] RIP: 0033:0x7f446af8ebe9
[  115.494017][ T7151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.494032][ T7151] RSP: 002b:00007f446be08038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  115.494054][ T7151] RAX: ffffffffffffffda RBX: 00007f446b1b5fa0 RCX: 00007f446af8ebe9
[  115.494067][ T7151] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  115.494080][ T7151] RBP: 00007f446be08090 R08: 0000200000003700 R09: 0000000000000000
[  115.494092][ T7151] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000002
[  115.494103][ T7151] R13: 00007f446b1b6038 R14: 00007f446b1b5fa0 R15: 00007ffef46bcd18
[  115.494122][ T7151]  </TASK>
[  115.498439][ T5914] ax88179_178a 5-1:0.214 eth1: unregister 'ax88179_178a' usb-dummy_hcd.4-1, AT-UMC2000 USB 3.0/USB 3.1 Gen 1 to Gigabit Ethernet Adapter
[  116.145039][ T6097] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  116.245128][ T5914] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  116.312876][ T6097] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  116.344632][ T6097] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  116.376551][ T6097] usb 1-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  116.384902][ T5914] usb 5-1: device descriptor read/64, error -71
[  116.387317][ T6097] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.412118][ T6097] usb 1-1: config 0 descriptor??
[  116.627109][ T5914] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  116.650218][ T6097] usbhid 1-1:0.0: can't add hid device: -71
[  116.679174][ T6097] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  116.702576][ T7193] netlink: 20 bytes leftover after parsing attributes in process `syz.0.452'.
[  116.728847][ T6097] usb 1-1: USB disconnect, device number 13
[  116.795016][ T5914] usb 5-1: device descriptor read/64, error -71
[  116.819971][ T7155] /dev/rnullb0: Can't open blockdev
[  116.828968][ T7196] netlink: 72 bytes leftover after parsing attributes in process `syz.0.453'.
[  116.915394][ T5914] usb usb5-port1: attempt power cycle
[  117.000229][ T7200] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  117.172573][ T7209] blk_print_req_error: 24 callbacks suppressed
[  117.172587][ T7209] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  117.191722][ T7209] buffer_io_error: 23 callbacks suppressed
[  117.191740][ T7209] Buffer I/O error on dev nbd3, logical block 0, async page read
[  117.206574][ T7209] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  117.216139][ T7209] Buffer I/O error on dev nbd3, logical block 0, async page read
[  117.224107][ T7209] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  117.234716][ T7209] Buffer I/O error on dev nbd3, logical block 0, async page read
[  117.242823][ T7209] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  117.246342][ T5880] Bluetooth: hci4: command tx timeout
[  117.253293][ T7209] Buffer I/O error on dev nbd3, logical block 0, async page read
[  117.265548][ T5914] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  117.266065][ T7209] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  117.282669][ T7209] Buffer I/O error on dev nbd3, logical block 0, async page read
[  117.285586][ T5914] usb 5-1: device descriptor read/8, error -71
[  117.290764][ T7209] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  117.306004][ T7209] Buffer I/O error on dev nbd3, logical block 0, async page read
[  117.313997][ T7209] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  117.324674][ T7209] Buffer I/O error on dev nbd3, logical block 0, async page read
[  117.334255][ T7209] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  117.343904][ T7209] Buffer I/O error on dev nbd3, logical block 0, async page read
[  117.352267][ T7209] ldm_validate_partition_table(): Disk read failed.
[  117.359844][ T7209] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  117.369064][ T7209] Buffer I/O error on dev nbd3, logical block 0, async page read
[  117.377044][ T7209] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  117.386380][ T7209] Buffer I/O error on dev nbd3, logical block 0, async page read
[  117.394394][ T7209] Dev nbd3: unable to read RDB block 0
[  117.400512][ T7209]  nbd3: unable to read partition table
[  117.485457][   T43] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  117.534923][ T5914] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  117.558451][ T5914] usb 5-1: device descriptor read/8, error -71
[  117.635485][   T43] usb 4-1: Using ep0 maxpacket: 16
[  117.643083][   T43] usb 4-1: config 0 has an invalid interface number: 133 but max is 0
[  117.652448][   T43] usb 4-1: config 0 has no interface number 0
[  117.659039][   T43] usb 4-1: config 0 interface 133 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  117.672334][   T43] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  117.675110][ T5914] usb usb5-port1: unable to enumerate USB device
[  117.681690][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.696060][   T43] usb 4-1: Product: syz
[  117.700351][   T43] usb 4-1: Manufacturer: syz
[  117.705070][   T43] usb 4-1: SerialNumber: syz
[  117.711631][   T43] usb 4-1: config 0 descriptor??
[  117.927610][ T7209] block nbd3: Cannot use ioctl interface on a netlink controlled device.
[  118.567284][  T920] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  118.730318][  T920] usb 5-1: Using ep0 maxpacket: 16
[  118.740726][  T920] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  118.751546][  T920] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  118.767809][  T920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.779622][  T920] usb 5-1: config 0 descriptor??
[  119.000713][ T7222] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  119.016640][ T7222] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  119.026068][  T920] usb 5-1: USB disconnect, device number 7
[  119.157080][  T763] block nbd4: Possible stuck request ffff8880253e7000: control (read@0,4096B). Runtime 30 seconds
[  119.316670][ T5880] Bluetooth: hci4: command tx timeout
[  119.838929][ T7250] netlink: 12 bytes leftover after parsing attributes in process `syz.0.475'.
[  120.160324][ T7260] netlink: 72 bytes leftover after parsing attributes in process `syz.4.479'.
[  120.224264][   T43] keyspan 4-1:0.133: Keyspan 1 port adapter converter detected
[  120.256414][   T43] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 81
[  120.273874][   T43] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 1
[  120.299979][   T43] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 2
[  120.310607][ T7265] syzkaller1: entered promiscuous mode
[  120.316253][ T7265] syzkaller1: entered allmulticast mode
[  120.328363][   T43] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  120.341999][   T43] usb 4-1: USB disconnect, device number 15
[  120.357116][   T43] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  120.367225][   T43] keyspan 4-1:0.133: device disconnected
[  120.375478][ T7267] nbd5: detected capacity change from 0 to 549764202496
[  120.397050][ T5880] block nbd5: Receive control failed (result -104)
[  120.497623][ T7274] syz.4.485: attempt to access beyond end of device
[  120.497623][ T7274] loop4: rw=2048, sector=0, nr_sectors = 8 limit=0
[  120.514065][ T7274] SQUASHFS error: Failed to read block 0x0: -5
[  120.520611][ T7274] unable to read squashfs_super_block
[  120.745021][   T43] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  120.894919][   T43] usb 4-1: Using ep0 maxpacket: 16
[  120.902228][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  120.912524][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  120.924883][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  120.934910][   T43] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  120.944567][   T43] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  120.966750][   T43] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  120.984949][   T43] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  120.993003][   T43] usb 4-1: Manufacturer: syz
[  121.004052][   T43] usb 4-1: config 0 descriptor??
[  121.149309][ T7288] mmap: syz.0.490 (7288) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  121.255035][   T43] rc_core: IR keymap rc-hauppauge not found
[  121.261176][   T43] Registered IR keymap rc-empty
[  121.267523][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  121.295012][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  121.316037][   T43] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  121.330583][   T43] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input10
[  121.345059][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  121.365066][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  121.384988][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  121.404985][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  121.425156][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  121.445054][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  121.454945][ T6125] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  121.464956][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  121.484941][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  121.505395][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  121.524974][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  121.546544][   T43] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  121.556000][   T43] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  121.616495][ T6125] usb 1-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[  121.626202][ T6125] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.636704][ T6125] usb 1-1: config 0 descriptor??
[  121.647795][ T6125] usb 1-1: selecting invalid altsetting 3
[  121.653633][ T6125] comedi comedi5: could not set alternate setting 3 in high speed
[  121.661612][ T6125] usbduxsigma 1-1:0.0: driver 'usbduxsigma' failed to auto-configure device.
[  121.672277][ T6125] usbduxsigma 1-1:0.0: probe with driver usbduxsigma failed with error -22
[  121.688644][ T6125] usb 4-1: USB disconnect, device number 16
[  122.378599][ T7301] netlink: 'syz.3.495': attribute type 10 has an invalid length.
[  122.387672][ T7301] netlink: 152 bytes leftover after parsing attributes in process `syz.3.495'.
[  122.397869][ T7301] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  123.397674][ T7309] netlink: 12 bytes leftover after parsing attributes in process `syz.3.499'.
[  123.684957][   T43] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  123.856359][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.867524][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.877471][   T43] usb 4-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  123.887283][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.897124][   T43] usb 4-1: config 0 descriptor??
[  124.153178][   T24] usb 1-1: USB disconnect, device number 14
[  124.221799][  T920] usb 3-1: USB disconnect, device number 3
[  124.290256][ T7316] netlink: 72 bytes leftover after parsing attributes in process `syz.0.503'.
[  124.307164][   T43] hid_parser_main: 59 callbacks suppressed
[  124.307190][   T43] steelseries 0003:1038:12B6.0002: unknown main item tag 0x0
[  124.345314][   T43] steelseries 0003:1038:12B6.0002: unknown main item tag 0x0
[  124.352899][   T43] steelseries 0003:1038:12B6.0002: unknown main item tag 0x0
[  124.374867][   T43] steelseries 0003:1038:12B6.0002: unknown main item tag 0x0
[  124.382418][   T43] steelseries 0003:1038:12B6.0002: unknown main item tag 0x0
[  124.411918][   T43] steelseries 0003:1038:12B6.0002: unknown main item tag 0x0
[  124.421215][   T43] steelseries 0003:1038:12B6.0002: unknown main item tag 0x0
[  124.435148][   T43] steelseries 0003:1038:12B6.0002: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.3-1/input0
[  124.485666][ T7320] nbd6: detected capacity change from 0 to 549764202496
[  124.501717][ T5880] block nbd6: Receive control failed (result -104)
[  124.503320][ T5876] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  124.530150][ T5876] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  124.538912][ T5876] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  124.548468][ T5876] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  124.556217][ T5876] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  124.613374][   T43] steelseries 0003:1038:12B6.0002: hid_hw_raw_request() failed with -71
[  124.639810][   T43] usb 4-1: USB disconnect, device number 17
[  124.701741][ T7329] can0: slcan on ttyS3.
[  124.738021][ T7322] chnl_net:caif_netlink_parms(): no params data found
[  124.805319][ T7322] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.814640][ T7322] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.823856][ T7322] bridge_slave_0: entered allmulticast mode
[  124.833673][ T7322] bridge_slave_0: entered promiscuous mode
[  124.846122][ T7322] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.853590][ T7322] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.862993][ T7322] bridge_slave_1: entered allmulticast mode
[  124.871587][ T7322] bridge_slave_1: entered promiscuous mode
[  124.904330][ T7322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  124.926007][ T7322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  124.955015][ T5914] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  124.972279][ T7322] team0: Port device team_slave_0 added
[  124.984620][ T7322] team0: Port device team_slave_1 added
[  125.021247][ T7322] batman_adv: batadv0: Adding interface: batadv_slave_0
[  125.029001][ T7322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.060462][ T7322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  125.073605][ T7322] batman_adv: batadv0: Adding interface: batadv_slave_1
[  125.081926][ T7322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.108200][    C1] vkms_vblank_simulate: vblank timer overrun
[  125.118413][ T7322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  125.137851][ T5914] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 1455, setting to 64
[  125.155864][ T5914] usb 1-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  125.186374][ T5914] usb 1-1: config 0 interface 0 has no altsetting 0
[  125.193126][ T5914] usb 1-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  125.203709][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.218960][ T5914] usb 1-1: config 0 descriptor??
[  125.224726][ T7326] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  125.238216][ T7322] hsr_slave_0: entered promiscuous mode
[  125.239247][ T7349] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  125.248166][ T7322] hsr_slave_1: entered promiscuous mode
[  125.259767][ T7322] debugfs: 'hsr0' already exists in 'hsr'
[  125.265846][ T7322] Cannot create hsr debugfs directory
[  125.371578][ T7322] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  125.385760][ T7322] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  125.397818][ T7352] /dev/rnullb0: Can't open blockdev
[  125.398646][ T7322] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  125.413233][ T7322] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  125.460175][ T7363] IPv4: Oversized IP packet from 172.20.20.24
[  125.467415][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  125.473777][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  125.499334][ T7329] /dev/rnullb0: Can't open blockdev
[  125.512113][ T7322] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.519405][ T7322] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.527137][ T7322] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.534287][ T7322] bridge0: port 1(bridge_slave_0) entered forwarding state
[  125.546509][ T7326] can0 (unregistered): slcan off ttyS3.
[  125.577646][ T5914] usbhid 1-1:0.0: can't add hid device: -71
[  125.583863][ T5914] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  125.606304][ T5914] usb 1-1: USB disconnect, device number 15
[  125.647382][ T7322] 8021q: adding VLAN 0 to HW filter on device bond0
[  125.676799][ T3610] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.692245][ T3610] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.710950][ T7322] 8021q: adding VLAN 0 to HW filter on device team0
[  125.723997][ T3610] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.731175][ T3610] bridge0: port 1(bridge_slave_0) entered forwarding state
[  125.750355][ T3610] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.757562][ T3610] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.083612][ T7322] 8021q: adding VLAN 0 to HW filter on device batadv0
[  126.595832][ T5871] Bluetooth: hci5: command tx timeout
[  126.812534][ T7322] veth0_vlan: entered promiscuous mode
[  126.824418][ T7322] veth1_vlan: entered promiscuous mode
[  126.914208][ T7322] veth0_macvtap: entered promiscuous mode
[  126.934603][ T7419] /dev/rnullb0: Can't open blockdev
[  126.951657][ T7322] veth1_macvtap: entered promiscuous mode
[  126.980764][ T7322] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.021483][ T7322] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.032033][ T7424] netlink: 1748 bytes leftover after parsing attributes in process `syz.3.518'.
[  127.043650][   T49] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.055730][   T49] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.079968][   T49] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.101049][   T49] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.166423][ T3610] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.186184][ T3610] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.229197][ T1017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.240516][ T1017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.645575][ T7470] netlink: 72 bytes leftover after parsing attributes in process `syz.3.535'.
[  128.675104][ T5871] Bluetooth: hci5: command tx timeout
[  128.724546][ T7476] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  129.881828][ T7508] netlink: 28 bytes leftover after parsing attributes in process `syz.0.551'.
[  129.967061][ T7512] netlink: 188 bytes leftover after parsing attributes in process `syz.0.551'.
[  130.755238][ T5871] Bluetooth: hci5: command tx timeout
[  130.785162][ T7532] cgroup: Invalid name
[  131.025072][   T43] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  131.255765][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.279666][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  131.290713][ T7543] netlink: 12 bytes leftover after parsing attributes in process `syz.3.565'.
[  131.296625][   T43] usb 1-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[  131.311487][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.369264][   T43] usb 1-1: config 0 descriptor??
[  131.624922][  T920] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  131.787962][   T43] elo 0003:04E7:0030.0003: unknown main item tag 0x0
[  131.796850][   T43] elo 0003:04E7:0030.0003: item fetching failed at offset 3/7
[  131.816502][   T43] elo 0003:04E7:0030.0003: parse failed
[  131.823545][   T43] elo 0003:04E7:0030.0003: probe with driver elo failed with error -22
[  131.898765][  T920] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  131.909208][  T920] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  131.921352][  T920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  131.932856][  T920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  131.943347][  T920] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  131.959367][  T920] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  131.977492][  T920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  131.985982][  T920] usb 4-1: Product: syz
[  131.990281][  T920] usb 4-1: Manufacturer: syz
[  131.995295][  T920] usb 4-1: SerialNumber: syz
[  132.002118][  T920] usb 4-1: config 0 descriptor??
[  132.006927][ T7532] /dev/nullb0: Can't open blockdev
[  132.210423][  T920] radio-si470x 4-1:0.0: DeviceID=0xd571 ChipID=0xe350
[  132.237944][  T920] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -71
[  132.261323][  T920] radio-si470x 4-1:0.0: si470x_get_scratch: si470x_get_report returned -71
[  132.281499][  T920] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5
[  132.302591][  T920] usb 4-1: USB disconnect, device number 18
[  132.368870][ T7553] /dev/rnullb0: Can't open blockdev
[  132.389409][ T7513] Set syz1 is full, maxelem 65536 reached
[  132.835893][ T5871] Bluetooth: hci5: command tx timeout
[  133.010033][ T7574] raw_sendmsg: syz.3.576 forgot to set AF_INET. Fix it!
[  133.018924][ T7574] blk_print_req_error: 6 callbacks suppressed
[  133.018944][ T7574] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.036504][ T7574] buffer_io_error: 6 callbacks suppressed
[  133.036524][ T7574] Buffer I/O error on dev nbd3, logical block 0, async page read
[  133.050395][ T7574] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.059923][ T7574] Buffer I/O error on dev nbd3, logical block 0, async page read
[  133.068007][ T7574] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.077237][ T7574] Buffer I/O error on dev nbd3, logical block 0, async page read
[  133.086013][ T7574] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.095597][ T7574] Buffer I/O error on dev nbd3, logical block 0, async page read
[  133.105006][ T7574] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.114518][ T7574] Buffer I/O error on dev nbd3, logical block 0, async page read
[  133.122663][ T7574] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.132088][ T7574] Buffer I/O error on dev nbd3, logical block 0, async page read
[  133.140194][ T7574] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.149465][ T7574] Buffer I/O error on dev nbd3, logical block 0, async page read
[  133.157960][ T7574] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.167559][ T7574] Buffer I/O error on dev nbd3, logical block 0, async page read
[  133.175781][ T7574] ldm_validate_partition_table(): Disk read failed.
[  133.182662][ T7574] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.191916][ T7574] Buffer I/O error on dev nbd3, logical block 0, async page read
[  133.199943][ T7574] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.210909][ T7574] Buffer I/O error on dev nbd3, logical block 0, async page read
[  133.219091][ T7574] Dev nbd3: unable to read RDB block 0
[  133.225406][ T7574]  nbd3: unable to read partition table
[  133.240603][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  133.247498][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  133.264906][   T55] block nbd0: Possible stuck request ffff8880252b7000: control (read@0,4096B). Runtime 60 seconds
[  133.617682][   T24] usb 1-1: USB disconnect, device number 16
[  134.114301][ T7591] netlink: 8 bytes leftover after parsing attributes in process `syz.3.582'.
[  134.136931][ T7591] netlink: 8 bytes leftover after parsing attributes in process `syz.3.582'.
[  134.383827][ T7601] /dev/rnullb0: Can't open blockdev
[  134.424197][ T7605] netlink: 'syz.3.588': attribute type 2 has an invalid length.
[  134.442013][ T7605] netlink: 'syz.3.588': attribute type 1 has an invalid length.
[  134.458262][ T7607] IPv4: Oversized IP packet from 172.20.20.24
[  134.464870][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  134.467911][ T7605] /dev/rnullb0: Can't open blockdev
[  134.471187][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  134.564918][ T5965] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  134.630117][ T7619] tipc: Started in network mode
[  134.635843][ T7619] tipc: Node identity 0000000000005f000000000000000001, cluster identity 4711
[  134.647261][ T7619] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  134.724943][ T5965] usb 1-1: Using ep0 maxpacket: 16
[  134.733994][ T5965] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  134.749183][ T5965] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  134.758668][ T5965] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.768637][ T5965] usb 1-1: config 0 descriptor??
[  134.802608][ T7626] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  134.814410][ T7626] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  134.827848][ T7626] /dev/rnullb0: Can't open blockdev
[  134.985270][ T7599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  134.998669][ T7599] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  135.027528][ T5965] usb 1-1: USB disconnect, device number 17
[  135.453220][ T7648] FAULT_INJECTION: forcing a failure.
[  135.453220][ T7648] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  135.473672][ T7648] CPU: 0 UID: 0 PID: 7648 Comm: syz.3.606 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) 
[  135.473701][ T7648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  135.473712][ T7648] Call Trace:
[  135.473720][ T7648]  <TASK>
[  135.473727][ T7648]  dump_stack_lvl+0x189/0x250
[  135.473758][ T7648]  ? __pfx____ratelimit+0x10/0x10
[  135.473777][ T7648]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.473803][ T7648]  ? __pfx__printk+0x10/0x10
[  135.473826][ T7648]  ? __might_fault+0xb0/0x130
[  135.473847][ T7648]  ? rcu_is_watching+0x15/0xb0
[  135.473870][ T7648]  should_fail_ex+0x414/0x560
[  135.473896][ T7648]  _copy_from_user+0x2d/0xb0
[  135.473919][ T7648]  ___sys_recvmsg+0x12e/0x510
[  135.473946][ T7648]  ? __pfx____sys_recvmsg+0x10/0x10
[  135.473970][ T7648]  ? __fget_files+0x2a/0x420
[  135.474001][ T7648]  ? __pfx_set_normalized_timespec64+0x10/0x10
[  135.474022][ T7648]  ? lock_release+0x4b/0x3e0
[  135.474044][ T7648]  do_recvmmsg+0x307/0x770
[  135.474070][ T7648]  ? __pfx_do_recvmmsg+0x10/0x10
[  135.474092][ T7648]  ? rcu_is_watching+0x15/0xb0
[  135.474118][ T7648]  ? _copy_from_user+0x94/0xb0
[  135.474143][ T7648]  __x64_sys_recvmmsg+0x1af/0x240
[  135.474179][ T7648]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  135.474201][ T7648]  ? rcu_is_watching+0x15/0xb0
[  135.474225][ T7648]  ? rcu_is_watching+0x15/0xb0
[  135.474248][ T7648]  do_syscall_64+0xfa/0x3b0
[  135.474267][ T7648]  ? rcu_is_watching+0x15/0xb0
[  135.474288][ T7648]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.474306][ T7648]  ? clear_bhb_loop+0x60/0xb0
[  135.474325][ T7648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.474343][ T7648] RIP: 0033:0x7fdb9098ebe9
[  135.474360][ T7648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.474376][ T7648] RSP: 002b:00007fdb917f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  135.474397][ T7648] RAX: ffffffffffffffda RBX: 00007fdb90bb5fa0 RCX: 00007fdb9098ebe9
[  135.474410][ T7648] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  135.474423][ T7648] RBP: 00007fdb917f9090 R08: 0000200000003700 R09: 0000000000000000
[  135.474435][ T7648] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000002
[  135.474448][ T7648] R13: 00007fdb90bb6038 R14: 00007fdb90bb5fa0 R15: 00007ffc30e2ff68
[  135.474468][ T7648]  </TASK>
[  136.014279][ T5876] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  136.024584][ T5876] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  136.037535][ T5876] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  136.047548][ T5876] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  136.055343][ T5876] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  136.624096][ T7659] chnl_net:caif_netlink_parms(): no params data found
[  136.664838][ T7669] nbd7: detected capacity change from 0 to 549764202496
[  136.681114][ T5876] block nbd7: Receive control failed (result -104)
[  136.809146][ T7659] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.822973][ T7659] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.831258][ T7659] bridge_slave_0: entered allmulticast mode
[  136.839208][ T7659] bridge_slave_0: entered promiscuous mode
[  136.848492][ T7659] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.856981][ T7659] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.864328][ T7659] bridge_slave_1: entered allmulticast mode
[  136.879864][ T7659] bridge_slave_1: entered promiscuous mode
[  136.929544][ T7659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  136.951987][ T7659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  136.984228][ T7659] team0: Port device team_slave_0 added
[  136.996440][ T7659] team0: Port device team_slave_1 added
[  137.034887][ T7659] batman_adv: batadv0: Adding interface: batadv_slave_0
[  137.041968][ T7659] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.082168][  T763] block nbd1: Possible stuck request ffff8880252e7000: control (read@0,4096B). Runtime 60 seconds
[  137.093493][ T7659] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  137.112447][ T7659] batman_adv: batadv0: Adding interface: batadv_slave_1
[  137.119996][ T7659] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.146294][ T7659] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  137.156762][ T6097] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  137.205921][ T7659] hsr_slave_0: entered promiscuous mode
[  137.212363][ T7659] hsr_slave_1: entered promiscuous mode
[  137.219072][ T7659] debugfs: 'hsr0' already exists in 'hsr'
[  137.224894][ T7659] Cannot create hsr debugfs directory
[  137.325294][ T6097] usb 1-1: Using ep0 maxpacket: 16
[  137.339313][ T6097] usb 1-1: config 1 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  137.351956][ T6097] usb 1-1: config 1 interface 0 altsetting 6 bulk endpoint 0x82 has invalid maxpacket 16
[  137.356475][ T7659] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  137.366678][ T6097] usb 1-1: config 1 interface 0 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 32
[  137.382889][ T6097] usb 1-1: config 1 interface 0 has no altsetting 0
[  137.390008][ T7659] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  137.399954][ T6097] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  137.410857][ T6097] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.414245][ T7659] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  137.425994][ T6097] usb 1-1: Product: �
[  137.436865][ T5965] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  137.447882][ T6097] usb 1-1: Manufacturer: 凌髡疫ṵ㢣著�➔鿉鴂�谘ꎇ�ڎ㗹੔눧�令ᆮ�阿茦ꫪ嬦�ഫ〤�棿㼹➟⫩˯衈鳨⠳↾窄鯆뼭騅߻ꟹ�췭�ꆈ砰�ஓ旴�क䡄课⻵ާ�扥斤౰ਬ涄ᨥ멷��㧒柧쬗瞴�ᡯ�䮠鉳�暡褼匵㷴ꋤ䋆蟆ẇ྿졮⃙㬪ቂ࿔Ⅱ薅㙟៌豆
[  137.479721][    C1] vkms_vblank_simulate: vblank timer overrun
[  137.487093][ T6097] usb 1-1: SerialNumber: Չ��㦡ᇰ泸�ﵮ筈�෠ꂱ쭯ﱊ畞ྔ塽ᅞ�ᗈꂘ�㈦ⷺʅ����籵㨧鷈曞쩽㼿�撂⫙ࡿ怾嵷䃇뗫๢棱�਎�ꨞ왇뫠蠀쒆ﻼ谢໫Ẓ痔轡륅霥
[  137.512379][ T7659] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  137.528778][ T7672] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  137.543926][ T7672] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  137.568864][ T7689] 8021q: adding VLAN 0 to HW filter on device bond0
[  137.579703][ T7689] bond0: (slave rose0): Enslaving as an active interface with an up link
[  137.637775][ T5965] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  137.661869][ T7659] 8021q: adding VLAN 0 to HW filter on device bond0
[  137.670702][ T5965] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  137.682575][ T5965] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  137.694083][ T5965] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.706856][ T5965] usb 4-1: Product: syz
[  137.721680][ T5965] usb 4-1: Manufacturer: syz
[  137.723300][ T7659] 8021q: adding VLAN 0 to HW filter on device team0
[  137.727201][ T5965] usb 4-1: SerialNumber: syz
[  137.743468][   T72] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.750836][   T72] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.787438][   T72] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.794713][   T72] bridge0: port 2(bridge_slave_1) entered forwarding state
[  137.905750][ T5914] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  137.979514][ T6097] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  138.018580][ T6097] usb 1-1: USB disconnect, device number 18
[  138.045086][ T5914] usb 6-1: device descriptor read/64, error -71
[  138.116574][ T5876] Bluetooth: hci6: command tx timeout
[  138.185114][ T7659] 8021q: adding VLAN 0 to HW filter on device batadv0
[  138.305443][ T5914] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  138.444911][ T5914] usb 6-1: device descriptor read/64, error -71
[  138.523910][ T7659] veth0_vlan: entered promiscuous mode
[  138.543293][ T7659] veth1_vlan: entered promiscuous mode
[  138.555759][ T5914] usb usb6-port1: attempt power cycle
[  138.591028][ T7659] veth0_macvtap: entered promiscuous mode
[  138.612719][ T7659] veth1_macvtap: entered promiscuous mode
[  138.635463][ T7659] batman_adv: batadv0: Interface activated: batadv_slave_0
[  138.656435][ T7659] batman_adv: batadv0: Interface activated: batadv_slave_1
[  138.690712][ T1017] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  138.715343][ T1017] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  138.724403][ T1017] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  138.762940][ T1017] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  138.808244][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.820516][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.858578][ T1017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.870291][ T1017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.894925][ T5914] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  138.926200][ T5914] usb 6-1: device descriptor read/8, error -71
[  139.185229][ T5914] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  139.216196][ T5914] usb 6-1: device descriptor read/8, error -71
[  139.335396][ T5914] usb usb6-port1: unable to enumerate USB device
[  140.112239][ T7775] IPv4: Oversized IP packet from 172.20.20.24
[  140.118950][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  140.125577][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  140.175010][ T7779] netlink: 12 bytes leftover after parsing attributes in process `syz.6.630'.
[  140.195045][ T5876] Bluetooth: hci6: command tx timeout
[  140.241765][ T5965] usb 4-1: 0:2 : does not exist
[  140.274180][ T5965] usb 4-1: USB disconnect, device number 19
[  140.306581][ T7782] nbd8: detected capacity change from 0 to 549764202496
[  140.307258][ T5876] block nbd8: Receive control failed (result -32)
[  140.310896][ T5865] block nbd8: Dead connection, failed to find a fallback
[  140.310918][ T5865] block nbd8: shutting down sockets
[  140.310932][ T5865] blk_print_req_error: 6 callbacks suppressed
[  140.310943][ T5865] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  140.310967][ T5865] buffer_io_error: 6 callbacks suppressed
[  140.310976][ T5865] Buffer I/O error on dev nbd8, logical block 0, async page read
[  140.311107][ T5865] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  140.311131][ T5865] Buffer I/O error on dev nbd8, logical block 0, async page read
[  140.311220][ T5865] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  140.311254][ T5865] Buffer I/O error on dev nbd8, logical block 0, async page read
[  140.311347][ T5865] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  140.311370][ T5865] Buffer I/O error on dev nbd8, logical block 0, async page read
[  140.311482][ T5865] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  140.311496][ T7546] udevd[7546]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  140.311504][ T5865] Buffer I/O error on dev nbd8, logical block 0, async page read
[  140.311610][ T5865] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  140.311633][ T5865] Buffer I/O error on dev nbd8, logical block 0, async page read
[  140.311740][ T5865] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  140.311763][ T5865] Buffer I/O error on dev nbd8, logical block 0, async page read
[  140.311850][ T5865] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  140.311873][ T5865] Buffer I/O error on dev nbd8, logical block 0, async page read
[  140.311930][ T5865] ldm_validate_partition_table(): Disk read failed.
[  140.311978][ T5865] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  140.311999][ T5865] Buffer I/O error on dev nbd8, logical block 0, async page read
[  140.312089][ T5865] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  140.312112][ T5865] Buffer I/O error on dev nbd8, logical block 0, async page read
[  140.312326][ T5865] Dev nbd8: unable to read RDB block 0
[  140.312714][ T5865]  nbd8: unable to read partition table
[  140.335303][ T5865] ldm_validate_partition_table(): Disk read failed.
[  140.586730][ T5865] Dev nbd8: unable to read RDB block 0
[  140.587123][ T5865]  nbd8: unable to read partition table
[  141.038678][ T7803] /dev/rnullb0: Can't open blockdev
[  141.095109][   T43] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  141.254952][   T43] usb 7-1: Using ep0 maxpacket: 16
[  141.262608][   T43] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  141.276384][   T43] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  141.286031][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.301326][   T43] usb 7-1: config 0 descriptor??
[  141.520206][ T7801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  141.532016][ T7801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  141.543835][   T43] usb 7-1: USB disconnect, device number 2
[  141.891254][ T7822] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  142.084118][ T7831] IPv4: Oversized IP packet from 172.20.20.24
[  142.090649][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  142.097108][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  142.161121][ T7834] 9pnet_virtio: no channels available for device ./cgroup
[  142.204923][  T763] block nbd2: Possible stuck request ffff888025325080: control (read@0,4096B). Runtime 60 seconds
[  142.277775][ T5876] Bluetooth: hci6: command tx timeout
[  142.315084][ T6097] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  142.475395][ T6097] usb 1-1: no configurations
[  142.483505][ T6097] usb 1-1: can't read configurations, error -22
[  142.636132][ T6097] usb 1-1: new full-speed USB device number 20 using dummy_hcd
[  142.807779][ T6097] usb 1-1: no configurations
[  142.816495][ T6097] usb 1-1: can't read configurations, error -22
[  142.833471][ T6097] usb usb1-port1: attempt power cycle
[  143.010329][ T7839] netlink: 12 bytes leftover after parsing attributes in process `syz.3.655'.
[  143.262630][ T6097] usb 1-1: new full-speed USB device number 21 using dummy_hcd
[  143.316070][ T6097] usb 1-1: no configurations
[  143.320877][ T6097] usb 1-1: can't read configurations, error -22
[  143.464898][ T6097] usb 1-1: new full-speed USB device number 22 using dummy_hcd
[  143.496557][ T6097] usb 1-1: no configurations
[  143.501326][ T6097] usb 1-1: can't read configurations, error -22
[  143.515310][ T6097] usb usb1-port1: unable to enumerate USB device
[  143.634924][   T43] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  143.805098][   T43] usb 4-1: Using ep0 maxpacket: 16
[  143.812945][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.823758][   T43] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  143.833070][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.843391][   T43] usb 4-1: config 0 descriptor??
[  144.080755][ T7852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.090683][ T7852] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.107201][ T5907] usb 4-1: USB disconnect, device number 20
[  144.151910][ T7836] Set syz1 is full, maxelem 65536 reached
[  144.355403][ T5876] Bluetooth: hci6: command tx timeout
[  145.397006][ T7882] nbd9: detected capacity change from 0 to 549764202496
[  145.410458][ T5876] block nbd9: Receive control failed (result -104)
[  145.456772][ T5914] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  145.524046][ T7886] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  145.524073][ T7886] overlayfs: failed to set xattr on upper
[  145.538267][ T7886] overlayfs: ...falling back to redirect_dir=nofollow.
[  145.538284][ T7886] overlayfs: ...falling back to index=off.
[  145.548869][ T7886] /dev/rnullb0: Can't open blockdev
[  145.625898][ T5914] usb 1-1: Using ep0 maxpacket: 16
[  145.630253][ T7892] program syz.6.679 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  145.633803][ T5914] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  145.652450][ T7892] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  145.663023][ T5914] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  145.680900][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.720328][ T7896] netlink: 12 bytes leftover after parsing attributes in process `syz.6.681'.
[  145.721068][ T5914] usb 1-1: config 0 descriptor??
[  145.959315][ T7878] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.972711][ T7878] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.974884][    T9] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  145.981868][ T6125] usb 1-1: USB disconnect, device number 23
[  146.154870][    T9] usb 4-1: Using ep0 maxpacket: 16
[  146.161710][    T9] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  146.179006][    T9] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=76.fe
[  146.188775][    T9] usb 4-1: New USB device strings: Mfr=1, Product=18, SerialNumber=3
[  146.197288][    T9] usb 4-1: Product: syz
[  146.201675][    T9] usb 4-1: Manufacturer: syz
[  146.207144][    T9] usb 4-1: SerialNumber: syz
[  146.231542][    T9] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  146.429637][ T3610] usb 4-1: Failed to submit usb control message: -71
[  146.430394][ T6125] usb 4-1: USB disconnect, device number 21
[  146.450573][ T3610] usb 4-1: unable to send the bmi data to the device: -71
[  146.460262][ T3610] usb 4-1: unable to get target info from device
[  146.473162][ T3610] usb 4-1: could not get target info (-71)
[  146.482836][ T3610] usb 4-1: could not probe fw (-71)
[  146.857998][ T7918] netlink: 72 bytes leftover after parsing attributes in process `syz.0.688'.
[  147.013149][ T7934] FAULT_INJECTION: forcing a failure.
[  147.013149][ T7934] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  147.029713][ T7934] CPU: 1 UID: 0 PID: 7934 Comm: syz.0.694 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) 
[  147.029869][ T7934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  147.029883][ T7934] Call Trace:
[  147.029890][ T7934]  <TASK>
[  147.029896][ T7934]  dump_stack_lvl+0x189/0x250
[  147.029919][ T7934]  ? __pfx____ratelimit+0x10/0x10
[  147.029931][ T7934]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.029946][ T7934]  ? __pfx__printk+0x10/0x10
[  147.029961][ T7934]  ? __might_fault+0xb0/0x130
[  147.029973][ T7934]  ? rcu_is_watching+0x15/0xb0
[  147.029987][ T7934]  should_fail_ex+0x414/0x560
[  147.030005][ T7934]  _copy_from_user+0x2d/0xb0
[  147.030018][ T7934]  ___sys_sendmsg+0x158/0x2a0
[  147.030034][ T7934]  ? __pfx____sys_sendmsg+0x10/0x10
[  147.030055][ T7934]  ? __fget_files+0x2a/0x420
[  147.030069][ T7934]  ? __fget_files+0x3a0/0x420
[  147.030085][ T7934]  __x64_sys_sendmsg+0x19b/0x260
[  147.030099][ T7934]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  147.030115][ T7934]  ? __pfx_ksys_write+0x10/0x10
[  147.030129][ T7934]  ? rcu_is_watching+0x15/0xb0
[  147.030143][ T7934]  do_syscall_64+0xfa/0x3b0
[  147.030155][ T7934]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.030166][ T7934]  ? clear_bhb_loop+0x60/0xb0
[  147.030178][ T7934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.030189][ T7934] RIP: 0033:0x7f446af8ebe9
[  147.030200][ T7934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.030210][ T7934] RSP: 002b:00007f446be08038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  147.030234][ T7934] RAX: ffffffffffffffda RBX: 00007f446b1b5fa0 RCX: 00007f446af8ebe9
[  147.030243][ T7934] RDX: 0000000020000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  147.030251][ T7934] RBP: 00007f446be08090 R08: 0000000000000000 R09: 0000000000000000
[  147.030258][ T7934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.030265][ T7934] R13: 00007f446b1b6038 R14: 00007f446b1b5fa0 R15: 00007ffef46bcd18
[  147.030276][ T7934]  </TASK>
[  147.238743][    C1] vkms_vblank_simulate: vblank timer overrun
[  147.244979][    T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  147.375016][ T6125] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  147.415022][    T9] usb 7-1: Using ep0 maxpacket: 32
[  147.424929][    T9] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  147.434610][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.450396][    T9] usb 7-1: config 0 descriptor??
[  147.461966][    T9] gspca_main: nw80x-2.14.0 probing 055f:d001
[  147.515279][ T7944] nbd10: detected capacity change from 0 to 549764202496
[  147.523871][ T5876] block nbd10: Receive control failed (result -104)
[  147.530561][ T6125] usb 4-1: Using ep0 maxpacket: 8
[  147.537079][ T6125] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  147.550610][ T6125] usb 4-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  147.560956][ T6125] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.571809][ T6125] usb 4-1: Product: syz
[  147.576699][ T6125] usb 4-1: Manufacturer: syz
[  147.581508][ T6125] usb 4-1: SerialNumber: syz
[  147.582916][ T6125] usb 4-1: config 0 descriptor??
[  147.596096][ T6125] gspca_main: stk014-2.14.0 probing 05e1:0893
[  147.596218][ T6125] usb 4-1: selecting invalid altsetting 1
[  147.792755][ T6125] gspca_stk014: init reg: 0x00
[  147.799098][ T6125] stk014 4-1:0.0: probe with driver stk014 failed with error -5
[  147.863644][    T9] gspca_nw80x: reg_w err -71
[  147.880206][    T9] nw80x 7-1:0.0: probe with driver nw80x failed with error -71
[  147.898915][    T9] usb 7-1: USB disconnect, device number 3
[  148.786241][ T7960] netlink: 12 bytes leftover after parsing attributes in process `syz.0.703'.
[  149.045999][   T43] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  149.187435][   T43] usb 7-1: device descriptor read/64, error -71
[  149.235298][  T763] block nbd4: Possible stuck request ffff8880253e7000: control (read@0,4096B). Runtime 60 seconds
[  149.318154][ T5907] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  149.435087][   T43] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  149.475245][ T5907] usb 1-1: Using ep0 maxpacket: 16
[  149.483576][ T5907] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  149.499869][ T5907] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  149.511863][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.529416][ T5907] usb 1-1: config 0 descriptor??
[  149.577424][   T43] usb 7-1: device descriptor read/64, error -71
[  149.697140][   T43] usb usb7-port1: attempt power cycle
[  149.761820][ T7970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  149.773654][ T7970] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  149.804570][ T5907] usb 1-1: USB disconnect, device number 24
[  150.006347][ T5907] usb 4-1: USB disconnect, device number 22
[  150.068845][   T43] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  150.107615][   T43] usb 7-1: device descriptor read/8, error -71
[  150.366723][   T43] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  150.418803][   T43] usb 7-1: device descriptor read/8, error -71
[  150.558866][   T55] block nbd5: Possible stuck request ffff888025857000: control (read@0,4096B). Runtime 30 seconds
[  150.665183][   T43] usb usb7-port1: unable to enumerate USB device
[  150.777061][ T7988] Set syz1 is full, maxelem 65536 reached
[  150.825367][ T7999] netlink: 8 bytes leftover after parsing attributes in process `syz.0.712'.
[  150.838019][ T7999] netlink: 8 bytes leftover after parsing attributes in process `syz.0.712'.
[  150.947723][ T8004] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  151.040892][ T8008] /dev/rnullb0: Can't open blockdev
[  151.048446][ T8009] netlink: 72 bytes leftover after parsing attributes in process `syz.0.716'.
[  151.214672][ T8018] FAULT_INJECTION: forcing a failure.
[  151.214672][ T8018] name failslab, interval 1, probability 0, space 0, times 0
[  151.234901][ T8018] CPU: 0 UID: 0 PID: 8018 Comm: syz.3.721 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) 
[  151.234929][ T8018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  151.234941][ T8018] Call Trace:
[  151.234949][ T8018]  <TASK>
[  151.234957][ T8018]  dump_stack_lvl+0x189/0x250
[  151.234987][ T8018]  ? __pfx____ratelimit+0x10/0x10
[  151.235006][ T8018]  ? __pfx_dump_stack_lvl+0x10/0x10
[  151.235030][ T8018]  ? __pfx__printk+0x10/0x10
[  151.235056][ T8018]  ? fs_reclaim_acquire+0x7d/0x100
[  151.235076][ T8018]  ? rcu_is_watching+0x15/0xb0
[  151.235098][ T8018]  ? __pfx___might_resched+0x10/0x10
[  151.235119][ T8018]  ? lock_acquire+0x5f/0x360
[  151.235138][ T8018]  should_fail_ex+0x414/0x560
[  151.235164][ T8018]  should_failslab+0xa8/0x100
[  151.235187][ T8018]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  151.235206][ T8018]  ? __alloc_skb+0x112/0x2d0
[  151.235229][ T8018]  __alloc_skb+0x112/0x2d0
[  151.235251][ T8018]  netlink_sendmsg+0x5c6/0xb30
[  151.235276][ T8018]  ? __pfx_netlink_sendmsg+0x10/0x10
[  151.235299][ T8018]  ? aa_sock_msg_perm+0xf1/0x1d0
[  151.235325][ T8018]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  151.235351][ T8018]  ? __pfx_netlink_sendmsg+0x10/0x10
[  151.235371][ T8018]  __sock_sendmsg+0x21c/0x270
[  151.235409][ T8018]  ____sys_sendmsg+0x505/0x830
[  151.235436][ T8018]  ? __pfx_____sys_sendmsg+0x10/0x10
[  151.235463][ T8018]  ? import_iovec+0x74/0xa0
[  151.235486][ T8018]  ___sys_sendmsg+0x21f/0x2a0
[  151.235511][ T8018]  ? __pfx____sys_sendmsg+0x10/0x10
[  151.235549][ T8018]  ? __fget_files+0x2a/0x420
[  151.235573][ T8018]  ? __fget_files+0x3a0/0x420
[  151.235602][ T8018]  __x64_sys_sendmsg+0x19b/0x260
[  151.235626][ T8018]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  151.235654][ T8018]  ? __pfx_ksys_write+0x10/0x10
[  151.235675][ T8018]  ? rcu_is_watching+0x15/0xb0
[  151.235699][ T8018]  ? rcu_is_watching+0x15/0xb0
[  151.235723][ T8018]  do_syscall_64+0xfa/0x3b0
[  151.235744][ T8018]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.235762][ T8018]  ? clear_bhb_loop+0x60/0xb0
[  151.235784][ T8018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.235803][ T8018] RIP: 0033:0x7fdb9098ebe9
[  151.235820][ T8018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  151.235855][ T8018] RSP: 002b:00007fdb917f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  151.235876][ T8018] RAX: ffffffffffffffda RBX: 00007fdb90bb5fa0 RCX: 00007fdb9098ebe9
[  151.235890][ T8018] RDX: 0000000020000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  151.235902][ T8018] RBP: 00007fdb917f9090 R08: 0000000000000000 R09: 0000000000000000
[  151.235914][ T8018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  151.235925][ T8018] R13: 00007fdb90bb6038 R14: 00007fdb90bb5fa0 R15: 00007ffc30e2ff68
[  151.235945][ T8018]  </TASK>
[  151.298418][ T8020] dvmrp0: entered allmulticast mode
[  151.538033][ T8024] dvmrp0: left allmulticast mode
[  151.785395][ T5914] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  151.862378][ T8037] fuse: Unknown parameter 'u™ ›¿)¹²³00000000000000000000'
[  151.907699][ T8039] netlink: 'syz.6.729': attribute type 1 has an invalid length.
[  151.915620][    T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  151.928064][ T8039] /dev/rnullb0: Can't open blockdev
[  151.936643][ T5914] usb 1-1: New USB device found, idVendor=172f, idProduct=0032, bcdDevice= 0.00
[  151.946642][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.958757][ T5914] usb 1-1: config 0 descriptor??
[  152.077883][    T9] usb 4-1: Using ep0 maxpacket: 16
[  152.087675][    T9] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  152.106054][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.114157][    T9] usb 4-1: Product: syz
[  152.125845][    T9] usb 4-1: Manufacturer: syz
[  152.130797][    T9] usb 4-1: SerialNumber: syz
[  152.161788][ T8047] comedi comedi0: Minor 3 could not be opened
[  152.167259][    T9] usb 4-1: config 0 descriptor??
[  152.176941][    T9] visor 4-1:0.0: Sony Clie 3.5 converter detected
[  152.280782][ T8049] kernel profiling enabled (shift: 5)
[  152.333612][ T8050] /dev/rnullb0: Can't open blockdev
[  152.370624][ T5914] waltop 0003:172F:0032.0004: item fetching failed at offset 3/5
[  152.385506][    T9] usb 4-1: clie_3_5_startup: get config number failed: -71
[  152.394510][ T5914] waltop 0003:172F:0032.0004: probe with driver waltop failed with error -22
[  152.403772][    T9] visor 4-1:0.0: probe with driver visor failed with error -71
[  152.427724][    T9] usb 4-1: USB disconnect, device number 23
[  152.519320][ T8056] /dev/rnullb0: Can't open blockdev
[  152.682493][ T5965] usb 1-1: USB disconnect, device number 25
[  152.797424][ T5871] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  152.805171][ T5871] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  152.812559][ T5871] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  152.820730][ T5871] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  152.828432][ T5871] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  152.960939][ T8062] chnl_net:caif_netlink_parms(): no params data found
[  153.024062][ T8062] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.033199][ T8062] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.040867][ T8062] bridge_slave_0: entered allmulticast mode
[  153.050142][ T8062] bridge_slave_0: entered promiscuous mode
[  153.058665][ T8062] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.065886][ T8062] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.074313][ T8062] bridge_slave_1: entered allmulticast mode
[  153.083058][ T8062] bridge_slave_1: entered promiscuous mode
[  153.111673][ T8062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  153.123481][ T8062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  153.176185][ T8062] team0: Port device team_slave_0 added
[  153.190791][ T8062] team0: Port device team_slave_1 added
[  153.236807][ T8062] batman_adv: batadv0: Adding interface: batadv_slave_0
[  153.249810][ T8062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.277780][ T8062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  153.289849][ T8062] batman_adv: batadv0: Adding interface: batadv_slave_1
[  153.296994][ T8062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.323865][ T8062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  153.336323][ T8083] loop6: detected capacity change from 0 to 524287999
[  153.382953][ T8062] hsr_slave_0: entered promiscuous mode
[  153.393495][ T8062] hsr_slave_1: entered promiscuous mode
[  153.400127][ T8085] netlink: 'syz.0.747': attribute type 5 has an invalid length.
[  153.400740][ T8062] debugfs: 'hsr0' already exists in 'hsr'
[  153.418370][ T8085] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.747'.
[  153.439618][ T8062] Cannot create hsr debugfs directory
[  153.484867][   T43] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  153.646218][   T43] usb 4-1: Using ep0 maxpacket: 16
[  153.653045][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.676787][   T43] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  153.697876][ T8062] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  153.706371][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.718505][   T43] usb 4-1: config 0 descriptor??
[  153.719624][ T8062] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  153.739951][ T8062] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  153.750681][ T8062] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  153.785373][ T8062] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.792637][ T8062] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.800195][ T8062] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.807359][ T8062] bridge0: port 1(bridge_slave_0) entered forwarding state
[  153.889189][ T8062] 8021q: adding VLAN 0 to HW filter on device bond0
[  153.908960][ T3610] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.909582][ T3610] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.933770][ T8062] 8021q: adding VLAN 0 to HW filter on device team0
[  153.933882][ T8079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.934292][ T8079] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.938695][ T6097] usb 4-1: USB disconnect, device number 24
[  153.943799][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.976034][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  153.982578][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.982654][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  154.241272][ T8062] 8021q: adding VLAN 0 to HW filter on device batadv0
[  154.278388][ T6097] IPVS: starting estimator thread 0...
[  154.365378][ T8115] IPVS: using max 39 ests per chain, 93600 per kthread
[  154.390202][ T8119] netlink: 12 bytes leftover after parsing attributes in process `syz.6.753'.
[  154.445680][ T8124] netlink: 60 bytes leftover after parsing attributes in process `syz.0.754'.
[  154.464688][ T8121] netlink: 60 bytes leftover after parsing attributes in process `syz.0.754'.
[  154.649597][ T8062] veth0_vlan: entered promiscuous mode
[  154.678974][ T8062] veth1_vlan: entered promiscuous mode
[  154.731173][ T8062] veth0_macvtap: entered promiscuous mode
[  154.750239][ T8062] veth1_macvtap: entered promiscuous mode
[  154.778043][ T8062] batman_adv: batadv0: Interface activated: batadv_slave_0
[  154.793127][ T8062] batman_adv: batadv0: Interface activated: batadv_slave_1
[  154.824451][ T3610] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  154.835873][ T8135] IPv4: Oversized IP packet from 172.20.20.24
[  154.842390][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  154.848771][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  154.864609][ T3610] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  154.877602][ T1017] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  154.915269][ T5871] Bluetooth: hci7: command tx timeout
[  154.926268][ T1017] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  154.996453][   T55] block nbd6: Possible stuck request ffff8880258c7000: control (read@0,4096B). Runtime 30 seconds
[  155.046861][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.063587][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.111865][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.137863][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.444968][ T6097] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  155.604891][ T6097] usb 7-1: Using ep0 maxpacket: 8
[  155.611553][ T8155] netlink: 72 bytes leftover after parsing attributes in process `syz.3.765'.
[  155.670918][ T6097] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  155.697231][ T6097] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.734654][ T6097] usb 7-1: Product: syz
[  155.742502][ T6097] usb 7-1: Manufacturer: syz
[  155.750635][ T6097] usb 7-1: SerialNumber: syz
[  155.763302][ T6097] usb 7-1: config 0 descriptor??
[  155.981053][ T6097] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  156.995116][ T5871] Bluetooth: hci7: command tx timeout
[  157.002883][ T6097] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  157.748381][ T8148] Set syz1 is full, maxelem 65536 reached
[  158.124941][ T6125] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  158.222625][   T43] usb 7-1: USB disconnect, device number 8
[  158.284413][ T6125] usb 8-1: Using ep0 maxpacket: 8
[  158.289995][ T8202] fuse: Bad value for 'user_id'
[  158.307752][ T8202] fuse: Bad value for 'user_id'
[  158.311348][ T6125] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  158.463743][ T6125] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.474954][ T6125] usb 8-1: Product: syz
[  158.479168][ T6125] usb 8-1: Manufacturer: syz
[  158.483784][ T6125] usb 8-1: SerialNumber: syz
[  158.498044][ T6125] usb 8-1: config 0 descriptor??
[  158.710123][ T6125] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  159.075474][ T5871] Bluetooth: hci7: command tx timeout
[  159.336682][ T6125] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  159.717175][ T8220] netlink: 72 bytes leftover after parsing attributes in process `syz.6.788'.
[  160.485042][ T5965] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  160.634932][ T5965] usb 4-1: Using ep0 maxpacket: 8
[  160.641866][ T5965] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  160.653694][ T5965] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  160.662926][ T5965] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.672153][ T5965] usb 4-1: config 0 descriptor??
[  160.679942][ T5965] gspca_main: vc032x-2.14.0 probing 046d:0892
[  160.880360][ T8239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  160.904444][ T8239] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  160.916454][ T5965] gspca_vc032x: reg_r err -71
[  160.922136][ T5965] vc032x 4-1:0.0: probe with driver vc032x failed with error -71
[  160.935604][    T9] usb 8-1: USB disconnect, device number 2
[  160.962244][ T5965] usb 4-1: USB disconnect, device number 25
[  161.079755][ T8252] FAULT_INJECTION: forcing a failure.
[  161.079755][ T8252] name failslab, interval 1, probability 0, space 0, times 0
[  161.079789][ T8252] CPU: 0 UID: 0 PID: 8252 Comm: syz.6.800 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) 
[  161.079813][ T8252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  161.079824][ T8252] Call Trace:
[  161.079832][ T8252]  <TASK>
[  161.079840][ T8252]  dump_stack_lvl+0x189/0x250
[  161.079872][ T8252]  ? __pfx____ratelimit+0x10/0x10
[  161.079890][ T8252]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.079914][ T8252]  ? __pfx__printk+0x10/0x10
[  161.079933][ T8252]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  161.079954][ T8252]  should_fail_ex+0x414/0x560
[  161.079979][ T8252]  should_failslab+0xa8/0x100
[  161.079997][ T8252]  kmem_cache_alloc_noprof+0x73/0x3c0
[  161.080013][ T8252]  ? skb_clone+0x212/0x3a0
[  161.080035][ T8252]  skb_clone+0x212/0x3a0
[  161.080058][ T8252]  __netlink_deliver_tap+0x404/0x850
[  161.080079][ T8252]  ? netlink_deliver_tap+0x2e/0x1b0
[  161.080097][ T8252]  netlink_deliver_tap+0x19c/0x1b0
[  161.080114][ T8252]  netlink_dump+0x92b/0xe90
[  161.080134][ T8252]  ? __pfx_netlink_dump+0x10/0x10
[  161.080156][ T8252]  ? kmem_cache_free+0x18f/0x400
[  161.080174][ T8252]  netlink_recvmsg+0x676/0xa30
[  161.080195][ T8252]  ? __pfx_netlink_recvmsg+0x10/0x10
[  161.080212][ T8252]  ? do_recvmmsg+0x307/0x770
[  161.080232][ T8252]  ? __x64_sys_recvmmsg+0x1af/0x240
[  161.080252][ T8252]  ? do_syscall_64+0xfa/0x3b0
[  161.080272][ T8252]  ? __pfx_netlink_recvmsg+0x10/0x10
[  161.080298][ T8252]  sock_recvmsg_nosec+0x183/0x1c0
[  161.080315][ T8252]  ____sys_recvmsg+0x3aa/0x460
[  161.080338][ T8252]  ? __pfx_____sys_recvmsg+0x10/0x10
[  161.080364][ T8252]  ? import_iovec+0x74/0xa0
[  161.080383][ T8252]  ___sys_recvmsg+0x1b5/0x510
[  161.080405][ T8252]  ? __pfx____sys_recvmsg+0x10/0x10
[  161.080427][ T8252]  ? __fget_files+0x2a/0x420
[  161.080453][ T8252]  ? __pfx_set_normalized_timespec64+0x10/0x10
[  161.080471][ T8252]  ? lock_release+0x4b/0x3e0
[  161.080491][ T8252]  do_recvmmsg+0x307/0x770
[  161.080514][ T8252]  ? __pfx_do_recvmmsg+0x10/0x10
[  161.080534][ T8252]  ? rcu_is_watching+0x15/0xb0
[  161.080557][ T8252]  ? _copy_from_user+0x94/0xb0
[  161.080581][ T8252]  __x64_sys_recvmmsg+0x1af/0x240
[  161.080603][ T8252]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  161.080623][ T8252]  ? rcu_is_watching+0x15/0xb0
[  161.080644][ T8252]  ? rcu_is_watching+0x15/0xb0
[  161.080664][ T8252]  do_syscall_64+0xfa/0x3b0
[  161.080680][ T8252]  ? rcu_is_watching+0x15/0xb0
[  161.080699][ T8252]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.080715][ T8252]  ? clear_bhb_loop+0x60/0xb0
[  161.080733][ T8252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.080749][ T8252] RIP: 0033:0x7f426e78ebe9
[  161.080764][ T8252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.080778][ T8252] RSP: 002b:00007f426f669038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  161.080797][ T8252] RAX: ffffffffffffffda RBX: 00007f426e9b5fa0 RCX: 00007f426e78ebe9
[  161.080810][ T8252] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  161.080822][ T8252] RBP: 00007f426f669090 R08: 0000200000003700 R09: 0000000000000000
[  161.080833][ T8252] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000002
[  161.080843][ T8252] R13: 00007f426e9b6038 R14: 00007f426e9b5fa0 R15: 00007ffe0daa9bd8
[  161.080861][ T8252]  </TASK>
[  161.157486][ T5871] Bluetooth: hci7: command tx timeout
[  161.399848][ T6125] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  161.530345][ T8258] netlink: 'syz.7.803': attribute type 10 has an invalid length.
[  161.557246][ T6125] usb 7-1: Using ep0 maxpacket: 16
[  161.570036][ T6125] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  161.595963][ T6125] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  161.605976][ T6125] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.616704][ T6125] usb 7-1: config 0 descriptor??
[  161.634392][ T8264] netlink: 12 bytes leftover after parsing attributes in process `syz.7.806'.
[  161.727769][ T8269] netlink: 12 bytes leftover after parsing attributes in process `syz.3.808'.
[  161.833875][ T8254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  161.843137][ T8254] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  161.851939][ T5965] usb 7-1: USB disconnect, device number 9
[  161.965035][ T6125] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  161.994982][   T43] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  162.118306][ T6125] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  162.130172][ T6125] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  162.141483][ T6125] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  162.153431][ T6125] usb 8-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  162.162712][ T6125] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.170876][   T43] usb 4-1: Using ep0 maxpacket: 32
[  162.176258][ T6125] usb 8-1: Product: syz
[  162.180500][ T6125] usb 8-1: Manufacturer: syz
[  162.186786][ T6125] usb 8-1: SerialNumber: syz
[  162.192149][   T43] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  162.202301][ T6125] usb 8-1: config 0 descriptor??
[  162.207380][   T43] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  162.217328][   T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  162.227844][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  162.237682][   T43] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  162.247515][   T43] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  162.260689][   T43] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  162.269792][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.279417][   T43] usb 4-1: config 0 descriptor??
[  162.439219][ T6125] powermate: unknown product id 0240
[  162.444718][ T6125] powermate: Expected payload of 3--6 bytes, found 0 bytes!
[  162.462911][ T6125] powermate 8-1:0.0: probe with driver powermate failed with error -5
[  162.477590][ T6125] usb 8-1: USB disconnect, device number 3
[  162.493273][   T43] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 26 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  162.527195][   T43] usb 4-1: USB disconnect, device number 26
[  162.534498][   T43] usblp0: removed
[  162.986159][   T43] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  163.125302][ T8289] netlink: 72 bytes leftover after parsing attributes in process `syz.6.817'.
[  163.144870][   T43] usb 4-1: Using ep0 maxpacket: 32
[  163.162247][   T43] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  163.174725][   T43] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  163.184756][   T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  163.193972][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  163.221644][   T43] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  163.232302][   T43] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  163.232352][   T43] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  163.232376][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.240163][   T43] usb 4-1: config 0 descriptor??
[  163.330810][   T55] block nbd0: Possible stuck request ffff8880252b7000: control (read@0,4096B). Runtime 90 seconds
[  163.435375][    T9] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  163.435449][ T8298] nbd11: detected capacity change from 0 to 549764202496
[  163.454279][ T5871] block nbd11: Receive control failed (result -104)
[  163.498691][   T43] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 27 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  163.595316][    T9] usb 8-1: Using ep0 maxpacket: 16
[  163.612509][    T9] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  163.625636][    T9] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  163.632990][ T8304] openvswitch: netlink: Tunnel attr 7 has unexpected len 8 expected 0
[  163.635630][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.655487][    T9] usb 8-1: config 0 descriptor??
[  163.876162][ T8293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  163.895624][ T8293] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  163.910560][    T9] usb 8-1: USB disconnect, device number 4
[  164.927517][   T43] usb 4-1: USB disconnect, device number 27
[  164.937009][   T43] usblp0: removed
[  165.186372][ T8335] netlink: 8 bytes leftover after parsing attributes in process `syz.3.835'.
[  165.200667][ T8335] netlink: 8 bytes leftover after parsing attributes in process `syz.3.835'.
[  165.787407][ T8347] /dev/rnullb0: Can't open blockdev
[  165.854962][ T6125] usb 7-1: new low-speed USB device number 10 using dummy_hcd
[  166.035088][ T6125] usb 7-1: Invalid ep0 maxpacket: 16
[  166.174892][ T6125] usb 7-1: new low-speed USB device number 11 using dummy_hcd
[  166.335145][ T6125] usb 7-1: Invalid ep0 maxpacket: 16
[  166.349533][ T6125] usb usb7-port1: attempt power cycle
[  166.511183][ T8363] netlink: 72 bytes leftover after parsing attributes in process `syz.7.844'.
[  166.704977][ T6125] usb 7-1: new low-speed USB device number 12 using dummy_hcd
[  166.738651][ T6125] usb 7-1: Invalid ep0 maxpacket: 16
[  166.855033][ T1221] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  166.875030][ T6125] usb 7-1: new low-speed USB device number 13 using dummy_hcd
[  166.905955][ T6125] usb 7-1: Invalid ep0 maxpacket: 16
[  166.911677][ T6125] usb usb7-port1: unable to enumerate USB device
[  167.014979][ T1221] usb 8-1: Using ep0 maxpacket: 16
[  167.024216][ T1221] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  167.038831][ T1221] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  167.050207][ T1221] usb 8-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00
[  167.062263][ T1221] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.075640][ T1221] usb 8-1: config 0 descriptor??
[  167.519801][   T55] block nbd7: Possible stuck request ffff888025920000: control (read@0,4096B). Runtime 30 seconds
[  167.530380][  T763] block nbd1: Possible stuck request ffff8880252e7000: control (read@0,4096B). Runtime 90 seconds
[  167.546549][ T1221] thrustmaster 0003:044F:B323.0005: unbalanced delimiter at end of report description
[  167.565848][ T1221] thrustmaster 0003:044F:B323.0005: parse failed
[  167.572302][ T1221] thrustmaster 0003:044F:B323.0005: probe with driver thrustmaster failed with error -22
[  167.746625][ T8366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  167.759500][ T8366] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  168.718680][ T8376] FAULT_INJECTION: forcing a failure.
[  168.718680][ T8376] name failslab, interval 1, probability 0, space 0, times 0
[  168.731662][ T8376] CPU: 0 UID: 0 PID: 8376 Comm: syz.6.848 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) 
[  168.731692][ T8376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  168.731704][ T8376] Call Trace:
[  168.731711][ T8376]  <TASK>
[  168.731719][ T8376]  dump_stack_lvl+0x189/0x250
[  168.731752][ T8376]  ? __pfx____ratelimit+0x10/0x10
[  168.731772][ T8376]  ? __pfx_dump_stack_lvl+0x10/0x10
[  168.731799][ T8376]  ? __pfx__printk+0x10/0x10
[  168.731821][ T8376]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  168.731846][ T8376]  should_fail_ex+0x414/0x560
[  168.731874][ T8376]  should_failslab+0xa8/0x100
[  168.731896][ T8376]  kmem_cache_alloc_noprof+0x73/0x3c0
[  168.731914][ T8376]  ? skb_clone+0x212/0x3a0
[  168.731940][ T8376]  skb_clone+0x212/0x3a0
[  168.731965][ T8376]  __netlink_deliver_tap+0x404/0x850
[  168.731991][ T8376]  ? netlink_deliver_tap+0x2e/0x1b0
[  168.732011][ T8376]  netlink_deliver_tap+0x19c/0x1b0
[  168.732031][ T8376]  netlink_dump+0x92b/0xe90
[  168.732063][ T8376]  ? __pfx_netlink_dump+0x10/0x10
[  168.732087][ T8376]  ? kmem_cache_free+0x18f/0x400
[  168.732105][ T8376]  netlink_recvmsg+0x676/0xa30
[  168.732128][ T8376]  ? __pfx_netlink_recvmsg+0x10/0x10
[  168.732148][ T8376]  ? do_recvmmsg+0x307/0x770
[  168.732170][ T8376]  ? __x64_sys_recvmmsg+0x1af/0x240
[  168.732194][ T8376]  ? do_syscall_64+0xfa/0x3b0
[  168.732218][ T8376]  ? __pfx_netlink_recvmsg+0x10/0x10
[  168.732239][ T8376]  sock_recvmsg_nosec+0x183/0x1c0
[  168.732259][ T8376]  ____sys_recvmsg+0x3aa/0x460
[  168.732286][ T8376]  ? __pfx_____sys_recvmsg+0x10/0x10
[  168.732315][ T8376]  ? import_iovec+0x74/0xa0
[  168.732337][ T8376]  ___sys_recvmsg+0x1b5/0x510
[  168.732362][ T8376]  ? __pfx____sys_recvmsg+0x10/0x10
[  168.732387][ T8376]  ? __fget_files+0x2a/0x420
[  168.732419][ T8376]  ? __pfx_set_normalized_timespec64+0x10/0x10
[  168.732438][ T8376]  ? lock_release+0x4b/0x3e0
[  168.732461][ T8376]  do_recvmmsg+0x307/0x770
[  168.732487][ T8376]  ? __pfx_do_recvmmsg+0x10/0x10
[  168.732510][ T8376]  ? rcu_is_watching+0x15/0xb0
[  168.732538][ T8376]  ? _copy_from_user+0x94/0xb0
[  168.732567][ T8376]  __x64_sys_recvmmsg+0x1af/0x240
[  168.732593][ T8376]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  168.732617][ T8376]  ? rcu_is_watching+0x15/0xb0
[  168.732641][ T8376]  ? rcu_is_watching+0x15/0xb0
[  168.732664][ T8376]  do_syscall_64+0xfa/0x3b0
[  168.732685][ T8376]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.732704][ T8376]  ? clear_bhb_loop+0x60/0xb0
[  168.732724][ T8376]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.732742][ T8376] RIP: 0033:0x7f426e78ebe9
[  168.732759][ T8376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.732775][ T8376] RSP: 002b:00007f426f669038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  168.732799][ T8376] RAX: ffffffffffffffda RBX: 00007f426e9b5fa0 RCX: 00007f426e78ebe9
[  168.732813][ T8376] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  168.732827][ T8376] RBP: 00007f426f669090 R08: 0000200000003700 R09: 0000000000000000
[  168.732840][ T8376] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000002
[  168.732852][ T8376] R13: 00007f426e9b6038 R14: 00007f426e9b5fa0 R15: 00007ffe0daa9bd8
[  168.732872][ T8376]  </TASK>
[  169.300037][   T30] audit: type=1326 audit(1755275293.843:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8391 comm="syz.3.853" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdb9098ebe9 code=0x0
[  169.380046][ T8396] tmpfs: Bad value for 'mpol'
[  169.612117][ T8406] binder: BINDER_SET_CONTEXT_MGR already set
[  169.626181][ T8406] binder: 8405:8406 ioctl 4018620d 200000004a80 returned -16
[  169.674870][ T6125] usb 8-1: USB disconnect, device number 5
[  169.832316][ T8415] /dev/rnullb0: Can't open blockdev
[  169.898321][ T5876] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  169.908096][ T5876] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  169.916732][ T5876] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  169.924548][ T5876] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  169.932856][ T5876] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  170.124379][ T8424] FAULT_INJECTION: forcing a failure.
[  170.124379][ T8424] name failslab, interval 1, probability 0, space 0, times 0
[  170.173430][ T8424] CPU: 0 UID: 0 PID: 8424 Comm: syz.6.859 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) 
[  170.173461][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  170.173473][ T8424] Call Trace:
[  170.173480][ T8424]  <TASK>
[  170.173487][ T8424]  dump_stack_lvl+0x189/0x250
[  170.173519][ T8424]  ? __pfx____ratelimit+0x10/0x10
[  170.173538][ T8424]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.173562][ T8424]  ? __pfx__printk+0x10/0x10
[  170.173584][ T8424]  ? nfnetlink_rcv+0x26a/0x2520
[  170.173611][ T8424]  ? ____sys_sendmsg+0x505/0x830
[  170.173632][ T8424]  ? __x64_sys_sendmsg+0x19b/0x260
[  170.173652][ T8424]  ? do_syscall_64+0xfa/0x3b0
[  170.173670][ T8424]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.173691][ T8424]  should_fail_ex+0x414/0x560
[  170.173717][ T8424]  should_failslab+0xa8/0x100
[  170.173738][ T8424]  kmem_cache_alloc_noprof+0x73/0x3c0
[  170.173760][ T8424]  ? skb_clone+0x212/0x3a0
[  170.173784][ T8424]  skb_clone+0x212/0x3a0
[  170.173807][ T8424]  __netlink_deliver_tap+0x404/0x850
[  170.173831][ T8424]  ? netlink_deliver_tap+0x2e/0x1b0
[  170.173851][ T8424]  netlink_deliver_tap+0x19c/0x1b0
[  170.173869][ T8424]  netlink_sendskb+0x68/0x140
[  170.173887][ T8424]  netlink_unicast+0x397/0x9e0
[  170.173902][ T8424]  ? __asan_memcpy+0x40/0x70
[  170.173929][ T8424]  ? __pfx_netlink_unicast+0x10/0x10
[  170.173949][ T8424]  netlink_rcv_skb+0x28c/0x470
[  170.173967][ T8424]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  170.173994][ T8424]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  170.174031][ T8424]  ? bpf_lsm_capable+0x9/0x20
[  170.174049][ T8424]  ? security_capable+0x7e/0x2e0
[  170.174074][ T8424]  nfnetlink_rcv+0x26a/0x2520
[  170.174101][ T8424]  ? __dev_queue_xmit+0x1d79/0x3b50
[  170.174129][ T8424]  ? __dev_queue_xmit+0x27b/0x3b50
[  170.174157][ T8424]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  170.174181][ T8424]  ? __pfx___dev_queue_xmit+0x10/0x10
[  170.174210][ T8424]  ? ref_tracker_free+0x63a/0x7d0
[  170.174236][ T8424]  ? __asan_memcpy+0x40/0x70
[  170.174259][ T8424]  ? __pfx_ref_tracker_free+0x10/0x10
[  170.174283][ T8424]  ? __skb_clone+0x63/0x7a0
[  170.174306][ T8424]  ? __skb_clone+0x483/0x7a0
[  170.174330][ T8424]  ? skb_clone+0x246/0x3a0
[  170.174353][ T8424]  ? __netlink_deliver_tap+0x807/0x850
[  170.174372][ T8424]  ? netlink_deliver_tap+0x2e/0x1b0
[  170.174390][ T8424]  ? rcu_is_watching+0x15/0xb0
[  170.174411][ T8424]  ? netlink_deliver_tap+0x2e/0x1b0
[  170.174430][ T8424]  ? lock_release+0x4b/0x3e0
[  170.174452][ T8424]  netlink_unicast+0x82c/0x9e0
[  170.174472][ T8424]  ? __pfx_netlink_unicast+0x10/0x10
[  170.174489][ T8424]  ? netlink_sendmsg+0x642/0xb30
[  170.174507][ T8424]  ? skb_put+0x11b/0x210
[  170.174528][ T8424]  netlink_sendmsg+0x805/0xb30
[  170.174550][ T8424]  ? __pfx_netlink_sendmsg+0x10/0x10
[  170.174571][ T8424]  ? aa_sock_msg_perm+0xf1/0x1d0
[  170.174595][ T8424]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  170.174618][ T8424]  ? __pfx_netlink_sendmsg+0x10/0x10
[  170.174638][ T8424]  __sock_sendmsg+0x21c/0x270
[  170.174665][ T8424]  ____sys_sendmsg+0x505/0x830
[  170.174688][ T8424]  ? __pfx_____sys_sendmsg+0x10/0x10
[  170.174713][ T8424]  ? import_iovec+0x74/0xa0
[  170.174734][ T8424]  ___sys_sendmsg+0x21f/0x2a0
[  170.174756][ T8424]  ? __pfx____sys_sendmsg+0x10/0x10
[  170.174791][ T8424]  ? __fget_files+0x2a/0x420
[  170.174814][ T8424]  ? __fget_files+0x3a0/0x420
[  170.174840][ T8424]  __x64_sys_sendmsg+0x19b/0x260
[  170.174863][ T8424]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  170.174889][ T8424]  ? __pfx_ksys_write+0x10/0x10
[  170.174908][ T8424]  ? rcu_is_watching+0x15/0xb0
[  170.174931][ T8424]  ? rcu_is_watching+0x15/0xb0
[  170.174953][ T8424]  do_syscall_64+0xfa/0x3b0
[  170.174972][ T8424]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.174989][ T8424]  ? clear_bhb_loop+0x60/0xb0
[  170.175007][ T8424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.175035][ T8424] RIP: 0033:0x7f426e78ebe9
[  170.175051][ T8424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.175067][ T8424] RSP: 002b:00007f426f669038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  170.175089][ T8424] RAX: ffffffffffffffda RBX: 00007f426e9b5fa0 RCX: 00007f426e78ebe9
[  170.175102][ T8424] RDX: 0000000020000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  170.175115][ T8424] RBP: 00007f426f669090 R08: 0000000000000000 R09: 0000000000000000
[  170.175126][ T8424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.175137][ T8424] R13: 00007f426e9b6038 R14: 00007f426e9b5fa0 R15: 00007ffe0daa9bd8
[  170.175155][ T8424]  </TASK>
[  170.487080][ T8417] chnl_net:caif_netlink_parms(): no params data found
[  170.568399][    C1] vkms_vblank_simulate: vblank timer overrun
[  170.738277][ T8417] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.786339][ T8417] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.793700][ T8417] bridge_slave_0: entered allmulticast mode
[  170.800866][ T8417] bridge_slave_0: entered promiscuous mode
[  170.808662][ T8417] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.816057][ T8417] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.823315][ T8417] bridge_slave_1: entered allmulticast mode
[  170.830611][ T8417] bridge_slave_1: entered promiscuous mode
[  170.864231][ T8417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  170.876414][ T8417] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  170.962405][ T8417] team0: Port device team_slave_0 added
[  170.972920][ T8417] team0: Port device team_slave_1 added
[  171.007211][ T8417] batman_adv: batadv0: Adding interface: batadv_slave_0
[  171.015568][ T8417] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.043294][ T8436] syz.3.863: attempt to access beyond end of device
[  171.043294][ T8436] loop3: rw=0, sector=0, nr_sectors = 1 limit=0
[  171.056353][ T8436] FAT-fs (loop3): unable to read boot sector
[  171.075173][ T8417] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  171.090202][ T8417] batman_adv: batadv0: Adding interface: batadv_slave_1
[  171.100280][ T8417] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.133999][ T8417] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  171.171501][ T8442] blk_print_req_error: 24 callbacks suppressed
[  171.171521][ T8442] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  171.210870][ T8442] buffer_io_error: 23 callbacks suppressed
[  171.210890][ T8442] Buffer I/O error on dev nbd3, logical block 0, async page read
[  171.226971][ T8442] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  171.237658][ T8442] Buffer I/O error on dev nbd3, logical block 0, async page read
[  171.244409][ T8417] hsr_slave_0: entered promiscuous mode
[  171.247515][ T8442] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  171.258263][ T8417] hsr_slave_1: entered promiscuous mode
[  171.263344][ T8442] Buffer I/O error on dev nbd3, logical block 0, async page read
[  171.276712][ T8442] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  171.287141][ T8442] Buffer I/O error on dev nbd3, logical block 0, async page read
[  171.298260][ T8442] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  171.303126][ T8417] debugfs: 'hsr0' already exists in 'hsr'
[  171.314000][ T8417] Cannot create hsr debugfs directory
[  171.346431][ T8442] Buffer I/O error on dev nbd3, logical block 0, async page read
[  171.354618][ T8442] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  171.364428][ T8442] Buffer I/O error on dev nbd3, logical block 0, async page read
[  171.373484][ T8442] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  171.407267][ T8442] Buffer I/O error on dev nbd3, logical block 0, async page read
[  171.416247][ T8442] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  171.425867][ T8442] Buffer I/O error on dev nbd3, logical block 0, async page read
[  171.453845][ T8442] ldm_validate_partition_table(): Disk read failed.
[  171.462666][ T8442] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  171.474250][ T8442] Buffer I/O error on dev nbd3, logical block 0, async page read
[  171.482839][ T8442] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  171.492501][ T8442] Buffer I/O error on dev nbd3, logical block 0, async page read
[  171.509613][ T8442] Dev nbd3: unable to read RDB block 0
[  171.517767][ T8442]  nbd3: unable to read partition table
[  171.587639][ T8417] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  171.598217][ T8417] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  171.609258][ T8417] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  171.618708][ T8417] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  171.673690][ T8417] 8021q: adding VLAN 0 to HW filter on device bond0
[  171.691867][ T8417] 8021q: adding VLAN 0 to HW filter on device team0
[  171.702422][ T3537] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.709592][ T3537] bridge0: port 1(bridge_slave_0) entered forwarding state
[  171.725068][ T1017] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.732213][ T1017] bridge0: port 2(bridge_slave_1) entered forwarding state
[  171.866587][ T8417] 8021q: adding VLAN 0 to HW filter on device batadv0
[  171.954887][ T5876] Bluetooth: hci8: command tx timeout
[  172.029804][ T8417] veth0_vlan: entered promiscuous mode
[  172.041119][ T8417] veth1_vlan: entered promiscuous mode
[  172.064066][ T8417] veth0_macvtap: entered promiscuous mode
[  172.073368][ T8417] veth1_macvtap: entered promiscuous mode
[  172.088538][ T8417] batman_adv: batadv0: Interface activated: batadv_slave_0
[  172.101470][ T8417] batman_adv: batadv0: Interface activated: batadv_slave_1
[  172.121646][   T12] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  172.130973][   T12] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  172.144839][   T12] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  172.153642][   T12] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  172.191091][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  172.208168][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  172.232551][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  172.240745][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  172.276165][  T763] block nbd2: Possible stuck request ffff888025325080: control (read@0,4096B). Runtime 90 seconds
[  172.518986][ T8489] netlink: 12 bytes leftover after parsing attributes in process `syz.3.875'.
[  172.645200][   T43] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  172.794145][ T8501] /dev/rnullb0: Can't open blockdev
[  172.804905][   T43] usb 9-1: Using ep0 maxpacket: 16
[  172.817100][   T43] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  172.828978][   T43] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  172.845074][   T43] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.855937][   T43] usb 9-1: config 0 descriptor??
[  173.092353][ T8482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  173.115232][ T8482] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  173.132005][   T43] usb 9-1: USB disconnect, device number 2
[  173.382164][ T8509] netlink: 72 bytes leftover after parsing attributes in process `syz.6.883'.
[  173.959543][ T5907] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN PTI
[  173.971770][ T5907] KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7]
[  173.980286][ T5907] CPU: 0 UID: 0 PID: 5907 Comm: kworker/0:4 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) 
[  173.991830][ T5907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  174.001989][ T5907] Workqueue: events l2cap_info_timeout
[  174.007483][ T5907] RIP: 0010:do_raw_spin_lock+0x78/0x290
[  174.013162][ T5907] Code: 4f 9e 81 48 8d 4c 24 20 48 c1 e9 03 48 b8 f1 f1 f1 f1 04 f3 f3 f3 48 89 4c 24 18 4a 89 04 39 4c 8d 77 04 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 9f 01 00 00 41 8b 06 3d ad 4e ad de 0f
[  174.033123][ T5907] RSP: 0018:ffffc900042977a0 EFLAGS: 00010203
[  174.039282][ T5907] RAX: 0000000000000038 RBX: 00000000000001c0 RCX: 1ffff92000852ef8
[  174.047259][ T5907] RDX: 0000000000000000 RSI: ffffffff8c04d960 RDI: 00000000000001c0
[  174.055243][ T5907] RBP: ffffc90004297858 R08: 0000000000000001 R09: 0000000000000000
[  174.063225][ T5907] R10: dffffc0000000000 R11: ffffffff8a8cc470 R12: dffffc0000000000
[  174.071210][ T5907] R13: dffffc0000000000 R14: 00000000000001c4 R15: dffffc0000000000
[  174.079271][ T5907] FS:  0000000000000000(0000) GS:ffff8881257d6000(0000) knlGS:0000000000000000
[  174.088303][ T5907] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  174.094975][ T5907] CR2: 00007f02199aef98 CR3: 000000002f8a0000 CR4: 00000000003526f0
[  174.103052][ T5907] Call Trace:
[  174.106860][ T5907]  <TASK>
[  174.109818][ T5907]  ? lock_acquire+0x5f/0x360
[  174.114414][ T5907]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  174.119805][ T5907]  ? __cancel_work+0x254/0x2e0
[  174.124600][ T5907]  ? lock_sock_nested+0x6a/0x100
[  174.129540][ T5907]  lock_sock_nested+0x6a/0x100
[  174.134305][ T5907]  l2cap_sock_ready_cb+0x45/0x140
[  174.139335][ T5907]  l2cap_conn_start+0x76a/0xe50
[  174.144226][ T5907]  ? __pfx_l2cap_conn_start+0x10/0x10
[  174.149605][ T5907]  ? __pfx___mutex_lock+0x10/0x10
[  174.154654][ T5907]  ? lock_acquire+0x5f/0x360
[  174.159275][ T5907]  l2cap_info_timeout+0x68/0xa0
[  174.164233][ T5907]  ? process_scheduled_works+0x9ef/0x17b0
[  174.169967][ T5907]  process_scheduled_works+0xae1/0x17b0
[  174.175616][ T5907]  ? __pfx_process_scheduled_works+0x10/0x10
[  174.181605][ T5907]  worker_thread+0x8a0/0xda0
[  174.186214][ T5907]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  174.192658][ T5907]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  174.198666][ T5907]  ? __kthread_parkme+0x7b/0x200
[  174.203641][ T5907]  kthread+0x711/0x8a0
[  174.207733][ T5907]  ? __pfx_worker_thread+0x10/0x10
[  174.212979][ T5907]  ? __pfx_kthread+0x10/0x10
[  174.217673][ T5907]  ? rcu_is_watching+0x15/0xb0
[  174.222452][ T5907]  ? __pfx_kthread+0x10/0x10
[  174.227049][ T5907]  ret_from_fork+0x3f9/0x770
[  174.231653][ T5907]  ? __pfx_ret_from_fork+0x10/0x10
[  174.236781][ T5907]  ? __switch_to_asm+0x39/0x70
[  174.241548][ T5907]  ? __switch_to_asm+0x33/0x70
[  174.246312][ T5907]  ? __pfx_kthread+0x10/0x10
[  174.250972][ T5907]  ret_from_fork_asm+0x1a/0x30
[  174.255742][ T5907]  </TASK>
[  174.258759][ T5907] Modules linked in:
[  174.262753][ T5907] ---[ end trace 0000000000000000 ]---
[  174.268350][ T5907] RIP: 0010:do_raw_spin_lock+0x78/0x290
[  174.273936][ T5907] Code: 4f 9e 81 48 8d 4c 24 20 48 c1 e9 03 48 b8 f1 f1 f1 f1 04 f3 f3 f3 48 89 4c 24 18 4a 89 04 39 4c 8d 77 04 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 9f 01 00 00 41 8b 06 3d ad 4e ad de 0f
[  174.280806][ T5876] Bluetooth: hci8: command tx timeout
[  174.293698][ T5907] RSP: 0018:ffffc900042977a0 EFLAGS: 00010203
[  174.293730][ T5907] RAX: 0000000000000038 RBX: 00000000000001c0 RCX: 1ffff92000852ef8
[  174.293745][ T5907] RDX: 0000000000000000 RSI: ffffffff8c04d960 RDI: 00000000000001c0
[  174.293760][ T5907] RBP: ffffc90004297858 R08: 0000000000000001 R09: 0000000000000000
[  174.293772][ T5907] R10: dffffc0000000000 R11: ffffffff8a8cc470 R12: dffffc0000000000
[  174.293787][ T5907] R13: dffffc0000000000 R14: 00000000000001c4 R15: dffffc0000000000
[  174.293802][ T5907] FS:  0000000000000000(0000) GS:ffff8881257d6000(0000) knlGS:0000000000000000
[  174.293819][ T5907] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  174.293833][ T5907] CR2: 00007f02199aef98 CR3: 000000002f8a0000 CR4: 00000000003526f0
[  174.293855][ T5907] Kernel panic - not syncing: Fatal exception in interrupt
[  174.294194][ T5907] Kernel Offset: disabled