last executing test programs:

42.053576474s ago: executing program 1 (id=233):
r0 = socket$key(0xf, 0x3, 0x2)
connect$inet(r0, 0x0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='wchan\x00')
socket$inet(0x2, 0x80000, 0x0)
preadv(r1, &(0x7f0000002280)=[{&(0x7f0000002780)=""/133, 0x85}], 0x1, 0x10001, 0x7)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x145f, 0x212, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x3a17, 0xbf, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x5, 0x4}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x8000000000000, 0x80000000000000, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8001], 0x1, 0x3c4210})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r5, 0x4048aecb, &(0x7f0000000080)=ANY=[])
ioctl$KVM_GET_VCPU_EVENTS(r5, 0xc048aeca, &(0x7f0000000080))
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0)
eventfd(0x6)
syz_usb_connect$cdc_ncm(0x5, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000008000905810300020000000904010000020d00000904010102020d0000090582020002000000090503"], 0x0)
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r6, 0x0, &(0x7f00000007c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0x0, 0x0, 0xb, 0x0, 0x6, 0x4, 0x7, 0x40, 0x6, 0xe, 0x0, 0x1000}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
syz_usb_control_io$hid(r2, &(0x7f0000000180)={0x14, &(0x7f0000000100)={0x0, 0x8, 0x53, {0x53, 0x30, "e1ca93c5d2cdf2c80c828fa7a3e6768d54fad96aee2e0df12a86e0b5003e4d1a7961bc9fe3b532bfe9f299bc83923a825081fe90909a1c9f315f1129d6b6be961e5de808fc1f3c2bb0fcf6dba26a41c10c"}}, &(0x7f0000000200)={0x0, 0x3, 0xc5, @string={0xc5, 0x3, "c0bd170d7fdedfa1f722ecdde95328b1c8c15bbc7fe89b3df531b78820b7f2fa20c3fda3637690d4881ac034ed8de38e369d0e5930dddd008cba61d6ffc115e01b9d60a50d4d568b52b43eec1afa86763dabf9931e2e6a2dba911ee874a94bb193518578042ec27c2ae3b34bbd34b6975cb10dbb93f79e879b10992ccb17766a0bec7fc2ac6427d78a7b3a06c104e2742cd5170ce498f17e2f6a228180c96d5ae48b995884ddb9c249746180f2206ba2ede40d29091e32bbc15f8b6d345510bb4d095d"}}, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x3, "dcf62095"}]}}, &(0x7f0000000080)={0x0, 0x21, 0x9, {0x9, 0x21, 0x4, 0x86, 0x1, {0x22, 0x5e0}}}}, &(0x7f0000000580)={0x18, &(0x7f0000000300)={0x40, 0x16, 0x99, "828df4bd66a3f554ebfe4d9bda467bb154b8627dc3ed60ab627901149068f343510cdcc0e469c500b452ac7016f000ef0607feea285247675ff172d2d7ffdb6984adc79434d9d6e598e6bcdc15ae8af970b4f1c1528c07593b8efe346bd0bc2a8e82083e592c59c58fd0909b20af2bd1b1e26b950bacde27be49ea142bc8db5608de09ff072db5522e6c9797cf8d0cf6f722ed9417422d1809"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000440)={0x20, 0x1, 0xd7, "5624f8555312ebfb2555d8f287088bec506cde4a1a03e7deb25c1d8d7876a9462f4f251dd9a21255c4291dbaf26050b9c06fbb1b18006c07e482dd4399a687763dba386051a4f09dbabc034d4a5cad9f14cf308ec2524185790b54fce569df8bddd9f6de65263b43485fc1b02faf77e492a13412679a758abfa6908ab418e68c177a4061abe154fff1ef92f2a353b79970d53faa994181ee96979906c784a77988c728906e1d38518da9e7d16089d3dc7489271dd6ba07ee626d72820fa315d81a6ea02c8dbd9a14e1aab9061a881544786bcd915267b4"}, &(0x7f0000000540)={0x20, 0x3, 0x1, 0x7f}})
syz_usb_control_io(r2, &(0x7f00000005c0)={0x18, &(0x7f00000000c0)={0x0, 0x24, 0x5, {0x5, 0x5, "513196"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

41.239980472s ago: executing program 3 (id=241):
syz_clone(0x648e7000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100006f8db4088205e82806f50102030109021b000100a31a33a5665c1d41fff14c000905", @ANYRES16], 0x0)
syz_usb_disconnect(r0) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x68cd42, 0x4)
openat$cgroup_ro(r1, &(0x7f0000000900)='net_prio.prioidx\x00', 0x275a, 0xb)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000080)={<r2=>0x0, 0x5e, "9736590328662373b69b9f79de425fdeaf5797a26c68d76f08cd5c2553e55af453fb078f893548ad3ba975ce8be5dc9a1de7ab0a20d9cc4263d99e8e4a805b88120262fde73eea7d8fe15af999516356cea2f572821da455acb690086b89"}, &(0x7f0000000000)=0x66) (async)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0) (async)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0x10, &(0x7f0000000300)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000540)=0x10)
setsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000040)={r4, 0xca4, 0x80000001, 0xfffffffd}, 0x10) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_TUPLE_MASTER={0x3c, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast2}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}]}]}, 0xd0}}, 0x0) (async)
r6 = openat$audio(0xffffff9c, &(0x7f0000000040), 0x40000, 0x0)
ioctl$SNDCTL_DSP_GETCAPS(r6, 0x8004500f, &(0x7f0000000100)) (async)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000100)=@sack_info={r2, 0x200, 0x6}, 0xc) (async)
ioctl$AUTOFS_IOC_READY(r6, 0x9360, 0xf7)

39.915824676s ago: executing program 4 (id=249):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@newtfilter={0x90, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xed43, 0xf8, 0x6, 0x9, 0x151}}}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_SKBMARK={0x8}]}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r6 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r7 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
fsetxattr$security_capability(r7, &(0x7f00000000c0), &(0x7f0000000140)=@v2={0x2000000, [{0x3475, 0x7}, {0x81, 0x5}]}, 0x14, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_tcp_buf(r8, 0x6, 0x1, 0x0, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="bf16000000000000b707000001009fa35070000000000000280000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3010100bd2321afb56fa54f26fb0b71d0e6adff07f1d8f7faf75e0f226bd99eea7960707142fa2dc79b9723741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988ee99fbfbf9b0a4def23d410f6296b32a834388107200759cda9036b4e369a9e152ddcc7b1b85f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967dec6e802f5ab3eea57b09a2ed4048d3b867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837079e468ee207d2f73902fbcfcf49822775985bf31b715f5888b24efa000000000000ffffffdf0000000000000000000000000000020000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b9349e31aa3701c38c527d3237c18e521ab219efdebb7b3de8f67581cf796a1d4223b90b80fcad3f6c962b9f292324b7ab7f7da31cf41ab12012fb1e0a494034127de745409e35a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d307db98ca112874ec309baed0499104dcfe7c0f694bd5fc9e66d058b75fa4c81e5c9f42d9383e41d277b10392a96286744f049c3f128f8f92ef992239eafce5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b2e00916de48a4e70f03cc415ba77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b638c234bbb55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bf6cf8809c3a0d46ff7f000000000000ad1e1f493354b2822b9837421134c0167d78e6c24ed0a2768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4cc302b52e2101de18a1f1f7c551b3fa00055cc1c46c5fd9c26a54d43fa050645bd6109b113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e97c870800000047546103f123f661c84726e7c7c55eff231a1b033d8f841ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef7be184f5e93ba5c8c2a4c04450b652b8d4c2ff030000000000000007c6bbd6cb2b240ce7d47ae636a5dbe9864a117d27326850a7c3b57086a4482c218b10af13d7be94987005088a83880ccab9c99220002af8c5e13d52c87c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a700a86c814459f3cdaaf99000000000000000000bf2130d1b32c826563c718d0ad23bc83ba3f3757210a057e177615c0683f000000000000006d4e0413ab52f5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fcff030000629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa63966945d93c33b038ce0d890f85f8a6ab8487c383e24d4a8051f80e1811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f207ea3df3d6c0002a41783078e56c70afe8016b3dd9dc7785b36e609f173cc747837d600283b3452c57a5d44cacd363589845637071320921d32c1663964eddec97cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b2ab42c81eb7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dcb0c42c4d719347f3d16304fa000008ffffffffffffff003049ca923d059c0ab5d886a491adacb7e4b43b1b57586e5fe2aa611f6232a9b71882ce24fce75cf105fa57f000756755b7230e2c0c1fed5487271c4f2981cf8f4351ef5d08641dacaed000080000000000000000000000fa36bbac00bb77c933d3961556f3fe647b05643b0000000000000000000000967aef9c5706e13d5889e77dab80a2548ec31629b7355a2bb8b93e4b6323061f545b26accc4621b568ab0bfaf30aa4f60705532c4a09c0a4a5487c762167edf362be35b9c90ad7e372a66bbb1471aa21000000000000104061c66a7432f25687618e31dcef8c5d4a2457a93f3fc6d3d7131746c75ccf400fc1a7a51826832ef7f5fbc78827d937768443a1c1ca3aba93a34efd21aa1201d9225256df8de405d1f12c17cdaff3ad675aa333aa7e919459babd3cc1000000000000000000000000000000000000000000000000000000000000000059fdc6a54a2a8b28fa7d9b92aeb58e78e3b8594a5ef6bb67e52bf43b6145f544273a8f62852706c0abef368bfc72f92fa99a7bf121019cff8001fd7d2f6c2c295a5cab383235fec4c1decbed258ee9df8963c0fc828ad2119ffefe36c78692fffb6942b9da0922b2aa8f6b66c14ee7f42d5951edcc986356b41c0de3549f851ca340d9e425e355c1decb785a1042a72c1c98a084b04b1d9be473e50a15d76b110eda3b7cc1f2501211773cf510a43888422c1328476dd6f42659c61a18618fd28d5cd342c276aa9c4cc035077fa09d672b8dcfb3ac1751628647047d07338a8619037e3449a173ddd697f541a0795a2de7ef1396d70675341ebf004be122de04b5275fe7e53d28ebdc5051cec00759d73ca97229d93b965926060b6f91d01324bd458b425ea51c5d5b69551d599188fc6040370ac9ca7ae9eea9e5ede79bd66bd3d616dd7d7dd4c3a8fd055a3585af6fe7f5046c61154598cd33c33a48ece1072afd04b1fd85eb1655d9f3f813392c9634200d892dc6810b436820a1e0f6b464855e28953eb63cd3d6fc1b7bfb588ce28a51af1658d45d759a8399da55a3ff6597bb9f47167fe55ca240623a001e5fe15d9ddefea06a3750501916163844106c4ce662f418d9fc509e5447f712048d53e7e36ee7de083c5ea1119969d858eb6785395fc5a2c551de9a086cb4583f55c47828645e3046"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="cb1c0300"/22, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00008000000000000200"/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x8, 0x1, &(0x7f0000000180)=ANY=[@ANYRES8=r6], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff95, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket(0x2a, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents64(r9, &(0x7f0000002f40)=""/4098, 0x1002)
getdents(r9, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
socket$kcm(0x11, 0x200000000000002, 0x300)

39.710831778s ago: executing program 3 (id=250):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000f00)={{0x12, 0x1, 0x0, 0x7c, 0xe7, 0xc8, 0x10, 0x4d8, 0xa30, 0xce47, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xd, 0xe6, 0x7a, 0x0, [], [{{0x9, 0x5, 0x4, 0x2}}, {{0x9, 0x5, 0x81, 0x2, 0x3ff}}]}}]}}]}}, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) (async)
socket$inet_udp(0x2, 0x2, 0x0) (async)
bpf$MAP_CREATE(0xc00000000000018, &(0x7f00000008c0)=@base={0x15, 0x2, 0x4, 0x4002, 0x0, 0xffffffffffffffff, 0x1e, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x11, 0xfffffffc}, 0x50)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x58, 0x10, 0x401, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x13101}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x24, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x5, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @IFLA_GRE_IKEY={0x8}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d300000000000000800050001040f0f080003000000080008000f00f7ffffff08000600040000000800110009000000080002"], 0x5c}}, 0x0)
syz_open_dev$vim2m(0x0, 0x800, 0x2) (async)
r6 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x8000, 0x1000, 0x4, 0x6}}) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
socket$tipc(0x1e, 0x5, 0x0) (async)
gettid() (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff})
ioctl$int_in(r7, 0x5452, &(0x7f0000000180)=0xffffffffffffffff)
fcntl$setsig(r7, 0xa, 0x12) (async)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)={'\x00', 0x1}) (async)
io_setup(0x1ff, &(0x7f0000001540)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f00000007c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x401, r8, &(0x7f0000000440)="96", 0x1}])

39.480090312s ago: executing program 2 (id=252):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r2 = accept4(r1, 0x0, 0x0, 0x800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0))
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4138ae84, &(0x7f0000000080)=@x86={0x6, 0x8, 0x3, 0x0, 0x3, 0x8a, 0xce, 0x1c, 0x9, 0xa0, 0x7d, 0x8, 0x0, 0xd6e, 0xb, 0x2, 0x8, 0x8, 0xfc, '\x00', 0x9, 0xfffffffffffffff7})
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x8, 0x80, 0x0, '\x00', 0x5c8d})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

39.340816977s ago: executing program 2 (id=253):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
pipe(&(0x7f00000002c0)={<r1=>0xffffffffffffffff})
getpid()
splice(r1, 0x0, r0, 0x0, 0x6, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)

38.824342565s ago: executing program 4 (id=254):
r0 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)=""/116, 0x74}, {&(0x7f00000047c0)=""/4057, 0xfd9}, {&(0x7f00000037c0)=""/4073, 0xfe9}, {&(0x7f0000000700)=""/237, 0xed}, {&(0x7f0000000080)=""/160, 0xa0}, {&(0x7f0000000140)=""/59, 0x3b}], 0x6}, 0x100)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1)
r2 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", "037ec42b", '\x00', "64bdac32", ["e86621d9cc668c391f77c506", "3549ffffffffffffff010800", "2fc7977386a7a0236a9cc1f0", "cf6cce2296b3f853e224c4e0"]})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x11, 0xa, 0x5)
ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000040)={'ipvlan0\x00', {0x2, 0x4e20, @loopback}})
sendto$inet(r5, &(0x7f0000002100)="cf3a19d02404e49cf90a0a4363d1", 0xe, 0x800, &(0x7f0000000040)={0x2, 0x4e20, @remote}, 0x12)

38.752101283s ago: executing program 3 (id=255):
socket$inet(0x2, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000dc0)=ANY=[@ANYBLOB="b7000000a5517f5fbfa30000000000000703000028feffff720af0fff8ffffff71a4f0ff00000000b7060000000000012e400300000000006506020001cd00007118540000000000c3640000000000006b0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912435f1b6a693172e6191a12bebf9f9804ea033388cd15b65877ad4b200000000000000000beca090f32050e436fe275daf51efd601b6bf01c8e8b1abe4fef3bef7074815ae98743d1ace4c46631256dd19aed0d600c0b6199fe3ff3128e599b0eaebbdbd7359a48f5b0afc3996792043a6787bac46aa7aa400000000000069669622208266f896ba2c9e73c2efeec2dc565fbafb2cb63f5fef9ab79ff8abaa8a08f54a062107e9bb3e980fff675c8d3e91df6648a7a6aebcb63e0867b75690152af27711f0cbb9c06018d21bf3f87b8eb65323b4267a526d53442db8e48dbc5ce47d67d07441a7975d5e41b14fd0154a8246249952a8b61633ce068220defe09d3b1136af6d03e9cf996c13d1bfcdc54567a9ca80dec2e943fe4ae7c617cc071f7add70cfbd48f8f6b50fe6a8297d88efa73e7e601040000b4a685969f28902bdecf66ef39755de79ed2c711477febc96231a53984d00877301d0ec62427a8e38618fdd1ce9aaed569ebc5f2e58d6028e66139a737cc7146a131d47dcebb32ed67021d76e983223c998aec22242ae54e87f438d26982876b58f9134366952f7399a733f07138a736924f3709000000e97f0c117ec439c6b7b965752bbc06eced08d97a32ae4b1ad4d11c5b6f68ee841975233e4cea13f3ef04b2cab9cc256d4539dbafd888c7097c1169e0bebcc81ca3da40bf34b6c9c1da2d6ed8acaf2a8091820ff4cf6be74ddca8bf2eed0e11b2139e8c3ec95436af5269d5792decda7d8b5dcf8640b504ba23c6d0a7f67cdfd27328100ebf9319a56f0f9cee17deecf747f3493f1dc39551f4c9a40b3e93fa80b8234ccbf39a9ef09bd97321f0dc20956f44ba2c5ec2e7569b05cf4690ddc189f174046a8b214acf23f42fb51ed4819e6b4cb5a8bf2b559d0c198fe0315483b8beb9801d06c58b22dd713fe3b7ef18e21081aacfd091b754125a488cea18255f79bebcb3051f622f8a1d9af1908e88a58774a24f35a4ccdbedea6212286c23dd89c2b4b90647f17231472af8dda7f3ab20f093aad3ce875f7458039ee6d0a50deb7bc8eb393f056a5e7725531c5485278e0362338e2e2710fe00465e0d182a322091022cf5b814eeb9b3cab21196581e4d92d0b6fe5525285eea359274f1f21d69233bbe94941f10ba292100000000000000000000000000000000c18e93a0c5231779f2ee201e9fe7e63e84b57b5f05ecd278919bad330ffcb594b8255b3085b352ca9533d6c31c1a30158c30352f8a126a65cb6582e58aa641007418611df53a601c3a8fb8d2286e86abf98136f345446730f68f5d6d1817a9e1b09e5650d2599fbe719a45337d29eb3fef5f7f565457660dec6fe903a1c2ea4f40a8ea1c179892afa219fc69a44163f0d731de418e9fd82a8c4661caea674b19242d1840d047882f640ea248457288c5ffb63e857da03ff5c0475c3cfff41c4806f1dc750eb1c45ec3a2a0b064834010604d6f88a29e8e9bda2bc9c18d1b53a08f25d62ccaa46bc0235c830a7b3fe64bc6031b431bcad6b698a1ba6027870ea9e55fafbbf140c5f82a33ee4ac793b989c12a5827a7957f4d8136cf918b7cbf5bc5fc64c8001992536584586edded6f65bdd371ac84fd5cc60ab79b84e9e85a1c54d5666a5d133e95eff121621dff14b9de7a188b8c5387f9da63c2cce405bc44079e34e2db2b275bfbb54841d647338cad74be91144b780cf381a6860f641446ef73bd11d45f5e4df8f3c6440d8425fd7382225cf8c2cada01bf3cd5cbc6a403173e0c89a491c75efc3c21b7825a521c6011945eef94abc3000000000000000000000000000000d71b794e9b4c145caf050429937eef4364d9e1cbe9150bccd9b2e73757f1f5e8ac50736cd3cbc029ede2869642841371bb4b9c1aaa8826889a909e6716b60e4b568b6761f8ccc7d35b0e66357746b10fc481b47e67f1e14408c1ef3e018a5e647e3f607654f3bf82bcfb42be038a272d82f8362944f608b3810000000019fda0b1b607f1ab34194ed954973f7a5accc0938d3364ab07574d0b32fc30f3ab73d012b63ee905e98ab6989ec2c840cd216eb18fedfb3b204e94e170bae930660368d3799c9b1bf7556ac57164966791626f06ad2e332341965f72141ec140b80efd7720ccdaa890b79bc4523386bd66553121543c9a35b7adcf2f6b257fefef1d6e1da2ee94d3f822bf45aad21e5b5a3788ab584090664065af39b0f43968dcd7c5f8e5a8dc6298691423fbf7e8e012260bc62f9422434a547ef7ca37953d435098d9b71edd1a03e46d0ade465d0c0db0a51f9e29cac05e5a04f94e"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x45}, 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r0, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) (fail_nth: 16)

38.694445357s ago: executing program 1 (id=256):
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x1, 0x1, 0x4}, 0x0}) (async)
syz_usb_control_io(r0, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$uac1(r0, 0x0, 0x0) (rerun: 32)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000f40)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="200100080000a7"], 0x0}) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7}, 0x1c) (async, rerun: 32)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) (async, rerun: 32)
r2 = fcntl$dupfd(r1, 0x0, r1)
sendmsg$NFT_BATCH(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[], 0x56c}, 0x1, 0x0, 0x0, 0x40000}, 0x8051) (async, rerun: 32)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r2) (async, rerun: 32)
syz_genetlink_get_family_id$devlink(&(0x7f0000000340), r2) (async)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000000000207d1eed2c000000000001090224000100000000090400000103000200090000000025d47e74b5dcc699faa91f3e9901f288aecbe6ad888aa1a5b145d3200d7912970e31d41d46726847e7221e08fd7aaa5f4ad84580579ba737f920786da8363442bc72bc6c3e103a9fb448080f5ecce0da6ede97d4e10a26de85f64e075d838085ae302a724451bc7c1bd7e7ba2e89d4e9110ca028199061a9b494f795d62710b510d1d36ee9d6657fd1001c9d4f9cde30e3211a63208b28eaea75132d9c777284110218b2ff12eb7cd2f42b71bec5bc7e55af2658c21d93f78ebbbb12676c3389215d7c2872161c1d5700"/255], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00bf05"], 0x0, 0x0, 0x0, 0x0}, 0x0) (async, rerun: 64)
r4 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f000905820220"], 0x0) (rerun: 64)
syz_usb_control_io$cdc_ncm(r4, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) (async, rerun: 32)
syz_usb_ep_write$ath9k_ep1(r4, 0x82, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$uac1(r4, &(0x7f0000000140)={0xc, &(0x7f0000000080)={0x40, 0x4, 0x58, {0x58, 0x2, "57220d9dfddfa81090faa43ba602c25569a5a17c9a80f10d85fba6d776fba0deb91f9da924f04a5b7077f20570b78aeaf9583a9a4d321fddaf9b138352aa166a41e469c2957fc7e2460ee25d164dcfe34801339d7f59"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x415}}}, &(0x7f0000000440)={0x24, &(0x7f0000000180)={0x40, 0x12, 0x8b, "163957d1752e766904075902dced507d20032583a55715ca00354d1fadea662420d79a5d0490af6ba4c919a06b27b274fa8b36d391a5c6f9f55fc0ae1181aab0c5f1f3d5bd52a6e986f59a5772d33625544f9d8ccd793aac1344cd8d8952eb9119cd8a47497522c3b3e3ab63f6b87a8d0bc2828bf2e1b7bab8e6a10a7cb1cf14e959938b4d3dd5d46fa566"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0xf3}, &(0x7f00000002c0)={0x20, 0x81, 0x2, "d728"}, &(0x7f0000000300)={0x20, 0x82, 0x3, "7e7496"}, &(0x7f0000000340)={0x20, 0x83, 0x2, "a8d7"}, &(0x7f0000000380)={0x20, 0x84, 0x3, "75d5f3"}, &(0x7f0000000400)={0x20, 0x85, 0x3, "97b248"}})

38.137702701s ago: executing program 3 (id=257):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_create(0xfffffffd, 0x0, &(0x7f0000000040))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x202400, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, &(0x7f0000000000)="100c0681000000ba8b0ad775b31b", 0xe, 0xfffffffffffffffc)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0x0, 0x0, "8100e1c8e80b598c36ff000800"})
r3 = socket$kcm(0xa, 0x5, 0x0)
r4 = socket$kcm(0xa, 0x5, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB="9beb01031800000000000000000000008000000002"], 0x0, 0x1a}, 0x28)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x8916, &(0x7f0000000000)={r4})
r5 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x8916, &(0x7f0000000000)={r5})
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x8936, &(0x7f0000000000)={r4})
r6 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid\x00')
mount_setattr(0xffffffffffffffff, 0x0, 0x1000000, &(0x7f0000000300)={0x1000a4, 0x7a, 0x0, {r6}}, 0x20)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f00000003c0)=ANY=[], 0x0)

38.034994382s ago: executing program 2 (id=259):
r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setsig(r0, 0xa, 0x21)
fcntl$setlease(r0, 0x400, 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x73, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa12, 0xffffffff}, 0x0)
clock_adjtime(0x0, 0x0)
waitid(0x2, 0xffffffffffffffff, &(0x7f0000000200), 0x2, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socket$netlink(0x10, 0x3, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
r3 = timerfd_create(0x0, 0x0)
timerfd_settime(r3, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
epoll_pwait(0xffffffffffffffff, &(0x7f0000000240)=[{}], 0x1, 0x7fffffff, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f00000001c0)={0x1})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

37.765039148s ago: executing program 4 (id=261):
socket(0x10, 0x803, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000280)='syz_tun\x00', 0x10)
syz_emit_ethernet(0xf4, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0xe6, 0x300, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x640100fe, @local}, {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0xfffe, 0x0, 0x0, {[@mptcp=@syn={0x1e, 0xc, 0x9, 0x1, 0x8, 0x2, 0x1}]}}, {"22140c28dcfa5b3eebae890be63220b0ec8c5efb4773d29220fdaedb8c2f83aee18b62e198b41f73ba73409a73195f7326b239d182b9df62497f74a7d32703c925339da722f4176c01d3967f0c970e099f597d5493efa4ec474040ff3a1654a449a72313f74ac494128e7903e87e85386f11a5613e081bea417979534d2f6934820f234df6a50c59cf340f1d04a5db6266d3575d37d29ddcac68599e646d39a789cd41127134eb3ccad0243c1ddeaa35259a"}}}}}}, 0x0)

37.647972767s ago: executing program 4 (id=262):
r0 = socket(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2718, 0x0, &(0x7f0000000040))
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
pwritev2(r3, 0x0, 0x0, 0x6, 0x5, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f00000000c0), 0x5, 0x20980)
listen(0xffffffffffffffff, 0x0)
accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = socket$kcm(0x29, 0x2, 0x0)
r5 = getpid()
r6 = syz_pidfd_open(r5, 0x0)
process_madvise(r6, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000040)="7f", 0x1}], 0x2, 0xf, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000000)={<r7=>r4})
syz_open_procfs(0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@gettaction={0xc8, 0x32, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x68, 0x1, [{0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0x10, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0x10, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0x14, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x478000}}]}, @action_gd=@TCA_ACT_TAB={0x4c, 0x1, [{0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0x10, 0x12, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0x28, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x21, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0x14, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="240000001900010000000000000000001c14000000000000000000090005000001", @ANYRES32=0x0, @ANYBLOB="00000100000000000000010000000e0000001a000400000000000400", @ANYRES32=0x0, @ANYBLOB="00000400", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r7)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r8, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000240)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20000000)

37.003830546s ago: executing program 2 (id=264):
r0 = socket$kcm(0x10, 0x2, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}) (async)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f0000000000)=0x100000001, 0x4) (async)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) (async)
sendmmsg(r3, &(0x7f0000002580)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000012c0)=[{0xc, 0x1, 0x4f}], 0xc}}], 0x2, 0x4000800)
bind$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000c80)=[{{&(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000300)=[{&(0x7f0000000480)="51322549b503275563942611bb622ba7f6ac0f7695917ff135a6c00feaf3603a3c819a5302c55e265293ce18e7ebebb4af4ff45756eb33dfcc3e158132ad93a3407c34b021e3bfd4ccd84156f346f1edba11f1c97aa7f61a2ecc0530dae0d49df7be7e1cd5bf1e72d7aa912dda876c23c3ef3e1ef172b7805ebe1850b9afab22552eedbecf93ad10442989e659d86a99034f1774998a398be661c14312d4bcbea8e24c5f0c3010783e81a9a822cbef1d09a3db55a0ca22db00726fb51c6e465bd816ee8ef8ec1fedd7f9cb7c5658716f99d9173ec37dd7ed6e3e5d4e824872a49c1948ad7139af05c9385e7baf481c239e290692451f", 0xf6}, {&(0x7f0000000280)="8e0c9ff0e7fd3571889bd25bc3ec07d8c92f3477d30608cea80bcbac2ae6e34fc17d8233b5d1ab9b52c065a10c2e4acc0a9b043310656c0cfdddae22110c565e781309189a7ba7467c7c1b120d", 0x4d}], 0x2, &(0x7f0000000d80)=[@rights={{0x34, 0x1, 0x1, [r1, r3, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff, r0, r0, r2, r0]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, r0]}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff}}}, @cred={{0x18, 0x1, 0x2, {0x0, 0xee00}}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, r3, r1, r3, r2, r3]}}, @cred={{0x18}}], 0x108, 0x4000001}}], 0x1, 0x24004800)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) (async)
syz_open_dev$dri(0x0, 0x1ff, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) (async)
listen(r4, 0x0) (async)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) (async)
r6 = accept4(r4, 0x0, 0x0, 0x0) (async)
sendmmsg(r5, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000240)="e9a4ea8d246a02fb3d7b6d", 0xb}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x4008)
recvmsg$kcm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/150, 0x96}], 0x5}, 0x0) (async)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
syz_open_dev$dri(0x0, 0x1ff, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)

36.762528851s ago: executing program 2 (id=266):
socket$key(0xf, 0x3, 0x2)
mknod(&(0x7f00000025c0)='./control\x00', 0xc000, 0x4)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f00000001c0)='./file0\x00', 0x4000064f)
mkdir(&(0x7f0000000100)='./control\x00', 0x184)
open(&(0x7f00000000c0)='./control\x00', 0x573382, 0x113)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x3, &(0x7f0000000080)=[{0x2d, 0x0, 0x1}, {0xa4}, {0x6}]})
syz_open_dev$radio(&(0x7f0000001640), 0x0, 0x2)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x13, &(0x7f00000001c0)=[0x7ede5dd5, 0x7], 0x2)
r1 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2)
r2 = dup2(r1, r1)
read$FUSE(r2, &(0x7f0000000540)={0x2020}, 0x2020)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000002580)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000010c0)=@abs, 0x38)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x0, '\x00', @p_u8=&(0x7f0000000180)}})
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\x00\x00\x00\x00\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r5)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r6, &(0x7f00000000c0)=""/4096, 0x1000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)={0x3c, r8, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0)

36.644270182s ago: executing program 0 (id=267):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x1f8c, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x1, 0x0, r2}, &(0x7f00000002c0), &(0x7f0000000180))
mkdirat(r2, &(0x7f0000000140)='./file0\x00', 0x3)
write$cgroup_subtree(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="2d6e65745f636c73202d637075205af96edd10d9ebaecd7897b6216ed9d18ed71e9d3970df0f768903006ce0e5da79e073056dc0a967e9d8be757ff961ed72d352f2dbcf42fc1b1c58f2c7643e8d2889fe848e614942b3185080b1da8f06123a83c20943aea54c9dc75eb032924b7c77f49edc7330d9d4d6a024dba96c8bcdcb63fd09e6444f6dabda90ca83c5b8c1651f5cb4c71e9b38a44c35e4fbb88c9197304bed6015a7f813fd"], 0xe)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x1}, 0x5c)
r3 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r3, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)
setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f0000000240)=0x2, 0x4)

36.33183793s ago: executing program 1 (id=268):
ioctl$KVM_CAP_MAX_VCPU_ID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0x80, 0x0, 0x7fff})
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f0000000080))
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r3=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x8c, r2, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7, 0x75}}}}, [@NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0xc0}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x5}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, r4}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x20, 0xbe, "2f521cab9cfc0d5a2f64753fb37fa43f34b55e54ff88f5ce0fcfbd60"}, @NL80211_ATTR_STA_WME={0xc, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xbd}]}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x3}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x1f91}, @NL80211_ATTR_STA_PLINK_ACTION={0x5}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8804}, 0x20000810)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x21)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000340)={0x5, 0x6, 0x1, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000380), 0x10)
r6 = openat$sndtimer(0xffffff9c, &(0x7f00000003c0), 0x410880)
ioctl$SNDRV_TIMER_IOCTL_STATUS64(r6, 0x80605414, &(0x7f0000000400))
r7 = openat$sndseq(0xffffff9c, &(0x7f0000000480), 0x10080)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r7, 0x404c534a, &(0x7f00000004c0)={0x6, 0x7, 0x8})
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000540)='asymmetric\x00', &(0x7f0000000580))
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001800)={0xffffffffffffffff, 0x0, 0xfe, 0xa1, &(0x7f00000005c0)="5d1fc2f838b7a3b7473cb946a14e730f77aa79b0b95c2da25a6ed9cdccc4ef1d50a5a68e00b34b41a254179137aeaaea9e36914c78e2aadd5daebf88f6a743d9774cdf70398a00651f188cbe2ab8aa077da9185a19ca8d43bd4b9a98e004333a0ba2d39ab17de572f039f7f5f4facdc9434afc3842ecc425c454d245e7151a229d8c7783a2097f2900d178c8098ccbf3978d618cd78a1c1020e5f41a68299dd529c44cbd25d5a7761c8f133ae38dca374752d5a46ef05958dd26cef8bd754ced016ea3132526f141ae4594abc16689075ce9dfc35b2e8b6196ebc42b1dc39d42b305810b98c8c8c9d4be66a97c54e139cae8986b4485ae1b5545fd1c0f69", &(0x7f00000006c0)=""/161, 0x91d, 0x0, 0x76, 0x1000, &(0x7f0000000780)="4765961e45ec500f8e7024ddae72fd64df0f4c7dc52c234676be148c91179a2159710cf8a47ba5a42e83cec21bfe0251e47712d07dfb0d636c7956a717818da35c998f0e279e0e82c07aa89825e8c4e08534ffcaa1e6197e5a5065f3511bff208d9a3ae1b4a3b3ab4aa2d872cc1b00ec0f23af3a7cca", &(0x7f0000000800)="6b4a9bbe0710075cef269740ba633831aff9f19d764e65b7be4910064c66a343bf44ce0216a5bdf7f5ff5e49c3bb4f29b13b99baa35dd2dd1cef067a07e0dab56e5f57adb7ea16a7a1b4d292772f2eea81ae7fdd6f3463a9d373768dd6e53d3cc047ecabc2c7cc9010a75589473e359ffdfe6d63c2441e4f772726397b421b3f879c8dd047cc530b5a2e30c600862d74886cd99a6e27983b8e80a0edf3170335a497f6aa459bceba15fc354b4d8fbff9c84f916c162fde53e94c03840125ed8c3e0e16a4888c6616f1bfc7487ba2ad1140c3fbbe67b61abf4e928e6b466006ba771d60df62a20a82d3a70e414c60ca37b77e084ebff4cdec51895732594941abfeee1a1420339123becd9ad9b35c245fb91628f86cc698fd0333000e8c99d372bbb05e11b5030d8f7068518daf64c0bc0d4d878c4eb03e9dfb28396aeb965501a697ae8af49a53c7d8e9b849c404181ca233851c028a30febdbbd76f1feeb2d0f300d880aee8fc6d359f660d1b387214c6dd580c90b7e135b9ad7c7e4d93fb5b75a4758af3d67f01dd425f6e8b50e68a2fe0f46bf715c41081a61c3234a499539a79ae87df03d25aa11787fcd6d3db5f6330f98c960ac6ec7eb23fe951ce9b57c19019652a7cd85aa8cb85cd6c9a913212ec296cea85a976808692691ef305865fc0ea94e9defe80566cd87abb55ef77df54cbd3ddc7821ace516c3a6492d7884b43101fe8e14d3ef94a2ed2d7fe77c47ac1091817721809368e4b95e616c89eb6612da9861023328c125a9e1d0f594e1b53d647d69589418e3a0a38a72dbf1122019ea28b6e3dd8d8dcdddc1d97e1f8d91963c98ae0aa767613668322abdb83663df18d2c09e61f2554fc91d3571f62c9e59e4fcf14a0bab646a5b274be7b325895e06eb24eaed73418f73f3a9dbcad970e5e18e7c5b49bf0e3bc674e660654ea868eac560dbd66c453399361628f1b021a571ebb43aca5cd17a55ee2130f9ca650dbbb54639ad693d33b8627876d98562ff4dbaa49cc4f82cf04000f88da18cf9fbd71383d9104a5b04d93ef4c688ef3385a59bb81198c00f659cb92be8b930ed5ff116eac819717049cb9c9238c9fd7dcb0264fc735378afcce30f8c58bb6d2916592a57e8809c8fdd6c63794280861b11f9460a0d071c51b7da0fe24c9d16b7b3338e9e0175ce89d7b56987165778f2a4f5e97595b8f61300f37265f43dfe7f42e84fd1b04684410ec19df460a959a8e365e54c506ea522563882aa7c9db1327f75352dca4102308d45417347b8980e0212e1ff0eba9ff6e83e3d5909e6344459853b23a8d8c85a92d816c6682a88770a29036860c7b229bc258821333831cda9b0506b7b1e2443425c0965527d679ff5d6c73359854840f52891a23e3e23ccbb9e7b1294ba991e13d9051f51309f8c30bb486fd4e12abc1e28138899f0307a1c03a5c8ddbbaa488f2309e6d1defc30862961c3498004a57edee87647b4e2ff142dba22821de0210c93bca89f79da2fcfd4f184ef409905b66f5ba3d1a87c94c4508725e2126de9d9539f6ed9ba926374f10006cfbe6ad55d7e0e96ff9b0ba9f4a3840e59754d99003e6369d23bea1f00c45f615253af68fa6d230a8e4c0f7c738bc6e77f893fcacc4809884f5e42fe96ecee8dc1e324a2e407b82d7459e8b1f83ad9c5cc8c486dd4aa17ab788787da70f23335db104a0ec2d4f2c48eae9e679fdcf9a1da531cf1e2c95b0a276fd69ba2a6a1aa6726729eae6997f1287806c596e0fba210dcd6c7b4e8d26d7d17af19be3a1ad65c53b8c4e488cf6574afe90867061c144631266e45544e4c7a4a11d5fc07b7e0932a8d24ae6d543ae09c43f9ec4b6f9b70b2bd486dd1575f5fcd17d24ccec246f77a4ad0611d9c4a4a1c63d5f6e368da95399b9ddef564122cc0dbf24a5018a8beb211d376928f88180aa7e2548bdbc820312eb4a0fa004750ed18d6bc599ff751c2250a8c0fbabc153f64f0683b2c47f1fed38cd55de6658b14572175b985d3ee9bdae7a4cc2a462556060622258af003807cfc684d9ece84ed5c9db7d1a06f8eb2af495147000bd97706cab2c0c3e37c5f5158c050d9537de84781dd75294a107f75733a7573c797d8924610d7c47beb7956ffd3ffecefa9b08608e878d00a6cb0c3bf05e241dc53b15bf8aee95dc3af24ae5b9cfb4f27800d26f3317a7e8cdbf86ae293dd758184ac07cb965c6332feb77ddf70b7c2a6b8582c49c0a37ec920b8f3a260ff83958d8389c370b7e166f180985eb9662cfd7ae9a8a4814f433dbbcfe5b9c5f27dfe025d4af7f5e018e66468fa910680796167044b2e0bb65f254824e69d938970580c43ec2cf4668c121531f331ae38a85a35ef6f34d569b01b988af499ec2101c81df7a91b820cef67e65c75a44b443b0400b7c97af7222c4aae7e65da7a76e48e59909741313bd009e4cc5baf77c4a0e237b386079f122216372bc84bb5f35b57af7d54cb0da46ca8c3404a41bb43fdc325ead72932ff65966f101c4b078c2d513982727e33b24eac96a52e98691d9dba63db8bdcead22f28d3f92361208fbfcdd61e64b6c03b2c48dff8fa4dbbfed79ce15b47ba6237f6da6971561c3918a8fb1ebf1dc32acc559f95f780b89b336cf0ad2c9d47fd9b9e4dbaba558ce778cba19d63f21fba9d53997ee23e2b1e144ef848243336ffbdd0bc10f19da8fe5abb69fdab0e27697b51cfe8056d447eeae8d025241638ebc6ad739c5012544f3a72f266a9b566183e4455453428d38f50332e88f9e9e37b9aa5ae2a083ffc46cacc431ea89a1e06d2fa5c8bdd2316c48ace457b626743aad12331dc19d6d7bf3280b6219cb3fe42bb5a14051aa89da9ac68d66bf6aeca7483785b34ae37ff0de59a13292be0f95ecdef7916dc1c7488964aa24e86102a4fe421cd6f35fe8fef791967216a964e9daeb5ab883541f3c1f9e33da62d90323be9853cc8556c24c33fc66f757391588236b3d243c0712a1c25f852ab94c7f63bfac6c25069b6869add1fb0a209153c215b5f4d626905e27836a05baeb457239a291a3f81e9d4c1f88395c3a44fffc98362e0df739ec10e50c0f173b229f4dedad8347278eba7de33f2706653bee796f0cd2daf0434becbca7c27fddc1f4e46a56b7c00252aedeed5fd5e458bc3f1efd394810a072499367cb02c235759c6a5d456084271626ac6a044d2ca89678f6baa26f34863cf4b8510578cb6a590d18967f2c6f2af09a494ceab6476de151220c763fb6eb7ba52834348e99adae2a6e82b8b088de78cb686fb7d24a432e5d751562fee1699bae57654805b512ab7723550cfc4fcc74080f7e72d5182ab0ae8ade6a882588d12972768c0f2ec5a4cacd447f7cd12e2600b78a6398731d51e02fbb87a975d777f021f942887738c2dd5f00e5084333685da36723804767a137b276eb661fa387c3780b0d020771eec0a62017a4d4a40c9bafa26f9bc1022dffd1f9b3077ca79f994331190f32d82e0f6e5228f1ae86959b1a644862dc561de2f08d408f4faf25345fbf314f59679cefaf19db440a1fb94cd9791381a29de658120112625e047eeb6e9a1891507eeaf907b3257aa8f9886139abf9359f3506b06e9c7bc580c26c7ed33e501d9fd70b7f88dcb7d022566e7b6995e0f8c08336500adbb15d7946b1aa37b01b9b29006aa2972228951ca20709294a8d5468cfddeb5b4e0bae3da176fee2aa45003bd8959c56d315ef3c6f6c511a50cf2e42c083b35fb922760e3fefee4941ef0dbd5b7f54852efea47f693660ee188bd9fb8de226c73aec3fc0c687889ac206565baa41a55b710e3e33a4fa4a0fac0773f95fab0348c98c54c911ac1e3c7201f4c67b4ead6290a51f2c82420802f1021419526a82d284071dc7d516f4c39dce4e1dc89b901b921fe4886d4c7154e8f98d899e669988e548e83b430bca32e6882abdc53c3346c0855a89ecbffbceaec21ff68b6d63681485006aec45741de06e7813602aea1ac4533bc7d2704b6b321334755c162a7dc224c87194a001e23598a32e3620a1ae503c3684906d5d143cfe4743c079615d3a915c1c5897bf5a2fc258bfc1dcf681da7a7ad82e3cbf4acd618d6d1d2ab7a9cc13ccdab81494854edf68dbf0ebf136176aab54870a585d00133a51ebb9f569e82ddf0e1b188ec5361e41eca704057cd3363c0b34cf97060c981e810b58cb83c5fa33c704cd6cc09bbb36389e297847c7465d83ef1164a99f0a7412185c7e68ea3a1bf7a4736401457a794ddc2fca83b78c4b513032ba5be71d16b5beff4d0606f93f870f30c57d61eb00ff775e0cba9f8a1d8d48dfbb6ca2814a2deac40e2cfac702012985032de8bdf4f8259adcb69105348600885fd866434bce30421a785b53a3eaec07d00b9c826c9c124cc54458062ee82be07a7bf6b73b41148f32a2c1b39a3a027bdbf82ccd4ec62eba811483b43a56a4b9d06b5364618ec5714a92fca0fa3d45ac0ffd9aeb0064799cb393619d352249337e2965479fec1141f6cde875e3f106314209789c3d3bbb8e5018927e4981152442d8528b8710ca925f53888174dd8233b2414b0cd3f716a8af9e99b536a23355e8bc90c9fef7bc5289326a3e549c73dd5aa599adc7d0926ce1ad678fba852e04617c8d1f75062f03f7046ff64c12d9b8cc7c613d79c0f6645abe14452ce3815a407185d5e55faa7ba6d646f4532e39671b2e6e9648c57c98279fd21af485433188f42ffdd74662a76c60beafcc099df44bfca7b460136ac05ead983fdb11365e5cb9042a0b0a02abd4ab8c404272f4f61360032074007e48d5f3281b3c87f9fe4a89ba4cc3da3491229599831f279c19d7b1d9cc77c2b9b08c0fe63867cdad90184211cf615d7ba31a75b8290ec9c34b16b3c10975d50cb3ef470a1ef9745e64457e08c0dffdb41cec8baaef9aa118d47e719bab4a48edc0133acd035aa21a417d7fa2d879f121ce527bb16590efb7c7da369bf8a4eee2ae88a19c1592dba7cb3b5ab8d3feb38987d6cada469dd59dbcc9989bce0b1c0b3580ca3bab0281e170bed81480bf8519c1e820b8470c31b1ee1adc2dbb0e838923c26e1ca378433f9d10bb38e2a96021fb0112d9ed1198f8a733ce6ea94ab3762c2b23ec0900fd3c5750331abd6a1f12b7c665a6d7c7eb42fcdcbea4042983690f657436aace8b51af63b5e24d4e5fc58c74d0bb2a1c660dfd2b3247af44e9741047b49bce0a20affbf23ef4259ba804d428e7628a2354d47e9bb4c47d6c73a941e7727ce71139aa3dc60c6afc4a8a653f56b0faa458fcf03a5c724b56870eb735306f3fe5463f5be93fd2d6fd3a10ba385310dac8409f4e293f186aa33df28dd461b319e788d92235f1407d3be5b630d87c70168007990de9d4b4f6f50eba41daa0684823c8b3f9df951c2322dfd6ae6b88094caf8984b493b20ae5e877d52dc86081d5efea408699aaaaa52bb2cad513552cac7140eb219a43a96800b23ccc03a868a194723f9c5924c1eee4b07ab76d319a1a391bd9b508d4b270947e60836d76dbabd3ba4945826d62938964d3fe0fe6ab6889d907f26cded14c2a12caf7ed2b47eaafaf609896f15b2f1ef6a691e170056467d8a714fbf899f3543805686381c0273e9b59b331379fdfd0886f1e7dec74b3bf59052fbd9dc92ddefdc8d23b337ecc372c52fb3ac417be0f30bb9fdacbcaf35f0ce259339a199f4ebff3c046473a484295ee2f666c50e8cc00b896a84a1adc27b04c2439e8b349f311f16a1f1f868f10f566fd5267dc74d6f3c3d62d65", 0x7, 0x0, 0x4b65}, 0x4c)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000018c0), r1)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000001980)={'syztnl1\x00', &(0x7f0000001900)={'ip6gre0\x00', <r10=>0x0, 0x29, 0xf, 0x5, 0x5, 0x21, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, 0x10, 0x10, 0x3}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000019c0)={'vxcan1\x00', <r11=>0x0})
getsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f0000001a00)={@loopback, <r12=>0x0}, &(0x7f0000001a40)=0x14)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000001b40)={&(0x7f0000001880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001b00)={&(0x7f0000001a80)={0x78, r9, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x40}, 0x20000081)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r6, &(0x7f0000001c80)={&(0x7f0000001b80)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001c40)={&(0x7f0000001bc0)={0x54, r9, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8, 0xe, 0xc}, @ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0xfffffffd}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH={0x8, 0x14, 0x8001}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5, 0x18, 0x1}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5}, @ETHTOOL_A_COALESCE_TX_USECS_IRQ={0x8, 0x8, 0x200}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0x80}]}, 0x54}, 0x1, 0x0, 0x0, 0x4008000}, 0x40)
write$input_event(0xffffffffffffffff, &(0x7f0000001cc0)={{0x0, 0xea60}, 0x2, 0x1, 0x3}, 0x10)
r13 = openat$sw_sync_info(0xffffff9c, &(0x7f0000001d00), 0x0, 0x0)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r13, &(0x7f0000001d80)={&(0x7f0000001d40)={0x10, 0x0, 0x0, 0x10008120}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40040}, 0x40800)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x15)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000001dc0)=[@window={0x3, 0x1, 0xfff}, @mss={0x2, 0x4}], 0x2)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r13, 0xc018937e, &(0x7f0000001e00)={{0x1, 0x1, 0x18, r1, {0x2}}, './file0\x00'})

36.190755567s ago: executing program 1 (id=269):
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0xe4}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, 0x0, 0x0)
listen(r0, 0x3)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000500)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0x0, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x8}]}}}}}}}, 0x0)

36.15472529s ago: executing program 0 (id=270):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/udp6\x00')
preadv(r0, &(0x7f0000000800), 0x0, 0x14d, 0x0)

36.101547624s ago: executing program 1 (id=271):
r0 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)=""/116, 0x74}, {&(0x7f00000047c0)=""/4057, 0xfd9}, {&(0x7f00000037c0)=""/4073, 0xfe9}, {&(0x7f0000000700)=""/237, 0xed}, {&(0x7f0000000080)=""/160, 0xa0}, {&(0x7f0000000140)=""/59, 0x3b}], 0x6}, 0x100)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1)
r2 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", "037ec42b", '\x00', "64bdac32", ["e86621d9cc668c391f77c506", "3549ffffffffffffff010800", "2fc7977386a7a0236a9cc1f0", "cf6cce2296b3f853e224c4e0"]})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x11, 0xa, 0x5)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendto$inet(r5, &(0x7f0000002100)="cf3a19d02404e49cf90a0a4363d1", 0xe, 0x800, &(0x7f0000000040)={0x2, 0x4e20, @remote}, 0x12)

36.101299213s ago: executing program 0 (id=272):
syz_emit_ethernet(0x32, &(0x7f00000002c0)={@multicast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x17c1, 0x10, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "d482449a"}}}}}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x20, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)=[0x0, <r2=>0x0], &(0x7f0000000340), 0x0, 0x2, 0x0, 0x0, r1})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000440)={0x1, r2, r1})
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x6, <r3=>0xffffffffffffffff, 0x1})
ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000240)=@attr_other={0x0, 0x3, 0xffffffff, &(0x7f00000001c0)=0x9})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x9, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x4e, 0x7fffffffffffe, 0x5, 0x0, 0x6, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182})
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0xffffffff, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x6)
ioctl$sock_inet6_tcp_SIOCATMARK(r7, 0x8905, &(0x7f00000000c0))
ioctl$KVM_RUN(r6, 0xae80, 0x0)

36.100638766s ago: executing program 4 (id=273):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2000e9ffff090300000000000000000007000004090001008625eb9cd1737fad74000000090a010400000000000000000700000408000a40000020000900020073797830000000000900010073797a3000000000080005400000000e30001280140001800c000100636f756e746572000400028018001d800e0001006c7a40a7482a9effff000000040002800800034000000130140000001000010000000000000000000084000a69ed7a012a33835f66c646698214f4b77fb491cf93fe0791251eabb0d784c655df099b95a6eb6ce13b580c3c02fb56fd4354d6b60bfdcbcb472bf8d78fc5c5dcc53d79f9ae1b90b8029c1090273a84e5711319a2f092a861e3f693505afb41d8036c933aea21339d4e89b9631d809da8f97450e69c88e5d5424b5447e1c2d7871faf50561440120cce1a2d3fc29ea96cd11bd7bc6cd8fb295fa37a0ab274839a99cdcf846c4e767e4b5fe9fafcd22de571eeb3aebf4429b6954f93e2571bf245ef0c65d825e34c3c0ba9ac45bdfce0923367e29462879d28d9af977b"], 0xbc}}, 0x20050800)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_create(0xfffffffd, 0x0, &(0x7f0000000040))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x202400, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, &(0x7f0000000000)="100c0681000000ba8b0ad775b31b", 0xe, 0xfffffffffffffffc)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0x0, 0x0, "8100e1c8e80b598c36ff000800"})
r5 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000100), 0x4)
r6 = socket$kcm(0xa, 0x5, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYRES8=r3], 0x0, 0x1a, 0x0, 0x0, 0x8}, 0x28)
ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x8916, &(0x7f0000000000)={r6})
r7 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x8916, &(0x7f0000000000)={r7})
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x8936, &(0x7f0000000000)={r6})
r8 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/net\x00')
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000300)={0x1000a4, 0x7a, 0x0, {r8}}, 0x20)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r9=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

35.848113293s ago: executing program 2 (id=274):
r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setsig(r0, 0xa, 0x21)
fcntl$setlease(r0, 0x400, 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x73, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa12, 0xffffffff}, 0x0)
clock_adjtime(0x0, 0x0)
waitid(0x2, 0xffffffffffffffff, &(0x7f0000000200), 0x2, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socket$netlink(0x10, 0x3, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
r3 = timerfd_create(0x0, 0x0)
timerfd_settime(r3, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
epoll_pwait(0xffffffffffffffff, &(0x7f0000000240)=[{}], 0x1, 0x7fffffff, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f00000001c0)={0x1})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

35.847615397s ago: executing program 0 (id=275):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r0, 0x4068aea3, &(0x7f00000001c0))
r5 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4138ae84, &(0x7f0000000080)=@x86={0x6, 0x8, 0x3, 0x0, 0x3, 0x8a, 0xce, 0x1c, 0x9, 0xa0, 0x7d, 0x8, 0x0, 0xd6e, 0xb, 0x2, 0x8, 0x8, 0xfc, '\x00', 0x9, 0xfffffffffffffff7})
r6 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x8, 0x80, 0x0, '\x00', 0x5c8d})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

35.6483554s ago: executing program 0 (id=276):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000340)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x1305, 0x0, 0xe, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

35.038761461s ago: executing program 4 (id=277):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0xc, 0x1, 0x7})
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
timerfd_create(0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x20000000000001f4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300))
r2 = syz_io_uring_setup(0x24f6, &(0x7f00000006c0)={0x0, 0x0, 0x10100, 0x0, 0x1c5}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000180)=<r4=>0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[@ANYRES64=r2], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r5, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x24844})
io_uring_enter(r2, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000004700)=""/4097, 0x1001}, {&(0x7f0000003700)=""/4074, 0xfea}, {&(0x7f0000002500)=""/4137, 0x1029}, {&(0x7f0000000780)=""/174, 0xae}, {&(0x7f0000000640)=""/180, 0xb4}, {&(0x7f0000000500)=""/181, 0xb5}, {&(0x7f0000000340)=""/144, 0x90}], 0x7}, 0x0)

34.778979937s ago: executing program 0 (id=278):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x5, 0xe4}]}, 0x8)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001280)="bb2d839f3bf337ccd0d8f3513ab30aba4b00b6f0ef506a60f4082ace5a8a10d80d8d595071f2ff529ff6996481ffc7e4de448343b85079722c4f1a1ce360836392283201a1a5ac0b6e24ccf9f075c64fe58b7a37d37019a49908876bc37c9f304eeefed8a6d8cae3ca0f81e900c8735b8b3063967b68a1567e30726f2c0edb6c85e78619700b0645b728a0c88b22d18366a6db2e391401feb630396bf42b987b102eb2d0a804e188648df6c8ddd79e0fde3893930e06e91c39cc01d239a1c20cb0cee84da924212382163c6638e798d66660c356195a56523456052c42aca7c8404e259561dfea5cbdc21a31b7e7eb73a710b68ba2ae2eff86d3d4fbda8b72014f5de839d48acbc9d217f7ac0b3362a66f3a7d04277cc4b918687ed082170f98dc54bd56f28ea3fecc4e86e1820ed811919dac4d09c18e27c4d839c7ac015d34522c7d87ae968dc872d97db81da9a4b6f631535348d9d44ca3fe846f6706fd3d3bd2f62f2d046a2973c9e8c6ccbf96fd0060d532433732627bf213a35870cea250f79ac773b8adba386e0ae960801b073646dcfe7c89f0cb410d22146cb3109bb9a12649e943104875c0272dfdfac5998854c0f62438909522fba45a4ac83b917a6d9a45704fefe035986b7ae676dd6b8094d2ce7ed64f0aaf138cc827553d74b2c04488d849df41fb98a6c966c07cbb1a9fe3ee5e41c3082c51b37f9df811461cf123830ee606c7b5816b6b86b21860177bfc3fd9aeb689dbb39963a55cee2afe7352200f719a3c0fe44e059446bd7226d9e814d2358c2524c0103c48f7516cc69eb04815bbef84a5bd840a5131f45c335ef8939d6100cf89160f5f1c5aec60e479d18f4680a5a525964fbf2371c1493df2c3e67f98645f329d984250dc98a48a5ab14624438ad259145794a22055ace7d33b5218ed2bda0a528bee49e4e4ae3068477da429945eef0e06128a3202f62634d8faba02e7a951fd2ceba99d2a1488872c66ceef1c5ba5a3e4a523be", 0x2ce}], 0x1}}], 0x1, 0x40000d0)
sendto$inet(r0, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0)

34.778511427s ago: executing program 3 (id=279):
r0 = socket$inet6(0xa, 0x4, 0x10006)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) (async)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) (async)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close(r0) (async)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0)

34.769215738s ago: executing program 1 (id=280):
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
removexattr(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0/file0\x00', &(0x7f0000000240)=@known='trusted.overlay.opaque\x00')
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6(0xa, 0x807, 0x2)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r1, &(0x7f0000002600)={0xa, 0x4e22, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000180)=[{&(0x7f0000000400)="580000001500add427323b472545b4560a117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000100070000000900020073797a30000000001400079b0800124000000000080013400000000011000300060000003a69702c6d61726b0000000800000500020000000500040000000000"], 0x60}}, 0x0)
r3 = add_key$user(&(0x7f00000002c0), &(0x7f0000000180)={'syz', 0x2}, &(0x7f0000000280)="85952b177328da2f8757c9343d", 0xd, 0xfffffffffffffffd)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r4, r3}, 0x0, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'veth0_to_hsr\x00', <r6=>0x0})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r9, 0x8140aecc, &(0x7f0000000080)={0x2, 0x0, 0x6})
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0a000000000000008a04000000000002060000000000000050030000000000eb0000b40000000000490000002c09000000000000030000000000710000000000000063090000000000000100000000000000ad0a0000000000003a0e0000000000171b0a00000000000010000000000000008802000000000000ffffffffffffffffa50b0000000000000f00"/158])
ioctl$KVM_SET_MSRS(r9, 0x4140aecd, &(0x7f0000000080)=ANY=[])
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x6e)
syz_usb_connect(0x0, 0x24, &(0x7f00000004c0)=ANY=[@ANYRESOCT=r10, @ANYRES64=r6, @ANYRES16=r0, @ANYRES64=r5, @ANYRESHEX=r0, @ANYRES64=r0, @ANYRES32=r5], 0x0)
setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
io_setup(0x42, &(0x7f0000000100))
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='pids.current\x00', 0x275a, 0x0)
rmdir(&(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00')
write$UHID_CREATE2(r11, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r11, 0x0)

26.1211277s ago: executing program 3 (id=281):
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x4, 0x80)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000180)={0x0, 0xc, 0x3012})
r1 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
socket$nl_rdma(0x10, 0x3, 0x14)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000440)={0x0, 0x79a8, 0x8, 0x1, 0x29a}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)
recvmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000004700)=""/4097, 0x1001}, {&(0x7f0000003700)=""/4074, 0xfea}, {&(0x7f0000002500)=""/4137, 0x1029}, {&(0x7f0000000780)=""/174, 0xae}, {&(0x7f00000005c0)=""/172, 0xac}, {&(0x7f0000000500)=""/181, 0xb5}, {&(0x7f0000000340)=""/144, 0x90}], 0x7}, 0x0)

0s ago: executing program 32 (id=274):
r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setsig(r0, 0xa, 0x21)
fcntl$setlease(r0, 0x400, 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x73, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa12, 0xffffffff}, 0x0)
clock_adjtime(0x0, 0x0)
waitid(0x2, 0xffffffffffffffff, &(0x7f0000000200), 0x2, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socket$netlink(0x10, 0x3, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
r3 = timerfd_create(0x0, 0x0)
timerfd_settime(r3, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
epoll_pwait(0xffffffffffffffff, &(0x7f0000000240)=[{}], 0x1, 0x7fffffff, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f00000001c0)={0x1})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.60' (ED25519) to the list of known hosts.
[   48.826392][ T5845] cgroup: Unknown subsys name 'net'
[   49.012434][ T5845] cgroup: Unknown subsys name 'cpuset'
[   49.019690][ T5845] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.167442][ T5845] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   52.259777][ T5860] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   52.271914][ T5860] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   52.278967][ T5860] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   52.285423][ T5868] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   52.286571][ T5860] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   52.300636][ T5860] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   52.307746][ T5860] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   52.308052][ T5868] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   52.315716][ T5860] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   52.329582][ T5860] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   52.337306][ T5860] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   52.338358][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   52.352448][ T5868] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   52.360164][ T5868] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   52.361758][ T5871] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   52.368186][ T5868] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   52.374851][ T5871] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   52.381252][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   52.389216][ T5871] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   52.397116][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   52.403238][ T5871] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   52.409433][ T5870] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   52.424547][ T5868] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   52.433505][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   52.441449][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   52.814542][ T5875] chnl_net:caif_netlink_parms(): no params data found
[   52.829697][ T5878] chnl_net:caif_netlink_parms(): no params data found
[   52.865571][ T5879] chnl_net:caif_netlink_parms(): no params data found
[   52.912406][ T5874] chnl_net:caif_netlink_parms(): no params data found
[   52.964513][ T5873] chnl_net:caif_netlink_parms(): no params data found
[   53.010841][ T5875] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.017992][ T5875] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.025345][ T5875] bridge_slave_0: entered allmulticast mode
[   53.032106][ T5875] bridge_slave_0: entered promiscuous mode
[   53.049303][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.056441][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.063759][ T5878] bridge_slave_0: entered allmulticast mode
[   53.070204][ T5878] bridge_slave_0: entered promiscuous mode
[   53.080068][ T5875] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.087296][ T5875] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.094587][ T5875] bridge_slave_1: entered allmulticast mode
[   53.101089][ T5875] bridge_slave_1: entered promiscuous mode
[   53.119795][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.126954][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.135419][ T5878] bridge_slave_1: entered allmulticast mode
[   53.142181][ T5878] bridge_slave_1: entered promiscuous mode
[   53.193495][ T5879] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.200823][ T5879] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.207952][ T5879] bridge_slave_0: entered allmulticast mode
[   53.215060][ T5879] bridge_slave_0: entered promiscuous mode
[   53.224344][ T5878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.241028][ T5875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.263676][ T5879] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.271092][ T5879] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.278239][ T5879] bridge_slave_1: entered allmulticast mode
[   53.285568][ T5879] bridge_slave_1: entered promiscuous mode
[   53.293320][ T5878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.311137][ T5874] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.318222][ T5874] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.325463][ T5874] bridge_slave_0: entered allmulticast mode
[   53.332038][ T5874] bridge_slave_0: entered promiscuous mode
[   53.340910][ T5875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.367953][ T5874] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.375454][ T5874] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.382953][ T5874] bridge_slave_1: entered allmulticast mode
[   53.389413][ T5874] bridge_slave_1: entered promiscuous mode
[   53.415001][ T5878] team0: Port device team_slave_0 added
[   53.433351][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.440539][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.447670][ T5873] bridge_slave_0: entered allmulticast mode
[   53.455222][ T5873] bridge_slave_0: entered promiscuous mode
[   53.463880][ T5879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.475104][ T5879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.485368][ T5878] team0: Port device team_slave_1 added
[   53.506117][ T5875] team0: Port device team_slave_0 added
[   53.513771][ T5875] team0: Port device team_slave_1 added
[   53.519657][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.526846][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.534474][ T5873] bridge_slave_1: entered allmulticast mode
[   53.541349][ T5873] bridge_slave_1: entered promiscuous mode
[   53.561114][ T5874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.571645][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.578589][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.605213][ T5878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.636609][ T5874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.646175][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.653282][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.679946][ T5878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.704255][ T5879] team0: Port device team_slave_0 added
[   53.720015][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.727237][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.753170][ T5875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.768091][ T5873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.779609][ T5873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.789643][ T5879] team0: Port device team_slave_1 added
[   53.810934][ T5874] team0: Port device team_slave_0 added
[   53.818550][ T5874] team0: Port device team_slave_1 added
[   53.824925][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.832048][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.858041][ T5875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.881755][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.888711][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.914726][ T5879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.943182][ T5873] team0: Port device team_slave_0 added
[   53.955095][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.962115][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.988494][ T5879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.006540][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.013548][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.040093][ T5874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.052670][ T5873] team0: Port device team_slave_1 added
[   54.074955][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.081993][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.108264][ T5874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.131008][ T5878] hsr_slave_0: entered promiscuous mode
[   54.137240][ T5878] hsr_slave_1: entered promiscuous mode
[   54.157356][ T5875] hsr_slave_0: entered promiscuous mode
[   54.163845][ T5875] hsr_slave_1: entered promiscuous mode
[   54.169686][ T5875] debugfs: 'hsr0' already exists in 'hsr'
[   54.175779][ T5875] Cannot create hsr debugfs directory
[   54.188535][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.195812][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.221864][ T5873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.248013][ T5879] hsr_slave_0: entered promiscuous mode
[   54.254745][ T5879] hsr_slave_1: entered promiscuous mode
[   54.260842][ T5879] debugfs: 'hsr0' already exists in 'hsr'
[   54.266578][ T5879] Cannot create hsr debugfs directory
[   54.273841][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.281010][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.307102][ T5873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.367235][ T5874] hsr_slave_0: entered promiscuous mode
[   54.374068][ T5874] hsr_slave_1: entered promiscuous mode
[   54.379979][ T5874] debugfs: 'hsr0' already exists in 'hsr'
[   54.386018][ T5874] Cannot create hsr debugfs directory
[   54.420547][ T5870] Bluetooth: hci4: command tx timeout
[   54.467636][ T5873] hsr_slave_0: entered promiscuous mode
[   54.474062][ T5873] hsr_slave_1: entered promiscuous mode
[   54.479896][ T5873] debugfs: 'hsr0' already exists in 'hsr'
[   54.486602][ T5873] Cannot create hsr debugfs directory
[   54.500432][ T5861] Bluetooth: hci0: command tx timeout
[   54.500487][   T51] Bluetooth: hci3: command tx timeout
[   54.505874][ T5870] Bluetooth: hci2: command tx timeout
[   54.511310][   T51] Bluetooth: hci1: command tx timeout
[   54.714947][ T5878] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   54.727759][ T5878] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   54.739645][ T5878] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   54.752824][ T5878] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   54.782832][ T5875] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   54.797416][ T5875] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   54.816622][ T5875] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   54.826308][ T5875] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.861085][ T5879] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   54.871494][ T5879] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   54.888817][ T5879] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   54.898503][ T5879] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   54.943177][ T5874] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   54.954101][ T5874] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   54.964353][ T5874] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   54.975167][ T5874] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   55.029746][ T5878] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.064553][ T5873] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.075649][ T5873] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.094350][ T5878] 8021q: adding VLAN 0 to HW filter on device team0
[   55.101867][ T5873] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.111094][ T5873] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   55.136162][ T2956] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.143297][ T2956] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.159012][ T5875] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.168744][ T2956] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.175885][ T2956] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.211946][ T5875] 8021q: adding VLAN 0 to HW filter on device team0
[   55.243038][ T5879] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.253862][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.260989][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.274186][ T5878] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.295361][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.302568][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.345216][ T5879] 8021q: adding VLAN 0 to HW filter on device team0
[   55.368415][ T5878] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.385442][ T5874] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.406701][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.413845][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.423484][ T2989] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.430589][ T2989] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.448143][ T5874] 8021q: adding VLAN 0 to HW filter on device team0
[   55.482590][  T266] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.489699][  T266] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.508415][ T5873] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.527729][  T266] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.534819][  T266] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.575492][ T5873] 8021q: adding VLAN 0 to HW filter on device team0
[   55.590070][ T5878] veth0_vlan: entered promiscuous mode
[   55.612398][ T5875] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.621500][  T266] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.628566][  T266] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.638850][  T266] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.645935][  T266] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.659438][ T5878] veth1_vlan: entered promiscuous mode
[   55.676639][ T5879] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.725288][ T5873] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.746900][ T5874] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.756883][ T5878] veth0_macvtap: entered promiscuous mode
[   55.776079][ T5878] veth1_macvtap: entered promiscuous mode
[   55.794138][ T5875] veth0_vlan: entered promiscuous mode
[   55.808005][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.818934][ T5873] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.831607][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.849555][ T5879] veth0_vlan: entered promiscuous mode
[   55.859159][ T5875] veth1_vlan: entered promiscuous mode
[   55.873379][ T2956] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.894868][ T2956] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.904013][ T2956] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.926453][ T5879] veth1_vlan: entered promiscuous mode
[   55.939867][ T2956] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.977389][ T5875] veth0_macvtap: entered promiscuous mode
[   55.985747][ T5874] veth0_vlan: entered promiscuous mode
[   55.991998][ T5873] veth0_vlan: entered promiscuous mode
[   56.006596][ T5874] veth1_vlan: entered promiscuous mode
[   56.016533][ T5875] veth1_macvtap: entered promiscuous mode
[   56.029581][ T5879] veth0_macvtap: entered promiscuous mode
[   56.060910][ T5879] veth1_macvtap: entered promiscuous mode
[   56.069734][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.079801][ T5879] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.094452][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.095311][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.109952][ T5873] veth1_vlan: entered promiscuous mode
[   56.131817][ T5879] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.145038][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.166004][ T1111] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.176356][ T1111] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.194934][  T266] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.203681][  T266] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.212958][ T1111] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.222333][ T1111] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.236324][ T5874] veth0_macvtap: entered promiscuous mode
[   56.253004][ T1111] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.268104][ T5878] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.273628][ T1111] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.319888][ T5874] veth1_macvtap: entered promiscuous mode
[   56.339670][ T1111] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.349896][ T1111] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.401563][ T5873] veth0_macvtap: entered promiscuous mode
[   56.410049][ T1111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.422766][ T1111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.431709][ T5873] veth1_macvtap: entered promiscuous mode
[   56.449330][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.510654][   T51] Bluetooth: hci4: command tx timeout
[   56.580578][   T51] Bluetooth: hci1: command tx timeout
[   56.591235][   T51] Bluetooth: hci2: command tx timeout
[   56.591273][ T5861] Bluetooth: hci0: command tx timeout
[   56.602555][ T5870] Bluetooth: hci3: command tx timeout
[   56.634562][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.639427][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.655248][ T1111] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.660033][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.675596][ T2956] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.679201][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.684013][ T2956] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.705356][ T1111] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.714294][ T1111] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.742511][  T266] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.746872][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.758207][  T266] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.769776][ T1111] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.904524][ T5951] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5'.
[   56.922403][ T1111] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.960234][ T1111] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.990805][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.040238][ T1111] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.089094][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.097311][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.121920][ T1111] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.480397][ T5942] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   57.530565][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.538997][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.548046][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.639119][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.639124][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.639140][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.669335][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.700974][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.710759][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.723789][ T5942] usb 2-1: Using ep0 maxpacket: 32
[   57.758066][ T5942] usb 2-1: config 0 has an invalid interface number: 182 but max is 0
[   57.770402][ T5942] usb 2-1: config 0 has no interface number 0
[   57.779885][ T5942] usb 2-1: config 0 interface 182 has no altsetting 0
[   57.788434][ T2956] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.799926][ T5942] usb 2-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=2a.74
[   57.804650][ T2956] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.810026][ T5942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   57.850670][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.860823][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.960446][ T5942] usb 2-1: Product: syz
[   57.968903][ T5942] usb 2-1: Manufacturer: syz
[   57.996338][ T5942] usb 2-1: SerialNumber: syz
[   58.021510][ T5942] usb 2-1: config 0 descriptor??
[   58.061965][ T5942] gspca_main: spca500-2.14.0 probing 046d:0900
[   58.140751][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   58.381538][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   58.580542][ T5861] Bluetooth: hci4: command tx timeout
[   58.612440][ T5978] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7'.
[   58.620877][ T5942] gspca_spca500: reg write: error -32
[   58.670742][ T5942] gspca_spca500: reg write: error -32
[   58.676831][ T5861] Bluetooth: hci0: command tx timeout
[   58.683531][ T5861] Bluetooth: hci3: command tx timeout
[   58.688784][ T5870] Bluetooth: hci2: command tx timeout
[   58.688942][ T5861] Bluetooth: hci1: command tx timeout
[   58.710783][ T5942] gspca_spca500: reg write: error -32
[   58.716455][ T5942] gspca_spca500: reg write: error -32
[   58.722912][ T5942] gspca_spca500: reg write: error -32
[   58.728703][ T5942] gspca_spca500: reg write: error -32
[   58.786182][ T5942] gspca_spca500: reg write: error -32
[   58.880428][ T5942] gspca_spca500: reg write: error -32
[   58.976489][ T5942] gspca_spca500: reg write: error -32
[   59.013206][ T5942] gspca_spca500: reg write: error -32
[   59.037354][ T5942] gspca_spca500: reg write: error -32
[   59.060701][ T5942] gspca_spca500: reg write: error -32
[   59.106936][ T5942] gspca_spca500: reg write: error -32
[   59.127326][ T5942] gspca_spca500: reg write: error -32
[   59.784768][ T5991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.830927][ T5991] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   60.226470][ T5931] usb 2-1: USB disconnect, device number 2
[   60.244322][ T5999] netlink: 236 bytes leftover after parsing attributes in process `syz.0.13'.
[   60.260734][ T3098] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   60.615447][   T30] audit: type=1326 audit(1755715790.952:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6003 comm="syz.4.15" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[   60.642329][   T30] audit: type=1326 audit(1755715790.952:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6003 comm="syz.4.15" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[   60.663971][    C0] vkms_vblank_simulate: vblank timer overrun
[   60.670168][ T5861] Bluetooth: hci4: command tx timeout
[   60.675839][   T30] audit: type=1326 audit(1755715790.952:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6003 comm="syz.4.15" exe="/root/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf70fe539 code=0x7ffc0000
[   60.697450][    C0] vkms_vblank_simulate: vblank timer overrun
[   60.704449][   T30] audit: type=1326 audit(1755715790.952:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6003 comm="syz.4.15" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[   60.730504][   T30] audit: type=1326 audit(1755715790.952:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6003 comm="syz.4.15" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[   60.752092][    C0] vkms_vblank_simulate: vblank timer overrun
[   60.758545][ T5861] Bluetooth: hci2: command tx timeout
[   60.758726][ T5868] Bluetooth: hci3: command tx timeout
[   60.764092][ T5861] Bluetooth: hci0: command tx timeout
[   60.764120][ T5861] Bluetooth: hci1: command tx timeout
[   60.764526][   T30] audit: type=1326 audit(1755715790.952:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6003 comm="syz.4.15" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[   60.801996][    C0] vkms_vblank_simulate: vblank timer overrun
[   60.817604][ T6008] netlink: 'syz.3.17': attribute type 5 has an invalid length.
[   60.903307][ T3098] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   60.962565][   T30] audit: type=1326 audit(1755715790.962:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6003 comm="syz.4.15" exe="/root/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70fe539 code=0x7ffc0000
[   60.984285][    C0] vkms_vblank_simulate: vblank timer overrun
[   61.305574][ T6017] syz.0.28 uses obsolete (PF_INET,SOCK_PACKET)
[   61.316962][ T6012] capability: warning: `syz.0.28' uses deprecated v2 capabilities in a way that may be insecure
[   61.329891][   T30] audit: type=1326 audit(1755715790.962:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6003 comm="syz.4.15" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[   61.351478][    C0] vkms_vblank_simulate: vblank timer overrun
[   61.354912][ T3098] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   61.433855][   T30] audit: type=1326 audit(1755715790.962:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6003 comm="syz.4.15" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[   61.450472][ T3098] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   61.515107][ T3098] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   61.561035][ T5996] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[   61.611667][ T3098] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[   61.700490][ T6021] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   61.728636][   T30] audit: type=1326 audit(1755715790.962:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6003 comm="syz.4.15" exe="/root/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf70fe539 code=0x7ffc0000
[   61.750305][    C0] vkms_vblank_simulate: vblank timer overrun
[   62.024513][ T6028] vivid-001: disconnect
[   62.067076][ T6029] netlink: 8 bytes leftover after parsing attributes in process `syz.1.19'.
[   62.865813][ T6027] vivid-001: reconnect
[   63.071382][ T6050] netlink: 12 bytes leftover after parsing attributes in process `syz.3.29'.
[   63.093143][ T6052] Zero length message leads to an empty skb
[   63.107025][ T6052] netlink: 16 bytes leftover after parsing attributes in process `syz.0.30'.
[   63.125558][ T6052] bond0: entered promiscuous mode
[   63.131619][ T6052] bond_slave_0: entered promiscuous mode
[   63.137611][ T6052] bond_slave_1: entered promiscuous mode
[   63.200577][ T3098] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   63.218977][ T6052] bond0: left promiscuous mode
[   63.223956][ T6052] bond_slave_0: left promiscuous mode
[   63.229507][ T6052] bond_slave_1: left promiscuous mode
[   63.231671][ T5942] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   63.402981][ T5942] usb 5-1: config index 0 descriptor too short (expected 12306, got 18)
[   63.515270][ T5942] usb 5-1: config 48 has too many interfaces: 48, using maximum allowed: 32
[   63.568991][ T5917] usb 3-1: USB disconnect, device number 2
[   63.606953][ T5942] usb 5-1: config 48 has an invalid descriptor of length 48, skipping remainder of the config
[   63.607012][ T5942] usb 5-1: config 48 has 0 interfaces, different from the descriptor's value: 48
[   63.607158][ T5942] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[   63.607184][ T5942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   64.011790][ T6076] FAULT_INJECTION: forcing a failure.
[   64.011790][ T6076] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   64.011860][ T6076] CPU: 0 UID: 0 PID: 6076 Comm: syz.0.36 Not tainted syzkaller #0 PREEMPT(full) 
[   64.011879][ T6076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   64.011889][ T6076] Call Trace:
[   64.011896][ T6076]  <TASK>
[   64.011904][ T6076]  dump_stack_lvl+0x189/0x250
[   64.011928][ T6076]  ? __pfx____ratelimit+0x10/0x10
[   64.011950][ T6076]  ? __pfx_dump_stack_lvl+0x10/0x10
[   64.011972][ T6076]  ? __pfx__printk+0x10/0x10
[   64.011993][ T6076]  ? __might_fault+0xb0/0x130
[   64.012018][ T6076]  ? rcu_is_watching+0x15/0xb0
[   64.012036][ T6076]  should_fail_ex+0x414/0x560
[   64.012058][ T6076]  fpu__restore_sig+0x1bb/0x1100
[   64.012080][ T6076]  ? __pfx___copy_siginfo_to_user32+0x10/0x10
[   64.012096][ T6076]  ? get_sigframe+0x596/0x7d0
[   64.012121][ T6076]  ? __pfx_fpu__restore_sig+0x10/0x10
[   64.012149][ T6076]  ? __might_fault+0xb0/0x130
[   64.012168][ T6076]  ? __might_fault+0xcc/0x130
[   64.012191][ T6076]  ia32_restore_sigcontext+0x449/0x5b0
[   64.012212][ T6076]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[   64.012230][ T6076]  ? _raw_spin_lock_irq+0xae/0xf0
[   64.012251][ T6076]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[   64.012275][ T6076]  ? rcu_is_watching+0x15/0xb0
[   64.012293][ T6076]  __ia32_compat_sys_rt_sigreturn+0x140/0x200
[   64.012313][ T6076]  ? __pfx___ia32_compat_sys_rt_sigreturn+0x10/0x10
[   64.012334][ T6076]  ? rcu_is_watching+0x15/0xb0
[   64.012351][ T6076]  ? asm_int80_emulation+0x1a/0x20
[   64.012368][ T6076]  do_int80_emulation+0x126/0x390
[   64.012391][ T6076]  ? clear_bhb_loop+0x60/0xb0
[   64.012408][ T6076]  ? clear_bhb_loop+0x60/0xb0
[   64.012426][ T6076]  asm_int80_emulation+0x1a/0x20
[   64.012442][ T6076] RIP: 0023:0xf70ce537
[   64.012463][ T6076] Code: 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[   64.012477][ T6076] RSP: 002b:00000000f54be55c EFLAGS: 00000206
[   64.012494][ T6076] RAX: 0000000000000091 RBX: 0000000000000003 RCX: 0000000080002a40
[   64.012505][ T6076] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[   64.012515][ T6076] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   64.012525][ T6076] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[   64.012535][ T6076] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   64.012552][ T6076]  </TASK>
[   64.113315][ T6048] binder_alloc: 6045: pid 6045 spamming oneway? 1 buffers allocated for a total size of 4096
[   65.688634][ T6094] netlink: 60 bytes leftover after parsing attributes in process `syz.3.42'.
[   65.742159][ T6093] netlink: 60 bytes leftover after parsing attributes in process `syz.3.42'.
[   65.748669][ T6086] warning: `syz.0.39' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   65.772185][ T6101] netlink: 8 bytes leftover after parsing attributes in process `syz.1.43'.
[   65.907070][ T5942] usb 5-1: string descriptor 0 read error: -71
[   65.933753][ T6107] netlink: 60 bytes leftover after parsing attributes in process `syz.4.47'.
[   65.966676][ T6107] netlink: 60 bytes leftover after parsing attributes in process `syz.4.47'.
[   65.986202][ T5942] usb 5-1: USB disconnect, device number 2
[   66.379443][ T6103] netlink: 8 bytes leftover after parsing attributes in process `syz.3.44'.
[   66.520439][ T3098] usb 2-1: device descriptor read/64, error -71
[   66.610509][ T5942] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[   66.770450][ T5942] usb 5-1: device descriptor read/64, error -71
[   67.020461][ T5942] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[   67.120384][   T24] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   67.150407][ T5942] usb 5-1: device descriptor read/64, error -71
[   67.160530][ T3098] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   67.270581][   T24] usb 3-1: Using ep0 maxpacket: 8
[   67.301035][ T5942] usb usb5-port1: attempt power cycle
[   67.303104][   T24] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   67.318006][   T24] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   67.331901][ T3098] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   67.343147][ T3098] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   67.361167][   T24] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   67.371410][ T3098] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   67.392416][ T3098] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.401334][   T24] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   67.432467][ T6116] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   67.451349][ T3098] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[   67.485709][   T24] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   67.502677][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.680613][ T5942] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[   67.752272][ T5942] usb 5-1: device descriptor read/8, error -71
[   67.887851][   T24] usb 3-1: GET_CAPABILITIES returned 0
[   67.896945][   T24] usbtmc 3-1:16.0: can't read capabilities
[   67.990428][ T5942] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[   68.011828][ T5942] usb 5-1: device descriptor read/8, error -71
[   68.125242][    C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.134349][    C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.143427][    C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.152495][    C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.161605][    C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.170670][    C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.212152][    C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.221224][    C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.230363][    C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.239413][    C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.248451][    C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.257596][    C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.266830][    C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.283457][    C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   68.283874][ T5948] usb 3-1: USB disconnect, device number 3
[   68.321945][ T5942] usb usb5-port1: unable to enumerate USB device
[   68.986864][ T6128] netlink: 28 bytes leftover after parsing attributes in process `syz.2.53'.
[   69.012439][ T5948] usb 2-1: USB disconnect, device number 4
[   69.722483][ T6200] netlink: 8 bytes leftover after parsing attributes in process `syz.0.66'.
[   70.022517][ T6204] netlink: 4 bytes leftover after parsing attributes in process `syz.4.70'.
[   70.677456][ T6215] autofs4:pid:6215:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[   70.723622][ T6217] loop6: detected capacity change from 0 to 63
[   70.743717][ T6073] Buffer I/O error on dev loop6, logical block 0, async page read
[   70.776722][ T6073] Buffer I/O error on dev loop6, logical block 0, async page read
[   70.854182][ T6073] Buffer I/O error on dev loop6, logical block 0, async page read
[   70.895511][ T6073] Buffer I/O error on dev loop6, logical block 0, async page read
[   71.044861][ T6217] Buffer I/O error on dev loop6, logical block 0, async page read
[   71.045721][ T6224] netlink: 60 bytes leftover after parsing attributes in process `syz.1.76'.
[   71.050553][ T5864] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   71.054770][ T6224] netlink: 60 bytes leftover after parsing attributes in process `syz.1.76'.
[   71.080967][ T6217] Buffer I/O error on dev loop6, logical block 0, async page read
[   71.096594][ T6221] Buffer I/O error on dev loop6, logical block 0, async page read
[   71.105117][ T6217] Buffer I/O error on dev loop6, logical block 0, async page read
[   71.113573][ T6221] Buffer I/O error on dev loop6, logical block 0, async page read
[   71.121742][ T6217] Buffer I/O error on dev loop6, logical block 0, async page read
[   71.500416][ T5864] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   71.500824][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[   71.518822][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[   71.518846][ T5864] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   71.622168][ T5864] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   71.635480][ T5864] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   71.646096][ T5864] usb 3-1: SerialNumber: syz
[   71.667009][ T6230] ªªªªªª: renamed from wg2 (while UP)
[   71.838624][ T6233] FAULT_INJECTION: forcing a failure.
[   71.838624][ T6233] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   71.896098][ T6233] CPU: 1 UID: 0 PID: 6233 Comm: syz.3.80 Not tainted syzkaller #0 PREEMPT(full) 
[   71.896115][ T6233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   71.896121][ T6233] Call Trace:
[   71.896126][ T6233]  <TASK>
[   71.896131][ T6233]  dump_stack_lvl+0x189/0x250
[   71.896147][ T6233]  ? __pfx____ratelimit+0x10/0x10
[   71.896167][ T6233]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.896178][ T6233]  ? __pfx__printk+0x10/0x10
[   71.896190][ T6233]  ? __might_fault+0xb0/0x130
[   71.896204][ T6233]  ? rcu_is_watching+0x15/0xb0
[   71.896214][ T6233]  should_fail_ex+0x414/0x560
[   71.896228][ T6233]  _copy_to_iter+0x1db/0x16f0
[   71.896237][ T6233]  ? rcu_is_watching+0x15/0xb0
[   71.896247][ T6233]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   71.896259][ T6233]  ? __pfx__copy_to_iter+0x10/0x10
[   71.896267][ T6233]  ? __skb_try_recv_from_queue+0x2b2/0x730
[   71.896279][ T6233]  ? __skb_try_recv_datagram+0x3da/0x4e0
[   71.896290][ T6233]  __skb_datagram_iter+0xf8/0x990
[   71.896300][ T6233]  ? __pfx_simple_copy_to_iter+0x10/0x10
[   71.896311][ T6233]  skb_copy_datagram_iter+0xc5/0x230
[   71.896322][ T6233]  netlink_recvmsg+0x2ab/0xa30
[   71.896338][ T6233]  ? __pfx_netlink_recvmsg+0x10/0x10
[   71.896350][ T6233]  ? lock_release+0x4b/0x3e0
[   71.896363][ T6233]  ? aa_sock_msg_perm+0xf1/0x1d0
[   71.896372][ T6233]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[   71.896382][ T6233]  ? security_socket_recvmsg+0x7e/0x2e0
[   71.896393][ T6233]  ? __pfx_netlink_recvmsg+0x10/0x10
[   71.896405][ T6233]  sock_recvmsg+0x229/0x270
[   71.896418][ T6233]  __sys_recvfrom+0x1f6/0x340
[   71.896432][ T6233]  ? __pfx___sys_recvfrom+0x10/0x10
[   71.896447][ T6233]  ? rcu_is_watching+0x15/0xb0
[   71.896458][ T6233]  ? lock_release+0x4b/0x3e0
[   71.896469][ T6233]  ? __might_fault+0xb0/0x130
[   71.896481][ T6233]  ? __might_fault+0xcc/0x130
[   71.896493][ T6233]  __ia32_compat_sys_socketcall+0x852/0x9c0
[   71.896503][ T6233]  ? __fget_files+0x3a0/0x420
[   71.896517][ T6233]  ? __pfx___ia32_compat_sys_socketcall+0x10/0x10
[   71.896527][ T6233]  ? fput+0xa0/0xd0
[   71.896536][ T6233]  ? ksys_write+0x22a/0x250
[   71.896548][ T6233]  ? __pfx_ksys_write+0x10/0x10
[   71.896561][ T6233]  __do_fast_syscall_32+0xb6/0x2b0
[   71.896574][ T6233]  ? irqentry_exit_to_user_mode+0xd6/0x120
[   71.896587][ T6233]  do_fast_syscall_32+0x34/0x80
[   71.896600][ T6233]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   71.896611][ T6233] RIP: 0023:0xf706e539
[   71.896620][ T6233] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[   71.896628][ T6233] RSP: 002b:00000000f543c440 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
[   71.896639][ T6233] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f543c45c
[   71.896646][ T6233] RDX: 0000000000000000 RSI: 00000000f543c560 RDI: 00000000f73d4ff4
[   71.896652][ T6233] RBP: 00000000f543c560 R08: 0000000000000000 R09: 0000000000000000
[   71.896657][ T6233] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[   71.896662][ T6233] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   71.896671][ T6233]  </TASK>
[   72.225815][ T5864] usb 3-1: 0:2 : does not exist
[   72.245951][ T5864] usb 3-1: unit 5 not found!
[   72.296741][ T6238] sctp: [Deprecated]: syz.0.81 (pid 6238) Use of struct sctp_assoc_value in delayed_ack socket option.
[   72.296741][ T6238] Use struct sctp_sack_info instead
[   72.335444][ T5864] usb 3-1: USB disconnect, device number 4
[   73.064911][ T6246] netlink: 16 bytes leftover after parsing attributes in process `syz.3.83'.
[   73.101345][ T6246] bond0: entered promiscuous mode
[   73.135665][ T6246] bond_slave_0: entered promiscuous mode
[   73.145424][ T6246] bond_slave_1: entered promiscuous mode
[   73.174070][ T6246] bond0: left promiscuous mode
[   73.178953][ T6246] bond_slave_0: left promiscuous mode
[   73.185818][ T6246] bond_slave_1: left promiscuous mode
[   73.525031][ T5942] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   73.692558][ T5942] usb 3-1: Using ep0 maxpacket: 32
[   73.708546][ T5942] usb 3-1: config 8 has an invalid interface number: 35 but max is 0
[   73.732157][ T5942] usb 3-1: config 8 has no interface number 0
[   73.795077][ T5942] usb 3-1: config 8 interface 35 has no altsetting 0
[   73.960666][ T5942] usb 3-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=83.3e
[   73.970079][ T5942] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.030555][ T5942] usb 3-1: Product: syz
[   74.144770][ T5942] usb 3-1: Manufacturer: syz
[   74.208683][ T5942] usb 3-1: SerialNumber: syz
[   74.508471][ T6250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   74.670408][ T5948] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   74.722060][ T6250] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   74.781238][ T5942] gspca_main: jeilinj-2.14.0 probing 0979:0270
[   74.817473][ T5942] usb 3-1: USB disconnect, device number 5
[   74.843168][ T5948] usb 2-1: unable to get BOS descriptor or descriptor too short
[   74.851756][ T5948] usb 2-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[   74.884618][ T5948] usb 2-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[   74.925428][ T5948] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.941165][ T5948] usb 2-1: SerialNumber: Ｄ&
[   75.418445][ T6285] tipc: Started in network mode
[   75.423345][ T6285] tipc: Node identity 621b9bf21abf, cluster identity 4711
[   75.430794][ T6285] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   75.438285][ T6285] syzkaller0: entered promiscuous mode
[   75.444479][ T6285] syzkaller0: entered allmulticast mode
[   75.465817][ T6285] tipc: Resetting bearer <eth:syzkaller0>
[   75.475560][ T6284] tipc: Resetting bearer <eth:syzkaller0>
[   75.482575][ T6284] tipc: Disabling bearer <eth:syzkaller0>
[   76.129882][ T5948] usb 2-1: reset high-speed USB device number 5 using dummy_hcd
[   76.309225][ T6296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.96'.
[   76.926439][ T5948] usb 2-1: unable to get BOS descriptor or descriptor too short
[   76.947671][ T5948] usb 2-1: device firmware changed
[   76.990462][ T5948] usb 2-1: USB disconnect, device number 5
[   77.149252][ T5948] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   77.178184][ T6316] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   77.245277][ T6319] loop6: detected capacity change from 0 to 63
[   77.301081][ T5948] usb 2-1: device descriptor read/all, error -71
[   77.470758][ T6319] buffer_io_error: 4207 callbacks suppressed
[   77.470772][ T6319] Buffer I/O error on dev loop6, logical block 0, async page read
[   77.502854][ T6328] process 'syz.3.108' launched './file2' with NULL argv: empty string added
[   77.526137][ T6319] Buffer I/O error on dev loop6, logical block 0, async page read
[   77.589097][ T6328] lo: entered promiscuous mode
[   77.625079][ T6324] Buffer I/O error on dev loop6, logical block 0, async page read
[   77.627025][ T6328] tunl0: entered promiscuous mode
[   77.645854][ T5880] Buffer I/O error on dev loop6, logical block 0, async page read
[   77.674282][ T6328] gre0: entered promiscuous mode
[   77.692169][ T6319] Buffer I/O error on dev loop6, logical block 0, async page read
[   77.752614][ T6328] gretap0: entered promiscuous mode
[   77.811171][ T6324] Buffer I/O error on dev loop6, logical block 0, async page read
[   77.842259][ T6319] Buffer I/O error on dev loop6, logical block 0, async page read
[   77.852451][ T6319] Buffer I/O error on dev loop6, logical block 0, async page read
[   77.873099][ T6328] erspan0: entered promiscuous mode
[   77.878514][ T6319] Buffer I/O error on dev loop6, logical block 0, async page read
[   77.887048][ T6319] Buffer I/O error on dev loop6, logical block 0, async page read
[   78.190008][ T6328] ip_vti0: entered promiscuous mode
[   78.401934][ T6328] ip6_vti0: entered promiscuous mode
[   78.407862][ T6328] sit0: entered promiscuous mode
[   78.413781][ T6328] ip6tnl0: entered promiscuous mode
[   78.419622][ T6328] ip6gre0: entered promiscuous mode
[   78.426009][ T6328] syz_tun: entered promiscuous mode
[   78.431967][ T6328] ip6gretap0: entered promiscuous mode
[   78.438024][ T6328] bridge0: entered promiscuous mode
[   78.451795][ T6328] vcan0: entered promiscuous mode
[   78.457455][ T6328] bond0: entered promiscuous mode
[   78.466492][ T6328] bond_slave_0: entered promiscuous mode
[   78.473709][ T6328] bond_slave_1: entered promiscuous mode
[   78.482703][ T6328] team0: entered promiscuous mode
[   78.490260][ T6328] team_slave_0: entered promiscuous mode
[   78.511430][ T6328] team_slave_1: entered promiscuous mode
[   78.548416][ T6328] dummy0: entered promiscuous mode
[   78.601098][ T6328] nlmon0: entered promiscuous mode
[   78.661929][ T6328] caif0: entered promiscuous mode
[   78.667174][ T6328] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   78.683094][ T6351] netlink: 16 bytes leftover after parsing attributes in process `syz.0.113'.
[   78.726449][ T6351] bond0: entered promiscuous mode
[   78.732109][ T6351] bond_slave_0: entered promiscuous mode
[   78.767404][ T6351] bond_slave_1: entered promiscuous mode
[   78.788403][ T6351] bond0: left promiscuous mode
[   78.793340][ T6351] bond_slave_0: left promiscuous mode
[   78.804021][ T6351] bond_slave_1: left promiscuous mode
[   78.951244][ T6355] fuse: Bad value for 'fd'
[   79.143843][ T6362] netlink: 104 bytes leftover after parsing attributes in process `syz.1.117'.
[   79.175340][ T6362] netlink: 104 bytes leftover after parsing attributes in process `syz.1.117'.
[   79.644506][ T6381] netlink: 4 bytes leftover after parsing attributes in process `syz.1.120'.
[   79.856110][ T6386] netlink: 'syz.2.124': attribute type 10 has an invalid length.
[   79.865058][ T6386] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.872599][ T6386] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.909528][ T6386] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.909697][ T6392] netlink: 'syz.2.124': attribute type 10 has an invalid length.
[   79.916816][ T6386] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.917017][ T6386] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.939111][ T6386] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.953258][ T6394] netlink: 16 bytes leftover after parsing attributes in process `syz.4.126'.
[   79.964986][ T6386] bond0: (slave bridge0): Enslaving as an active interface with an up link
[   80.057346][ T6394] bond0: entered promiscuous mode
[   80.120721][ T6394] bond_slave_0: entered promiscuous mode
[   80.200821][   T30] kauditd_printk_skb: 1 callbacks suppressed
[   80.200833][   T30] audit: type=1326 audit(1755715810.542:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.3.127" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[   80.230623][ T6394] bond_slave_1: entered promiscuous mode
[   80.238221][ T6394] bond0: left promiscuous mode
[   80.244011][ T6394] bond_slave_0: left promiscuous mode
[   80.251381][ T6394] bond_slave_1: left promiscuous mode
[   80.304926][   T30] audit: type=1326 audit(1755715810.542:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.3.127" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[   80.433300][   T30] audit: type=1326 audit(1755715810.542:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.3.127" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf706e539 code=0x7ffc0000
[   80.457541][   T30] audit: type=1326 audit(1755715810.552:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.3.127" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[   80.481044][   T30] audit: type=1326 audit(1755715810.552:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.3.127" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf706e539 code=0x7ffc0000
[   80.504377][   T30] audit: type=1326 audit(1755715810.552:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.3.127" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf706e539 code=0x7ffc0000
[   80.507126][ T6392] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   80.839403][   T30] audit: type=1326 audit(1755715811.182:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.3.127" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf706e539 code=0x7ffc0000
[   81.100432][   T30] audit: type=1326 audit(1755715811.182:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.3.127" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf706e539 code=0x7ffc0000
[   81.172449][ T6406] FAULT_INJECTION: forcing a failure.
[   81.172449][ T6406] name failslab, interval 1, probability 0, space 0, times 0
[   81.213256][ T6411] netlink: 16 bytes leftover after parsing attributes in process `syz.2.132'.
[   81.231004][ T6406] CPU: 0 UID: 0 PID: 6406 Comm: syz.4.130 Not tainted syzkaller #0 PREEMPT(full) 
[   81.231027][ T6406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   81.231037][ T6406] Call Trace:
[   81.231044][ T6406]  <TASK>
[   81.231051][ T6406]  dump_stack_lvl+0x189/0x250
[   81.231073][ T6406]  ? __pfx____ratelimit+0x10/0x10
[   81.231094][ T6406]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.231112][ T6406]  ? __pfx__printk+0x10/0x10
[   81.231132][ T6406]  ? __mutex_unlock_slowpath+0x1a1/0x740
[   81.231160][ T6406]  should_fail_ex+0x414/0x560
[   81.231182][ T6406]  should_failslab+0xa8/0x100
[   81.231204][ T6406]  kmem_cache_alloc_noprof+0x73/0x3c0
[   81.231225][ T6406]  ? skb_clone+0x212/0x3a0
[   81.231244][ T6406]  skb_clone+0x212/0x3a0
[   81.231262][ T6406]  __netlink_deliver_tap+0x404/0x850
[   81.231290][ T6406]  ? netlink_deliver_tap+0x2e/0x1b0
[   81.231312][ T6406]  netlink_deliver_tap+0x19c/0x1b0
[   81.231334][ T6406]  netlink_dump+0x92b/0xe90
[   81.231360][ T6406]  ? __pfx_netlink_dump+0x10/0x10
[   81.231388][ T6406]  ? kmem_cache_free+0x18f/0x400
[   81.231410][ T6406]  netlink_recvmsg+0x676/0xa30
[   81.231435][ T6406]  ? __pfx_netlink_recvmsg+0x10/0x10
[   81.231456][ T6406]  ? trace_kmalloc+0x1f/0xd0
[   81.231474][ T6406]  ? __kmalloc_noprof+0x29b/0x4f0
[   81.231496][ T6406]  ? aa_sock_msg_perm+0xf1/0x1d0
[   81.231511][ T6406]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[   81.231529][ T6406]  ? security_socket_recvmsg+0x7e/0x2e0
[   81.231548][ T6406]  ? __pfx_netlink_recvmsg+0x10/0x10
[   81.231576][ T6406]  sock_recvmsg+0x229/0x270
[   81.231597][ T6406]  ____sys_recvmsg+0x1c9/0x460
[   81.231617][ T6406]  ? __pfx_____sys_recvmsg+0x10/0x10
[   81.231633][ T6406]  ? get_compat_msghdr+0x37e/0x4a0
[   81.231662][ T6406]  ? ktime_get_ts64+0xa2/0x3d0
[   81.231684][ T6406]  ___sys_recvmsg+0x1b5/0x510
[   81.231700][ T6406]  ? ktime_get_ts64+0xa2/0x3d0
[   81.231719][ T6406]  ? __pfx____sys_recvmsg+0x10/0x10
[   81.231737][ T6406]  ? __fget_files+0x2a/0x420
[   81.231759][ T6406]  ? rcu_is_watching+0x15/0xb0
[   81.231782][ T6406]  ? __fget_files+0x3a0/0x420
[   81.231808][ T6406]  do_recvmmsg+0x36a/0x770
[   81.231835][ T6406]  ? __pfx_do_recvmmsg+0x10/0x10
[   81.231851][ T6406]  ? rcu_is_watching+0x15/0xb0
[   81.231871][ T6406]  ? _copy_from_user+0x94/0xb0
[   81.231895][ T6406]  __sys_recvmmsg+0x127/0x280
[   81.231913][ T6406]  ? __pfx___sys_recvmmsg+0x10/0x10
[   81.231929][ T6406]  ? ksys_write+0x22a/0x250
[   81.231950][ T6406]  ? __pfx_ksys_write+0x10/0x10
[   81.231972][ T6406]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[   81.231991][ T6406]  __do_fast_syscall_32+0xb6/0x2b0
[   81.232015][ T6406]  ? irqentry_exit_to_user_mode+0xd6/0x120
[   81.232042][ T6406]  do_fast_syscall_32+0x34/0x80
[   81.232065][ T6406]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   81.232085][ T6406] RIP: 0023:0xf70fe539
[   81.232099][ T6406] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[   81.232113][ T6406] RSP: 002b:00000000f54ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[   81.232132][ T6406] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800037c0
[   81.232144][ T6406] RDX: 00000000000003b4 RSI: 0000000000000000 RDI: 0000000080003700
[   81.232155][ T6406] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   81.232165][ T6406] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[   81.232175][ T6406] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   81.232191][ T6406]  </TASK>
[   81.238432][   T30] audit: type=1326 audit(1755715811.182:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.3.127" exe="/root/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf706e539 code=0x7ffc0000
[   81.257690][ T6411] bond0: entered promiscuous mode
[   81.309267][   T30] audit: type=1326 audit(1755715811.182:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.3.127" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[   81.508300][ T6411] bond_slave_0: entered promiscuous mode
[   81.720577][    T9] cfg80211: failed to load regulatory.db
[   81.755580][ T6411] bond_slave_1: entered promiscuous mode
[   81.794016][ T6411] bridge0: entered promiscuous mode
[   81.831734][ T6411] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   81.875592][ T6411] bond0: left promiscuous mode
[   81.881225][ T6411] bond_slave_0: left promiscuous mode
[   81.887159][ T6411] bond_slave_1: left promiscuous mode
[   81.894966][ T6411] bridge0: left promiscuous mode
[   81.900270][ T6411] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[   81.919120][ T6428] syz_tun: entered allmulticast mode
[   81.934168][ T6424] dvmrp1: entered allmulticast mode
[   82.203501][ T6436] netlink: 16 bytes leftover after parsing attributes in process `syz.2.139'.
[   82.219801][ T6436] bond0: entered promiscuous mode
[   82.270904][ T6436] bond_slave_0: entered promiscuous mode
[   82.281596][ T6436] bond_slave_1: entered promiscuous mode
[   82.295015][ T6440] netlink: 44 bytes leftover after parsing attributes in process `syz.0.141'.
[   82.340854][ T6436] bridge0: entered promiscuous mode
[   82.365192][ T6436] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   82.418069][ T6436] bond0: left promiscuous mode
[   82.424869][ T6436] bond_slave_0: left promiscuous mode
[   82.433327][ T6436] bond_slave_1: left promiscuous mode
[   82.438893][ T6436] bridge0: left promiscuous mode
[   82.445707][ T6436] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[   82.651292][ T6409] openvswitch: netlink: Missing key (keys=40, expected=80)
[   82.820950][   T24] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   83.047956][   T24] usb 1-1: config 0 has an invalid interface number: 11 but max is 0
[   83.056233][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   83.066828][   T24] usb 1-1: config 0 has no interface number 0
[   83.123999][ T6464] capability: warning: `syz.2.144' uses 32-bit capabilities (legacy support in use)
[   83.180434][   T24] usb 1-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10
[   83.246302][ T6469] netlink: 4 bytes leftover after parsing attributes in process `syz.4.145'.
[   83.332687][   T24] usb 1-1: config 0 interface 11 altsetting 253 endpoint 0x87 has invalid maxpacket 8456, setting to 64
[   83.409834][   T24] usb 1-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   83.444077][   T24] usb 1-1: config 0 interface 11 has no altsetting 0
[   83.451579][ T6475] netlink: 16 bytes leftover after parsing attributes in process `syz.1.150'.
[   83.468634][   T24] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[   83.473242][ T6475] bond0: entered promiscuous mode
[   83.491175][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.499337][ T6475] bond_slave_0: entered promiscuous mode
[   83.501589][   T24] usb 1-1: config 0 descriptor??
[   83.510261][ T6475] bond_slave_1: entered promiscuous mode
[   83.526814][   T24] keyspan 1-1:0.11: Keyspan 2 port adapter converter detected
[   83.534838][ T6475] bond0: left promiscuous mode
[   83.539698][ T6475] bond_slave_0: left promiscuous mode
[   83.554107][ T6466] binder: 6463:6466 ioctl c0306201 80001a80 returned -14
[   83.831754][ T6475] bond_slave_1: left promiscuous mode
[   83.838773][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 7
[   84.252487][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 81
[   84.279339][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 82
[   84.288728][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 1
[   84.305431][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 2
[   84.314051][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 85
[   84.324266][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 5
[   84.344331][   T24] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[   84.373658][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 83
[   84.383207][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 84
[   84.395351][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 3
[   84.405100][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 4
[   84.424887][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 86
[   84.469652][   T24] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 6
[   84.489893][   T24] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[   84.540605][   T24] usb 1-1: USB disconnect, device number 2
[   84.567009][   T24] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[   84.626348][   T24] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[   84.663637][   T24] keyspan 1-1:0.11: device disconnected
[   85.078821][ T6516] netlink: 16 bytes leftover after parsing attributes in process `syz.3.163'.
[   85.170426][   T24] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   85.590435][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   85.605955][   T24] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[   85.615423][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.628160][   T24] usb 1-1: config 0 descriptor??
[   85.651210][   T24] pwc: Askey VC010 type 2 USB webcam detected.
[   85.869162][   T24] pwc: recv_control_msg error -32 req 02 val 2b00
[   85.882794][   T24] pwc: recv_control_msg error -71 req 02 val 2700
[   85.890776][   T24] pwc: recv_control_msg error -71 req 02 val 2c00
[   85.899163][ T6537] vxcan1: tx address claim with different name
[   86.350393][ T5870] Bluetooth: hci4: command 0x0405 tx timeout
[   86.356616][   T24] pwc: recv_control_msg error -71 req 04 val 1000
[   86.410424][   T24] pwc: recv_control_msg error -71 req 04 val 1300
[   86.442220][   T24] pwc: recv_control_msg error -71 req 04 val 1400
[   86.481502][   T24] pwc: recv_control_msg error -71 req 02 val 2000
[   86.511540][   T24] pwc: recv_control_msg error -71 req 02 val 2100
[   86.555733][   T24] pwc: recv_control_msg error -71 req 04 val 1500
[   86.584405][   T24] pwc: recv_control_msg error -71 req 02 val 2500
[   86.619050][   T24] pwc: recv_control_msg error -71 req 02 val 2400
[   86.637752][  T266] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.655583][   T24] pwc: recv_control_msg error -71 req 02 val 2600
[   86.672905][   T24] pwc: recv_control_msg error -71 req 02 val 2900
[   86.689853][   T24] pwc: recv_control_msg error -71 req 02 val 2800
[   86.716461][   T24] pwc: recv_control_msg error -71 req 04 val 1100
[   86.728622][  T266] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.751013][   T24] pwc: recv_control_msg error -71 req 04 val 1200
[   86.763945][   T24] pwc: Registered as video103.
[   86.769891][   T24] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input6
[   86.803417][   T24] usb 1-1: USB disconnect, device number 3
[   86.840857][  T266] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.926126][  T266] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.992026][ T6561] netlink: 12 bytes leftover after parsing attributes in process `syz.4.177'.
[   87.223486][  T266] bridge_slave_1: left allmulticast mode
[   87.254376][  T266] bridge_slave_1: left promiscuous mode
[   87.260111][  T266] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.308257][ T5870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   87.319713][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   87.333848][ T5870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   87.346639][ T5870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   87.354148][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   87.395890][  T266] bridge_slave_0: left allmulticast mode
[   87.426093][  T266] bridge_slave_0: left promiscuous mode
[   87.448239][  T266] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.439502][  T266] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   88.801421][  T266] bond_slave_0: left promiscuous mode
[   88.827520][  T266] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   88.842350][  T266] bond_slave_1: left promiscuous mode
[   88.871018][  T266] bond0 (unregistering): Released all slaves
[   89.020641][ T6605] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[   89.027278][ T6605] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   89.040301][ T6605] vhci_hcd vhci_hcd.0: Device attached
[   89.270460][ T5942] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[   89.382363][ T5870] Bluetooth: hci3: command tx timeout
[   89.557304][  T266] hsr_slave_0: left promiscuous mode
[   89.612423][  T266] hsr_slave_1: left promiscuous mode
[   89.653841][  T266] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   89.681636][  T266] batman_adv: batadv0: Removing interface: batadv_slave_0
[   89.700071][  T266] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   89.741586][  T266] batman_adv: batadv0: Removing interface: batadv_slave_1
[   89.796904][  T266] veth1_macvtap: left promiscuous mode
[   89.815578][  T266] veth0_macvtap: left promiscuous mode
[   89.832833][ T6606] vhci_hcd: connection reset by peer
[   89.839551][ T1111] vhci_hcd: stop threads
[   89.851052][  T266] veth1_vlan: left promiscuous mode
[   89.858721][ T1111] vhci_hcd: release socket
[   89.873108][ T1111] vhci_hcd: disconnect device
[   89.883011][  T266] veth0_vlan: left promiscuous mode
[   90.278764][  T266] team_slave_1 (unregistering): left promiscuous mode
[   90.287105][  T266] team0 (unregistering): Port device team_slave_1 removed
[   90.313422][  T266] team_slave_0 (unregistering): left promiscuous mode
[   90.324957][  T266] team0 (unregistering): Port device team_slave_0 removed
[   90.450535][ T3098] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   90.505637][ T6648] mmap: syz.4.193 (6648) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   90.549527][ T6572] chnl_net:caif_netlink_parms(): no params data found
[   90.610451][ T3098] usb 3-1: Using ep0 maxpacket: 16
[   90.619970][ T3098] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   90.637088][ T3098] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   90.652379][ T3098] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   90.680694][ T3098] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   90.689771][ T3098] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.752052][ T3098] usb 3-1: config 0 descriptor??
[   90.776200][ T6572] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.803790][ T6572] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.848646][ T6572] bridge_slave_0: entered allmulticast mode
[   90.867847][ T6572] bridge_slave_0: entered promiscuous mode
[   90.892217][ T6572] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.919992][ T6572] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.962284][ T6572] bridge_slave_1: entered allmulticast mode
[   90.969836][ T6572] bridge_slave_1: entered promiscuous mode
[   91.137982][ T6572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.156087][ T6572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.214577][ T3098] HID 045e:07da: Invalid code 65791 type 1
[   91.344846][ T6572] team0: Port device team_slave_0 added
[   91.352355][ T3098] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0001/input/input7
[   91.418758][ T6643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.192'.
[   91.443396][ T6643] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.450669][ T6643] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.460627][ T5870] Bluetooth: hci3: command tx timeout
[   91.571312][ T3098] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[   91.622840][ T6572] team0: Port device team_slave_1 added
[   91.660930][ T6682] fuse: Unknown parameter 'Âv1ë´½f\¿µ¨O€ðs£4ÉÒç}ˆE¸xjæïÖî£>ä>â­'
[   91.680935][ T6682] netlink: 'syz.1.199': attribute type 4 has an invalid length.
[   91.690699][ T5864] usb 3-1: USB disconnect, device number 6
[   91.725796][ T6572] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.756338][ T6572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.797505][ T6682] netlink: 'syz.1.199': attribute type 4 has an invalid length.
[   91.840725][ T6572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.868915][ T6572] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.876828][ T6572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.923133][ T6572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.038471][ T6684] fido_id[6684]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[   92.238912][ T6572] hsr_slave_0: entered promiscuous mode
[   92.277994][ T6572] hsr_slave_1: entered promiscuous mode
[   92.325230][ T6572] debugfs: 'hsr0' already exists in 'hsr'
[   92.325843][ T6698] netlink: 16 bytes leftover after parsing attributes in process `syz.4.201'.
[   92.348796][ T6572] Cannot create hsr debugfs directory
[   92.388341][ T6698] bond0: entered promiscuous mode
[   92.392255][ T6704] netlink: 8 bytes leftover after parsing attributes in process `syz.0.204'.
[   92.393939][ T6698] bond_slave_0: entered promiscuous mode
[   92.409968][ T6698] bond_slave_1: entered promiscuous mode
[   92.421011][ T6704] openvswitch: netlink: push_nsh: missing base or metadata attributes
[   92.449653][ T6704] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   92.476641][ T6698] bond0: left promiscuous mode
[   92.481935][ T6698] bond_slave_0: left promiscuous mode
[   92.489143][ T6698] bond_slave_1: left promiscuous mode
[   93.413224][ T6737] input: syz1 as /devices/virtual/input/input8
[   93.447039][ T6729] netlink: 8 bytes leftover after parsing attributes in process `syz.4.210'.
[   93.542287][ T5870] Bluetooth: hci3: command tx timeout
[   94.063898][ T6572] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   94.116490][ T6572] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   94.133177][ T6572] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   94.163114][ T6572] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   94.526403][ T5942] vhci_hcd: vhci_device speed not set
[   94.673195][ T6572] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.719801][ T6572] 8021q: adding VLAN 0 to HW filter on device team0
[   94.749902][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.757020][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.812215][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.819341][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.986841][ T6572] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.164573][ T6572] veth0_vlan: entered promiscuous mode
[   95.177389][ T6572] veth1_vlan: entered promiscuous mode
[   95.244929][ T6572] veth0_macvtap: entered promiscuous mode
[   95.262489][ T6572] veth1_macvtap: entered promiscuous mode
[   95.297240][ T6572] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.336874][ T6572] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.444556][ T2989] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.487002][ T2989] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.508929][ T2989] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.510653][ T5917] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   95.530014][ T1111] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.621226][ T5870] Bluetooth: hci3: command tx timeout
[   95.814494][ T5917] usb 3-1: Using ep0 maxpacket: 16
[   96.066944][ T5917] usb 3-1: unable to get BOS descriptor or descriptor too short
[   96.193321][ T2989] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.215534][ T5917] usb 3-1: config 1 interface 0 has no altsetting 0
[   96.228709][ T5917] usb 3-1: New USB device found, idVendor=056a, idProduct=00d3, bcdDevice= 0.40
[   96.238313][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.249263][ T5917] usb 3-1: Product: syz
[   96.260108][ T5917] usb 3-1: Manufacturer: syz
[   96.265193][ T2989] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.282332][ T5917] usb 3-1: SerialNumber: syz
[   96.631898][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.728854][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.826077][ T6834] netlink: 8 bytes leftover after parsing attributes in process `syz.0.228'.
[   97.476658][ T6843] FAULT_INJECTION: forcing a failure.
[   97.476658][ T6843] name failslab, interval 1, probability 0, space 0, times 0
[   97.491818][ T6843] CPU: 0 UID: 0 PID: 6843 Comm: syz.1.230 Not tainted syzkaller #0 PREEMPT(full) 
[   97.491841][ T6843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   97.491851][ T6843] Call Trace:
[   97.491858][ T6843]  <TASK>
[   97.491865][ T6843]  dump_stack_lvl+0x189/0x250
[   97.491893][ T6843]  ? __pfx____ratelimit+0x10/0x10
[   97.491914][ T6843]  ? __pfx_dump_stack_lvl+0x10/0x10
[   97.491933][ T6843]  ? __pfx__printk+0x10/0x10
[   97.491954][ T6843]  ? fs_reclaim_acquire+0x7d/0x100
[   97.491977][ T6843]  ? rcu_is_watching+0x15/0xb0
[   97.491993][ T6843]  ? __pfx___might_resched+0x10/0x10
[   97.492008][ T6843]  ? lock_acquire+0x5f/0x360
[   97.492031][ T6843]  should_fail_ex+0x414/0x560
[   97.492054][ T6843]  should_failslab+0xa8/0x100
[   97.492077][ T6843]  __kmalloc_cache_noprof+0x70/0x3d0
[   97.492098][ T6843]  ? cryptomgr_notify+0x85/0x970
[   97.492117][ T6843]  cryptomgr_notify+0x85/0x970
[   97.492132][ T6843]  ? lock_acquire+0x5f/0x360
[   97.492155][ T6843]  notifier_call_chain+0x1b3/0x3e0
[   97.492175][ T6843]  blocking_notifier_call_chain+0x6a/0x90
[   97.492190][ T6843]  crypto_alg_mod_lookup+0x3b1/0x5f0
[   97.492203][ T6843]  crypto_type_has_alg+0x28/0x60
[   97.492214][ T6843]  xfrm_aalg_get_byid+0x1ff/0x290
[   97.492224][ T6843]  pfkey_add+0xe72/0x2e00
[   97.492236][ T6843]  ? __pfx_pfkey_add+0x10/0x10
[   97.492244][ T6843]  ? kmem_cache_free+0x18f/0x400
[   97.492258][ T6843]  pfkey_sendmsg+0xbfe/0x1090
[   97.492272][ T6843]  ? unwind_next_frame+0xa5/0x2390
[   97.492285][ T6843]  ? __pfx_pfkey_sendmsg+0x10/0x10
[   97.492302][ T6843]  ? __asan_memset+0x22/0x50
[   97.492311][ T6843]  ? __import_iovec+0x5d4/0x7f0
[   97.492321][ T6843]  ? aa_sock_msg_perm+0xf1/0x1d0
[   97.492330][ T6843]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   97.492340][ T6843]  ? __pfx_pfkey_sendmsg+0x10/0x10
[   97.492352][ T6843]  __sock_sendmsg+0x219/0x270
[   97.492364][ T6843]  ____sys_sendmsg+0x505/0x830
[   97.492375][ T6843]  ? __pfx_____sys_sendmsg+0x10/0x10
[   97.492384][ T6843]  ? kstrtouint+0x6e/0xe0
[   97.492398][ T6843]  ___sys_sendmsg+0x21f/0x2a0
[   97.492408][ T6843]  ? __pfx____sys_sendmsg+0x10/0x10
[   97.492416][ T6843]  ? get_pid_task+0x20/0x1f0
[   97.492427][ T6843]  ? get_pid_task+0x20/0x1f0
[   97.492442][ T6843]  ? __fget_files+0x2a/0x420
[   97.492455][ T6843]  ? __fget_files+0x3a0/0x420
[   97.492469][ T6843]  __sys_sendmsg+0x164/0x220
[   97.492478][ T6843]  ? __pfx___sys_sendmsg+0x10/0x10
[   97.492491][ T6843]  ? __pfx_ksys_write+0x10/0x10
[   97.492506][ T6843]  __do_fast_syscall_32+0xb6/0x2b0
[   97.492519][ T6843]  ? irqentry_exit_to_user_mode+0xd6/0x120
[   97.492532][ T6843]  do_fast_syscall_32+0x34/0x80
[   97.492545][ T6843]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   97.492557][ T6843] RIP: 0023:0xf7f71539
[   97.492566][ T6843] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[   97.492574][ T6843] RSP: 002b:00000000f545455c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[   97.492585][ T6843] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000805f5000
[   97.492592][ T6843] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   97.492597][ T6843] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   97.492603][ T6843] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[   97.492608][ T6843] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   97.492616][ T6843]  </TASK>
[   97.854353][ T6835] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   97.860456][ T6835] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   97.874182][ T6835] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   97.892778][ T6835] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   97.898778][ T6835] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   97.905286][ T6835] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   97.913331][ T6835] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   97.919285][ T6835] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   97.925917][ T6835] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   97.958245][ T6835] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[   97.964587][ T6835] Bluetooth: hci4: Opcode 0x0406 failed: -4
[   97.975290][ T6835] Bluetooth: hci4: Opcode 0x0406 failed: -4
[   97.994945][ T6835] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   98.009342][ T6835] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   98.019994][ T6835] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   98.377345][ T6880] FAULT_INJECTION: forcing a failure.
[   98.377345][ T6880] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.395607][ T6880] CPU: 0 UID: 0 PID: 6880 Comm: syz.3.237 Not tainted syzkaller #0 PREEMPT(full) 
[   98.395632][ T6880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   98.395642][ T6880] Call Trace:
[   98.395652][ T6880]  <TASK>
[   98.395659][ T6880]  dump_stack_lvl+0x189/0x250
[   98.395682][ T6880]  ? __pfx____ratelimit+0x10/0x10
[   98.395704][ T6880]  ? __pfx_dump_stack_lvl+0x10/0x10
[   98.395722][ T6880]  ? __pfx__printk+0x10/0x10
[   98.395746][ T6880]  ? rcu_is_watching+0x15/0xb0
[   98.395763][ T6880]  should_fail_ex+0x414/0x560
[   98.395787][ T6880]  _copy_to_user+0x31/0xb0
[   98.395806][ T6880]  simple_read_from_buffer+0xe1/0x170
[   98.395829][ T6880]  proc_fail_nth_read+0x1b3/0x220
[   98.395849][ T6880]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   98.395868][ T6880]  ? rw_verify_area+0x2a6/0x4d0
[   98.395887][ T6880]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   98.395906][ T6880]  vfs_read+0x200/0xa30
[   98.395925][ T6880]  ? fdget_pos+0x247/0x320
[   98.395941][ T6880]  ? __pfx___mutex_lock+0x10/0x10
[   98.395963][ T6880]  ? __pfx_vfs_read+0x10/0x10
[   98.395985][ T6880]  ? __fget_files+0x3a0/0x420
[   98.396007][ T6880]  ? __fget_files+0x2a/0x420
[   98.396033][ T6880]  ksys_read+0x145/0x250
[   98.396054][ T6880]  ? __pfx_ksys_read+0x10/0x10
[   98.396077][ T6880]  __do_fast_syscall_32+0xb6/0x2b0
[   98.396101][ T6880]  ? irqentry_exit_to_user_mode+0xd6/0x120
[   98.396124][ T6880]  do_fast_syscall_32+0x34/0x80
[   98.396146][ T6880]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   98.396167][ T6880] RIP: 0023:0xf7f06539
[   98.396180][ T6880] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[   98.396194][ T6880] RSP: 002b:00000000f5426590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[   98.396213][ T6880] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5426620
[   98.396225][ T6880] RDX: 000000000000000f RSI: 00000000f7394ff4 RDI: 0000000000000000
[   98.396235][ T6880] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[   98.396244][ T6880] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[   98.396253][ T6880] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   98.396269][ T6880]  </TASK>
[   98.619170][ T3098] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[   98.717759][ T6886] syz_tun: entered promiscuous mode
[   98.725193][ T6886] batadv_slave_1: entered promiscuous mode
[   98.732257][ T6886] hsr1: entered allmulticast mode
[   98.737335][ T6886] syz_tun: entered allmulticast mode
[   98.744261][ T6886] batadv_slave_1: entered allmulticast mode
[   98.770857][ T3098] usb 2-1: Using ep0 maxpacket: 8
[   98.784272][ T3098] usb 2-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00
[   98.795454][ T3098] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.806330][ T3098] usb 2-1: config 0 descriptor??
[   98.984733][ T5868] Bluetooth: hci0: command 0x0c1a tx timeout
[   98.991583][ T5917] usbhid 3-1:1.0: can't add hid device: -71
[   99.025052][ T5917] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[   99.063298][ T5917] usb 3-1: USB disconnect, device number 7
[   99.153311][   T24] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   99.297684][ T6863] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.317713][ T6863] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.330389][   T24] usb 4-1: Using ep0 maxpacket: 8
[   99.391722][   T24] usb 4-1: config 0 has an invalid descriptor of length 165, skipping remainder of the config
[   99.397347][ T6914] FAULT_INJECTION: forcing a failure.
[   99.397347][ T6914] name failslab, interval 1, probability 0, space 0, times 0
[   99.423963][ T6914] CPU: 0 UID: 0 PID: 6914 Comm: syz.4.245 Not tainted syzkaller #0 PREEMPT(full) 
[   99.423989][ T6914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   99.423998][ T6914] Call Trace:
[   99.424005][ T6914]  <TASK>
[   99.424013][ T6914]  dump_stack_lvl+0x189/0x250
[   99.424037][ T6914]  ? __pfx____ratelimit+0x10/0x10
[   99.424059][ T6914]  ? __pfx_dump_stack_lvl+0x10/0x10
[   99.424078][ T6914]  ? __pfx__printk+0x10/0x10
[   99.424102][ T6914]  ? __pfx___might_resched+0x10/0x10
[   99.424118][ T6914]  ? lock_acquire+0x5f/0x360
[   99.424141][ T6914]  should_fail_ex+0x414/0x560
[   99.424164][ T6914]  should_failslab+0xa8/0x100
[   99.424188][ T6914]  __kmalloc_noprof+0xcb/0x4f0
[   99.424208][ T6914]  ? __i2c_smbus_xfer+0xdd3/0x1e50
[   99.424228][ T6914]  ? __i2c_smbus_xfer+0xe11/0x1e50
[   99.424248][ T6914]  __i2c_smbus_xfer+0xe11/0x1e50
[   99.424270][ T6914]  ? do_raw_spin_lock+0x121/0x290
[   99.424291][ T6914]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   99.424312][ T6914]  ? rcu_is_watching+0x15/0xb0
[   99.424331][ T6914]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   99.424351][ T6914]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   99.424375][ T6914]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   99.424392][ T6914]  i2c_smbus_xfer+0x275/0x3c0
[   99.424412][ T6914]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   99.424430][ T6914]  ? __might_fault+0xb0/0x130
[   99.424451][ T6914]  ? __might_fault+0xcc/0x130
[   99.424473][ T6914]  i2cdev_ioctl_smbus+0x43d/0x6d0
[   99.424497][ T6914]  ? rcu_is_watching+0x15/0xb0
[   99.424515][ T6914]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   99.424540][ T6914]  ? lock_release+0x4b/0x3e0
[   99.424561][ T6914]  ? __might_fault+0xb0/0x130
[   99.424582][ T6914]  ? __might_fault+0xcc/0x130
[   99.424604][ T6914]  compat_i2cdev_ioctl+0x299/0x5c0
[   99.424636][ T6914]  ? __pfx_compat_i2cdev_ioctl+0x10/0x10
[   99.424658][ T6914]  ? __fget_files+0x3a0/0x420
[   99.424682][ T6914]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[   99.424703][ T6914]  __ia32_compat_sys_ioctl+0x540/0x840
[   99.424723][ T6914]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[   99.424742][ T6914]  ? __fget_files+0x3a0/0x420
[   99.424766][ T6914]  ? fput+0xa0/0xd0
[   99.424782][ T6914]  ? ksys_write+0x22a/0x250
[   99.424802][ T6914]  ? __pfx_ksys_write+0x10/0x10
[   99.424825][ T6914]  __do_fast_syscall_32+0xb6/0x2b0
[   99.424849][ T6914]  ? irqentry_exit_to_user_mode+0xd6/0x120
[   99.424872][ T6914]  do_fast_syscall_32+0x34/0x80
[   99.424892][ T6914]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   99.424911][ T6914] RIP: 0023:0xf70fe539
[   99.424925][ T6914] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[   99.424938][ T6914] RSP: 002b:00000000f54ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[   99.424957][ T6914] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000720
[   99.424969][ T6914] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[   99.424980][ T6914] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   99.424989][ T6914] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[   99.425000][ T6914] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   99.425016][ T6914]  </TASK>
[   99.445844][   T24] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   99.763119][ T3098] uclogic 0003:145F:0212.0002: interface is invalid, ignoring
[   99.798835][ T6920] netlink: 8 bytes leftover after parsing attributes in process `syz.0.242'.
[  100.001977][ T6927] tipc: Started in network mode
[  100.006879][ T6927] tipc: Node identity 76121e481379, cluster identity 4711
[  100.021559][ T5868] Bluetooth: hci4: command 0x0405 tx timeout
[  100.027899][ T5870] Bluetooth: hci2: command 0x0c1a tx timeout
[  100.034164][ T5861] Bluetooth: hci1: command 0x0c1a tx timeout
[  100.040276][ T5861] Bluetooth: hci3: command 0x0c1a tx timeout
[  100.093631][ T6927] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  100.121071][   T24] usb 4-1: New USB device found, idVendor=0582, idProduct=28e8, bcdDevice=f5.06
[  100.123713][ T6927] syzkaller0: entered promiscuous mode
[  100.130409][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.152973][   T24] usb 4-1: Product: syz
[  100.158681][   T24] usb 4-1: Manufacturer: syz
[  100.163882][   T24] usb 4-1: SerialNumber: syz
[  100.170614][   T24] usb 4-1: config 0 descriptor??
[  100.175815][ T6927] syzkaller0: entered allmulticast mode
[  100.247993][ T6927] netlink: 8 bytes leftover after parsing attributes in process `syz.2.247'.
[  100.280673][ T6927] tipc: Resetting bearer <eth:syzkaller0>
[  100.322108][ T6926] tipc: Resetting bearer <eth:syzkaller0>
[  100.337758][ T6926] tipc: Disabling bearer <eth:syzkaller0>
[  100.427783][   T24] usb 4-1: USB disconnect, device number 2
[  101.109909][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  101.376538][ T5917] usb 2-1: USB disconnect, device number 8
[  101.483227][ T6979] FAULT_INJECTION: forcing a failure.
[  101.483227][ T6979] name failslab, interval 1, probability 0, space 0, times 0
[  101.529784][ T6979] CPU: 1 UID: 0 PID: 6979 Comm: syz.3.255 Not tainted syzkaller #0 PREEMPT(full) 
[  101.529810][ T6979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  101.529820][ T6979] Call Trace:
[  101.529827][ T6979]  <TASK>
[  101.529834][ T6979]  dump_stack_lvl+0x189/0x250
[  101.529858][ T6979]  ? __pfx____ratelimit+0x10/0x10
[  101.529878][ T6979]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.529896][ T6979]  ? __pfx__printk+0x10/0x10
[  101.529915][ T6979]  ? rcu_is_watching+0x15/0xb0
[  101.529932][ T6979]  ? __pfx___might_resched+0x10/0x10
[  101.529947][ T6979]  ? lock_acquire+0x5f/0x360
[  101.529969][ T6979]  should_fail_ex+0x414/0x560
[  101.529990][ T6979]  should_failslab+0xa8/0x100
[  101.530012][ T6979]  __kmalloc_noprof+0xcb/0x4f0
[  101.530030][ T6979]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  101.530048][ T6979]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  101.530068][ T6979]  genl_family_rcv_msg_doit+0xb8/0x300
[  101.530088][ T6979]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  101.530108][ T6979]  ? __pfx_genl_get_cmd+0x10/0x10
[  101.530128][ T6979]  genl_rcv_msg+0x60e/0x790
[  101.530147][ T6979]  ? __pfx_genl_rcv_msg+0x10/0x10
[  101.530162][ T6979]  ? __pfx_ctrl_getfamily+0x10/0x10
[  101.530176][ T6979]  ? __asan_memcpy+0x40/0x70
[  101.530192][ T6979]  ? __pfx_ref_tracker_free+0x10/0x10
[  101.530211][ T6979]  ? __skb_clone+0x63/0x7a0
[  101.530229][ T6979]  netlink_rcv_skb+0x208/0x470
[  101.530251][ T6979]  ? __pfx_genl_rcv_msg+0x10/0x10
[  101.530279][ T6979]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  101.530308][ T6979]  ? lock_release+0x4b/0x3e0
[  101.530328][ T6979]  ? down_read+0x1ad/0x2e0
[  101.530342][ T6979]  genl_rcv+0x28/0x40
[  101.530356][ T6979]  netlink_unicast+0x82c/0x9e0
[  101.530378][ T6979]  ? __pfx_netlink_unicast+0x10/0x10
[  101.530398][ T6979]  ? netlink_sendmsg+0x642/0xb30
[  101.530419][ T6979]  ? skb_put+0x11b/0x210
[  101.530435][ T6979]  netlink_sendmsg+0x805/0xb30
[  101.530461][ T6979]  ? __pfx_netlink_sendmsg+0x10/0x10
[  101.530485][ T6979]  ? aa_sock_msg_perm+0xf1/0x1d0
[  101.530501][ T6979]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  101.530518][ T6979]  ? __pfx_netlink_sendmsg+0x10/0x10
[  101.530541][ T6979]  __sock_sendmsg+0x219/0x270
[  101.530562][ T6979]  __sys_sendto+0x3bd/0x520
[  101.530585][ T6979]  ? __pfx___sys_sendto+0x10/0x10
[  101.530611][ T6979]  ? rcu_is_watching+0x15/0xb0
[  101.530632][ T6979]  ? lock_release+0x4b/0x3e0
[  101.530653][ T6979]  ? __might_fault+0xb0/0x130
[  101.530673][ T6979]  ? __might_fault+0xcc/0x130
[  101.530696][ T6979]  __ia32_compat_sys_socketcall+0x71c/0x9c0
[  101.530714][ T6979]  ? __fget_files+0x3a0/0x420
[  101.530738][ T6979]  ? __pfx___ia32_compat_sys_socketcall+0x10/0x10
[  101.530755][ T6979]  ? fput+0xa0/0xd0
[  101.530771][ T6979]  ? ksys_write+0x22a/0x250
[  101.530792][ T6979]  ? __pfx_ksys_write+0x10/0x10
[  101.530815][ T6979]  __do_fast_syscall_32+0xb6/0x2b0
[  101.530839][ T6979]  ? irqentry_exit_to_user_mode+0xd6/0x120
[  101.530862][ T6979]  do_fast_syscall_32+0x34/0x80
[  101.530884][ T6979]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  101.530903][ T6979] RIP: 0023:0xf7f06539
[  101.530918][ T6979] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  101.530932][ T6979] RSP: 002b:00000000f5425430 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
[  101.530950][ T6979] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f5425444
[  101.530963][ T6979] RDX: 0000000000000000 RSI: 00000000f5425560 RDI: 00000000f7394ff4
[  101.530973][ T6979] RBP: 00000000f5425560 R08: 0000000000000000 R09: 0000000000000000
[  101.530984][ T6979] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  101.530994][ T6979] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  101.531010][ T6979]  </TASK>
[  101.898027][    C1] vkms_vblank_simulate: vblank timer overrun
[  102.101054][   T51] Bluetooth: hci4: command 0x0405 tx timeout
[  102.107279][ T5868] Bluetooth: hci3: command 0x0c1a tx timeout
[  102.113522][ T5861] Bluetooth: hci2: command 0x0c1a tx timeout
[  102.119717][ T5870] Bluetooth: hci1: command 0x0c1a tx timeout
[  102.177825][ T6998] PKCS7: Unknown OID: [5] (bad)
[  102.185963][ T6998] PKCS7: Only support pkcs7_signedData type
[  102.311664][ T5917] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  102.471683][ T5917] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  102.483907][ T5917] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  102.590582][    T9] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  102.683714][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  102.908389][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  102.928275][ T5917] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  102.962938][ T7010] netlink: 8 bytes leftover after parsing attributes in process `syz.4.262'.
[  102.972182][ T5917] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  103.027986][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  103.078667][    T9] usb 4-1: device descriptor read/64, error -71
[  103.153777][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  103.153793][ T5917] usb 2-1: Product: syz
[  103.153809][ T5917] usb 2-1: Manufacturer: syz
[  103.253390][ T5917] usb 2-1: SerialNumber: syz
[  103.366684][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  103.366696][   T30] audit: type=1326 audit(1755715833.712:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7020 comm="syz.2.266" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x0
[  103.474061][ T5917] usb 2-1: config 0 descriptor??
[  103.600817][    T9] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  103.700741][ T5917] radio-si470x 2-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  103.708012][ T5917] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  103.749112][    T9] usb 4-1: device descriptor read/64, error -71
[  103.769819][ T5917] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -71
[  103.778754][ T5917] radio-si470x 2-1:0.0: si470x_get_scratch: si470x_get_report returned -71
[  103.788947][ T5917] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5
[  103.809715][ T5917] usb 2-1: USB disconnect, device number 9
[  103.890857][    T9] usb usb4-port1: attempt power cycle
[  104.146794][ T7048] PKCS7: Unknown OID: [5] (bad)
[  104.155249][ T7048] PKCS7: Only support pkcs7_signedData type
[  104.180446][   T51] Bluetooth: hci4: command 0x0405 tx timeout
[  104.180944][ T5870] Bluetooth: hci1: command 0x0c1a tx timeout
[  104.186527][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  104.192530][ T5861] Bluetooth: hci3: command 0x0c1a tx timeout
[  104.240389][    T9] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  104.264091][    T9] usb 4-1: device descriptor read/8, error -71
[  104.580475][    T9] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  105.241927][    T9] usb 4-1: device descriptor read/8, error -71
[  105.597678][    T9] usb usb4-port1: unable to enumerate USB device
[  108.720344][    C1] sched: DL replenish lagged too much
[  133.190910][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  133.205272][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  251.380276][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  251.387258][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P10/1:b..l P2/1:b..l
[  251.395857][    C0] rcu: 	(detected by 0, t=10503 jiffies, g=12909, q=1930732 ncpus=2)
[  251.403939][    C0] task:kthreadd        state:R  running task     stack:25920 pid:2     tgid:2     ppid:0      task_flags:0x208040 flags:0x00004000
[  251.417432][    C0] Call Trace:
[  251.420717][    C0]  <TASK>
[  251.423672][    C0]  __schedule+0x1798/0x4cc0
[  251.428192][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  251.434096][    C0]  ? __pfx___schedule+0x10/0x10
[  251.438955][    C0]  ? rcu_is_watching+0x15/0xb0
[  251.443727][    C0]  preempt_schedule_notrace+0xd1/0x110
[  251.449196][    C0]  ? __pfx_preempt_schedule_notrace+0x10/0x10
[  251.455340][    C0]  ? unwind_next_frame+0xa5/0x2390
[  251.460461][    C0]  preempt_schedule_notrace_thunk+0x16/0x30
[  251.466528][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  251.472690][    C0]  ? unwind_next_frame+0xa5/0x2390
[  251.477885][    C0]  rcu_is_watching+0x7f/0xb0
[  251.482469][    C0]  lock_acquire+0x5f/0x360
[  251.486893][    C0]  ? rcu_is_watching+0x15/0xb0
[  251.491667][    C0]  ? unwind_next_frame+0xa5/0x2390
[  251.496869][    C0]  ? lock_release+0x4b/0x3e0
[  251.501447][    C0]  ? unwind_next_frame+0x19ae/0x2390
[  251.506734][    C0]  ? deref_stack_reg+0x19f/0x230
[  251.511686][    C0]  ? kthreadd+0x575/0x770
[  251.516011][    C0]  ? unwind_next_frame+0xa5/0x2390
[  251.521107][    C0]  unwind_next_frame+0xc2/0x2390
[  251.526047][    C0]  ? unwind_next_frame+0xa5/0x2390
[  251.531174][    C0]  ? unwind_next_frame+0xa5/0x2390
[  251.536284][    C0]  ? kernel_thread+0x10c/0x160
[  251.541034][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  251.547191][    C0]  arch_stack_walk+0x11c/0x150
[  251.551960][    C0]  ? kthreadd+0x575/0x770
[  251.556291][    C0]  stack_trace_save+0x9c/0xe0
[  251.560962][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  251.566342][    C0]  save_stack+0xf5/0x1f0
[  251.570606][    C0]  ? __pfx_save_stack+0x10/0x10
[  251.575458][    C0]  ? page_ext_get+0x22/0x2f0
[  251.580039][    C0]  ? __free_frozen_pages+0xbc4/0xd30
[  251.585314][    C0]  ? __put_partials+0x156/0x1a0
[  251.590201][    C0]  ? put_cpu_partial+0x17c/0x250
[  251.595234][    C0]  ? __slab_free+0x2d5/0x3c0
[  251.599848][    C0]  ? qlist_free_all+0x97/0x140
[  251.604601][    C0]  ? kasan_quarantine_reduce+0x148/0x160
[  251.610254][    C0]  ? __kasan_kmalloc+0x22/0xb0
[  251.615020][    C0]  ? __kmalloc_noprof+0x27a/0x4f0
[  251.620046][    C0]  ? security_task_alloc+0x4d/0x360
[  251.625333][    C0]  ? copy_process+0x1530/0x3c00
[  251.630186][    C0]  ? kernel_clone+0x21e/0x840
[  251.634869][    C0]  ? kernel_thread+0x10c/0x160
[  251.639663][    C0]  ? kthreadd+0x575/0x770
[  251.643990][    C0]  ? lock_release+0x4b/0x3e0
[  251.648591][    C0]  ? page_ext_get+0x22/0x2f0
[  251.653193][    C0]  __reset_page_owner+0x71/0x1f0
[  251.658144][    C0]  __free_frozen_pages+0xbc4/0xd30
[  251.663262][    C0]  __put_partials+0x156/0x1a0
[  251.667954][    C0]  put_cpu_partial+0x17c/0x250
[  251.672742][    C0]  ? put_cpu_partial+0x6d/0x250
[  251.677605][    C0]  __slab_free+0x2d5/0x3c0
[  251.682276][    C0]  ? __phys_addr+0xd3/0x180
[  251.686797][    C0]  qlist_free_all+0x97/0x140
[  251.691522][    C0]  kasan_quarantine_reduce+0x148/0x160
[  251.697027][    C0]  __kasan_kmalloc+0x22/0xb0
[  251.701620][    C0]  __kmalloc_noprof+0x27a/0x4f0
[  251.706573][    C0]  ? security_task_alloc+0x4d/0x360
[  251.711781][    C0]  security_task_alloc+0x4d/0x360
[  251.716889][    C0]  copy_process+0x1530/0x3c00
[  251.721578][    C0]  ? copy_process+0x97f/0x3c00
[  251.726354][    C0]  ? __pfx_copy_process+0x10/0x10
[  251.731383][    C0]  ? rcu_is_watching+0x15/0xb0
[  251.736166][    C0]  ? __pfx_kthread+0x10/0x10
[  251.740744][    C0]  kernel_clone+0x21e/0x840
[  251.745253][    C0]  ? rcu_is_watching+0x15/0xb0
[  251.750284][    C0]  ? __pfx_kernel_clone+0x10/0x10
[  251.755315][    C0]  ? __schedule+0x17ae/0x4cc0
[  251.760170][    C0]  ? __pfx_kthread+0x10/0x10
[  251.764753][    C0]  kernel_thread+0x10c/0x160
[  251.769353][    C0]  ? __pfx_kernel_thread+0x10/0x10
[  251.774467][    C0]  ? __pfx_kthread+0x10/0x10
[  251.780489][    C0]  ? rcu_is_watching+0x15/0xb0
[  251.785267][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  251.790478][    C0]  kthreadd+0x575/0x770
[  251.794683][    C0]  ? kthreadd+0x30b/0x770
[  251.799010][    C0]  ? __pfx_kthreadd+0x10/0x10
[  251.803683][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  251.808888][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  251.814094][    C0]  ? __pfx_kthreadd+0x10/0x10
[  251.818777][    C0]  ret_from_fork+0x3f9/0x770
[  251.823368][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  251.828517][    C0]  ? __switch_to_asm+0x39/0x70
[  251.833291][    C0]  ? __switch_to_asm+0x33/0x70
[  251.838065][    C0]  ? __pfx_kthreadd+0x10/0x10
[  251.842734][    C0]  ret_from_fork_asm+0x1a/0x30
[  251.847514][    C0]  </TASK>
[  251.850532][    C0] task:kworker/0:1     state:R  running task     stack:25448 pid:10    tgid:10    ppid:2      task_flags:0x4208060 flags:0x00004000
[  251.864370][    C0] Workqueue: events_power_efficient gc_worker
[  251.870488][    C0] Call Trace:
[  251.873767][    C0]  <TASK>
[  251.876692][    C0]  __schedule+0x1798/0x4cc0
[  251.881202][    C0]  ? ip6_finish_output2+0x701/0x16a0
[  251.886495][    C0]  ? __pfx___schedule+0x10/0x10
[  251.891361][    C0]  ? ip6_mtu+0x7d/0x3f0
[  251.895520][    C0]  ? ip6_mtu+0x321/0x3f0
[  251.899796][    C0]  ? rcu_is_watching+0x15/0xb0
[  251.904637][    C0]  preempt_schedule_irq+0xb5/0x150
[  251.909756][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  251.915499][    C0]  ? rcu_is_watching+0x15/0xb0
[  251.920255][    C0]  ? rcu_is_watching+0x15/0xb0
[  251.925018][    C0]  ? rcu_irq_exit_check_preempt+0xd6/0x210
[  251.930835][    C0]  irqentry_exit+0x6f/0x90
[  251.935260][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  251.941252][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x11/0x70
[  251.947419][    C0] Code: 5b e9 73 98 58 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 08 50 a0 92 <65> 8b 15 e8 a4 e0 10 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75
[  251.967034][    C0] RSP: 0018:ffffc900000f7918 EFLAGS: 00000246
[  251.973119][    C0] RAX: ffffffff89ac87c9 RBX: 0000000000000000 RCX: ffff88801ce99e00
[  251.981094][    C0] RDX: ffff88801ce99e00 RSI: 0000000000000000 RDI: 0000000000000000
[  251.989065][    C0] RBP: ffffc900000f7a70 R08: ffffffff8fa38337 R09: 1ffffffff1f47066
[  251.997096][    C0] R10: dffffc0000000000 R11: fffffbfff1f47067 R12: 1ffff11006469039
[  252.005347][    C0] R13: 000000000000082c R14: 0000000000000000 R15: 0000000000040000
[  252.013335][    C0]  ? gc_worker+0x329/0x1380
[  252.017860][    C0]  gc_worker+0x329/0x1380
[  252.022218][    C0]  ? gc_worker+0x264/0x1380
[  252.026730][    C0]  ? __pfx_gc_worker+0x10/0x10
[  252.031489][    C0]  ? rcu_is_watching+0x15/0xb0
[  252.036277][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  252.042011][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  252.047836][    C0]  process_scheduled_works+0xae1/0x17b0
[  252.053402][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  252.059589][    C0]  worker_thread+0x8a0/0xda0
[  252.064237][    C0]  kthread+0x70e/0x8a0
[  252.068332][    C0]  ? __pfx_worker_thread+0x10/0x10
[  252.073563][    C0]  ? __pfx_kthread+0x10/0x10
[  252.078168][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  252.083377][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  252.088677][    C0]  ? __pfx_kthread+0x10/0x10
[  252.093301][    C0]  ret_from_fork+0x3f9/0x770
[  252.097897][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  252.103099][    C0]  ? __switch_to_asm+0x39/0x70
[  252.107881][    C0]  ? __switch_to_asm+0x33/0x70
[  252.112736][    C0]  ? __pfx_kthread+0x10/0x10
[  252.117343][    C0]  ret_from_fork_asm+0x1a/0x30
[  252.122132][    C0]  </TASK>
[  252.125154][    C0] rcu: rcu_preempt kthread starved for 10334 jiffies! g12909 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  252.136360][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  252.146338][    C0] rcu: RCU grace-period kthread stack dump:
[  252.152224][    C0] task:rcu_preempt     state:R  running task     stack:27560 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  252.165705][    C0] Call Trace:
[  252.168977][    C0]  <TASK>
[  252.171903][    C0]  __schedule+0x1798/0x4cc0
[  252.176419][    C0]  ? rcu_is_watching+0x15/0xb0
[  252.181188][    C0]  ? __pfx___schedule+0x10/0x10
[  252.186040][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  252.192105][    C0]  ? schedule+0x91/0x360
[  252.196363][    C0]  ? rcu_is_watching+0x15/0xb0
[  252.201142][    C0]  ? lock_release+0x4b/0x3e0
[  252.205749][    C0]  schedule+0x165/0x360
[  252.209908][    C0]  schedule_timeout+0x12b/0x270
[  252.214751][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  252.220131][    C0]  ? rcu_is_watching+0x15/0xb0
[  252.226119][    C0]  ? __pfx_process_timeout+0x10/0x10
[  252.231470][    C0]  ? prepare_to_swait_event+0x341/0x380
[  252.237029][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[  252.241899][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  252.248156][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  252.253455][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  252.258682][    C0]  rcu_gp_kthread+0x99/0x390
[  252.263375][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  252.268576][    C0]  ? __kthread_parkme+0x7b/0x200
[  252.273504][    C0]  ? __kthread_parkme+0x1a1/0x200
[  252.278543][    C0]  kthread+0x70e/0x8a0
[  252.282624][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  252.287926][    C0]  ? __pfx_kthread+0x10/0x10
[  252.292511][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  252.297716][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  252.302924][    C0]  ? __pfx_kthread+0x10/0x10
[  252.307522][    C0]  ret_from_fork+0x3f9/0x770
[  252.312182][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  252.317306][    C0]  ? __switch_to_asm+0x39/0x70
[  252.322178][    C0]  ? __switch_to_asm+0x33/0x70
[  252.326974][    C0]  ? __pfx_kthread+0x10/0x10
[  252.331558][    C0]  ret_from_fork_asm+0x1a/0x30
[  252.336344][    C0]  </TASK>
[  252.339370][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  252.345710][    C0] Sending NMI from CPU 0 to CPUs 1:
[  252.351044][    C1] NMI backtrace for cpu 1
[  252.351071][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  252.351107][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  252.351126][    C1] RIP: 0010:__rcu_read_unlock+0x6/0xe0
[  252.351157][    C1] Code: c1 03 38 c1 7c dc 48 89 df e8 46 fd 7b 00 eb d2 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 <41> 56 41 55 41 54 53 49 bf 00 00 00 00 00 fc ff df 65 48 8b 3c 25
[  252.351170][    C1] RSP: 0018:ffffc90000a07788 EFLAGS: 00000286
[  252.351184][    C1] RAX: 27f835c346b3a300 RBX: ffffffff90c06801 RCX: 27f835c346b3a300
[  252.351196][    C1] RDX: ffffc90000a07801 RSI: ffffffff8be33660 RDI: ffffffff8be33620
[  252.351208][    C1] RBP: dffffc0000000000 R08: ffffc90000a083f0 R09: 0000000000000000
[  252.351218][    C1] R10: ffffc90000a078b8 R11: fffff52000140f19 R12: ffffc90000a08400
[  252.351230][    C1] R13: ffffc90000a01000 R14: ffffc90000a07868 R15: ffffffff8172c195
[  252.351242][    C1] FS:  0000000000000000(0000) GS:ffff888125d1b000(0000) knlGS:0000000000000000
[  252.351255][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  252.351265][    C1] CR2: 00000000f758ed1c CR3: 000000007db72000 CR4: 00000000003526f0
[  252.351279][    C1] Call Trace:
[  252.351285][    C1]  <IRQ>
[  252.351290][    C1]  ? unwind_next_frame+0xa5/0x2390
[  252.351308][    C1]  unwind_next_frame+0x19ae/0x2390
[  252.351329][    C1]  ? unwind_next_frame+0xa5/0x2390
[  252.351344][    C1]  ? nft_synproxy_do_eval+0x345/0x570
[  252.351363][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  252.351382][    C1]  arch_stack_walk+0x11c/0x150
[  252.351401][    C1]  ? nft_do_chain+0x409/0x1920
[  252.351418][    C1]  stack_trace_save+0x9c/0xe0
[  252.351435][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  252.351452][    C1]  ? enqueue_to_backlog+0xa45/0xfa0
[  252.351472][    C1]  kasan_save_track+0x3e/0x80
[  252.351490][    C1]  ? kasan_save_track+0x3e/0x80
[  252.351506][    C1]  ? __kasan_slab_alloc+0x6c/0x80
[  252.351523][    C1]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  252.351541][    C1]  ? dst_alloc+0x105/0x170
[  252.351557][    C1]  ? ip_route_output_key_hash_rcu+0x14e1/0x23d0
[  252.351574][    C1]  ? ip_route_output_key_hash+0x1b9/0x2e0
[  252.351589][    C1]  ? ip_route_output_flow+0x2a/0x150
[  252.351604][    C1]  ? ip_route_me_harder+0x6d2/0x1030
[  252.351620][    C1]  ? synproxy_send_tcp+0x359/0x6c0
[  252.351639][    C1]  ? synproxy_send_client_synack+0x8bb/0xe20
[  252.351660][    C1]  ? nft_synproxy_eval_v4+0x36e/0x560
[  252.351675][    C1]  ? nft_synproxy_do_eval+0x345/0x570
[  252.351707][    C1]  __kasan_slab_alloc+0x6c/0x80
[  252.351726][    C1]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  252.351744][    C1]  ? dst_alloc+0x105/0x170
[  252.351761][    C1]  dst_alloc+0x105/0x170
[  252.351778][    C1]  ip_route_output_key_hash_rcu+0x14e1/0x23d0
[  252.351798][    C1]  ? ip_route_output_key_hash+0xde/0x2e0
[  252.351815][    C1]  ip_route_output_key_hash+0x1b9/0x2e0
[  252.351831][    C1]  ? __pfx___inet_dev_addr_type+0x10/0x10
[  252.351848][    C1]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  252.351872][    C1]  ? ip_route_me_harder+0x4ad/0x1030
[  252.351888][    C1]  ? rcu_is_watching+0x15/0xb0
[  252.351902][    C1]  ? ip_route_me_harder+0x4ad/0x1030
[  252.351919][    C1]  ? rcu_is_watching+0x15/0xb0
[  252.351932][    C1]  ? ip_route_me_harder+0x4ad/0x1030
[  252.351950][    C1]  ip_route_output_flow+0x2a/0x150
[  252.351964][    C1]  ? ip_route_me_harder+0x6c0/0x1030
[  252.351982][    C1]  ip_route_me_harder+0x6d2/0x1030
[  252.352003][    C1]  ? __pfx_ip_route_me_harder+0x10/0x10
[  252.352027][    C1]  ? __cookie_v4_init_sequence+0x262/0x4c0
[  252.352051][    C1]  synproxy_send_tcp+0x359/0x6c0
[  252.352074][    C1]  synproxy_send_client_synack+0x8bb/0xe20
[  252.352100][    C1]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  252.352121][    C1]  ? __asan_memset+0x22/0x50
[  252.352137][    C1]  ? synproxy_pernet+0x45/0x270
[  252.352155][    C1]  nft_synproxy_eval_v4+0x36e/0x560
[  252.352173][    C1]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[  252.352191][    C1]  ? nf_ip_checksum+0x13c/0x510
[  252.352210][    C1]  nft_synproxy_do_eval+0x345/0x570
[  252.352226][    C1]  ? rcu_is_watching+0x15/0xb0
[  252.352241][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  252.352257][    C1]  ? rcu_is_watching+0x15/0xb0
[  252.352272][    C1]  ? queue_work_on+0x1ed/0x270
[  252.352287][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  252.352309][    C1]  nft_do_chain+0x409/0x1920
[  252.352326][    C1]  ? ieee80211_rx_handlers+0xb6f3/0xb760
[  252.352346][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  252.352363][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  252.352392][    C1]  nft_do_chain_inet+0x25d/0x340
[  252.352409][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  252.352428][    C1]  ? NF_HOOK+0x9a/0x3a0
[  252.352446][    C1]  ? rcu_is_watching+0x15/0xb0
[  252.352460][    C1]  ? lock_acquire+0x5f/0x360
[  252.352480][    C1]  ? __pfx_nf_conntrack_in+0x10/0x10
[  252.352495][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  252.352511][    C1]  nf_hook_slow+0xc2/0x220
[  252.352533][    C1]  NF_HOOK+0x206/0x3a0
[  252.352552][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  252.352572][    C1]  ? NF_HOOK+0x9a/0x3a0
[  252.352590][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  252.352608][    C1]  ? ip_rcv_finish_core+0xda3/0x1c00
[  252.352628][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  252.352649][    C1]  ? skb_dst+0x4f/0xd0
[  252.352668][    C1]  ? ip_local_deliver+0x12a/0x1b0
[  252.352688][    C1]  NF_HOOK+0x30c/0x3a0
[  252.352707][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  252.352726][    C1]  ? NF_HOOK+0x9a/0x3a0
[  252.352744][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  252.352762][    C1]  ? ip_rcv_core+0x7f7/0xd00
[  252.352781][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  252.352804][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  252.352822][    C1]  __netif_receive_skb+0x143/0x380
[  252.352842][    C1]  ? process_backlog+0x2d5/0x14f0
[  252.353007][    C1]  process_backlog+0x60e/0x14f0
[  252.353039][    C1]  ? __pfx_process_backlog+0x10/0x10
[  252.353059][    C1]  ? get_jiffies_update+0x44/0x140
[  252.353078][    C1]  __napi_poll+0xc7/0x360
[  252.353096][    C1]  ? rcu_is_watching+0x15/0xb0
[  252.353113][    C1]  net_rx_action+0x707/0xe30
[  252.353132][    C1]  ? rcu_is_watching+0x15/0xb0
[  252.353152][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  252.353185][    C1]  handle_softirqs+0x283/0x870
[  252.353202][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  252.353219][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  252.353236][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  252.353255][    C1]  __irq_exit_rcu+0xca/0x1f0
[  252.353271][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  252.353289][    C1]  irq_exit_rcu+0x9/0x30
[  252.353303][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  252.353325][    C1]  </IRQ>
[  252.353330][    C1]  <TASK>
[  252.353337][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  252.353354][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  252.353374][    C1] Code: 53 e7 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 b6 0e 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  252.353387][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c2
[  252.353402][    C1] RAX: 27f835c346b3a300 RBX: ffffffff819683b8 RCX: 27f835c346b3a300
[  252.353414][    C1] RDX: 0000000000000001 RSI: ffffffff8be33660 RDI: ffffffff819683b8
[  252.353425][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f9b R09: 1ffff110170e65f3
[  252.353437][    C1] R10: dffffc0000000000 R11: ffffed10170e65f4 R12: ffffffff8fa38330
[  252.353449][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110039d6b40
[  252.353461][    C1]  ? do_idle+0x1e8/0x510
[  252.353477][    C1]  ? do_idle+0x1e8/0x510
[  252.353492][    C1]  default_idle+0x13/0x20
[  252.353505][    C1]  default_idle_call+0x74/0xb0
[  252.353519][    C1]  do_idle+0x1e8/0x510
[  252.353536][    C1]  ? __pfx_do_idle+0x10/0x10
[  252.353556][    C1]  cpu_startup_entry+0x44/0x60
[  252.353571][    C1]  start_secondary+0x101/0x110
[  252.353593][    C1]  common_startup_64+0x13e/0x147
[  252.353618][    C1]  </TASK>
[  255.770391][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  255.784675][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  258.510791][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  258.524319][ T1302] ieee802154 phy1 wpan1: encryption failed: -22