last executing test programs:

3m43.263966937s ago: executing program 2 (id=2740):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0xd, @loopback, 0x8}, 0x1c, 0x0}}], 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000002a00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000001000210400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010067726574617000000c0002ec04000000ffffffff0a000100aa"], 0x48}, 0x1, 0x0, 0x0, 0x4004010}, 0x0)
r1 = socket$inet(0x2, 0x3, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r3=>r2, {0x2}}, './file0\x00'})
syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000001380)={{0x12, 0x1, 0xe38693bc18896dfd, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x2, 0xd0, 0x1, [{{0x9, 0x4, 0x0, 0x3, 0x1, 0x7, 0x1, 0x2, 0x3, "", {{{0x9, 0x5, 0x1, 0x2, 0x7bf, 0x6, 0x6, 0x1}}}}}]}}]}}, &(0x7f00000018c0)={0x0, 0x0, 0x34, &(0x7f0000001400)=ANY=[@ANYBLOB="050f3400020b10038d1d701621c9a74624100a96a50715d872e486e0ba3528f170dd0151a1627be35c46b2a0772caf01e44f22dd"]})
ioctl$vim2m_VIDIOC_EXPBUF(r3, 0xc0405610, &(0x7f00000000c0)={0x3, 0x2, 0xb, 0x4000})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r2)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000005f00)={'wlan0\x00'})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
listen(r6, 0x0)
r7 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_QUERYBUF(r7, 0xc0585609, &(0x7f0000000580)=@multiplanar_userptr={0x10001000, 0x8, 0x4, 0x100000, 0x0, {}, {0x5, 0x0, 0x84, 0x8f, 0x3, 0x4, "0b16a3ba"}, 0x2, 0x2, {0x0}, 0xffffff8e})
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000140)=0x1, 0x4)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r5, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x4)
writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a98000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd0600ffdbdb252100000008000300", @ANYRES8=r1, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e3dd7982e2a7d1de89555705368729f83f6573754740e6fbf4f33479fe725e174973b92851e3a713c482cbc9af0b24e6d41e0f1c4d2ccfbd0408f998a3f91f836ca92b3dfb6db206aa678c49af66c0642d07e3621235ce18215063b177499f8436bebe9c9788cc0ef81699806b275b88954fb"], 0x44}, 0x1, 0x0, 0x0, 0x4048020}, 0x24000)

3m42.429286883s ago: executing program 2 (id=2743):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCPKT(r1, 0x5420, 0x0)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000600)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000040], 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000f6"]}, 0x9f)
r3 = syz_clone(0x9220000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r3, 0x0)
rt_tgsigqueueinfo(r3, 0x0, 0xf, &(0x7f0000000280)={0x2e, 0x46, 0x80000001})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/profiling', 0x101a02, 0x0)
copy_file_range(r4, &(0x7f0000000000)=0x7, r4, 0x0, 0x7, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000080)={@local, @rand_addr, <r5=>0x0}, &(0x7f00000000c0)=0xc)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f00000001c0)={'gre0\x00', &(0x7f0000000100)={'gretap0\x00', r5, 0x8, 0x40, 0xf, 0xd38, {{0x13, 0x4, 0x0, 0x2a, 0x4c, 0x65, 0x0, 0x80, 0x2f, 0x0, @multicast2, @private=0xa010100, {[@timestamp_addr={0x44, 0x2c, 0xa2, 0x1, 0x8, [{@private=0xa010102, 0x80}, {@loopback, 0x85072d4}, {@rand_addr=0x64010102, 0x1}, {@dev={0xac, 0x14, 0x14, 0x22}, 0x5}, {@empty, 0xffffffd0}]}, @timestamp={0x44, 0xc, 0xc3, 0x0, 0x7, [0xfffffffb, 0x5f]}]}}}}})
sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000200)={0x6c, r2, 0x1, 0x170bd2b, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x10}, 0xf8}}, {0x20, 0x2, @in6={0xa, 0x0, 0x5, @mcast1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x8000)

3m42.261164985s ago: executing program 2 (id=2745):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f000000010000700000000000000000020010000000000000000000000000002e0000002000000000000", @ANYBLOB="ff010000000000000000000000000001000004d62b000000ff020000000000000000000000000001000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000007"], 0xf0}, 0x1, 0x0, 0x0, 0x20004000}, 0x8080)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x80}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_emit_ethernet(0x22, &(0x7f0000000800)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa7fc18dab27702e4a4561000800450000140000ff8400849078ac1414bbffffffff"], 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000b50000008200000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000005020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
timer_create(0x1, &(0x7f0000000080)={0x0, 0x32, 0x1, @thr={&(0x7f0000000040)="82811907ee409cc844f8e34978", &(0x7f0000000140)="169dacee4ed8bb824580d537ce6068dab54dca24f1071b4fe98bd71964dedc7c48e798c82bd1d83be76ae7e3e24752fb76c6a85df9b0371b3e3b82dde8fac44b209b1dcfc76fd688f321690db4d651e30738a0a844dcf1f1efd45c1eff91a9161e23ca76b241"}}, &(0x7f00000001c0)=<r7=>0x0)
clock_gettime(0x0, &(0x7f0000000200)={<r8=>0x0, <r9=>0x0})
clock_gettime(0x0, &(0x7f0000000240)={<r10=>0x0, <r11=>0x0})
r12 = socket(0x2, 0x80805, 0x0)
r13 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r13, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r13, 0x84, 0x6f, &(0x7f0000000200)={<r14=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r13, 0x84, 0x7a, &(0x7f0000000340)={<r15=>r14, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r12, 0x84, 0x23, &(0x7f0000000000)={r15, 0x1ff}, 0x8)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000600)={r6, 0x58, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r16=>0x0}}, 0x10)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000680)={'tunl0\x00', &(0x7f0000000640)={'tunl0\x00', <r17=>0x0, 0x7, 0x1, 0x2, 0x2, {{0x6, 0x4, 0x0, 0x4, 0x18, 0x65, 0x0, 0x93, 0x2f, 0x0, @private=0xa010100, @empty, {[@end]}}}}})
sendmsg$nl_route(r12, &(0x7f00000007c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000780)={&(0x7f00000006c0)=@RTM_DELMDB={0x98, 0x55, 0x300, 0x70bd2c, 0x25dfdbfd, {0x7, r16}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x1, 0x1, {@in6_addr=@mcast1, 0x8edd}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r17, 0x1, 0x2, 0x0, {@in6_addr=@private2={0xfc, 0x2, '\x00', 0x1}}}}, @MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x0, 0x0, {@in6_addr=@private1, 0x800}}}, @MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x1, 0x1, {@in6_addr=@private1={0xfc, 0x1, '\x00', 0x1}, 0x86dd}}}]}, 0x98}, 0x1, 0x0, 0x0, 0x20000000}, 0x44800)
timer_settime(r7, 0x0, &(0x7f00000004c0)={{r8, r9+60000000}, {r10, r11+60000000}}, &(0x7f0000000500))

3m41.993817113s ago: executing program 2 (id=2746):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000041c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1000000000000000010000000100000014000000000000000100000001000000", @ANYRES32=r2], 0x28, 0xc800}}], 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0xffeffc03}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r3, 0x61, &(0x7f00000000c0)=@un=@abs={0x1, 0x0, 0x4e20}})
io_uring_enter(r4, 0x3516, 0x483, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x9801)
unshare(0x2c020400)
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000002c0)='./file0/file0\x00', 0x0)
r9 = open(&(0x7f0000000780)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r9, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="18000000000000000000000000000020180c000000008000000000000000000095cd"], &(0x7f00000003c0)='GPL\x00', 0x4, 0x1009, &(0x7f0000001640)=""/4105, 0x0, 0x8}, 0x94)
ioctl$KDSKBENT(r9, 0x4b47, &(0x7f0000000000)={0xf9, 0x63, 0x5b})

3m40.49770543s ago: executing program 2 (id=2752):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0x8871b000)
sendto$inet(r0, &(0x7f0000000000)="dffa", 0x2, 0xe0000000, &(0x7f0000001100)={0x2, 0x4e21, @loopback}, 0x10)

3m40.221683893s ago: executing program 2 (id=2754):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'macsec0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001340)=ANY=[@ANYBLOB="54000000100003052bbd7000249d020000000000", @ANYRES32=0x0, @ANYBLOB="1544010001800000240012800b0001006d61637365630000", @ANYRES32=r1], 0x54}}, 0x800)

3m39.782063771s ago: executing program 32 (id=2754):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'macsec0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001340)=ANY=[@ANYBLOB="54000000100003052bbd7000249d020000000000", @ANYRES32=0x0, @ANYBLOB="1544010001800000240012800b0001006d61637365630000", @ANYRES32=r1], 0x54}}, 0x800)

51.825156877s ago: executing program 4 (id=3413):
memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\xfe\x96\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[', 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x270, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="0203"], 0x10}}, 0x20040010)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, &(0x7f0000000040)={{0x300, 0x0, 0x2}}, 0x0, 0x0}})

51.368728008s ago: executing program 4 (id=3415):
syz_usb_connect(0x3, 0x64, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000cb8be7406d042308483901020301"], 0x0)
syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0x3eac, 0x400, 0x2, 0x105}, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
socket$kcm(0x2, 0x3, 0x2)
socket$kcm(0x10, 0x2, 0x4)
socket$rds(0x15, 0x5, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004015400000005015bbe40102030109021200010dda02ac3200000000000000c46f0078e428881918e8b119f8e32511d287d6209a1f8a38a5eeada917c57e2a55b87fd94109ea7728c0a4ed1df699a27f85f29d0825ae70ac469f2c01ab602e7b8b23c3dcfc80a612da0b20e3c4fdebebf59f6faea738e8d6b6159e43d56b3cd4a95592f4b8b36d11b85f0bb9570a34a6adc6f50a17f767872584573bea9722f3f9db4fe7a73f588588c4f5dc9f34362e6c779a5ad9b59a4efcf35a9820b23677057df562"], 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a0003"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

51.061489159s ago: executing program 5 (id=3416):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = userfaultfd(0x801)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps_rollup\x00')
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000380)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x5, 0x800}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, 0x0)
read$FUSE(r1, &(0x7f0000004180)={0x2020}, 0x2020)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="120100001e61e410b1134200557b0102030109021b0001000000000904000001cf28fc00090582", @ANYRESHEX], 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000400000000000002b000000850000000600000085000000070000009500000080005d6e"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "03"}]}], {0x14}}, 0x70}}, 0x4048010)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

49.729440946s ago: executing program 3 (id=3422):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x0)
syz_extract_tcp_res(&(0x7f0000000000)={0x41424344, <r1=>0x41424344}, 0xaabd, 0x5)
getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x53, &(0x7f00000000c0), &(0x7f00000001c0)=0x8)
syz_emit_ethernet(0x9a, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x8c, 0x0, 0x4000, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @multicast1}, {{0x0, 0x4e22, r1, 0x41424344, 0x0, 0x6, 0x1e, 0xc2, 0x0, 0x0, 0x0, {[@sack={0x5, 0x16, [0x1, 0xe, 0x2, 0x96e, 0x7fb6]}, @nop, @timestamp={0x8, 0xa, 0x2, 0x9}, @sack={0x5, 0x12, [0x1f, 0x2, 0x1, 0x0]}, @mss={0x2, 0x4, 0x2}, @md5sig={0x13, 0xff44, "e369b75c3fbc5a8fbdd1d01d58e68b15"}, @sack={0x5, 0x1a, [0x8, 0xe, 0x75d08578, 0x6, 0x8, 0x8]}]}}}}}}}, 0x0)
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000080)={0x1, 0x401, 0x1000, &(0x7f0000000b80)=""/4096})
syz_emit_ethernet(0x4a, &(0x7f0000000340)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, r1, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
r2 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r2, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_connect$cdc_ecm(0x2, 0x0, 0x0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x5e, &(0x7f0000000a80)=@string={0x5e, 0x3, "e40e08d9023c19b0bd22f369944f15ac1cc4d0b6f8012794edb82579fb2afdac7aaa746e3910fa15bbd69236f43432543c58604b99b55944fce03bd23dcd259947c2fc75bfd930b481df32ca02496ead676e2b9244d9f30cb8ec9f13"}}]})
syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0xc38, &(0x7f00000000c0)=ANY=[])
syz_emit_ethernet(0x56, &(0x7f0000000640)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f9f500", 0x20, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, {[@mptcp=@syn={0x1e, 0xc, 0x9, 0x1, 0x2, 0x7f, 0xc}]}}}}}}}}, 0x0)

49.675853645s ago: executing program 1 (id=3423):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETTABLE(r0, 0x0, 0x4009000)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
socket$nl_audit(0x10, 0x3, 0x9)
syz_clone3(0x0, 0x0)
listen(r3, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6000000000140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="f6017abb05008693"], 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

49.572045226s ago: executing program 1 (id=3424):
r0 = socket$nl_generic(0x11, 0x3, 0x10)
sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb}})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r1, 0x8b1b, &(0x7f0000000040))
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r0)
sendmsg$TIPC_NL_NAME_TABLE_GET(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="240029bd7000fcdbdf2510000000500004800900010073797a30000000000900010073797a300000000034000780fd000300010000000800010020000000080003007d00000008000200070000000800040004000000080001000400000004000580"], 0x68}, 0x1, 0x0, 0x0, 0x880}, 0x40)
sendmsg$TIPC_NL_LINK_RESET_STATS(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="18010000", @ANYRES16=r2, @ANYBLOB="7000fddbdf250a000000040104801400078008000300ff000000080002000900000054000780080001000c000000080001001b0000000800010019000000080004000100000008000100200000000800030015fcffff080002003003000008000114c2b6f3e2616bd5b69f0b5e9d8c000a000000080001000500000008000200080000000900010073797a30000000000900010073797a31000000000900010073797a31000000000900010073797a300000000014000780080002000800000008000400080000000900010073797a30000000001300010062726f6164636173742d6c696e6b0000340007800800040001000000080001000900000008000300ff7f000008000300010400000800040003000000080004000900000000000000d8919c22daecf37c881515ee66dcabb8de43b2c44e0904c41cd4a0a04ef33e7226c1999b62a55cabe1e38aa5dadc0644bce9f75ff13aa73192fa4c5bdfb457b21d690c9f5dab89cfba7c8e03da9892de274db971a5891a94bdc2a63827241d0ca908c78af503c446b60827f96092faf39794d81fc539c6793a4ffc6183d41516b4a9f804a8dda5434ccc34de3b6c60271cb8a133b3692f91bb374172fbce"], 0x118}, 0x1, 0x0, 0x0, 0x41}, 0x8000)

49.397544465s ago: executing program 1 (id=3425):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x44, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4048801)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="662700000000000024001280090001007866726d0000000014000280040003"], 0x44}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r4, 0xc0305710, &(0x7f0000000440)={0x1, 0x7f, 0x5, 0x0, 0x10001000})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(r4, 0x0, 0x43)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xe042, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'bridge_slave_1\x00', <r5=>0x0})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x18, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x4}]}, 0x18}}, 0x0)
r6 = memfd_create(&(0x7f0000000100)='+\x88\xc7s\x00\x00\x942nodev\x00\x00\x8cZ_Pv\x03\xa7\xc1\b\xec\x90Q\x85\x83\xcd\x16\xdcw\'\x8a\xe5N\x8c\x17\xfd\xc5\xad\xd5y\x15\x1fx\x17\f\xbc\xd1.\x8cA\x17\x86\xb7-j!Y\x92\xd9\xc4\r8\xd0\xc9X\xa7\x11\xa3\xf0\x8a*\xbc\x87\xcd\x1fl\xfc\xf3]\xb8\xbd\x02\v<\fl\xa6]\xa5\xfb\x05\xcb\x9c\xe2\xc8\x05\xa5\xa5\xeb\xa9\xef\xe3\xf1b\x81\xec\xac\xb6\x80\xd5\xf5S\x85\x06O\x05\xb8\xa1\x15\xcc\x17\xe8s\x95\x95B\xee_\x98\x91)\xe7\xa8+\x8c\xee\x83@q\x16\xcf3\x0f\x81\xa8\xa9`i\x01m:\xcc\x1c\xed<\xcfA3n\xfd\n>\x03\xae\f \xdbH\'\x05\x82\xdbLE\x14\xcdq\x1abcf\xdb8\xe9a\xa8\x00'/201, 0x2)
fcntl$addseals(r6, 0x409, 0x12)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r6, 0x0)
r7 = userfaultfd(0x80801)
r8 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x4, 0x500)
r9 = gettid()
tkill(r9, 0x8)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r8, 0xc1105517, &(0x7f0000000340)={{0x6, 0x3, 0x8, 0x8, 'syz1\x00', 0x3}, 0x2, 0x200, 0x7, r9, 0x2, 0x0, 'syz1\x00', &(0x7f0000000240)=['\x00', 'bpf\x00'], 0x5})
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r5, @ANYBLOB="00000000000000005c001280110001006272696467655f736c617665000000004400058005000500000000000500200001000000050008000000000006"], 0x7c}}, 0x800)
sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0)

48.269289603s ago: executing program 4 (id=3428):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
shmget$private(0x0, 0x1000, 0x40, &(0x7f0000ffc000/0x1000)=nil)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000c80)={'syz1\x00', {0x4, 0x6e2f, 0x11f9, 0xfff8}, 0x4c, [0x8, 0x8, 0xfffffff7, 0x7f, 0x5, 0x9, 0x7fffffff, 0x0, 0x46, 0x838, 0xffffff0c, 0x3, 0x101, 0x9, 0x2, 0x4, 0x3, 0x4, 0x3, 0x2, 0x0, 0x800, 0x6, 0x6, 0x5, 0x10001, 0x9, 0x4, 0x77, 0x9, 0x7, 0xd, 0x401, 0x7, 0x8, 0xc687, 0xf, 0xff, 0x1, 0x0, 0xfffffe01, 0x0, 0x59e6, 0x101, 0x2, 0xdb, 0x1, 0xe, 0x9, 0xf, 0x4, 0x1, 0xffffffff, 0x800, 0x7f, 0x9, 0x6, 0x23c2, 0x0, 0xc10d, 0x7, 0x8, 0x2, 0x3], [0x2, 0xc, 0xff, 0x7, 0xa, 0x9, 0x1000, 0x100, 0x3, 0x6, 0x9, 0x2, 0x4, 0x7, 0x2c85, 0xf77, 0x60, 0xb, 0x1, 0x8, 0x71e4, 0x1, 0x10000, 0x3, 0x9f3, 0x800, 0x0, 0xe842, 0xff6, 0xca, 0x9, 0x7, 0x7, 0x6, 0x9, 0x6, 0xc7, 0x2ff, 0xf, 0x1, 0x550, 0x2, 0x3, 0x8, 0x80000001, 0x0, 0x3d, 0x13d, 0x101, 0x9, 0x10001, 0x9f, 0xe2d9, 0x783, 0x5, 0x0, 0x4, 0x8, 0x3460, 0xffff, 0x8a42, 0x4000, 0x100, 0x1], [0x62e2adfb, 0x9f57, 0x4, 0x3, 0x9e, 0x8, 0x1, 0xfffffff7, 0xffffffff, 0x2, 0x4, 0x4, 0x6, 0x4800000, 0x0, 0x9, 0x7, 0x9, 0x5, 0x5, 0x1, 0x7, 0xffff8000, 0x8, 0x3, 0x6, 0x10001, 0xfff, 0x0, 0x8, 0xffff2f9e, 0x9, 0x6, 0x3, 0x8, 0x3ff, 0x3, 0x5, 0x3, 0x690bd85f, 0x7, 0x3, 0x9, 0x200, 0xb3, 0xcf, 0x2, 0x6, 0x0, 0x7fff, 0xc8, 0x8, 0x2, 0x5, 0x100, 0x7ff, 0x2, 0x8005, 0x6, 0x4, 0x5, 0xa0, 0x1, 0x7825], [0x3, 0x0, 0x4, 0x6, 0x2, 0xf, 0x5, 0xfffffffd, 0x10001, 0x2, 0x2, 0x2, 0x2, 0x100009, 0x7fffffff, 0x3, 0x6, 0x7, 0x9, 0x5, 0x5, 0x2, 0xffffff7f, 0x0, 0x1, 0x5, 0x8, 0xc6d9, 0x631, 0x200, 0x4, 0x1, 0x4, 0x5, 0xe, 0xffff, 0x5, 0x7ff, 0x6, 0x10, 0x6, 0x1, 0x6, 0x5, 0x3, 0x3, 0x10000, 0x9, 0x2, 0x2, 0x4, 0x4, 0x3, 0x2, 0x8001, 0x0, 0x5, 0xb9, 0xfff, 0x400, 0x22, 0x2, 0x75, 0x9]}, 0x45c)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040))
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x9, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
sendmmsg$inet(r1, &(0x7f0000008b80)=[{{0x0, 0x0, 0x0}}], 0x1a000, 0x40000)
close_range(r0, 0xffffffffffffffff, 0x0)
r6 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

47.695187531s ago: executing program 5 (id=3429):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)=0x3)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000001c0))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000040)=0xc)
ioctl$SNDCTL_DSP_POST(r0, 0x5008, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000640)=0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x6, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x8000000)

47.602363195s ago: executing program 3 (id=3430):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x5fb1, &(0x7f0000000040)={0x0, 0xc472, 0x4000, 0x0, 0x256}, 0x0, &(0x7f00000002c0)=<r3=>0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f000000b4c0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000005c0)="8577b7e84c88ad69f0b9aaebf8ba95ce6f67dbc2365d655dda9d3fe74c9e454de1e0798e85390de17cb250b9b3e8eea326c44550749a2c12a163a8189a9eb9964a58be32f5d369c8aa5e723e53f0", 0x4e}, {&(0x7f0000000500)="4c49cc5cf8cafd666e34f4260f0bbcdda9261f1e7f05d263ea3b3bb5feabdcea9f24b27ea6416c30c2653b8cdc", 0x2d}], 0x2, &(0x7f00000007c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYBLOB="6c2dbcdfd58718b14c31e330de0d3b3aeec0a587c1be79c86bee8808dde5421faac28160b0c65d9f135834be744f2339af00a56352c8fdce86eb8cb3982224335546fa34fdcaa676836c142bc8e36cb6aeecb6d08071417adf1712134c3774bcdd443005cb15e937e2907f9c1e958b7f183ac2e686d49d9ceae947b3fcff71c2f572cbecc3b7405964b030a6884f7683a4c9336f540eca910280047d", @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000006bcd000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x140, 0x8000}}, {{0x0, 0x0, &(0x7f000000b340)=[{&(0x7f000000ae80)="a152b568c423f127ed0f07a87b0762ce771ead056515a8bd44c53d7552e034daafd0d4cf3f017d6e4b15e12791f70c64f79520493a20bd8197a424d045bf7fe80fdabbaa167ebaba824a3c187eaeb80fac9390d6a99616693c139dbb90896e10468a7337c182949aae22f4a87ec9ce877d0c497ccd74a4baa27febd3788228789859847f29b8ea51039b9fedc7f8a5667fb130138577762846638f06735fad0a57e1f45df92835210a085b74149826749d8eb2d2e3a980d688758d337ac6acaa78ff90b465eaca25e82766bcaf6f8dc720bddb601b61263a86303fe72e25d41cafb38d1abcd36618140eec704725a9bf5a", 0xf1}, {&(0x7f000000af80)="049bef01afe10e9f3b6b982be4870bfa9ae6fe8eef8ae558a16bd093075fdf29cdfc7c4051bfecca2613074d84c517346a3222f59cd54db350a7ff2937b64e44fded82adfc023c2e7ce10ef7fbed64243265d08a0bf2e32ccab98266f8c35f727c9e0db2dba106e3cc462ac634c8c57b358b82cd0db868362e4c1f84c5355dad06af290860de7955695965ecefe0975d20b2ec72c26046551132fe85603a34759fb079634c89314731fbbee9d10844a7306169c723f77f78b346e4b274fff19f786bdbbf825f16edf545e47eeff24f38012256a615fb25056d6aa7496f9252c3fc7a25", 0xe3}, {&(0x7f000000b080)="582a5508aa5991b1daba55dc69782534ae9c4b8d0d5e9d1ad0aaa259a1c64be78cb61bd3b6f4e2724be08d0ae67f937bf46a2693ab7aafb72deb9264fee09192cb5103a1db360f8ecfe21e805f0e8e52e721e52875f3ea7e746fd251d818c1835c70298d78059a78598c6c7f81ab00094e78e72a0d9f3106cff98ab2932c7cb290525992aa23b8ad2b23956ec5fbc1e34a81ea2e15a2e4e2ce2b91de49c7934a2ebb176227cf559a049caf831e751e42050b4c76bd5c810f29d27ede338417e6308b14901a0e5f", 0xc7}, {&(0x7f000000b180)="f35a6afbad89a1b0f6e90b6b7c62deee3e47cba6dbc1b30f0122562a3ce736b3220c068ae2770894b6c3cc618a386f1daca5dcf92600ce9d8796e33fa3f3127c7ce6cc285085b52022fa6f", 0x4b}, {&(0x7f000000b200)="c56032cc05afdbb43a22fcf998653f9177c9d3d87baccfa65ca14f4247538294442f890de16ff420ae6f31d23e247a3f6b93d55c8ae708f74f7bc19169fbf3ebeeea4345bae53ece391647ba4525a677993042386aec26aef4a496d34dd23e505c5d275c80308d0fa989e38055f1273d0069df884182b6610b32bd2926b28298d7f92012ae17baaeae7195f27c9a68fb16395db3d3e59ce0fe7e62168b5e86a3df018931311a775b7182ec5b6db94ae6335c374f693f76fb13fb4496f712d1be8e61", 0xc2}, {&(0x7f000000b300)="469cb36c6df720b0403442de13", 0xd}], 0x6, &(0x7f0000000700)=ANY=[@ANYBLOB="2c000000000000000100000001000000", @ANYRES32, @ANYRES32=r2, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r2, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES64=r3, @ANYRES32=0x0, @ANYBLOB="00000000240000000000000001000000be997183", @ANYRES32, @ANYRES32, @ANYRES16=r0, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0xb8}}], 0x2, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket(0x840000000002, 0x3, 0xfa)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000040)={0x4}, 0x10)
write(r7, &(0x7f0000000680)="240000001a005f0214f9f407000904060000000000000002000a00000800040001000000ff22c2c9e77bcb56dae1e1ef1f65d9d9260efcc7498b647a687595d23e5b4c7e8872", 0x46)
getsockname$inet(r6, 0x0, &(0x7f0000000240)=0x1f)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
close_range(r2, r6, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRESOCT=r5, @ANYRESDEC, @ANYRESOCT=r4], 0x50)
unshare(0x62040200)
syz_usb_connect(0x0, 0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="120100005520f010402038b14201040000010902"], 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
r8 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7ff, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000280)={0x1, @pix_mp={0xfffffff8, 0x93cf, 0x33565348, 0x0, 0x8, [{0x6, 0x5}, {0x9, 0x5}, {0x8, 0x3}, {0x4, 0x9}, {0x2, 0xb68a}, {0x6, 0x7ff}, {0x3, 0x2}, {0x50ad0a9a}], 0x9, 0x7f, 0x2, 0x2}})
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000200), 0x30000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r10=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r10, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r9, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r10, 0x0, <r11=>0xffffffffffffffff, 0x1})
unshare(0x2000000)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r9, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r11, 0x0, 0x0, 0x0, 0x200002, 0x77c0e, 0x334e8b})
r12 = socket(0x11, 0x800000003, 0x0)
ioctl$sock_SIOCETHTOOL(r12, 0x8946, &(0x7f00000000c0)={'pimreg0\x00', &(0x7f0000000400)=@ethtool_rxnfc={0x1b, 0x7, 0x7, {0xc, @tcp_ip4_spec={@private=0xa010101, @rand_addr=0x64010101, 0x4e22, 0x4e22, 0x4}, {0x0, @multicast, 0x0, 0x3, [0xff, 0x5714]}, @ah_ip4_spec={@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x3, 0x9}, {0x0, @broadcast, 0x9, 0x4, [0x7, 0xffff]}, 0x2, 0x3f6d}, 0x7, [0x8, 0x9000, 0x35ec0, 0x1, 0x6a, 0x9, 0xa]}})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r9, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r11, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})

47.437304508s ago: executing program 5 (id=3431):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setstatus(r5, 0x4, 0x44000)
r6 = fanotify_init(0x200, 0x0)
fanotify_mark(r6, 0x1, 0x48001059, 0xffffffffffffffff, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
r7 = gettid()
getdents64(0xffffffffffffffff, 0x0, 0xc0)
fchownat(0xffffffffffffffff, &(0x7f0000002140)='./file0\x00', 0x0, 0x0, 0x100)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000002840)={0x0, <r8=>0x0}, &(0x7f0000002880)=0xc)
sendmmsg$unix(r5, &(0x7f00000029c0)=[{{&(0x7f0000000480)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000100)="fb2cf897908ffd9858f764b41b799453dd7a2d8acd934a70c3457904db81f5cc4366840bec19591f58eb8912df49f4", 0x2f}], 0x1, 0x0, 0x0, 0x4}}, {{&(0x7f0000000500)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000ac0)=[{&(0x7f0000000580)="2c77beae59d4977b12f152de4f584b5b02c922f9b502ce813c740610644d4f92ea2b95d16e52448b9fa97999244c6bce1dc7ea7ca8f7c0bc5e0f299bd9bf179f230812dcdee6018aef42e66ff1120ae88d62b87eb9549d1afbc8626f5e6f7f56105819ea716e6749adb6fc44fee6edf59fb9fe9c9c3a284e98017532264d4b3414bf2b1c27b29fb723", 0x89}, {&(0x7f0000000640)="01ff83a5b26f1c1d4d74eda3cfd4a189b7bf1bdfb036dc580cc8f155090a344f1e284770fddff727836277fc08ccfab0fb659fafce61e30a002e18075fcdc39ef3d09a4415c11ab26fa0580b9feeaca47b0c36b6535c472290f3d8696e5699360c", 0x61}, {&(0x7f00000006c0)="cb6ecf781b6b3133b0fe653ed9a25d549c08d8990caeabdc901f68d8f04c6dc6515e8563108267f032881e6c814208436b57fffdb34b74c7f01c6f99dfc4730a4906b2501035d262f02fbf72f6a41351ca0db40e16eec5f8e0cac1144f825b704239b241b6ac673d3dfd1418caa631df7c9798d7d1c7647a88528f3c5c305572e65bbfbd94f945d4190defd96e823ea46380d8b764587a80e882b893800979b4cbfe9f04f027d491331cc91a2ecb0407d23384f4772abffd158f35ae3536f694e843d454b6baf7108f60aa10a631380371e972be1949b0a7e09f390a42b766f860174059e1d3c83493ce38", 0xeb}, {&(0x7f00000007c0)="4fd97401e92b028a54ef9835382aff748a551dd5fe90b1b356edbb67871598fdd775be819427697386a005d238503d9632a1c2ce38d4c604453c6c8eb8c0cf5501883fe6b162de3d0c35837cf8e1b1fb47e3c560234363375661e0493cc78568d753533eb942285f2e1010679c7e985d78af17474556fb32ee84a0a785d4baaa0c88e701e70c154d28792e90db6470150234a89f904ed9a049a0ee8e62f38aac", 0xa0}, {&(0x7f0000000880)="7b2c2e10d985e47d93a61326da515c6c4dfd81af2514d88f121e925398a89cbddddb7eeaf2b1c4d31a8cba2d39b492698ab13e491444bac578fe931eb48d06ed012d46c31d03a4c78ba4a9f79426d7bc70850ef9429748a956d260578dec7ab78c34670b818bec205c303adb92460149911f379fef2d24c43abeefe91b533a8cfa2d0b59a20860f7efb7a63ee06dd455b5a9188ae16f8f6c008234b6dc45", 0x9e}, {&(0x7f0000000940)="d83802de0ca509302cab916a9a16495a9821033748ab24302074eee8b29b400d83b4363ba0c5b879804821c954a3c122b7d5ad5993df0f76a57620f6b115b8f0e05104a70f7fa4097f762028705ee66d65f78f7d3e5b024cfc5da679596d8ca89c44994e6739bc5e2842b8feb60c4751cc3d63e23c75143d059db8392c1c6a205b136f751ef5a251266d14af09ebd6701e922a512fefc1e83256615f18302902618306ad8fcc", 0xa6}, {&(0x7f0000000a00)="5bc474277362adbfc24008f11cb2b764132c36388a589427ea6674c380cb62ea5369d142b7795690258ee012bf09e9765f05e09a1835ce8596615fec43b3f9e8f326dfb03c7e604ee4c650b397c0a2005dd776e3dfbec774c3613b88502ea60ac5ec1cd5a5184300ba0ccb139f74410c3b4ce0440f1833859bab5826e1e15c5a20e8783dd0703f9e34678d285b2c408f1945f83f1224564a214934f999b148c7e30c539874e3f0c4a7564ae37b0d5cca4fcc21b0b0", 0xb5}], 0x7, &(0x7f0000000b80)=[@cred={{0x1c, 0x1, 0x2, {r7}}}], 0x20, 0x52c6ae6ab2ab1c72}}, {{0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000bc0)="e8a14574bb001770907b270a0dcd8efadfefd27579bb52729daa4ecd2e92401e7f3c0b822f84a4247fc0481f302584e2ea60c778139ce7021580789cfb8fd9fecb8a7d7a3699478a9967f9d4c98ed38a822aef9c7411b788d553f31f1245d0e26516d3b35687ba0ac76fbaa960bf42a10adf8079f37d779530339692d5268243d24c9167a04b2c9504f483297d224d7b410d2f7b6e960054148b151f136c0d01e71d08e1273ce0", 0xa7}, {&(0x7f0000000c80)="4191d5018eded604caa523406c40705ceb8844843e6283a6d770ee20804f3218a4144ffd33e5c2adebdcf649a1903a753986fe2f5b405bc199942df597187c9212e1f566262a4c56c2272ff90ffb25f4e1554976160a4d615e075a02b53c699da4bff4321679a697ae9ac41b222056babd9bd73d638e3be7e6bb8487d145c8156d0f8728caca6092dac5d27a158bb2b387962c0b7b7832490ac54f5828116f0c16e2564ea4a79ba278a8a4ff152c293fd38c40472650cdb599507d1b1d306423b936179acd49e9e24e9915c49b", 0xcd}], 0x2, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r7, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r3, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r7, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r7, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r4, @ANYRES32=r0, @ANYRES32=r3, @ANYRES32=r2, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r7, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r7, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c0000000000000001000000020000000ad02b4ed0502ca65f59616373e68f0e27f3950aba088f58f54599290959acbe259d0ac5f861335037e91a16ad58734fe3f78a878f1a9ebeeb171ec29b4b225eea9607731cf6b00ac485378bb796a8c54c7f1085cc13a96d66d4c6b83c35bcaac14122482cccf412bffcff3c8749fb2cc708b4362c78a351e7e74ab930eb9d4eeb5903b9862a9c9899c1b96f06f2a443a7e908144e3fed6f1c46ad8fc80b27b37b9b0f5e45f805a9cb41d7f6ad2c1c0759824426b3a65f2d1dda870600c0f7124d408f38dd9b93ec550421891081be7116d9f39543aba126d27881afef6b59e4b666d485b933", @ANYRES32=r7, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r4], 0x140, 0x4000}}, {{&(0x7f0000001480)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f00000018c0)=[{&(0x7f0000001500)="74cc0e5e65e2dc45c837d4010d0b776c314c81f608f0a79af52412467952d92a37e64af7ec0c31778578dcfcc6294bb2c72e8b7240b67a07e7e25600f161a8ea9b59bd54d653a2d3e21ecca9d0df5f3e91c2d81e853ecc82302db5c7ae0d8d7eaf56b2790e8f2f0bdd8eab6a760a03b2ff038d83c49207e8178613e825325376a33ce9ae6222202778bf79cce71440f9503a4950435324588bb673d7d2c2752acddf2b1ad095f43cd1d31c9d2889f6e44253f0bd3418cb0e041938a2d2ec27ce9b00b55a0487afc236791706", 0xcc}, {&(0x7f0000001600)="3f2fed993f94002400a6990a36644364840faf8b3c6dc5c75cd6a6faa6a98ba25695bb8d8b8bed21d6f1ba7575a905aac9b5b81498a2d0b0b1890affb54451356ba0a595faa67153ffd3e5f6c5dd956cfe9234fbff4d1ffe3d7c0f7bbd4f79d3fbcd548b95d646a22eb7e0dba9147567973d92e278ea0f59753c320c91f4992c572f1a7465dadb4e89371fbf0e69176c0df5dd9cf9", 0x95}, {&(0x7f00000016c0)="5bd61ec89c643814e4079ca52e25c3f36b6da3d043ccc0d16a4f73ab20fb5bde7518534d7fae74b411d0825cfadfa4622c11c373a9e23794e8dd75d36f985b86878780dcf57e5a93dd3d7bc236436137ccd084d5ea2a56a94364dbbd9782cd39a6b0aa8d3d5d87fe77977b370c3b84e0debcf2f216c395e32ad8b69854e24d0c3bbf436e057c47661d05db0d9a1fbc06df3a5a1dd773a780b4ef9d20dd130eb5a69b508c20fbb85335b8b47ca919e1cce4952ceab160032bdde82d07080dcc5f15b2e4ef8cf4837cf4d77f2a548598d3bf8dda33b710e662c877741c528a15fed0b4acd45e3a80", 0xe7}, {&(0x7f00000017c0)="a01eca6ee47ca204354f97d86865a0233d79d947b62117c00b21cd19e1849e5976d3a4e9b268dc80e86542ee3d624ccb5293923b573a78e34a9f976c17729899dae5ebd77562c6576f533ee0575f4f6a8dd7334d8177444bde6c4388427526aab69459ad65deb7b53c478b020cd84334f0f4d0c6736c155a7bee4bf42d09a947f25e812989b5502dc493b270b0fda1b380299a2f5bab589e36bfda2a048f33652107dba807a698f2321a41c8f27234fc30f5dd2f13f9d7b256f74560698bc308e05b54f5de1dbabfd3f25f0d2287ee356d0e8030c9a3025dac330e93f5425acb", 0xe0}], 0x4, 0x0, 0x0, 0x10}}, {{&(0x7f0000001900)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001f40), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r7, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="0001000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00'], 0x38, 0x8010}}, {{&(0x7f0000002140)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002600)=[{&(0x7f00000021c0)="a55139c3033d207ce7b6ccfc476d60a618f6560a4de7d979a1d19d9aa9530946859343f1e38295410acf931ad063b46b1a354121bda7", 0x36}, {&(0x7f0000002200)="3f27205872e859d65b70a9cc3d79c229d6e75032bd295fbeed9e9368759b6acc761e91a3e1b8ba226cf27df33cda5a80d2be9a11f6e6740ab3ae41eba69102fcfaa7ec5363957cb820052953f37c09e151133ecdc428a7fda0326d5ddb225640831ab8e97047fa465d8841bab3b8e68e1e0c45828a4b805d98d7b48610f234b471e7bba366aaf94c0620fb13ba887e6ac1172ff12031a47199abef9467202d29ab3b5912597007dece446a0ababe032cf3ec8df750333e4a410834a7b9bbe59176601f7e0c931e85f0314f8a392c07", 0xcf}, {&(0x7f0000002300)="88bd426d752de9f58b4af4883bacd9ce1aa5d6958f7e7550713d20adb99f054a5c7ec43803", 0x25}, {&(0x7f0000002340)="31feb124776806e09322df1195a6dec7c2e84ef90d0d5bd04f4881fbf8fc45e0ce098a004903a0e8f0add2f724cdc96b9e778bf2c29fc0fc46c5af40a53c627e17f997016ec02e1dc9d826d36fcc8a1d9773840023455f8aebeeb03f0992a3d30ffe8150bf23192e69a10e1d4c3990e37382f98b92fe30119d0422374f15e63f07315436aae083d0509199493fcdaa0263329b3a0bf65cccce6794428268de894461f1b2f41bca494cf4649b17", 0xad}, {&(0x7f0000002400)="d179348dc5d7ef8e5cf030bc92619f636cff139b952cfdc35e2e6b3ad141be52d9d9907e8045c51c2a03285181383377892eb5f2a7f60e13c8ca68286b0b47839df0ecc2188fd38d6feb66", 0x4b}, {&(0x7f0000002480)="d800353af7c64eb680488bd7a31eac2e34f7a52a5a2c18bf25662c72b24e71d41694412482bd05ed8fb11d3ab2b7a0493508e40c2a06e700d09d2f5d0e780f1a23d4b886510594943c5aa599cff6c5388053629a8ed80b3e5348ed2c8d91eea40dacdb3f74d5cf626c80e35ed7091664024d9f4c77437a960b696027ca6ddb3ad8234ce81e6357091dc1b47fbcdd59bc076432430cafb77d9e1de246780d54f37cecee09c39e37059d482032fd11fba36d08dc37defb94452f0816111d", 0xbd}, {&(0x7f0000002540)="3a44a8ac9c8acd49f1a777cd372b02f0e9e01e1fb8fa2ab3384345e87aec98691973d9eacbc532f22d80c090ae219d88592e8b44b6345c690e3e05e8fc0c9a05b63617041119ebc4ca2d9fc95b6d505902420af0f9faf241a30d3fdb0ae169ee37689f5ee53fbe8e2044e53805d1d36106651f7b518a5a5b13176e60a728e4893ec053d99465b3c1ceeb4205f39ef7846a9411d9340aa499de99d96ad1d310f9e5b15113be0641121ee76bcd3e2238cd6bd094293981e2", 0xb7}], 0x7}}, {{&(0x7f0000002680)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000002740)=[{&(0x7f0000002700)="ee3ba5a5769bd7dbe0031705638664bf611abb3a1f5dca457b70e59b67f5", 0x1e}], 0x1, &(0x7f00000028c0)=[@cred={{0x1c, 0x1, 0x2, {r7, 0xffffffffffffffff}}}, @rights={{0x28, 0x1, 0x1, [r4, r5, r4, r6, r0, r3]}}, @rights={{0x18, 0x1, 0x1, [r2, r6]}}, @rights={{0x28, 0x1, 0x1, [r3, r3, r1, r3, 0xffffffffffffffff, r6]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r7}}}, @cred={{0x1c, 0x1, 0x2, {r7, r8, 0xee00}}}], 0xe0, 0x4844}}], 0x7, 0x4000000)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)=<r9=>0x0)
timer_settime(r9, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
write(r3, &(0x7f00000003c0)="dd4ad45a4fdeaed120285f67587d064964d3c632b4c1a49ee1ea8c94f86522bbde5c871c045acc4ed85c330d5a08e0a0414dcc46daa4e565a6fb5e9633dba3294e70dab47aa28c8998e97062500f64afb6c7092ec5461c2aebc148bb1abd09bd60aa9b2e1b4f1c2ddd60c80d9247a153a08c5b5b6825cde5f3f8f72fc47d06ea82d5410f281d961eb1d709c7a8b9d16b4e08b70e3fb9efd8e446a920fc73e9859d579e10478a2b508360f242f8c2c57907192d80", 0xb4)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r10, 0x0)
ioctl$FS_IOC_READ_VERITY_METADATA(r6, 0xc0286687, &(0x7f00000001c0)={0x0, 0x6, 0x10, &(0x7f0000000140)=""/16})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

47.126089835s ago: executing program 0 (id=3432):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000240)=0x3)
ioctl$TCFLSH(r1, 0x540b, 0x0)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$PTP_PEROUT_REQUEST2(r2, 0x40383d0c, &(0x7f0000000040)={{0x6, 0x101}, {0x804, 0x109003ff}, 0x7, 0x3})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800c0001006d6163766c616e000c0002800800", @ANYBLOB='\b\x00'], 0x4c}}, 0x0)

46.680987699s ago: executing program 0 (id=3433):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x118d7, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r2 = userfaultfd(0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
r3 = socket(0x15, 0x5, 0x0)
getsockopt(r3, 0x200000000114, 0x2721, 0x0, &(0x7f0000000000)) (fail_nth: 2)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f00000000c0)='[%-:\\\x00')
r4 = socket$inet6(0xa, 0x1000080002, 0x100000000000088)
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x100000000a, &(0x7f00000003c0)=0x800000001, 0x4)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4008840, &(0x7f0000000180)={0xa, 0x4e23, 0x20009, @mcast2}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="17", 0x1, 0x0, 0x0, 0x0)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, &(0x7f0000000100)='veth1_to_batadv\x00')
read$FUSE(r4, &(0x7f0000001540)={0x2020}, 0x2020)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

45.837428995s ago: executing program 1 (id=3434):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xe4776000)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r1, 0x80046402, 0xfffffffffffffffd)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
read$FUSE(r2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000140), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000100)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_DQBUF(r3, 0xc0585611, &(0x7f0000000200)=@userptr={0x0, 0x1, 0x4, 0x2, 0x0, {0x77359400}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, "0a009300"}, 0x0, 0x2, {0x0}})
ioctl$vim2m_VIDIOC_DQBUF(r3, 0xc0585611, &(0x7f0000000280)=@mmap={0x0, 0x1, 0x4, 0x100004, 0x0, {0x77359400}, {0x7, 0xc, 0x0, 0x0, 0x0, 0x0, "37bb54f0"}})

45.705100878s ago: executing program 5 (id=3435):
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x44, 0x24, 0xd0f, 0xfffffffc, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x1}, @TCA_CAKE_FWMARK={0x8, 0x12, 0xfffffffd}]}}]}, 0x44}}, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x4, 0x2ffffffff}, 0x2e)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000700)=@filter={'filter\x00', 0x42, 0x4, 0x2d0, 0xffffffff, 0xf0, 0x0, 0xf0, 0xffffffff, 0xffffffff, 0x290, 0x290, 0x290, 0xffffffff, 0x4, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0x0, 'veth0_to_batadv\x00', 'vlan0\x00', {0xff}, {0xff}, 0x8, 0x0, 0x17}, 0x0, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@ip={@loopback, @rand_addr=0x64010101, 0xffffff00, 0xff000000, 'geneve0\x00', 'macvlan0\x00', {0xff}, {}, 0x2, 0x0, 0x17}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @multicast, 0x1, 0x3, [0x24, 0x2c, 0x4, 0x2, 0x12, 0x22, 0x16, 0x10, 0x35, 0x1a, 0x31, 0x3e, 0x9, 0x0, 0x24, 0x39], 0x1, 0x6, 0x7}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x3a}, @loopback, 0xff, 0xffffff00, 'bond0\x00', 'dvmrp0\x00', {}, {}, 0x2f, 0x2, 0x21}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @empty, 0xd, 0x8, [0xa, 0x26, 0x2a, 0xa, 0x13, 0xe, 0x29, 0x21, 0x2d, 0x32, 0x40, 0x20, 0x28, 0x18, 0x22, 0x1e], 0x1, 0x0, 0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x330)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000140))
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="440000002100010004000000fddbdf250a10000000000000100000001400110076657468315f6d61637674617000000014000100"], 0x44}, 0x1, 0x0, 0x0, 0x84}, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_CONN_TIMEOUT(r5, 0x10f, 0x82, 0x0, 0x0)
ptrace$setregs(0xd, r4, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)

45.371778524s ago: executing program 5 (id=3436):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000280)='\b\x00\x00\x00', 0x4}], 0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x200000, @empty, 0x1}, 0x1c)
syz_usb_connect(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000dae11c105e0484028fa401020301090224000100000000090400"], 0x0)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = accept(r2, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r4)

44.595426867s ago: executing program 0 (id=3437):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000000)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2})

44.372045762s ago: executing program 0 (id=3438):
syz_usb_connect(0x3, 0x64, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000cb8be7406d042308483901020301"], 0x0)
syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0x3eac, 0x400, 0x2, 0x105}, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
socket$kcm(0x2, 0x3, 0x2)
socket$kcm(0x10, 0x2, 0x4)
socket$rds(0x15, 0x5, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004015400000005015bbe40102030109021200010dda02ac3200000000000000c46f0078e428881918e8b119f8e32511d287d6209a1f8a38a5eeada917c57e2a55b87fd94109ea7728c0a4ed1df699a27f85f29d0825ae70ac469f2c01ab602e7b8b23c3dcfc80a612da0b20e3c4fdebebf59f6faea738e8d6b6159e43d56b3cd4a95592f4b8b36d11b85f0bb9570a34a6adc6f50a17f767872584573bea9722f3f9db4fe7a73f588588c4f5dc9f34362e6c779a5ad9b59a4efcf35a9820b23677057df562"], 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a0003"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

44.371811119s ago: executing program 3 (id=3439):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
creat(&(0x7f00000003c0)='./bus\x00', 0x0)
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x18d03e, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400}, 0x0)
r2 = open(0x0, 0xc2802, 0x181)
ftruncate(r2, 0x2008002)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r0, 0x2000000)
r3 = gettid()
process_vm_writev(r3, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1}], 0x1, 0x0, 0x0, 0x0)
write$FUSE_NOTIFY_RESEND(0xffffffffffffffff, 0x0, 0x0)
pipe2$9p(0x0, 0x4000)
write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)

44.155884218s ago: executing program 1 (id=3440):
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000220edf104c05c10687c20102030109022400010000ae0009040000024f69960009050f02"], 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="300000001000010021bd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="858804000300000008001b000000000008000d00080000004469db08a9d815762789002d90c8aaa3f6e79b2d"], 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0xffc3, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

44.042766212s ago: executing program 3 (id=3441):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5})
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000080)=0x10)

43.801191214s ago: executing program 4 (id=3442):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000200)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0})
r1 = socket$kcm(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x2000d00, 0x3, 0x0, &(0x7f0000000140)="a06ad8", 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000052e8e510b1134200c4dc0102030109021b00010000000009044400012eafb2000905810dff"], 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x810}, 0x200008c4)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_PERTURB={0x8, 0xc, 0x5}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x15625}]}}]}, 0x4c}}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000280)={'bridge0\x00', 0x0})
r7 = socket(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f0000000000), 0x4000000000001f2, 0x0)
getsockopt$inet_mreqn(r3, 0x0, 0x53, 0x0, &(0x7f0000000040)=0xf)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x4, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000180)=0x6})
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8936, 0x0)

43.020126126s ago: executing program 3 (id=3443):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f00000028c0)={0x0, 0x28}}, 0x0)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r4=>0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c00000010007d03cdd9d06e326200005dcc0300", @ANYRES32, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r7], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, 0x0, {0xffe0}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4040940}, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x8})
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000002c0)={0x0, 0x80000001, 0x3, {0x4, @vbi={0x1, 0x9, 0xa, 0x30314442, [0x3c2, 0x7ff], [0x4], 0x13a}}, 0x6})
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
munlockall()
bind$unix(0xffffffffffffffff, 0x0, 0x0)
getsockopt$bt_hci(r3, 0x0, 0x1, &(0x7f00000000c0)=""/105, &(0x7f0000000000)=0x69)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x2b, [0x8000, 0xc95a, 0xffffdff3, 0x1, 0x80, 0x6, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x800, 0x5, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x24, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x242, 0xc, 0xe, 0x0, 0x71, 0x7, 0x7, 0x3, 0x2, 0x8005, 0x3f, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x3, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x9, 0x3, 0x3, 0x8000, 0x9, 0x400, 0x401, 0x6, 0x1, 0x8, 0x5, 0x10005, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7, 0x28, 0x1, 0xfe000000, 0xffff, 0x2, 0x7, 0x9, 0x3ff, 0x3, 0x9, 0x1, 0x7, 0x3, 0x9, 0x0, 0x12000000, 0x2], [0x100007, 0x4, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x2, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x8, 0x8, 0x86, 0x10000003, 0x1000, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x5, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0x83, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x2ac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x0, 0x1, 0xffff, 0x0, 0x4, 0xfffffffe, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x25], [0x9, 0x6, 0x3, 0xb, 0x5, 0x934, 0x6, 0x6, 0x0, 0xbdfe, 0xce7, 0x1ff, 0xfffffffe, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x8003, 0xffff, 0x81, 0xff, 0x5, 0x1, 0xfffffffe, 0x14c, 0x60a7, 0xa71d, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x3ff, 0x9602, 0x7, 0x2, 0x7, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa23, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0x2, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x48, 0x10, 0x401, 0x0, 0x101, {0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r1}]}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x48}}, 0x40800)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000003c0)={0x53, 0xfffffffffffffffe, 0x2, 0xfc, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000000)="5d1d", 0x0, 0xffffffff, 0x0, 0x1, 0x0})

41.383999621s ago: executing program 5 (id=3444):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f00000028c0)={0x0, 0x28}}, 0x0)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r4=>0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, 0x0, 0x0)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c00000010007d03cdd9d06e326200005dcc0300", @ANYRES32, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r7], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, 0x0, {0xffe0}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4040940}, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x8})
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000002c0)={0x0, 0x80000001, 0x3, {0x4, @vbi={0x1, 0x9, 0xa, 0x30314442, [0x3c2, 0x7ff], [0x4], 0x13a}}, 0x6})
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
munlockall()
bind$unix(0xffffffffffffffff, 0x0, 0x0)
getsockopt$bt_hci(r3, 0x0, 0x1, &(0x7f00000000c0)=""/105, &(0x7f0000000000)=0x69)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x2b, [0x8000, 0xc95a, 0xffffdff3, 0x1, 0x80, 0x6, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x800, 0x5, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x24, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x242, 0xc, 0xe, 0x0, 0x71, 0x7, 0x7, 0x3, 0x2, 0x8005, 0x3f, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x3, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x9, 0x3, 0x3, 0x8000, 0x9, 0x400, 0x401, 0x6, 0x1, 0x8, 0x5, 0x10005, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7, 0x28, 0x1, 0xfe000000, 0xffff, 0x2, 0x7, 0x9, 0x3ff, 0x3, 0x9, 0x1, 0x7, 0x3, 0x9, 0x0, 0x12000000, 0x2], [0x100007, 0x4, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x2, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x8, 0x8, 0x86, 0x10000003, 0x1000, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x5, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0x83, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x2ac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x0, 0x1, 0xffff, 0x0, 0x4, 0xfffffffe, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x25], [0x9, 0x6, 0x3, 0xb, 0x5, 0x934, 0x6, 0x6, 0x0, 0xbdfe, 0xce7, 0x1ff, 0xfffffffe, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x8003, 0xffff, 0x81, 0xff, 0x5, 0x1, 0xfffffffe, 0x14c, 0x60a7, 0xa71d, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x3ff, 0x9602, 0x7, 0x2, 0x7, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa23, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0x2, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x48, 0x10, 0x401, 0x0, 0x101, {0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r1}]}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x48}}, 0x40800)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000003c0)={0x53, 0xfffffffffffffffe, 0x2, 0xfc, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000000)="5d1d", 0x0, 0xffffffff, 0x0, 0x1, 0x0})

40.499044183s ago: executing program 4 (id=3445):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x6, 0xfd, 0x7fff0005}]})
r0 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0xa2003, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
accept$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @private2}, &(0x7f00000001c0)=0x1c)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000240))
ioctl$DMA_HEAP_IOCTL_ALLOC(r0, 0xc0184800, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x1}, 0x10)
sendmsg$tipc(r3, &(0x7f00000008c0)={&(0x7f0000000600)=@id={0x1e, 0x3, 0x1, {0x4e21, 0x1}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x0)
r4 = dup3(r2, r3, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, 0x0, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r4, 0x10f, 0x88)
r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_GEM_OPEN(r5, 0xc010640b, &(0x7f0000000100))

40.401699735s ago: executing program 0 (id=3446):
add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f0000000080)="ae", 0xfffff, 0xffffffffffffffff)

37.878795077s ago: executing program 3 (id=3447):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0207e807e7"], 0x10}}, 0x40044)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
recvmmsg(r3, &(0x7f00000006c0), 0xf77e, 0x2, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000740)={@broadcast, @random='\x00\x00B\f\x00', @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "fec000", 0x48, 0x3a, 0x0, @private0, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "18b088", 0x0, 0x0, 0x0, @empty, @mcast2, [@hopopts={0x11}, @dstopts={0x32, 0x0, '\x00', [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}]}}}}}}}, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000280)={{{@in=@rand_addr=0x64010101, @in6=@empty, 0x0, 0x56, 0x2, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x2, 0xfffffffffffffff6, 0x2000000, 0x1}, {0x4, 0x0, 0x4}, 0x1, 0x0, 0x1}, {{@in=@empty, 0x0, 0x2b}, 0xa, @in=@loopback, 0x3507, 0x4, 0x0, 0x0, 0xffffffff, 0x8, 0x4}}, 0xe8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xff}}}, 0x1c)

36.275178817s ago: executing program 0 (id=3448):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0107000000000000000067000000080001004300000008000300", @ANYRES32, @ANYBLOB="0c009900040000000d0000000800c300e7"], 0x40}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x30, 0x7, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x7}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x6}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008888}, 0x24008000)

36.171885742s ago: executing program 4 (id=3449):
r0 = syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2)
preadv(r0, &(0x7f0000000040), 0x0, 0xffff, 0x3)
syz_usb_connect$uac1(0x0, 0x89, &(0x7f00000009c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x77, 0x3, 0x1, 0x6, 0x0, 0x29, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x9, 0x8}, [@selector_unit={0x5, 0x24, 0x5, 0x6, 0x4}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x7, 0x6, 0x0, {0x7, 0x25, 0x1, 0x41, 0x6, 0xa6}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x2, 0xf4b5, 0x1, "060000"}, @as_header={0x7, 0x24, 0x1, 0xb, 0x8, 0x1002}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x7f, 0x2, 0x81, {0x7, 0x25, 0x1, 0x0, 0x9, 0xa}}}}}}}]}}, 0x0)

35.933589254s ago: executing program 1 (id=3450):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
r1 = socket$inet6(0xa, 0x4, 0x0)
recvmsg(r1, &(0x7f00000005c0)={&(0x7f0000000040)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000000340)=[{&(0x7f00000000c0)=""/35, 0x23}, {&(0x7f0000000200)=""/141, 0x8d}, {&(0x7f00000004c0)=""/233, 0xe9}], 0x3, &(0x7f0000000380)=""/105, 0x69}, 0x1)
recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000004700)=""/4088, 0xff8}, {&(0x7f0000003700)=""/4074, 0xfea}, {&(0x7f0000002500)=""/4137, 0x1029}, {&(0x7f00000011c0)=""/105, 0x69}, {&(0x7f0000000400)=""/158, 0x9e}, {&(0x7f0000000140)=""/179, 0xb3}], 0x6}, 0x12002)

0s ago: executing program 33 (id=3444):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f00000028c0)={0x0, 0x28}}, 0x0)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r4=>0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, 0x0, 0x0)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c00000010007d03cdd9d06e326200005dcc0300", @ANYRES32, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r7], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, 0x0, {0xffe0}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4040940}, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x8})
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000002c0)={0x0, 0x80000001, 0x3, {0x4, @vbi={0x1, 0x9, 0xa, 0x30314442, [0x3c2, 0x7ff], [0x4], 0x13a}}, 0x6})
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
munlockall()
bind$unix(0xffffffffffffffff, 0x0, 0x0)
getsockopt$bt_hci(r3, 0x0, 0x1, &(0x7f00000000c0)=""/105, &(0x7f0000000000)=0x69)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x2b, [0x8000, 0xc95a, 0xffffdff3, 0x1, 0x80, 0x6, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x800, 0x5, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x24, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x242, 0xc, 0xe, 0x0, 0x71, 0x7, 0x7, 0x3, 0x2, 0x8005, 0x3f, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x3, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x9, 0x3, 0x3, 0x8000, 0x9, 0x400, 0x401, 0x6, 0x1, 0x8, 0x5, 0x10005, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7, 0x28, 0x1, 0xfe000000, 0xffff, 0x2, 0x7, 0x9, 0x3ff, 0x3, 0x9, 0x1, 0x7, 0x3, 0x9, 0x0, 0x12000000, 0x2], [0x100007, 0x4, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x2, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x8, 0x8, 0x86, 0x10000003, 0x1000, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x5, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0x83, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x2ac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x0, 0x1, 0xffff, 0x0, 0x4, 0xfffffffe, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x25], [0x9, 0x6, 0x3, 0xb, 0x5, 0x934, 0x6, 0x6, 0x0, 0xbdfe, 0xce7, 0x1ff, 0xfffffffe, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x8003, 0xffff, 0x81, 0xff, 0x5, 0x1, 0xfffffffe, 0x14c, 0x60a7, 0xa71d, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x3ff, 0x9602, 0x7, 0x2, 0x7, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa23, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0x2, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x48, 0x10, 0x401, 0x0, 0x101, {0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r1}]}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x48}}, 0x40800)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000003c0)={0x53, 0xfffffffffffffffe, 0x2, 0xfc, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000000)="5d1d", 0x0, 0xffffffff, 0x0, 0x1, 0x0})

kernel console output (not intermixed with test programs):

869.563984][    T9] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  870.198160][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  870.204484][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  870.938536][T12387] Bluetooth: hci0: command tx timeout
[  871.861209][    T9] usb 6-1: USB disconnect, device number 12
[  871.915738][    T9] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  872.080696][    T9] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  872.231445][    T9] visor 6-1:1.0: device disconnected
[  872.679638][T17483] netlink: 'syz.4.3039': attribute type 2 has an invalid length.
[  872.849592][T17483] : entered promiscuous mode
[  873.022629][T12387] Bluetooth: hci0: command 0x0419 tx timeout
[  874.787993][ T5837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  874.827908][ T5837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  874.842820][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  874.854197][ T5837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  874.871001][ T5837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  874.952938][T17500] syz.3.3044 (17500): drop_caches: 2
[  874.986937][T13332] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[  875.097939][T12387] Bluetooth: hci0: command 0x0419 tx timeout
[  875.169477][T13332] usb 5-1: Using ep0 maxpacket: 32
[  875.178303][T13332] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  875.189212][T13332] usb 5-1: config 0 has no interface number 0
[  875.212044][T13332] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  875.222801][ T8344] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  875.231986][T13332] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  875.252544][T13332] usb 5-1: Product: syz
[  875.260929][T13332] usb 5-1: Manufacturer: syz
[  875.266366][T13332] usb 5-1: SerialNumber: syz
[  875.276657][T13332] usb 5-1: config 0 descriptor??
[  875.315634][T13332] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  875.337185][T13332] usb 5-1: selecting invalid altsetting 1
[  875.343027][T13332] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  875.366458][T13332] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  875.383708][T13332] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  875.393273][T13332] usb 5-1: media controller created
[  875.403942][ T8344] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  875.416124][ T8344] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  875.440926][ T8344] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  875.459273][T13332] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  875.467915][ T8344] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  875.721989][ T8344] usb 4-1: usb_control_msg returned -32
[  875.729070][ T8344] usbtmc 4-1:16.0: can't read capabilities
[  875.915484][   T13] bond0 (unregistering): (slave gretap2): Releasing active interface
[  875.983358][   T13] dvmrp0 (unregistering): left allmulticast mode
[  876.525849][   T13] bond0 (unregistering): Released all slaves
[  876.640749][T13332] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  876.725788][T13332] zl10353_read_register: readreg error (reg=127, ret==-110)
[  876.737283][T17497] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  876.923346][T13332] usb 5-1: USB disconnect, device number 95
[  876.938854][T12387] Bluetooth: hci3: command tx timeout
[  877.005138][   T13] bond1 (unregistering): Released all slaves
[  877.259526][   T13] bond2 (unregistering): Released all slaves
[  877.481572][   T13] bond3 (unregistering): Released all slaves
[  877.589061][T17525] syz.5.3049 (17525): drop_caches: 2
[  877.910029][ T8349] usb 4-1: USB disconnect, device number 7
[  878.549960][T17534] syz.3.3051 (17534): drop_caches: 2
[  878.772392][T17537] FAULT_INJECTION: forcing a failure.
[  878.772392][T17537] name failslab, interval 1, probability 0, space 0, times 0
[  878.800912][T17537] CPU: 1 UID: 0 PID: 17537 Comm: syz.0.3052 Not tainted syzkaller #0 PREEMPT(full) 
[  878.800943][T17537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  878.800954][T17537] Call Trace:
[  878.800962][T17537]  <TASK>
[  878.800970][T17537]  dump_stack_lvl+0x189/0x250
[  878.800999][T17537]  ? __pfx____ratelimit+0x10/0x10
[  878.801022][T17537]  ? __pfx_dump_stack_lvl+0x10/0x10
[  878.801041][T17537]  ? __pfx__printk+0x10/0x10
[  878.801064][T17537]  ? __pfx___might_resched+0x10/0x10
[  878.801088][T17537]  should_fail_ex+0x414/0x560
[  878.801115][T17537]  should_failslab+0xa8/0x100
[  878.801134][T17537]  __kmalloc_noprof+0xcb/0x7f0
[  878.801154][T17537]  ? kfree+0x19a/0x6d0
[  878.801171][T17537]  ? snd_pcm_hw_refine+0x967/0x1640
[  878.801196][T17537]  snd_pcm_hw_refine+0x967/0x1640
[  878.801232][T17537]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  878.801302][T17537]  snd_pcm_hw_param_first+0x3e9/0xaf0
[  878.801337][T17537]  snd_pcm_hw_params+0x575/0x1d30
[  878.801378][T17537]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  878.801414][T17537]  ? snd_pcm_kernel_ioctl+0x230/0x3b0
[  878.801438][T17537]  snd_pcm_oss_change_params_locked+0x21cb/0x3e40
[  878.801497][T17537]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  878.801551][T17537]  snd_pcm_oss_read+0x26a/0x8d0
[  878.801584][T17537]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  878.801609][T17537]  vfs_read+0x200/0xa30
[  878.801641][T17537]  ? __pfx_vfs_read+0x10/0x10
[  878.801664][T17537]  ? __fget_files+0x2a/0x420
[  878.801685][T17537]  ? __fget_files+0x2a/0x420
[  878.801700][T17537]  ? __fget_files+0x3a0/0x420
[  878.801715][T17537]  ? __fget_files+0x2a/0x420
[  878.801741][T17537]  ksys_read+0x145/0x250
[  878.801766][T17537]  ? __pfx_ksys_read+0x10/0x10
[  878.801793][T17537]  ? do_syscall_64+0xbe/0xfa0
[  878.801820][T17537]  do_syscall_64+0xfa/0xfa0
[  878.801840][T17537]  ? lockdep_hardirqs_on+0x9c/0x150
[  878.801863][T17537]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.801880][T17537]  ? clear_bhb_loop+0x60/0xb0
[  878.801901][T17537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.801918][T17537] RIP: 0033:0x7f155058efc9
[  878.801941][T17537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  878.801956][T17537] RSP: 002b:00007f15514f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  878.801976][T17537] RAX: ffffffffffffffda RBX: 00007f15507e5fa0 RCX: 00007f155058efc9
[  878.801989][T17537] RDX: 0000000000002020 RSI: 00002000000063c0 RDI: 0000000000000003
[  878.802001][T17537] RBP: 00007f15514f8090 R08: 0000000000000000 R09: 0000000000000000
[  878.802012][T17537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  878.802023][T17537] R13: 00007f15507e6038 R14: 00007f15507e5fa0 R15: 00007f155090fa28
[  878.802054][T17537]  </TASK>
[  879.090727][T12387] Bluetooth: hci3: command tx timeout
[  879.348259][   T13] bond4 (unregistering): Released all slaves
[  879.543615][   T30] kauditd_printk_skb: 95 callbacks suppressed
[  879.543631][   T30] audit: type=1326 audit(1762136583.185:1704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17541 comm="syz.4.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabb058efc9 code=0x7ffc0000
[  879.572705][   T30] audit: type=1326 audit(1762136583.185:1705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17541 comm="syz.4.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabb058efc9 code=0x7ffc0000
[  879.595744][   T30] audit: type=1326 audit(1762136583.195:1706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17541 comm="syz.4.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fabb058efc9 code=0x7ffc0000
[  879.621924][   T30] audit: type=1326 audit(1762136583.195:1707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17541 comm="syz.4.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabb058efc9 code=0x7ffc0000
[  879.645321][   T30] audit: type=1326 audit(1762136583.195:1708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17541 comm="syz.4.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7fabb058efc9 code=0x7ffc0000
[  879.670986][   T30] audit: type=1326 audit(1762136583.195:1709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17541 comm="syz.4.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fabb052b099 code=0x7ffc0000
[  879.695959][   T30] audit: type=1326 audit(1762136583.195:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17541 comm="syz.4.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabb058efc9 code=0x7ffc0000
[  879.718956][   T30] audit: type=1326 audit(1762136583.195:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17541 comm="syz.4.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fabb058efc9 code=0x7ffc0000
[  879.721457][   T13] bond5 (unregistering): Released all slaves
[  879.772625][   T30] audit: type=1326 audit(1762136583.195:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17541 comm="syz.4.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabb058efc9 code=0x7ffc0000
[  879.796010][   T30] audit: type=1326 audit(1762136583.195:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17541 comm="syz.4.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fabb058efc9 code=0x7ffc0000
[  879.979088][   T13] bond6 (unregistering): (slave veth3): Releasing active interface
[  879.990998][   T13] bond6 (unregistering): Released all slaves
[  880.141979][   T13] bond7 (unregistering): (slave veth5): Releasing active interface
[  880.152377][   T13] bond7 (unregistering): (slave veth0_to_bond): Releasing active interface
[  880.162988][   T13] bond7 (unregistering): Released all slaves
[  880.422219][T17555] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3059'.
[  880.440042][   T13] : left promiscuous mode
[  880.591202][T17559] gretap1: entered promiscuous mode
[  880.642140][T17502] chnl_net:caif_netlink_parms(): no params data found
[  880.671900][T17557] tipc: Started in network mode
[  880.676928][T17557] tipc: Node identity e27726f894c6, cluster identity 4711
[  880.684284][T17557] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  880.697267][   T13] tipc: Left network mode
[  880.699545][T17562] syzkaller0: entered promiscuous mode
[  880.710143][T17562] syzkaller0: entered allmulticast mode
[  880.842851][T17562] tipc: Resetting bearer <eth:syzkaller0>
[  880.906548][T17556] tipc: Resetting bearer <eth:syzkaller0>
[  880.952999][T17556] tipc: Disabling bearer <eth:syzkaller0>
[  881.072424][T17573] KVM: debugfs: duplicate directory 17573-5
[  881.097396][T12387] Bluetooth: hci3: command tx timeout
[  881.149137][T17502] bridge0: port 1(bridge_slave_0) entered blocking state
[  881.157565][T17502] bridge0: port 1(bridge_slave_0) entered disabled state
[  881.165104][T17502] bridge_slave_0: entered allmulticast mode
[  881.175342][T17502] bridge_slave_0: entered promiscuous mode
[  881.184524][T17502] bridge0: port 2(bridge_slave_1) entered blocking state
[  881.195795][T17502] bridge0: port 2(bridge_slave_1) entered disabled state
[  881.203237][T17502] bridge_slave_1: entered allmulticast mode
[  881.224048][T17502] bridge_slave_1: entered promiscuous mode
[  881.260802][   T13] hsr_slave_0: left promiscuous mode
[  881.279149][   T13] hsr_slave_1: left promiscuous mode
[  881.300795][   T13] hsr0: left allmulticast mode
[  881.327962][   T13] hsr0: left promiscuous mode
[  881.503727][   T13] pim6reg (unregistering): left allmulticast mode
[  882.257699][ T8349] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  882.262416][T17585] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3066'.
[  882.274468][T17585] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3066'.
[  882.286720][T17585] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  882.440438][ T8349] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  882.462408][ T8349] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  882.472962][ T8349] usb 4-1: config 0 interface 0 has no altsetting 0
[  882.491355][ T8349] usb 4-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00
[  882.501228][ T8349] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  882.537894][ T8349] usb 4-1: config 0 descriptor??
[  882.667222][T17502] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  882.700465][T17502] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  882.718617][T17592] netlink: 'syz.5.3068': attribute type 13 has an invalid length.
[  882.735060][T17592] netlink: 'syz.5.3068': attribute type 17 has an invalid length.
[  882.767511][T17592] gretap0: refused to change device tx_queue_len
[  882.774327][T17592] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  882.809431][T17502] team0: Port device team_slave_0 added
[  882.819354][T17502] team0: Port device team_slave_1 added
[  882.910513][T17502] batman_adv: batadv0: Adding interface: batadv_slave_0
[  882.920658][T17502] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  882.950187][T17502] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  882.971199][ T8349] lenovo 0003:17EF:60EE.001F: unknown main item tag 0x0
[  882.992960][T17502] batman_adv: batadv0: Adding interface: batadv_slave_1
[  883.012055][ T8349] lenovo 0003:17EF:60EE.001F: unknown main item tag 0x0
[  883.023961][T17502] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  883.057666][ T8349] lenovo 0003:17EF:60EE.001F: unknown main item tag 0x0
[  883.064670][ T8349] lenovo 0003:17EF:60EE.001F: unknown main item tag 0x0
[  883.074788][ T8349] lenovo 0003:17EF:60EE.001F: unknown main item tag 0x0
[  883.094027][T17502] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  883.109460][ T8349] lenovo 0003:17EF:60EE.001F: hidraw0: USB HID v0.01 Device [HID 17ef:60ee] on usb-dummy_hcd.3-1/input0
[  883.170187][   T13] IPVS: stop unused estimator thread 0...
[  883.177341][T12387] Bluetooth: hci3: command tx timeout
[  883.243388][T17502] hsr_slave_0: entered promiscuous mode
[  883.250582][T17502] hsr_slave_1: entered promiscuous mode
[  883.259500][T17502] debugfs: 'hsr0' already exists in 'hsr'
[  883.265286][T17502] Cannot create hsr debugfs directory
[  883.344156][T17603] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3072'.
[  883.384225][T17603] gretap1: entered promiscuous mode
[  883.484451][T17502] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  883.562012][T17502] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  883.663948][T17502] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  883.746688][T17502] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  883.934724][T17502] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  883.988961][T17502] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  884.041217][T17502] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  884.063891][T17502] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  884.121564][ T8349] lenovo 0003:17EF:60EE.001F: Sensitivity setting failed: -71
[  884.163438][ T8349] usb 4-1: USB disconnect, device number 8
[  884.338193][T17502] 8021q: adding VLAN 0 to HW filter on device bond0
[  884.374138][T17502] 8021q: adding VLAN 0 to HW filter on device team0
[  884.403545][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  884.410775][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  884.464537][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  884.471737][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  884.632533][T17502] 8021q: adding VLAN 0 to HW filter on device batadv0
[  884.757589][T17502] veth0_vlan: entered promiscuous mode
[  884.811792][T17502] veth1_vlan: entered promiscuous mode
[  884.886060][T17502] veth0_macvtap: entered promiscuous mode
[  884.896655][T17502] veth1_macvtap: entered promiscuous mode
[  884.919712][T17502] batman_adv: batadv0: Interface activated: batadv_slave_0
[  884.945654][T17502] batman_adv: batadv0: Interface activated: batadv_slave_1
[  884.973433][ T1163] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  884.992788][ T1163] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  885.028789][ T1163] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  885.050684][ T1163] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  885.260858][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  885.276734][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  885.363780][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  885.387643][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  885.477584][ T8348] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  885.528210][T17637] FAULT_INJECTION: forcing a failure.
[  885.528210][T17637] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  885.604657][T17637] CPU: 0 UID: 0 PID: 17637 Comm: syz.3.3081 Not tainted syzkaller #0 PREEMPT(full) 
[  885.604701][T17637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  885.604724][T17637] Call Trace:
[  885.604740][T17637]  <TASK>
[  885.604756][T17637]  dump_stack_lvl+0x189/0x250
[  885.604807][T17637]  ? __pfx____ratelimit+0x10/0x10
[  885.604847][T17637]  ? __pfx_dump_stack_lvl+0x10/0x10
[  885.604895][T17637]  ? __pfx__printk+0x10/0x10
[  885.604931][T17637]  ? __might_fault+0xb0/0x130
[  885.604993][T17637]  should_fail_ex+0x414/0x560
[  885.605022][T17637]  _copy_from_user+0x2d/0xb0
[  885.605042][T17637]  ___sys_sendmsg+0x158/0x2a0
[  885.605063][T17637]  ? __pfx____sys_sendmsg+0x10/0x10
[  885.605121][T17637]  ? __might_fault+0xb0/0x130
[  885.605148][T17637]  __sys_sendmmsg+0x227/0x430
[  885.605169][T17637]  ? __pfx___sys_sendmmsg+0x10/0x10
[  885.605194][T17637]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  885.605231][T17637]  ? ksys_write+0x22a/0x250
[  885.605256][T17637]  ? __pfx_ksys_write+0x10/0x10
[  885.605283][T17637]  __x64_sys_sendmmsg+0xa0/0xc0
[  885.605305][T17637]  do_syscall_64+0xfa/0xfa0
[  885.605325][T17637]  ? lockdep_hardirqs_on+0x9c/0x150
[  885.605346][T17637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  885.605371][T17637]  ? clear_bhb_loop+0x60/0xb0
[  885.605391][T17637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  885.605408][T17637] RIP: 0033:0x7f3ae118efc9
[  885.605424][T17637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  885.605439][T17637] RSP: 002b:00007f3ae2066038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  885.605459][T17637] RAX: ffffffffffffffda RBX: 00007f3ae13e5fa0 RCX: 00007f3ae118efc9
[  885.605472][T17637] RDX: 0400000000000159 RSI: 0000200000001c00 RDI: 0000000000000003
[  885.605484][T17637] RBP: 00007f3ae2066090 R08: 0000000000000000 R09: 0000000000000000
[  885.605495][T17637] R10: 0000000000040840 R11: 0000000000000246 R12: 0000000000000002
[  885.605505][T17637] R13: 00007f3ae13e6038 R14: 00007f3ae13e5fa0 R15: 00007f3ae150fa28
[  885.605534][T17637]  </TASK>
[  885.944936][ T8348] usb 6-1: unable to get BOS descriptor or descriptor too short
[  885.954643][ T8348] usb 6-1: not running at top speed; connect to a high speed hub
[  885.969216][ T8348] usb 6-1: config 219 has an invalid interface number: 109 but max is 0
[  885.982431][ T8348] usb 6-1: config 219 has no interface number 0
[  885.986902][ T8344] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[  886.006640][ T8348] usb 6-1: config 219 interface 109 has no altsetting 0
[  886.093601][ T8348] usb 6-1: New USB device found, idVendor=15c2, idProduct=0044, bcdDevice=c4.50
[  886.107966][ T8348] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  886.116287][ T8348] usb 6-1: Product: syz
[  886.125146][ T8348] usb 6-1: Manufacturer: syz
[  886.131026][ T8348] usb 6-1: SerialNumber: syz
[  886.172585][ T8344] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  886.182158][ T8344] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  886.207633][ T8344] usb 2-1: config 0 descriptor??
[  886.251466][T17649] syz.4.3083 (17649): drop_caches: 2
[  886.393350][T17650] netlink: 'syz.3.3084': attribute type 21 has an invalid length.
[  886.423847][ T8344] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  887.214631][ T8344] [drm:udl_init] *ERROR* Selecting channel failed
[  887.413214][ T8344] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2
[  887.450137][ T8344] [drm] Initialized udl on minor 2
[  887.462821][ T8344] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  887.492011][ T8344] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  887.521656][T13332] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  887.561029][ T8344] usb 2-1: USB disconnect, device number 124
[  887.590930][T13332] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  887.732138][T17660] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3086'.
[  888.025402][T17662] FAULT_INJECTION: forcing a failure.
[  888.025402][T17662] name failslab, interval 1, probability 0, space 0, times 0
[  888.040631][T17662] CPU: 1 UID: 0 PID: 17662 Comm: syz.0.3088 Not tainted syzkaller #0 PREEMPT(full) 
[  888.040655][T17662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  888.040667][T17662] Call Trace:
[  888.040676][T17662]  <TASK>
[  888.040684][T17662]  dump_stack_lvl+0x189/0x250
[  888.040717][T17662]  ? __pfx____ratelimit+0x10/0x10
[  888.040740][T17662]  ? __pfx_dump_stack_lvl+0x10/0x10
[  888.040762][T17662]  ? __pfx__printk+0x10/0x10
[  888.040795][T17662]  should_fail_ex+0x414/0x560
[  888.040825][T17662]  should_failslab+0xa8/0x100
[  888.040846][T17662]  __kmalloc_cache_noprof+0x6f/0x6f0
[  888.040870][T17662]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  888.040892][T17662]  ? sctp_add_bind_addr+0x8c/0x370
[  888.040920][T17662]  sctp_add_bind_addr+0x8c/0x370
[  888.040947][T17662]  sctp_copy_local_addr_list+0x30b/0x4e0
[  888.040973][T17662]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  888.040994][T17662]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  888.041019][T17662]  ? sctp_v6_is_any+0x64/0x80
[  888.041042][T17662]  ? sctp_copy_one_addr+0x93/0x360
[  888.041063][T17662]  sctp_bind_addr_copy+0xb3/0x3c0
[  888.041081][T17662]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  888.041099][T17662]  sctp_connect_new_asoc+0x2e0/0x690
[  888.041115][T17662]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  888.041128][T17662]  ? __local_bh_enable_ip+0x12d/0x1c0
[  888.041148][T17662]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  888.041162][T17662]  ? security_sctp_bind_connect+0x7e/0x2e0
[  888.041181][T17662]  sctp_sendmsg+0x155c/0x2810
[  888.041204][T17662]  ? __pfx_sctp_sendmsg+0x10/0x10
[  888.041226][T17662]  ? aa_sk_perm+0x81e/0x950
[  888.041248][T17662]  ? __pfx_aa_sk_perm+0x10/0x10
[  888.041267][T17662]  ? sock_rps_record_flow+0x19/0x410
[  888.041289][T17662]  ? inet_sendmsg+0x2f4/0x370
[  888.041311][T17662]  __sock_sendmsg+0x19c/0x270
[  888.041331][T17662]  __sys_sendto+0x3bd/0x520
[  888.041346][T17662]  ? __pfx___sys_sendto+0x10/0x10
[  888.041357][T17662]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  888.041385][T17662]  ? __fget_files+0x3a0/0x420
[  888.041406][T17662]  ? ksys_write+0x22a/0x250
[  888.041426][T17662]  ? __pfx_ksys_write+0x10/0x10
[  888.041446][T17662]  __x64_sys_sendto+0xde/0x100
[  888.041467][T17662]  do_syscall_64+0xfa/0xfa0
[  888.041486][T17662]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  888.041499][T17662]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  888.041515][T17662]  ? clear_bhb_loop+0x60/0xb0
[  888.041532][T17662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  888.041545][T17662] RIP: 0033:0x7f155058efc9
[  888.041558][T17662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  888.041569][T17662] RSP: 002b:00007f15514f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  888.041585][T17662] RAX: ffffffffffffffda RBX: 00007f15507e5fa0 RCX: 00007f155058efc9
[  888.041595][T17662] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[  888.041604][T17662] RBP: 00007f15514f8090 R08: 0000200000000080 R09: 000000000000001c
[  888.041613][T17662] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002
[  888.041621][T17662] R13: 00007f15507e6038 R14: 00007f15507e5fa0 R15: 00007f155090fa28
[  888.041645][T17662]  </TASK>
[  888.846577][ T8348] imon 6-1:219.109: unable to register, err -19
[  888.993946][ T8348] usb 6-1: USB disconnect, device number 13
[  889.002943][T17671] syz.4.3089 (17671): drop_caches: 2
[  889.435244][T17687] syz.0.3092 (17687): drop_caches: 2
[  889.541210][T17669] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3087'.
[  890.082687][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  890.082704][   T30] audit: type=1326 audit(1762136593.725:1722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17676 comm="syz.5.3091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da8b8efc9 code=0x7ffc0000
[  890.120930][   T30] audit: type=1326 audit(1762136593.725:1723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17676 comm="syz.5.3091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da8b8efc9 code=0x7ffc0000
[  890.211358][   T30] audit: type=1326 audit(1762136593.725:1724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17676 comm="syz.5.3091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f8da8b8efc9 code=0x7ffc0000
[  890.249536][   T30] audit: type=1326 audit(1762136593.725:1725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17676 comm="syz.5.3091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da8b8efc9 code=0x7ffc0000
[  890.296667][   T30] audit: type=1326 audit(1762136593.725:1726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17676 comm="syz.5.3091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f8da8b8efc9 code=0x7ffc0000
[  890.707717][   T30] audit: type=1326 audit(1762136593.725:1727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17676 comm="syz.5.3091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da8b8efc9 code=0x7ffc0000
[  890.737759][   T30] audit: type=1326 audit(1762136593.725:1728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17676 comm="syz.5.3091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f8da8b8efc9 code=0x7ffc0000
[  890.761829][   T30] audit: type=1326 audit(1762136593.725:1729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17676 comm="syz.5.3091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da8b8efc9 code=0x7ffc0000
[  890.794184][   T30] audit: type=1326 audit(1762136593.725:1730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17676 comm="syz.5.3091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f8da8b8efc9 code=0x7ffc0000
[  890.821509][T17703] binder: 17695:17703 ioctl 4018620d 0 returned -22
[  890.863905][T17703] syz.1.3096 (17703): drop_caches: 2
[  890.887372][   T30] audit: type=1326 audit(1762136593.725:1731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17676 comm="syz.5.3091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da8b8efc9 code=0x7ffc0000
[  891.753341][T17731] syzkaller1: entered allmulticast mode
[  891.801728][T17731] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3104'.
[  892.292249][T17743] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3107'.
[  892.607596][T13332] usb 6-1: new full-speed USB device number 14 using dummy_hcd
[  892.773451][T13332] usb 6-1: device descriptor read/64, error -71
[  893.207566][T13332] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[  893.317589][T17755] netlink: 'syz.3.3110': attribute type 2 has an invalid length.
[  893.340821][T17755] : entered promiscuous mode
[  893.447470][T13332] usb 6-1: device descriptor read/64, error -71
[  893.585936][T13332] usb usb6-port1: attempt power cycle
[  894.316908][T13332] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  894.348099][T13332] usb 6-1: device descriptor read/8, error -71
[  894.370075][T17773] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3113'.
[  894.379215][T17773] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3113'.
[  896.368758][T17804] erspan0: entered promiscuous mode
[  896.639154][T17813] input: syz1 as /devices/virtual/input/input36
[  896.928528][T17816] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3124'.
[  897.027959][T17819] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3125'.
[  897.086693][T17819] FAULT_INJECTION: forcing a failure.
[  897.086693][T17819] name failslab, interval 1, probability 0, space 0, times 0
[  897.123649][T17819] CPU: 1 UID: 0 PID: 17819 Comm: syz.5.3125 Not tainted syzkaller #0 PREEMPT(full) 
[  897.123675][T17819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  897.123685][T17819] Call Trace:
[  897.123691][T17819]  <TASK>
[  897.123696][T17819]  dump_stack_lvl+0x189/0x250
[  897.123714][T17819]  ? __pfx____ratelimit+0x10/0x10
[  897.123728][T17819]  ? __pfx_dump_stack_lvl+0x10/0x10
[  897.123740][T17819]  ? __pfx__printk+0x10/0x10
[  897.123753][T17819]  ? __pfx___might_resched+0x10/0x10
[  897.123764][T17819]  ? fs_reclaim_acquire+0x7d/0x100
[  897.123782][T17819]  should_fail_ex+0x414/0x560
[  897.123800][T17819]  should_failslab+0xa8/0x100
[  897.123811][T17819]  __kvmalloc_node_noprof+0x158/0x910
[  897.123825][T17819]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[  897.123838][T17819]  ? nf_tables_commit+0xacb/0xa1b0
[  897.123855][T17819]  ? nf_tables_commit+0x7c3/0xa1b0
[  897.123869][T17819]  nf_tables_commit+0xacb/0xa1b0
[  897.123883][T17819]  ? __lock_acquire+0xab9/0xd20
[  897.123905][T17819]  ? __pfx_nf_tables_commit+0x10/0x10
[  897.123914][T17819]  ? do_raw_spin_unlock+0x122/0x240
[  897.123930][T17819]  ? __free_frozen_pages+0x691/0xd30
[  897.123947][T17819]  ? free_large_kmalloc+0x13a/0x1f0
[  897.123963][T17819]  ? nf_tables_newrule+0x23c1/0x28a0
[  897.123982][T17819]  ? __pfx_nf_tables_newrule+0x10/0x10
[  897.124006][T17819]  nfnetlink_rcv+0x1ac9/0x2590
[  897.124037][T17819]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  897.124059][T17819]  ? ref_tracker_free+0x63a/0x7d0
[  897.124083][T17819]  ? __netlink_deliver_tap+0x807/0x850
[  897.124093][T17819]  ? netlink_deliver_tap+0x2e/0x1b0
[  897.124111][T17819]  netlink_unicast+0x82f/0x9e0
[  897.124130][T17819]  ? __pfx_netlink_unicast+0x10/0x10
[  897.124144][T17819]  ? netlink_sendmsg+0x642/0xb30
[  897.124152][T17819]  ? skb_put+0x11b/0x210
[  897.124164][T17819]  netlink_sendmsg+0x805/0xb30
[  897.124179][T17819]  ? __pfx_netlink_sendmsg+0x10/0x10
[  897.124190][T17819]  ? aa_sock_msg_perm+0xf1/0x1d0
[  897.124205][T17819]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  897.124215][T17819]  ? __pfx_netlink_sendmsg+0x10/0x10
[  897.124225][T17819]  __sock_sendmsg+0x21c/0x270
[  897.124241][T17819]  ____sys_sendmsg+0x505/0x830
[  897.124254][T17819]  ? __pfx_____sys_sendmsg+0x10/0x10
[  897.124270][T17819]  ? import_iovec+0x74/0xa0
[  897.124284][T17819]  ___sys_sendmsg+0x21f/0x2a0
[  897.124296][T17819]  ? __pfx____sys_sendmsg+0x10/0x10
[  897.124325][T17819]  ? __fget_files+0x2a/0x420
[  897.124334][T17819]  ? __fget_files+0x3a0/0x420
[  897.124349][T17819]  __x64_sys_sendmsg+0x19b/0x260
[  897.124361][T17819]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  897.124376][T17819]  ? __pfx_ksys_write+0x10/0x10
[  897.124392][T17819]  ? do_syscall_64+0xbe/0xfa0
[  897.124406][T17819]  do_syscall_64+0xfa/0xfa0
[  897.124418][T17819]  ? lockdep_hardirqs_on+0x9c/0x150
[  897.124431][T17819]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.124440][T17819]  ? clear_bhb_loop+0x60/0xb0
[  897.124452][T17819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.124462][T17819] RIP: 0033:0x7f8da8b8efc9
[  897.124472][T17819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  897.124481][T17819] RSP: 002b:00007f8da99ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  897.124493][T17819] RAX: ffffffffffffffda RBX: 00007f8da8de5fa0 RCX: 00007f8da8b8efc9
[  897.124500][T17819] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  897.124506][T17819] RBP: 00007f8da99ce090 R08: 0000000000000000 R09: 0000000000000000
[  897.124513][T17819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  897.124519][T17819] R13: 00007f8da8de6038 R14: 00007f8da8de5fa0 R15: 00007f8da8f0fa28
[  897.124535][T17819]  </TASK>
[  898.138984][T17831] binder: BINDER_SET_CONTEXT_MGR already set
[  898.145077][T17831] binder: 17824:17831 ioctl 4018620d 200000000040 returned -16
[  898.179982][    T9] delete_channel: no stack
[  898.312074][T17831] syz.5.3127 (17831): drop_caches: 2
[  898.419848][T17835] netlink: 'syz.0.3129': attribute type 2 has an invalid length.
[  899.338082][T17852] binder: 17846:17852 ioctl 4018620d 0 returned -22
[  899.360442][T17852] syz.3.3134 (17852): drop_caches: 2
[  899.792422][T17857] netlink: 'syz.4.3135': attribute type 2 has an invalid length.
[  901.352278][T17871] syz.3.3140 (17871): drop_caches: 2
[  901.807293][ T8348] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  902.049569][ T8348] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  902.061677][ T8348] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  902.188178][ T8348] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  902.205310][ T8348] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  902.402478][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  902.413900][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  902.444200][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  902.457933][ T8348] usb 4-1: usb_control_msg returned -32
[  902.464208][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  902.472171][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  902.525720][ T8348] usbtmc 4-1:16.0: can't read capabilities
[  902.552241][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  902.608738][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  902.740235][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  902.952095][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  903.002887][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  903.053617][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  903.278204][T17899] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  903.287778][T17899] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3146'.
[  903.317536][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  903.330939][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  903.349765][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  903.507257][T13332] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  903.543112][   T13] batman_adv: batadv0: Interface deactivated: netdevsim0
[  903.672408][T13332] usb 6-1: Using ep0 maxpacket: 8
[  903.716642][T13332] usb 6-1: unable to get BOS descriptor or descriptor too short
[  903.726255][T13332] usb 6-1: config 4 has an invalid interface number: 147 but max is 0
[  903.734980][T13332] usb 6-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[  903.747510][T13332] usb 6-1: config 4 has no interface number 0
[  903.772520][   T13] batman_adv: batadv0: Removing interface: netdevsim0
[  903.792456][T13332] usb 6-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  903.802625][T13332] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  903.811377][T13332] usb 6-1: Product: syz
[  903.817125][T13332] usb 6-1: Manufacturer: syz
[  903.821911][T13332] usb 6-1: SerialNumber: syz
[  903.823088][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  903.860264][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  903.898024][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  904.312499][T15219] usb 4-1: USB disconnect, device number 9
[  904.543796][T12387] Bluetooth: hci2: command tx timeout
[  904.615303][T13332] uvcvideo 6-1:4.147: Found UVC 0.02 device syz (04f2:b746)
[  904.627403][T13332] uvcvideo 6-1:4.147: No valid video chain found.
[  904.636126][T13332] usb 6-1: USB disconnect, device number 18
[  904.677981][   T30] kauditd_printk_skb: 113 callbacks suppressed
[  904.677998][   T30] audit: type=1326 audit(1762136608.325:1845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae118efc9 code=0x7ffc0000
[  904.872875][   T30] audit: type=1326 audit(1762136608.325:1846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae118efc9 code=0x7ffc0000
[  904.921676][T17888] chnl_net:caif_netlink_parms(): no params data found
[  904.985482][   T30] audit: type=1326 audit(1762136608.355:1847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7f3ae118efc9 code=0x7ffc0000
[  905.025296][   T13] team0: left allmulticast mode
[  905.035203][   T13] team_slave_0: left allmulticast mode
[  905.067440][   T13] team_slave_1: left allmulticast mode
[  905.079407][ T8344] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  905.085602][   T13] bridge0: port 3(team0) entered disabled state
[  905.115870][   T30] audit: type=1326 audit(1762136608.355:1848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae118efc9 code=0x7ffc0000
[  905.187255][   T30] audit: type=1326 audit(1762136608.355:1849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae118efc9 code=0x7ffc0000
[  905.233341][   T13] bridge_slave_1: left allmulticast mode
[  905.288677][T17921] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3152'.
[  905.292345][   T13] bridge_slave_1: left promiscuous mode
[  905.318882][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  905.334040][   T30] audit: type=1326 audit(1762136608.365:1850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f3ae118efc9 code=0x7ffc0000
[  905.364972][ T8344] usb 4-1: config 0 has no interfaces?
[  905.374782][ T8344] usb 4-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  905.421413][   T30] audit: type=1326 audit(1762136608.365:1851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae118efc9 code=0x7ffc0000
[  905.451663][   T13] bridge_slave_0: left allmulticast mode
[  905.456253][ T8344] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  905.479022][ T8344] usb 4-1: config 0 descriptor??
[  905.484992][   T13] bridge_slave_0: left promiscuous mode
[  905.509594][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  905.560795][   T30] audit: type=1326 audit(1762136608.365:1852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae118efc9 code=0x7ffc0000
[  905.644490][T17932] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  905.712010][   T30] audit: type=1326 audit(1762136608.365:1853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3ae118efc9 code=0x7ffc0000
[  905.713121][   T13] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  905.761936][T15219] usb 4-1: USB disconnect, device number 10
[  905.836658][   T13] batman_adv: batadv0: Interface deactivated: ip6gretap2
[  905.872254][   T13] batman_adv: batadv0: Interface deactivated: ip6gretap3
[  905.893835][   T13] batman_adv: batadv0: Interface deactivated: ip6gretap4
[  905.978265][   T30] audit: type=1326 audit(1762136609.625:1854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae118efc9 code=0x7ffc0000
[  906.409013][   T13] batman_adv: batadv0: Removing interface: ip6gretap1
[  906.618903][T17957] FAULT_INJECTION: forcing a failure.
[  906.618903][T17957] name failslab, interval 1, probability 0, space 0, times 0
[  906.638846][T12387] Bluetooth: hci2: command tx timeout
[  906.657095][T17957] CPU: 1 UID: 0 PID: 17957 Comm: syz.4.3157 Not tainted syzkaller #0 PREEMPT(full) 
[  906.657112][T17957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  906.657119][T17957] Call Trace:
[  906.657123][T17957]  <TASK>
[  906.657129][T17957]  dump_stack_lvl+0x189/0x250
[  906.657146][T17957]  ? __pfx____ratelimit+0x10/0x10
[  906.657160][T17957]  ? __pfx_dump_stack_lvl+0x10/0x10
[  906.657172][T17957]  ? __pfx__printk+0x10/0x10
[  906.657185][T17957]  ? __lock_acquire+0xab9/0xd20
[  906.657199][T17957]  should_fail_ex+0x414/0x560
[  906.657217][T17957]  should_failslab+0xa8/0x100
[  906.657229][T17957]  kmem_cache_alloc_noprof+0x74/0x6e0
[  906.657242][T17957]  ? skb_clone+0x212/0x3a0
[  906.657256][T17957]  skb_clone+0x212/0x3a0
[  906.657269][T17957]  __netlink_deliver_tap+0x404/0x850
[  906.657286][T17957]  ? netlink_deliver_tap+0x2e/0x1b0
[  906.657296][T17957]  netlink_deliver_tap+0x19c/0x1b0
[  906.657306][T17957]  netlink_unicast+0x7fa/0x9e0
[  906.657325][T17957]  ? __pfx_netlink_unicast+0x10/0x10
[  906.657339][T17957]  ? netlink_sendmsg+0x642/0xb30
[  906.657347][T17957]  ? skb_put+0x11b/0x210
[  906.657359][T17957]  netlink_sendmsg+0x805/0xb30
[  906.657373][T17957]  ? __pfx_netlink_sendmsg+0x10/0x10
[  906.657385][T17957]  ? aa_sock_msg_perm+0xf1/0x1d0
[  906.657401][T17957]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  906.657411][T17957]  ? __pfx_netlink_sendmsg+0x10/0x10
[  906.657421][T17957]  __sock_sendmsg+0x21c/0x270
[  906.657436][T17957]  ____sys_sendmsg+0x505/0x830
[  906.657451][T17957]  ? __pfx_____sys_sendmsg+0x10/0x10
[  906.657466][T17957]  ? import_iovec+0x74/0xa0
[  906.657481][T17957]  ___sys_sendmsg+0x21f/0x2a0
[  906.657493][T17957]  ? __pfx____sys_sendmsg+0x10/0x10
[  906.657522][T17957]  ? __fget_files+0x2a/0x420
[  906.657531][T17957]  ? __fget_files+0x3a0/0x420
[  906.657546][T17957]  __x64_sys_sendmsg+0x19b/0x260
[  906.657558][T17957]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  906.657573][T17957]  ? __pfx_ksys_write+0x10/0x10
[  906.657588][T17957]  ? do_syscall_64+0xbe/0xfa0
[  906.657603][T17957]  do_syscall_64+0xfa/0xfa0
[  906.657614][T17957]  ? lockdep_hardirqs_on+0x9c/0x150
[  906.657627][T17957]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  906.657637][T17957]  ? clear_bhb_loop+0x60/0xb0
[  906.657649][T17957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  906.657658][T17957] RIP: 0033:0x7fabb058efc9
[  906.657668][T17957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  906.657677][T17957] RSP: 002b:00007fabb1486038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  906.657689][T17957] RAX: ffffffffffffffda RBX: 00007fabb07e5fa0 RCX: 00007fabb058efc9
[  906.657696][T17957] RDX: 0000000020000004 RSI: 0000200000000040 RDI: 0000000000000003
[  906.657703][T17957] RBP: 00007fabb1486090 R08: 0000000000000000 R09: 0000000000000000
[  906.657709][T17957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  906.657716][T17957] R13: 00007fabb07e6038 R14: 00007fabb07e5fa0 R15: 00007fabb090fa28
[  906.657732][T17957]  </TASK>
[  906.666165][   T13] batman_adv: batadv0: Removing interface: ip6gretap2
[  907.407439][ T3437] batman_adv: batadv_iv_ogm_emit: mesh interface switch for queued OGM
[  907.423130][   T13] batman_adv: batadv0: Removing interface: ip6gretap3
[  907.520244][   T13] batman_adv: batadv0: Removing interface: ip6gretap4
[  907.620506][T17966] syz.4.3159 (17966): drop_caches: 2
[  907.731226][T17965] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3160'.
[  907.954555][   T13] bond2 (unregistering): (slave gretap1): Releasing active interface
[  908.024378][   T13] bond1 (unregistering): (slave geneve2): Releasing active interface
[  908.311930][   T13] bond8 (unregistering): (slave bridge2): Releasing backup interface
[  908.321017][   T13] bridge2 (unregistering): left promiscuous mode
[  908.507122][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  908.518381][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  908.528319][   T13] bond0 (unregistering): Released all slaves
[  908.647795][   T13] bond1 (unregistering): Released all slaves
[  908.712559][T12387] Bluetooth: hci2: command tx timeout
[  908.775857][   T13] bond2 (unregistering): Released all slaves
[  908.893620][   T13] bond3 (unregistering): Released all slaves
[  909.016477][   T13] bond4 (unregistering): Released all slaves
[  909.132171][   T13] bond5 (unregistering): Released all slaves
[  909.244159][   T13] bond6 (unregistering): Released all slaves
[  909.360087][   T13] bond7 (unregistering): Released all slaves
[  909.469253][   T13] bond8 (unregistering): Released all slaves
[  909.582804][   T13] bond9 (unregistering): Released all slaves
[  909.695378][   T13] bond10 (unregistering): Released all slaves
[  909.729538][T17921] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3152'.
[  910.042175][   T13] : left promiscuous mode
[  910.101091][   T13] tipc: Left network mode
[  910.109798][T17888] bridge0: port 1(bridge_slave_0) entered blocking state
[  910.127707][T17888] bridge0: port 1(bridge_slave_0) entered disabled state
[  910.259847][T17888] bridge_slave_0: entered allmulticast mode
[  910.268878][T17888] bridge_slave_0: entered promiscuous mode
[  910.311439][T17888] bridge0: port 2(bridge_slave_1) entered blocking state
[  910.470314][T17888] bridge0: port 2(bridge_slave_1) entered disabled state
[  910.479867][T17888] bridge_slave_1: entered allmulticast mode
[  910.488679][T17888] bridge_slave_1: entered promiscuous mode
[  910.838238][T12387] Bluetooth: hci2: command tx timeout
[  911.186104][T17888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  911.296524][T17888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  911.373120][T18018] netlink: 'syz.5.3170': attribute type 2 has an invalid length.
[  911.561567][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  911.561585][   T30] audit: type=1326 audit(1762136615.195:1860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18023 comm="syz.1.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdcb98efc9 code=0x7ffc0000
[  911.921362][   T30] audit: type=1326 audit(1762136615.195:1861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18023 comm="syz.1.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fbdcb98efc9 code=0x7ffc0000
[  912.013133][   T30] audit: type=1326 audit(1762136615.195:1862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18023 comm="syz.1.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdcb98efc9 code=0x7ffc0000
[  912.063129][T18026] fuse: Bad value for 'fd'
[  912.169062][ T8339] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  912.218017][   T30] audit: type=1326 audit(1762136615.195:1863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18023 comm="syz.1.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fbdcb98efc9 code=0x7ffc0000
[  912.359703][ T8339] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  912.369110][ T8339] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  912.410732][   T13] hsr_slave_0: left promiscuous mode
[  912.412512][ T8339] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  912.427732][   T30] audit: type=1326 audit(1762136615.195:1864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18023 comm="syz.1.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdcb98efc9 code=0x7ffc0000
[  912.434090][   T13] hsr_slave_1: left promiscuous mode
[  912.471906][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  912.479529][ T8339] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  912.479562][ T8339] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  912.518810][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  912.528172][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  912.531716][ T8339] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  912.535572][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  912.575683][   T30] audit: type=1326 audit(1762136615.195:1865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18023 comm="syz.1.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdcb98efc9 code=0x7ffc0000
[  912.599163][ T8339] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  912.609738][ T8339] usb 4-1: Product: syz
[  912.613923][ T8339] usb 4-1: Manufacturer: syz
[  912.619664][   T30] audit: type=1326 audit(1762136615.195:1866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18023 comm="syz.1.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fbdcb98efc9 code=0x7ffc0000
[  912.656697][   T30] audit: type=1326 audit(1762136615.195:1867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18023 comm="syz.1.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdcb98efc9 code=0x7ffc0000
[  912.687405][   T13] veth1_macvtap: left promiscuous mode
[  912.694789][   T13] veth0_macvtap: left promiscuous mode
[  912.797281][   T13] veth1_vlan: left promiscuous mode
[  912.802889][   T13] veth0_vlan: left promiscuous mode
[  912.867229][   T30] audit: type=1326 audit(1762136615.195:1868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18023 comm="syz.1.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdcb98efc9 code=0x7ffc0000
[  912.893471][ T8339] cdc_wdm 4-1:1.0: skipping garbage
[  912.947325][   T30] audit: type=1326 audit(1762136615.195:1869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18023 comm="syz.1.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fbdcb98efc9 code=0x7ffc0000
[  912.970013][ T8339] cdc_wdm 4-1:1.0: skipping garbage
[  912.997307][ T8339] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  913.004891][ T8339] cdc_wdm 4-1:1.0: Unknown control protocol
[  913.234703][ T8339] usb 4-1: USB disconnect, device number 11
[  913.871815][   T13] team_slave_1 (unregistering): left promiscuous mode
[  913.879787][   T13] team0 (unregistering): Port device team_slave_1 removed
[  913.948535][   T13] team_slave_0 (unregistering): left promiscuous mode
[  913.966548][   T13] team0 (unregistering): Port device team_slave_0 removed
[  915.129711][T13332] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  915.160096][T17888] team0: Port device team_slave_0 added
[  915.188991][T17888] team0: Port device team_slave_1 added
[  915.399975][T17888] batman_adv: batadv0: Adding interface: batadv_slave_0
[  915.426124][T17888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  915.496736][T17888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  915.547641][T17888] batman_adv: batadv0: Adding interface: batadv_slave_1
[  915.568561][T17888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  915.694868][T17888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  916.482195][T17888] hsr_slave_0: entered promiscuous mode
[  916.600521][T17888] hsr_slave_1: entered promiscuous mode
[  916.630513][T17888] debugfs: 'hsr0' already exists in 'hsr'
[  916.642627][T17888] Cannot create hsr debugfs directory
[  917.137061][  T983] usb 5-1: new full-speed USB device number 96 using dummy_hcd
[  917.391172][  T983] usb 5-1: not running at top speed; connect to a high speed hub
[  917.400460][  T983] usb 5-1: config 1 interface 0 altsetting 2 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  917.432593][  T983] usb 5-1: config 1 interface 0 has no altsetting 0
[  917.456625][  T983] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  917.472047][  T983] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  917.481588][  T983] usb 5-1: Product: syz
[  917.485784][  T983] usb 5-1: Manufacturer: syz
[  917.512782][  T983] usb 5-1: SerialNumber: syz
[  917.553688][T18093] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  917.907904][T13332] usb 4-1: device descriptor read/64, error -71
[  918.152316][T13332] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  918.292039][  T983] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 96 if 0 alt 2 proto 3 vid 0x0525 pid 0xA4A8
[  918.371558][  T983] usb 5-1: USB disconnect, device number 96
[  918.411057][  T983] usblp0: removed
[  919.222802][T18140] FAULT_INJECTION: forcing a failure.
[  919.222802][T18140] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  919.236634][T18140] CPU: 1 UID: 0 PID: 18140 Comm: syz.1.3194 Not tainted syzkaller #0 PREEMPT(full) 
[  919.236658][T18140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  919.236670][T18140] Call Trace:
[  919.236677][T18140]  <TASK>
[  919.236685][T18140]  dump_stack_lvl+0x189/0x250
[  919.236714][T18140]  ? __pfx____ratelimit+0x10/0x10
[  919.236736][T18140]  ? __pfx_dump_stack_lvl+0x10/0x10
[  919.236758][T18140]  ? __pfx__printk+0x10/0x10
[  919.236780][T18140]  ? __might_fault+0xb0/0x130
[  919.236811][T18140]  should_fail_ex+0x414/0x560
[  919.236838][T18140]  _copy_from_user+0x2d/0xb0
[  919.236859][T18140]  ___sys_recvmsg+0x12e/0x510
[  919.236883][T18140]  ? __pfx____sys_recvmsg+0x10/0x10
[  919.236930][T18140]  ? __might_fault+0xb0/0x130
[  919.236956][T18140]  do_recvmmsg+0x307/0x770
[  919.236984][T18140]  ? __pfx_do_recvmmsg+0x10/0x10
[  919.237015][T18140]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  919.237056][T18140]  __x64_sys_recvmmsg+0x190/0x240
[  919.237078][T18140]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  919.237102][T18140]  ? do_syscall_64+0xbe/0xfa0
[  919.237128][T18140]  do_syscall_64+0xfa/0xfa0
[  919.237156][T18140]  ? lockdep_hardirqs_on+0x9c/0x150
[  919.237178][T18140]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  919.237196][T18140]  ? clear_bhb_loop+0x60/0xb0
[  919.237217][T18140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  919.237234][T18140] RIP: 0033:0x7fbdcb98efc9
[  919.237251][T18140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  919.237266][T18140] RSP: 002b:00007fbdc9bb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  919.237286][T18140] RAX: ffffffffffffffda RBX: 00007fbdcbbe6180 RCX: 00007fbdcb98efc9
[  919.237299][T18140] RDX: 0000000000000a0d RSI: 00002000000066c0 RDI: 0000000000000005
[  919.237311][T18140] RBP: 00007fbdc9bb4090 R08: 0000000000000000 R09: 0000000000000000
[  919.237323][T18140] R10: 00000000000000fe R11: 0000000000000246 R12: 0000000000000002
[  919.237334][T18140] R13: 00007fbdcbbe6218 R14: 00007fbdcbbe6180 R15: 00007fbdcbd0fa28
[  919.237364][T18140]  </TASK>
[  919.623085][T17888] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  919.643823][T17888] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  919.731797][T17888] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  919.749565][T17888] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  919.938972][T18154] netlink: 'syz.5.3197': attribute type 1 has an invalid length.
[  920.077795][T18154] 8021q: adding VLAN 0 to HW filter on device bond1
[  920.081504][T18156] binder: 18155:18156 ioctl c0306201 0 returned -14
[  920.138388][T17888] 8021q: adding VLAN 0 to HW filter on device bond0
[  920.176755][T17888] 8021q: adding VLAN 0 to HW filter on device team0
[  920.190754][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  920.190889][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  920.199438][T17645] bridge0: port 2(bridge_slave_1) entered blocking state
[  920.199535][T17645] bridge0: port 2(bridge_slave_1) entered forwarding state
[  920.401212][T17888] 8021q: adding VLAN 0 to HW filter on device batadv0
[  920.510284][T18166] loop2: detected capacity change from 0 to 7
[  920.526735][T18166] Dev loop2: unable to read RDB block 7
[  920.542376][T17888] veth0_vlan: entered promiscuous mode
[  920.554050][T18166]  loop2: unable to read partition table
[  920.554196][T18166] loop2: partition table beyond EOD, truncated
[  920.554223][T18166] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  920.563546][T17888] veth1_vlan: entered promiscuous mode
[  920.691780][T17888] veth0_macvtap: entered promiscuous mode
[  920.716150][T17888] veth1_macvtap: entered promiscuous mode
[  920.787112][T18171] FAULT_INJECTION: forcing a failure.
[  920.787112][T18171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  920.787142][T18171] CPU: 0 UID: 0 PID: 18171 Comm: syz.3.3200 Not tainted syzkaller #0 PREEMPT(full) 
[  920.787162][T18171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  920.787173][T18171] Call Trace:
[  920.787181][T18171]  <TASK>
[  920.787189][T18171]  dump_stack_lvl+0x189/0x250
[  920.787215][T18171]  ? __pfx____ratelimit+0x10/0x10
[  920.787236][T18171]  ? __pfx_dump_stack_lvl+0x10/0x10
[  920.787258][T18171]  ? __pfx__printk+0x10/0x10
[  920.787275][T18171]  ? __might_fault+0xb0/0x130
[  920.787308][T18171]  should_fail_ex+0x414/0x560
[  920.787337][T18171]  _copy_to_iter+0x1de/0x1790
[  920.787370][T18171]  ? __pfx__copy_to_iter+0x10/0x10
[  920.787401][T18171]  __skb_datagram_iter+0x41a/0x990
[  920.787423][T18171]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  920.787452][T18171]  skb_copy_datagram_iter+0xc5/0x230
[  920.787475][T18171]  ip_recv_error+0x140/0xbd0
[  920.787507][T18171]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  920.787539][T18171]  ? __pfx_ip_recv_error+0x10/0x10
[  920.787572][T18171]  udp_recvmsg+0x679/0x1050
[  920.787590][T18171]  ? __pfx___might_resched+0x10/0x10
[  920.787619][T18171]  ? __pfx_udp_recvmsg+0x10/0x10
[  920.787640][T18171]  ? aa_sk_perm+0x81e/0x950
[  920.787666][T18171]  ? __pfx_udp_recvmsg+0x10/0x10
[  920.787683][T18171]  inet_recvmsg+0x202/0x250
[  920.787702][T18171]  ? __pfx_inet_recvmsg+0x10/0x10
[  920.787722][T18171]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  920.787738][T18171]  ? security_socket_recvmsg+0x7e/0x2e0
[  920.787759][T18171]  sock_recvmsg+0x1a8/0x270
[  920.787785][T18171]  __sys_recvfrom+0x1f6/0x340
[  920.787804][T18171]  ? __pfx___sys_recvfrom+0x10/0x10
[  920.787818][T18171]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  920.787853][T18171]  ? __fget_files+0x3a0/0x420
[  920.787880][T18171]  ? ksys_write+0x22a/0x250
[  920.787905][T18171]  ? __pfx_ksys_write+0x10/0x10
[  920.787931][T18171]  __x64_sys_recvfrom+0xde/0x100
[  920.787953][T18171]  do_syscall_64+0xfa/0xfa0
[  920.787974][T18171]  ? lockdep_hardirqs_on+0x9c/0x150
[  920.787995][T18171]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  920.788019][T18171]  ? clear_bhb_loop+0x60/0xb0
[  920.788044][T18171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  920.788060][T18171] RIP: 0033:0x7f3ae118efc9
[  920.788076][T18171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  920.788091][T18171] RSP: 002b:00007f3ae2066038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  920.788110][T18171] RAX: ffffffffffffffda RBX: 00007f3ae13e5fa0 RCX: 00007f3ae118efc9
[  920.788123][T18171] RDX: 0000000000000083 RSI: 0000200000000200 RDI: 0000000000000003
[  920.788135][T18171] RBP: 00007f3ae2066090 R08: 0000000000000000 R09: 0000000000000000
[  920.788146][T18171] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000001
[  920.788157][T18171] R13: 00007f3ae13e6038 R14: 00007f3ae13e5fa0 R15: 00007f3ae150fa28
[  920.788188][T18171]  </TASK>
[  920.831213][T17888] batman_adv: batadv0: Interface activated: batadv_slave_0
[  920.843154][T17888] batman_adv: batadv0: Interface activated: batadv_slave_1
[  920.874020][T17645] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  920.874065][T17645] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  920.874096][T17645] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  920.874126][T17645] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  921.029145][T18178] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  921.031250][T18178] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3203'.
[  921.159399][T17645] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  921.393935][T17645] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  921.702566][T18198] netlink: 'syz.5.3206': attribute type 2 has an invalid length.
[  921.896619][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  921.932781][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  922.102819][T18211] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  922.974056][T18218] syzkaller0: entered promiscuous mode
[  923.504510][T18229] netlink: 'syz.1.3214': attribute type 2 has an invalid length.
[  923.539101][T18229] : entered promiscuous mode
[  924.420397][T18246] binder: BINDER_SET_CONTEXT_MGR already set
[  924.426424][T18246] binder: 18242:18246 ioctl 4018620d 200000004a80 returned -16
[  924.632100][T18226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3138'.
[  925.226941][ T8349] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  925.244628][T18257] netlink: 'syz.5.3219': attribute type 2 has an invalid length.
[  925.368670][T18263] fuse: Invalid gid '000000000000000000004'
[  925.417749][T18265] netlink: 'syz.0.3220': attribute type 1 has an invalid length.
[  925.431483][T18265] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3220'.
[  925.439376][ T8349] usb 5-1: unable to read config index 0 descriptor/start: -61
[  925.448294][ T8349] usb 5-1: can't read configurations, error -61
[  925.746973][ T8349] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[  925.819852][T18272] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3222'.
[  925.939314][ T8349] usb 5-1: unable to read config index 0 descriptor/start: -61
[  925.966866][ T8349] usb 5-1: can't read configurations, error -61
[  925.993668][ T8349] usb usb5-port1: attempt power cycle
[  926.182988][T13332] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[  926.347171][ T8349] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[  926.372609][T13332] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  926.385365][T13332] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  926.409257][ T8349] usb 5-1: unable to read config index 0 descriptor/start: -61
[  926.426899][T13332] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  926.427061][ T8349] usb 5-1: can't read configurations, error -61
[  926.559946][T18282] netlink: 'syz.3.3224': attribute type 1 has an invalid length.
[  926.568451][T18282] netlink: 'syz.3.3224': attribute type 2 has an invalid length.
[  926.576292][T13332] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  926.615391][T18275] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  926.636753][T13332] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  926.827655][ T8349] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  926.835469][T18275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  926.849542][ T8349] usb 5-1: unable to read config index 0 descriptor/start: -61
[  926.857929][ T8349] usb 5-1: can't read configurations, error -61
[  926.877637][T18275] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  926.889890][ T8349] usb usb5-port1: unable to enumerate USB device
[  926.950177][T18275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  927.027271][T18275] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  927.066436][T18275] vxcan1: tx drop: invalid sa for name 0x0000000000000004
[  927.231129][ T8345] usb 2-1: USB disconnect, device number 125
[  927.647177][ T8349] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  927.819218][T18302] netlink: 'syz.5.3227': attribute type 2 has an invalid length.
[  927.837981][ T8349] usb 4-1: Using ep0 maxpacket: 32
[  927.857555][ T8349] usb 4-1: config 0 has an invalid interface number: 38 but max is 0
[  927.867826][ T8349] usb 4-1: config 0 has no interface number 0
[  927.874230][ T8349] usb 4-1: config 0 interface 38 has no altsetting 0
[  927.895654][ T8349] usb 4-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=7f.b3
[  927.914473][ T8349] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  927.975175][ T8349] usb 4-1: Product: syz
[  928.000824][ T8349] usb 4-1: Manufacturer: syz
[  928.027133][ T8349] usb 4-1: SerialNumber: syz
[  928.073212][ T8349] usb 4-1: config 0 descriptor??
[  928.125331][ T8349] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  928.157670][T18319] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3233'.
[  928.571374][T18321] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3229'.
[  928.637308][ T8349] gspca_pac7302: reg_w() failed i: ff v: 01 error -110
[  928.644436][ T8349] gspca_pac7302 4-1:0.38: probe with driver gspca_pac7302 failed with error -110
[  928.754075][T18321] bond1: option coupled_control: mode dependency failed, not supported in mode balance-rr(0)
[  928.929459][T18332] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3234'.
[  929.001579][T18321] bond1 (unregistering): Released all slaves
[  930.592065][T13332] usb 4-1: USB disconnect, device number 14
[  931.037037][T13332] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  931.186922][T13332] usb 6-1: Using ep0 maxpacket: 16
[  931.193499][T13332] usb 6-1: config 0 has an invalid interface number: 105 but max is 0
[  931.202146][T13332] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  931.232668][T13332] usb 6-1: config 0 has no interface number 0
[  931.298737][T13332] usb 6-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  931.340565][T13332] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  931.368476][T13332] usb 6-1: Product: syz
[  931.382963][T13332] usb 6-1: Manufacturer: syz
[  931.401851][T13332] usb 6-1: SerialNumber: syz
[  931.425595][T13332] usb 6-1: config 0 descriptor??
[  931.454246][T13332] uvcvideo 6-1:0.105: probe with driver uvcvideo failed with error -22
[  931.473715][T18383] FAULT_INJECTION: forcing a failure.
[  931.473715][T18383] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  931.774922][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  931.781407][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  931.806958][T18383] CPU: 0 UID: 0 PID: 18383 Comm: syz.0.3242 Not tainted syzkaller #0 PREEMPT(full) 
[  931.806974][T18383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  931.806981][T18383] Call Trace:
[  931.806987][T18383]  <TASK>
[  931.806992][T18383]  dump_stack_lvl+0x189/0x250
[  931.807010][T18383]  ? __pfx____ratelimit+0x10/0x10
[  931.807023][T18383]  ? __pfx_dump_stack_lvl+0x10/0x10
[  931.807036][T18383]  ? __pfx__printk+0x10/0x10
[  931.807046][T18383]  ? __might_fault+0xb0/0x130
[  931.807065][T18383]  should_fail_ex+0x414/0x560
[  931.807083][T18383]  _copy_from_user+0x2d/0xb0
[  931.807096][T18383]  __sys_sendto+0x25c/0x520
[  931.807107][T18383]  ? __pfx___sys_sendto+0x10/0x10
[  931.807115][T18383]  ? count_memcg_event_mm+0x21/0x260
[  931.807140][T18383]  ? exc_page_fault+0x82/0x100
[  931.807155][T18383]  ? do_user_addr_fault+0xc85/0x1380
[  931.807168][T18383]  __x64_sys_sendto+0xde/0x100
[  931.807179][T18383]  do_syscall_64+0xfa/0xfa0
[  931.807191][T18383]  ? lockdep_hardirqs_on+0x9c/0x150
[  931.807209][T18383]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  931.807219][T18383]  ? clear_bhb_loop+0x60/0xb0
[  931.807231][T18383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  931.807241][T18383] RIP: 0033:0x7f5580990e5c
[  931.807252][T18383] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  931.807260][T18383] RSP: 002b:00007f55817cdec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  931.807271][T18383] RAX: ffffffffffffffda RBX: 00007f55817cdfc0 RCX: 00007f5580990e5c
[  931.807278][T18383] RDX: 0000000000000020 RSI: 00007f55817ce010 RDI: 0000000000000006
[  931.807285][T18383] RBP: 0000000000000000 R08: 00007f55817cdf14 R09: 000000000000000c
[  931.807291][T18383] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000006
[  931.807297][T18383] R13: 00007f55817cdf68 R14: 00007f55817ce010 R15: 0000000000000000
[  931.807313][T18383]  </TASK>
[  932.666941][ T8350] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[  932.853643][ T8350] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  932.862930][ T8350] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  932.965201][ T8350] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  932.999481][ T8350] usb 5-1: config 220 has no interface number 2
[  933.006020][ T8350] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  933.021044][ T8350] usb 5-1: config 220 interface 0 has no altsetting 0
[  933.092541][ T8350] usb 5-1: config 220 interface 76 has no altsetting 0
[  933.179729][ T8350] usb 5-1: config 220 interface 1 has no altsetting 0
[  933.200931][ T8350] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  933.212786][ T8350] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  933.221263][ T8350] usb 5-1: Product: syz
[  933.225601][ T8350] usb 5-1: Manufacturer: syz
[  933.230699][ T8350] usb 5-1: SerialNumber: syz
[  933.315437][T18403] netlink: 'syz.3.3246': attribute type 2 has an invalid length.
[  933.339284][T18406] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  933.843571][T13332] usb 6-1: USB disconnect, device number 19
[  935.081880][T18416] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3249'.
[  935.294940][T18418] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3247'.
[  935.493095][ T8350] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  935.502923][ T8350] uvcvideo 5-1:220.0: No valid video chain found.
[  935.509942][ T8350] usb 5-1: selecting invalid altsetting 0
[  935.534072][ T8350] usb 5-1: selecting invalid altsetting 0
[  935.541942][ T8350] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[  935.589455][ T8350] usb 5-1: USB disconnect, device number 101
[  935.860261][ T8349] hid (null): unknown global tag 0xe
[  935.869408][ T8349] hid (null): unknown global tag 0xd
[  935.878199][ T8349] hid-generic 7FFF:0004:0008.0020: unknown global tag 0xe
[  935.888885][ T8349] hid-generic 7FFF:0004:0008.0020: item 0 0 1 14 parsing failed
[  935.911742][ T8349] hid-generic 7FFF:0004:0008.0020: probe with driver hid-generic failed with error -22
[  936.509725][T18432] netlink: 'syz.5.3253': attribute type 2 has an invalid length.
[  936.770088][T18438] syz.0.3255 (18438): drop_caches: 2
[  937.537050][ T8338] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[  937.683005][T18459] netlink: 'syz.3.3259': attribute type 2 has an invalid length.
[  937.726964][ T8338] usb 5-1: Using ep0 maxpacket: 8
[  937.756267][ T8338] usb 5-1: unable to get BOS descriptor or descriptor too short
[  937.775626][ T8338] usb 5-1: config 4 interface 0 has no altsetting 0
[  937.814011][T18464] syzkaller0: entered promiscuous mode
[  937.840693][ T8338] usb 5-1: string descriptor 0 read error: -22
[  937.847197][ T8338] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  937.896667][ T8338] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  937.940080][ T8338] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  937.967778][ T8338] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  938.145054][ T8338] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  938.185338][ T8338] usb 5-1: media controller created
[  938.349654][ T8338] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  938.500258][ T8338] zl10353_read_register: readreg error (reg=127, ret==0)
[  938.660831][ T8338] usb 5-1: USB disconnect, device number 102
[  939.537151][ T8338] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  939.593188][T18487] netlink: 'syz.3.3267': attribute type 2 has an invalid length.
[  939.652437][T18490] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3268'.
[  939.745524][ T8338] usb 5-1: unable to get BOS descriptor or descriptor too short
[  939.762930][ T8338] usb 5-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  939.903461][ T8338] usb 5-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  939.914466][ T8338] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  939.960377][ T8338] usb 5-1: Product: syz
[  939.979885][ T8338] usb 5-1: Manufacturer: syz
[  939.992645][ T8338] usb 5-1: SerialNumber: syz
[  940.671072][ T8350] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  940.836918][ T8350] usb 6-1: Using ep0 maxpacket: 8
[  940.843753][ T8350] usb 6-1: config 0 has an invalid interface number: 29 but max is 0
[  940.858716][ T8350] usb 6-1: config 0 has no interface number 0
[  940.865627][ T8350] usb 6-1: config 0 interface 29 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  940.877537][ T8350] usb 6-1: config 0 interface 29 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  940.889735][ T8350] usb 6-1: config 0 interface 29 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  940.901487][ T8350] usb 6-1: config 0 interface 29 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  940.912059][ T8350] usb 6-1: config 0 interface 29 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  940.922213][ T8350] usb 6-1: config 0 interface 29 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  940.927013][ T8338] usb 5-1: reset high-speed USB device number 103 using dummy_hcd
[  940.932929][ T8350] usb 6-1: config 0 interface 29 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  940.980833][ T8350] usb 6-1: New USB device found, idVendor=03f0, idProduct=0207, bcdDevice= 0.01
[  940.990216][ T8350] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  940.998365][ T8350] usb 6-1: Product: syz
[  941.005975][ T8350] usb 6-1: Manufacturer: syz
[  941.010779][ T8350] usb 6-1: SerialNumber: syz
[  941.019066][ T8350] usb 6-1: config 0 descriptor??
[  941.025062][T18496] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  941.034842][ T8350] ums-usbat 6-1:0.29: USB Mass Storage device detected
[  941.046951][T13332] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  941.130870][ T8338] usb 5-1: unable to get BOS descriptor or descriptor too short
[  941.207493][T13332] usb 4-1: Using ep0 maxpacket: 16
[  941.215049][T13332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  941.226171][T13332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  941.236853][T13332] usb 4-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  941.245961][T13332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  941.263915][T13332] usb 4-1: config 0 descriptor??
[  941.283878][ T8350] ums-usbat 6-1:0.29: probe with driver ums-usbat failed with error -5
[  941.306337][ T8350] usb 6-1: USB disconnect, device number 20
[  941.360381][ T8338] usb 5-1: USB disconnect, device number 103
[  941.997368][ T8338] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[  942.012870][T18507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  942.025324][T18507] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  942.118948][T13332] usbhid 4-1:0.0: can't add hid device: -71
[  942.128374][T18520] netlink: 'syz.5.3277': attribute type 2 has an invalid length.
[  942.147214][T13332] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  942.166545][T13332] usb 4-1: USB disconnect, device number 15
[  942.226944][ T8338] usb 2-1: Using ep0 maxpacket: 8
[  942.234361][ T8338] usb 2-1: unable to get BOS descriptor or descriptor too short
[  942.244725][ T8338] usb 2-1: config 4 interface 0 has no altsetting 0
[  942.254610][ T8338] usb 2-1: string descriptor 0 read error: -22
[  942.261288][ T8338] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  942.276188][ T8338] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  942.330342][ T8338] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  942.352957][ T8338] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  942.375984][ T8338] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  942.403083][ T8338] usb 2-1: media controller created
[  942.564840][ T8338] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  942.591520][ T8338] zl10353_read_register: readreg error (reg=127, ret==0)
[  942.680899][ T8338] usb 2-1: USB disconnect, device number 126
[  942.935597][ T8349] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  942.959258][ T8349] hid-generic 0000:0000:0000.0021: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  943.186906][ T8350] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  943.396905][ T8350] usb 4-1: Using ep0 maxpacket: 16
[  943.427568][ T8350] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  943.429541][ T8338] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[  943.494194][ T8350] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  943.506878][  T983] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  943.536694][ T8350] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  943.546683][ T8350] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  943.558314][ T8350] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  943.574853][ T8350] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  943.587993][ T8350] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  943.596189][ T8350] usb 4-1: Manufacturer: syz
[  943.604729][ T8350] usb 4-1: config 0 descriptor??
[  943.746710][T18549] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3285'.
[  943.829389][  T983] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  943.859399][ T8338] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  943.877924][ T8338] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  943.888307][  T983] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  943.905317][  T983] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  943.945692][T13332] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  943.954336][ T8338] usb 2-1: config 0 descriptor??
[  943.982662][ T8338] gspca_main: spca508-2.14.0 probing 8086:0110
[  943.993233][  T983] usb 5-1: config 0 interface 0 has no altsetting 0
[  944.009422][  T983] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  944.018816][  T983] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  944.036623][  T983] usb 5-1: config 0 interface 0 has no altsetting 0
[  944.063384][  T983] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  944.081059][  T983] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  944.161585][T13332] usb 6-1: config 0 has an invalid interface number: 214 but max is 0
[  944.173607][T13332] usb 6-1: config 0 has no interface number 0
[  944.181347][ T8338] gspca_spca508: reg_read err -32
[  944.189159][ T8338] gspca_spca508: reg_read err -32
[  944.194318][  T983] usb 5-1: config 0 interface 0 has no altsetting 0
[  944.480062][T13332] usb 6-1: config 0 interface 214 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  944.509138][  T983] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  944.509954][ T8350] rc_core: IR keymap rc-hauppauge not found
[  944.528093][  T983] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  944.528113][ T8350] Registered IR keymap rc-empty
[  944.528283][ T8350] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  944.541674][T13332] usb 6-1: config 0 interface 214 has no altsetting 0
[  944.602141][  T983] usb 5-1: config 0 interface 0 has no altsetting 0
[  944.627704][  T983] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  944.638671][ T8350] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  944.737386][  T983] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  944.749097][T13332] usb 6-1: New USB device found, idVendor=07c9, idProduct=000e, bcdDevice=5d.4f
[  944.780278][ T8350] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  944.818898][T13332] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  944.832350][  T983] usb 5-1: config 0 interface 0 has no altsetting 0
[  944.873730][ T8350] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input37
[  944.876486][T13332] usb 6-1: Product: syz
[  944.898347][  T983] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  944.932154][  T983] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  944.932227][ T8350] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  944.968400][T13332] usb 6-1: Manufacturer: syz
[  944.977522][ T8338] gspca_spca508: reg_read err -110
[  944.998309][T13332] usb 6-1: SerialNumber: syz
[  945.030174][ T8350] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  945.031686][ T8338] gspca_spca508: reg_read err -32
[  945.042901][  T983] usb 5-1: config 0 interface 0 has no altsetting 0
[  945.077068][ T8350] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  945.084446][T13332] usb 6-1: config 0 descriptor??
[  945.090709][  T983] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  945.121534][ T8350] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  945.135313][ T8338] gspca_spca508: reg write: error -32
[  945.141606][T18547] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  945.151940][ T8350] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  945.185542][ T8338] spca508 2-1:0.0: probe with driver spca508 failed with error -32
[  945.186962][ T8350] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  945.193778][  T983] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  945.259610][ T8350] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  945.270739][  T983] usb 5-1: config 0 interface 0 has no altsetting 0
[  945.286976][  T983] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  945.299787][ T8350] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  945.314301][  T983] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  945.329139][ T8350] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  945.353574][  T983] usb 5-1: config 0 interface 0 has no altsetting 0
[  945.367351][ T8350] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  945.380312][T13332] ax88179_178a 6-1:0.214: probe with driver ax88179_178a failed with error -71
[  945.399807][  T983] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  945.411769][  T983] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  945.443431][T13332] usb 6-1: USB disconnect, device number 21
[  945.449189][ T8350] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[  945.459265][ T8350] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  945.470088][  T983] usb 5-1: Product: syz
[  945.493559][  T983] usb 5-1: Manufacturer: syz
[  945.504172][  T983] usb 5-1: SerialNumber: syz
[  945.600432][ T8350] usb 4-1: USB disconnect, device number 16
[  945.615524][  T983] usb 5-1: config 0 descriptor??
[  945.645629][  T983] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[  945.892632][    C0] usb 5-1: yurex_control_callback - control failed: -2
[  945.920276][T13332] usb 5-1: USB disconnect, device number 104
[  945.929683][T13332] yurex 5-1:0.0: USB YUREX #0 now disconnected
[  946.263973][T18569] loop2: detected capacity change from 0 to 7
[  946.270888][T18569] Dev loop2: unable to read RDB block 7
[  946.277903][T18569]  loop2: unable to read partition table
[  946.284279][T18569] loop2: partition table beyond EOD, truncated
[  946.330858][T18569] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  946.361179][T13332] usb 2-1: USB disconnect, device number 127
[  946.419067][ T5199] Dev loop2: unable to read RDB block 7
[  946.429536][ T5199]  loop2: unable to read partition table
[  946.436527][ T5199] loop2: partition table beyond EOD, truncated
[  946.666899][ T8350] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  946.857242][ T8350] usb 4-1: Using ep0 maxpacket: 8
[  946.867964][ T8350] usb 4-1: unable to get BOS descriptor or descriptor too short
[  946.877912][ T8350] usb 4-1: config 4 interface 0 has no altsetting 0
[  946.899671][ T8350] usb 4-1: string descriptor 0 read error: -22
[  946.905926][ T8350] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  946.928182][ T8350] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  947.010012][ T8350] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  947.049009][T18587] netlink: 'syz.5.3292': attribute type 2 has an invalid length.
[  947.175441][ T8350] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  947.254307][ T8350] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  947.406119][ T8350] usb 4-1: media controller created
[  947.467780][ T8350] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  948.186260][T18594] netlink: 'syz.0.3293': attribute type 2 has an invalid length.
[  948.271191][T18594] : entered promiscuous mode
[  948.457727][ T8350] zl10353_read_register: readreg error (reg=127, ret==0)
[  949.014483][T18600] netlink: 'syz.4.3294': attribute type 2 has an invalid length.
[  949.151285][T18606] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3295'.
[  949.188394][T18606] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  949.215916][ T8350] usb 4-1: USB disconnect, device number 17
[  951.546977][ T8350] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  951.833249][ T8350] usb 2-1: config 0 has no interfaces?
[  951.861030][ T8350] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  951.879841][ T8350] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  952.042849][ T8350] usb 2-1: Product: syz
[  952.050361][T18661] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3312'.
[  952.053639][ T8350] usb 2-1: Manufacturer: syz
[  952.065163][ T8350] usb 2-1: SerialNumber: syz
[  952.085652][ T8350] usb 2-1: config 0 descriptor??
[  952.191607][T18661] No such timeout policy "syz1"
[  952.200192][T18661] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3312'.
[  952.209267][T18661] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3312'.
[  952.221037][T18661] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3312'.
[  952.238779][T18661] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3312'.
[  952.304992][T18645] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  952.312811][T18645] IPv6: NLM_F_CREATE should be set when creating new route
[  952.546374][T18668] netlink: 'syz.0.3313': attribute type 2 has an invalid length.
[  952.857047][   T43] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  952.940352][T18676] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3314'.
[  952.965683][T18676] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  953.020688][   T43] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  953.032633][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  953.064589][   T43] usb 5-1: config 0 descriptor??
[  953.074518][    T9] usb 2-1: USB disconnect, device number 2
[  953.095761][   T43] gspca_main: cpia1-2.14.0 probing 0813:0001
[  953.299429][   T43] gspca_cpia1: usb_control_msg 05, error -71
[  953.311738][   T43] gspca_cpia1: usb_control_msg 01, error -71
[  953.318245][   T43] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0)
[  953.345286][   T43] usb 5-1: USB disconnect, device number 105
[  953.556882][    T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  953.708894][    T9] usb 2-1: unable to read config index 0 descriptor/start: -61
[  953.730580][    T9] usb 2-1: can't read configurations, error -61
[  953.927042][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  954.089300][    T9] usb 2-1: unable to read config index 0 descriptor/start: -61
[  954.097873][    T9] usb 2-1: can't read configurations, error -61
[  954.104698][    T9] usb usb2-port1: attempt power cycle
[  954.333517][T18700] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3321'.
[  954.538642][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  954.589782][    T9] usb 2-1: unable to read config index 0 descriptor/start: -61
[  954.597630][    T9] usb 2-1: can't read configurations, error -61
[  955.119840][    T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  955.395168][    T9] usb 2-1: unable to read config index 0 descriptor/start: -61
[  955.403797][    T9] usb 2-1: can't read configurations, error -61
[  955.457242][    T9] usb usb2-port1: unable to enumerate USB device
[  955.860036][T18721] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3329'.
[  955.882708][T18721] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  955.894357][T18725] netlink: 'syz.3.3330': attribute type 2 has an invalid length.
[  955.904108][T18721] batman_adv: batadv0: Adding interface: ip6gretap1
[  955.913892][T18721] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  955.943477][T18721] batman_adv: batadv0: Interface activated: ip6gretap1
[  956.099086][T18729] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3332'.
[  956.773664][T18741] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3335'.
[  956.948303][T18741] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2
[  957.485736][T18748] bond1: option lp_interval: invalid value (0)
[  957.524975][T18748] bond1: option lp_interval: allowed values 1 - 2147483647
[  957.612059][T18748] bond1 (unregistering): Released all slaves
[  958.578000][T18784] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3346'.
[  959.129313][T18794] netlink: 'syz.1.3349': attribute type 2 has an invalid length.
[  959.527867][T18800] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3350'.
[  959.791526][T18796] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  960.344889][T18804] openvswitch: netlink: Key 22 has unexpected len 2 expected 4
[  960.454515][T18806] FAULT_INJECTION: forcing a failure.
[  960.454515][T18806] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  960.496988][T18806] CPU: 0 UID: 0 PID: 18806 Comm: syz.5.3351 Not tainted syzkaller #0 PREEMPT(full) 
[  960.497004][T18806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  960.497011][T18806] Call Trace:
[  960.497016][T18806]  <TASK>
[  960.497021][T18806]  dump_stack_lvl+0x189/0x250
[  960.497039][T18806]  ? __pfx____ratelimit+0x10/0x10
[  960.497052][T18806]  ? __pfx_dump_stack_lvl+0x10/0x10
[  960.497064][T18806]  ? __pfx__printk+0x10/0x10
[  960.497075][T18806]  ? __might_fault+0xb0/0x130
[  960.497095][T18806]  should_fail_ex+0x414/0x560
[  960.497113][T18806]  _copy_from_iter+0x1de/0x1790
[  960.497128][T18806]  ? rcu_is_watching+0x15/0xb0
[  960.497142][T18806]  ? kmalloc_reserve+0xbd/0x290
[  960.497152][T18806]  ? __pfx__copy_from_iter+0x10/0x10
[  960.497163][T18806]  ? __build_skb_around+0x262/0x3f0
[  960.497179][T18806]  ? netlink_sendmsg+0x642/0xb30
[  960.497188][T18806]  ? skb_put+0x11b/0x210
[  960.497199][T18806]  netlink_sendmsg+0x6b2/0xb30
[  960.497213][T18806]  ? __pfx_netlink_sendmsg+0x10/0x10
[  960.497225][T18806]  ? aa_sock_msg_perm+0xf1/0x1d0
[  960.497239][T18806]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  960.497249][T18806]  ? __pfx_netlink_sendmsg+0x10/0x10
[  960.497264][T18806]  __sock_sendmsg+0x21c/0x270
[  960.497279][T18806]  ____sys_sendmsg+0x505/0x830
[  960.497293][T18806]  ? __pfx_____sys_sendmsg+0x10/0x10
[  960.497308][T18806]  ? import_iovec+0x74/0xa0
[  960.497322][T18806]  ___sys_sendmsg+0x21f/0x2a0
[  960.497333][T18806]  ? __pfx____sys_sendmsg+0x10/0x10
[  960.497361][T18806]  ? __fget_files+0x2a/0x420
[  960.497371][T18806]  ? __fget_files+0x3a0/0x420
[  960.497385][T18806]  __x64_sys_sendmsg+0x19b/0x260
[  960.497397][T18806]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  960.497412][T18806]  ? __pfx_ksys_write+0x10/0x10
[  960.497427][T18806]  ? do_syscall_64+0xbe/0xfa0
[  960.497442][T18806]  do_syscall_64+0xfa/0xfa0
[  960.497453][T18806]  ? lockdep_hardirqs_on+0x9c/0x150
[  960.497465][T18806]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  960.497475][T18806]  ? clear_bhb_loop+0x60/0xb0
[  960.497487][T18806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  960.497497][T18806] RIP: 0033:0x7f8da8b8efc9
[  960.497506][T18806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  960.497515][T18806] RSP: 002b:00007f8da99ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  960.497527][T18806] RAX: ffffffffffffffda RBX: 00007f8da8de5fa0 RCX: 00007f8da8b8efc9
[  960.497534][T18806] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003
[  960.497541][T18806] RBP: 00007f8da99ce090 R08: 0000000000000000 R09: 0000000000000000
[  960.497547][T18806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  960.497552][T18806] R13: 00007f8da8de6038 R14: 00007f8da8de5fa0 R15: 00007f8da8f0fa28
[  960.497568][T18806]  </TASK>
[  960.780502][    C0] vkms_vblank_simulate: vblank timer overrun
[  961.578362][T18833] FAULT_INJECTION: forcing a failure.
[  961.578362][T18833] name failslab, interval 1, probability 0, space 0, times 0
[  961.599283][T18833] CPU: 1 UID: 0 PID: 18833 Comm: syz.0.3359 Not tainted syzkaller #0 PREEMPT(full) 
[  961.599308][T18833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  961.599319][T18833] Call Trace:
[  961.599327][T18833]  <TASK>
[  961.599335][T18833]  dump_stack_lvl+0x189/0x250
[  961.599363][T18833]  ? __pfx____ratelimit+0x10/0x10
[  961.599385][T18833]  ? __pfx_dump_stack_lvl+0x10/0x10
[  961.599408][T18833]  ? __pfx__printk+0x10/0x10
[  961.599432][T18833]  ? __lock_acquire+0xab9/0xd20
[  961.599454][T18833]  should_fail_ex+0x414/0x560
[  961.599485][T18833]  should_failslab+0xa8/0x100
[  961.599505][T18833]  kmem_cache_alloc_noprof+0x74/0x6e0
[  961.599529][T18833]  ? skb_clone+0x212/0x3a0
[  961.599552][T18833]  skb_clone+0x212/0x3a0
[  961.599572][T18833]  __netlink_deliver_tap+0x404/0x850
[  961.599603][T18833]  ? netlink_deliver_tap+0x2e/0x1b0
[  961.599621][T18833]  netlink_deliver_tap+0x19c/0x1b0
[  961.599640][T18833]  netlink_unicast+0x7fa/0x9e0
[  961.599673][T18833]  ? __pfx_netlink_unicast+0x10/0x10
[  961.599699][T18833]  ? netlink_sendmsg+0x642/0xb30
[  961.599715][T18833]  ? skb_put+0x11b/0x210
[  961.599735][T18833]  netlink_sendmsg+0x805/0xb30
[  961.599763][T18833]  ? __pfx_netlink_sendmsg+0x10/0x10
[  961.599783][T18833]  ? aa_sock_msg_perm+0xf1/0x1d0
[  961.599809][T18833]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  961.599827][T18833]  ? __pfx_netlink_sendmsg+0x10/0x10
[  961.599846][T18833]  __sock_sendmsg+0x21c/0x270
[  961.599872][T18833]  ____sys_sendmsg+0x505/0x830
[  961.599896][T18833]  ? __pfx_____sys_sendmsg+0x10/0x10
[  961.599924][T18833]  ? import_iovec+0x74/0xa0
[  961.599950][T18833]  ___sys_sendmsg+0x21f/0x2a0
[  961.599972][T18833]  ? __pfx____sys_sendmsg+0x10/0x10
[  961.600035][T18833]  ? __fget_files+0x2a/0x420
[  961.600052][T18833]  ? __fget_files+0x3a0/0x420
[  961.600079][T18833]  __x64_sys_sendmsg+0x19b/0x260
[  961.600101][T18833]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  961.600129][T18833]  ? __pfx_ksys_write+0x10/0x10
[  961.600157][T18833]  ? do_syscall_64+0xbe/0xfa0
[  961.600183][T18833]  do_syscall_64+0xfa/0xfa0
[  961.600204][T18833]  ? lockdep_hardirqs_on+0x9c/0x150
[  961.600226][T18833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  961.600244][T18833]  ? clear_bhb_loop+0x60/0xb0
[  961.600263][T18833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  961.600281][T18833] RIP: 0033:0x7f558098efc9
[  961.600297][T18833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  961.600313][T18833] RSP: 002b:00007f55817f0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  961.600331][T18833] RAX: ffffffffffffffda RBX: 00007f5580be5fa0 RCX: 00007f558098efc9
[  961.600342][T18833] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  961.600354][T18833] RBP: 00007f55817f0090 R08: 0000000000000000 R09: 0000000000000000
[  961.600364][T18833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  961.600375][T18833] R13: 00007f5580be6038 R14: 00007f5580be5fa0 R15: 00007f5580d0fa28
[  961.600405][T18833]  </TASK>
[  961.603147][T18833] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3359'.
[  962.178479][T18848] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3361'.
[  962.394068][T18829] netlink: 268 bytes leftover after parsing attributes in process `syz.3.3357'.
[  962.504588][T18846] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap3
[  962.551644][T18846] batman_adv: batadv0: Adding interface: ip6gretap3
[  962.598933][T18846] batman_adv: batadv0: The MTU of interface ip6gretap3 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  962.624569][    C0] vkms_vblank_simulate: vblank timer overrun
[  962.696738][T18846] batman_adv: batadv0: Interface activated: ip6gretap3
[  963.068016][T18863] netlink: 'syz.5.3364': attribute type 2 has an invalid length.
[  965.309515][T18889] netlink: 'syz.5.3372': attribute type 1 has an invalid length.
[  965.368641][T18889] 8021q: adding VLAN 0 to HW filter on device bond2
[  965.407011][T18893] vcan0: tx drop: invalid da for name 0x0000f5ff000000c8
[  965.816865][ T8349] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  965.967605][ T8349] usb 4-1: device descriptor read/64, error -71
[  966.330015][ T8349] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  966.343158][T18919] futex_wake_op: syz.4.3380 tries to shift op by 144; fix this program
[  966.467018][ T8349] usb 4-1: device descriptor read/64, error -71
[  966.577212][ T8349] usb usb4-port1: attempt power cycle
[  966.976860][ T8349] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  967.197325][ T8349] usb 4-1: device descriptor read/8, error -71
[  967.439503][T18926] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3382'.
[  967.467263][ T8349] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  967.523321][ T8349] usb 4-1: device descriptor read/8, error -71
[  967.657745][ T8349] usb usb4-port1: unable to enumerate USB device
[  968.504108][T18949] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3388'.
[  969.392843][T18961] binder: BINDER_SET_CONTEXT_MGR already set
[  969.399138][T18961] binder: 18958:18961 ioctl 4018620d 200000000040 returned -16
[  969.411630][T18961] binder: 18958:18961 ioctl c0306201 200000000240 returned -11
[  969.846933][    T9] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[  970.062139][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  970.074892][    T9] usb 5-1: can't read configurations, error -61
[  970.395093][    T9] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  970.690624][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  970.700922][    T9] usb 5-1: can't read configurations, error -61
[  970.719724][    T9] usb usb5-port1: attempt power cycle
[  971.167169][    T9] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[  971.328082][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  971.335669][    T9] usb 5-1: can't read configurations, error -61
[  971.476903][    T9] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  971.548540][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  971.556362][    T9] usb 5-1: can't read configurations, error -61
[  971.573230][    T9] usb usb5-port1: unable to enumerate USB device
[  971.805071][   T30] kauditd_printk_skb: 41 callbacks suppressed
[  971.805083][   T30] audit: type=1326 audit(1762136675.445:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18984 comm="syz.0.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f558098efc9 code=0x7ffc0000
[  971.893496][   T30] audit: type=1326 audit(1762136675.485:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18984 comm="syz.0.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f558098efc9 code=0x7ffc0000
[  971.966944][   T30] audit: type=1326 audit(1762136675.515:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18984 comm="syz.0.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f558098efc9 code=0x7ffc0000
[  971.992161][   T30] audit: type=1326 audit(1762136675.515:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18984 comm="syz.0.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f558098efc9 code=0x7ffc0000
[  972.018406][   T30] audit: type=1326 audit(1762136675.515:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18984 comm="syz.0.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f558098efc9 code=0x7ffc0000
[  972.044563][   T30] audit: type=1326 audit(1762136675.515:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18984 comm="syz.0.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f558098efc9 code=0x7ffc0000
[  972.067833][ T8350] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  972.084051][   T30] audit: type=1326 audit(1762136675.565:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18984 comm="syz.0.3398" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f558098efc9 code=0x0
[  972.120172][   T30] audit: type=1326 audit(1762136675.565:1918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18984 comm="syz.0.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f558098efc9 code=0x7ffc0000
[  972.143216][   T30] audit: type=1326 audit(1762136675.565:1919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18984 comm="syz.0.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f558098efc9 code=0x7ffc0000
[  972.167289][   T30] audit: type=1326 audit(1762136675.635:1920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18984 comm="syz.0.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f558098efc9 code=0x7ffc0000
[  972.246892][ T8350] usb 6-1: Using ep0 maxpacket: 8
[  972.253861][ T8350] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  972.272452][T18996] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3402'.
[  972.285542][ T8350] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  972.302212][T18996] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3402'.
[  972.311920][ T8350] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  972.323100][T18996] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3402'.
[  972.332892][ T8350] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  972.343620][T18996] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3402'.
[  972.354309][ T8350] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  972.372629][ T8350] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  972.383689][ T8350] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  972.398586][ T8350] usb 6-1: Product: syz
[  972.402778][ T8350] usb 6-1: Manufacturer: syz
[  972.408133][ T8350] usb 6-1: SerialNumber: syz
[  972.437216][ T8350] usb 6-1: config 0 descriptor??
[  972.544874][T19003] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3403'.
[  972.650070][ T8350] radio-si470x 6-1:0.0: si470x_get_report: usb_control_msg returned -32
[  972.674269][ T8350] radio-si470x 6-1:0.0: probe with driver radio-si470x failed with error -5
[  972.767986][ T8350] usb 6-1: USB disconnect, device number 22
[  973.197108][   T43] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  973.366966][   T43] usb 5-1: Using ep0 maxpacket: 8
[  973.421757][   T43] usb 5-1: unable to get BOS descriptor or descriptor too short
[  973.438413][   T43] usb 5-1: config 4 has an invalid interface number: 30 but max is 0
[  973.453189][   T43] usb 5-1: config 4 has no interface number 0
[  973.472828][   T43] usb 5-1: config 4 interface 30 has no altsetting 0
[  973.488172][   T43] usb 5-1: string descriptor 0 read error: -22
[  973.494713][   T43] usb 5-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88
[  973.505329][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  973.530538][   T43] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state.
[  973.605037][   T43] dw2102: su3000_power_ctrl: 1, initialized 0
[  973.620441][   T43] dvb-usb: bulk message failed: -22 (2/0)
[  973.630487][   T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  973.642232][   T43] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2))
[  973.650332][   T43] usb 5-1: media controller created
[  973.656422][   T43] dvb-usb: bulk message failed: -22 (6/0)
[  973.664520][   T43] dw2102: i2c transfer failed.
[  973.675427][   T43] dvb-usb: bulk message failed: -22 (6/0)
[  973.697850][   T43] dw2102: i2c transfer failed.
[  973.710358][   T43] dvb-usb: bulk message failed: -22 (6/0)
[  973.731801][T19012] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3406'.
[  973.746232][   T43] dw2102: i2c transfer failed.
[  973.751273][T19012] dvb-usb: bulk message failed: -22 (3/0)
[  973.757418][T19012] dw2102: i2c transfer failed.
[  973.765850][T19012] dvb-usb: bulk message failed: -22 (4/0)
[  973.772660][T19012] dw2102: i2c transfer failed.
[  973.777959][   T43] dvb-usb: bulk message failed: -22 (6/0)
[  973.925316][   T43] dw2102: i2c transfer failed.
[  973.932526][   T43] dvb-usb: bulk message failed: -22 (6/0)
[  973.943118][   T43] dw2102: i2c transfer failed.
[  973.951434][   T43] dvb-usb: bulk message failed: -22 (6/0)
[  973.959886][   T43] dw2102: i2c transfer failed.
[  973.967088][   T43] dvb-usb: MAC address: 02:02:02:02:02:02
[  974.039962][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  974.077043][   T43] dvb-usb: bulk message failed: -22 (3/0)
[  974.084721][   T43] dw2102: command 0x0e transfer failed.
[  974.099866][   T43] dvb-usb: bulk message failed: -22 (3/0)
[  974.113261][   T43] dw2102: command 0x0e transfer failed.
[  974.447141][   T43] dvb-usb: bulk message failed: -22 (3/0)
[  974.476989][   T43] dw2102: command 0x0e transfer failed.
[  974.495887][   T43] dvb-usb: bulk message failed: -22 (3/0)
[  974.637660][T19006] Bluetooth: hci5: command 0x0406 tx timeout
[  974.660046][   T43] dw2102: command 0x0e transfer failed.
[  974.665641][   T43] dvb-usb: bulk message failed: -22 (1/0)
[  974.671435][   T43] dw2102: command 0x51 transfer failed.
[  974.677028][   T43] dvb-usb: bulk message failed: -22 (5/0)
[  974.682998][   T43] dw2102: i2c probe for address 0x68 failed.
[  974.689058][   T43] dvb-usb: bulk message failed: -22 (5/0)
[  974.700321][   T43] dw2102: i2c probe for address 0x69 failed.
[  974.795494][   T43] dvb-usb: bulk message failed: -22 (5/0)
[  974.838704][   T43] dw2102: i2c probe for address 0x6a failed.
[  974.868817][   T43] dw2102: probing for demodulator failed. Is the external power switched on?
[  975.057003][   T43] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)'
[  975.467074][   T43] rc_core: IR keymap rc-tt-1500 not found
[  975.472841][   T43] Registered IR keymap rc-empty
[  975.509635][   T43] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0
[  975.553495][   T43] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input39
[  975.614429][   T43] dvb-usb: schedule remote query interval to 250 msecs.
[  975.639201][   T43] dw2102: su3000_power_ctrl: 0, initialized 1
[  975.657679][   T43] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected.
[  975.726548][   T43] usb 5-1: USB disconnect, device number 110
[  975.818629][    T9] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  975.875000][   T43] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected.
[  975.978414][    T9] usb 6-1: Using ep0 maxpacket: 16
[  975.986093][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 26232, setting to 64
[  976.000141][    T9] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  976.010987][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  976.021467][    T9] usb 6-1: Product: syz
[  976.025671][    T9] usb 6-1: Manufacturer: syz
[  976.032588][    T9] usb 6-1: SerialNumber: syz
[  976.050522][    T9] usb 6-1: config 0 descriptor??
[  976.094162][    T9] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  976.246897][   T43] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[  976.349899][T19072] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3421'.
[  976.481269][   T43] usb 5-1: unable to read config index 0 descriptor/start: -61
[  976.544070][   T43] usb 5-1: can't read configurations, error -61
[  976.741794][   T43] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[  976.899807][   T43] usb 5-1: unable to read config index 0 descriptor/start: -61
[  976.910559][   T43] usb 5-1: can't read configurations, error -61
[  976.918162][   T43] usb usb5-port1: attempt power cycle
[  977.076289][T13332] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  977.102984][ T1092] usb 6-1: Failed to submit usb control message: -110
[  977.139642][ T1092] usb 6-1: unable to send the bmi data to the device: -110
[  977.140892][T19082] netlink: 'syz.1.3425': attribute type 1 has an invalid length.
[  977.160923][ T1092] usb 6-1: unable to get target info from device
[  977.177480][ T1092] usb 6-1: could not get target info (-110)
[  977.183511][ T1092] usb 6-1: could not probe fw (-110)
[  977.270727][T13332] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  977.301686][T13332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  977.306990][   T43] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[  977.334443][T13332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  977.351019][   T43] usb 5-1: unable to read config index 0 descriptor/start: -61
[  977.359097][   T43] usb 5-1: can't read configurations, error -61
[  977.359987][T13332] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  977.408415][T13332] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  977.419252][T13332] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  977.428039][T13332] usb 4-1: Manufacturer: syz
[  977.442596][T13332] usb 4-1: config 0 descriptor??
[  977.519104][   T43] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[  977.549647][   T43] usb 5-1: unable to read config index 0 descriptor/start: -61
[  977.567147][   T43] usb 5-1: can't read configurations, error -61
[  977.574040][   T43] usb usb5-port1: unable to enumerate USB device
[  977.606057][T19085] [syz.0.] <== rxrpc_preparse_xdr_yfs_rxgk() = -EKEYREJECTED [d9c19884!=bc, 2c,d9c19820]
[  977.727082][T13332] rc_core: IR keymap rc-hauppauge not found
[  977.733180][T13332] Registered IR keymap rc-empty
[  977.739990][T13332] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  977.767015][T13332] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  977.901157][T13332] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  977.930818][T13332] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input40
[  977.971185][T13332] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  978.016991][T13332] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  978.067109][T13332] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  978.097257][T13332] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  978.137057][T13332] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  978.166921][T13332] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  978.206935][T13332] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  978.236921][T13332] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  978.317080][T13332] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  978.355951][T13332] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  978.383695][T13332] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  978.410189][T13332] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  978.594083][T13332] usb 4-1: USB disconnect, device number 22
[  978.786226][T19097] syz.4.3428 (19097): drop_caches: 2
[  978.801474][ T8350] usb 6-1: USB disconnect, device number 23
[  979.057333][ T8349] usb 5-1: new full-speed USB device number 115 using dummy_hcd
[  979.316952][ T8349] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  979.332859][ T8349] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  979.400269][ T8349] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  979.415677][   T43] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  979.593575][ T8349] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  979.638187][   T43] usb 4-1: Using ep0 maxpacket: 16
[  979.835534][   T43] usb 4-1: config 0 has no interfaces?
[  979.844816][   T43] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  979.854891][   T43] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  979.866000][   T43] usb 4-1: Manufacturer: syz
[  979.880747][   T43] usb 4-1: config 0 descriptor??
[  979.934701][ T8349] usb 5-1: usb_control_msg returned -32
[  979.943813][ T8349] usbtmc 5-1:16.0: can't read capabilities
[  980.150096][T19118] FAULT_INJECTION: forcing a failure.
[  980.150096][T19118] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  980.163450][T19118] CPU: 0 UID: 0 PID: 19118 Comm: syz.0.3433 Not tainted syzkaller #0 PREEMPT(full) 
[  980.163474][T19118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  980.163486][T19118] Call Trace:
[  980.163494][T19118]  <TASK>
[  980.163502][T19118]  dump_stack_lvl+0x189/0x250
[  980.163530][T19118]  ? __pfx____ratelimit+0x10/0x10
[  980.163553][T19118]  ? __pfx_dump_stack_lvl+0x10/0x10
[  980.163577][T19118]  ? __pfx__printk+0x10/0x10
[  980.163608][T19118]  should_fail_ex+0x414/0x560
[  980.163643][T19118]  _copy_to_user+0x31/0xb0
[  980.163668][T19118]  simple_read_from_buffer+0xe1/0x170
[  980.163698][T19118]  proc_fail_nth_read+0x1b3/0x220
[  980.163722][T19118]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  980.163744][T19118]  ? rw_verify_area+0x2a6/0x4d0
[  980.163765][T19118]  ? __lock_acquire+0xab9/0xd20
[  980.163780][T19118]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  980.163797][T19118]  vfs_read+0x200/0xa30
[  980.163814][T19118]  ? fdget_pos+0x247/0x320
[  980.163829][T19118]  ? __pfx___mutex_lock+0x10/0x10
[  980.163848][T19118]  ? __pfx_vfs_read+0x10/0x10
[  980.163867][T19118]  ? __fget_files+0x2a/0x420
[  980.163883][T19118]  ? __fget_files+0x3a0/0x420
[  980.163895][T19118]  ? __fget_files+0x2a/0x420
[  980.163913][T19118]  ksys_read+0x145/0x250
[  980.163932][T19118]  ? __pfx_ksys_read+0x10/0x10
[  980.163952][T19118]  ? do_syscall_64+0xbe/0xfa0
[  980.163973][T19118]  do_syscall_64+0xfa/0xfa0
[  980.163988][T19118]  ? lockdep_hardirqs_on+0x9c/0x150
[  980.164005][T19118]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  980.164019][T19118]  ? clear_bhb_loop+0x60/0xb0
[  980.164035][T19118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  980.164049][T19118] RIP: 0033:0x7f558098d9dc
[  980.164062][T19118] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  980.164074][T19118] RSP: 002b:00007f55817ae030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  980.164089][T19118] RAX: ffffffffffffffda RBX: 00007f5580be6180 RCX: 00007f558098d9dc
[  980.164099][T19118] RDX: 000000000000000f RSI: 00007f55817ae0a0 RDI: 0000000000000007
[  980.164109][T19118] RBP: 00007f55817ae090 R08: 0000000000000000 R09: 0000000000000000
[  980.164117][T19118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  980.164126][T19118] R13: 00007f5580be6218 R14: 00007f5580be6180 R15: 00007f5580d0fa28
[  980.164149][T19118]  </TASK>
[  981.169421][T13332] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  981.213784][T13332] hid-generic 0000:0000:0000.0022: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  981.467241][    T9] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[  981.618546][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  981.630987][    T9] usb 6-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  981.643943][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  981.677638][    T9] usb 6-1: Product: syz
[  981.691654][    T9] usb 6-1: Manufacturer: syz
[  981.701681][    T9] usb 6-1: SerialNumber: syz
[  981.727600][    T9] usb 6-1: config 0 descriptor??
[  982.113429][   T43] usb 4-1: USB disconnect, device number 23
[  982.359347][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  982.359364][   T30] audit: type=1800 audit(1762136686.005:1934): pid=19134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3439" name="bus" dev="tmpfs" ino=474 res=0 errno=0
[  982.694407][   T43] usb 5-1: USB disconnect, device number 115
[  983.006987][ T8350] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  983.157031][ T8350] usb 2-1: Using ep0 maxpacket: 16
[  983.164336][ T8350] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  983.178896][   T43] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[  983.192532][ T8350] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  983.219237][ T8350] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 0
[  983.229743][ T8350] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  983.247098][ T8350] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  983.264593][ T8350] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  983.274429][ T8350] usb 2-1: Product: syz
[  983.279226][ T8350] usb 2-1: Manufacturer: syz
[  983.284138][ T8350] usb 2-1: SerialNumber: syz
[  983.295579][ T8350] usb 2-1: config 0 descriptor??
[  983.314792][ T8350] port100 2-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  983.324750][   T43] usb 5-1: device descriptor read/64, error -71
[  983.567236][   T43] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[  984.229833][T19141] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  984.302171][    T9] usb 6-1: USB disconnect, device number 24
[  984.414197][   T43] usb 5-1: device descriptor read/64, error -71
[  984.628404][   T43] usb usb5-port1: attempt power cycle
[  985.051230][   T43] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[  985.195803][   T43] usb 5-1: device descriptor read/8, error -71
[  985.734648][   T43] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[  985.805596][   T43] usb 5-1: device descriptor read/8, error -71
[  985.886622][T19148] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3440'.
[  985.957318][T19149] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3443'.
[  986.889925][   T43] usb usb5-port1: unable to enumerate USB device
[  989.989950][T19006] Bluetooth: hci0: command 0x0419 tx timeout
[  990.564109][   T43] usb 2-1: USB disconnect, device number 7
[  993.697177][    C0] wlan0: beacon TX faster than countdown (channel/color switch) completion
[  994.368585][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  994.374950][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1002.138014][T19006] Bluetooth: hci3: command 0x0406 tx timeout
[ 1006.892479][    C0] sched: DL replenish lagged too much
[ 1032.288065][T12387] Bluetooth: hci2: command 0x0406 tx timeout
[ 1137.766749][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1137.773741][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5493/1:b..l
[ 1137.782221][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=119749, q=422 ncpus=2)
[ 1137.790044][    C1] task:dhcpcd          state:R  running task     stack:24648 pid:5493  tgid:5493  ppid:1      task_flags:0x400140 flags:0x00080001
[ 1137.804893][    C1] Call Trace:
[ 1137.808195][    C1]  <TASK>
[ 1137.811131][    C1]  __schedule+0x1798/0x4cc0
[ 1137.815669][    C1]  ? unwind_next_frame+0x19ae/0x2390
[ 1137.820966][    C1]  ? __pfx___schedule+0x10/0x10
[ 1137.825836][    C1]  ? sock_write_iter+0x279/0x360
[ 1137.830786][    C1]  ? do_iter_readv_writev+0x623/0x8c0
[ 1137.836179][    C1]  ? preempt_schedule_irq+0xaa/0x150
[ 1137.841476][    C1]  preempt_schedule_irq+0xb5/0x150
[ 1137.846600][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1137.852337][    C1]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[ 1137.858152][    C1]  irqentry_exit+0x6f/0x90
[ 1137.862574][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1137.868560][    C1] RIP: 0010:lock_acquire+0x175/0x360
[ 1137.873852][    C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 ab dc d0 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[ 1137.893467][    C1] RSP: 0018:ffffc900034b7148 EFLAGS: 00000206
[ 1137.899551][    C1] RAX: 561b6eb4a9f07f00 RBX: 0000000000000000 RCX: 561b6eb4a9f07f00
[ 1137.907541][    C1] RDX: 0000000000000000 RSI: ffffffff8d8f3eb0 RDI: ffffffff8bbf0760
[ 1137.915518][    C1] RBP: ffffffff8230cd6a R08: 0000000000000000 R09: ffffffff8230cd6a
[ 1137.923494][    C1] R10: dffffc0000000000 R11: ffffed100a04a474 R12: 0000000000000002
[ 1137.931478][    C1] R13: ffffffff8df3d620 R14: 0000000000000000 R15: 0000000000000246
[ 1137.939465][    C1]  ? __page_table_check_zero+0xba/0x530
[ 1137.945037][    C1]  ? __page_table_check_zero+0xba/0x530
[ 1137.950615][    C1]  ? __page_table_check_zero+0xba/0x530
[ 1137.956174][    C1]  __page_table_check_zero+0xd7/0x530
[ 1137.961561][    C1]  ? __page_table_check_zero+0xba/0x530
[ 1137.967120][    C1]  ? __reset_page_owner+0x148/0x1f0
[ 1137.972331][    C1]  __free_frozen_pages+0xbd7/0xd30
[ 1137.977467][    C1]  __put_partials+0x146/0x170
[ 1137.982159][    C1]  put_cpu_partial+0x1f2/0x2e0
[ 1137.986944][    C1]  __slab_free+0x2b9/0x390
[ 1137.991381][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1137.997716][    C1]  ? __phys_addr+0xd3/0x180
[ 1138.002233][    C1]  qlist_free_all+0x97/0x140
[ 1138.006835][    C1]  kasan_quarantine_reduce+0x148/0x160
[ 1138.012307][    C1]  __kasan_kmalloc+0x22/0xb0
[ 1138.016910][    C1]  __kmalloc_node_track_caller_noprof+0x568/0x800
[ 1138.023349][    C1]  ? __alloc_skb+0x142/0x2d0
[ 1138.027942][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1138.032722][    C1]  ? __alloc_skb+0x142/0x2d0
[ 1138.037324][    C1]  kmalloc_reserve+0x136/0x290
[ 1138.042183][    C1]  __alloc_skb+0x142/0x2d0
[ 1138.046605][    C1]  alloc_skb_with_frags+0xca/0x890
[ 1138.051724][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1138.056596][    C1]  sock_alloc_send_pskb+0x84d/0x980
[ 1138.061823][    C1]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1138.067557][    C1]  ? is_bpf_text_address+0x26/0x2b0
[ 1138.072767][    C1]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[ 1138.078935][    C1]  unix_dgram_sendmsg+0x461/0x1850
[ 1138.084058][    C1]  ? __kernel_text_address+0xd/0x40
[ 1138.089272][    C1]  ? arch_stack_walk+0xfc/0x150
[ 1138.094135][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1138.099000][    C1]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[ 1138.104555][    C1]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[ 1138.111003][    C1]  ? unix_seqpacket_sendmsg+0x111/0x1e0
[ 1138.116558][    C1]  ? __pfx_unix_seqpacket_sendmsg+0x10/0x10
[ 1138.122463][    C1]  __sock_sendmsg+0x21c/0x270
[ 1138.127154][    C1]  sock_write_iter+0x279/0x360
[ 1138.131935][    C1]  ? __pfx_sock_write_iter+0x10/0x10
[ 1138.137250][    C1]  do_iter_readv_writev+0x623/0x8c0
[ 1138.142466][    C1]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1138.148198][    C1]  ? common_file_perm+0x1b5/0x230
[ 1138.153238][    C1]  ? bpf_lsm_file_permission+0x9/0x20
[ 1138.158614][    C1]  ? security_file_permission+0x75/0x290
[ 1138.164253][    C1]  ? rw_verify_area+0x255/0x4d0
[ 1138.169118][    C1]  vfs_writev+0x31a/0x960
[ 1138.173464][    C1]  ? __pfx_vfs_writev+0x10/0x10
[ 1138.178352][    C1]  do_writev+0x14d/0x2d0
[ 1138.182601][    C1]  ? __pfx_do_writev+0x10/0x10
[ 1138.187367][    C1]  ? __secure_computing+0xe2/0x2a0
[ 1138.192493][    C1]  do_syscall_64+0xfa/0xfa0
[ 1138.197047][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1138.203133][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1138.209295][    C1]  ? clear_bhb_loop+0x60/0xb0
[ 1138.213985][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1138.219884][    C1] RIP: 0033:0x7fa16a982407
[ 1138.224398][    C1] RSP: 002b:00007fffbc16c090 EFLAGS: 00000202 ORIG_RAX: 0000000000000014
[ 1138.232819][    C1] RAX: ffffffffffffffda RBX: 00007fa16a8f8740 RCX: 00007fa16a982407
[ 1138.240795][    C1] RDX: 0000000000000005 RSI: 00007fffbc16c0f0 RDI: 000000000000000a
[ 1138.248776][    C1] RBP: 000056400eb63070 R08: 0000000000000000 R09: 0000000000000000
[ 1138.256753][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 000056400eb63070
[ 1138.264731][    C1] R13: 000000000000012c R14: 00000000ffffffff R15: 0000000000000000
[ 1138.272813][    C1]  </TASK>
[ 1138.275839][    C1] rcu: rcu_preempt kthread starved for 10527 jiffies! g119749 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1138.287134][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1138.297114][    C1] rcu: RCU grace-period kthread stack dump:
[ 1138.303008][    C1] task:rcu_preempt     state:R  running task     stack:27224 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[ 1138.316505][    C1] Call Trace:
[ 1138.319795][    C1]  <TASK>
[ 1138.322733][    C1]  __schedule+0x1798/0x4cc0
[ 1138.327272][    C1]  ? __pfx___schedule+0x10/0x10
[ 1138.332143][    C1]  ? schedule+0x91/0x360
[ 1138.336396][    C1]  schedule+0x165/0x360
[ 1138.340563][    C1]  schedule_timeout+0x12b/0x270
[ 1138.345419][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1138.350794][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1138.356692][    C1]  ? __pfx_process_timeout+0x10/0x10
[ 1138.361988][    C1]  ? prepare_to_swait_event+0x341/0x380
[ 1138.367547][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[ 1138.372422][    C1]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[ 1138.378587][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1138.383880][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1138.389099][    C1]  ? finish_swait+0xcd/0x1f0
[ 1138.393705][    C1]  rcu_gp_kthread+0x99/0x390
[ 1138.398313][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1138.403516][    C1]  ? __kthread_parkme+0x7b/0x200
[ 1138.408466][    C1]  ? __kthread_parkme+0x1a1/0x200
[ 1138.413507][    C1]  kthread+0x711/0x8a0
[ 1138.417586][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1138.422788][    C1]  ? __pfx_kthread+0x10/0x10
[ 1138.427393][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1138.432597][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1138.437801][    C1]  ? __pfx_kthread+0x10/0x10
[ 1138.442404][    C1]  ret_from_fork+0x4bc/0x870
[ 1138.447004][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1138.452125][    C1]  ? __switch_to_asm+0x39/0x70
[ 1138.456892][    C1]  ? __switch_to_asm+0x33/0x70
[ 1138.461657][    C1]  ? __pfx_kthread+0x10/0x10
[ 1138.466258][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1138.471035][    C1]  </TASK>
[ 1138.474053][    C1] rcu: Stack dump where RCU GP kthread last ran:
[ 1138.480559][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[ 1138.489513][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1138.499577][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1138.505314][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 f1 21 00 f3 0f 1e fa fb f4 <e9> c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1138.524935][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[ 1138.531017][    C1] RAX: 8aaac58e3d106d00 RBX: ffffffff81967bf7 RCX: 8aaac58e3d106d00
[ 1138.538997][    C1] RDX: 0000000000000001 RSI: ffffffff8d70d450 RDI: ffffffff8bbf0760
[ 1138.546974][    C1] RBP: ffffc90000197f10 R08: ffff8880b8932fdb R09: 1ffff110171265fb
[ 1138.554950][    C1] R10: dffffc0000000000 R11: ffffed10171265fc R12: ffffffff8f7cdc70
[ 1138.562924][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff1100395cb58
[ 1138.570905][    C1] FS:  0000000000000000(0000) GS:ffff88812623d000(0000) knlGS:0000000000000000
[ 1138.579841][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1138.586434][    C1] CR2: 0000200000404030 CR3: 000000004ee42000 CR4: 00000000003526f0
[ 1138.594412][    C1] Call Trace:
[ 1138.597697][    C1]  <TASK>
[ 1138.600626][    C1]  default_idle+0x13/0x20
[ 1138.604963][    C1]  default_idle_call+0x73/0xb0
[ 1138.609738][    C1]  do_idle+0x1e7/0x510
[ 1138.613812][    C1]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1138.619971][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1138.625186][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1138.629789][    C1]  ? do_idle+0x4ed/0x510
[ 1138.634042][    C1]  cpu_startup_entry+0x44/0x60
[ 1138.638811][    C1]  start_secondary+0x101/0x110
[ 1138.643580][    C1]  common_startup_64+0x13e/0x147
[ 1138.648547][    C1]  </TASK>
[ 1139.657820][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1139.664138][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1139.679722][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1139.686395][ T1301] ieee802154 phy1 wpan1: encryption failed: -22