last executing test programs:

9m34.286389329s ago: executing program 3 (id=3173):
ioctl$IOCTL_START_ACCEL_DEV(0xffffffffffffffff, 0x40096102, &(0x7f00000000c0)={{&(0x7f0000000640)={'Accelerator\x00'}}, 0x80})
r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) (fail_nth: 14)

9m33.671202735s ago: executing program 3 (id=3174):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
msgctl$MSG_STAT(0x0, 0xb, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000)
syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42800)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x7, '\x00', 0x0, 0x0}, 0x50)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xfffffffb}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f00000002c0)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x46, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, 0x0)
socketpair$unix(0x1, 0xfffffffffffffffd, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f0000000800)=[{{&(0x7f0000000300)=@isdn, 0x80, &(0x7f0000000380)=[{&(0x7f0000001880)=""/4096, 0x1000}, {&(0x7f0000000200)=""/25, 0x19}], 0x2, &(0x7f0000000480)=""/124, 0x7c}, 0x80000000}, {{&(0x7f0000000500)=@x25={0x9, @remote}, 0x80, &(0x7f0000000680)=[{&(0x7f0000002880)=""/4096, 0x1000}, {&(0x7f0000000580)=""/218, 0xda}, {&(0x7f0000003880)=""/4096, 0x1000}], 0x3, &(0x7f00000006c0)=""/177, 0xb1}, 0x3}], 0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
openat(r6, &(0x7f0000000180)='./file0\x00', 0x801, 0x21)
sendfile(r5, r6, 0x0, 0x20000023896)
close(r5)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)

9m32.505655619s ago: executing program 3 (id=3176):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB='\x00\x00\x00', @ANYRES32=r2, @ANYBLOB="0900070086e70ba819000000"], 0x28}}, 0x0)

9m32.227783806s ago: executing program 3 (id=3179):
r0 = memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0)
pwrite64(r0, &(0x7f00000008c0)='/', 0x1, 0x0) (async)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0)
lseek(r0, 0x0, 0x4) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) (async)
umount2(&(0x7f00000000c0)='./file0\x00', 0x1) (async)
sendfile(r0, r0, &(0x7f00000001c0), 0x7fa) (async)
symlink(&(0x7f0000001000)='./file0\x00', &(0x7f00000000c0)='./file0\x00') (async)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
open$dir(&(0x7f00000000c0)='./file1\x00', 0x800, 0x1a6)

9m31.911876699s ago: executing program 3 (id=3182):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000000280)={0x2, 0x3, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r1, 0x8)
r2 = accept4(r1, 0x0, 0x0, 0x80800)
sendto$inet(r2, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f00000004c0)={0x0, 0x4}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000240)={0x0, 0x2}, 0x8)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000340)={0x60, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x44}, [@nested={0x4c, 0xe, 0x0, 0x1, [@nested={0x48, 0x151, 0x0, 0x1, [@nested={0x38, 0x13a, 0x0, 0x1, [@nested={0x2c, 0x61, 0x0, 0x1, [@nested={0x4, 0x54}, @typed={0x8, 0x8, 0x0, 0x0, @u32=0x5}, @typed={0x8, 0xe7, 0x0, 0x0, @uid}, @typed={0x8, 0x14f, 0x0, 0x0, @fd}, @typed={0xc, 0xd, 0x0, 0x0, @u64=0x3ff}]}, @typed={0x8, 0x35, 0x0, 0x0, @ipv4=@loopback}]}, @typed={0x8, 0xde, 0x0, 0x0, @pid}, @generic="d5938376"]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

9m31.043670694s ago: executing program 3 (id=3185):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="50000000100001042bbd", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000100020000001400030067656e6e766531000000000000"], 0x50}}, 0x2000000)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x7, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="400000001000010425bd700003000000000080575a8231ce9715a96e61ea61ae5b3906587ffa150fcc9887cd34fe0c20a45954408e6eed98829d0a9de4434c05db71fb7f247e950c9983f13e8d06c68fc7d17e13b8b1fe38c3ad9d8d0c74364d30a24b33b37349be3c3ad5d5c23b2070f174bce751d979790a05668493a20d36", @ANYRES32=0x0, @ANYBLOB="10c00000000000001800128008000100677470000c00028008000100", @ANYRES32=r5, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x0)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r8, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r6, &(0x7f0000000040), 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x396, @empty}, 0x1c)
pipe(&(0x7f0000000040))

9m30.139372865s ago: executing program 32 (id=3185):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="50000000100001042bbd", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000100020000001400030067656e6e766531000000000000"], 0x50}}, 0x2000000)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x7, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="400000001000010425bd700003000000000080575a8231ce9715a96e61ea61ae5b3906587ffa150fcc9887cd34fe0c20a45954408e6eed98829d0a9de4434c05db71fb7f247e950c9983f13e8d06c68fc7d17e13b8b1fe38c3ad9d8d0c74364d30a24b33b37349be3c3ad5d5c23b2070f174bce751d979790a05668493a20d36", @ANYRES32=0x0, @ANYBLOB="10c00000000000001800128008000100677470000c00028008000100", @ANYRES32=r5, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x0)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r8, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r6, &(0x7f0000000040), 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x396, @empty}, 0x1c)
pipe(&(0x7f0000000040))

2m43.667913723s ago: executing program 0 (id=4473):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000, 0x56}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
pipe2(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0)
vmsplice(r4, &(0x7f0000000280)=[{&(0x7f0000000100)='n', 0x1}], 0x1, 0x7)
pipe2(&(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x800)
fcntl$setstatus(r5, 0x4, 0x2800)
splice(r3, 0x0, r6, 0x0, 0x8000000000000000, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r7=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r7}, 0x10)
recvmmsg(r1, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}, 0x3ff}, {{0x0, 0x0, 0x0}, 0xed7}], 0x2, 0x42, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'})

2m42.711549364s ago: executing program 0 (id=4478):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x40, 0x19, 0x2, "0200"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000001480)={0x44, &(0x7f0000001180)=ANY=[@ANYBLOB="000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x10, 0x2}, 0x41)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x0, 0x4, 0x0, 0x1, 0xc}, @exit], &(0x7f00000000c0)='GPL\x00', 0x7}, 0x94)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000a80)=ANY=[@ANYBLOB="00150100000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2m37.575749304s ago: executing program 0 (id=4493):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x50}}, 0x0) (async)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00', 0x49})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xf, &(0x7f0000001000)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x87}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
dup2(r1, r1) (async)
write$sndseq(r0, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)

2m36.844203539s ago: executing program 0 (id=4494):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000006c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000005b574e69622bf85eda07b3"], 0x0}, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x120002)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r1, 0x40045402, &(0x7f0000000140)=0x1)
r2 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x40000000, 0x10100}, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff56})
io_uring_enter(r2, 0x7a98, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000180)={0x7, 0x9dc5, 0x0, 0x0, 0xf})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000280)={'syz_tun\x00', &(0x7f0000000500)=@ethtool_gfeatures})
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000280)={'bridge0\x00', 0x0})
r6 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGCOLLECTIONINDEX(r6, 0x40184810, &(0x7f00000002c0)={0x3, 0x100, 0x0, 0x8001, 0x0, 0x9ff})

2m35.399733997s ago: executing program 0 (id=4502):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0xbc0f, 0x42, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pipe2(&(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
splice(r2, 0x0, r3, 0x0, 0xd9d7, 0x5)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000080)='connect aa:aa:aa:aa:aa:10 1', 0x19)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r4, 0xffffffffffffffff, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, &(0x7f0000000440)={0x2000000000002000, 0x1, 0x56, 0x3})
mq_timedsend(r6, 0x0, 0x0, 0x0, 0x0)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000340)={0x5, 0x90, 0x1, 'queue0\x00', 0x3})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r7, 0x40505330, &(0x7f0000000ec0)={0x800100, 0xfffffffd, 0x22, 0x100, 0x81, 0x5})
close(r7)
ioctl$TIOCMGET(r5, 0x541e, &(0x7f0000000040))
openat$sndseq(0xffffffffffffff9c, 0x0, 0x40041)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001a80)=ANY=[@ANYBLOB="b700000017000000bfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff0000000015040000000002000f030000000000003404000001ed0a0014040000170000801c400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090d030000003acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e31a3446cd57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9be0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd08000000e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119d2a673bdae05779208409e6cf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc0700bac0006b98a8283eee5665f3aede28228e0468dbcf8b776fe4c629d3af183a7cba5adf77f23d31f9d5a183c0da4e95f75b1496a97a46a06e4e1f5a8438d49dbd493ba2482c398ab724577fd742bf44cdd8489086e61aa3cb1d3ab3dac8183102fe6fc8a038e3868a0592811446867969f0fb3f547e83c4ca35aac023f09f15bb0acb3cdc6efd9b0e9df56af7fda01280a384028b35994388"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1e}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r8, 0x0, 0x0}, 0x10)

2m33.86208931s ago: executing program 0 (id=4507):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100004b41460860163209ea80010203010902120001000000080904"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
r1 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_elf32(r1, &(0x7f0000000140)={{0x7f, 0x45, 0x4c, 0x46, 0xb, 0x0, 0xa, 0xb8, 0x5, 0x2, 0x3e, 0x5, 0x21a, 0x38, 0xfd, 0x550a, 0x1, 0x20, 0x1, 0x6, 0x7fff, 0xb11d}, [{0x5, 0x2, 0xfffffc00, 0x9, 0x5, 0xcc, 0x2, 0x9}], "e69e2848c6e8fd27cc4c331d0df8eaa85e0b9af7016507be1098e6a277a454afc6dae07a53a9359a5006154ecb8423170967dad5b32caf815a79944d34699e13136c2c8998937767345b465c01d590a58fbb1a8889a3204af0731ff4902713a000956528d3a3babcd532c6ccd751021d55b652adc2e7af34f0bcf60bd39f7884905591091a531062c2268507921d12b97046d32e1f423730dbcb1feeefe88acd7a23f0028cabe9ae2d3da326783d13c3c8e770e2eddaea", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x80f)
unshare(0x2040400)
r2 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r2, 0x4004550d, 0x0)
r3 = dup(r0)
getgid()
read$alg(r3, &(0x7f0000000080)=""/142, 0x8e)
openat$tun(0xffffffffffffff9c, &(0x7f0000000980), 0x1, 0x0)

2m18.594458974s ago: executing program 33 (id=4507):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100004b41460860163209ea80010203010902120001000000080904"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
r1 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_elf32(r1, &(0x7f0000000140)={{0x7f, 0x45, 0x4c, 0x46, 0xb, 0x0, 0xa, 0xb8, 0x5, 0x2, 0x3e, 0x5, 0x21a, 0x38, 0xfd, 0x550a, 0x1, 0x20, 0x1, 0x6, 0x7fff, 0xb11d}, [{0x5, 0x2, 0xfffffc00, 0x9, 0x5, 0xcc, 0x2, 0x9}], "e69e2848c6e8fd27cc4c331d0df8eaa85e0b9af7016507be1098e6a277a454afc6dae07a53a9359a5006154ecb8423170967dad5b32caf815a79944d34699e13136c2c8998937767345b465c01d590a58fbb1a8889a3204af0731ff4902713a000956528d3a3babcd532c6ccd751021d55b652adc2e7af34f0bcf60bd39f7884905591091a531062c2268507921d12b97046d32e1f423730dbcb1feeefe88acd7a23f0028cabe9ae2d3da326783d13c3c8e770e2eddaea", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x80f)
unshare(0x2040400)
r2 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r2, 0x4004550d, 0x0)
r3 = dup(r0)
getgid()
read$alg(r3, &(0x7f0000000080)=""/142, 0x8e)
openat$tun(0xffffffffffffff9c, &(0x7f0000000980), 0x1, 0x0)

1m7.484701996s ago: executing program 1 (id=4759):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000002240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r4, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x1)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r7, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r8, 0x0, 0x0, <r9=>0x0})
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r7, 0x3b8c, &(0x7f00000000c0)={0x30, r9, 0x0, 0x0, 0x8000, 0x200000000000, 0xffffffffffffffff, 0x0})
connect$pppl2tp(r6, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x3, 0x0, 0x1, 0x0, {0xa, 0x4e23, 0x3, @private1, 0x7}}}, 0x3a)
read$FUSE(r5, &(0x7f00000001c0)={0x2020}, 0x2020)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000002200)=0x1, 0x4)
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x800, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYRES32=r10, @ANYBLOB="83550500010000001c0012800b00010067656e6576650000"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r11 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), r0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)={0x44, r11, 0x917, 0x0, 0xffffffe4, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @initdev={0xac, 0x1e, 0x1, 0x0}}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x44}}, 0x4000)

1m7.22578216s ago: executing program 1 (id=4763):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000600)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000003340)=0x9, 0x4)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000300), 0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000100)={0x0, 0x1, 0x16, 0x0, 0x8}, 0xc)
ioctl$SIOCGETMIFCNT_IN6(0xffffffffffffffff, 0x89e0, &(0x7f0000000240)={0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
read$sequencer(r4, &(0x7f0000000040)=""/151, 0x97)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x80000001, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x4c, &(0x7f0000000300), 0x4)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB='\x00'/21], 0x78)
r5 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_G_TUNER(r5, 0xc054561d, &(0x7f00000000c0)={0x6, "13f20a6684154bc7ec29052b9ec48e707a4f251dd900", 0x0, 0x20, 0x0, 0x3, 0x2, 0x0, 0x8})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
creat(&(0x7f0000000140)='./file0\x00', 0x8)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100626f6e6400000000180002801400"], 0x48}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000140), 0x400000000000330, 0x4000000)
socket$nl_generic(0x10, 0x3, 0x10)
close(r6)

56.733104004s ago: executing program 1 (id=4763):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000600)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000003340)=0x9, 0x4)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000300), 0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000100)={0x0, 0x1, 0x16, 0x0, 0x8}, 0xc)
ioctl$SIOCGETMIFCNT_IN6(0xffffffffffffffff, 0x89e0, &(0x7f0000000240)={0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
read$sequencer(r4, &(0x7f0000000040)=""/151, 0x97)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x80000001, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x4c, &(0x7f0000000300), 0x4)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB='\x00'/21], 0x78)
r5 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_G_TUNER(r5, 0xc054561d, &(0x7f00000000c0)={0x6, "13f20a6684154bc7ec29052b9ec48e707a4f251dd900", 0x0, 0x20, 0x0, 0x3, 0x2, 0x0, 0x8})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
creat(&(0x7f0000000140)='./file0\x00', 0x8)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100626f6e6400000000180002801400"], 0x48}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000140), 0x400000000000330, 0x4000000)
socket$nl_generic(0x10, 0x3, 0x10)
close(r6)

54.96682832s ago: executing program 1 (id=4799):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="340000001400010000000000000000000a000000", @ANYRES32=r2, @ANYBLOB="14000100ff010000000000000000000000000001080008000204"], 0x34}}, 0x0)

54.687700829s ago: executing program 1 (id=4800):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0xd1, &(0x7f0000001540)=0xffffff51, 0x4)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
shmget(0x2, 0x4000, 0x100, &(0x7f0000ff9000/0x4000)=nil)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x106}}, 0x20)
socketpair(0x2a, 0x2, 0x1, &(0x7f0000000080))
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={0x2, 0x3, 0x0, 0x2, 0xf, 0x0, 0x0, 0x0, [@sadb_key={0x1, 0x8}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}]}, 0x78}, 0x1, 0x7}, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0xfffc, 0x40000000, @mcast1, 0x9}, {0xa, 0x0, 0x0, @loopback}, r5, 0x27}}, 0x48)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @ib_path={0x0, r5}}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000011c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2d0, 0x140, 0x5c, 0x160, 0x0, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@uncond, 0x5002, 0xa8, 0xf0, 0x52020000, {0x0, 0x6802000000000000}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x7fff, 0x9, 0x7, 'syz0\x00', {0x719}}}}, {{@ipv6={@private0, @private2, [0xff, 0x0, 0xffffff00, 0xff], [0xff, 0xffffff00, 0xffffff00, 0xffffff00], 'tunl0\x00', 'pimreg0\x00', {0xff}, {0xff}, 0x33, 0x4, 0x9456fff08070a538, 0x70}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x82b, 0x0, 0x0, 'syz0\x00', 'syz0\x00', {0x8000800000000000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x8, 0x0, 0x0, 0x0, 0x4}, 0x94)
remap_file_pages(&(0x7f000049f000/0x2000)=nil, 0x2000, 0xe, 0x7, 0x1000)
madvise(&(0x7f0000570000/0x4000)=nil, 0x4000, 0x9)
syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0)

53.380532631s ago: executing program 1 (id=4802):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x1ff, 0x1a1301)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0x4b5a9da54893e123, 0x3, 0x40, 0x2}, 0xff15, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0}) (fail_nth: 9)

37.878883429s ago: executing program 34 (id=4802):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x1ff, 0x1a1301)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0x4b5a9da54893e123, 0x3, 0x40, 0x2}, 0xff15, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0}) (fail_nth: 9)

12.971881735s ago: executing program 5 (id=4930):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000140), 0x4, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5})
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/185)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="ad76b6c5", 0x4)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000004c00)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="a98618", 0x3}], 0x1, &(0x7f00000004c0)=[@iv={0x18}], 0x18, 0x4012}], 0x1, 0x0)
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6c}}, 0x40000)
read$alg(r2, &(0x7f0000000180)=""/156, 0x9c)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_netdev_private(r3, 0x8946, &(0x7f0000000140)="a6cc04e2d8f1c38afbf14b29b86e3a")

12.20768501s ago: executing program 2 (id=4934):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x3, 0x180)
r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pread64(r1, &(0x7f0000000300)=""/94, 0x5e, 0x81ffffffffffffc)
ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f0000000080)={0x10, 0x8, [0x5, 0xa5, 0x7fffffff, 0x1], &(0x7f0000000040)=[0x0]})
socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x101800, 0x0)
socket$netlink(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x80)
ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0286405, &(0x7f0000000380)={0x7, 0xe3d5, {<r5=>0xffffffffffffffff}, {0xee01}, 0x4, 0x800})
sched_setattr(r5, &(0x7f00000003c0)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0xb, 0x8, 0x3}, 0x0)
socket$kcm(0x2d, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x12)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r6, 0xffffffffffffffff, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
clock_gettime(0xfffffffffffffffb, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
syz_usb_connect(0x2, 0x239, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000"], 0x0)
ioctl$KDSKBSENT(r2, 0x4b49, &(0x7f0000000100)={0x7, "154eafee84cd0bb63024cf8db2fa892f31677b65cc7008aa2aad37ff339b18ec4893f1bb8a952c3e81f7a8da412b7574451f457598903096dd0c685fc7efb0ca51f67cf055d33b232db1e45a2f8dd183eb07161107283bc5568dace9355fd8a5a838296f79977be944857a961b0d821b61349d7422674c5d071afd753abfed7b9be656e0d2e51e6ee7ef8c2f6cd04e4836d389da864882e4ae46bfe65a0bddcd96b25bb4b7d725ec1fe92bda36f69308ad018c9a7dc0926dbb5b43e4f4e21cea2492a1f10d0129a7d6a10d635922792683831e20ef5cd5ab0e5f8171859f60c0f132d887215093baf364d416dbfc07be8d9dbb7de95f773eb14d8104299ba6b12e404a013c5fdb8b2d3e478bb8feea34fb561a6dea3101d70820e32459d6e8b1a89ef8b8713192c3b7edef032e456ff366b41f6deb5ab59f1718f33abebf9e4145189671dc251f949f2389db9f663c01c4e88a64c1c0c293a7bdacfd02b3ad6949317cfbc4877fedc709436c1c715db3439dacb469509b9b61643af2e09582412ef9dac15b6c60961b0c417d130facaed3a17bc043722d230ba876bf172426deb07313041747aac5c3c7ff1683ada0dbdc2f7ad7bcf53f6a477c11ab414c48069a4f6058016f00d90f8cd1f8d9773834e69c1628b002ae4c8155c21d30c720167592956ebb819f87cbb03574dbe096cb457a1203610365aba6c23687a2bdba65"})
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, &(0x7f0000000d40)=@echo=0xffffff92)

11.191438764s ago: executing program 5 (id=4937):
syz_usb_connect(0x2, 0x64, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003834a6b2099040d10a2840102030109025200010c2440070904b800018c8c02010a24010400000201020924030203030201a60d2408010700bc5affd3dc187508240806050005f9072408020600030924030605030303070905032b3b"], &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0})
r0 = socket$kcm(0x2b, 0x1, 0x0)
listen(r0, 0x6)
setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x24)
close(r0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000380)={{0x0, 0x400, 0x4b, 0x9}, 'syz0\x00', 0x11})
ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0xfffffffffffffffe, 0x2)
r3 = dup3(r2, r1, 0x80000)
ioctl$PPPIOCSMRU1(r3, 0x40047452, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r3)
syz_usb_connect$cdc_ncm(0x2, 0xa8, &(0x7f00000000c0)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x30, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x96, 0x2, 0x1, 0x0, 0xe0, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, "e7"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x2, 0xb, 0x8, 0xff}, {0x6, 0x24, 0x1a, 0x3, 0x6}, [@country_functional={0xa, 0x24, 0x7, 0x5, 0x2, [0x401, 0x9]}, @mdlm={0x15, 0x24, 0x12, 0x1}, @mdlm={0x15, 0x24, 0x12, 0x3}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x3}]}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x81, 0x2, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x0, 0xb, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x2, 0x8, 0x45}}}}}}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x310, 0xf2, 0x5, 0x7f, 0xff, 0x4}, 0x33, &(0x7f00000001c0)={0x5, 0xf, 0x33, 0x3, [@wireless={0xb, 0x10, 0x1, 0x4, 0x55, 0x80, 0x4d, 0xfff, 0x7}, @ssp_cap={0x1c, 0x10, 0xa, 0x5, 0x4, 0x9, 0xf000, 0x8, [0xff0f, 0xf, 0x1f5310f606c2c518, 0xa000]}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x9, 0x0, 0x6}]}, 0x4, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x827}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x423}}, {0xfb, &(0x7f0000000280)=@string={0xfb, 0x3, "8ae1faf37910b29aa72c9aee8986f0f2a0ab245349a71a411d986660ddb4a8026df0cd69f9442b35bc4dd5588459fa5ce391092cc8b81b224cd1b052cb9d1159526b5bfdeb28db92e413a12f866f6e4502f44bd503ba1a83abe147d95c8048e54ab90d47c1563cceaea46867b7c3e33127f173a44f3866b3c61e0ffb2c72f0ffc48f2e8633b4bf08c5190e4f0239bd82186eb37984b084cbe6a11ba2f343737ef2bfe3b9928962ddf5924e9f2f895cf4cfbf318b88f1ed832afa42d00ecc5afe5567dfe350c2e10b4c8108d7f26052f25f8b3a611919b3a69bd8d4ecb3250357f20cefb36feea84d4e39a433e383a3e3e06d7a6dfe5275ab35"}}, {0x5a, &(0x7f0000000380)=@string={0x5a, 0x3, "66e89e86313b28257897b58d48079a825bfe4844342ea3ad13d2bcbc36bda97fcbe4aef9326aeb94180805bf97acb4ecd8bd7e8276049cf33b2c46bbb52dc423641622e49ae3941ce7c4baa1ee4e25ae9b5331131a889246"}}]})

9.563650553s ago: executing program 5 (id=4941):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_opts(r0, 0x0, 0x4, 0x0, &(0x7f0000000500))
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="817bb97cdac2f8f819447aa4a50c293af36b43cab2641b7753df26944b52221c709e64", 0x23}], 0x1}, 0x24040050)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={@empty, @empty, @mcast1, 0x100001, 0x6, 0x0, 0x100, 0x10003, 0x180107})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"])
r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000300)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb0800450000300000000000019078ac1e0001ac1414aa033f2500000000680000000100007f0000017f000001", @ANYRESDEC=0x0, @ANYRESHEX], 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x10000, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000000a05000000000000000000010000000900010073797a30000000000c000440000000000000000340000000160a01000000000000000000010000000900010073797a30000000000900020073797a300000000014000380080001400000000008000240000000003c010000160a0101000b000000000000010000060900020073797a30000000000900010073797a3000000000040003800c010380080002"], 0x1d0}}, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0xffffffffffffffff, 0x4002004c4, 0x1000, 0x0, 0x1ffffffffc, 0x0, 0x5, 0x0, 0x9, 0x0, 0x9], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
bind$alg(r1, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58)
close(r1)

9.320494247s ago: executing program 7 (id=4942):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRESHEX=0x0], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005, 0x108}, 0x50)
r1 = syz_open_dev$vim2m(&(0x7f0000000680), 0x7ff, 0x2)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r2, &(0x7f0000002080)={0xfc, {"a2e3ada0ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f38336e030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b2f38f0106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f330000000000000003d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9870af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xa75}}, 0x1006)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0xf0f007, 0x1000})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x0}, 0x0)
socket$packet(0x11, 0x2, 0x300)
r3 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGUCODE(r3, 0xc018480d, &(0x7f00000011c0)={0x3, 0x100, 0x8, 0x5, 0x590f, 0x2})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r5, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)={0x34, r4, 0x801, 0x0, 0x3, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "7ee5d50bfd"}]}]}, 0x34}}, 0x20000000)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r7, 0x84, 0x81, &(0x7f0000000080)=""/4096, &(0x7f0000001200)=0x1000)
syz_usb_connect(0x0, 0x25c, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e9b7e3405e04bf02069e0000d4e909024a02010000200009046d05083500dd1f4ec695b44f355e7aa17ad45a92736bf78b9582061dd9238b58"], 0x0)

9.068532052s ago: executing program 2 (id=4944):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000005c0)={0x44, &(0x7f0000000e40)={0x40, 0x9, 0xc, "00004700000040f400bec073"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000a40)={0x44, &(0x7f0000000840)={0x20, 0xe, 0x28, "f4aacec3362af1dd528df8fecdc4a32736c4c123e97d09406b8983621cf5091465fa0160441ce727"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000380)={0x34, &(0x7f0000000140)={0x40, 0x6, 0x4, "10d4bdb3"}, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0x40000000})
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/rt_cache\x00')
r4 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x1)
fchdir(r5)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101442, 0xcd)
connect$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0x2711}, 0x10)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f00000000c0)=0x20)
r7 = socket$unix(0x1, 0x1, 0x0)
socket$unix(0x1, 0x2, 0x0)
r8 = socket$kcm(0x2b, 0x1, 0x0)
close(r8)
r9 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0)
syz_usb_control_io$lan78xx(r0, &(0x7f0000000400)={0x14, &(0x7f0000000200)={0x0, 0x23, 0x99, {0x4c, 0x23, "beaba82afd8de24fd8420b9bdfd06669afdf9fb787d63902b1b4353d26911a3f445f3d69633b05f3c7c7653dce067fc36f6a75fa1bac347c2b1a174124decda7cfb582f1475064969884"}}, &(0x7f0000000100)=ANY=[@ANYRES64=r2]}, &(0x7f00000002c0)={0x34, &(0x7f00000006c0)={0x0, 0x9, 0x6b, "36f577622b1195b2e0fec75df806c7d53251ad80dcd05f014be33c0401fe583efd3671ffbef34632eede58930200090000000000ac585526f03e6a38755a45fc95cf3ebd0200bd9493de7a6d92b13fe04ca33a697aa7f0c560e4f4b9221be3a1a19f8a21ba2ca4bb05b026"}, &(0x7f0000000480)={0x0, 0xa, 0x1, 0xf}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000500)={0xc0, 0xa1, 0x4, 0xfffffffd}, &(0x7f0000000540)={0x40, 0xa0, 0x4, 0x8d24}, &(0x7f0000000580)={0xc0, 0xa2, 0x2f, "4f286f0c228c1d71935989d63fced63520323f50f94e493e96431002893cde3a4e09c5246d48e34b58f13d1a8e2648"}})
close(r8)
listen(r6, 0x4)
connect$unix(r7, 0x0, 0x0)
ioctl$sock_TIOCINQ(r7, 0x541b, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ec0)={0x1c, 0xb, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x4800)

8.587367248s ago: executing program 4 (id=4949):
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x499, 0x0, &(0x7f0000000100), 0x0)
io_uring_enter(r3, 0x3516, 0x0, 0x4, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, 0x0, 0x800)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, 0x0}, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000"], 0xb0)
ioctl$SNDCTL_DSP_GETBLKSIZE(r0, 0xc0045004, 0x0)
r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r7, 0xc1105518, &(0x7f0000000c40)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x600000000000000, 0x7, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000, 0x0, 0xfff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000005, 0x7ff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x3, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x80, 0x8, 0x2000000, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x2, 0x8b1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x580, 0x100000000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, 0xfffffffc, 0x7, 0x4]})
socket$kcm(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0)
syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100, 0x2, 0x4, 0x0, r8}, 0x0, 0x0)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)

8.108763724s ago: executing program 5 (id=4950):
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_SEQ_PANIC(0xffffffffffffffff, 0x5111)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c)
r3 = fcntl$dupfd(r2, 0x406, r2)
write$cgroup_pid(r3, &(0x7f0000000240), 0xfdef)
ioctl$IMCLEAR_L2(r3, 0x80044946, &(0x7f0000000180)=0x3)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000000)={0x2b, 0x40, 0xff, "24af68705859060a889d42396caf59545ec55e29659102f45df2eec18822b907886f57173f0dfcf1f3c47d"})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'macvlan0\x00', <r6=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r6})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000d0f40000000000000000"], 0x48)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000240)="8f0978d21b640fc79ca50000c0fe470f06430f01c2440f20c0ac0a0000e39d9d0f22c066460f38809bf77f00000f214a0fc73d0d0000003e653666400fc7775f400f01c4", 0x44}], 0x1, 0x10, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

7.167761655s ago: executing program 5 (id=4951):
r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000001280)="b7f2288a9119", 0x6)
r7 = accept$alg(r6, 0x0, 0x0)
sendmmsg$alg(r7, &(0x7f0000001900)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000000c0)="5bdbd57a0e656889964df9937f561de9b944d1e381fed329742e239cb13cf2af711d48d2f15b3118abd8fd087f117830209a631f9dfbec5cbbbb2216a2d87dfb0d7dd906c594125a10053c8e288ac4445ff0e999d423cc250e31e8650d248e49ba5fb3be8db01db38acf5a4455630ecb10f753530ada6598a1ff4805370a5cebf05e199368871b2751c242633419d13a6b05a390d21ab1d44be1254385b3d882c646f9762bf3480e05e98c9cc655adb7caa279e66709794e3b93cda0b9a14794e6d020cc68ea70e71a083e1a2b375591203ce218e8d244cf32f5dd7af0ee1ed032d3b59e4d57136639d68b7577553393a9", 0xf1}, {&(0x7f0000000000)="ef7791000dc7777cb951ca638ea0e1b5d280548c882aa59a68cd17c0e7f23d6d56a03be6caa272b3505e304463179c4d7768d9c3e5c21f3a9963ffde6682e5ecfe30b771e51c8d", 0x47}], 0x2, 0x0, 0x0, 0x2}], 0x1, 0x0)
recvmmsg(r7, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000440)=""/247, 0xf7}], 0x2}, 0x7fff}], 0x1, 0x2101, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x4f, 0x0, 0x0)
openat$thread_pidfd(0xffffffffffffff9c, 0x0, 0x400, 0x0)
syz_open_dev$vim2m(&(0x7f0000000300), 0xd37, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
unlinkat(r8, &(0x7f0000000040)='./file0\x00', 0x0)
ioctl$EVIOCGSND(r8, 0x8040451a, &(0x7f00000000c0)=""/120)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000900)={&(0x7f0000003000), 0x0, 0x3}, 0x1)
close(r0)
fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x2c00)

6.727673626s ago: executing program 4 (id=4952):
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
syz_usb_connect$uac1(0x2, 0xa2, &(0x7f00000000c0)=ANY=[@ANYBLOB="12011001000000406b1d010140000102030109029000000001020c2402060602040c0032a304090401000001020000090401010101020000072401200404000c2402010201400f0a3b4725090501090000f7090607250183020c00090402000001030000090402010101020000050054b57f1cd27cba"], 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/sockcreate\x00')
writev(r0, &(0x7f0000000100)=[{0x0}, {&(0x7f0000000240)="da44a5cc8c315c", 0x7}], 0x2)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0)
r2 = socket$inet(0x2, 0x5, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x7d, &(0x7f0000000000)=@assoc_value, &(0x7f0000000140)=0x8)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x60800, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_buf(r4, 0x0, 0x10, &(0x7f00000006c0)="170000000200020000ffbe8c5ee17688a2003c000303000afdff0230040000d90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac2dfc061f15003901dee2ffffffffe9000000000000000062068f5ee50ce5af9b1c568302ffff02ff0331dd3bab0840024f0298e9e90539062a80e605007f71174ab498a30b3e5a1b47b63a6323ded2aa084cd36276a3afff01", 0xb9)
close_range(r3, 0xffffffffffffffff, 0x0)

6.707744809s ago: executing program 6 (id=4953):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0x20801, &(0x7f0000000500)=ANY=[])
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r1, 0x0, 0x1, 0x0, 0x12)
removexattr(&(0x7f0000000300)='./file0\x00', &(0x7f0000000600)=@known='user.incfs.size\x00')
syz_fuse_handle_req(r0, &(0x7f0000004140)="a1af56567af19ce4706948d30f35abf6494690656d554e6190797369db23a30bf328aa47a2e54509379ba2e477e6e0461d2e45920d509fa49de04732cd2f4a4e34d73eb464d09605a698ad2219a2175ebcc560f740fe531ba46ded4232d273d1865282844f5a3b54d7f154c21a8a82228e27b2c1af662a92e53d81cae3ea68707ce43f89c3321797039a0a39e24b83035dbfb1ac9668b5f87c4ae50250e92c8b113ed58f60015d9c1990253e6646c02901b08a2ec0acceb7ac1e28f59b1e22663432bd5435083b604934bda5f4897467677ac5609bb6e1d1f938a1a8238d2df6db69fcffa48a08ef9231830ceb045a999a9ba43b4d605ce7bb4736ee8bdaac3399576ad3d434c12f1ae8fc5e06dbbfac985d7105c3b7f431854465b6f732e1397e4647e88e86b0a3b01c1ef689a4bd3963deb3b06190576c690ab257b9845b4d412f248184e124b5228f4236d020d4b80ff0772d9515685918c41cad06498a6833d591c191916067759bfeceec176d582621bf23b8d827e2c8977822d64ca19c168fa8a4ea90a60ed60854342e7c42ce11f414dcff1fff715d10ed263d305e5c563ee13a1527795b012e01b8442026032a761cf5104f00dc28a761596d8393e3750be1a8788fa7152a3cd8e051a963120417af9bd3e659bbaac6406a70ba347641aeffac9436fc2352bf7822dabd7a4911a5b947f9c07f805e67ec8c7d787ff358b426494b87aaac46c2d4061ccf3d19201d8d099dddf2b257cacbba656cb7626b0d3fa11881e99799b92f0a07813eac359a64a61a03d6527a24a4fee8e6cbd74932adba5ad3a865788e874b796cc8555522b19f76676646f21f31fad8c360982ce2b23fd4aec43bff16e0f3f1e1e804daf28f236081d0686108fde25f7e6a7bef08b793beca5b21b5f4893543ef1e3a216378cb76a54fa879ad9624a60a0b3306c8548e1a22b735213969421dc9ef70338bb780ad55adfb6b4f4ca3d8ce7c697ce3f0a6210a27cc900ea2218c52ac06bbcbb91adff643f1a3b93db67d7902f23eb89ab2f892970551127b39e7bb9f37c62adb8abed20c8c84531d143c6be2b8b05766e248a94aae400b36a3399ba174ffe14ffd354f508ce30ea991f57018a3534e0eac9cb49d0e6085f93b367d817ee83b24c11f9d38044a9739f4fd41b6a8129fda808bb930beba6223dfe154b23d7c39ac4fb6656169275c31e15d37d3d96b0aaa13637f1c28178f5fc4ebbe1af6acc985c783a30dffde8d7eb0c8863e3481caf2606a4b6930c234736404d4eeefdda697193f57d332540a423831db671d7d3e8e15ef3d6a26b83a5053bdc2f0b378c6b39ad0b8b9c7bd5c4bf81018ce15d0b344772f6c6f469e40c9848cbcb1b3ccb721b4b1f895a6e034380d882bd30a20f1c2b8ae138e6728306e16f6093774d21b798cd73a16bc577be751deb434ef019dd454fa3ce3cc3b2634ea4957548bf226d0b24bce757382c639dae891e55dcb24ffc9dc2c08acfafabd4565dbcad34e1a8e781c56e9144f0e85a5cf6c79a5d1a8b3479cdc178215f05081eebdc03607798c66fd043824756e896c2b69fe5e843e0eb26c86a37a8944e93a7f3b2a863136d56579d0377f9424cf00dd6da7b19066f990ce05e1b93479f125cbcc5c91aea56ef04950164079f5e22ebfd77d54676b2de392ab20298876bce1ae9941ae109d7088edb29d02539aec8f276b862bb28fa6a68bb1a0bda1b0ec6e5891e93777d9b126d6add7eb36a7f75c435618d368c04156f8a116d0c843ad04842d7b7c84cd87e75fb81ec16ef184fd3119c16c950b84bca9a12a86f0e333d9fe34622f5a51e9772dc8b94c491e16db0c537e211b01c9f13f9e7a7b2f4d8053baded5d6018561b547562efbeab2946f3ef872d0256196c75fd7f520da7aea0f63a278052925c6c88307bed0336c5632ca98086e7712af309f99a6adb3ec4417eaa9aefe3fd43c4402bc13868832d6dfaa97de7ed43fe3711917de97058d60067d5eeb90ecb428182d07092c516e6eef6781756e308926faa9796dd1a29dd4c3827115fa8e14bbe449f4144785b9581a198273adb8bab0d4080adbb592b25fd74d426233f537562a4a98b07f4b2060b4f496c66a0169391b713fdd991fa90cfc313245f57900d980adcbd46ada0a7bdfdfec4bf8ba12e37724c9dfd7fbbe4541bf21cc393249a555746268e7e33bdb43f2cd4932e39fc818e49d0e588d12a3a297be074ad83db57be9d4455ab0685b087e8ee9f5c7c33e10c9d6be572b58c88b79756c45eb9eed6d0275944d9cc1cbc8c498917aa2fd79c00567d4f9f768579f891e23fa9548c5fbff150d2873ecc72da8d0077a223f9d18700b690d8046783bba756a2c9863b7ffc7022b2da68a332f72f704bc38a0fcc4f445891f1ca1ef5dad28b87ce8bdef23ffe29ee23f2c0a002c80cf99399dc7276aec6f9d8b6ff3d7554409a4e38d2029a43f8a70da62b33c44f5f4f299eec825302c52e5f83d462b81512775107059826c8880578f01d8cb53af86ad61a7e36c2ccdf55ce197ec2a78219a5b952a9bd12ac2cc3271e84e6dad464c7ec9d9f0310614200a98cfa933d5db05c00c95c59fc5bb8844ff856ee7f9b091700b1a93ae1c00a40d9e5e6ce036f90a6dc34faa9dc8e8972c49b055f9a43ae10251705a960f2cfc8430cf9bcafc26c8eccc8b75a788beb41d180d4364f3083f3ffb5e39049979903c76f440810b7ea608ff84f5e56f9e0653bf15b6b6332d458f8d2e2b17d7bd2305a8909996d2ebfc2ee2ff697fccb215bd8c73d4b9f5b597308f98ed8fbda58f52cf8443f5a9db7f0f6e75e1c9e47d73f8d0624e9e6f33c2dee3c6ff394082d78ffd3a68309b3085e1a7c106f62c3959a353672cadadf6c058fe366b03fcd95a23f564c55a3ce9a914c11c8b2d6040147a1539b106adecce531646fea4db06775fe5d1bf9cb0107941b620043ac9b7936b2af9849eca9c46062945b137dfa355a7ee0c81a0193fa60a70e59b407af06a7f181a3e4ccc81f2c580a6c6cf67a8bf93eb8ff2151b7074144bf7c5cff97814e0c00c138d984559ac8b95a45a4497174130bbb0db22fa53187db1d923d9ded441a4d2fcbe0ff5736ecc3d94bfbb2df632ac88a02f2c9f73312e7a9c2d8d6c0bbfc774595e2e63669f2b5bbf6ee6a1ab0c25e313d819b02c785494eda4cace033e96b1ecc5b155a14e0c8d51d54d8bf33e499d0913d9605a419bc6c73c6bb07d1a306adb27dfedbe81a386fb3bb659764442c4d9d66673a916ee5a6ae59abc994fff64f2db0c83e2b18944f619cfdea0ea0911064ab690b2e03670a3e3667651c1980d0491a40312307e4534671c9c8ca8712506eff211577783c81dc05ffae4a9c6d7554f9fec07b25451c70e6f4d4b160544b66d66dd88ef1c77f09133db317c39fca05b68ef3eee3c28cbe31982adb0693fe9699d06654150346915ccdb17c69ea3aa8bb36b5f321060f6237dec73a011b233b81a6337bd77da5da753593fe30282456a0da2c4a18911ab5a8af13c8f623e5684f74f322ba103482d9abec31a684707671759ac8bb2592d66350745f77f18bd6a6cba542644f1fdf0dca14a08f4ffd1365969ee896cb39e845f71590eb4c73cc624cdcfbdea2352ad5173e5e919fcb98f6d960341047d181075ec8b1e92f40ecd5a1bf157925329748cc7af0239a7803a0c947479e070b026baf6738c29c9a8351685abd43775726ec0bfeff4d51fd3fcb04b108de286c5f61a82ef496e20133ef8b4ae243e81b20822ea6285c70bf1a33cb9f4ceeec053f60992c0023bd5acb0d4a9a55ef377f2837784ada634070a85b0a42fabf288130d6b74ca23473fbce932bedb44cd51dae78efd058dde5d7eb4aadfe3dd8346420567e745ced5189db6df22edbc66580a236f6ab148a3efd69bdea3dac7cffb47df44dbef7fcb436902bb30d65d65d5320c3b76ac17f43d27b2deda8692ba03ac2ae60e4ed2a9232c71a98b9869259a410b901f38cd6712f69f2dc3f92b7c5909f3595e99c9fc77d4d33f9a0e57d5f121e2de782b22cf7fb9bf22fc6afde5e42876ff8005f8a042bb5a9b67d60f40a7ad1cd73810a4f704f14823d4074e5a32b028c8360432b8aff539705961fee84d6c60b2b4d2efad60fb20c1da653869349b81e6c3d56c96ce56a833ee9a2b3e92a4b96c5a545910406751b4e7da24a328de0e20042d1ecc3bf7fd97071bb2740f497307501d90fa9c8e5cd63a703096955f4934d9140ad295cae59232cf005574d875e098637ecb757305a51d102ae5323b23a61c1a1b888c5974a243e42bfc391114ba5ba28e2375cf1d6d1a63e6bd5cf9aff9af16bdc927f642151597fe6d18ab008426f25054ee8e39136e2c217ad1f4cbfccdaf9a0cbd97edef5fef9b2ec486a4b21d79021103deec2ceb26c0b0035856ea2370aa3a8de925797722aeeee2d504184988f9f8727915c389f043c3de2b0d8e3046c46b33cb1615f291f272ade0029cad1f1d2e723e62cf739b667b005de14c3ed265e3bc2d553bb232f88b92a8284996c50e141608623ca7677a9cefb85fb0e0e77e23b9767dd65fbc119a15969ecd10f8033d9f37a748a895fd39390563f5f7998bb10eda8610855eaeb2499d8234975edb16c438069e8701bec0a86ae108a19b9f54782648af4b7b04a1d7b6b3a853c24f2393120918d1eed7b40f467c88857ee9cddf5f01db495f3138984387adfe3cf51a47dca021f9f31b44af1d12e7c9f4c768f2a46d5c012a937985f56436ae15528ae3597590c927be9676a4ca80a19d44457b06991c02488c96e31094cd963b64e8623fc7000009ddb29b0dbb13671c321d24e322a05cf215dd04eabc2cc6fdaed762d3f9da0f1e0e4b7ba13a6036771c9403457dfddecb71579de33c597860a2e49d7b5052a6b018ddb409a7a84f8f6651d070a4c913b7a721490c8f97c085de8315019952deae16434a3e5fd5d242b1b333d8a801aaa67e4aa599b818c8e747ecac2e9c6176bec7e34ecb84450903f5aa6c6c6bf539b240506562d73c5dfbacdfbcc9db3089701f2c7fe6d6b8d6728f8a1b90a911338463e6fd824ecda51578865b3c363b4b79f6c698e27760c1090f8ae52d6fd3f0f9488f1c25feab4b48c03ddcf74a8b6d2b0fc6b5a89b8051c99edee357fcb875f523f7a88a5f25222fc0ba159873b47fe906e88f920943e453048cdea455dd98fe77f55d9c92e205b87120ac5ef791cd7d6ce7d2cfe689db61096c6e4fc359c9aa4dd3d1205358da38882073ef7268239f7c74b0f3cd60ca239b2fcdc3f5c774559ffbb2b821f1314987d8cbe5342db9567a864d569abfde85f1124e2b178be4d020c4244ddb0cf4ef7124f295a81b9c10227ea886e6f6ea2dca031a026a4f946f49598b76141a0b18170bb3cfa9136c49c69d71732aa223db1e65553aa03bec9b0a35c31eb4e6b0dab02ec2c2d851a731be9cec6078456631c68761e14dbc9afa2c3f631a160ebf9d1fd3c2ecccf6d4aebaf0fafe2e9f47ea9d386425a7950671cde77c6951ef43a1ed32f0ed6fcda74ca9333d2513e4a40cfca01a17bfbc13b0229e2b16400880d96e4c687fc54ed0b34326126f845bd7cd2063c51abbf8bb61f6f1dc3606959f2dececc6e3e08d808841c4779ca0f5f51e7e03260d0b75b1b0355f8544c1639b2f0bfd6f95c4f6d151073a086ecc890d6366acbcee869020cf347e700a8361bd8d5c53e6480526aaf31c9c655eae11831184746a709387e60d68c062e5e05e578d11687f6a5411ffac4cfd62331f63a9726ae77c5799bcca05d6983c985cd23d025e3367ef8c7ee903de557322f38629628ee3076ac483f8257c6335a478412cad1d73b6fd43c37a62dd7a0ae7601f12b4478c3f2ee105a915ff2052d23a8b9af3ca59013f553006259d4cce52212862d22c08c29affa3520b33a6b68cf2b9f91d9258dc5052bf360977ba81a37701118f635379d852b6481843604c111bcfa4970afd5a0fa52824cb27ac9a77b7575e3e0cd043c29c5682a47fe94fd6c2c225b6d9939b99c18b5fb898c5f28e87a5b6a0bbeaa2c4725cf5494765d79a50d2417e84130bb37f540e8db7064e57935ec3c6f9caa2a9a1ced0f8c6eebcb9b688490b31f864dcd9b726628218b42f45aa82f2bcdf2c7532c9669ea7ffb6842451ac314a35cdb0855312448c24efd6583a582e15ad5e7f7b714f0ac703a24e2ee8769a868079af8660931ba325ea1c9b636ef7b13776204dd733c3bc69f11e026c382ac0fa5ce8413fb9f84408e4648a5e66b8592093a17a42cb105b616b8239d2031200eecb9beca6d411a71f072fd159eac0a4f4392a0cedb96248dad497b2379f3162254045ce276503093e5e7ab062b942cf6f2302a5ab9af1b3a315ec67faf84b70fdbdb39044a22cd7bd0f62ba66ce2257f3aa0f56d53c8157c4db3297087e25ec24696813430f386f5ad55bf6289f62e1492dc6ac3bb5047e933d54ec338cafb3bfae8336215611bc3e8a5cafaca7c70f580570518a675cc2075c7593e1d98ef02b74f06b041b6ed9b06e820d32b413de06235441a52346c3fd2e723816c7b481fbf564a525646ba62c615060b2f9fb0ff0f00c376c6dfcdb060aca7af2f07f6030a2ca324c8380c11f9c1182acdea2123c52f5a40b44909180a14037c760c4ecc10f20206445aa65cf835f09633491f608598f1fe5cb5175ddc48070fe0608335af27ded864f97dd52c235b7c4ece6bda153224b773c64235c1099054a55849cd1af7832abd1383e82f63715c9cc24543397bd56e34fd5d28e49021bb483617a3444fdcf8cdeb33bd8675334a897e17966fcbc1e5c5c5399bb6bf02a9bbfaa5f3c58d2efd007dcb1190af4ab4b71987ff7824bd9b9c6d6fb0b144c1fd462805aabf2c7fbb043ff22b496e41a4a81957892efe74d614d62d4b04bbf544fb03826e9baa2a84f32da4d1154c1d0fbdcc17f24a49633761d2b5962e618d8a9be2bf373cdc9c45ecff0148f355075fde5ad5e8da5d59498eb2b7f77a4c0622edd29d7dfedd748b750d0b48057fa7b8ff575714a408a926f6e0cad081eb24780fdbb116fb8dfefb2006f765ff95fe4def6b83fa97b3f54204a0c00cf71c4a1efeface1198a94610570816d08c19af76b03afa42f722abbfebb2c99a905300918dbcd131fce84632bf4f7f5dabd1b5b05742755b45e50eb89ee278e0f6f1a8ad3d9f907b9accbe4845f6591f8361b52e4dd8f19823efd7e89c2ba80c70671eea397e1953daa12907ce59d940a6dcfb3eef7ba7405bb489c38319ac4fee62dec986f4f0975dc1b9f576ebdbca90c42e7f3b1928154af66de5e54b16d8b6541f55daa90812ea7dab78a87d969e4bf95c47f70ce84f9e41e542bbb91f77105c8314e8bd5d8d37e11d9af07c5dcedfab1f21642bb30fb332f7c6bfe13cde2f28f104344777066afe5b0f6db14390f587e64417b0dab027cef4c5daedc75812a7452d45e57e8e274ad8cd8a10b2b9ce0f371809101e9340f2fa0a59501020e48f862572fef70b350938e00a921fb1c080e933eaad2d56daeed692e7d69d4b95a2d1a620da88247314bd73a20cc7a504427df77ba969b5adbf74321e982c2a1913b66a8687960c8fb71a850c1003c76fe1c3bbbc8eb142dfa01f5df52b72bde0c8884374f72eeb8038ad57beb6c732c511bd5847ae8d4b69e195f87b03379279936dda69e11cfda279f37e53a05cb787f118d66f62a87037981937d6083e47e31de6a2700cb7976c0dfcf972bdd458e561f13b3e30368c8bacb722611db7627ad4e00a34f69a5eb9edc7eae464b2422a4c38bed04c49b15fce25ccd22347720273127236d6e8178cb414d1b4dc36cabd19f713782bde48db7094577042083cf5d42224eaa69e0d70b57e6f1764a825909c48858cda13ab13ee203fd0d57291acf508f91f9bc428d4c9ea06a9df3c9ce183e0c101a4d52fd87866c2146219beb15e616ce239cb025ef3dfdb3a2568a833c88a66a580ca9d3f2b770647d5baa42a707351688dc0be3b15d2cead64792e9f9688ef95ea5274c08ee13c4a3797ce346dceeaf7d81a18181839ebeed412baf43ec1abb35b7930ed7a528f9a0bbccd1ea6eb525488c6731150afe791bf58e524de4cc62e174d134bf5d170132efdb2cbb42b882219de563cbe6280ce4cd8482699442b236d1bd54517c3ad25fb3d68a649920357d85f343f0b46ce4a78b1836b6ecb198f1f1686597206c09ad4534717402eefc0d5a90639f91b84d3de00e7d815059640ada64140687c3e404432c74e91907cdcf3e07e997eed9de114767829833920a9fa5bebf7d99fc4f461375f3426b136b680230c7aa135f0d2d72be7bdf8667a8cf0dd0bf5490e393b5a465d37b9ee0d659c8c0f96681b71a867978b3503a45dfe95e49b9d11b8ca953ab01ec1714ca9ca1e1ed5998e02934901dcac10a2553a94618db7d79c4a48741afe3bceaa994833595808f8080f6eafadd31caee252a7d115db962320be9503147d39adbd11b1cd4cf2cd4bf94d9036ea61b2d4791c6326af653847d2b6dd83f5df51eb9473ae0c305abe5f3896175d82a2b569bf100166004886dc58432cd678c0a4a152013b2646a68284567b898e6f3d38a9187b6d10075234b2e11b7c929b308bbcb82f4a8ceafc503f18536092f2965d13875060c926b5404ccf3bcfb1389688fb4bf57ff79201d8a00cbb54a12b3be4693b4a295284c90e7d0f08b632eb0411bbd01d51112afe5db173a8159dd38fe6e9804f6ae779479ffdc697ec572b0934704dfcc3e9b2bec95587285299d1d79192b2324e4eaf4de74df050170562c08e0a821f47745f63ecbbb767846ddcc331f459013ec90de697346f1e57345a51fd9d2233cb3591c406bc25ff5c098c331cd026aca7ac1fb1c35c3d3597c7deb89620a364044b30c77d5071bea5b196a0c380ad40370985713838b1c830130a5fc15c5501748a2c8369e77c3fd4ec2f5de572ee183f526359f28865d68eb87c21f8fcd4a09d76ee6d9ef31561d9c97ae3672500e342a798b04177f2c5896bd06b4c96a58aa839185ae44b838d763872bbf1e7b665848f1e186b5ab6cd4628f4725324981b0aff0b9af2f78883dc8433d2dc26c1766e0ec77c4eb63da1f859c09ace8889fd2c5ec7f7e11eeb547900dd9332b7b96ea6be35aea692e54c1cc3d1211bc843f8e8ce71abb88873e132fe214a7e7670fcac38516b6935b9e0a2eeb43a0aebd25676db551d8cff4fe0b6cecbd59701317022511a2d612864c09496c99af48e1cd066c5bae55b415ec08e99947ac94885ddf875d8f8af199aba32c0bfc27f6e19e57380618e7940481077edf6270ea3befce28a55c2a68a961142e959690ba294afd57c5530a5fbd5f60d791a3f06720947c74cec26a571a9f2e5cf98cccefba8beff72f2570f8a0e1a130c0e85d4fbb6a6f0b881af274c9eb063ef09176d43f8f18bdb35a0acb1c6305ba5563d1b6baff53b1251305de413052667c4cf9f94460bf348fb27ab5719ae44faf02dae55d8eab643040834b04aab15a197568e8ebd296638b01e5ea34e39ed47ffb58a47027d4b7d978028b7812a141df233065e93c20dc736af1cdcedcf7e766eab238b3b4d3df022f50b43973c47d1c80055e4fdf569e50fd382e840b76a6db6c06b1f0603a2234b9175c5e15a22855b57cd5257d9b5a456712f281f83e1c6c87f58be8166f8b2e85e9f54d24fe3b420d77a22745dfc7ebc89e21acf1c6649324f4c5bf53e188ce3216dbdec21a06fa9e61d830814697727305fb48c705c4d6c4bdfb874e43a8fb1423e2d2d6bdfe22a0d2b211d3beb86937c639c934cfe9a4b6c2853ff353829028854e8d7d75f29f01c4d7c297fe0236345ecce914b3be4907788a39c093c9f9e2c930a15563cc453d08123deadf853c83db0e3986d993e44e441a874411b7905708462e1ba42ea22521d7c57089a77b14b6dbe57f0ce69c7c4f1c0d53385655a8ed6294f113d33ad8867ac05e80403e6a8103d1574fab80f43a4a3af93a67678346d7b3b977a1381afb93990b1cc3aa73cc463f72bd898f647f3f5a3b342fb5e37140ddc499edda92ee624039ef3f802c9055e20b7d6e4f5a109cb4ca1bf84d37d1e78d45a10f45602b61216ea8969eba3a0075256faf8e577de835bf0b37311d16310645effca6751cf502a035d7ac7d1ca2c23547a739116efb586dfe2762ca4bf5ce5fc48913efb41a4a93fdb240f0895cdf306ddd13337d38a58402561dd663bbc675e1a378d4f770ba5e308c6ada84faf18ab2b387b0ac139a57dc534e278a1afecafcaed3746701cee14edcd3f35cc39c91ed5be8a178d2fcd97567e8ab661d573278062bfc3c83acbfcdeec7f08d3c1197ccf830c883eaaa01e2cc44e91cdc1c47c03797528a9dd63cde259b4b211b57af121b125fefb26c110da83bbc150e2663a22273cc855cb3c52d02fd92db59a7c876d1a18e66cd64708aa478f3f10e726210dbbe2fb1afedb2034a7d59ad774e73f97d7b4b121cc25b90dd4fb5179816174dc4650b2da366d11a519f4310972944625c839b01040c712c635d967269c6c07189b5b1b496403e35e9ef01ecf7e795c357ae08b4736d2c1bcbe556cc671ffa37677b740baebaeb1b74c922d1ac83cb3ab86735d07ebffe072ca08ebd56d0ae89d5535a63bee75810468b1560534ecdb4a16495f9a7f42164df055942e94011848c5dac783a69fbdcac9c477850320af0c10da48775434088c7d090202f927463123639dbc1d48a871e4f20f75563f6dba586db6d12e2e7f36e7da4915037fcddb4413336b423f6b888bcf297fb8d33493e9fc2e992afeb1b83aaeaf46f4aba9bb0aa2708272ce5b0c90ef9f6c366c20e90d0f87aeba828196acdc4306131c515319776dfab27de1e3a501cfc560bd3a1dd29e54b87de9a01d0351184ed5cc3323cef72fd423dfbb0ac90eeec5474432ec1e4c64d68605c378320c0e97a3d89a409b7d969d6e116c2ba861f57418d8eaac5bff85c416ec5224d92df53d8f272c7e02e832bd21ef4d6b4a9bd307f8c1756c3e6c155bb2ce5807311d60b2fb31357c89119af443af2d3a4d08fb6221aaeee97bfdae51ebf6c51f98300033ec513ad6996041441d474ccf3a2548a11b94527ebc2e24d7519b1ded645da3af62060a4ae19eddc3bf331c4c762d9672de22558c655ba05338d985da134230fef2d0639743bdb4695517dd9e3733827050617b3cc792d12b3280e0000b22ad5130b27f9a5e25b965028874db5b5efdf881043e1279187294bbc35865af7662b23b9adf614a9af41fe4d0c9cfe62106a2bb6d294d3ca554062b2c7a0299f82fd5eb6841fedf096753b1a63a6b4dcce3837ee36062055c9f52b3272f411709db86d59db530fd1ed9cc2138817c290a2777d1d54cf4b7b2f8737444b58334a1c26f63ffda10b749b5796fa61ce6f74fecef2c4766a05d0468c1d7056beb8fa9cf7d51d5115690bcb889f09dbe01b1c55ac860a00cc159f6683d33fdca16d815fab5bbf00", 0x2000, &(0x7f0000000440)={&(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x2000}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$sg(&(0x7f0000000140), 0x4, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_netdev_private(r2, 0x894a, &(0x7f0000000000)="8d557fd097c38f748ec33512ef3a")
ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
writev(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x18)
mkdir(&(0x7f0000000240)='./file0/../file0\x00', 0x4)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000380)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f0000000040), 0x12)
r7 = openat$cgroup_subtree(r4, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r7, &(0x7f00000002c0)=ANY=[@ANYBLOB="d40000000000000000"], 0x6)
r8 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfe, 0x7fffc}, 0xc)
close_range(r3, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca0000c441f96ec80fc4c60066400fe2def3ad46c7045300101000f00fc01ec422e10399c5c1202066410f6f15040000000000e1f563df", 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300))
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r9, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
gettid()

6.599751538s ago: executing program 6 (id=4954):
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f00000012c0)={0x2, {{0x2, 0x0, @multicast2}}, 0x0, 0x3, [{{0x2, 0x0, @empty}}, {{0x2, 0x0, @empty}}, {{0x2, 0x0, @multicast2}}]}, 0x210)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000100)=[{0x0, 0xff, 0x10, 0x4}]})
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
fsetxattr$security_ima(r2, &(0x7f0000000000), &(0x7f0000000040)=@md5={0x1, "15208b146b757243fe57f0e7a89a5f9e"}, 0x11, 0x7)
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000640)=ANY=[@ANYBLOB="0e000000002000000a004e2300000001ff020000000000000000000000000001010000000000000000000000000000000000000007000000000000000000000000000001000000000000000700000000000000000000000000000000db00000000000000015c37a5000000000000000000000000000000000000000000000000000000000100000050"], 0x90)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000)

6.503706202s ago: executing program 6 (id=4955):
socket$packet(0x11, 0x2, 0x300)
syz_emit_ethernet(0x1019, &(0x7f0000000340)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}, @local, @val={@val={0x88a8, 0x7, 0x1, 0x3}, {0x8100, 0x4, 0x0, 0x2}}, {@x25={0x805, {0x3, 0x7, 0xe6, "cb75be83de75708da04f0f13cc167e47882f00d9c117d8ab962adf672250ad3a236cfdce85d1a3b04e68548209a1808b7a1a3679686d9123957eff995f355e90fcd04fd240bd4ed2e7066dabfc466f7c1e2e3748a164ff4e668290073597883005cd6e43bebcfee3b5f5862920413a1522c878f945298e77177c402bbea8a13dce1e087f48690693f74ae179dd752e65918921ecdc27ba25c2af5f7e13db387dc90638e1985a12cbb5db548c4cf8ec5efbf6294bb6c30f28d21e448d7f9887383f44f177253262bd55ef80516c6900c062b56b394b56773a8515bca3518186a4f3a6ee814d8b694028877f1e0b67c33ece98e357c3b52e9c7e1031c898334b700244bb9a889acba0b32acff2c5095d5f70bb9d8a0f9ab582b01a77b25dc09a285a4b4eee49f527ba12d60071d271647c1542137ee968dcea8bbed7d83c180d543c6dad2e1b5ab00162acd83b5135e77f4bc2ec20d626395a1ec482ef5526eb794cde2cd0668c97b3caffa42d134a9548c9c335a327893ad7b3437de90907d999d611adbdd594d3d82c000cafcd8f0dbcbe3d79a01659fbe04038f3be5cfbafd2845fc0586b15b0158d09c2a58e9d7d102d7b5bcae1049cfb23aa02bf5ce579f3a10e57a4373aa1f80b98d7f13e67e1467ff6dce896b1ec1e5e241dfa9f617565feee41e3bdcc90431531312c7912e95d36ec750f006134c532fe1b9762718f02fdb261cf3ca1ec731b1ca582ea21be107678327a078b2952113f5becba041b9b70b78621d65c4f22ab8c7abae4d492c6f75e75b3e5fce72bdd2b28657148e48aa89ffc9f508411547fc4286f709a215a745793013bba730a5c0eaca4f2fdf6b2f40945cb9646b3d9aa2ed74f05d46e73a94cb8eee73f382edeaa66c67ec185b8b5c691ba74cb3a894008c5868a899354b40c8b152a66b868572b9a6be52c1f0a8d0e10ba5d642ce2e6ade3f004cb78ce01bba761bd6b6417971d11f83c16ce82dd9bbf1987e0e851f1a9d3220097fa9cbb19079ccdc6b2b8754bc49599e0a5b064887524519d44e4693f9dfa6fcec707ef20da1e0a78f253f374af4408b28fb2636fcd0e6a132ceaa1868a67904fd08bf827fe18924bcabe915fa9251a7159fe5568ef58ad69497f429291c855bac57e50dcf0d1774e96d538682fcc3b6a78856ce6dfc33f4e3c10b35c4a33cd3586b3228cf6c0557f209065b08dc1a2bc0a239e2ff21c9b075a27342b0171ad505d676d929454664cc864f322e13410a0fcc8bff83a02e40ff94b04df1b3938e23d9afac9457b2351b5c54717e1029f98ded0c1623ba66fdb681a152f66eba1ccab6acc792fe6e096be4ba7699d3916f045c4ad2d8c0eee541f2f163c4b2543d25f9846133fe7a3c1b79c946e93dd2ad931d1ad68d6dd31a19fdeb881fb9125a79d64eede288b7e4d7d851c5cfefaf61fa04b66af784634bb8d7f5db51a3ee286c2bc2dbe3aae12060f5094a445e74d0942719950cb35523344d5576951e88cfcb7d8f4325086099988a7a35f8c3129ca1fc36c92bfae9e0892ac066a95a9de24c8af72e2f6e02474146e0ecef4ada55c378466845b326241f23cad0a3377e260cc809bd1aafaa8c55a6b668f18bb75c9ebce1ef3b36ab1b66f74f16ddcc608a266f42734ac1ffecb3bd6762d448d811d6ce639f768950035a6358a7086519cc0f2522855637660e3e5c528c2d359e9977ea0741245c52c946f69797fb8a30d8563ef11661c744d2783fdd97d03c9e6c88a155ed7cdb4b2dd4af8a45af41d67be2de5dd387d0144e90af60953ede0bd44b12a72fe9885f0aa2f6433004d03c56eeea1070e1136b198d2259d6ead5755b109a058ecd8c18ffb5800f968c7457f48a6fd8aa1ec98fb04ebb9211bffeac831ad1c606a56a2234e7ef2e74159fbfff1d20ee347b1c926915b8521b6af9e5b6dd62b1f3ff060f4515eb6f5983684fc75e730ab649ced7e2c00849b57304ee83c5e22e88b295764f2449cfdf8586d753a483caa0fc52bb9488ba7dc213a17318128d2db06f8eb6e3bdcee33c16011c208d08e722fb7bd1420c50be51731290da6e491821a72ff7ebb0a1af12a3381a946feec320867ab11f5f9638b5bb3c9430a4e22e74c680084467287dcf5b63cab246285dea353f00668a3920f865d94b6458eef4718dfeddcad042025703e8eac69af7ea4a1e4781caff5d7cdd03963f30b339bcf931c008bd1c7e961e893f029b5494fb398d37b834797ed6e8c45f11fb0195366617e1d3a9ae2a43a1cad249166969bfa89f6d5efa1d49a4fe63b4f1ba03c38be5c8de585b410b93a3bf591241e2a03ea59ee026703a1f25a3a80848e3fe68081769aee20c20257eded40bd4aa0155354391133f1ec99e8fb8929823895feb4cf6abe64334bf4921172cb183bf9309ab5d1e71d6083aaeabd276f066efa8c3712cd6219ff065c7316198f138ada2780622c141bc5d92771aa09e5a94b95141cdfe6731862806aead16822bc6ba9ff7557936c67ccbf1de9b421823859180a9c7c46385325ac9d2e0296d7f954a997b645ab8f40d0c2722de2f9ca27252b0a2390e967110d8c186f56867346e957fa4502eb0869270ecea16764b27ab9b4caa827814c8559cd3f3c4863aaacb04d96f68ce462c3074491ecf728fd6b6843900899920ee6801f05079a9ce901be09424347d0933f7e57d9ad27e8924a432dbf83efc21b7dfec0039b5a217f00cc343c71226d0f96f30c7c2373ecd709eff8bc75bdabdc35816fdf8129558529730aa4e2fc8034e5f58fd01548c010268612254fdaa532db6ebe399f83f3ac6b7b552b389bafbae046ff8af8ca46677850e9fc100b8b83780d0975256902765ae493d1bf2ca5112d61ed28470c0b7f543d947cda7b4f7fdaa3a8ae50ab153345402aa67ccc34034d74ebb8834534c0e5a0393a19d1b7ab0dfbdadc6357157b746e23173c2cf795790606efa4cb0a4fb751377ae2916bec8cb09a96ab961da05e9e1c39a84b7a7252eefd604fc2a5f761f13e3cde0f6cd13e700b64b75c36b6aad418c134aa7d0b2a9576f6d3d8d400dd0cf2a511d764d11e1046413b96bbd9bc008c7c731bc33e9ec495ad7228a0139eb1e688a3d2a08b4a31d5b1b7402011696f8593b7feb380cbd6550a2e6765a4a0c9af43623e8966b99905480b513e523445b11510a8c8a899df10b194d903773bab62d6acaf359ddba2485778e50b04b218653c504a1dbf7565a6f271af9384afefe248a129ea094578557f39b9d724bb4e6e2f31ac636ddf5e4d926b781a1ba140cc61b9492e4e0253d05fce9cd4484abfc7b99d46e5d270e6224b866c3cbec6098340f722a00ff7fa70f1c10ceec7bb6050acd275fdd2b84ccd844acd1955fa76a8b9b5ef84cd97ff8b2b63e59a9e4c0a89f5828a9eaca200e33846b0265edbd5de3c511e118e18b7ade64d594c1ae9350737a7fddfcef92cdfe8a8a048369270ca35a3f46849976c03d1f5d5d34cc3eb47dc15873464938ec2c1a9df3e8b7aadff8d2c490d9900eadb5da4ca506663aa0bf38b33d1c9e51073b370f3e4899561053405d3c345a659e3ab0bb659044470e8d3f81abfcc90e81e6cca65bd14f3aad5dbfafb265340e544271cc634bcf8ba93c444215dcfffd4496bc8f9c9feaacd74bd09d7de3fdb9e97ec155f248697f76b05fc68040e9402dec92a15034c9833bcd8c429ca5edf7a5c47b588e397a259db426d9c34cd71e522b8fecc8b420550dd2a2822f5d77561fa1d2f60005f95241d2585eaf2d14183b70e7097a57f3f8545a3c63935aca77cdd468f5c2b9accffed1b6949b48b951fa652b158a9036c20afe9c812e96b7e93c28a7ec541a7d4afa973811e67bb3795cc52949bcc343e022826eb815873d59ef3791ee095e85f926e3438aa54382f77e1ae3578cb2e73554f1ccaef04f0d92b51ae492ccda08922de7850c912620a3b0755d3accaf8b52af88ba699a609fd6699d5adeb762783783d8cd9ad7cf12996ef738e816bd585a8fdf603cd881669041d54bd064cfe435be38466d17f781eec4f2cc519d75f31facd18b43206e0b1dd5a56af3519b665fd700c22e2e83fc3866ccdf6480d928685a17c6c57a67945c7655b71d5f04690737f0fd68b8fd535c2f36695497ba19f6285d76fb338f52512e286ab45e0f03f073ee2e9ac0ca593cac863b2cc1bf1a44f3fe43e0959ab850611675ea01f6564bccc815fc5e5a2b74b170d58981b3b1e7d685f6205ecfebac2c030382e39193fc7f7aab08a2dfa74b8d73a2a453e70bd3ecfc05249386defdd5d2f088293b4637b8cf61aa9bdfe1db814f94f926260105357826db912aace0e0dfd2aa6f88de4fc070e12dbfe3998c02843b5eb76f0d482066ad6e7477ddc05f4943edfe8ce7f909b892ad5976d27dcb88e48a18fe15f4990e8582a1725d201975be21e1d1bcf19cec63274ff97c8d04925bb6d490d613bd86a084835292408ae88942b05054d1a49e59ec927a54e8f322d553ad39b14043189e6b5ca6b73cdaf09c5bacf13990b68823f74c2ccf803dc0c9baf927823fbdf030cb40aec1fef127eeb9663bd4b7f92ad8172d6ca91a7be0f34eae224b541e6f5a3549d5a03b169476d58f7b1603ba2ed4955d72e8272d130c8deae799f846bbee4e536d57751fe669655df0a70ab5a380906d4cd8d962f0f87b285ffd41265550804153c91df4393bf9039370fb9c6d8a0d474493f9b60a298f7db36900c22f38f6b4ed3d78b3946234ad3d68243b73e142b2077f4beb42a0d090d5c24cead66782fc57099798b01ba164118043ec1e1b16a8c2161d9566b07ac16d246c8a47460d87dfcfd62a6f7103194cc859fc8b218843a5fc0147b3d0aff018aad4b114cb326e091aa6be4f034a13917f6f789975b652de957c3f974239d1a000d66231db5465473a9525a8c41b565f876930701e5f4f3ce728cbd09c6f829e942ecfcfe0528ec1c91f6032fe5253173983550bd80332ad31df718ff90e9fa9714e61312a1824afc4064f87d76a8ceed80dd67556af08bca9f40b4b132b1478459b090984162b259d49efe8dafa617e9bca194c41aeda6cc88a9ed9b2bdacb57b5781929de8dd32f0cffcb99d1d2101afe87b7d37dbd66c28baec5648b61bb9115510409884d980f5451edbdaca1bd71d8b1c5c810362de229ad73db931d76516c5cc12e9ac3145b2f6fd78011003afbcf4dd6b64f5e1116bc26a65be28621694f8c099e9a60011664b4a8b91df3ce801b48d43b224a94086d62f92c91c483986087e0e1c1728bffeaee1edc9340b9e919db2d5591b4dd1d44f37716f98ac2c7334ffe104a1b1d18d621145134cbfe76048cd19ac82cce3aabc324596ab8c04578c9be37724b9e9da0cd00ddba5ffd93a27c685386644e43001d71942c0920f2e85fe1730974dcaab9b2bea047956f9204ec5d110a172c430192ae327892cbcd2ba2973819b848aa7ef2f05bf4238c2b935866637eb5bb55a1de3093777f4baf9e6a459cb8b492dd148a155cb96b6c2b3c6f890e105c1b25a68361746f32a192843d06cdcc2573bfc26d40326bcc55860b333562030f0d53f690127078ec36ca08f24166229e31e9a1f66dc9a5b65da4ac06ca1ec9bad7f5d419dfb5c22b4ff34fc9ae4d6be7bb2d81f964b443d2dd88d72268914b4d94edd941592688aa13ffb2be4f8d2e0fb1db7feaea87488d574866fb011694847add2c525e1f513556abc116d985c1a8bd78a58fb358fba3d0b63c01601a9c9f35f5609a41237ad4600afac5991e99"}}}}, &(0x7f0000000000)={0x0, 0x3, [0x158, 0x770, 0xaf2, 0x837]})
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000b00000000000119078000000000000000000004e1f009c907801000000000000007b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af584cbf2649a50f2dbc43c6a85a8dfa871c51852e4451b57d037ad3c045942824251d7d17a5191584cdd4fbe40a27424dbcfd56f1373669caaa2f199372c15e967de30cddae4745a8f762b9649a3bfbc1f39cb307b3472eb9cdb042d2643fcbb2c5a57df67d544af6e8dafe097f39895a67461245108aa1d8afb15591006c42e858f4266ad09980064212607aeb83dee9e2c6b9adb1e749be47b697f61f8cbabca0ce2d794df40c653d8b8c7784813acbdbac1c70d6c067d792f8cf217f13a85cf1d6"], 0x0)

6.474733533s ago: executing program 6 (id=4956):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10c6, &(0x7f0000000b40)={0x0, 0xbdee, 0x800, 0x400001, 0x1ef}, &(0x7f0000000200)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
r7 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r7, 0xffff)
fcntl$addseals(r7, 0x409, 0x7)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_INTERFACE(r8, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x50, r9, 0x1, 0xffffffff, 0x0, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7, 0x2c}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}]]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
r10 = ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f0000000100)={r7, 0x0, 0x0, 0x1000})
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r10, 0x0, 0x0, 0x0, {0x414}, 0x1})
io_uring_enter(r3, 0x3f72, 0x74f1, 0xc00000000000000, 0x0, 0x39)
unshare(0x2c020400)
syz_emit_ethernet(0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="0180c200000ef4000000ed03080045e700282068000007069078ac1414aaffffffff4e214e23", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="2000b75becb4ecd371317a4f63ff00000000000038c4c9edd8407e33067d7f3cb78ab02c1e34d853c92edac6bac2ed3a076bcb0cf5c125a35f177f2f61ce651f05eb234178eb56eb3a23c553554eaa820c885ea4c2bdbbc2d7"], 0x0)
unshare(0x200)
ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0x40103e05, 0x0)
ioctl$AUTOFS_IOC_EXPIRE(r7, 0x810c9365, &(0x7f0000000740)={{0x0, 0x3}, 0x100, './file0\x00'})
r11 = syz_open_dev$vcsn(&(0x7f0000000000), 0xb5dc, 0x480000)
ioctl$SNDCTL_DSP_SETFMT(r11, 0xc0045005, &(0x7f0000000640)=0x200)

5.809435587s ago: executing program 7 (id=4957):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='stack\x00')
lseek(r2, 0xae7d, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
close(0xffffffffffffffff)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000900)={0x0, 0x0, 0x2, 0x7, 0x1ffd, 0x2}, 0x14)
listen(r4, 0x1ff)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r5, &(0x7f00000000c0)="ab", 0x1, 0xc1, &(0x7f0000000280)={0x2, 0x4e22, @loopback}, 0x10)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000040)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0x4, 0x25, 0x0, 0x0, 0x800, 0x6, 0x0, 0x0, 0xb5, 0x0})
syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r2)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYRES16=r3, @ANYRES32=0x0], 0xfc}, 0x1, 0x0, 0x0, 0x20004001}, 0x4010)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f00000001c0)={0x4, &(0x7f0000000040)=[{0x0, 0x0, 0xcc, 0x5}, {0x6, 0x9, 0x2, 0x7}, {0xd, 0x7, 0x3c, 0x40}, {0x6, 0xa, 0x10}]}, 0x10)
r7 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x8006, 0x11f}, &(0x7f0000000240)=<r8=>0x0, &(0x7f0000000200)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000700)={r2, 0x0, 0xc2, 0x22, &(0x7f0000000540)="f107f4f79202202ca28c9fe08862f8794e1b46e5f08cf7c6c568321b2b7b1b332555b951534815c7217a63042f38d6f2ea52997c2f62dbe82573fd6711092c097fb8ebdcf2279733759ded45fb5d8d4c00ca11cc80caf5abda01775b15dac058d7070d1eb26860380207879af486b51923f23d1946859818032aa57b5f34f38568470bc5914131c22fc232bc4201ba1cf269432f92d3fc8b7742233991bf3549553c3ca995ed2915e5aec6e250b27115a859f21a83293973d9fffe5895f36399e88c", &(0x7f0000000640)=""/34, 0xb4b, 0x0, 0x0, 0x3c, 0x0, &(0x7f00000006c0)="ea99394a5f49cab8cef339b7f0def184c373ac8c50a2f4c7f39c9f9db92be8e16dde31179a29927a4c4c7e892c5eda9eec7dfb4bb198d6e470fa3d38", 0x4}, 0x50)
syz_io_uring_submit(r8, r9, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r7, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r7, 0x6e2, 0x600, 0x1, 0x0, 0x0)

5.403701658s ago: executing program 2 (id=4958):
openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x20842, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1004000, 0x0, 0xb49, 0x9, 0x6, 0x0, 0x3}, 0x0)
syz_emit_ethernet(0x38c, &(0x7f0000001800)=ANY=[@ANYBLOB="bbbbbbbbbbbbffffffffffff86dd60122d9a03563afffe80000000000000000000000000000ae802000000000000000000000000000186009078000000000000000000000000000aa78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f30d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af180200010000000000000000000000001818fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978001d84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000020b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4610001394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f0032106000000000000000200000000000000000000000000008879e66485201a0015ca837400000000000000000000003800000000000000145e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1ec34fd5d365775df628cf9e070000009f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aee6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c030018facd10f0f4f56f26bab252dd059ac31503e01a0803ee43a851f075fd12b898b433997a70e58d4c918a6ba3483f1067f222f458e76144933e08bd5cfbb1ad0ec8bf2159a1da9108a21e52bb012926046a6aa225fab6754838cae3d7618a7c1b642ccaaf3820462877b081422c74f162db52015aac1be41c6f40a7ce81cdb3c9c61c51886750af58db0d9f480175d2a5faf34698cd40b543f23f781e7c2bdb5ccaf946a5b8e7d00837cdce25562fe6feb9b6056c5e24a4cff2bc52cb86630c9d372d4d097c785e7495c37f153ddf1fe34ef4b91a6d0bdc5ddca993e5fd47406c736c9b000000"], 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
syz_emit_ethernet(0x0, 0x0, 0x0)
mknod(0x0, 0x8001420, 0x0)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
ioctl$FBIOBLANK(r3, 0x4611, 0x2)
sendmsg$nl_route_sched_retired(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a40)=@newtclass={0x24, 0x28, 0x100, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x3, 0xfff9}, {0x3, 0x10}, {0xb, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x40801}, 0xc5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000800)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='net/rt_cache\x00')
preadv(r6, &(0x7f00000001c0)=[{&(0x7f00000007c0)=""/4120, 0x1018}], 0x1, 0x7ff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
ioctl$EXT4_IOC_GETFSUUID(0xffffffffffffffff, 0x8008662c, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000180)})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x20, 0x81, 0x0, 0x4}, {0x6, 0xff, 0x7f}]})
syz_usb_connect(0x5, 0x2d, &(0x7f0000000340)=ANY=[@ANYRES32=r5, @ANYRES16=r6], 0x0)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="01002dbd7000ffdbdf2508000000"], 0x14}}, 0x8040)
getsockopt$inet6_mreq(r6, 0x29, 0x1c, &(0x7f00000000c0)={@mcast1}, &(0x7f0000000140)=0x14)

5.211368657s ago: executing program 5 (id=4959):
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x24b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x1, 0x0, 0x1, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x4}}}}}]}}]}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
bind$alg(r1, &(0x7f0000002280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-asm\x00'}, 0x58)
sendmsg$SMC_PNETID_GET(r1, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000370410000000ffdbdf2500000000", @ANYRES32=r2, @ANYBLOB="83550500010000001c0012800b00010067656e65766500000c00028005000c0001000000"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
lseek(r3, 0x8000000200000001, 0x2)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1})
r5 = gettid()
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000040))
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=<r6=>0x0)
r7 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r8=>0x0})
bind$can_j1939(r7, &(0x7f0000000040)={0x1d, r8, 0x1, {0x2, 0xff, 0x1}}, 0x18)
sendmsg$kcm(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='.', 0x1}, {0x0}], 0x2}, 0x40014)
timer_settime(r6, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r11 = dup(r10)
ioctl$KVM_SET_MSRS(r11, 0x4048aecb, &(0x7f00000000c0)=ANY=[@ANYRES64=r9, @ANYRES64])
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x4}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{0x1, <r13=>0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x5, 0x19, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xd9b}, {}, {}, [@cb_func={0x18, 0x3, 0x4, 0x0, 0x41d}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffffff}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0xc8, &(0x7f0000000180)=""/200, 0x41100, 0x4b, '\x00', r2, @fallback=0x32, r3, 0x8, &(0x7f0000000280)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x1, 0xf, 0x1, 0x4}, 0x10, 0xffffffffffffffff, r11, 0x0, &(0x7f0000000440)=[r12, 0x1, r13], 0x0, 0x10, 0x6}, 0x94)

4.424113843s ago: executing program 7 (id=4960):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x2c93a000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040))
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="700000001200050926bd7000fbdbdf250a0904004e224e66fbffffff240900000600000006000000fdffffff050000002100000002000000", @ANYRES32=0x0, @ANYBLOB="0a0000090010000006000000ffffffff220001000891"], 0x70}, 0x1, 0x0, 0x0, 0x26000001}, 0x20000804)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000100), 0x1358, 0x2)
r5 = memfd_create(&(0x7f0000000b00)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x01\x83y\xf3\xb2\xe6b$\a\x00\x00\x00\x00\x00\x01\x00\x00\xf7\xffg\xf5\x12oP\b\x00\x00\x00LR\xa1\x00\x00\x17\x1f$^\xe1\x00\x04\x00\x00\x00\x00\a\xff;\xeb\xf1\xd0\xce\xe5\x19\x12\b\x01\xd9\xae>/\x05\x00\xce\xd5O\xcc\b\x9e\x19\x19#\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xdcc\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x05\x00\xfd\xc7\x00\x00\x00\x00\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4h$h\x0ew\x00&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x01\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xff\x06\xe7j\x9fTJ;T\xf3\xfa\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?P\xac\x86\x13b\xa8D\x0f\x93\xab\x1c\x11\x00\xc5\x8d\x82\x00\x00\x00\x00\x00\x00\x00\x0f\x81\xf3\x05\xa3{\x96\xf9\xba\x9em\xe9\"\x03\x933P\xbb\xd6\x9b\f\xa7\x8f9\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10\x00\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\fw\xd9\xf5cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x16\x0f\x97\xe6j}J\xca\xb8)f\xd5\xfd>\x9bU\xb0\x03Zt0\xc0b\xad\xef@o\xc1\xd6\x17T\f\xc30\xe2\x89\xf6L\x131\x9c\t\xa7\x80\x1b:\xbb\x04\xd7\xd1\x06\xa0\xe9\xbah\xb6\xb2\xea/{Q\xca\x14\x13\x9ajWt\xc9\xecd\r\xd5)\x1d\xaf\n\xc0\xc1\x1d}DY\x95&\xe7\xf4U\xff\xcd&\a\x9f\x1bg\xe5|~\xc1\xc5n\x12%ur\xa1\x9e`\xc2\x01\b,\x18\xaf\xccD\xdeag\xc6\xf3\xd6\x94\x9d\xae\x8bl\xee\x7fu\xe5bu\x84\x04\xb3@\xa1\xf7\xc6\x13\xf9I\xfa\x12\xfc\x96\",aT\xfd\"\x01\x92\xb1\xbf\x8a\x15\x88\xfd\x8f\x88\x87\x82\x9c:L\xd2\xb8\xfa5\x066\x82\xf3_LUr\xfa\xd2\x99d \x97c9G\x99\xe3\xcc$\x96cu\x97\xe7\xc7a\tm\xe8F\xc7j\xf8\x98\x81\xe7\xf7\xab3F\xf4u\xdaav\xd21\v\x99HG\xdfx\x1cPl\t#\xc1\x8e\xddW\x00\x00\x00\x8fw\xa9A\xf7m\xeec\xb6\\\xa4T\xeej\xe2\xba\xb2V\xacc\xc6|\xae]\xdb\x10\xb3\x80z\xd5\n\xa3u\xfb\b\x03\xe5\xca;\xe5uH<\x9a\x12\x84(\x9f\xd2\xe1k\x955;J\xa4\x81Lm\x90\x1a\xfdI}\xb0\xa1\xfa9\x17\xd1\xa2\xc7\xca\x98\xaeS\x92Ew`\xd2\x02\xda\xc9\xd4\xea\x02\x1d\xd3\xd5\x81\xdb\xd9~\xd6-:\xee\xe8\t\xf7\xe6\xf1\x88\x86\xb0\x04\x9ep\xb1\x93\x16\xf9\xdb\x15\x8a\xa3h<\xaf\xa0\xb5\xb0\x05ir\xff\xff\xff\xff\x00\x00\x00\x00\x83\x91\xad\x11\xf4\xbcz\x9b\x8bp]o\au\x175I\x1d\xe2\x97\xb6\x06\xdc\x14\x9b>\xd7F\xdb?\xc7%0n/\xf5S\xb5\xe8\xa5\xd1\xddN\xf9ir\xd1r\xf4L\t3\xadDz\\\xf4`\x13\xf7)\x91w\a\xcc+E\xdd\xe9\xdbb\x9c\xff\x98\x03\xb7\x0e=\xba\xa3um\xde\xff$|\xb7\x86j+\x00\x00\x00\x00\x00\x00\x00Z\xef\xd6\xf4Zs\xfc\ro\x03\xabB\x18\xdc\a\xe3\r\x00\x00\x00\x00\x00\x00', 0x6)
fallocate(r5, 0x0, 0x0, 0x400001)
fcntl$addseals(r5, 0x409, 0xc)

4.119686019s ago: executing program 6 (id=4961):
socket(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0xb2442, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000400)=@arm64={0xff, 0x3c, 0xfa, '\x00', 0x10001})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x1000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xd7)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000140)=0x2000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
connect$unix(r0, &(0x7f0000000480)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f0000000140)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="34000000100039042cbd70000000000000000000", @ANYRES32=r7, @ANYBLOB="059800000020000014001280080001006772650008000280040012"], 0x34}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="54000000100039042bbd5a002500000000000000", @ANYRES32=r7, @ANYBLOB="00000000000000002c00128008000100677265002000028008001400020000000800040004000000060010004e220000040012000800040000080000"], 0x54}}, 0x0)
r9 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="03c900d8017cac080f91a39588b9d334787f5bbede229bc710bfe84064342d50f819dcb3aacea8d5edf5ea5dc0fd5600a511a5e8ca030aca7a388754e1e02bcff7b497547fc8bb7df3f74cce86d58cf83087e2f8eb8b0f402f20c34766cfcad832505ebf89ffffc06ad94754c4d7617f5aaddfb0d59a2360fa73bae23d0c06e28d607c329f69f510e9c4fd76397fc031359c8e2489509fc1006ab58825ece31b8f1e8299b592f14a93bdff16d99c4238988216503e9f86324e6b98a616ff87413eabb3859aea66deab6b929dcf9b857cf78b32b6f4c4a10000000000"], 0xdc)
write$6lowpan_enable(r9, &(0x7f00000000c0)='1', 0x1)
mmap$dsp(&(0x7f00000cd000/0x1000)=nil, 0x1000, 0x100000f, 0x11, r4, 0x0)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x2c, 0x0, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, 0x0, {0xe, 0x3}, {0x6, 0xd}, {0x4, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x40004)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)

3.877317104s ago: executing program 4 (id=4962):
capset(&(0x7f00000000c0)={0x20080522}, &(0x7f0000000040)={0x200000, 0x200000})
syz_clone3(0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (fail_nth: 4)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)

2.887560007s ago: executing program 4 (id=4963):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0xe000, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)

2.615604891s ago: executing program 4 (id=4964):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000003, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(r1, 0x0, 0x0, 0x0, 0x1)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000240000/0x1000)=nil)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15}, 0x94)
syz_emit_ethernet(0x4a, &(0x7f0000000400)=ANY=[@ANYBLOB="0580c2000002aaa8aaaaaaaa86dd0500000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa06000005", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780002", @ANYRES32=r2, @ANYBLOB="c2efafa2c7957059bcc8fed942295f415e506b28f5893528f92fda6bfd1adc56fb6279f5e16bd643fb9ec2b2429f3cc6283c5ecda6269616ba9046aeda9d02fed383c4a888e126fc304610ee931142ef0dc43712d3b06417ab3b343ed9a76e69fc"], 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="240000006800010000000000000000000200000000000000080006000100000004000b"], 0x24}}, 0x4004094)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0x15, 0x0, <r5=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r3, 0x3b88, &(0x7f00000002c0)={0xc, r5})
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendto$inet6(r7, &(0x7f00000003c0)="a4677dfc2133806eecf49820871b9e6af2e2", 0x12, 0x1, 0x0, 0x0)
recvmmsg$unix(r7, &(0x7f00000056c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000680)=""/1, 0x1}, {&(0x7f0000000300)=""/87, 0x57}], 0x2}}], 0x1, 0x2002, 0x0)
socket$inet_sctp(0x2, 0x0, 0x84)

2.332945836s ago: executing program 7 (id=4965):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4048aec9, &(0x7f0000000080)={0x4, 0xffffffffffffffff, 0xffffffff})
r2 = userfaultfd(0x801)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0xc40, 0x0)
r3 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5867, 0x800, 0xfffffffc, 0x1bd}, &(0x7f0000000040)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
r6 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000440)='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', 0x10)
r8 = accept4$alg(r7, 0x0, 0x0, 0x0)
sendmmsg$alg(r8, &(0x7f0000003980)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}], 0x1, 0x48041)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x1, 0x4, 0xffffffff, 0xe661, 0x0, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8f, 0x7fff, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x3, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x3038, 0x3e7, 0xb, 0x5, 0x4, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0x7ff, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x8, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r9, &(0x7f0000000400)=ANY=[], 0x1df)
write$binfmt_misc(r9, &(0x7f0000000640)="2137e69153ffa11fc8b8d70021fded1beae48c07630f226c2295082211b758eee5296d12af", 0x25)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r9, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r3, 0x100847c0, 0x0, 0x1, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0)
r10 = syz_open_dev$vcsu(&(0x7f0000000000), 0x6, 0x80800)
ioctl$VIDIOC_S_INPUT(r10, 0xc0045627, &(0x7f0000000140)=0x5)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

2.332323684s ago: executing program 2 (id=4966):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x94, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x94}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)='\a', 0x1}], 0x1, &(0x7f0000000340)=[@sndrcv={0x30, 0x84, 0x1, {0x2, 0x0, 0x41, 0x808, 0x2, 0xffffffff, 0x3, 0x7fffffff}}], 0x30}, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x30, 0x1, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_SEQ_ADJ_ORIG={0x4}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0x9, 0x1, 'syz1\x00'}}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}]}, 0x30}}, 0x20004040)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_RENAME(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x28, 0x5, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x50}, 0x40)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000480)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r9 = dup(r8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r9, 0x2000)
shmat(0x0, &(0x7f0000ff1000/0x3000)=nil, 0x400c)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="6841a311", @ANYRES16=0x0, @ANYBLOB="01002dbd7000fedbdf2519000000180001801400020064756d6d793000"/38], 0x2c}, 0x1, 0x0, 0x0, 0x20048881}, 0x2000c800)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r9, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000003c0)={&(0x7f00000001c0)={0x24, 0x0, 0x4, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x1}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x82}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000080}, 0x2010)
r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$cgroup_ro(r8, &(0x7f0000000000)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r10, 0x3b81, &(0x7f0000000680)={0xc})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)

1.519712136s ago: executing program 6 (id=4967):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = syz_open_procfs(0x0, &(0x7f0000000340)='fd\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r4 = getpid()
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r5, 0x4b72, 0x0)
r6 = syz_pidfd_open(r4, 0x0)
ioctl$DRM_IOCTL_AGP_ENABLE(0xffffffffffffffff, 0x40086432, 0x0)
setns(r6, 0x8020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20)
syz_clone3(&(0x7f00000008c0)={0x14860000, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, 0x0}, 0x58)
getdents64(r1, &(0x7f0000001f00)=""/4111, 0x100f)
syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007b, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000400)="fc", 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000040)={0x5, 0xd6d, 0xf, 0x9}, 0x10)

843.781337ms ago: executing program 2 (id=4968):
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/crypto\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x400)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001840)={&(0x7f0000000200)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797af2896b9ed8310000000005000400000000000c00078006000000000000000500050002000000050001000600c30011000300686173683a6e65742c6e657400000000"], 0x58}}, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x1000, 0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001c00), 0x2c80, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xad)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x88)
quotactl$Q_GETFMT(0xffffffff80000403, &(0x7f0000000040)=@md0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0x928, 0x0)
r7 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r7, 0x400, 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
r8 = syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0x17da, 0x0, 0x1, 0xbfdffffc}, &(0x7f0000000000)=<r9=>0x0, &(0x7f0000000180)=<r10=>0x0)
socket$l2tp6(0xa, 0x2, 0x73)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000000c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, r5, 0x0, 0x0, 0x0, 0x12141})
io_uring_enter(r8, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000001714"], 0x38}}, 0x0)

809.386951ms ago: executing program 7 (id=4969):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000b0601080000000000000000060000020500010007000000100007800c000100000000407f0000010900020073797a31000000006a93d972bbe88d7466d4a9ce11b74465ff65e86f099966d0f42dbbe3dda21173b064f1f1e8204fd9eab57c954145ba15632c6c795446e5cbe838a996854b4bda70d86517b99985c440416390fe09bfcae421c8a5d147c090e3ab8c4d86e7a9ee922705b85ecd1c0bb985706da461e8cf4e576cae809d54720b1561af9c1d90040439c5"], 0x38}, 0x1, 0x0, 0x0, 0x24008041}, 0x4800)

663.638301ms ago: executing program 4 (id=4970):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000001c0)={&(0x7f0000000180)=[{0x1, 0x8000, 0x2000, &(0x7f0000000100)='F'}, {0x1, 0xda01, 0x0, 0x0}], 0x2})

603.64555ms ago: executing program 7 (id=4971):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10c6, &(0x7f0000000b40)={0x0, 0xbdee, 0x800, 0x400001, 0x1ef}, &(0x7f0000000200)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
r7 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r7, 0xffff)
fcntl$addseals(r7, 0x409, 0x7)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_INTERFACE(r8, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x50, r9, 0x1, 0xffffffff, 0x0, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7, 0x2c}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}]]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
r10 = ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f0000000100)={r7, 0x0, 0x0, 0x1000})
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r10, 0x0, 0x0, 0x0, {0x414}, 0x1})
io_uring_enter(r3, 0x3f72, 0x74f1, 0xc00000000000000, 0x0, 0x39)
unshare(0x2c020400)
syz_emit_ethernet(0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="0180c200000ef4000000ed03080045e700282068000007069078ac1414aaffffffff4e214e23", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="2000b75becb4ecd371317a4f63ff00000000000038c4c9edd8407e33067d7f3cb78ab02c1e34d853c92edac6bac2ed3a076bcb0cf5c125a35f177f2f61ce651f05eb234178eb56eb3a23c553554eaa820c885ea4c2bdbbc2d7"], 0x0)
unshare(0x200)
ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0x40103e05, 0x0)
ioctl$AUTOFS_IOC_EXPIRE(r7, 0x810c9365, &(0x7f0000000740)={{0x0, 0x3}, 0x100, './file0\x00'})
r11 = syz_open_dev$vcsn(&(0x7f0000000000), 0xb5dc, 0x480000)
ioctl$SNDCTL_DSP_SETFMT(r11, 0xc0045005, &(0x7f0000000640)=0x200)

0s ago: executing program 2 (id=4972):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="000000007600000024001280090001007866726d0000000014000280080001000400000008000200020000000a00020000000000000000000a000100aa"], 0x5c}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x8, 0x0, 0x6, 0x200004}, 0x10)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000180)={0x2020}, 0x2024)
lseek(0xffffffffffffffff, 0xfffffffffffffff5, 0x1)
syz_usb_connect(0x0, 0x36, &(0x7f0000000f00)={{0x12, 0x1, 0x0, 0x7c, 0xe7, 0xc8, 0x10, 0x4d8, 0xa30, 0xce47, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xd, 0xe6, 0x7a, 0x0, [], [{{0x9, 0x5, 0x4, 0x2}}, {{0x9, 0x5, 0x81, 0x2, 0x3ff}}]}}]}}]}}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d300000000000000800050001040f0f080003000000080008000f00f7ffff"], 0x5c}}, 0x0)
r6 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x8000, 0x1000, 0x4, 0x6}})
socket$netlink(0x10, 0x3, 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r7, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r8 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r8, &(0x7f0000000140)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000180)="b0", 0x1}], 0x1, 0x0, 0x0, 0x20000851}, 0x0)
recvmmsg(r8, &(0x7f0000002e80)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000002c0)=""/200, 0xc8}], 0x1, &(0x7f00000003c0)=""/71, 0x47}, 0x9}], 0x1, 0x40010000, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0xce, &(0x7f0000002280)={@random, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x98, 0x3a, 0xff, @dev, @mcast2, {[@hopopts={0x11, 0x6, '\x00', [@ra={0x5, 0x2, 0xc8c0}, @enc_lim={0x4, 0x1, 0x6}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @jumbo, @calipso={0x7, 0x10, {0x2, 0x2, 0x4, 0x8, [0x4080]}}, @generic={0xf}, @pad1]}, @fragment={0x3c, 0x0, 0x7, 0x1, 0x0, 0x1f, 0x66}, @routing={0x88, 0x6, 0x0, 0x4, 0x0, [@remote, @private2={0xfc, 0x2, '\x00', 0x8}, @local]}], @ndisc_ns={0x87, 0x0, 0x0, @private0, [{0x22, 0x0, '(3'}]}}}}}}, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

kernel console output (not intermixed with test programs):

us mode
[ 1325.660841][T26091] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1325.667998][T26091] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1325.695769][T26091] bridge_slave_1: entered allmulticast mode
[ 1325.705583][T26091] bridge_slave_1: entered promiscuous mode
[ 1325.740637][T26091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1325.777240][T26091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1325.832348][T26028] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1325.886022][T26091] team0: Port device team_slave_0 added
[ 1326.158791][T26091] team0: Port device team_slave_1 added
[ 1326.467232][T26091] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1326.477720][T26091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1326.912621][T26091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1327.069198][T26166] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1327.131127][T17142] Bluetooth: hci5: command tx timeout
[ 1327.376756][T17142] Bluetooth: hci0: command tx timeout
[ 1327.403151][T26091] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1327.414504][T26091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1327.444114][T26091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1327.470228][T26028] veth0_vlan: entered promiscuous mode
[ 1327.481704][T26028] veth1_vlan: entered promiscuous mode
[ 1327.724433][T26091] hsr_slave_0: entered promiscuous mode
[ 1327.767827][T26091] hsr_slave_1: entered promiscuous mode
[ 1327.815182][T26091] debugfs: 'hsr0' already exists in 'hsr'
[ 1328.141626][T26091] Cannot create hsr debugfs directory
[ 1328.305412][T26028] veth0_macvtap: entered promiscuous mode
[ 1328.884899][T26028] veth1_macvtap: entered promiscuous mode
[ 1328.929363][T26028] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1329.017645][T26028] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1329.449106][T17142] Bluetooth: hci0: command tx timeout
[ 1329.588676][   T13] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1329.606566][   T13] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1329.649541][   T13] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1329.726341][ T1122] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1329.766010][ T1122] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1329.939877][   T13] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1330.105358][T18424] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1330.149994][   T30] audit: type=1326 audit(1755834415.037:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26206 comm="syz.1.4598" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc68d98ebe9 code=0x0
[ 1330.151556][T18424] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1330.355963][T26091] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1330.403492][T26091] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1330.450944][T26091] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1330.462255][T26091] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1330.488481][T21327] usb 2-1: new full-speed USB device number 59 using dummy_hcd
[ 1330.594168][T26091] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1330.621257][T26091] 8021q: adding VLAN 0 to HW filter on device team0
[ 1330.636853][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1330.644083][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1330.655286][T21327] usb 2-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[ 1330.672694][T21327] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1330.684676][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1330.691860][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1330.703447][T21327] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1330.710975][T21327] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1330.734267][T21327] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1330.757635][T21327] usb 2-1: config 0 descriptor??
[ 1330.775794][T21327] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1330.793428][T21327] dvb-usb: bulk message failed: -22 (3/0)
[ 1330.815268][T26091] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1330.823227][T21327] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1330.842666][T21327] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1330.857801][T21327] usb 2-1: media controller created
[ 1330.867368][T21327] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1330.892541][T21327] dvb-usb: bulk message failed: -22 (6/0)
[ 1330.902895][T26091] veth0_vlan: entered promiscuous mode
[ 1330.908496][T21327] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1330.921171][T26091] veth1_vlan: entered promiscuous mode
[ 1330.929099][T21327] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input105
[ 1331.002489][T21327] dvb-usb: schedule remote query interval to 150 msecs.
[ 1331.021893][T21327] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1331.054615][T26091] veth0_macvtap: entered promiscuous mode
[ 1331.072037][T26091] veth1_macvtap: entered promiscuous mode
[ 1331.122897][T26091] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1331.147775][T26091] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1331.165045][   T37] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1331.176275][   T37] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1331.185363][T21327] dvb-usb: bulk message failed: -22 (1/0)
[ 1331.185389][T21327] dvb-usb: error while querying for an remote control event.
[ 1331.211021][T26212] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1331.219208][T26212] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1331.233881][T26212] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1331.245822][   T37] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1331.253237][T26212] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1331.258719][   T37] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1331.281708][T26212] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1331.298648][T26212] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1331.313533][T26212] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1331.336863][T26212] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1331.338402][T21327] dvb-usb: bulk message failed: -22 (1/0)
[ 1331.448139][T21327] dvb-usb: error while querying for an remote control event.
[ 1331.475513][T26212] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1331.500685][T26212] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1331.529755][T17142] Bluetooth: hci0: command tx timeout
[ 1331.536959][T26248] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[ 1331.562837][T26212] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1331.654645][T26212] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1331.664354][T26212] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1331.703802][T21327] dvb-usb: bulk message failed: -22 (1/0)
[ 1331.717070][T21327] dvb-usb: error while querying for an remote control event.
[ 1331.725339][T26212] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1331.739718][T26212] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1331.746696][T26212] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1331.758983][T26212] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1331.836636][T18424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1331.850792][T18424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1331.878425][T21327] dvb-usb: bulk message failed: -22 (1/0)
[ 1331.898714][T21327] dvb-usb: error while querying for an remote control event.
[ 1331.920216][T18424] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1331.933797][T18424] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1332.108064][T21327] dvb-usb: bulk message failed: -22 (1/0)
[ 1332.158070][T21327] dvb-usb: error while querying for an remote control event.
[ 1332.348327][T21327] dvb-usb: bulk message failed: -22 (1/0)
[ 1332.388421][T21327] dvb-usb: error while querying for an remote control event.
[ 1332.488433][T17142] Bluetooth: hci1: command 0x0406 tx timeout
[ 1332.648564][T21327] dvb-usb: bulk message failed: -22 (1/0)
[ 1332.656615][T21327] dvb-usb: error while querying for an remote control event.
[ 1332.704836][ T5944] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1332.839030][T14515] dvb-usb: bulk message failed: -22 (1/0)
[ 1332.844950][T14515] dvb-usb: error while querying for an remote control event.
[ 1332.868306][ T5944] usb 3-1: Using ep0 maxpacket: 16
[ 1332.872473][T26281] tipc: Invalid UDP bearer configuration
[ 1332.875575][T26281] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1332.896122][ T5944] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1332.913088][ T5944] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[ 1333.040079][T14515] dvb-usb: bulk message failed: -22 (1/0)
[ 1333.047080][T14515] dvb-usb: error while querying for an remote control event.
[ 1333.168085][ T5944] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023
[ 1333.228503][T14515] dvb-usb: bulk message failed: -22 (1/0)
[ 1333.269072][T14515] dvb-usb: error while querying for an remote control event.
[ 1333.278410][ T5944] usb 3-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[ 1333.288709][T17142] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1333.301577][ T5944] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1333.320513][T14515] usb 2-1: USB disconnect, device number 59
[ 1333.347453][ T5944] usb 3-1: Product: syz
[ 1333.378443][T17142] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1333.412443][ T5944] usb 3-1: Manufacturer: syz
[ 1333.443216][ T5944] usb 3-1: SerialNumber: syz
[ 1333.454247][T14515] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1333.486773][ T5944] usb 3-1: config 0 descriptor??
[ 1333.538895][T17142] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1333.565780][T26277] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1333.691793][ T5184] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1333.868540][ T5184] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1333.899869][ T5944] mcba_usb 3-1:0.0 can0: failed tx_urb -90
[ 1333.911587][ T5944] mcba_usb 3-1:0.0 can0: Failed to send cmd (169)
[ 1333.918947][ T5944] mcba_usb 3-1:0.0 can0: failed tx_urb -90
[ 1333.924809][ T5944] mcba_usb 3-1:0.0 can0: Failed to send cmd (169)
[ 1333.934305][ T5944] mcba_usb 3-1:0.0: Microchip CAN BUS Analyzer connected
[ 1334.259590][T26277] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4583'.
[ 1334.591397][ T5184] Bluetooth: hci1: command 0x0406 tx timeout
[ 1335.128991][T26319] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4610'.
[ 1335.418539][ T5184] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1335.448833][ T5184] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1335.615488][ T5184] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1335.768532][ T5184] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1335.939812][ T5184] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1336.189584][T26328] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.4612'.
[ 1336.870608][T21327] usb 3-1: USB disconnect, device number 56
[ 1336.877218][T21327] mcba_usb 3-1:0.0 can0: device disconnected
[ 1337.016707][T26339] FAULT_INJECTION: forcing a failure.
[ 1337.016707][T26339] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1337.318639][   T30] audit: type=1326 audit(1755834422.197:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26343 comm="syz.4.4615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aacd8ebe9 code=0x7ffc0000
[ 1337.355500][   T30] audit: type=1326 audit(1755834422.197:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26343 comm="syz.4.4615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aacd8ebe9 code=0x7ffc0000
[ 1337.379247][T26339] CPU: 0 UID: 0 PID: 26339 Comm: syz.2.4614 Not tainted syzkaller #0 PREEMPT(full) 
[ 1337.379277][T26339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1337.379292][T26339] Call Trace:
[ 1337.379300][T26339]  <TASK>
[ 1337.379309][T26339]  dump_stack_lvl+0x189/0x250
[ 1337.379343][T26339]  ? __pfx____ratelimit+0x10/0x10
[ 1337.379373][T26339]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1337.379396][T26339]  ? __pfx__printk+0x10/0x10
[ 1337.379427][T26339]  ? rcu_is_watching+0x15/0xb0
[ 1337.379450][T26339]  should_fail_ex+0x414/0x560
[ 1337.379480][T26339]  _copy_to_user+0x31/0xb0
[ 1337.379505][T26339]  simple_read_from_buffer+0xe1/0x170
[ 1337.379538][T26339]  proc_fail_nth_read+0x1b3/0x220
[ 1337.379564][T26339]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1337.379588][T26339]  ? rw_verify_area+0x2a6/0x4d0
[ 1337.379614][T26339]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1337.379638][T26339]  vfs_read+0x1fd/0xa30
[ 1337.379663][T26339]  ? fdget_pos+0x247/0x320
[ 1337.379683][T26339]  ? __pfx___mutex_lock+0x10/0x10
[ 1337.379714][T26339]  ? __pfx_vfs_read+0x10/0x10
[ 1337.379745][T26339]  ? __fget_files+0x3a0/0x420
[ 1337.379776][T26339]  ? __fget_files+0x2a/0x420
[ 1337.379821][T26339]  ksys_read+0x145/0x250
[ 1337.379847][T26339]  ? __pfx_ksys_read+0x10/0x10
[ 1337.379870][T26339]  ? rcu_is_watching+0x15/0xb0
[ 1337.379888][T26339]  ? rcu_is_watching+0x15/0xb0
[ 1337.379908][T26339]  do_syscall_64+0xfa/0x3b0
[ 1337.379937][T26339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1337.379957][T26339]  ? clear_bhb_loop+0x60/0xb0
[ 1337.379979][T26339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1337.379999][T26339] RIP: 0033:0x7f6d2af8d5fc
[ 1337.380017][T26339] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1337.380036][T26339] RSP: 002b:00007f6d2beb0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1337.380056][T26339] RAX: ffffffffffffffda RBX: 00007f6d2b1b5fa0 RCX: 00007f6d2af8d5fc
[ 1337.380080][T26339] RDX: 000000000000000f RSI: 00007f6d2beb00a0 RDI: 0000000000000003
[ 1337.380093][T26339] RBP: 00007f6d2beb0090 R08: 0000000000000000 R09: 0000000000000002
[ 1337.380106][T26339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1337.380118][T26339] R13: 00007f6d2b1b6038 R14: 00007f6d2b1b5fa0 R15: 00007f6d2b2dfa28
[ 1337.380139][T26339]  </TASK>
[ 1337.384327][   T30] audit: type=1326 audit(1755834422.207:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26343 comm="syz.4.4615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f5aacd8ebe9 code=0x7ffc0000
[ 1337.640274][ T5184] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1337.646338][ T5184] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1337.688473][ T5184] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1337.862390][T17142] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1337.987057][   T30] audit: type=1326 audit(1755834422.207:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26343 comm="syz.4.4615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aacd8ebe9 code=0x7ffc0000
[ 1338.010350][T17142] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1338.020311][   T30] audit: type=1326 audit(1755834422.207:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26343 comm="syz.4.4615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aacd8ebe9 code=0x7ffc0000
[ 1338.051824][   T30] audit: type=1326 audit(1755834422.207:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26343 comm="syz.4.4615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f5aacd8ebe9 code=0x7ffc0000
[ 1338.079480][   T30] audit: type=1326 audit(1755834422.207:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26343 comm="syz.4.4615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aacd8ebe9 code=0x7ffc0000
[ 1338.208352][T14515] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[ 1338.247195][   T30] audit: type=1326 audit(1755834422.207:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26343 comm="syz.4.4615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aacd8ebe9 code=0x7ffc0000
[ 1338.278191][   T30] audit: type=1326 audit(1755834422.207:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26343 comm="syz.4.4615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5aacd8ebe9 code=0x7ffc0000
[ 1338.435156][   T30] audit: type=1326 audit(1755834422.207:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26343 comm="syz.4.4615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aacd8ebe9 code=0x7ffc0000
[ 1338.710420][T26376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1338.779613][T26376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1339.046828][T26376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1339.093296][T26376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1339.107456][T26376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1339.163258][T26376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1339.202420][T26376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1339.260467][T26376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1339.308187][T26376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1339.382560][T26376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1341.643974][T26420] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4627'.
[ 1342.876329][T26436] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4632'.
[ 1343.011842][T21327] usb 3-1: new full-speed USB device number 57 using dummy_hcd
[ 1343.189205][T21327] usb 3-1: too many configurations: 76, using maximum allowed: 8
[ 1343.220039][T21327] usb 3-1: config 0 has an invalid interface number: 172 but max is 0
[ 1343.238428][T21327] usb 3-1: config 0 has no interface number 0
[ 1343.246701][T21327] usb 3-1: config 0 has an invalid interface number: 172 but max is 0
[ 1343.262667][T21327] usb 3-1: config 0 has no interface number 0
[ 1343.273277][T21327] usb 3-1: config 0 has an invalid interface number: 172 but max is 0
[ 1343.282787][T21327] usb 3-1: config 0 has no interface number 0
[ 1343.292363][T21327] usb 3-1: config 0 has an invalid interface number: 172 but max is 0
[ 1343.302069][T21327] usb 3-1: config 0 has no interface number 0
[ 1343.311588][T21327] usb 3-1: config 0 has an invalid interface number: 172 but max is 0
[ 1343.320258][T21327] usb 3-1: config 0 has no interface number 0
[ 1343.331219][T21327] usb 3-1: config 0 has an invalid interface number: 172 but max is 0
[ 1343.370832][T21327] usb 3-1: config 0 has no interface number 0
[ 1343.387473][T21327] usb 3-1: config 0 has an invalid interface number: 172 but max is 0
[ 1343.404074][T21327] usb 3-1: config 0 has no interface number 0
[ 1343.423310][T21327] usb 3-1: config 0 has an invalid interface number: 172 but max is 0
[ 1343.478548][T21327] usb 3-1: config 0 has no interface number 0
[ 1343.528853][T21327] usb 3-1: New USB device found, idVendor=2304, idProduct=020f, bcdDevice=3b.de
[ 1343.548126][T21327] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=69
[ 1343.562839][T21327] usb 3-1: Product: syz
[ 1343.567017][T21327] usb 3-1: Manufacturer: syz
[ 1343.590936][T21327] usb 3-1: SerialNumber: syz
[ 1343.625303][T21327] usb 3-1: config 0 descriptor??
[ 1343.653922][T21327] dvb-usb: found a 'Pinnacle 400e DVB-S USB2.0' in warm state.
[ 1343.678356][T21327] dvb-usb: bulk message failed: -22 (4/0)
[ 1343.694467][T21327] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[ 1343.739202][T21327] dvb-usb: bulk message failed: -22 (5/0)
[ 1343.744993][T21327] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[ 1343.798640][T21327] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1343.811855][T21327] dvb-usb: Pinnacle 400e DVB-S USB2.0 error while loading driver (-19)
[ 1344.054170][T26451] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4633'.
[ 1344.595525][T26456] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4638'.
[ 1344.618566][T26456] syzkaller1: entered promiscuous mode
[ 1344.624076][T26456] syzkaller1: entered allmulticast mode
[ 1345.088667][T21327] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1345.228341][T21327] usb 5-1: device descriptor read/64, error -71
[ 1345.662738][T21327] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 1345.938375][T21327] usb 5-1: device descriptor read/64, error -71
[ 1346.380379][T21327] usb usb5-port1: attempt power cycle
[ 1346.608378][  T978] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[ 1346.757233][ T5940] usb 3-1: USB disconnect, device number 57
[ 1346.763239][T21327] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 1346.779718][  T978] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1346.802390][T21327] usb 5-1: device descriptor read/8, error -71
[ 1346.811465][  T978] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1346.826785][  T978] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1346.841442][  T978] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1346.852883][  T978] usb 6-1: SerialNumber: syz
[ 1347.058578][T21327] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1347.081958][  T978] usb 6-1: 0:2 : does not exist
[ 1347.102140][  T978] usb 6-1: USB disconnect, device number 51
[ 1347.130581][T21327] usb 5-1: device descriptor read/8, error -71
[ 1347.382206][T21327] usb usb5-port1: unable to enumerate USB device
[ 1347.433485][T10473] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1347.433896][ T6403] udevd[6403]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1347.533930][T10473] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1347.650017][T10473] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1347.993204][T10473] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1348.299889][T10473] bridge_slave_1: left allmulticast mode
[ 1348.383228][T10473] bridge_slave_1: left promiscuous mode
[ 1348.503252][T10473] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1348.530433][T26498] netlink: 4400 bytes leftover after parsing attributes in process `syz.6.4649'.
[ 1348.553331][T10473] bridge_slave_0: left allmulticast mode
[ 1348.559185][T10473] bridge_slave_0: left promiscuous mode
[ 1348.619908][T10473] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1349.647666][T17142] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1349.655074][T17142] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1349.671186][T17142] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1349.683255][T17142] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1349.692315][T17142] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1349.733009][T10473] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1349.755012][T26516] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[ 1349.761550][T26516] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1349.808475][T26516] vhci_hcd vhci_hcd.0: Device attached
[ 1349.817079][T10473] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1349.842885][T10473] bond0 (unregistering): Released all slaves
[ 1349.942921][T26517] vhci_hcd: connection closed
[ 1349.947346][T18424] vhci_hcd: stop threads
[ 1349.957571][T26498] workqueue: name exceeds WQ_NAME_LEN. Truncating to: �`]��I�q�!�>�s���*��!)\�+`
[ 1349.990764][T18424] vhci_hcd: release socket
[ 1350.000747][T18424] vhci_hcd: disconnect device
[ 1350.038379][    T9] usb 43-1: new high-speed USB device number 2 using vhci_hcd
[ 1350.046180][    T9] usb 43-1: enqueue for inactive port 0
[ 1350.149020][    T9] vhci_hcd: vhci_device speed not set
[ 1350.328407][T26530] trusted_key: encrypted_key: master key parameter '' is invalid
[ 1350.518129][T26519] chnl_net:caif_netlink_parms(): no params data found
[ 1350.611408][T10473] hsr_slave_0: left promiscuous mode
[ 1350.849631][T10473] hsr_slave_1: left promiscuous mode
[ 1350.869384][T10473] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1350.876791][T10473] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1351.026136][T10473] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1351.254645][T10473] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1351.523485][T10473] veth1_macvtap: left promiscuous mode
[ 1351.529297][T10473] veth0_macvtap: left promiscuous mode
[ 1351.548447][T10473] veth1_vlan: left promiscuous mode
[ 1351.553689][T10473] veth0_vlan: left promiscuous mode
[ 1351.768446][ T5184] Bluetooth: hci3: command tx timeout
[ 1352.110552][T17142] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1352.123583][T10473] team0 (unregistering): Port device team_slave_1 removed
[ 1352.131074][T17142] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1352.141016][T17142] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1352.151489][T17142] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1352.158967][T10473] team0 (unregistering): Port device team_slave_0 removed
[ 1352.159093][T17142] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1352.469965][T14515] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[ 1352.610720][T26519] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1352.618157][T26519] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1352.626322][T26519] bridge_slave_0: entered allmulticast mode
[ 1352.634037][T26519] bridge_slave_0: entered promiscuous mode
[ 1352.653551][T26519] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1352.660956][T14515] usb 6-1: Using ep0 maxpacket: 16
[ 1352.667371][T26519] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1352.677529][T14515] usb 6-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[ 1352.687040][T14515] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1352.695557][T26519] bridge_slave_1: entered allmulticast mode
[ 1352.702186][T14515] usb 6-1: Product: syz
[ 1352.719375][T14515] usb 6-1: Manufacturer: syz
[ 1352.729531][T26519] bridge_slave_1: entered promiscuous mode
[ 1352.735561][T14515] usb 6-1: SerialNumber: syz
[ 1352.749147][T14515] usb 6-1: config 0 descriptor??
[ 1352.765904][T14515] ssu100 6-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[ 1352.803455][T26519] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1352.819838][T26519] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1352.830883][ T5940] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1352.876871][T26519] team0: Port device team_slave_0 added
[ 1352.886296][T26519] team0: Port device team_slave_1 added
[ 1352.987529][T26519] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1352.998824][T26519] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1353.028584][ T5940] usb 5-1: config 0 has no interfaces?
[ 1353.058734][T26519] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1353.085177][ T5940] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1353.163633][ T5940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1353.177546][T14515] ssu100 6-1:0.0: probe with driver ssu100 failed with error -110
[ 1353.195404][ T5940] usb 5-1: Product: syz
[ 1353.206710][ T5940] usb 5-1: Manufacturer: syz
[ 1353.218314][ T5940] usb 5-1: SerialNumber: syz
[ 1353.233022][ T5940] usb 5-1: config 0 descriptor??
[ 1353.305232][T26519] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1353.312997][T26519] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1353.340082][T26519] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1353.443661][T26558] chnl_net:caif_netlink_parms(): no params data found
[ 1353.848456][T17142] Bluetooth: hci3: command tx timeout
[ 1353.924233][T26519] hsr_slave_0: entered promiscuous mode
[ 1353.940088][T26519] hsr_slave_1: entered promiscuous mode
[ 1353.946301][T26519] debugfs: 'hsr0' already exists in 'hsr'
[ 1353.974339][T26519] Cannot create hsr debugfs directory
[ 1354.258277][T17142] Bluetooth: hci0: command tx timeout
[ 1354.435474][T26558] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1354.444917][T26558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1354.453294][T26558] bridge_slave_0: entered allmulticast mode
[ 1354.462831][T26558] bridge_slave_0: entered promiscuous mode
[ 1354.482579][T26558] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1354.496642][T26558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1354.511055][T26558] bridge_slave_1: entered allmulticast mode
[ 1354.523594][T26558] bridge_slave_1: entered promiscuous mode
[ 1354.547391][T10473] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1354.974056][T10473] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1355.044342][T26558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1355.084702][T10473] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1355.155164][T26558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1355.193276][T26558] team0: Port device team_slave_0 added
[ 1355.210923][T10473] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1355.274960][T26558] team0: Port device team_slave_1 added
[ 1355.393047][T26558] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1355.404033][T26558] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1355.488121][T26558] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1355.548345][T26558] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1355.561324][T26558] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1355.601309][    T9] usb 5-1: USB disconnect, device number 37
[ 1355.678200][T26558] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1355.828103][ T5944] usb 6-1: USB disconnect, device number 52
[ 1355.929049][T17142] Bluetooth: hci3: command tx timeout
[ 1355.994668][T26558] hsr_slave_0: entered promiscuous mode
[ 1356.011547][T26558] hsr_slave_1: entered promiscuous mode
[ 1356.017718][T26558] debugfs: 'hsr0' already exists in 'hsr'
[ 1356.058337][T26558] Cannot create hsr debugfs directory
[ 1356.100604][T10473] bridge_slave_1: left allmulticast mode
[ 1356.106418][T10473] bridge_slave_1: left promiscuous mode
[ 1356.112540][T10473] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1356.276038][T10473] bridge_slave_0: left allmulticast mode
[ 1356.338344][T17142] Bluetooth: hci0: command tx timeout
[ 1356.362986][T10473] bridge_slave_0: left promiscuous mode
[ 1356.374577][T10473] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1356.614946][    T9] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1356.788686][    T9] usb 5-1: Using ep0 maxpacket: 16
[ 1356.800476][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[ 1356.817619][    T9] usb 5-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[ 1356.846505][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1356.859462][    T9] usb 5-1: Product: syz
[ 1356.886304][    T9] usb 5-1: Manufacturer: syz
[ 1356.904788][    T9] usb 5-1: SerialNumber: syz
[ 1356.978112][    T9] usb 5-1: config 0 descriptor??
[ 1356.996905][    T9] hub 5-1:0.0: bad descriptor, ignoring hub
[ 1357.005273][    T9] hub 5-1:0.0: probe with driver hub failed with error -5
[ 1357.020372][    T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1357.097581][T10473] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1357.120101][T10473] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1357.140764][T10473] bond0 (unregistering): Released all slaves
[ 1357.245299][T26519] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1357.275601][T26519] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1357.296907][T26519] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1357.313587][T26519] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1357.430922][T10473] hsr_slave_0: left promiscuous mode
[ 1357.451082][T10473] hsr_slave_1: left promiscuous mode
[ 1357.467348][T10473] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1357.475681][T10473] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1357.488802][T10473] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1357.506326][T10473] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1357.536129][T10473] veth1_macvtap: left promiscuous mode
[ 1357.552140][T10473] veth0_macvtap: left promiscuous mode
[ 1357.566253][T10473] veth1_vlan: left promiscuous mode
[ 1357.578823][T10473] veth0_vlan: left promiscuous mode
[ 1358.008533][T17142] Bluetooth: hci3: command tx timeout
[ 1358.021636][T10473] team0 (unregistering): Port device team_slave_1 removed
[ 1358.049964][T10473] team0 (unregistering): Port device team_slave_0 removed
[ 1358.146540][ T5184] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1358.155180][ T5184] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1358.164041][ T5184] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1358.175597][ T5184] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1358.183662][ T5184] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1358.225351][T26652] FAULT_INJECTION: forcing a failure.
[ 1358.225351][T26652] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1358.238763][T26652] CPU: 0 UID: 0 PID: 26652 Comm: syz.6.4674 Not tainted syzkaller #0 PREEMPT(full) 
[ 1358.238794][T26652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1358.238816][T26652] Call Trace:
[ 1358.238825][T26652]  <TASK>
[ 1358.238836][T26652]  dump_stack_lvl+0x189/0x250
[ 1358.238866][T26652]  ? __pfx____ratelimit+0x10/0x10
[ 1358.238897][T26652]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1358.238922][T26652]  ? __pfx__printk+0x10/0x10
[ 1358.238955][T26652]  ? rcu_is_watching+0x15/0xb0
[ 1358.238979][T26652]  should_fail_ex+0x414/0x560
[ 1358.239010][T26652]  _copy_to_user+0x31/0xb0
[ 1358.239037][T26652]  simple_read_from_buffer+0xe1/0x170
[ 1358.239071][T26652]  proc_fail_nth_read+0x1b3/0x220
[ 1358.239097][T26652]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1358.239124][T26652]  ? rw_verify_area+0x2a6/0x4d0
[ 1358.239152][T26652]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1358.239176][T26652]  vfs_read+0x1fd/0xa30
[ 1358.239202][T26652]  ? fdget_pos+0x247/0x320
[ 1358.239223][T26652]  ? __pfx___mutex_lock+0x10/0x10
[ 1358.239255][T26652]  ? __pfx_vfs_read+0x10/0x10
[ 1358.239287][T26652]  ? __fget_files+0x3a0/0x420
[ 1358.239319][T26652]  ? __fget_files+0x2a/0x420
[ 1358.239356][T26652]  ksys_read+0x145/0x250
[ 1358.239385][T26652]  ? __pfx_ksys_read+0x10/0x10
[ 1358.239412][T26652]  ? rcu_is_watching+0x15/0xb0
[ 1358.239436][T26652]  ? rcu_is_watching+0x15/0xb0
[ 1358.239459][T26652]  do_syscall_64+0xfa/0x3b0
[ 1358.239491][T26652]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1358.239513][T26652]  ? clear_bhb_loop+0x60/0xb0
[ 1358.239539][T26652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1358.239562][T26652] RIP: 0033:0x7feb5958d5fc
[ 1358.239581][T26652] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1358.239601][T26652] RSP: 002b:00007feb5a410030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1358.239625][T26652] RAX: ffffffffffffffda RBX: 00007feb597b5fa0 RCX: 00007feb5958d5fc
[ 1358.239643][T26652] RDX: 000000000000000f RSI: 00007feb5a4100a0 RDI: 0000000000000005
[ 1358.239658][T26652] RBP: 00007feb5a410090 R08: 0000000000000000 R09: 0000000000000000
[ 1358.239673][T26652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1358.239687][T26652] R13: 00007feb597b6038 R14: 00007feb597b5fa0 R15: 00007feb598dfa28
[ 1358.239712][T26652]  </TASK>
[ 1358.476717][ T5184] Bluetooth: hci0: command tx timeout
[ 1358.744970][T26519] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1359.050987][T26519] 8021q: adding VLAN 0 to HW filter on device team0
[ 1359.293585][T21327] usb 5-1: USB disconnect, device number 38
[ 1359.357635][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1359.364818][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1359.493849][T26558] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1359.739757][T26671] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1359.747006][T26671] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1359.912566][T26656] chnl_net:caif_netlink_parms(): no params data found
[ 1359.932072][T26558] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1359.973121][T10473] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1360.000277][T10473] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1360.018436][  T978] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1360.085497][T26558] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1360.142720][T26558] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1360.168389][  T978] usb 5-1: Using ep0 maxpacket: 16
[ 1360.177411][  T978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1360.191464][  T978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1360.217703][T10473] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1360.266166][ T5184] Bluetooth: hci2: command tx timeout
[ 1360.387391][T10473] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1360.398037][  T978] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[ 1360.414297][  T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1360.439004][  T978] usb 5-1: config 0 descriptor??
[ 1360.495973][ T5184] Bluetooth: hci0: command tx timeout
[ 1360.666477][T10473] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1360.743234][T10473] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1360.844021][T26696] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4677'.
[ 1360.854079][T26656] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1360.861335][T26656] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1360.868831][T26656] bridge_slave_0: entered allmulticast mode
[ 1360.876019][T26656] bridge_slave_0: entered promiscuous mode
[ 1360.907689][T10473] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1360.938126][T10473] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1360.974021][T26656] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1361.003882][T26656] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1361.093246][T26656] bridge_slave_1: entered allmulticast mode
[ 1361.177490][T26656] bridge_slave_1: entered promiscuous mode
[ 1361.321290][T26558] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1361.413904][T26656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1361.442053][T26656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1361.653358][T26656] team0: Port device team_slave_0 added
[ 1361.662238][T26656] team0: Port device team_slave_1 added
[ 1361.705586][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.712803][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.891642][T26558] 8021q: adding VLAN 0 to HW filter on device team0
[ 1361.909823][T26519] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1362.056904][T26656] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1362.072379][T26656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1362.101621][T26656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1362.128117][T26656] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1362.136149][T26656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1362.190737][T26656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1362.242783][T10487] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1362.249995][T10487] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1362.339800][ T5184] Bluetooth: hci2: command tx timeout
[ 1362.347257][T10473] bridge_slave_1: left allmulticast mode
[ 1362.355322][T10473] bridge_slave_1: left promiscuous mode
[ 1362.382344][T10473] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1362.393770][T10473] bridge_slave_0: left allmulticast mode
[ 1362.399708][T10473] bridge_slave_0: left promiscuous mode
[ 1362.405505][T10473] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1362.747447][T10473] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1362.793660][T10473] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1362.831806][T10473] bond0 (unregistering): Released all slaves
[ 1362.891391][T10487] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1362.898560][T10487] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1363.110518][  T978] usbhid 5-1:0.0: can't add hid device: -71
[ 1363.119080][  T978] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1363.158960][  T978] usb 5-1: USB disconnect, device number 39
[ 1363.231909][T26656] hsr_slave_0: entered promiscuous mode
[ 1363.289773][T26656] hsr_slave_1: entered promiscuous mode
[ 1363.295911][T26656] debugfs: 'hsr0' already exists in 'hsr'
[ 1363.309086][T26656] Cannot create hsr debugfs directory
[ 1363.454586][T26519] veth0_vlan: entered promiscuous mode
[ 1363.491650][T10473] hsr_slave_0: left promiscuous mode
[ 1363.530591][T10473] hsr_slave_1: left promiscuous mode
[ 1363.544136][T10473] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1363.556665][T10473] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1363.567168][T10473] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1363.588189][T10473] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1363.607027][T10473] veth1_macvtap: left promiscuous mode
[ 1363.621707][T10473] veth0_macvtap: left promiscuous mode
[ 1363.627431][T10473] veth1_vlan: left promiscuous mode
[ 1363.633280][T10473] veth0_vlan: left promiscuous mode
[ 1363.840975][ T5944] usb 5-1: new full-speed USB device number 40 using dummy_hcd
[ 1363.937813][T10473] team0 (unregistering): Port device team_slave_1 removed
[ 1363.954578][T10473] team0 (unregistering): Port device team_slave_0 removed
[ 1364.292927][T26519] veth1_vlan: entered promiscuous mode
[ 1364.312956][T26558] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1364.406575][T26519] veth0_macvtap: entered promiscuous mode
[ 1364.421511][ T5184] Bluetooth: hci2: command tx timeout
[ 1364.429939][T26519] veth1_macvtap: entered promiscuous mode
[ 1364.465778][T26558] veth0_vlan: entered promiscuous mode
[ 1364.474015][T26519] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1364.485771][T26519] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1364.508165][ T5944] usb 5-1: unable to read config index 0 descriptor/start: -71
[ 1364.524590][ T5944] usb 5-1: can't read configurations, error -71
[ 1364.543170][T26558] veth1_vlan: entered promiscuous mode
[ 1364.556947][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1364.566147][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1364.586844][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1364.596295][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1364.657972][T26558] veth0_macvtap: entered promiscuous mode
[ 1364.683186][T10481] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1364.694819][T10481] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1364.700324][T26558] veth1_macvtap: entered promiscuous mode
[ 1364.772825][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1364.777605][T26656] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1364.790991][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1364.803897][T26656] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1364.817234][T26656] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1364.829860][T26558] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1364.846931][T26656] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1364.875969][T26558] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1364.966072][   T65] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1364.983757][   T65] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1365.026288][   T65] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1365.036504][   T65] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1365.161355][T26671] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1365.194085][T26671] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1365.223317][T26671] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1365.237942][T26671] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1365.306520][T26656] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1365.369948][T26656] 8021q: adding VLAN 0 to HW filter on device team0
[ 1365.397495][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1365.404869][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1365.421605][T26814] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4686'.
[ 1365.442929][T10473] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1365.450031][T10473] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1365.528554][T18633] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1365.546197][T26818] fuse: Unknown parameter ''
[ 1365.661266][T26656] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1365.688455][T18633] usb 3-1: Using ep0 maxpacket: 16
[ 1365.704895][T18633] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[ 1365.713317][T18633] usb 3-1: config 0 has no interface number 0
[ 1365.720676][T18633] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[ 1365.732988][T18633] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[ 1365.761753][T26656] veth0_vlan: entered promiscuous mode
[ 1365.764277][T18633] usb 3-1: config 0 interface 41 has no altsetting 0
[ 1365.794795][T18633] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[ 1365.804094][T18633] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1365.812456][T18633] usb 3-1: Product: syz
[ 1365.814722][T26656] veth1_vlan: entered promiscuous mode
[ 1365.822506][T18633] usb 3-1: Manufacturer: syz
[ 1365.827378][T18633] usb 3-1: SerialNumber: syz
[ 1365.835781][T18633] usb 3-1: config 0 descriptor??
[ 1365.847139][T26811] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1365.855239][T26811] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1365.887003][T26656] veth0_macvtap: entered promiscuous mode
[ 1365.914900][T26656] veth1_macvtap: entered promiscuous mode
[ 1366.002103][T26656] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1366.027470][T26656] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1366.052087][T10487] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1366.063950][T10487] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1366.075223][T26811] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1366.084491][T26811] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1366.097771][T10487] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1366.110520][T10487] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1366.257544][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1366.369016][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1366.434197][T26823] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4688'.
[ 1366.489537][ T5184] Bluetooth: hci2: command tx timeout
[ 1366.491073][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1366.505622][T18633] Error reading MAC address
[ 1366.521263][T26811] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1366.528598][T26811] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1366.568792][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1367.297500][T18633] sr9700 3-1:0.41 eth5: register 'sr9700' at usb-dummy_hcd.2-1, CoreChip SR9700 USB Ethernet, ce:49:9c:02:ae:d9
[ 1367.398861][T18633] usb 3-1: USB disconnect, device number 58
[ 1367.448164][T18633] sr9700 3-1:0.41 eth5: unregister 'sr9700' usb-dummy_hcd.2-1, CoreChip SR9700 USB Ethernet
[ 1368.740903][T26888] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4695'.
[ 1368.853896][T26888] netlink: 'syz.4.4695': attribute type 1 has an invalid length.
[ 1369.001123][T26893] fuse: Bad value for 'fd'
[ 1369.185494][T26901] ptrace attach of "./syz-executor exec"[26656] was attempted by "./syz-executor exec"[26901]
[ 1369.195980][  T978] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1369.817717][  T978] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30
[ 1369.864832][  T978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1369.907842][  T978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 201, changing to 11
[ 1369.974335][  T978] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 254
[ 1369.987541][    T9] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[ 1370.027141][  T978] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1c0c, bcdDevice= 0.00
[ 1370.048551][  T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1370.079321][  T978] usb 3-1: config 0 descriptor??
[ 1370.345069][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1370.508348][    T9] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1370.522512][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1370.541302][    T9] usb 6-1: Product: syz
[ 1370.552479][    T9] usb 6-1: Manufacturer: syz
[ 1370.567770][    T9] usb 6-1: SerialNumber: syz
[ 1370.729182][T20094] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 1370.738752][    T9] usb 6-1: config 0 descriptor??
[ 1370.892378][    T9] garmin_gps 6-1:0.0: Garmin GPS usb/tty converter detected
[ 1370.917307][    T9] garmin_gps ttyUSB0: failed to submit interrupt urb: -22
[ 1370.925389][    T9] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -22
[ 1370.938299][T20094] usb 2-1: Using ep0 maxpacket: 16
[ 1370.946897][T20094] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1370.957590][T20094] usb 2-1: New USB device found, idVendor=05ac, idProduct=abdf, bcdDevice=3d.49
[ 1370.967085][T20094] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1370.999853][T20094] usb 2-1: Product: syz
[ 1371.018498][T20094] usb 2-1: Manufacturer: syz
[ 1371.027799][T20094] usb 2-1: SerialNumber: syz
[ 1371.038810][T20094] usb 2-1: config 0 descriptor??
[ 1371.046247][T20094] ipheth 2-1:0.0: Unable to find endpoints
[ 1372.325234][  T978] usbhid 3-1:0.0: can't add hid device: -71
[ 1372.352343][T18633] usb 6-1: USB disconnect, device number 53
[ 1372.359194][T18633] garmin_gps 6-1:0.0: device disconnected
[ 1372.388538][  T978] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1372.462301][T26933] FAULT_INJECTION: forcing a failure.
[ 1372.462301][T26933] name failslab, interval 1, probability 0, space 0, times 0
[ 1372.493215][  T978] usb 3-1: USB disconnect, device number 59
[ 1372.542613][T26921] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1372.551865][T26921] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1372.679057][T26933] CPU: 1 UID: 0 PID: 26933 Comm: syz.2.4707 Not tainted syzkaller #0 PREEMPT(full) 
[ 1372.679082][T26933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1372.679095][T26933] Call Trace:
[ 1372.679102][T26933]  <TASK>
[ 1372.679111][T26933]  dump_stack_lvl+0x189/0x250
[ 1372.679137][T26933]  ? __pfx____ratelimit+0x10/0x10
[ 1372.679163][T26933]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1372.679186][T26933]  ? __pfx__printk+0x10/0x10
[ 1372.679215][T26933]  ? fs_reclaim_acquire+0x7d/0x100
[ 1372.679245][T26933]  ? rcu_is_watching+0x15/0xb0
[ 1372.679264][T26933]  ? __pfx___might_resched+0x10/0x10
[ 1372.679301][T26933]  ? lock_acquire+0x5f/0x360
[ 1372.679332][T26933]  should_fail_ex+0x414/0x560
[ 1372.679363][T26933]  should_failslab+0xa8/0x100
[ 1372.679395][T26933]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1372.679433][T26933]  ? trace_rpm_usage+0x7e/0x1f0
[ 1372.679453][T26933]  ? __alloc_skb+0x112/0x2d0
[ 1372.679482][T26933]  ? __pfx_nsim_get_coalesce+0x10/0x10
[ 1372.679516][T26933]  __alloc_skb+0x112/0x2d0
[ 1372.679561][T26933]  ethnl_default_notify+0x5da/0xb70
[ 1372.679598][T26933]  ? __pfx_ethnl_default_notify+0x10/0x10
[ 1372.679636][T26933]  ? mutex_is_locked+0x17/0x50
[ 1372.679665][T26933]  ? rtnl_is_locked+0x15/0x20
[ 1372.679687][T26933]  ethnl_default_set_doit+0x4f8/0x890
[ 1372.679728][T26933]  genl_family_rcv_msg_doit+0x215/0x300
[ 1372.679756][T26933]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1372.679786][T26933]  ? bpf_lsm_capable+0x9/0x20
[ 1372.679813][T26933]  ? security_capable+0x7e/0x2e0
[ 1372.679846][T26933]  genl_rcv_msg+0x60e/0x790
[ 1372.679873][T26933]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1372.679895][T26933]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[ 1372.679917][T26933]  ? __asan_memcpy+0x40/0x70
[ 1372.679940][T26933]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1372.679969][T26933]  ? __skb_clone+0x63/0x7a0
[ 1372.679993][T26933]  netlink_rcv_skb+0x205/0x470
[ 1372.680023][T26933]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1372.680053][T26933]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1372.680089][T26933]  ? lock_release+0x4b/0x3e0
[ 1372.680122][T26933]  ? down_read+0x1ad/0x2e0
[ 1372.680142][T26933]  genl_rcv+0x28/0x40
[ 1372.680161][T26933]  netlink_unicast+0x82c/0x9e0
[ 1372.680192][T26933]  ? __pfx_netlink_unicast+0x10/0x10
[ 1372.680221][T26933]  ? netlink_sendmsg+0x642/0xb30
[ 1372.680250][T26933]  ? skb_put+0x11b/0x210
[ 1372.680271][T26933]  netlink_sendmsg+0x805/0xb30
[ 1372.680321][T26933]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1372.680353][T26933]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1372.680374][T26933]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1372.680397][T26933]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1372.680428][T26933]  __sock_sendmsg+0x219/0x270
[ 1372.680463][T26933]  ____sys_sendmsg+0x505/0x830
[ 1372.680486][T26933]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1372.680511][T26933]  ? import_iovec+0x74/0xa0
[ 1372.680536][T26933]  ___sys_sendmsg+0x21f/0x2a0
[ 1372.680558][T26933]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1372.680597][T26933]  ? __fget_files+0x2a/0x420
[ 1372.680629][T26933]  ? __fget_files+0x3a0/0x420
[ 1372.680673][T26933]  __x64_sys_sendmsg+0x19b/0x260
[ 1372.680697][T26933]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1372.680724][T26933]  ? __pfx_ksys_write+0x10/0x10
[ 1372.680750][T26933]  ? rcu_is_watching+0x15/0xb0
[ 1372.680772][T26933]  ? rcu_is_watching+0x15/0xb0
[ 1372.680792][T26933]  do_syscall_64+0xfa/0x3b0
[ 1372.680821][T26933]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1372.680841][T26933]  ? clear_bhb_loop+0x60/0xb0
[ 1372.680864][T26933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1372.680883][T26933] RIP: 0033:0x7f85e0d8ebe9
[ 1372.680901][T26933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1372.680919][T26933] RSP: 002b:00007f85e1bfe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1372.680940][T26933] RAX: ffffffffffffffda RBX: 00007f85e0fb5fa0 RCX: 00007f85e0d8ebe9
[ 1372.680956][T26933] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[ 1372.680969][T26933] RBP: 00007f85e1bfe090 R08: 0000000000000000 R09: 0000000000000000
[ 1372.680982][T26933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1372.680994][T26933] R13: 00007f85e0fb6038 R14: 00007f85e0fb5fa0 R15: 00007f85e10dfa28
[ 1372.681016][T26933]  </TASK>
[ 1373.097571][T20094] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1373.369574][T20094] usb 5-1: Using ep0 maxpacket: 16
[ 1373.547250][T20094] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1373.572513][T26944] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4710'.
[ 1373.674512][T20094] usb 5-1: config 0 has no interfaces?
[ 1373.691029][T20094] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1373.701795][T20094] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1373.761469][T20094] usb 5-1: Manufacturer: syz
[ 1374.133972][T20094] usb 5-1: config 0 descriptor??
[ 1374.139792][T20094] usb 5-1: can't set config #0, error -71
[ 1374.382404][T20094] usb 5-1: USB disconnect, device number 42
[ 1374.391894][T26955] net veth1_virt_wifi : renamed from virt_wifi0
[ 1375.983881][T20094] usb 2-1: USB disconnect, device number 60
[ 1376.438904][T26988] sctp: [Deprecated]: syz.4.4718 (pid 26988) Use of int in maxseg socket option.
[ 1376.438904][T26988] Use struct sctp_assoc_value instead
[ 1378.040092][T14515] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[ 1378.388181][T14515] usb 2-1: config 0 has an invalid interface number: 101 but max is 0
[ 1378.417475][T14515] usb 2-1: config 0 has no interface number 0
[ 1378.428540][T14515] usb 2-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=b2.14
[ 1378.437672][T14515] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1378.447796][T14515] usb 2-1: Product: syz
[ 1378.457197][T14515] usb 2-1: Manufacturer: syz
[ 1378.464459][T14515] usb 2-1: SerialNumber: syz
[ 1378.474589][T14515] usb 2-1: config 0 descriptor??
[ 1378.484523][T14515] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623
[ 1378.831033][T14515] gspca_pac7302: reg_w() failed i: ff v: 01 error -71
[ 1378.899034][T14515] gspca_pac7302 2-1:0.101: probe with driver gspca_pac7302 failed with error -71
[ 1378.953232][T14515] usb 2-1: USB disconnect, device number 61
[ 1379.219522][T27004] can: request_module (can-proto-0) failed.
[ 1379.657268][T27020] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4725'.
[ 1379.676088][T27020] syzkaller1: entered promiscuous mode
[ 1379.681680][T27020] syzkaller1: entered allmulticast mode
[ 1381.047076][T14515] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[ 1381.251442][T14515] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1381.261588][T14515] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1381.276717][T14515] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1381.459435][T14515] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1381.486333][T14515] usb 6-1: SerialNumber: syz
[ 1381.720137][T27033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1381.734883][T27033] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1381.754269][T14515] usb 6-1: 0:2 : does not exist
[ 1381.773447][T14515] usb 6-1: USB disconnect, device number 54
[ 1383.239336][T27061] kvm: pic: non byte write
[ 1383.873216][T27065] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4737'.
[ 1383.883275][T27065] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4737'.
[ 1384.053890][T27071] binder_alloc: binder_alloc_mmap_handler: 27068 200000ffd000-200001000000 already mapped failed -16
[ 1384.075980][T27070] binder_alloc: 27068: binder_alloc_buf, no vma
[ 1384.513026][T27086] syz_tun: entered allmulticast mode
[ 1384.560724][ T5944] usb 3-1: new full-speed USB device number 60 using dummy_hcd
[ 1384.579230][T18633] usb 2-1: new full-speed USB device number 62 using dummy_hcd
[ 1384.595102][T27088] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4746'.
[ 1384.698304][T14515] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 1384.718501][T18633] usb 2-1: device descriptor read/64, error -71
[ 1384.731239][ T5944] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[ 1384.740103][ T5944] usb 3-1: config 0 has an invalid interface number: 2 but max is -1
[ 1384.750024][ T5944] usb 3-1: config 0 has an invalid interface number: 2 but max is -1
[ 1384.765565][ T5944] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1384.782689][ T5944] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1384.845699][ T5944] usb 3-1: config 0 has no interface number 0
[ 1384.858316][ T5944] usb 3-1: config 0 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1384.860789][T14515] usb 5-1: Using ep0 maxpacket: 16
[ 1384.878292][ T5944] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1384.881138][T14515] usb 5-1: config 8 has an invalid interface number: 39 but max is 0
[ 1384.887872][ T5944] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1384.896547][T14515] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[ 1384.914836][T21327] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[ 1384.951510][T14515] usb 5-1: config 8 has no interface number 0
[ 1384.958128][T14515] usb 5-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[ 1384.970123][T18633] usb 2-1: new full-speed USB device number 63 using dummy_hcd
[ 1384.979244][T14515] usb 5-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1384.979250][ T5944] usb 3-1: Product: syz
[ 1384.979273][T14515] usb 5-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0
[ 1385.006318][T14515] usb 5-1: config 8 interface 39 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1385.019994][ T5944] usb 3-1: Manufacturer: syz
[ 1385.023290][T14515] usb 5-1: config 8 interface 39 has no altsetting 0
[ 1385.024613][ T5944] usb 3-1: SerialNumber: syz
[ 1385.026410][ T5944] usb 3-1: config 0 descriptor??
[ 1385.043001][T14515] usb 5-1: New USB device found, idVendor=05ac, idProduct=c6e7, bcdDevice=62.77
[ 1385.052200][T14515] usb 5-1: New USB device strings: Mfr=19, Product=2, SerialNumber=3
[ 1385.061588][T14515] usb 5-1: Product: syz
[ 1385.066828][T14515] usb 5-1: Manufacturer: syz
[ 1385.072261][T14515] usb 5-1: SerialNumber: syz
[ 1385.100175][T21327] usb 6-1: Using ep0 maxpacket: 8
[ 1385.109142][T21327] usb 6-1: config 0 has an invalid interface number: 186 but max is 0
[ 1385.120271][T21327] usb 6-1: config 0 has no interface number 0
[ 1385.126687][T21327] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[ 1385.144501][T21327] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1385.161373][T21327] usb 6-1: New USB device found, idVendor=07c0, idProduct=1500, bcdDevice=b8.c5
[ 1385.170752][T18633] usb 2-1: device descriptor read/64, error -71
[ 1385.177384][T21327] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1385.188312][T21327] usb 6-1: Product: syz
[ 1385.192534][T21327] usb 6-1: Manufacturer: syz
[ 1385.197636][T21327] usb 6-1: SerialNumber: syz
[ 1385.206579][T21327] usb 6-1: config 0 descriptor??
[ 1385.279387][T18633] usb usb2-port1: attempt power cycle
[ 1385.290235][T27077] netlink: 'syz.2.4741': attribute type 29 has an invalid length.
[ 1385.308308][T27077] netlink: 'syz.2.4741': attribute type 29 has an invalid length.
[ 1385.416040][ T5944] usb 3-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[ 1385.419693][T21327] iowarrior 6-1:0.186: IOWarrior product=0x1500, serial=42424242 interface=186 now attached to iowarrior0
[ 1385.445129][ T5944] usb 3-1: MIDIStreaming interface descriptor not found
[ 1385.529864][ T5944] usb 3-1: USB disconnect, device number 60
[ 1385.565906][T14515] ipheth 5-1:8.39: Unable to find endpoints
[ 1385.597945][T14515] usb 5-1: USB disconnect, device number 43
[ 1385.619006][T27091] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4747'.
[ 1385.638369][T18633] usb 2-1: new full-speed USB device number 64 using dummy_hcd
[ 1385.646306][T27091] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4747'.
[ 1385.685339][T18633] usb 2-1: device descriptor read/8, error -71
[ 1385.716905][T27091] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4747'.
[ 1385.758751][T20094] usb 6-1: USB disconnect, device number 55
[ 1386.375737][T18633] usb 2-1: new full-speed USB device number 65 using dummy_hcd
[ 1386.622245][T18633] usb 2-1: device descriptor read/8, error -71
[ 1386.786782][T18633] usb usb2-port1: unable to enumerate USB device
[ 1387.593189][T27085] syz_tun: left allmulticast mode
[ 1387.661340][T27129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1387.673913][T27129] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1387.686132][T27129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1387.698149][T27129] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1389.064764][T27147] netdevsim netdevsim2: Direct firmware load for nel/config failed with error -2
[ 1389.111979][T27147] netdevsim netdevsim2: Falling back to sysfs fallback for: nel/config
[ 1389.132079][T27148] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4758'.
[ 1389.183953][T18424] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1389.289316][T18424] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1389.348955][T27156] netlink: 'syz.4.4761': attribute type 27 has an invalid length.
[ 1389.447506][T27156] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1389.454873][T27156] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1389.997145][T27156] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1390.025460][T27156] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1390.257362][T18424] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1390.375768][T27157] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1390.393426][T27157] 8021q: adding VLAN 0 to HW filter on device team0
[ 1390.430011][T27157] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1390.446515][T10487] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1390.560799][   T12] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1390.617052][   T12] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1390.681737][T10473] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1390.803502][T18424] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1390.868329][    T9] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1391.029534][T27167] tipc: Started in network mode
[ 1391.034468][T27167] tipc: Node identity d276deb50b8, cluster identity 4711
[ 1391.078532][T27167] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1391.085456][    T9] usb 5-1: Using ep0 maxpacket: 16
[ 1391.125834][    T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1391.137643][    T9] usb 5-1: config 0 has no interface number 0
[ 1391.152392][    T9] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1391.164155][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1391.173793][    T9] usb 5-1: Product: syz
[ 1391.178012][    T9] usb 5-1: Manufacturer: syz
[ 1391.192158][    T9] usb 5-1: SerialNumber: syz
[ 1391.210737][    T9] usb 5-1: config 0 descriptor??
[ 1391.230510][T18424] bridge_slave_1: left allmulticast mode
[ 1391.236167][T18424] bridge_slave_1: left promiscuous mode
[ 1391.262264][T18424] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1391.276236][    T9] gspca_main: spca1528-2.14.0 probing 04fc:1528
[ 1391.297109][T18424] bridge_slave_0: left allmulticast mode
[ 1391.319994][T18424] bridge_slave_0: left promiscuous mode
[ 1391.339677][T18424] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1391.376640][T17142] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1391.386406][T17142] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1391.394516][T17142] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1391.404937][T17142] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1391.415858][T17142] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1391.610961][T18424] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1391.646340][T18424] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1391.680414][T18424] bond0 (unregistering): Released all slaves
[ 1391.704003][T27168] syzkaller0: entered promiscuous mode
[ 1391.709759][T27168] syzkaller0: entered allmulticast mode
[ 1391.719616][T27173] tipc: Resetting bearer <eth:syzkaller0>
[ 1391.727863][T27165] tipc: Resetting bearer <eth:syzkaller0>
[ 1391.737102][T27165] tipc: Disabling bearer <eth:syzkaller0>
[ 1392.103399][T18424] hsr_slave_0: left promiscuous mode
[ 1392.123787][T18424] hsr_slave_1: left promiscuous mode
[ 1392.134368][T18424] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1392.144484][T18424] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1392.154347][T18424] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1392.163950][T18424] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1392.453088][T18424] veth1_macvtap: left promiscuous mode
[ 1392.473975][T18424] veth0_macvtap: left promiscuous mode
[ 1392.522472][T18424] veth1_vlan: left promiscuous mode
[ 1392.599182][T18424] veth0_vlan: left promiscuous mode
[ 1392.867944][    T9] gspca_spca1528: reg_w err -110
[ 1392.938602][    T9] spca1528 5-1:0.1: probe with driver spca1528 failed with error -110
[ 1393.235991][T18424] team0 (unregistering): Port device team_slave_1 removed
[ 1393.255912][T18424] team0 (unregistering): Port device team_slave_0 removed
[ 1393.455250][T17142] Bluetooth: hci3: command tx timeout
[ 1393.800033][ T5944] usb 5-1: USB disconnect, device number 44
[ 1394.324336][T27179] chnl_net:caif_netlink_parms(): no params data found
[ 1394.932682][T27179] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1394.974440][T27179] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1394.999409][T27179] bridge_slave_0: entered allmulticast mode
[ 1395.032837][T27179] bridge_slave_0: entered promiscuous mode
[ 1395.098718][T27179] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1395.138475][T27179] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1395.198666][T27179] bridge_slave_1: entered allmulticast mode
[ 1395.214938][T27179] bridge_slave_1: entered promiscuous mode
[ 1395.495249][T27179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1395.518074][T27179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1395.538479][T17142] Bluetooth: hci3: command tx timeout
[ 1395.553008][T27253] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4781'.
[ 1395.635735][T27262] futex_wake_op: syz.2.4782 tries to shift op by 32; fix this program
[ 1395.666359][T27179] team0: Port device team_slave_0 added
[ 1395.683818][T27179] team0: Port device team_slave_1 added
[ 1395.702767][T27267] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4784'.
[ 1395.713781][    T9] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[ 1395.861667][T27179] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1395.876775][T27271] binder: 27265:27271 ioctl 40044591 0 returned -22
[ 1395.883023][T27179] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1395.919975][    T9] usb 6-1: Using ep0 maxpacket: 32
[ 1395.926453][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1395.943112][    T9] usb 6-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[ 1395.953885][T27267] binder: 27265:27267 ioctl c0306201 200000000040 returned -14
[ 1395.966251][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1396.006386][    T9] usb 6-1: Product: syz
[ 1396.021848][    T9] usb 6-1: Manufacturer: syz
[ 1396.033528][    T9] usb 6-1: SerialNumber: syz
[ 1396.046899][    T9] usb 6-1: config 0 descriptor??
[ 1396.059578][T27179] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1396.061617][    T9] usb 6-1: bad CDC descriptors
[ 1396.092989][    T9] usb 6-1: unsupported MDLM descriptors
[ 1396.125399][T27179] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1396.216920][T27179] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1396.294101][T27179] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1396.415956][    T9] usb 6-1: USB disconnect, device number 56
[ 1396.486115][T27179] hsr_slave_0: entered promiscuous mode
[ 1396.492739][T27179] hsr_slave_1: entered promiscuous mode
[ 1396.513391][T27283] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4786'.
[ 1396.557101][T27283] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4786'.
[ 1396.604927][T18424] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1396.627514][T18424] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1396.665798][T18424] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1396.695170][T18424] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1397.383375][T27179] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1397.610703][T17142] Bluetooth: hci3: command tx timeout
[ 1397.621715][T27179] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1397.651434][T27179] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1397.689937][T27179] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1397.789828][T27179] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1397.848123][T27179] 8021q: adding VLAN 0 to HW filter on device team0
[ 1397.941250][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1397.948515][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1398.081880][T18424] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1398.089033][T18424] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1398.430044][T27179] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1398.658448][T27179] veth0_vlan: entered promiscuous mode
[ 1398.696245][T27179] veth1_vlan: entered promiscuous mode
[ 1398.799741][T27179] veth0_macvtap: entered promiscuous mode
[ 1398.840243][T27179] veth1_macvtap: entered promiscuous mode
[ 1398.867458][T27179] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1398.901818][T27328] netlink: 'syz.5.4793': attribute type 1 has an invalid length.
[ 1398.953233][T27179] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1399.004273][T18424] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1399.014822][T18424] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1399.081895][T18424] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1399.160954][T18424] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1399.210775][T27338] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4794'.
[ 1399.328970][T18424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1399.350942][T18424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1399.420527][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1399.486146][T27344] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4796'.
[ 1399.524061][T27344] syzkaller1: entered promiscuous mode
[ 1399.529787][T27344] syzkaller1: entered allmulticast mode
[ 1399.551791][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1399.688519][T17142] Bluetooth: hci3: command tx timeout
[ 1399.916280][T27353] pim6reg: entered allmulticast mode
[ 1400.010395][    T9] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1400.199623][    T9] usb 3-1: config 0 has no interfaces?
[ 1400.260142][    T9] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1400.278668][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1400.323411][    T9] usb 3-1: Product: syz
[ 1400.337766][    T9] usb 3-1: Manufacturer: syz
[ 1400.362112][    T9] usb 3-1: SerialNumber: syz
[ 1400.527527][    T9] usb 3-1: config 0 descriptor??
[ 1400.578356][ T5944] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1401.027982][ T5944] usb 5-1: config 0 has no interfaces?
[ 1401.064240][ T5944] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1401.078276][ T5944] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1401.148360][ T5944] usb 5-1: Product: syz
[ 1401.154702][ T5944] usb 5-1: Manufacturer: syz
[ 1401.178374][ T5944] usb 5-1: SerialNumber: syz
[ 1401.238495][ T5944] usb 5-1: config 0 descriptor??
[ 1403.119192][T21327] usb 3-1: USB disconnect, device number 61
[ 1403.605871][ T5944] usb 5-1: USB disconnect, device number 45
[ 1403.706884][T27394] netlink: 'syz.4.4804': attribute type 29 has an invalid length.
[ 1403.771434][T27397] netlink: 'syz.4.4804': attribute type 29 has an invalid length.
[ 1403.778600][ T5906] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 1403.811817][T27394] netlink: 500 bytes leftover after parsing attributes in process `syz.4.4804'.
[ 1404.212130][ T5906] usb 3-1: config 0 has no interfaces?
[ 1404.223398][ T5906] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1404.232738][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1404.267210][ T5906] usb 3-1: Product: syz
[ 1404.293318][ T5906] usb 3-1: Manufacturer: syz
[ 1404.313635][ T5906] usb 3-1: SerialNumber: syz
[ 1404.328987][ T5906] usb 3-1: config 0 descriptor??
[ 1404.414711][T27403] syz_tun: entered allmulticast mode
[ 1404.576966][T27391] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4803'.
[ 1405.242841][T27402] syz_tun: left allmulticast mode
[ 1406.819122][    T9] usb 3-1: USB disconnect, device number 62
[ 1407.493861][T27473] fuse: Invalid rootmode
[ 1408.451685][T27493] netdevsim netdevsim4: Direct firmware load for nel/config failed with error -2
[ 1408.465616][T27493] netdevsim netdevsim4: Falling back to sysfs fallback for: nel/config
[ 1408.522159][T27494] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4822'.
[ 1408.798320][ T5906] usb 3-1: new full-speed USB device number 63 using dummy_hcd
[ 1408.963165][ T5906] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1408.971881][ T5906] usb 3-1: not running at top speed; connect to a high speed hub
[ 1409.034185][ T5906] usb 3-1: config 36 has an invalid interface number: 241 but max is 0
[ 1409.042995][ T5906] usb 3-1: config 36 has no interface number 0
[ 1409.049869][ T5906] usb 3-1: config 36 interface 241 has no altsetting 0
[ 1409.059328][ T5906] usb 3-1: New USB device found, idVendor=110a, idProduct=1451, bcdDevice=97.99
[ 1409.069026][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1409.077245][ T5906] usb 3-1: Product: syz
[ 1409.085446][ T5906] usb 3-1: Manufacturer: syz
[ 1409.091847][ T5906] usb 3-1: SerialNumber: syz
[ 1409.314069][ T5906] mxuport 3-1:36.241: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[ 1409.343354][ T5906] mxuport 3-1:36.241: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[ 1409.370718][ T5906] mxuport 3-1:36.241: probe with driver mxuport failed with error -71
[ 1409.399658][ T5906] usb 3-1: USB disconnect, device number 63
[ 1410.830598][T27537] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1410.837862][T27537] IPv6: NLM_F_CREATE should be set when creating new route
[ 1412.273766][T27549] fuse: Bad value for 'rootmode'
[ 1412.668346][ T5906] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1412.859911][ T5906] usb 3-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[ 1412.890933][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1412.968442][ T5906] usb 3-1: Product: syz
[ 1412.998334][ T5906] usb 3-1: Manufacturer: syz
[ 1413.003026][ T5906] usb 3-1: SerialNumber: syz
[ 1413.014934][ T5906] usb 3-1: config 0 descriptor??
[ 1413.223587][T27549] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4839'.
[ 1413.266836][ T5906] cx82310_eth 3-1:0.0: probe with driver cx82310_eth failed with error -22
[ 1413.286770][ T5906] cxacru 3-1:0.0: usbatm_usb_probe: bind failed: -19!
[ 1413.298191][ T5906] usb 3-1: USB disconnect, device number 64
[ 1413.689294][  T978] usb 6-1: new high-speed USB device number 57 using dummy_hcd
[ 1413.828543][  T978] usb 6-1: device descriptor read/64, error -71
[ 1414.113870][  T978] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[ 1414.268754][  T978] usb 6-1: device descriptor read/64, error -71
[ 1414.386365][  T978] usb usb6-port1: attempt power cycle
[ 1414.735216][  T978] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[ 1414.808836][  T978] usb 6-1: device descriptor read/8, error -71
[ 1415.098362][  T978] usb 6-1: new high-speed USB device number 60 using dummy_hcd
[ 1415.139167][  T978] usb 6-1: device descriptor read/8, error -71
[ 1415.251909][  T978] usb usb6-port1: unable to enumerate USB device
[ 1415.329850][T27587] FAULT_INJECTION: forcing a failure.
[ 1415.329850][T27587] name failslab, interval 1, probability 0, space 0, times 0
[ 1415.343056][T27587] CPU: 0 UID: 0 PID: 27587 Comm: syz.4.4848 Not tainted syzkaller #0 PREEMPT(full) 
[ 1415.343078][T27587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1415.343088][T27587] Call Trace:
[ 1415.343097][T27587]  <TASK>
[ 1415.343106][T27587]  dump_stack_lvl+0x189/0x250
[ 1415.343136][T27587]  ? __pfx____ratelimit+0x10/0x10
[ 1415.343166][T27587]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1415.343193][T27587]  ? __pfx__printk+0x10/0x10
[ 1415.343224][T27587]  ? __mutex_trylock_common+0x153/0x260
[ 1415.343243][T27587]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1415.343261][T27587]  should_fail_ex+0x414/0x560
[ 1415.343284][T27587]  should_failslab+0xa8/0x100
[ 1415.343307][T27587]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1415.343328][T27587]  ? __hw_addr_add_ex+0x1f4/0x770
[ 1415.343346][T27587]  __hw_addr_add_ex+0x1f4/0x770
[ 1415.343364][T27587]  dev_addr_init+0x14f/0x230
[ 1415.343380][T27587]  ? __pfx_dev_addr_init+0x10/0x10
[ 1415.343396][T27587]  ? trace_kmalloc+0x1f/0xd0
[ 1415.343418][T27587]  alloc_netdev_mqs+0x2ae/0x11b0
[ 1415.343436][T27587]  ? __pfx_ppp_setup+0x10/0x10
[ 1415.343451][T27587]  ppp_ioctl+0x634/0x19a0
[ 1415.343470][T27587]  ? __pfx_ppp_ioctl+0x10/0x10
[ 1415.343487][T27587]  ? ksys_write+0x1e1/0x250
[ 1415.343510][T27587]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1415.343529][T27587]  ? __pfx_ppp_ioctl+0x10/0x10
[ 1415.343543][T27587]  __se_sys_ioctl+0xf9/0x170
[ 1415.343563][T27587]  do_syscall_64+0xfa/0x3b0
[ 1415.343586][T27587]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1415.343601][T27587]  ? clear_bhb_loop+0x60/0xb0
[ 1415.343618][T27587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1415.343633][T27587] RIP: 0033:0x7f5aacd8ebe9
[ 1415.343647][T27587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1415.343660][T27587] RSP: 002b:00007f5aadcc4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1415.343677][T27587] RAX: ffffffffffffffda RBX: 00007f5aacfb5fa0 RCX: 00007f5aacd8ebe9
[ 1415.343689][T27587] RDX: 0000200000000000 RSI: 00000000c004743e RDI: 0000000000000003
[ 1415.343700][T27587] RBP: 00007f5aadcc4090 R08: 0000000000000000 R09: 0000000000000000
[ 1415.343710][T27587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1415.343720][T27587] R13: 00007f5aacfb6038 R14: 00007f5aacfb5fa0 R15: 00007f5aad0dfa28
[ 1415.343737][T27587]  </TASK>
[ 1415.577288][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1415.640026][ T5944] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1415.798372][ T5944] usb 3-1: Using ep0 maxpacket: 16
[ 1415.805887][ T5944] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1415.816866][ T5944] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1415.827847][ T5944] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1415.840712][ T5944] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1415.849992][ T5944] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1415.859953][ T5944] usb 3-1: config 0 descriptor??
[ 1416.280972][ T5944] shield 0003:0955:7214.002A: unknown main item tag 0x0
[ 1416.288140][ T5944] shield 0003:0955:7214.002A: item fetching failed at offset 1/5
[ 1416.309055][ T5944] shield 0003:0955:7214.002A: Parse failed
[ 1416.315078][ T5944] shield 0003:0955:7214.002A: probe with driver shield failed with error -22
[ 1416.401797][T27592] fuse: Unknown parameter 'gro�8y�^���p_id'
[ 1416.504001][ T5906] usb 3-1: USB disconnect, device number 65
[ 1417.181396][T27604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4854'.
[ 1418.470423][ T5944] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 1418.628622][T27619] fuse: Bad value for 'fd'
[ 1418.638368][ T5944] usb 5-1: Using ep0 maxpacket: 16
[ 1418.695641][ T5944] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1418.731779][ T5944] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1418.754993][ T5944] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[ 1418.797354][T27621] ptrace attach of "./syz-executor exec"[26028] was attempted by "./syz-executor exec"[27621]
[ 1418.901550][ T5944] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1418.922742][ T5944] usb 5-1: config 0 descriptor??
[ 1419.205568][T27625] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4861'.
[ 1419.310329][T27625] geneve2: entered promiscuous mode
[ 1419.338664][T27625] geneve2: entered allmulticast mode
[ 1419.369242][ T5944] corsair 0003:1B1C:1B02.002B: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.4-1/input0
[ 1419.431100][ T5184] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1419.441444][ T5184] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1419.449256][ T5184] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1419.457024][ T5184] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1419.465456][ T5184] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1419.774455][ T5944] usb 5-1: USB disconnect, device number 46
[ 1420.006754][T27631] chnl_net:caif_netlink_parms(): no params data found
[ 1420.101482][T27631] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1420.113201][T27631] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1420.121013][T27631] bridge_slave_0: entered allmulticast mode
[ 1420.129395][T27631] bridge_slave_0: entered promiscuous mode
[ 1420.140595][T27631] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1420.148352][T27631] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1420.158005][T27631] bridge_slave_1: entered allmulticast mode
[ 1420.165405][T27631] bridge_slave_1: entered promiscuous mode
[ 1420.219904][T27631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1420.243287][T27631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1420.346556][T27631] team0: Port device team_slave_0 added
[ 1420.355409][T27631] team0: Port device team_slave_1 added
[ 1420.462397][T27631] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1420.472019][T27631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1420.497903][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1420.527286][T27631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1420.556634][T27631] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1420.575301][T27631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1420.601745][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1420.677040][T27631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1420.818045][T27631] hsr_slave_0: entered promiscuous mode
[ 1420.829188][T27631] hsr_slave_1: entered promiscuous mode
[ 1420.844814][T27631] debugfs: 'hsr0' already exists in 'hsr'
[ 1420.854493][T27631] Cannot create hsr debugfs directory
[ 1421.549647][ T5184] Bluetooth: hci6: command tx timeout
[ 1421.893766][T27631] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1421.917620][T27631] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1422.026443][T27631] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1422.055633][T27631] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1422.575077][T27631] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1422.919720][T27631] 8021q: adding VLAN 0 to HW filter on device team0
[ 1423.053589][T18424] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1423.060754][T18424] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1423.131499][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.137848][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.167747][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1423.174899][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1423.472432][T27631] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1423.620531][ T5184] Bluetooth: hci6: command tx timeout
[ 1423.737938][T27631] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1423.839250][T27631] veth0_vlan: entered promiscuous mode
[ 1423.883311][T27631] veth1_vlan: entered promiscuous mode
[ 1423.904700][T27704] netlink: 164 bytes leftover after parsing attributes in process `syz.4.4875'.
[ 1423.949643][T27705] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4873'.
[ 1423.961248][T27631] veth0_macvtap: entered promiscuous mode
[ 1423.971993][T27631] veth1_macvtap: entered promiscuous mode
[ 1423.980821][   T30] kauditd_printk_skb: 17 callbacks suppressed
[ 1423.980837][   T30] audit: type=1326 audit(1755834508.867:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27706 comm="syz.5.4876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a0b58ebe9 code=0x7ffc0000
[ 1424.009400][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1424.028402][T27631] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1424.036290][   T30] audit: type=1326 audit(1755834508.867:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27706 comm="syz.5.4876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a0b58ebe9 code=0x7ffc0000
[ 1424.063794][   T30] audit: type=1326 audit(1755834508.907:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27706 comm="syz.5.4876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4a0b58ebe9 code=0x7ffc0000
[ 1424.101771][T27631] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1424.117538][   T30] audit: type=1326 audit(1755834508.907:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27706 comm="syz.5.4876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a0b58ebe9 code=0x7ffc0000
[ 1424.141637][T10481] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1424.143203][   T30] audit: type=1326 audit(1755834508.907:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27706 comm="syz.5.4876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4a0b58ebe9 code=0x7ffc0000
[ 1424.155247][T10481] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1424.216705][   T30] audit: type=1326 audit(1755834508.907:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27706 comm="syz.5.4876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a0b58ebe9 code=0x7ffc0000
[ 1424.243001][   T30] audit: type=1326 audit(1755834508.907:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27706 comm="syz.5.4876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a0b58ebe9 code=0x7ffc0000
[ 1424.294333][T10481] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1424.305458][T10481] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1424.462054][T10473] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1424.508154][T10473] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1424.667744][T27714] pim6reg1: entered promiscuous mode
[ 1424.673300][T27714] pim6reg1: entered allmulticast mode
[ 1424.794757][T10481] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1424.823318][T10481] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1425.265979][T27718] netlink: 'syz.4.4878': attribute type 126 has an invalid length.
[ 1425.525093][T27722] xt_limit: Overflow, try lower: 604147548/4200216962
[ 1425.692306][ T5184] Bluetooth: hci6: command tx timeout
[ 1425.807255][T27726] fuse: Bad value for 'fd'
[ 1426.040431][T27732] overlayfs: missing 'lowerdir'
[ 1426.070054][T27734] ptrace attach of "./syz-executor exec"[26656] was attempted by "./syz-executor exec"[27734]
[ 1426.498623][ T5944] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[ 1426.962522][ T5944] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1427.018860][ T5944] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1427.048755][ T5944] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1427.084932][ T5944] usb 6-1: Product: syz
[ 1427.103356][ T5944] usb 6-1: Manufacturer: syz
[ 1427.134306][ T5944] usb 6-1: SerialNumber: syz
[ 1427.165841][ T5944] usb 6-1: config 0 descriptor??
[ 1427.215026][ T5944] garmin_gps 6-1:0.0: Garmin GPS usb/tty converter detected
[ 1427.280804][ T5944] garmin_gps ttyUSB0: failed to submit interrupt urb: -22
[ 1427.320058][ T5944] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -22
[ 1427.768889][ T5184] Bluetooth: hci6: command tx timeout
[ 1428.533376][T27759] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1428.843501][ T5906] usb 6-1: USB disconnect, device number 61
[ 1428.853833][ T5906] garmin_gps 6-1:0.0: device disconnected
[ 1430.616303][T27793] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1430.630998][T27793] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1431.821244][T27801] FAULT_INJECTION: forcing a failure.
[ 1431.821244][T27801] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1431.850097][T27801] CPU: 0 UID: 0 PID: 27801 Comm: syz.6.4898 Not tainted syzkaller #0 PREEMPT(full) 
[ 1431.850126][T27801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1431.850141][T27801] Call Trace:
[ 1431.850150][T27801]  <TASK>
[ 1431.850159][T27801]  dump_stack_lvl+0x189/0x250
[ 1431.850190][T27801]  ? __pfx____ratelimit+0x10/0x10
[ 1431.850227][T27801]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1431.850253][T27801]  ? __pfx__printk+0x10/0x10
[ 1431.850299][T27801]  ? __might_fault+0xb0/0x130
[ 1431.850344][T27801]  ? n_hdlc_send_frames+0x9b5/0x9e0
[ 1431.850379][T27801]  ? rcu_is_watching+0x15/0xb0
[ 1431.850402][T27801]  should_fail_ex+0x414/0x560
[ 1431.850432][T27801]  _copy_from_iter+0x1db/0x16f0
[ 1431.850456][T27801]  ? n_hdlc_tty_write+0x167/0x890
[ 1431.850498][T27801]  ? __pfx__copy_from_iter+0x10/0x10
[ 1431.850517][T27801]  ? __pfx_default_wake_function+0x10/0x10
[ 1431.850548][T27801]  ? file_tty_write+0x323/0xa20
[ 1431.850579][T27801]  ? iov_iter_revert+0x1eb/0x5f0
[ 1431.850600][T27801]  ? kfree+0x4d/0x440
[ 1431.850629][T27801]  file_tty_write+0x4bc/0xa20
[ 1431.850663][T27801]  vfs_write+0x5c9/0xb30
[ 1431.850693][T27801]  ? __pfx_tty_write+0x10/0x10
[ 1431.850723][T27801]  ? __pfx_vfs_write+0x10/0x10
[ 1431.850755][T27801]  ? __fget_files+0x2a/0x420
[ 1431.850790][T27801]  ksys_write+0x145/0x250
[ 1431.850819][T27801]  ? __pfx_ksys_write+0x10/0x10
[ 1431.850845][T27801]  ? rcu_is_watching+0x15/0xb0
[ 1431.850869][T27801]  ? rcu_is_watching+0x15/0xb0
[ 1431.850891][T27801]  do_syscall_64+0xfa/0x3b0
[ 1431.850922][T27801]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1431.850943][T27801]  ? clear_bhb_loop+0x60/0xb0
[ 1431.850967][T27801]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1431.850988][T27801] RIP: 0033:0x7feb5958ebe9
[ 1431.851008][T27801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1431.851027][T27801] RSP: 002b:00007feb5a3ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1431.851050][T27801] RAX: ffffffffffffffda RBX: 00007feb597b6180 RCX: 00007feb5958ebe9
[ 1431.851066][T27801] RDX: 00000000fffffdef RSI: 0000200000001040 RDI: 0000000000000007
[ 1431.851081][T27801] RBP: 00007feb5a3ce090 R08: 0000000000000000 R09: 0000000000000000
[ 1431.851095][T27801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1431.851109][T27801] R13: 00007feb597b6218 R14: 00007feb597b6180 R15: 00007feb598dfa28
[ 1431.851133][T27801]  </TASK>
[ 1432.401492][T27804] netlink: 212408 bytes leftover after parsing attributes in process `syz.7.4900'.
[ 1432.724061][T27811] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4901'.
[ 1433.302314][T26671] bridge_slave_1: left allmulticast mode
[ 1433.313088][T26671] bridge_slave_1: left promiscuous mode
[ 1433.358483][T26671] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1433.387092][T26671] bridge_slave_0: left allmulticast mode
[ 1433.403632][T26671] bridge_slave_0: left promiscuous mode
[ 1433.425179][T26671] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1433.883837][T27828] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4903'.
[ 1434.013498][T26671] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1434.057263][T27831] netlink: 84 bytes leftover after parsing attributes in process `syz.6.4904'.
[ 1434.095695][T26671] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1434.121476][T26671] bond0 (unregistering): Released all slaves
[ 1434.156362][T17142] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1434.168840][T17142] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1434.177354][T17142] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1434.185334][T17142] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1434.196051][T17142] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1434.606192][T27846] ptrace attach of "./syz-executor exec"[26558] was attempted by "./syz-executor exec"[27846]
[ 1435.249250][T27848] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x1f
[ 1436.257295][T17142] Bluetooth: hci4: command tx timeout
[ 1436.430937][T27834] chnl_net:caif_netlink_parms(): no params data found
[ 1436.532057][T26671] hsr_slave_0: left promiscuous mode
[ 1436.555225][T27869] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1436.697879][T26671] hsr_slave_1: left promiscuous mode
[ 1436.703737][T26671] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1436.714179][T26671] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1437.446084][T26671] team0 (unregistering): Port device team_slave_1 removed
[ 1437.464850][T26671] team0 (unregistering): Port device team_slave_0 removed
[ 1438.031919][T27834] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1438.069155][T27834] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1438.086656][T27834] bridge_slave_0: entered allmulticast mode
[ 1438.126167][T27834] bridge_slave_0: entered promiscuous mode
[ 1438.261003][T27834] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1438.275089][T27834] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1438.290020][T27834] bridge_slave_1: entered allmulticast mode
[ 1438.319935][T27834] bridge_slave_1: entered promiscuous mode
[ 1438.339566][T17142] Bluetooth: hci4: command tx timeout
[ 1438.414861][T27834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1438.483422][T27834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1438.802449][T27898] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4914'.
[ 1439.116716][T27898] syzkaller1: entered promiscuous mode
[ 1439.123025][T27898] syzkaller1: entered allmulticast mode
[ 1439.139321][T27834] team0: Port device team_slave_0 added
[ 1439.183334][T27834] team0: Port device team_slave_1 added
[ 1439.598695][T27834] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1439.605788][T27834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1439.790171][T27834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1439.842950][T27834] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1439.855231][T27834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1439.939169][T27834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1440.084910][T27834] hsr_slave_0: entered promiscuous mode
[ 1440.105723][T27834] hsr_slave_1: entered promiscuous mode
[ 1440.116141][T27834] debugfs: 'hsr0' already exists in 'hsr'
[ 1440.122641][T27834] Cannot create hsr debugfs directory
[ 1440.418657][T17142] Bluetooth: hci4: command tx timeout
[ 1440.565092][T27834] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1440.585054][T27834] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1440.616603][T27834] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1440.637222][T27834] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1440.792743][T27834] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1440.913789][T27834] 8021q: adding VLAN 0 to HW filter on device team0
[ 1441.055002][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1441.062198][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1441.120248][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1441.127438][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1441.549916][T27834] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1441.586809][T27834] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1442.043217][T27834] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1442.127746][T27834] veth0_vlan: entered promiscuous mode
[ 1442.141165][T27834] veth1_vlan: entered promiscuous mode
[ 1442.525308][T17142] Bluetooth: hci4: command tx timeout
[ 1442.753272][T27834] veth0_macvtap: entered promiscuous mode
[ 1442.822889][T27834] veth1_macvtap: entered promiscuous mode
[ 1442.907346][T27834] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1442.937478][T27834] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1443.000560][T26671] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1443.012720][T26671] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1443.042319][T26671] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1443.070000][T26671] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1443.522419][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1443.569993][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1443.604392][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1443.641828][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1443.727068][T27997] binder: 27996:27997 ioctl c018620c 200000000640 returned -22
[ 1443.737027][T27997] binder: 27996:27997 ioctl ae01 8 returned -22
[ 1443.774575][T27998] usb usb8: usbfs: process 27998 (syz.6.4931) did not claim interface 0 before use
[ 1443.864932][ T5906] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[ 1444.018546][ T5906] usb 6-1: Using ep0 maxpacket: 16
[ 1444.026678][ T5906] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[ 1444.042447][ T5906] usb 6-1: config 0 has no interface number 0
[ 1444.135857][ T5906] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1444.274145][ T5906] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1444.299667][ T5906] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1444.308927][ T5906] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1444.317231][ T5906] usb 6-1: Product: syz
[ 1444.323042][ T5906] usb 6-1: SerialNumber: syz
[ 1444.356123][ T5906] usb 6-1: config 0 descriptor??
[ 1444.369496][ T5906] cm109 6-1:0.8: invalid payload size 0, expected 4
[ 1444.598519][ T5906] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.8/input/input108
[ 1444.618384][  T978] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[ 1444.629056][    C1] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1444.636283][    C1] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1444.643573][    C1] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1444.650874][    C1] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1444.658142][    C1] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1444.665327][    C1] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1444.672464][    C1] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1444.679579][    C1] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1444.686773][    C1] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1444.693890][    C1] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1444.768948][ T5906] usb 6-1: USB disconnect, device number 62
[ 1444.774966][    C1] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1444.804726][  T978] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1444.811566][ T5944] usb 3-1: new full-speed USB device number 66 using dummy_hcd
[ 1444.819925][  T978] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[ 1444.838414][  T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1444.848125][ T5906] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1444.877328][  T978] usb 5-1: config 0 descriptor??
[ 1444.958870][ T5944] usb 3-1: device descriptor read/64, error -71
[ 1445.208784][ T5944] usb 3-1: new full-speed USB device number 67 using dummy_hcd
[ 1445.378878][ T5944] usb 3-1: device descriptor read/64, error -71
[ 1445.517240][ T5944] usb usb3-port1: attempt power cycle
[ 1445.588517][ T5906] usb 6-1: new full-speed USB device number 63 using dummy_hcd
[ 1445.761511][ T5906] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1445.772011][ T5906] usb 6-1: not running at top speed; connect to a high speed hub
[ 1445.784463][ T5906] usb 6-1: config 12 has an invalid interface number: 184 but max is 0
[ 1445.797335][ T5906] usb 6-1: config 12 has no interface number 0
[ 1445.804014][ T5906] usb 6-1: config 12 interface 184 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[ 1445.826549][ T5906] usb 6-1: New USB device found, idVendor=0499, idProduct=100d, bcdDevice=84.a2
[ 1445.838169][ T5906] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1445.860700][ T5906] usb 6-1: Product: syz
[ 1445.867840][ T5906] usb 6-1: Manufacturer: syz
[ 1445.879457][ T5906] usb 6-1: SerialNumber: syz
[ 1445.879509][ T5944] usb 3-1: new full-speed USB device number 68 using dummy_hcd
[ 1445.915190][ T5944] usb 3-1: device descriptor read/8, error -71
[ 1445.922695][  T978] video4linux radio48: keene_cmd_set failed (-71)
[ 1445.929879][  T978] radio-keene 5-1:0.0: V4L2 device registered as radio48
[ 1446.083485][  T978] usb 5-1: USB disconnect, device number 47
[ 1446.115938][T28026] input: syz0 as /devices/virtual/input/input109
[ 1446.169031][T28026] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1446.193743][T28026] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1446.201574][ T5944] usb 3-1: new full-speed USB device number 69 using dummy_hcd
[ 1446.283471][ T5906] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1446.385203][ T5944] usb 3-1: device descriptor read/8, error -71
[ 1446.422783][ T5906] usb 6-1: USB disconnect, device number 63
[ 1446.511247][ T5944] usb usb3-port1: unable to enumerate USB device
[ 1446.822292][T28047] bond1: entered promiscuous mode
[ 1446.827560][T28047] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1446.999560][T28058] netlink: 256 bytes leftover after parsing attributes in process `syz.5.4941'.
[ 1447.597551][T28071] veth1_macvtap: left promiscuous mode
[ 1447.748283][T18633] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[ 1447.985461][T18633] usb 3-1: Using ep0 maxpacket: 32
[ 1448.012843][T18633] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1448.033280][T18633] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1448.052609][T18633] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1448.115175][T18633] usb 3-1: Product: syz
[ 1448.149601][T18633] usb 3-1: Manufacturer: syz
[ 1448.171155][T18633] usb 3-1: SerialNumber: syz
[ 1448.216950][T18633] usb 3-1: config 0 descriptor??
[ 1448.328972][T28094] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1448.718445][T18633] gs_usb 3-1:0.0: Configuring for 196 interfaces
[ 1448.858250][T18633] gs_usb 3-1:0.0: Driver cannot handle more that 3 CAN interfaces
[ 1448.866145][T18633] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22
[ 1449.998406][ T5906] usb 5-1: new full-speed USB device number 48 using dummy_hcd
[ 1450.614238][ T5906] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[ 1450.628169][ T5906] usb 5-1: config 0 has an invalid interface number: 2 but max is -1
[ 1450.935120][ T5906] usb 5-1: config 0 has an invalid interface number: 2 but max is -1
[ 1450.990309][    T9] usb 3-1: USB disconnect, device number 70
[ 1451.162061][ T5906] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1451.223529][ T5906] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1451.280283][   T30] audit: type=1326 audit(1755834536.157:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28152 comm="syz.2.4958" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f85e0d8ebe9 code=0x0
[ 1451.310588][ T5906] usb 5-1: config 0 has no interface number 0
[ 1451.352136][ T5906] usb 5-1: config 0 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1451.473037][ T5906] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1451.484681][    T9] usb 6-1: new low-speed USB device number 64 using dummy_hcd
[ 1451.544366][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1451.648460][ T5906] usb 5-1: Product: syz
[ 1451.652743][ T5906] usb 5-1: Manufacturer: syz
[ 1451.657723][ T5906] usb 5-1: SerialNumber: syz
[ 1451.659356][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1451.682750][ T5906] usb 5-1: config 0 descriptor??
[ 1451.718055][    T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1451.877619][    T9] usb 6-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00
[ 1451.914120][T28129] netlink: 'syz.4.4952': attribute type 29 has an invalid length.
[ 1451.923273][T28129] netlink: 'syz.4.4952': attribute type 29 has an invalid length.
[ 1451.943394][ T5906] usb 5-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[ 1451.951196][ T5906] usb 5-1: MIDIStreaming interface descriptor not found
[ 1452.012328][ T5906] usb 5-1: USB disconnect, device number 48
[ 1452.115586][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1452.134690][    T9] usb 6-1: config 0 descriptor??
[ 1452.500419][T28171] openvswitch: netlink: Multiple metadata blocks provided
[ 1452.521306][T17142] Bluetooth: hci5: SCO packet for unknown connection handle 201
[ 1452.642499][T28174] FAULT_INJECTION: forcing a failure.
[ 1452.642499][T28174] name failslab, interval 1, probability 0, space 0, times 0
[ 1452.700793][T28174] CPU: 1 UID: 0 PID: 28174 Comm: syz.4.4962 Not tainted syzkaller #0 PREEMPT(full) 
[ 1452.700824][T28174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1452.700836][T28174] Call Trace:
[ 1452.700847][T28174]  <TASK>
[ 1452.700857][T28174]  dump_stack_lvl+0x189/0x250
[ 1452.700889][T28174]  ? __pfx____ratelimit+0x10/0x10
[ 1452.700919][T28174]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1452.700944][T28174]  ? __pfx__printk+0x10/0x10
[ 1452.700972][T28174]  ? __pfx___might_resched+0x10/0x10
[ 1452.700994][T28174]  ? lock_acquire+0x5f/0x360
[ 1452.701026][T28174]  should_fail_ex+0x414/0x560
[ 1452.701056][T28174]  should_failslab+0xa8/0x100
[ 1452.701086][T28174]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1452.701112][T28174]  ? security_file_alloc+0x34/0x330
[ 1452.701132][T28174]  security_file_alloc+0x34/0x330
[ 1452.701152][T28174]  init_file+0x93/0x2f0
[ 1452.701175][T28174]  alloc_empty_file+0x6e/0x1d0
[ 1452.701197][T28174]  path_openat+0x107/0x3830
[ 1452.701238][T28174]  ? arch_stack_walk+0xfc/0x150
[ 1452.701267][T28174]  ? stack_trace_save+0x9c/0xe0
[ 1452.701285][T28174]  ? stack_depot_save_flags+0x40/0x860
[ 1452.701357][T28174]  ? kasan_save_track+0x4f/0x80
[ 1452.701384][T28174]  ? kasan_save_track+0x3e/0x80
[ 1452.701417][T28174]  ? __kasan_slab_alloc+0x6c/0x80
[ 1452.701437][T28174]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1452.701457][T28174]  ? getname_flags+0xb8/0x540
[ 1452.701478][T28174]  ? __pfx_path_openat+0x10/0x10
[ 1452.701504][T28174]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1452.701534][T28174]  do_filp_open+0x1fa/0x410
[ 1452.701561][T28174]  ? __pfx_do_filp_open+0x10/0x10
[ 1452.701587][T28174]  ? _raw_spin_unlock+0x28/0x50
[ 1452.701606][T28174]  ? alloc_fd+0x64c/0x6c0
[ 1452.701643][T28174]  do_sys_openat2+0x121/0x1c0
[ 1452.701668][T28174]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1452.701691][T28174]  ? ksys_write+0x22a/0x250
[ 1452.701719][T28174]  ? __pfx_ksys_write+0x10/0x10
[ 1452.701739][T28174]  ? rcu_is_watching+0x15/0xb0
[ 1452.701755][T28174]  __x64_sys_openat+0x138/0x170
[ 1452.701780][T28174]  do_syscall_64+0xfa/0x3b0
[ 1452.701813][T28174]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1452.701834][T28174]  ? clear_bhb_loop+0x60/0xb0
[ 1452.701858][T28174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1452.701874][T28174] RIP: 0033:0x7f7f25d8ebe9
[ 1452.701888][T28174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1452.701902][T28174] RSP: 002b:00007f7f26c5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1452.701924][T28174] RAX: ffffffffffffffda RBX: 00007f7f25fb5fa0 RCX: 00007f7f25d8ebe9
[ 1452.701942][T28174] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 1452.701958][T28174] RBP: 00007f7f26c5e090 R08: 0000000000000000 R09: 0000000000000000
[ 1452.701972][T28174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1452.701986][T28174] R13: 00007f7f25fb6038 R14: 00007f7f25fb5fa0 R15: 00007f7f260dfa28
[ 1452.702010][T28174]  </TASK>
[ 1454.306483][T28184] loop6: detected capacity change from 0 to 1
[ 1454.325438][T28184] Dev loop6: unable to read RDB block 1
[ 1454.338311][T28184]  loop6: unable to read partition table
[ 1454.349174][T28160] warn_alloc: 1 callbacks suppressed
[ 1454.349192][T28160] syz.5.4959: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null)
[ 1454.353735][T28184] loop6: partition table beyond EOD, 
[ 1454.413260][T28160] ,cpuset=
[ 1454.426205][T28184] truncated
[ 1454.441439][T28160] /,mems_allowed=0-1
[ 1454.445420][T28160] CPU: 1 UID: 0 PID: 28160 Comm: syz.5.4959 Not tainted syzkaller #0 PREEMPT(full) 
[ 1454.445448][T28160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1454.445463][T28160] Call Trace:
[ 1454.445472][T28160]  <TASK>
[ 1454.445482][T28160]  dump_stack_lvl+0x189/0x250
[ 1454.445514][T28160]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[ 1454.445547][T28160]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1454.445574][T28160]  ? __pfx__printk+0x10/0x10
[ 1454.445604][T28160]  ? lock_release+0x4b/0x3e0
[ 1454.445638][T28160]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1454.445669][T28160]  warn_alloc+0x214/0x310
[ 1454.445707][T28160]  ? __pfx_warn_alloc+0x10/0x10
[ 1454.445744][T28160]  ? __get_vm_area_node+0x28f/0x300
[ 1454.445776][T28160]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1454.445800][T28160]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1454.445848][T28160]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1454.445884][T28160]  ? __kasan_kmalloc+0x93/0xb0
[ 1454.445916][T28160]  vmalloc_user_noprof+0xad/0xf0
[ 1454.445949][T28160]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1454.445971][T28160]  vb2_vmalloc_alloc+0xef/0x340
[ 1454.445992][T28160]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1454.446013][T28160]  __vb2_queue_alloc+0x9bf/0x15a0
[ 1454.446059][T28160]  vb2_core_reqbufs+0xc31/0x1420
[ 1454.446100][T28160]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1454.446132][T28160]  ? vb2_verify_memory_type+0x1fc/0x570
[ 1454.446167][T28160]  ? vb2_reqbufs+0x3a9/0x630
[ 1454.446201][T28160]  v4l2_m2m_ioctl_reqbufs+0x10d/0x200
[ 1454.446229][T28160]  __video_do_ioctl+0xc98/0xdb0
[ 1454.446255][T28160]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1454.446278][T28160]  ? __might_fault+0xb0/0x130
[ 1454.446316][T28160]  ? __might_fault+0xcc/0x130
[ 1454.446348][T28160]  video_usercopy+0x86e/0x14f0
[ 1454.446375][T28160]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1454.446409][T28160]  ? __pfx_video_usercopy+0x10/0x10
[ 1454.446437][T28160]  ? __fget_files+0x2a/0x420
[ 1454.446469][T28160]  ? __fget_files+0x3a0/0x420
[ 1454.446502][T28160]  v4l2_ioctl+0x18a/0x1e0
[ 1454.446536][T28160]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1454.446569][T28160]  __se_sys_ioctl+0xf9/0x170
[ 1454.446596][T28160]  do_syscall_64+0xfa/0x3b0
[ 1454.446629][T28160]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1454.446652][T28160]  ? clear_bhb_loop+0x60/0xb0
[ 1454.446676][T28160]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1454.446698][T28160] RIP: 0033:0x7f4a0b58ebe9
[ 1454.446717][T28160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1454.446737][T28160] RSP: 002b:00007f4a0c4aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1454.446759][T28160] RAX: ffffffffffffffda RBX: 00007f4a0b7b5fa0 RCX: 00007f4a0b58ebe9
[ 1454.446776][T28160] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000007
[ 1454.446791][T28160] RBP: 00007f4a0b611e19 R08: 0000000000000000 R09: 0000000000000000
[ 1454.446805][T28160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1454.446819][T28160] R13: 00007f4a0b7b6038 R14: 00007f4a0b7b5fa0 R15: 00007f4a0b8dfa28
[ 1454.446844][T28160]  </TASK>
[ 1454.446853][T28160] Mem-Info:
[ 1454.858701][T28184] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[ 1455.338625][T28160] active_anon:7260 inactive_anon:0 isolated_anon:0
[ 1455.338625][T28160]  active_file:19361 inactive_file:40506 isolated_file:0
[ 1455.338625][T28160]  unevictable:1968 dirty:207 writeback:0
[ 1455.338625][T28160]  slab_reclaimable:7139 slab_unreclaimable:109209
[ 1455.338625][T28160]  mapped:45917 shmem:2571 pagetables:1623
[ 1455.338625][T28160]  sec_pagetables:0 bounce:0
[ 1455.338625][T28160]  kernel_misc_reclaimable:0
[ 1455.338625][T28160]  free:1224427 free_pcp:17532 free_cma:0
[ 1455.591623][T28160] Node 0 active_anon:29340kB inactive_anon:0kB active_file:77312kB inactive_file:161820kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:178736kB dirty:828kB writeback:0kB shmem:4148kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12996kB pagetables:6224kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1455.693238][T28160] Node 1 active_anon:0kB inactive_anon:0kB active_file:32kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:32kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1455.777932][T28160] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1455.816446][T28160] lowmem_reserve[]: 0 2497 2499 2499 2499
[ 1455.825106][T28160] Node 0 DMA32 free:998832kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:29192kB inactive_anon:0kB active_file:77312kB inactive_file:160244kB unevictable:1536kB writepending:828kB present:3129332kB managed:2557460kB mlocked:0kB bounce:0kB free_pcp:54236kB local_pcp:25492kB free_cma:0kB
[ 1456.078309][ T5944] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 1456.324847][T28160] lowmem_reserve[]: 0 0 1 1 1
[ 1456.332812][T28160] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 1456.338671][ T5944] usb 5-1: Using ep0 maxpacket: 8
[ 1456.403207][T28160] lowmem_reserve[]: 0 0 0 0 0
[ 1456.415482][T28160] Node 1 Normal free:3883504kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:32kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:21412kB local_pcp:5412kB free_cma:0kB
[ 1456.447530][   T31] INFO: task kworker/1:5:5913 blocked for more than 143 seconds.
[ 1456.455765][   T31]       Not tainted syzkaller #0
[ 1456.461332][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1456.484644][   T31] task:kworker/1:5     state:D stack:21352 pid:5913  tgid:5913  ppid:2      task_flags:0x4208060 flags:0x00004000
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1456.509833][ T5944] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1456.537051][ T5944] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1456.574212][   T31] Workqueue: usb_hub_wq hub_event
[ 1456.808235][T28160] lowmem_reserve[]: 0 0 0 0 0
[ 1456.812075][ T5944] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1456.830450][T28160] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1456.864432][   T31] Call Trace:
[ 1456.867795][   T31]  <TASK>
[ 1456.870389][T28160] Node 0 DMA32: 106*4kB (UME) 177*8kB (UME) 535*16kB (ME) 527*32kB (UME) 425*64kB (ME) 270*128kB (ME) 140*256kB (UME) 37*512kB (UME) 17*1024kB (ME) 0*2048kB 204*4096kB (M) = 996800kB
[ 1456.917889][   T31]  __schedule+0x1798/0x4cc0
[ 1456.922569][ T5944] pvrusb2: **********
[ 1456.926587][ T5944] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1456.941169][   T31]  ? __pfx___schedule+0x10/0x10
[ 1456.946122][   T31]  ? schedule+0x91/0x360
[ 1456.988310][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1456.993430][ T5944] pvrusb2: Important functionality might not be entirely working.
[ 1457.008234][   T31]  ? lock_release+0x4b/0x3e0
[ 1457.012929][   T31]  ? schedule+0x91/0x360
[ 1457.017240][   T31]  ? wq_worker_sleeping+0x63/0x250
[ 1457.022554][T28160] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1457.049022][ T5944] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1457.068230][   T31]  schedule+0x165/0x360
[ 1457.084813][   T31]  schedule_timeout+0x9a/0x270
[ 1457.098249][ T5944] pvrusb2: **********
[ 1457.103036][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[ 1457.108555][T28160] Node 1 Normal: 220*4kB (UME) 56*8kB (UME) 48*16kB (UME) 164*32kB (UE) 53*64kB (UME) 6*128kB (UME) 7*256kB (UME) 5*512kB (UME) 1*1024kB (M) 2*2048kB (UE) 943*4096kB (M) = 3883504kB
[ 1457.138241][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1457.143127][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1457.147950][   T31]  ? wait_for_completion+0x267/0x5d0
[ 1457.178442][T28160] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1457.188118][T28160] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1457.208333][   T31]  wait_for_completion+0x2bf/0x5d0
[ 1457.213560][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[ 1457.228443][   T31]  i2c_del_adapter+0x581/0x6e0
[ 1457.233618][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[ 1457.239281][    T9] usb 6-1: string descriptor 0 read error: -32
[ 1457.248075][T28160] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1457.258173][    T9] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input110
[ 1457.269063][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1457.274003][ T5218] bcm5974 6-1:0.0: could not read from device
[ 1457.284101][ T5218] bcm5974: mode switch failed
[ 1457.289141][   T31]  ? dvb_usb_adapter_exit+0xd7/0x240
[ 1457.294723][   T31]  dvb_usb_i2c_exit+0x64/0xb0
[ 1457.300478][T28160] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1457.311061][T28160] 61208 total pagecache pages
[ 1457.315780][T28160] 0 pages in swap cache
[ 1457.320006][   T31]  dvb_usb_device_exit+0x1be/0x350
[ 1457.325174][   T31]  ? __pfx_dvb_usb_device_exit+0x10/0x10
[ 1457.331343][T28160] Free swap  = 124996kB
[ 1457.335539][T28160] Total swap = 124996kB
[ 1457.340132][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1457.344946][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1457.351433][T28160] 2097051 pages RAM
[ 1457.355280][T28160] 0 pages HighMem/MovableOnly
[ 1457.360401][   T31]  cxusb_probe+0x603/0x700
[ 1457.364886][   T31]  ? __pfx_cxusb_probe+0x10/0x10
[ 1457.368653][T28160] 425660 pages reserved
[ 1457.370831][   T31]  ? __pm_runtime_set_status+0x785/0xa50
[ 1457.374001][T28160] 0 pages cma reserved
[ 1457.384097][   T31]  usb_probe_interface+0x668/0xc30
[ 1457.389483][   T31]  ? __pfx_usb_probe_interface+0x10/0x10
[ 1457.395380][   T31]  really_probe+0x26a/0x9e0
[ 1457.401456][   T31]  __driver_probe_device+0x18c/0x2f0
[ 1457.406910][   T31]  driver_probe_device+0x4f/0x430
[ 1457.412353][   T31]  __device_attach_driver+0x2ce/0x530
[ 1457.417800][   T31]  bus_for_each_drv+0x251/0x2e0
[ 1457.423058][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[ 1457.438440][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[ 1457.443911][   T31]  __device_attach+0x2b8/0x400
[ 1457.449245][   T31]  ? __pfx___device_attach+0x10/0x10
[ 1457.454619][   T31]  ? do_raw_spin_unlock+0x122/0x240
[ 1457.460602][   T31]  bus_probe_device+0x185/0x260
[ 1457.465524][   T31]  device_add+0x7b6/0xb50
[ 1457.470227][   T31]  usb_set_configuration+0x1a87/0x20e0
[ 1457.475763][   T31]  usb_generic_driver_probe+0x8d/0x150
[ 1457.481615][   T31]  usb_probe_device+0x1c4/0x390
[ 1457.486541][   T31]  ? __pfx_usb_probe_device+0x10/0x10
[ 1457.492599][   T31]  really_probe+0x26a/0x9e0
[ 1457.497473][   T31]  __driver_probe_device+0x18c/0x2f0
[ 1457.503593][   T31]  driver_probe_device+0x4f/0x430
[ 1457.508889][   T31]  __device_attach_driver+0x2ce/0x530
[ 1457.514336][   T31]  bus_for_each_drv+0x251/0x2e0
[ 1457.519916][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[ 1457.525862][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[ 1457.532184][   T31]  __device_attach+0x2b8/0x400
[ 1457.537004][   T31]  ? __pfx___device_attach+0x10/0x10
[ 1457.543409][   T31]  ? do_raw_spin_unlock+0x122/0x240
[ 1457.551761][   T31]  bus_probe_device+0x185/0x260
[ 1457.556695][   T31]  device_add+0x7b6/0xb50
[ 1457.561411][   T31]  usb_new_device+0xa39/0x16f0
[ 1457.566232][   T31]  ? __pfx_usb_new_device+0x10/0x10
[ 1457.574556][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1457.579909][   T31]  hub_event+0x2958/0x4a20
[ 1457.584394][   T31]  ? __pfx_hub_event+0x10/0x10
[ 1457.592331][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1457.597152][   T31]  ? lock_acquire+0x5f/0x360
[ 1457.603377][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1457.608400][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1457.614192][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1457.623574][   T31]  process_scheduled_works+0xae1/0x17b0
[ 1457.629466][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1457.635517][   T31]  worker_thread+0x8a0/0xda0
[ 1457.643148][   T31]  kthread+0x70e/0x8a0
[ 1457.647300][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1457.652968][   T31]  ? __pfx_kthread+0x10/0x10
[ 1457.657600][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1457.662594][   T31]  ? __pfx_kthread+0x10/0x10
[ 1457.667264][   T31]  ret_from_fork+0x3f9/0x770
[ 1457.671911][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1457.677057][   T31]  ? __switch_to_asm+0x39/0x70
[ 1457.682185][   T31]  ? __switch_to_asm+0x33/0x70
[ 1457.686977][   T31]  ? __pfx_kthread+0x10/0x10
[ 1457.692688][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1457.697520][   T31]  </TASK>
[ 1457.708875][   T31] INFO: task syz.0.4507:25796 blocked for more than 144 seconds.
[ 1457.718582][   T31]       Not tainted syzkaller #0
[ 1457.723581][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1457.732547][   T31] task:syz.0.4507      state:D stack:27368 pid:25796 tgid:25795 ppid:23143  task_flags:0x400140 flags:0x00004004
[ 1457.745641][   T31] Call Trace:
[ 1457.758301][   T31]  <TASK>
[ 1457.761285][   T31]  __schedule+0x1798/0x4cc0
[ 1457.765852][   T31]  ? __pfx___schedule+0x10/0x10
[ 1457.771326][   T31]  ? schedule+0x91/0x360
[ 1457.775648][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1457.781624][   T31]  ? lock_release+0x4b/0x3e0
[ 1457.786310][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1457.792624][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1457.799215][   T31]  schedule+0x165/0x360
[ 1457.803439][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1457.809919][   T31]  __mutex_lock+0x7e6/0x1350
[ 1457.814565][   T31]  ? __mutex_lock+0x5bb/0x1350
[ 1457.819634][   T31]  ? usbdev_open+0x16e/0x760
[ 1457.824267][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1457.833254][   T31]  ? bus_find_device+0x273/0x2b0
[ 1457.838902][   T31]  ? __pfx_bus_find_device+0x10/0x10
[ 1457.844315][   T31]  ? __kasan_kmalloc+0x93/0xb0
[ 1457.849169][   T31]  ? usbdev_open+0xa7/0x760
[ 1457.853724][   T31]  usbdev_open+0x16e/0x760
[ 1457.858160][   T31]  ? __pfx_usbdev_open+0x10/0x10
[ 1457.863171][   T31]  ? do_raw_spin_unlock+0x122/0x240
[ 1457.868747][   T31]  chrdev_open+0x4c9/0x5e0
[ 1457.873208][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1457.878171][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 1457.884588][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1457.889597][   T31]  do_dentry_open+0x950/0x13f0
[ 1457.894574][   T31]  vfs_open+0x3b/0x340
[ 1457.899139][   T31]  ? path_openat+0x2ecd/0x3830
[ 1457.903947][   T31]  path_openat+0x2ee5/0x3830
[ 1457.908844][   T31]  ? arch_stack_walk+0xfc/0x150
[ 1457.913768][   T31]  ? stack_depot_save_flags+0x40/0x860
[ 1457.919346][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1457.924320][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1457.930767][   T31]  do_filp_open+0x1fa/0x410
[ 1457.935309][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1457.940494][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1457.945403][   T31]  ? alloc_fd+0x64c/0x6c0
[ 1457.949812][   T31]  do_sys_openat2+0x121/0x1c0
[ 1457.954521][   T31]  ? __se_sys_futex+0x36f/0x400
[ 1457.959758][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1457.964996][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1457.969821][   T31]  __x64_sys_openat+0x138/0x170
[ 1457.974709][   T31]  do_syscall_64+0xfa/0x3b0
[ 1457.979269][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1457.984063][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1457.990442][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1457.995161][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1458.001115][   T31] RIP: 0033:0x7f396598d550
[ 1458.005576][   T31] RSP: 002b:00007f396685eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1458.014590][   T31] RAX: ffffffffffffffda RBX: 0000000000101301 RCX: 00007f396598d550
[ 1458.023009][   T31] RDX: 0000000000101301 RSI: 00007f396685ec10 RDI: 00000000ffffff9c
[ 1458.031114][   T31] RBP: 00007f396685ec10 R08: 0000000000000000 R09: 0000000000000000
[ 1458.039161][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[ 1458.047268][   T31] R13: 00007f3965bb6038 R14: 00007f3965bb5fa0 R15: 00007f3965cdfa28
[ 1458.055643][   T31]  </TASK>
[ 1458.138518][   T31] INFO: lockdep is turned off.
[ 1458.139572][ T5218] bcm5974 6-1:0.0: could not read from device
[ 1458.168543][   T31] NMI backtrace for cpu 1
[ 1458.168565][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1458.168590][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1458.168609][   T31] Call Trace:
[ 1458.168617][   T31]  <TASK>
[ 1458.168626][   T31]  dump_stack_lvl+0x189/0x250
[ 1458.168659][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1458.168685][   T31]  ? __pfx__printk+0x10/0x10
[ 1458.168720][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1458.168746][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1458.168771][   T31]  ? __pfx__printk+0x10/0x10
[ 1458.168801][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1458.168836][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1458.168863][   T31]  watchdog+0xf93/0xfe0
[ 1458.168895][   T31]  ? watchdog+0x1de/0xfe0
[ 1458.168926][   T31]  kthread+0x70e/0x8a0
[ 1458.168954][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1458.168982][   T31]  ? __pfx_kthread+0x10/0x10
[ 1458.169016][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1458.169044][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1458.169072][   T31]  ? __pfx_kthread+0x10/0x10
[ 1458.169099][   T31]  ret_from_fork+0x3f9/0x770
[ 1458.169122][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1458.169145][   T31]  ? __switch_to_asm+0x39/0x70
[ 1458.169172][   T31]  ? __switch_to_asm+0x33/0x70
[ 1458.169198][   T31]  ? __pfx_kthread+0x10/0x10
[ 1458.169223][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1458.169259][   T31]  </TASK>
[ 1458.169267][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1458.315641][    C0] NMI backtrace for cpu 0
[ 1458.315658][    C0] CPU: 0 UID: 0 PID: 28196 Comm: syz.6.4967 Not tainted syzkaller #0 PREEMPT(full) 
[ 1458.315680][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1458.315693][    C0] RIP: 0010:deref_stack_reg+0x1a2/0x230
[ 1458.315724][    C0] Code: ca 80 fa 01 75 46 49 8d 40 08 48 39 d8 0f 97 c1 4c 39 f0 0f 96 c0 20 c8 3c 01 75 30 4c 89 c7 49 89 f7 e8 11 08 00 00 49 89 c6 <48> 8b 5c 24 18 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df
[ 1458.315741][    C0] RSP: 0018:ffffc90003e5f4e0 EFLAGS: 00000202
[ 1458.315758][    C0] RAX: ffffc90003e5fec0 RBX: ffffc90003e58000 RCX: 0000000000000001
[ 1458.315773][    C0] RDX: ffffc90003e5f648 RSI: dffffc0000000000 RDI: ffffc90003e5fd70
[ 1458.315788][    C0] RBP: 1ffff920007cbec1 R08: ffffc90003e5fd70 R09: 0000000000000000
[ 1458.315802][    C0] R10: ffffc90003e5f658 R11: fffff520007cbecd R12: 1ffff920007cbec2
[ 1458.315817][    C0] R13: 1ffff920007cbec3 R14: ffffc90003e5fec0 R15: dffffc0000000000
[ 1458.315832][    C0] FS:  0000000000000000(0000) GS:ffff888125c1b000(0000) knlGS:0000000000000000
[ 1458.315847][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1458.315861][    C0] CR2: 0000200000206030 CR3: 000000000df36000 CR4: 00000000003526f0
[ 1458.315878][    C0] Call Trace:
[ 1458.315885][    C0]  <TASK>
[ 1458.315896][    C0]  unwind_next_frame+0x17c4/0x2390
[ 1458.315921][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1458.315942][    C0]  ? get_signal+0x1286/0x1340
[ 1458.315961][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1458.315984][    C0]  arch_stack_walk+0x11c/0x150
[ 1458.316010][    C0]  ? arch_do_signal_or_restart+0x9a/0x750
[ 1458.316041][    C0]  stack_trace_save+0x9c/0xe0
[ 1458.316063][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1458.316090][    C0]  save_stack+0xf5/0x1f0
[ 1458.316114][    C0]  ? __pfx_save_stack+0x10/0x10
[ 1458.316136][    C0]  ? page_ext_get+0x22/0x2f0
[ 1458.316159][    C0]  ? __free_frozen_pages+0xbc4/0xd30
[ 1458.316186][    C0]  ? vfree+0x25a/0x400
[ 1458.316210][    C0]  ? kcov_close+0x28/0x50
[ 1458.316234][    C0]  ? __fput+0x44c/0xa70
[ 1458.316258][    C0]  ? task_work_run+0x1d4/0x260
[ 1458.316282][    C0]  ? do_exit+0x6b5/0x2300
[ 1458.316304][    C0]  ? do_group_exit+0x21c/0x2d0
[ 1458.316327][    C0]  ? get_signal+0x1286/0x1340
[ 1458.316345][    C0]  ? lock_release+0x4b/0x3e0
[ 1458.316371][    C0]  ? page_ext_get+0x22/0x2f0
[ 1458.316400][    C0]  __reset_page_owner+0x71/0x1f0
[ 1458.316426][    C0]  __free_frozen_pages+0xbc4/0xd30
[ 1458.316460][    C0]  vfree+0x25a/0x400
[ 1458.316488][    C0]  ? __pfx_kcov_close+0x10/0x10
[ 1458.316516][    C0]  kcov_close+0x28/0x50
[ 1458.316544][    C0]  __fput+0x44c/0xa70
[ 1458.316571][    C0]  task_work_run+0x1d4/0x260
[ 1458.316602][    C0]  ? __pfx_task_work_run+0x10/0x10
[ 1458.316632][    C0]  ? kmem_cache_free+0x18f/0x400
[ 1458.316665][    C0]  do_exit+0x6b5/0x2300
[ 1458.316688][    C0]  ? __pfx___might_resched+0x10/0x10
[ 1458.316707][    C0]  ? do_raw_spin_lock+0x121/0x290
[ 1458.316731][    C0]  ? __pfx_do_exit+0x10/0x10
[ 1458.316759][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1458.316779][    C0]  do_group_exit+0x21c/0x2d0
[ 1458.316805][    C0]  get_signal+0x1286/0x1340
[ 1458.316831][    C0]  arch_do_signal_or_restart+0x9a/0x750
[ 1458.316859][    C0]  ? count_memcg_event_mm+0x21/0x260
[ 1458.316885][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1458.316919][    C0]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1458.316941][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1458.316960][    C0]  exit_to_user_mode_loop+0x75/0x110
[ 1458.316988][    C0]  do_syscall_64+0x2bd/0x3b0
[ 1458.317018][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1458.317036][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1458.317058][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1458.317075][    C0] RIP: 0033:0x7feb5958ebe9
[ 1458.317090][    C0] Code: Unable to access opcode bytes at 0x7feb5958ebbf.
[ 1458.317101][    C0] RSP: 002b:00007feb5a3ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1458.317120][    C0] RAX: 0000000000010106 RBX: 00007feb597b6090 RCX: 00007feb5958ebe9
[ 1458.317134][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000005
[ 1458.317147][    C0] RBP: 00007feb59611e19 R08: 0000000000000000 R09: 0000000000000000
[ 1458.317160][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[ 1458.317172][    C0] R13: 00007feb597b6128 R14: 00007feb597b6090 R15: 00007feb598dfa28
[ 1458.317193][    C0]  </TASK>
[ 1458.333010][ T5218] bcm5974: mode switch failed
[ 1458.757429][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1458.764322][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1458.773446][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1458.783507][   T31] Call Trace:
[ 1458.786792][   T31]  <TASK>
[ 1458.789730][   T31]  dump_stack_lvl+0x99/0x250
[ 1458.794330][   T31]  ? __asan_memcpy+0x40/0x70
[ 1458.798973][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1458.804186][   T31]  ? __pfx__printk+0x10/0x10
[ 1458.808809][   T31]  vpanic+0x281/0x750
[ 1458.812830][   T31]  ? __pfx_vpanic+0x10/0x10
[ 1458.817343][   T31]  ? preempt_schedule+0xae/0xc0
[ 1458.822204][   T31]  ? preempt_schedule_common+0x83/0xd0
[ 1458.827683][   T31]  panic+0xb9/0xc0
[ 1458.831413][   T31]  ? __pfx_panic+0x10/0x10
[ 1458.835858][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1458.841262][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[ 1458.847431][   T31]  watchdog+0xfd2/0xfe0
[ 1458.851600][   T31]  ? watchdog+0x1de/0xfe0
[ 1458.855959][   T31]  kthread+0x70e/0x8a0
[ 1458.860039][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1458.864728][   T31]  ? __pfx_kthread+0x10/0x10
[ 1458.869437][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1458.874667][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1458.879905][   T31]  ? __pfx_kthread+0x10/0x10
[ 1458.884526][   T31]  ret_from_fork+0x3f9/0x770
[ 1458.889138][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1458.894288][   T31]  ? __switch_to_asm+0x39/0x70
[ 1458.899088][   T31]  ? __switch_to_asm+0x33/0x70
[ 1458.903885][   T31]  ? __pfx_kthread+0x10/0x10
[ 1458.908529][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1458.913335][   T31]  </TASK>
[ 1458.916819][   T31] Kernel Offset: disabled
[ 1458.921159][   T31] Rebooting in 86400 seconds..