last executing test programs:

17m14.017795869s ago: executing program 0 (id=65):
socket(0x10, 0x3, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
syz_io_uring_setup(0x34b7, 0x0, &(0x7f00000001c0), &(0x7f0000000500))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @empty}, 0x1c)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000100)=0x80000001, 0x4)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r2, 0x1)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000380)={0x1d, r4, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)

17m10.87732517s ago: executing program 0 (id=71):
unshare(0x18010480)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0x3, 0x0, 0xffffffff, 0x2})
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r3, 0x0)
accept(r3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)={0x6c, 0xb, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x44, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP2={0x18, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @dev={0xfe, 0x80, '\x00', 0x1f}}}, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private1}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e24}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x11}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x48}, 0x4800)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r6}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, 0x0, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f00000008c0)={0x5, 0x8, [0x8, 0x4, 0x3, 0x2], &(0x7f0000000880)=[0x0]})
r7 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793b10d10501200008000000010902120001000000000904"], 0x0)
syz_usb_control_io(r7, &(0x7f0000000300)={0x2c, &(0x7f0000000000)={0x0, 0x22, 0x83, {0x83, 0xf, "5138ce132e17dd4b3d5decc7741f263ec44f41fe28d36617faef925489e8bc4515fceec108f9f7dfc0aeaa3bed47c8802d47ce066bf2b6596005bf29fe8835049569c02d1891e1ad88180b305ab15a95fbdbb43df5714d7a00b11b63c50df7f112217c3189deb8e46671534c9327f1f179a7a0d89526df819df21b58df1fbd8b27"}}, &(0x7f00000000c0)={0x0, 0x3, 0xcf, @string={0xcf, 0x3, "48a88ed65931494c9326b88f6ede2e360bf5294e38bf3c273b843ad8d263b56bc079e03fdebe5c7093bdc9c16754ac8fcc9c83664777733910c28f601c2895618aa60fd79e09a9d2611b6d2eddf19d88a9e313eaa342f695d2dcad0c715c576689d584e10053b99c7bfcfbc53af22c481f6f4b49ff6afca16fb6d6e38fa10a64ec6da49e87333730aa62ad54ebe32fc6ad9389c45f0bdf532caa60ac63c45bc5c6a5946c38d0a2cea1a1305cdac47b8eee734344b8ff703efe66af5ad08fb7a95af7ccc89a7bc2cde14b209eca"}}, &(0x7f00000001c0)={0x0, 0xf, 0x81, {0x5, 0xf, 0x81, 0x3, [@ptm_cap={0x3}, @generic={0x76, 0x10, 0x1, "c2ea614973ea822394273fe25c38180ab9ae68214be72a13ea75c84704bc2f8ba63eba32be3e3bcba1959ae104989712b047fb7c068a14f4f510c0f1c3ca289f7ad9a510ec907025682d5fabef1ac3c22066e3aebfeb5f82bf269e061c7d090d600af3429aa54b418d51365b98fbbfb07471e3"}, @ptm_cap={0x3}]}}, &(0x7f0000000280)={0x20, 0x29, 0xf, {0xf, 0x29, 0x5, 0x18, 0x2, 0x38, "ebc700a2", "051c6bc0"}}, &(0x7f00000002c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x81, 0x4, 0x8, 0x1d, 0x60, 0x7ff, 0x8}}}, &(0x7f00000007c0)={0x84, &(0x7f0000000340)={0x40, 0x0, 0xa5, "39c2e2f1db465892def2a871f48ccb1df76f41bbf7165f2185c23665278649b8ac6b0d18bc949f1dd275c1596309f7455003cb461d964a063384eeb1f98cf6751a4aabc6310123b08639a3479cbee83a8e16d137e520d550ceaa57e353e121f3ab247383f203f80bd48589392930f224029b590b0320cc1746b0bba91e1bf5a27d29cb221d7b823476b45a4ee101bd9f68de7a0eb527bbb433885fdf48ca17672698f152af"}, &(0x7f0000000400)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x1}}, &(0x7f00000004c0)={0x20, 0x0, 0x4, {0x800, 0x4}}, &(0x7f0000000500)={0x40, 0x7, 0x2, 0x54e}, &(0x7f0000000540)={0x40, 0x9, 0x1}, &(0x7f0000000580)={0x40, 0xb, 0x2, "b250"}, &(0x7f00000005c0)={0x40, 0xf, 0x2, 0x2}, &(0x7f0000000600)={0x40, 0x13, 0x6, @remote}, &(0x7f0000000640)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000000680)={0x40, 0x19, 0x2, "2cae"}, &(0x7f00000006c0)={0x40, 0x1a, 0x2, 0x754}, &(0x7f0000000700)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000740)={0x40, 0x1e, 0x1, 0x8}, &(0x7f0000000780)={0x40, 0x21, 0x1, 0x9}})

17m9.084294996s ago: executing program 0 (id=75):
syz_emit_ethernet(0x36, &(0x7f0000001b00)={@broadcast, @empty, @void, {@ipv6={0x86dd, @generic={0x9, 0x6, '9J\t', 0x0, 0x32, 0x1, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @mcast2}}}}, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = open(0x0, 0x60840, 0x1d2)
getsockname$inet(r3, 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010000100ab5a0000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4024}, 0x4000010)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff2"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
syz_emit_ethernet(0x5e, &(0x7f0000001580)=ANY=[@ANYBLOB="e33110495bfdaaaaaaaaaa0086dd60cb653e00283afffc000000000000000000000000000001ff020000000000000000000000000001890090780000000020010000000000000000000000000000fc010000000000000000000000000000ef8436479f638687d7acc59505e3c631a72a064582e8ee8f1c7f74796cfb7e9b6dafbc5b892bd190e4bcc8df67163308abbf965816e64845031abaefd5e8e7eaf2a6ab3e9c040024d91083a30c3e2566b94c17bec53c50051926b5fefe319c458911bd38ba20a405f09dce66811126ea"], 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r4}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x4f}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001500)={r3, 0x20, &(0x7f0000000280)={&(0x7f0000000440)=""/172, 0xac, <r5=>0x0, &(0x7f0000000500)=""/4096, 0x1000}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001540)=r5, 0x4)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x2, 0x1, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x33, 0x20, 0x0, @in6={0xa, 0x0, 0x0, @private2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}}, @sadb_x_sa2={0x2, 0x13, 0x3, 0x0, 0x0, 0x0, 0x3507}]}, 0x70}, 0x1, 0x7}, 0x0)

17m7.123260789s ago: executing program 0 (id=77):
socket(0x10, 0x3, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
syz_io_uring_setup(0x34b7, 0x0, &(0x7f00000001c0), &(0x7f0000000500))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @empty}, 0x1c)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000100)=0x80000001, 0x4)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r2, 0x1)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000380)={0x1d, r4, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmmsg$sock(r3, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="1f", 0x206c}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0)
write$tcp_mem(r5, &(0x7f00000000c0)={0x7, 0x2d, 0xfffffffffffffffc, 0x3a, 0x0, 0x2c}, 0x48)
ppoll(&(0x7f00000000c0)=[{r3, 0xc820}], 0x1, 0x0, 0x0, 0x0)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r6, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
socket$inet6_udp(0xa, 0x2, 0x0)

17m3.925304937s ago: executing program 0 (id=85):
socket(0x10, 0x3, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
syz_io_uring_setup(0x34b7, 0x0, &(0x7f00000001c0), &(0x7f0000000500))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @empty}, 0x1c)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000100)=0x80000001, 0x4)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r2, 0x1)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000380)={0x1d, r4, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)

17m0.16343671s ago: executing program 0 (id=90):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000020303"], 0x1c}}, 0x0)
r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
io_setup(0x1, &(0x7f0000000b80)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
open(&(0x7f0000000200)='./file0\x00', 0x2, 0x0)

16m42.497737571s ago: executing program 32 (id=90):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000020303"], 0x1c}}, 0x0)
r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
io_setup(0x1, &(0x7f0000000b80)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
open(&(0x7f0000000200)='./file0\x00', 0x2, 0x0)

15m44.430910474s ago: executing program 3 (id=231):
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x84, r1, 0x71a, 0x70bd27, 0x5, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8}}]}, 0x84}, 0x1, 0x0, 0x0, 0x8001}, 0x4041)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x70, r2, 0x8, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x1ff, 0x53}}}}, [@NL80211_ATTR_4ADDR={0x5}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}], @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}]]}, 0x70}, 0x1, 0x0, 0x0, 0x4040001}, 0x8815)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x20, r2, 0x110, 0x70bd2a, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x7fff, 0xf}}}}, ["", "", "", ""]}, 0x20}}, 0x4000)
pwrite64(r0, &(0x7f00000004c0)="cf2804675945cd9ade15570d17b6a5cb15e242241d26dfbe9faddaacc6dc3b837e78b96fc5c2651a4ea2c5594db741a9a431768a39cfaa6399cfba0786f2529dec92fc11ba88b5a043d9df64a49eaa45370b211b2c4a567d24e741474717", 0x5e, 0x3)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000540)={r0, <r5=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x20, &(0x7f0000000580)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @generic={0x5, 0x4, 0x5, 0x4, 0x573a}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x3}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000680)='GPL\x00', 0x2, 0x34, &(0x7f00000006c0)=""/52, 0x41100, 0x5, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000700)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x2, 0x4, 0x5, 0x80000001}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000780)=[r0, r0], &(0x7f00000007c0)=[{0x2, 0x2, 0x10, 0x9}], 0x10, 0x5}, 0x94)
setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f00000008c0), 0x4)
syz_usb_connect$cdc_ncm(0x0, 0xf3, &(0x7f0000007500)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe1, 0x2, 0x1, 0x10, 0x80, 0x83, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, 'I'}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x8, 0x4, 0xf8}, {0x6, 0x24, 0x1a, 0x0, 0x4}, [@country_functional={0xc, 0x24, 0x7, 0xee, 0x1, [0x8001, 0x1, 0xe32]}, @mdlm_detail={0x3a, 0x24, 0x13, 0x6, "2caaecaef0f89b20ae6f488658634e69e90d7ef6c5ef9ee3375b69aced801144863d4736aa12451e9c7395afae910ad9ade9dbfd8f7c"}, @network_terminal={0x7, 0x24, 0xa, 0x6, 0x6, 0x5, 0x7}, @country_functional={0x10, 0x24, 0x7, 0x4, 0x3, [0xfffd, 0x4, 0x9, 0xf801, 0xa18]}, @country_functional={0x12, 0x24, 0x7, 0x3, 0x400, [0xf, 0x9, 0x4, 0x4, 0x9, 0x0]}, @mdlm={0x15, 0x24, 0x12, 0x8}]}, {{0x9, 0x5, 0x81, 0x3, 0x0, 0x9, 0x1, 0x6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0xe, 0x7, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0xb7, 0x4, 0x9}}}}}}}]}}, &(0x7f0000007900)={0xa, &(0x7f0000007600)={0xa, 0x6, 0x200, 0x10, 0x0, 0x7f, 0x97, 0x9}, 0x4e, &(0x7f0000007640)={0x5, 0xf, 0x4e, 0x5, [@ptm_cap={0x3}, @ssp_cap={0x20, 0x10, 0xa, 0xcb, 0x5, 0x8000, 0xf0f, 0xfffc, [0xc000, 0xffff00, 0xffc000, 0xff0000, 0xc00f]}, @wireless={0xb, 0x10, 0x1, 0x2, 0x20, 0x8a, 0x4, 0xb37, 0x4}, @ssp_cap={0x10, 0x10, 0xa, 0x7, 0x1, 0x40, 0xf000, 0x3, [0x1fe0000]}, @wireless={0xb, 0x10, 0x1, 0x2, 0x22, 0x3, 0x6, 0xc, 0x7}]}, 0x3, [{0xb7, &(0x7f00000076c0)=@string={0xb7, 0x3, "f73afd862195e887d9ff80d2be06babb3b46a69277644f5d4b3de976f9abb13b5187bd0253f76d177858678348d706b61c4efb6270f09d0d0634e64873fac794a96db6bcb1e635b6cd0f48941bc28bba94531c8a1238eb5c6fce59ad5f148be909551ddd5a127faaf4a6637282c1bd7cc13433008843875024a115b23f20d5149531498331069e63caf09e61cf439a9d9d2e66de66b228a47d8e5ac0adf16d9716dc130320b5de5a31b6f9e1dd4a6d93c8e790b5da"}}, {0x4b, &(0x7f0000007780)=@string={0x4b, 0x3, "1dd5f5a147c0600293cde732b3bb531c6491b96e9010ca26d60b32799094c3a378d3d1494e02a86708c8d0399bddc10bc3ad190297964913b90c90babbd8611513f6c87d36585f368b"}}, {0xe3, &(0x7f0000007800)=@string={0xe3, 0x3, "033b3eabe46bd3df19294d72008f5908f94f50ee5b0cc9b6cc037cdcbf37f88a956b2cca4b875bf674712bb26b16fe74851053f0742f8bc765bf53cebcef17cfe95dcc0f3c4f8095f99906fe999d4476ee3bc0b7440415962a19e5f9972fb0a23fb2ac02e99053e091b37b1f28084f8441b3add6f62cc915d47afa699712dd0c12bba316949f964c003d7fd7d0cdd77e7071dd7f09370a4d01ea312e25b6022548b00e850618c3e027e262787dd00b0153e0c2a9b8c2f42d60b519d876381c7c41c57496f9a760cccf73b3bfd535a25e23414590b3c20f85f0f7fa5b2a783b819a"}}]})

15m41.750819309s ago: executing program 3 (id=239):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000001c0)='./bus\x00', 0x40)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000, &(0x7f00000004c0))
socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000500)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000580)="02042700ea0e0000000000001eafbcf706e105000000000000001104ee1606d4b8bf4a828bda305775c43824cee8440000", 0x31}, {&(0x7f0000000100)="126873159fca3fa38fb198e9a6b363ceb3e6d803ab766b7a38e451d14e0b3457474fe6a51671e4124fcea96a873b10996816e100ed8a93b0a9053db57d60973369f58551c3091cb88d3b", 0x4a}, {&(0x7f0000000080)="088d85d1f4f8220aee8de7932b326f8a3164ae439862807a1589836c736d2341f7", 0x21}, {&(0x7f0000000040)="df3b46a1330000000000000000000000000000f1", 0x14}, {&(0x7f00000005c0)="b72abab9439ca41f5cf14d6435575ba774ee5f5c23ff2f5176f5773d08a15668ec280cfe4ea416cf769dbf978a8191bbe006e0da50029176c0f24e3ff4d3e895a2afbf52cef2fe1ca31edd842b126ec4be67e6e3624b9ddf806fc146c645ec1d37fe7e3b025c156d5d520104b53f7fb2af436201cfd5dca170edea5a190e4786bfaac544b60f514d7ef420526c467f14790dcfa5ab915d7dbcdf2765bbcad014c991f8b829c79f53586de79f0b987ad796f9de4a6e53136a07a39ab1f5a2ce30aded70a9b72d1beff7e8b6405fd6331e5635ee71e809be2d58f412dcd7b2e856d692dbfed19045ff13244acce351b6e450395568063569c71ea80a04f83fbe6ad1d0862fb97f816576c4844da65d751ee1fdc522ae1158670de297cdb2117bc0adc1486e016a6bcc922a162fce6a9ecc8c42b0c44c566004eda037864e5f339bbb0998cdaf2b8e49ae003659bc033668f7c8e550197ed95c420461254ba1883dbd9403672d579cee85c37f103ee9a350a768286017158784baeb063c8c684b91b022b0db2238b679092a1f6909f0cd9228500e088f5cc7bac4c0dc56e80fedac93554aec79715ce02e8bf3fcbd70382f619bfe3dcf06890d8542022ee58bdfb075d319c9fc8474cadc8de5c3dd3f682d3f68324d0af7a727064053ad84c94643eef190783c616467628f84620044c084b80e3e57bfcdf293c9c36b4474a52398b35e49e2ad4a4ac090bffc5cd27d3c69b4ae5f841d5b0766ccd36d25eb58d8f01621a05744b79ede39019ab9d7a1946353d8f3b7f833ce1a102a8c97a9e3f32138ffafd305448f2518ccdb7eef594a890eaeaff3f876f742fec22669a97085ed93b18228ecbe9e354e8f69967ca749fd2b1cf026665ca912e3fc0188b294519078b46676052de4fe22798290bd1e232c9791fc01ddb4ae776b5769143df2867042e8a3ddfa8e786bd8a244076956d4ab137939ad381650dd4fefd2b942a98d6f2edfd7019ae473e7608647b86d643e8ff3d7d4e89ed826e4b8c6e8fed224c528d805ade85c5b45261b2692c0f403dec050bd973b0999df214689f4402dd1598a16b0c7671e5e204a00b06376ddee7cb99292a8b835c0b451642b71f2ffa1aeea56255817b2384bfe4f8213ccfc1f762f250592896102e5f6d34cdd726bc0f86af52fd7c4483d32e23e5af770e960c7445b8e67b6086f0cadcd22d0d4bdadc31b5a94dd687379dc6e078210ccc71f8e67eb58d330394425ab17e55d1ca8f868f6bf738af291d2293c3dfa2ccff25061ded22878b3cc6532d19e5a00d1f0f1b9de35305fac2c6cfd5d77a2b02618735b7d392738bd5cd3eabb7039c790a9f193913f16e06605d405d6a0cf0011a2e5f935d8563fef1722692dd266c3d320b9f5eeb2a4b2f72155522f0ed72ff1efa0b6ee78e70d3d45241609e7f87d7bcfe1af71159baa11ad667a0ead3986b2b06500ba2615ee966ea86ca68d02de4802bd9ef18dac5ba53ca98b90df49ef4e3268ceee538973620e5a60513ea330989642626420b67dceebc569478657aedeb62c45b079348796923ad1fba5a99e6b150cf97ba2a570150053309c6dca7fa352fa1678c9b919fbc47ae0a84175a7fc25a00fa5888cb017e8d8225fadb29e34bd3c5bbccfb22a83255fec3967c991d5b3e6719ade82fb7ef85c8a4b9e7ad8ef2a3a7bc78de424572224affb1f9e0c5a969e61ee2ebb4f247bfa09384bdad04438f2efbfae303d47c3afe7e8d3a157b2a6f37572ea3ecc441dfb208ba755f781f144e58d80aea590abcfccbe8678ec6de47511f9d61cc408cbbe90eeab2cffe6d1a48dc3eb4e48e228fd43cafd7ff2c85c3ed52e99fe16887be28fcd2cd4ba4cac414c92c96294fa7d628e4356c748c173f790a7f30071d0bd53817c78d163249c7402b222b8f28668cae7afd17b97dbaf10b75b61409ca6f5b285d1ab09207c5a91c68b0d4b5da6d6b5a495c8debd7f4400e56d9e22d1cc330f782f2b5441a31b9ccf35aa1a151219cdcff5ab8b240af5b5a751eca67773c057412a935e3a7a367b2bcd28463904ee040a586d6f4f969cee56d55b6b4d97d1fe93b67e2f6bd47925054c4702ec8969a1a6211ea8f6783ca0e8ae333922ce19eceb24e2ff714a0208d2489a62f299aa50cdbfe5a826e872ab231bbddf5bd2fca92d4460379e05e13ff34a200fd921dcb67a002873bda8d86536cddaccb54eb72dd4e399fe9195ad5574ad85d9ed2eaae4106234f0a8db05a230ff377b59b54fd0919d1b86b938622ae6098f003db7f4d45d6874f54c33064ce6184dccc99fece2d994e9572d4840b0cbdd704fd70b4f625912d48a512339f883533768f09a4f614583dfb72defe713ee38f61184df279461b7d35becd8e67d01f0ec27e901d88215554d5a69db373a662085733d09ad9153e7d432c94f872ff7cd72995b3a581ea17722ed13a191b366208f75661112b1a7d42c252c907488ca8dd8f819d4618b0053d4bcddb3b5975cb8615ebc472e052552ee74d5253174a2b0cb96e1eaf6349b6c39be975123ee72b0ffe1367df7aba54de26c9135a3422d21067034551be5efc5daf8b8f59bc725e4fd171378fd9f16a785f1b0378823c85eec521e0b2aca70b7b72b719a20eb2fb0addc0b05851c8e181607f49dad7323bc255309097584c2099574db1ed7940fd16796aef19d30acd714dc1f898716df64db87d852eddf2f86e78fd7fd64868b4cb6cc626efcdea49c4a2779a0e777bbe23968e14233a810d9883680894de93023a8deae51ccbf32e6d1e53618ebee95c761221a33bc3263fff0f5ae23e14dba0418cf3f31effcb36956e06c57a17620044260419a208ae1d2296ec9472d44be74a8ed0a33a23181acdef8c7d2695ce9485ed8d17d9f6f30b9b128ee0ba15c42cbf6059bcfef008c09db8855343f79c3ce1c4d79077c8a62237d4e400a5aa88e7424f2f99df6c2070d6ed071f4968376581e20e52d64e9c4f8a6f73bb33f5b6b62c1deecc85bf789565fde14e4454306ed8f09af08afb360ee4fb40dd5dca0be43ccff75e5c0ef85ea7c521cb4840d61e99e1ce4661e721446d5a571cddffbc3643ec9b58237fd416376906bdca09485c2c80f82b23e8e7bbf22035fdbcacd804ae3771fd616901184ced46987d533017eef717e9b34a5531c3efe2d77c9b6cb0617382d69951545378a4118e71c64a1f16d096a8f933580922083d0536b90ae1715c63f682e8241b42e1646b0c52e34aa9c91efe2b6b787ce0747d4ff0dd07d6ebc9ce27e0ef35705eb7b78763a9829b464523ff3ed9078aff6ee29e6e7a59a5243825e8bb9235f8e49a9dfb5932536666c3dc75b29e515dbca4c84268cf23cd7b6da6814328a3cb26d7b1d6c28e20b36f9a2c9e2fcf663c314f72f37d2b8f405cfc686a6b35400435be0eab01709c2c4b3005491cbb0b560e33547b77ba9f25f01b194e20534199a3786ddfaf0a75aafb65cd4df4da7b5f98fe72a8bc7d045339fd41508cecca791c717a10d4fed8aa69eec80955bd899a6f8aaf3411be40568149e631ccbe17c68f85e87b58da81ba78def8b1a48c49b2dc7613f7d6ea8b158bed077666d37d1caba9a23b7cb2772e780f70872113e5bcaebaf9f9499f651dc894be3bba1e99d58b33d60c0eda397df91d7cf9fb072f247fa9a9f59c4f59c4284a3832ff0a1f9ce8f6346cb5c08a9dcb2851c7f169af688fc13f00cf9519ade547671698caaa3f4d4921fee83753b9ab0875707836343eddb5b87bec86aae023c9571b8e389ff3f4c692b6fb19686105249ce033116777d919ceb4559a67ee6b6ad9d4b53d2be24315429de3bf201107fe7dff9cbc92dbf9173391d555b0a1b8ea3252fd7d7fd15d8a3cc70cecdbdd43c4edcc4bb2fbbf646d5ec7dad0d3156a513d14184e0c316f8155e774f7dcea485f904828edf28510d692b66b1500c5a704371c2188a2812bd323de012f36a79674082b5f5e9f7f4ce1a75ed854b71555e9fcd1f0322c22a9e543674c79a74404e08e61860f505dc56e1b52977b9a9af18be4064b5f6aa7c891382bbbe65e70a4cee33176570341a525fb6b25c0b20bfa3f2ee4a01584f259f43c3b63a2dfc376f435827211379ab3ca8912cbe01e4f837920666fbda682f6954d1c156f21e12547b885f485c38f62e765013144be8ca92b1d4872790a5c02671517f6a8f0ceb247e08c64268ad8970b57bb6d077c9b8ebe7fb1183087c9a3baee06100609204be588621253b9b120c08db9f28c2d38c9bc3f59018bb7216d73186048770d1e556faa49df23a40a64b40cdda2041dccf5619db09b7a7795fd7eb631c0e0bffc3b64422bf6acd84b7fae8bd05b057260a4d7c4851829c7bbf0b6f27c5db0ff10f42df3528f79dc9bbd591965259cd0389deb124b1fadc5dfd3ade9742d29261379ea3d98929512371dec991f0636fbda5dac355a04e363beeb4751781d9cef3a0b6ac6500895d223ad43ed75cac8b0a868253fffa10bf6c2de99c687fd056e075cf0632b6d8ed2263ca08ad95b6f335a3b6d8ab7801422ac8597441ac1bbe289b50af31eb221d19a2d3177d4ad1056d616295e89471e65d811b8fa4fe2c0c12793f43ef7e75c7f657f6c26ca9cbae63ce99301069ab257ae77c38778d35afd326d569c626a68f3904b2c376dfaa05568892f346f86fb05e71fb751e09cd22525cb63512a7d2e4670bd31109b87818278e66dc73fa9667e35c5bc6588cd36d2b62592a4103803d93c194f8edd5d20c6597231321b909bbb3c1d13408e5cf27728883e333b391222e6b6665454892dfedd17a1066f1145163e1a31ba9a3e3cee925e55d794b89462a0a092a639ccd4a24514083cb68224c87c18f0bb39ff721cc598e686b5fef169bc30f9ec6df397905f8340f6ae7ad826aac774cc46bfb9dfe8192e9ef10e8355d7c2810269eb73c7ecb8d3ffa33437142b8e596cdb778cd3cdda5bbbd09a8ea919929adbc63ff1004490c45a9ea59def65fabc884c39beac1b74a218f59c5e31ba85dcc4b8bd81d7a66d8aaf0edb64b505f760442e16fb7f07a069aba88601c3ace27762cef8196da3d44b14796b04e7fa3bab37209190a1de6e6ecfd99353279ef643766814fa7fac7254eba59bff3546bf21afc7445a4f1bc92c7b013f34962ff029e0f2926acf6c8a25fecea5b0b810656c981535492a2a4159dcfd0bf98085dc9612159fa0ad837a22eaffce80405367931ef3eacbf5a663175acc306eb075c52265d0c6dfaab", 0xe8f}, {&(0x7f00000033c0)="d6d038091fcf458c", 0x8}], 0x6}, 0x40000)
open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000440)={0x500, 0x0, &(0x7f0000000080)={0x0, 0x18}, 0x19}, 0x0)

15m40.880485684s ago: executing program 3 (id=242):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a09040000000000000000070000000900010073797a30000000000900020073797a3200000000380000001c0a050000000000000000000200000a0c000340000f0000000000020900020073797a32000000000900010073797a30"], 0x8c}}, 0x0)
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x44, r1, 0x400, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x28}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2c}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x36}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x33}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x8}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1b}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000000}, 0x40000)
mincore(&(0x7f0000bfe000/0x400000)=nil, 0x400000, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000002440)={0x8, 0x8b}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000540)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x1, [{0x301}]}})
add_key$keyring(0x0, &(0x7f00000023c0)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000100000008000100030000002c0004800500030001000000050003000000000005000300000000000500030080ff000005000300800000000800020003"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0)

15m40.065327705s ago: executing program 3 (id=245):
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000001340)={0x40}, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x42}, 0x28)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r1}, 0x10)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
ptrace$setopts(0x4200, 0x0, 0x0, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x6000000)
syz_usb_connect(0x2, 0x24, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000001100010027bd700003dcdf2500000000", @ANYRES32=r3], 0x20}}, 0x0)

15m39.162263865s ago: executing program 3 (id=248):
listen(0xffffffffffffffff, 0x6)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0xcdd}, 0x38)
socket$packet(0x11, 0x2, 0x300)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000880), 0x88000, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000032680)=""/102400, 0x19022}], 0x1, 0x1000000, 0x0)
capget(0x0, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000c00)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f0000001d40)=[{&(0x7f0000000c40)="174f0309acc581c27c0835a541d5ace14751a6fb5991e1eabe613766930c5209d76188595688370a8db8878df98ad326d6", 0x31}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="1c00000000000000a08fbc16c0ea8c470000000008008c11b14b3052ff20e818d4fc0a8a8a3c0000", @ANYRES32=0x0, @ANYBLOB="ac14140d7f00000100000000140000000000000000000000070000009404010000000000"], 0x38}, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, 0x0, 0x0)
prlimit64(0x0, 0xc, &(0x7f0000000140)={0x800000000c, 0x2}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x20000000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = mq_open(0x0, 0x40, 0x0, 0x0)
mq_notify(r4, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
prlimit64(0x0, 0xa, &(0x7f0000000140)={0x5, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)

15m34.9364722s ago: executing program 3 (id=254):
syz_usb_connect(0x0, 0x61, &(0x7f0000000080)=ANY=[@ANYBLOB="120110013a7d52206d040e0a219f0102030109024f000205a00003090400ff04030000b709050d00000008060909020000000209040709050910200079ad07090509000004020d050705840f"], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000480)={0x201ff, 0x200, 0x1, {0x8, @pix={0x2, 0x0, 0x39555659, 0x6, 0xea, 0x0, 0x9, 0x10, 0x1, 0x0, 0x0, 0x1}}, 0x9})
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x14, r3, 0x28543634fae43ad, 0x40000, 0x0, {0x4, 0x0, 0x7900}}, 0x14}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0xcbf2b2b85a7692bb}, 0x40)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)
sendmsg$NFT_MSG_GETRULE(r0, 0x0, 0x4008005)

15m19.648985759s ago: executing program 33 (id=254):
syz_usb_connect(0x0, 0x61, &(0x7f0000000080)=ANY=[@ANYBLOB="120110013a7d52206d040e0a219f0102030109024f000205a00003090400ff04030000b709050d00000008060909020000000209040709050910200079ad07090509000004020d050705840f"], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000480)={0x201ff, 0x200, 0x1, {0x8, @pix={0x2, 0x0, 0x39555659, 0x6, 0xea, 0x0, 0x9, 0x10, 0x1, 0x0, 0x0, 0x1}}, 0x9})
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x14, r3, 0x28543634fae43ad, 0x40000, 0x0, {0x4, 0x0, 0x7900}}, 0x14}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0xcbf2b2b85a7692bb}, 0x40)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)
sendmsg$NFT_MSG_GETRULE(r0, 0x0, 0x4008005)

14m22.65227661s ago: executing program 4 (id=409):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd8500000073000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10)
r2 = fsopen(&(0x7f00000002c0)='pstore\x00', 0x1)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, 0x0, 0x0, 0x0)

14m21.732454075s ago: executing program 4 (id=410):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='oom_adj\x00')
mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000040), 0x3, &(0x7f00000000c0)=ANY=[])
r1 = syz_io_uring_setup(0x2e37, &(0x7f0000000240)={0x0, 0x69e1, 0x10000, 0x0, 0x295, 0x0, r0}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000000400)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
io_uring_enter(r1, 0x567, 0xa1ff, 0x42, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000080)=0xfffffffffffffffc, 0x1, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$SNDCTL_SEQ_NRMIDIS(0xffffffffffffffff, 0x8004510b, &(0x7f00000001c0))
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="dbac22bd8962c7426d22bb86bee22b88f6b3e25793138ea75faa4ff48ce0c5002d96a28afc65b3557294cd49a2f0b1090aa17908b90aecdc38dc15ec49a7fac2ca041fb4f2e1ae2d0d6ce60de26081316a9c67c006cc6ee1cd8f", @ANYRES16=r5, @ANYBLOB="010025bd7000fcdbdf254400000008000300", @ANYRES32, @ANYBLOB="0c002380060002000f000000"], 0x28}, 0x1, 0x0, 0x0, 0x40004}, 0x80)
syz_emit_ethernet(0x32, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaafffffff5"], 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000000)=0xa)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)

14m21.498675402s ago: executing program 4 (id=412):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@ipv4_newroute={0x34, 0x18, 0x1, 0x0, 0x25dfdbfe, {0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_GENEVE={0x8, 0x1, 0x0, 0x1, @LWTUNNEL_IP_OPT_GENEVE_DATA={0x4}}}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000f80)=@newtfilter={0x4d4, 0x2c, 0x400, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x5, 0xb}, {0x2, 0xfff1}, {0x0, 0xfffb}}, [@TCA_CHAIN={0x8, 0xb, 0x8000}, @TCA_RATE={0x6, 0x5, {0x9, 0xb}}, @TCA_RATE={0x6, 0x5, {0xf, 0xf9}}, @TCA_RATE={0x6, 0x5, {0xec, 0x1}}, @TCA_RATE={0x6, 0x5, {0x8, 0xa}}, @TCA_CHAIN={0x8, 0xb, 0xffff}, @filter_kind_options=@f_flow={{0x9}, {0x70, 0x2, [@TCA_FLOW_POLICE={0x4c, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x8, 0x5, 0x2, 0x40, 0x2, {0x40, 0x2, 0x4, 0x0, 0x6, 0x6}, {0x19, 0x0, 0x4, 0xdd1, 0x8, 0x8000}, 0x9, 0x4, 0x7f}}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x1d9d}]}, @TCA_FLOW_MASK={0x8, 0x6, 0x7fffffff}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0xd, 0xfff2}}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x5}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0xfffffffd}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0x4}}, @TCA_CHAIN={0x8, 0xb, 0x80000000}, @filter_kind_options=@f_cgroup={{0xb}, {0x3e8, 0x2, [@TCA_CGROUP_ACT={0x3e0, 0x1, [@m_mpls={0x144, 0x1c, 0x0, 0x0, {{0x9}, {0x80, 0x2, 0x0, 0x1, [@TCA_MPLS_BOS={0x5}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0xfff, 0x7, 0x0, 0x6, 0x7}, 0x3}}, @TCA_MPLS_TC={0x5, 0x6, 0x4}, @TCA_MPLS_LABEL={0x8, 0x5, 0x64fc9}, @TCA_MPLS_TC={0x5, 0x6, 0x1}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x8, 0x5e, 0xffffffffdfffffff, 0x6, 0x6}, 0x3}}, @TCA_MPLS_BOS={0x5}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x6, 0x7fff, 0x2000000f, 0x9, 0x3}, 0x1}}]}, {0x99, 0x6, "932f7f2f5b2674af9901109bd4ed2c1b478ff0198dbe666489149f04861f22f1b77e084821a953cff16a1bdbcd0a60af5aea84d249b3e0461ff06e91d1e32351e3129cb4fa95e15a160838c3ec00b8e3161ac27fc66908fddac2c1bd9c8e9fc77abe890bd5689e4c829cd36d3f583392bcf7b08cdfe5948dc978d4e2d7ccdc5364defadbc80526e056c81f7b764f53269d7db96e95"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_skbedit={0xb4, 0x15, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x10}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xf1}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x1}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x4}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x2}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x7fffffff}]}, {0x58, 0x6, "6026c0ad6b0110b84c3ec34fad57320432f9acafea8eb2d072a9e8003278c0eeaef99e8c0cae2ca17a84fda1ea8cf880e98298332a4a37b7500f073e166fa997299767d9c6bb39badb9ba15793a0a8616c290193"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ctinfo={0xa4, 0x6, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6, 0x4, 0xfeff}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x10001}]}, {0x67, 0x6, "3c85e936909937fe52a39d6e629a453eddf934305ebed2c3a076d73b3dee93caccab9ea21cc6c590cc23c76d8d891d7a2d4cb071b57bb0b988cc9c4b3c2582b70c95751ebc17566dcda805412b7f93d0845689fbc8e8fd5ebffb7e9c5a5ea67441021a"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_connmark={0x90, 0x2, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0x7, 0x3, 0x2, 0x2}, 0x24f}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x2, 0x1, 0x3, 0x1e, 0x8}, 0x6}}]}, {0x26, 0x6, "5108eda3491269f5f9e805a2aeccf1b9c4a146789cc943c1690329ba9f1838588e37"}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}, @m_skbedit={0xb0, 0x1f, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x4, 0x4, 0x10000000, 0x7194, 0x2}}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x3b2, 0x2, 0x4, 0x8, 0x2d5a}}]}, {0x54, 0x6, "1825a05353d946721fc0804522c72183b9c9314f16a945c45e284db5af1d55092b4a9a6df9f5ee12c42c4066a62c49dfd7e17569ce7d2cc65387f9e7969bd3cf1d0b8ce433ca8c1d0864c6a45603b31f"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}, @TCA_CGROUP_EMATCHES={0x4}]}}]}, 0x4d4}, 0x1, 0x0, 0x0, 0x20000050}, 0x40000)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x200000000000002f, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x989}, 0x94)
r4 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e24, @empty}], 0x10)
listen(r4, 0x100)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r5, &(0x7f0000001640)={&(0x7f0000000000)=@in={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000040)=')', 0xfffd}], 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000840000000700000055"], 0x18, 0x8000}, 0x20000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r3}, 0x18)
r6 = memfd_create(&(0x7f00000006c0)='/dev/loop#\x00\xee\b\xce\xde\xe9\x8d\xd2\xd59\xe8\xda\b\xd6\xb2\x15\xf6F\xb8\xb4{r.\xd2\xea\xec\xdbXe&J \xe9\x16\x82\xe8=\x83\x88sN\x83N`\xf9\xec\xe1<r\xf8\xd56\xaf~Nh%\x14\xf4\x14\xa3\x88i*rR\x17\x1a\vz\x950#(Wy\xc4x\x82u\xa3c\x9ez7\x88\x15\xdbz\xd1\\\xb5&\xd1\xca\xcb\xc5C\xa6,\xc7~\xa3\x86\xee=\xae}\xeb\xe8\'\x00\x00\x00\xceP\xff\xed\xee\xd7x6}-y #\x17\x8d[~\xe2\xab\xe6\xe3\x17\xd2/&\xfb\x13\xf3\xd9\xf4O\xf2\xdb\x9b\x03)\xae\x03\x00\x00\x00W\xb5;\xa6\xb4\'\'\x17\t\x00\x00\xaa\xe8\x81\xc0\x85\xd2\xfe\xcf\x9bn\xee*\x15\x97#\'\xc4\x06h\x1f@\a\n=7\xeb2\xaa\x0e\xee\x03\xd1\xd4\xc2yT\x8a0\x06=\xe7R\x85\x02\xf3\x15\x99z0]\xc4\x04\xb0\xea^\xd9\x1e\xbf\xb6\xe9\x8a\xfe\xd9G\x82\x93\xbf,J}\xed\x06\x18\x86WQn`\xf1\x9b\xb5\x96\xfe\xcf\xeb\x9f\x87:me\x02\x90\xa2\x13O\x9a\xd6\xd0\x12\xf2$7\xb4\x8f\xfaal\xb8\xaaV>\xb16\xfb*\xf5\xd5\\\xa7\xebe\xbe\x9d\xd7\xf5\xb9<\xb2\xc4\xf9:\xef\xc0g\xc3\xb5\x7f\xc0\xcck.5=\xcc\x10Y\xad^*\x10\x00\x00\x00\x00\x00\x00\x00\x0e%\x84\x95bXy\x81;o\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa9{b\xab\x91\x88\xba\xa5J\xfd\xd2\x96R\x06\xeeP\x0f\xb0\xad_\x0e\xf6\xe7k\xbf\x93)\x02yX\x91\xc0\x8c\xeb\xd9\xda=\\\xa0\xdeke\xb6\xef\x10\xd2\xbd9\x87<[BKq\t*t\x9e\xf9\xa6\xb5\xda\tb\xcc%?\x14Y\x9b\x18nx\x19\x11\xb7\x9d~\xc5{O\xd0S\xbdi\xf8\"P>4\x05E|h?\x0f\xf5\xf8\x8c\xce\xebXN\xb7\xc0F\xbao\xf7\xab\xedO\x96\xa1(\n\x1e\xf9\xbe/.\xe2^\xb0\xb6{\x1fdX\x100v\xab\xce\x05\x00i\x85\xf63\x05\b\xd8\xeb\xdf\x00\x00]N\xe1\x9di&\r\xd2pw\x85\vQ \x82v\x8a7\xb6\xf8\x1c\x8c\xf0\xaf\xfa\x17\xbeD\a\vM\x87\xc0Q\x94\xd4\xd3\xc7I@Z\t\xa9\xf0\x9d4c\xb1^\xeeF\x96\xa1{OV\xe0\x1e#\xb3w\xc7\x87\xdd\'c\xcf.\x04\x8b\x9e\xef-b\xbe\x17T\xee\xe1\xf7\'+s\x15\xeb\xb1D\x86\x93\x1e\xf9\xf1L\x0f\x9b7/\xd9D\x91\xc47hI\xbc\x13.@R\x8b\xe2x\x97:A\xf1\xb6\xe2\xc8\xb2\x9bD\xb2P\xdc\xd4\xb1\xa50\x9f\x83~)\x9b7-\x80&r\xbc\xf6<p7\xaaS7\xb4\xcdtd\x81V|\xc6\x99\x81\x80\'\xf8\xb5\xe0{\xb0\x04hVL/\xff\x97\td\xd5\xddc\xc0i5\x9c\x06\x88\x8cb\xfb2\xbf\xa3\xb4\xceF\xd9\xc8\xdf\xfcw\"\xdcv\x8d\x83\x91\xacn[a~\xc8\x9a1\x04\x18\xd2@O\xf3q\xb3\xadj\xb1\x01\xfa\xc4i\'\xa0\x86\x12\xcd3l\x98v;@\x95\xa5\xa8/7\x03\xb2\x88\xa7\b-F\xe2\rIC>\xcf\xcc\xe0\x04\x93>\xb8\x88\xc0\xad\x97\xd3.\x04\xc4n\x83Sb\x83\xf6L\xb7$\xb4\xeb\x91\x88\xcfn\xccwN\x9c\x8a\xb7\xfd\x83G\x18[\x00\xee\xfe\x9e\xab\xc4\xb3\x1d-q]\vep\xee\x18\xa9\x86\xa5\x1a\xd5\x92\n,\x14\x96~\x0fW\xbb\x8a:\xf5\xa3\x9b\x004\xd8\xf8_\x0e\xee\xbe>\xd7\x90\x95\xcb^\xe2a\xf4\xe5Z5\x92~@ \x00\x9b\xca\xea\xa8\xc0,\xcc\xe9s\xca\xd3\"\x14\xf3\x11\xe5\x0e\x93\x9aY\xb6\xa2|\xe8\xfe0\x9e\xc2\x99b\xd7\xd9\xa6\x15oO\xe2\xfe\xd0F\xcc\xeb\x1a\x84\x06E\xec\xf5\x9e\xea\xccB\xdd\xd84f\xb2O\r\x12\x1a\x1d\xb8\x92Q)=\xaa?\x13T\x82\xdf-E\xa4>c\xcd\xf57\xde\x17_\xfa\x9dd]-\xdd3.\x91\xd9/r\xc6>\xe4]\x8b', 0x4)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r7=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x3})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r7, 0x1, &(0x7f0000000040), 0x0)
fallocate(r6, 0x0, 0x0, 0x200401)
fallocate(r6, 0x0, 0x0, 0x200401)
setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f0000000340)=0xffff, 0x4)
llistxattr(0x0, 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6000, 0x0)
r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mount$bind(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r8, 0x50009405, &(0x7f0000000180))
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="2c0000000f1401"], 0x2c}, 0x1, 0x0, 0x0, 0x20004000}, 0x20008000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000020000000000000002000000850000002e00440085000000a00000009500000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)

14m20.564036155s ago: executing program 4 (id=413):
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000001340)={0x40}, 0x10)
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x84100)
setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x42}, 0x28)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xfffffffffffffc99)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r2}, 0x10)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
ptrace$setopts(0x4200, 0x0, 0x0, 0x1c)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$unix(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000780)="c8ed", 0x2}], 0x1, 0x0, 0x0, 0x48000}, 0x20004011)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000e0ff0000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x26}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000540)='rtc_irq_set_freq\x00', r5}, 0x18)
recvmsg$unix(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000003c0)=""/114, 0x72}], 0x1}, 0x40)
sendmsg$inet(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)='l', 0x1}], 0x1}, 0x2404c140)
socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6a00000000481100fe8000480000000000000000000000aafe8000000000000000000000000000aa4e1d4e20"], 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002540)=@newtaction={0x2b0, 0x30, 0xc96f2b0dc02612b1, 0x71bd23, 0x25dfdbff, {}, [{0x29c, 0x1, [@m_xt={0x1a8, 0xa, 0x0, 0x0, {{0x7}, {0x148, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_INDEX={0x8, 0x3, 0xc}, @TCA_IPT_TARG={0xe5, 0x6, {0x8001, 'nat\x00', 0xe, 0x1000, "5b17aa89d80870c15066789ffc3b484ddb037d507299171c05cbd077a4e3492a17ecb2370233755138b3858be560a8a0cb8e4bee920720c0d5e6d1fe7c870c1e2793e60016110210e803f409c55aaa647ce7884c4be946c031bdec6333ecd98218bc11cfd095bbcc90498390fcc856d393bf3c1e92685be4ff1b597283aabf6ce58602822569bafb50f79407eb936cd6ee006572c3448ff2386905dacded248e5a9de4a07552adf37b6249ad9805b37df81c593f6ceb55e10eaf31"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x4}, @TCA_IPT_INDEX={0x8, 0x3, 0x6}, @TCA_IPT_INDEX={0x8, 0x3, 0x4}, @TCA_IPT_INDEX={0x8, 0x3, 0xfffffffd}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}]}, {0x39, 0x6, "60d8256d6e17304151fd4e116cd17e9a9916f46a1108fe35c2253eb9e0a39371696c312986c3e3f087692e934a942246981749736d"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_bpf={0xb4, 0x9, 0x0, 0x0, {{0x8}, {0x4c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_FD={0x8}, @TCA_ACT_BPF_FD={0x8}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3, 0x4, 0x3, 0x87f3, 0x6}}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x2, 0x9, 0x6, 0x3, 0x8000}}, @TCA_ACT_BPF_FD={0x8}]}, {0x41, 0x6, "a09e88b2fafe2ad0dddad3cdaa9b726cf5b56034a46fe446c7d19b5780d1bd141230a65f0db61f93ab839c730b3903572c517419564b6cfe47716614b3"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_skbmod={0x3c, 0xd, 0x0, 0x0, {{0xb}, {0x4}, {0xd, 0x6, "d53a6627b5c2b2c112"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x2b0}, 0x1, 0x0, 0x0, 0x4004000}, 0x4800)
r6 = socket(0x10, 0x803, 0x0)
sendto(r6, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x8804, 0x0, 0x0)
recvmmsg(r6, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x6000000)

14m20.279600942s ago: executing program 4 (id=414):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52", 0xa}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb9", 0x41}], 0x2}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/96, 0x60}], 0x1}, 0x0) (fail_nth: 2)

14m19.133751058s ago: executing program 4 (id=417):
r0 = syz_usb_connect(0x5, 0x59, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ec13b2106c04e814280b0102030109024700010000000009046900000e010000182402010202", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000002340)={0x24, 0x0, &(0x7f00000021c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000040)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000ac0)="ee", 0x1}, {0x0, 0x2}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="6400000002060103"], 0x64}, 0x1, 0x0, 0x0, 0x4000001}, 0x40)
syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])
sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x0)
r3 = syz_usb_connect$printer(0x1, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x0, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x8, 0x40, 0xfb, [{{0x9, 0x4, 0x0, 0xc, 0x1, 0x7, 0x1, 0x3, 0xf, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x7c, 0x5, 0x1}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0x81, 0x4, 0x5}}]}}}]}}]}}, &(0x7f0000000f40)={0xa, &(0x7f0000000600)={0xa, 0x6, 0x300, 0x3, 0x8, 0x2, 0x10, 0x5}, 0x34, &(0x7f0000000a40)={0x5, 0xf, 0x34, 0x2, [@ssp_cap={0x24, 0x10, 0xa, 0xe, 0x6, 0x9, 0x780f, 0xf, [0x30, 0x30, 0xdf80, 0x30, 0xc000, 0xc0c0]}, @wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x9, 0x8, 0xe5, 0x8}]}, 0x7, [{0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x1c09}}, {0x4d, &(0x7f0000000fc0)=ANY=[@ANYBLOB="4d03008f06de43da486c23bf82643bfd6fa9c670c02ed8d06a86d12d665739d7f78d9ed63936d07ab2bd99f87dc19e826e8b47ebd47d78ac3d679f910400000000000000f070aa80e165687bf91cc1db13459147"]}, {0x86, &(0x7f0000000d80)=@string={0x86, 0x3, "283f8d938990b534f534c04527b21795a553f975116bfb986cdacce5bbf2a7c47ea5d68e9761a19ce84fd992249f0413463558ae931a238d3edac039d318fed51f9ccfebd55eccf752eaa2d436871ca26ac706ef47fcd9bff3bc8b70c063626fe78e5a9bcc6360ebc9f9851e7d067ca654d1d184213d7ac9b6e3311f8b2ad4ba5de3c8a1"}}, {0x12, &(0x7f0000000e40)=@string={0x12, 0x3, "47691e30e3ab0f4ce8cb5c2793ef3b0b"}}, {0x1e, &(0x7f0000000e80)=@string={0x1e, 0x3, "cc94024af03fb1ffa6c4f7b2e19c602fe56fca21e606d0809bfe7172"}}, {0x40, &(0x7f0000000ec0)=@string={0x40, 0x3, "0aa49e6c2cf22f353c709e9699d2845c2d04144209cb56968b7ace3eca5af35dd0285aa949888629040100d88932214e2e5d5d877cd8b985a713b449cda6"}}, {0x4, &(0x7f0000000f00)=@lang_id={0x4, 0x3, 0x801}}]})
syz_usb_disconnect(r3)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r6, 0x890b, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x2, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5, 0x1, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
getsockopt$IP_VS_SO_GET_TIMEOUT(r4, 0x0, 0x486, &(0x7f0000000400), &(0x7f0000000440)=0xc)
sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="090700000000040000000500000008001701", @ANYRES32=0x0, @ANYBLOB="4e5ed7748856b19cbf0a0d63729a157c4b3993336b17ffd9d9d430acdcbfda7d022a3de7"], 0x1c}}, 0x0)
accept4$unix(0xffffffffffffffff, &(0x7f0000000480), &(0x7f0000000500)=0x6e, 0x0)

14m3.974333031s ago: executing program 34 (id=417):
r0 = syz_usb_connect(0x5, 0x59, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ec13b2106c04e814280b0102030109024700010000000009046900000e010000182402010202", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000002340)={0x24, 0x0, &(0x7f00000021c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000040)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000ac0)="ee", 0x1}, {0x0, 0x2}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="6400000002060103"], 0x64}, 0x1, 0x0, 0x0, 0x4000001}, 0x40)
syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])
sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x0)
r3 = syz_usb_connect$printer(0x1, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x0, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x8, 0x40, 0xfb, [{{0x9, 0x4, 0x0, 0xc, 0x1, 0x7, 0x1, 0x3, 0xf, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x7c, 0x5, 0x1}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0x81, 0x4, 0x5}}]}}}]}}]}}, &(0x7f0000000f40)={0xa, &(0x7f0000000600)={0xa, 0x6, 0x300, 0x3, 0x8, 0x2, 0x10, 0x5}, 0x34, &(0x7f0000000a40)={0x5, 0xf, 0x34, 0x2, [@ssp_cap={0x24, 0x10, 0xa, 0xe, 0x6, 0x9, 0x780f, 0xf, [0x30, 0x30, 0xdf80, 0x30, 0xc000, 0xc0c0]}, @wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x9, 0x8, 0xe5, 0x8}]}, 0x7, [{0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x1c09}}, {0x4d, &(0x7f0000000fc0)=ANY=[@ANYBLOB="4d03008f06de43da486c23bf82643bfd6fa9c670c02ed8d06a86d12d665739d7f78d9ed63936d07ab2bd99f87dc19e826e8b47ebd47d78ac3d679f910400000000000000f070aa80e165687bf91cc1db13459147"]}, {0x86, &(0x7f0000000d80)=@string={0x86, 0x3, "283f8d938990b534f534c04527b21795a553f975116bfb986cdacce5bbf2a7c47ea5d68e9761a19ce84fd992249f0413463558ae931a238d3edac039d318fed51f9ccfebd55eccf752eaa2d436871ca26ac706ef47fcd9bff3bc8b70c063626fe78e5a9bcc6360ebc9f9851e7d067ca654d1d184213d7ac9b6e3311f8b2ad4ba5de3c8a1"}}, {0x12, &(0x7f0000000e40)=@string={0x12, 0x3, "47691e30e3ab0f4ce8cb5c2793ef3b0b"}}, {0x1e, &(0x7f0000000e80)=@string={0x1e, 0x3, "cc94024af03fb1ffa6c4f7b2e19c602fe56fca21e606d0809bfe7172"}}, {0x40, &(0x7f0000000ec0)=@string={0x40, 0x3, "0aa49e6c2cf22f353c709e9699d2845c2d04144209cb56968b7ace3eca5af35dd0285aa949888629040100d88932214e2e5d5d877cd8b985a713b449cda6"}}, {0x4, &(0x7f0000000f00)=@lang_id={0x4, 0x3, 0x801}}]})
syz_usb_disconnect(r3)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r6, 0x890b, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x2, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5, 0x1, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
getsockopt$IP_VS_SO_GET_TIMEOUT(r4, 0x0, 0x486, &(0x7f0000000400), &(0x7f0000000440)=0xc)
sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="090700000000040000000500000008001701", @ANYRES32=0x0, @ANYBLOB="4e5ed7748856b19cbf0a0d63729a157c4b3993336b17ffd9d9d430acdcbfda7d022a3de7"], 0x1c}}, 0x0)
accept4$unix(0xffffffffffffffff, &(0x7f0000000480), &(0x7f0000000500)=0x6e, 0x0)

16.321418528s ago: executing program 2 (id=1618):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_usb_connect(0x4, 0x2c0, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x2, 0xf1, 0x62, 0x20, 0xeb1a, 0x8179, 0x1e73, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2ae, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x3d, 0x0, 0x5, 0xf9, 0xca, 0xb4, 0x0, [], [{{0x9, 0x5, 0xc, 0x10, 0x40, 0x4, 0x2, 0xde, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x9, 0xc}, @generic={0x9c, 0x21, "d92dc6d1c32e6aef20e42b80634656d887340dd570238e18e0ad19b34f0cd6160529793fb0a2694157fe9c05499aa4dcb0145acd36641c4867b47fb36d35778f75c08fdb7d39093d0a754dc4dfe19f9e4164e42a778c2dbc9edb0a0097bda2917e86908e943bd349452f888cda38cc94ab4fb024a8bb387907bed8a3152cb1f04ed3d9f53d35ed7baef35a6ae6d821c172a7eb2640f8512c4cce"}]}}, {{0x9, 0x5, 0x9, 0x10, 0x20, 0x6e, 0xff}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x5, 0xcc, 0x3, [@generic={0x9a, 0x24, "8a14fe79fbcfaf694654197e1f50c420000c1c0872821becd425efbafe5700c3ec846ac0c56596aa72db2ae938fc8e7612a4c1b1af8cbea5bbd9caed1cbc2ad8ede7cf2e7a71bed922ec31da44420a3be29271febe9cdb3c714455e935277056cd18aa82c7e1d53d7db2fdb8c6be1516c17daa919d3fa3f367d9c4bc96e41adca82aff28e36cf9aa0c1f30d5beac4667b366b1b812d67ff0"}]}}, {{0x9, 0x5, 0x1d, 0x0, 0x400, 0x7, 0x7, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x2, 0x7}, @generic={0xb5, 0x21, "29769dd398d991314956ae4ab57adc96a7fbf7b4bf249beebf347b5f2f9e2ed9537a55d6c7b4bd4ce023a585b372b2d4a2a40d291bf3b6b582df55129290dbb5871cf45f646b42b6f6bb622c851ad9f4dad0d7e7620bb7e5acad0ccfb60c86dd7b94189a1d82b463f5fcd265edfdf817ebe5469e42d1db6d275b8755ca3eaf3189bb41dad390dfb5cb2811c0b153d20002a0b48ab349dd9c31e6caf2043996a564e76a87b6f3a23b0fd5ea9aab7163606e0ee3"}]}}, {{0x9, 0x5, 0x0, 0x0, 0x3ff, 0x3, 0x9, 0x9, [@generic={0x76, 0x9, "88c35f0355190d71c977728c9d9015ddd2c50c62eac4b942be4c8a615ff950da24784263770efc4cd4517e766d16aaa1428219f3b641549c5eee53fdbfe20221656b6916ea5a9a669f8551e075ff7298c7b01b7124ca3309946c0e41f504ca211ea32502e5172c9e99f3ccf4d05af7301b7f19f5"}]}}]}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000540)=ANY=[@ANYBLOB="200f000000003784bd"], 0x0, 0x0, 0x0, 0x0})
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
mkdir(&(0x7f0000000140)='./control\x00', 0x8)
inotify_init1(0x800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="1000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000dfffffff000000000000002000"/28], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
inotify_init1(0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xfffffffffffffea8, &(0x7f00000000c0)=ANY=[])

12.037720638s ago: executing program 2 (id=1619):
mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
syz_usbip_server_init(0xaa7f3cec63cbb9d)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r1, 0xfffffffc)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x48e01)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = timerfd_create(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setns(0xffffffffffffffff, 0x24020000)
syz_io_uring_setup(0x47a5, 0x0, &(0x7f0000000180), 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/fib_triestat\x00')
lseek(r6, 0x10000000005, 0x0)
timerfd_settime(r2, 0x3, &(0x7f0000000140), 0x0)

10.203188045s ago: executing program 2 (id=1620):
r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0x202000, 0x18, 0x31}, 0x18)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f00000000c0))
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2000000022, &(0x7f0000000480)={0x77359400})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$usbfs(0x0, 0x204, 0x2)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, 0x0)
getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0xa, 0x0)
read$msr(r1, &(0x7f0000002240)=""/102400, 0x19000)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@private0={0xfc, 0x0, '\x00', 0x2}, 0x8000000, 0x0, 0x2, 0x8, 0x0, 0x2}, 0x20)

9.44199246s ago: executing program 2 (id=1622):
r0 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x0, 0x5}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000006740)=[{{0x0, 0x0, &(0x7f00000056c0)=[{&(0x7f0000001240)="80349c0d9e8fcc9f44658138dc4a3c4ad42f918348474a5bc38ff0e0571fc22c8eb5cb22fdf30ced1a4c1ccb5e5b35fed7db48c1a8a7132adc5623d146ddfe2254dd2579b4284b53d1cea6206864473d31bdb00c9d1462458b678827e80c94d88099e7471a58b1463086f9cdd1ccc19fa2fc4a9dd5a56fe782d15e66648c7630f1aaa7e9820460c46e292dbb8fa6f6701048ff17f46097b1ee0750ed038f18b81b2ba014bf866062c9a6f88b5d07e13b7eddd968ba9c7a53609c7b61471a51fd85bceebc0a92b2cd7c45a7f4571e693abebc3c5ff16c8128d92476", 0xdb}, {&(0x7f0000000280)="5b4ea50f20d7212327afde5e7a457cde2dff791c69fbc3", 0x17}, {&(0x7f00000002c0)="851d8a90d516f218f839a7c48edfe734b2490c90a2fbf5be3383f1c9f5be8e55148723ac0258ef4f8af1f5e0b0a86885f018523d60072c7d9c1568700b3abe208fbd5dad2daf18b5150a530d816bf4cc6e43da4f2793611b38009e8c0970268cf5836926fd1223f4f8bec6a4a68b2aaff7af151a661793a04cd9b936da8f53eae22356781c580df817f3168269eaeeae014fa9b1878bd89e2acb4853ffd7b9a06d7f5ff090c605f5d343e6d93c80d747365d21acea325c44fbb87f6271a2d9333e9b9dd1d36dfea61641d34fd54cd2970ac14acdadd04357bdd44bc926d0adef887b2e25c2f435ce79bac1d1f473c3a49a12aa5c5cfa4bfa4fd2470308ed259e62c218aee67006a3ca187c9aa13a806d99b2275341fd6022940537b1cb1fd2389f417ea92c6e77a09a9d09a98c4e2f0912d36b47588ff991aa98c3c650055bacb669aaf68dd4f8a7b43569c9af62e7cee6ba05278fe8642feafa5c436cb13fa45b3cdf750f8956c493acf7c561b12259331a363c74fb5f2947652ced415b0986b673680e8ad7bad823ff84c30681cbe45114510d9aa6f423f212bcdf1c244178ae31474d9f176707e9c481057f72d489372f7daeba51e3ea86895c8eed109566ad19f3957d0df21a671fce2d674c207d8643c85a018834f4e8e3992e6991d815", 0x1e0}, {0x0}, {&(0x7f0000002440)="253c10cd0a56ebbb9e8b465670109c340c95f1d27d36cbeb7fa948545e9b18da346b70b5dc6ea12ad1a30e4f7038336f1af1d61b04de988f1755e9b3ba9919b2a4952ceda920a7f0e22dd239d4a74f2d1c854bc64f09f979aa3e9f5c25ff8ec189e5d809483583f648cd8870291200e428", 0x71}, {&(0x7f00000024c0)="2ba671ae8107530b978dd82841597ed8f4275ed9e6b9f7b73ee6324ddf688ad9d88125b82afd2e28aef7183086ce0dd4ee880fc56a2ca8b52ef8f5b5f3e475f49b0bcd201fe612703d680fdd1151dd32535b04d4697d472c7750d6c4c197162e9f872253b611b1ca20e79dcf40d1faf58a453f8db9a03fdd351b54ad4e77fa0fda7990bb281079ae7ba3994aef7380e1d6342305e2d12c57379fd12e784f48e4e832171df4576c8724e3bfd70ebc92fc11914cd4", 0xb4}, {&(0x7f00000025c0)="96cb9dfd0c61d5ed863c5a35109d427201da53416c37631f95451a170fdb734214157996b04630903a7ad20aca669b5120871c47c6ef4e5975222b9676223895144ae5c2898ba0e94642e43e374bf9515c7e840e62021f25181401bda4c4d2d77867390c0a05af019adabfe896d7824f0dcb1724c64da40478808059ea83fa60145e108809ca25edf6ab820f23a5ce2b1779aa8c037a26d99df56f39ff5beca1c1e0cbfd69e415971a02f5115f6da0ba6da9be9772efa870aa6b62774ce009e7bcca4b4a7a910aab97e7f3da899eaaf573ac8a926a7be9b5875b3bb707ae9124ead39e70948bcf654b6b4342043f756323494e4ec559866c5a480c3b156c0427f1cc1d373b77424ea38e3697e36dcefd261575e5516bfcedc7baa8cbebed0ce49dd27e6291dd6f968eaf37f13313ba0bd22b6a63496be04a42df10fef87386434103b5ef819a969e8792a7765dc52c310fbe89851eaf8b2eabcf27bd487f817d48a54b0c7e8b151f0941a6f4adcf6a4486f96f8d18a2928829db333ec08bffe029f4840fdc0433d75157e80b33c3041f193e5c3fb1b7c13d1d7d7a8fe3122ddef181a6534232731c8f91dae42d9a66b9c2e0c6de6da74c24752b53d344b3c9a48ed62705c3e93f7e346c0379a6ec672b3a73dcfc159a79a77bd7b9edd013e3e9832d4dca6f9f973d63d5d235c7e22822e012e4181e102e68b03bdec323db739968061a7ba6fcf9589bd2975520fe9f1b44e52489bf5f5b0125b14bc894f4ff1ad2ba817dad6ab1654a2cacce1cc5160ea4bf3d7011cbf16ad0389b6511448c4186da0a7a55be54031a6d2773ac33aab5d533e7bb213309193f2ca3970e8fffc2fdacbc96e6f49c116b0505385a8bf282589be6b844e2aaaa652459b5d021127f59009020d34932cd03fbe5fea45bdc1f68463c4afe2b5ea8f97dee5e2e6b58196aff00e5ca51a0087f02bcb1dbdd638a5c7590095561578c30904f7ea80072de21fcedd0e41da8e7fe3514eaabc603d770a6fbed5367edb7feb5c5edfda04c7b8a4bfce5c73b876f52fde7dc929f3ffa632eb9514596793533d20fd191b484e902ab104dfc34a8486ba64d3e31c495e043279d8d6b4e6ca3c3fd4ae43529e55be690309e1bc90af2e9188cd5673eea73c75d4decf8972039c086e4b47caee900e1422fd2fbe0303dd5147a9fa487a7b08ad529d0d3db2bae4b26a83de0b15b9b82f26b23336481aca875c48605dc8d25d872920d01e2e163cc13d1f026666f8f54d6fe7895b47939599d168dc98a2de4aac463d98cb39375ac13fadd722b9f1e221d35bde594c9e53aa0f34b235a9d68d8f4841f9455804cd8a7bf05315c5bab2fa8820e956a8161cdd685fc4e1344f9d89189057376a5d1c23273d475aaa72ccbf4b5d8f2863f3f0fe7c0f8b001c065bae68aad9d8878a5edcd8dcbeec07d317c0a81fc84b8b208c60db73c6cf86d46cac98a7df449581d74be7991f1fa6924b76a2d6077aacca10fc777f0d09c5420cfc38c4638957086c9a2065ce94a286da01527bd8b8fd5830f93bcab97a4d0ca13c55b4ee32a49e078b4d79e7b17200fb6a550cfcccd33c681e37bc83c7fcda081a67c2a828e65a75df33e587a05f75fe05aef4078b3482c9078e2edb63c74134f92461044871e4a71f40228d156cbb3beb53eb898e0b6ade2d486a7111ce074510ad957f0eeae0812dd3802db231d9a15948a6b133167eb51dde0199023dfb3471661c7f13f14e786278c551d60929ef969b15d4ea544a9cda830183052ca1072083fb304502f38bcfd46ef64091a2a64bacc55ff3e91f8a7a97f69a9524bdaa60c14d75ddb44e399158c603cded78f42b79a6e9b9c30575289a92558f4d1d9cbb35780c86462cb56d5b474901c17df6ccba95481c004c384b17f99fb29458c9c59666c5305c508561e654d5f1b8ed375231358828b73b487c5f3096211f863375333bb1d3970f7c4cbc7b0f122dbb330b24498f38d804ec0e9c8a5976578bfbc2e46e8d898ec08b3742d5f9ba03d56567f6541f075c4f45eec94a6af78065689e8851294c48f02d48b1266586db86266bd2d0cbb729b567ed7643edf6849f50ca7a28b4ef59433ff22ce0680ffb3348a458ff77b6a796e849cb456df4b443d625d423d10e21bf0bcc785a243cf70ed2ea7c52548cd366ad9af486a4a0171f21ee9d961aa808a69a066aeb0c605fe7a83291ba942df3d11ba1e12da7381d7af20ccbd0de5416ef389c65d1fd0ff209dce808c490707a371b317ce65765082d1c5f67846ddfa65f291117d6e5a795ac2961d56eb24060d8b160d5bd146cd61589c00a108a1dba9e8730157e403cc35b0cd64b3aa66eada80be3bbb974d4642aa76bdf87c2d63134af1c646b1f0bfd218d4e4ebd277ad1cfc9b6f20c4036c6a511cb1ce486c3a563ca9368b10bed088bcfcdab752e0c78a10e550544ee6250d3908e3e7b09b2119f94abc2fdf43d7c82a4ffce81a3f962124ace1108443f41202c6d055d37e99b4eb6287c485acabff03f3a115db1ec790fdc5436e97bf2443c2f707ffb513f6d6494812b2238d679c8787a854ec92126bdc4681803ed4a5b84590e4f00ce956c6c3394773303b0620d118d2290cb229ea3b9bb9de8d719a0f92a50d34909a363f5f6ff906326f917be78c914c78846ef30c9b107b26c0a55401ceabf5b3c669eaa7a1a36d97b01d5da410366e3da5d232fb711d26afd9d4a5016425e47c0ec9b6305673af4cb46526af752011793c322797fb706042da364b6e723b513fd73db6721b00bd80e0923fe075300951d4dfefdd029c3fed21b734bf102f96d58b50bf4edcad014670c2d93eeb4d7bda3d1b70d9e21262c644bb96855895e4c0b32c9ed599d940ac24814b69812c124648428e13d7f72d74feb30288eb78b4a99fadc96589d8a9c7047787aa802514ba28af4d5520ac50928cd75ca92e2934a2e126456bfe1587003e87d9428b1fdb6b7662c44a5fee9d537b7f43822e5b103aeece1aa603215c215de2873e3a6b327c5ed0a0190fb7645034e1839ad165f3f7f80fd793734ac1412bbe20d82aea543792047ba5c5b37ee11988cd7e71cd43547e13c6bbc1ce3cf6aff9727381f06feb83b23b694724d9259d3736eba6ee66ee73a224b8a978debbbc35f8e28cc8267646e5c8cd8076d2044d41eadce01738ab2c7dc763de5a8042b957680223c4d9fdbf65d17e8998444e8db36c50fbe3c9a83e506661a029c4538617d46b6a43675c6dcf283a45b99e44188fd2681a50747e819e7f37496207ec448670fe62a3cb94712abeafb5dd2690ec12b18f8d67d5b0db41a897124f8b94695501aba517447338034bf14d0f99cbf5518aa013e1f35a052b4d27d1247349ff7a83362444372f017fcbdfe972b91c46a0a57f4639204673341ae92bc2dbf2b8d1680b432552850964eb1e14f38995e7e404b1bd1bf63d8d58c7b4ec38e3b9e73959e6509ad9f67d684f62759f5cae90bf8c1781b5800922c312aa634e5748b6181fc37df267eb5c66afc0c9249f9f601136c78d817beddf308c6970ee0e8221abe6fa124f55de7e5e78398004095a175f58cc270840e8c6759627f139e4f9b3b362e2700c5d06da66e862d1016c9f89d18646a6bb823f992342433b03397ed7586f489824a1495d707c81d3885029a47845802ef97856e530789a5cb7239752c6509cdd094212cb4b1b8baa7416cf5000db59418ad7f7a0d7d8e4cb8ebbbe4c40ba0ccc25283b9c933e251fff9871fc01026fafd8eed7ddcbe454b79339be93cd4b25a55af449f5c0893a957c5468c9147a973478c834ac4ecfea339cf3", 0xa9b}], 0x7}}], 0x1, 0x0)
connect$tipc(r0, &(0x7f00000004c0)=@name={0x1e, 0x2, 0x3, {{0x43}, 0x2}}, 0x10)

9.32323855s ago: executing program 2 (id=1623):
r0 = syz_usb_connect$rtl8150(0x3, 0x3f, &(0x7f00000003c0)={{0x12, 0x1, 0x110, 0xff, 0xff, 0x0, 0x40, 0xbda, 0x8150, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x5, 0x80, 0x0, {{0x9, 0x4, 0x0, 0x7f, 0x3, 0xff, 0x11, 0x1, 0x5, "", {{0x9, 0x5, 0x81, 0x2, 0x40, 0x6, 0x9, 0x4}, {0x9, 0x5, 0x2, 0x2, 0x20, 0x2, 0x57, 0x6e}, {0x9, 0x5, 0x83, 0x3, 0x240, 0x3, 0x82, 0x8}}}}}}]}}, 0x0)
syz_usb_control_io$rtl8150(r0, &(0x7f0000000580)={0x14, 0x0, &(0x7f0000000480)={0x0, 0x3, 0x3}}, 0x0)
syz_usb_connect(0x0, 0x62, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960400000001030200010006000609240305050306058109240306010104050507240405"], 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b44090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b0732306c090890e0879b0a0ac6e70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb000000002f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d6ced5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed700129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb21fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x14)
r5 = syz_usb_connect$cdc_ncm(0x3, 0x105, &(0x7f0000000e00)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xf3, 0x2, 0x1, 0x6, 0x90, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4527db09f272"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x6bb, 0x7, 0x7, 0x2c}, {0x6, 0x24, 0x1a, 0x1ff, 0x13}, [@mdlm_detail={0x89, 0x24, 0x13, 0x9, "85dc8b89f418e8af26f7ae20609153c43dc9580d848670ac4840e38967125f24ce1c0b17cc04ce90b6f1175b95f7638235dc935e61fe8b87f74584bcdac3669a4bd49ea18cfe7f706bfe727c57128f215172cd5c619d678eb178142003f4ad60771298c21a39260e2b789e052384670b05b7f873a217bcc2799c84a29a567b316a79bb845b"}, @mbim_extended={0x8, 0x24, 0x1c, 0x0, 0x3, 0xb}]}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x8, 0x1, 0x80}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x10, 0x0, 0x2, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x80, 0xf, 0x4}}}}}}}]}}, &(0x7f0000000880)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x201, 0x9, 0x2, 0x4, 0x8, 0x2}, 0x31, &(0x7f0000000100)={0x5, 0xf, 0x31, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x4, 0xfa, 0x7}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "85ed833354fdbc2e6abc2d91df862bd5"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x10, 0x8, 0x3, 0xff, 0x80}, @ptm_cap={0x3}]}, 0xa, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x3c1f}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x414}}, {0x45, &(0x7f00000002c0)=@string={0x45, 0x3, "4596713fd9b402a7725887ee53b5b148bea1dac89c232c054dada270fa3ac4f857fa7ec8c512ddd351c8abc280e49ee2e653a36a2b1ce40dba9022c41bfc4955c0a84f"}}, {0x9c, &(0x7f00000004c0)=@string={0x9c, 0x3, "fbca03deaccd51a971bae1b86b575fcf63ee0983046f61ebbfcdd6fa792f8001f62e81c479956de16b930bfdfb46212bb97b89e559d7d4f253748eb99336be005dabb5886ddf85afb3aa7980801aa5f71fa7952e440e3e29454f528181e1c6265dd3aec6ff670bff3444ccedd749c1e29b0c7597c3bcb5721ba87a2024c53881396f50837d50c01dc2c9ab98804dd77d3efa7df988c4c1d20958"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x441}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x40c}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x422}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x83e}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x6016}}, {0x47, &(0x7f0000000d80)=ANY=[@ANYBLOB="4703482cf2fb3c4f326883a83be9205ad8d92489a148ff56065ebeb423c516b369e9ee96f961ae4b09ffabb2d9185bee2c293d2475956c02d1d0ac5c3de709d70b7631d3dd815ca8df142040c7b791c74ae8fe2b3611b292840d5c44fac1eda6f20ce29a38210eddbade320def3d"]}]})
syz_usb_control_io$cdc_ncm(r5, &(0x7f00000009c0)={0x14, &(0x7f0000000940)={0x0, 0xa, 0x77, {0x77, 0x24, "9a607298a6076788d82894ab00e339c7a65769373d916428097e6a6afef535e8a3595e7be709ff5e8fb90a963edfc5dad1c940514363f4c23d173bb5a2bc3170604491c0024ab839002ebbd0a6b19b0a08dbb2f0c35c8403bf5e282cf80cb3d62927d00ff1000089b18db3fe948e5fa6b2accc3171"}}, &(0x7f0000000600)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000cc0)={0x44, &(0x7f0000000a00)={0x20, 0x12, 0xf4, "c080169c628ca02d294fe2ce3f55bd35062219326dbe793dabb4e25e6329ab43e796365611df4fd908d476f30282bdf7e7e21cee9f3bf48a7ad4c72cfb5de9780b17ac798c951282e814f1e1baf6b6453ecfed8a4906d8d21c102eb9309e26cf7d69783321b2b39934ff427e4803fd974f63f9712bff64da3224e40186c2de64699ad87ebdd40b48071501cb203658014c61432a938d26d5361cfa1dfec0fd52e8ff03a342fb5a47162d7edad4ca89ad02e61326e36b494a2d5a5adb0f3091718fda068229be081b1a626f0edbe11a26492b5aaa879dee383ed4151387c9d5b2ac69f2dc85f9ede0eca68e799442bc32ce0a3721"}, &(0x7f0000000b00)={0x0, 0xa, 0x1, 0xf9}, &(0x7f0000000b40)={0x0, 0x8, 0x1, 0xe}, &(0x7f0000000b80)={0x20, 0x80, 0x1c, {0x1, 0x3, 0x6, 0x1, 0x7, 0x800, 0x1, 0xa, 0xa69a, 0xfff2, 0x4, 0x5}}, &(0x7f0000000bc0)={0x20, 0x85, 0x4, 0x8}, &(0x7f0000000c00)={0x20, 0x83, 0x2}, &(0x7f0000000c40)={0x20, 0x87, 0x2, 0x6}, &(0x7f0000000c80)={0x20, 0x89, 0x2}})
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000080)={0x1, 0x0, [{0xa6d47960d1d42ccf, 0x41, &(0x7f0000000640)=""/65}]})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=ANY=[@ANYBLOB="14000000100001000000ddffffff00000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000d50900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c000000150a0102"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x4389cf13bdbf833b, 0x0, 0x0, {0x5, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}, 0x1, 0x0, 0x0, 0x40800}, 0x4000)
recvmmsg(r6, &(0x7f0000004f40)=[{{0x0, 0x0, 0x0}, 0xff}], 0x1, 0x40000102, 0x0)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af04, &(0x7f0000000200))
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000280)=0x1)

8.100255478s ago: executing program 1 (id=1624):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a400000023"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='task_rename\x00', r0}, 0x18)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')

7.884213944s ago: executing program 1 (id=1625):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a000"], 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=@newtaction={0x48, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x34, 0x1, [@m_ctinfo={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0)
sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000040a0101"], 0x14}}, 0x0)

6.503704807s ago: executing program 1 (id=1626):
r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0x202000, 0x18, 0x31}, 0x18)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f00000000c0))
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2000000022, &(0x7f0000000480)={0x77359400})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$usbfs(0x0, 0x204, 0x2)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, 0x0)
getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0xa, 0x0)
read$msr(r1, &(0x7f0000002240)=""/102400, 0x19000)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@private0={0xfc, 0x0, '\x00', 0x2}, 0x8000000, 0x0, 0x2, 0x8, 0x0, 0x2}, 0x20)

5.465946537s ago: executing program 1 (id=1627):
mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
syz_usbip_server_init(0xaa7f3cec63cbb9d)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r1, 0xfffffffc)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x48e01)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = timerfd_create(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setns(0xffffffffffffffff, 0x24020000)
syz_io_uring_setup(0x47a5, 0x0, &(0x7f0000000180), 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/fib_triestat\x00')
lseek(r6, 0x10000000005, 0x0)
timerfd_settime(r2, 0x3, &(0x7f0000000140), 0x0)

3.264167818s ago: executing program 1 (id=1628):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {r0}}, './file0\x00'})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5867, 0x4, 0xfffffffb, 0x24d}, &(0x7f00000006c0)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x6a2000, 0x0)
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x185)
r9 = inotify_init()
inotify_add_watch(r9, &(0x7f00000000c0)='.\x00', 0x5000009)
fallocate(r8, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r8, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)

1.22331233s ago: executing program 2 (id=1629):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = syz_io_uring_setup(0x49e, &(0x7f0000000400)={0x0, 0xe7a8, 0x400, 0x7ffe, 0x40024e}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0xc, 0x40010, r0, 0x8000000)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r0, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r0, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0)
r3 = socket(0x2b, 0x1, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x15, 0x0, 0xffffffffffffffff, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="6c01000010001307fefffdfffcdbdf256401010100000000000000000000000020010000000000000000000000000001000000004e2100020a0000006c000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fe80000000000000000000000000003f000000fe32000000200100000000000000000000000000000800000000000000ffffffffffffffff000000000000000008000000000000000000000000000000000000000000000000000000000000000400000000000000040000293b000000ffffffffffffff7f000000000000000000000000000000000200000000000000000000002cb57000003500000a000400500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a1c000400feff4e244e200000e00000010000000000ca000000000000"], 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0)
r5 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1201410127c0de206a0803003ff0010203010902240001000010000904020202f3bff50009050602000202000a090482020002000110"], 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
pselect6(0xfffffffffffffc69, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0xffffffffffffffff}, &(0x7f0000000800)={0x7f, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000001c0), 0x600, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r7, 0x3ba0, &(0x7f0000000340)={0x48, 0x2, r8, 0x0, 0x0, 0x0, <r9=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r7, 0x3b89, &(0x7f0000000100)={0x28, 0x1, r9, r8, <r10=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r7, 0x3b89, &(0x7f0000000200)={0x1d, 0x0, r9, r10, 0x0, 0x0, 0xdead, 0x5f, &(0x7f0000000240)})
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
r12 = syz_io_uring_complete(r1)
syz_emit_ethernet(0xdb, &(0x7f0000000580)={@local, @link_local, @val={@void, {0x8100, 0x7, 0x0, 0x1}}, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0xa1, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[@hopopts={0x5c, 0xd, '\x00', [@generic={0x8, 0x6d, "bd753487e00f91e420195a6402ca5050ab1e9f1a80704c824ce4be46ed8e9bc5418391a63044b2cc61df6f1445142a73d039816dc1d95727ce87c88a4d4dbe34a49f8b25ce9c43667eacf64cf25aa28f97996047fecb234c9800fc380667ee298be687f4b2b10b6b04a869147d"}]}], "31455408edf31db961ce075e34cee311757fbc3511e16ddffb204dedc8b2745fe0724db43bbf2d3b60"}}}}}, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r11, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r13 = socket$inet6(0xa, 0x3, 0x1)
r14 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
sendfile(r14, r14, 0x0, 0x2)
read(r12, &(0x7f0000000840)=""/238, 0xee)
setsockopt$inet6_IPV6_XFRM_POLICY(r13, 0x29, 0x23, &(0x7f0000000180)={{{@in=@local, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x1}, {0xfffffffffffffffd, 0x0, 0x6, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x20000000000000}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x4d4, 0x6c}, 0xa, @in=@broadcast, 0x10000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x200000}}, 0xe8)
syz_usb_control_io(r5, &(0x7f00000003c0)={0x2c, &(0x7f0000000480)={0x40, 0x23, 0xa5, {0xa5, 0x2, "57648b2e5a78955e70881f281c8ff7cc70b1a09dc230b5b51658c7db41533ad71a774a01859b902a88be8de6300627f6f6abddacdfb48a39e5d787eb3cbb790e571fd7a865600b3d3560d047281dfad8b4e6bc4e0944d5fae891143020dcf0509f6229e224583f061031cbcf0dfed30a39d333e45aa06875d72c12933de449030857e48e3b9425a126d3665a36083c8523931359dba2e2444de66e60411fe96e5afcb8"}}, &(0x7f0000000080)={0x0, 0x3, 0x6a, @string={0x6a, 0x3, "bb7c266df650016fee8dd9a3c2a1422ba9b3e6ab7e765869ed0f89afef63167aac76612f372ab8f5a2bde6f1f4804bcff8eaafc4c5661041ae581c38786d3097f76416830aa1209f958be7fef3300f979357bde897f8b7e973c36b84a48fa58a6198ddafb998b882"}}, &(0x7f0000000140)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000300)={0x20, 0x29, 0xf, {0xf, 0x29, 0x4, 0x60, 0x6, 0x67, "d06fe201", "3ff8eec9"}}, &(0x7f0000000380)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x4, 0x6, 0x7, 0x1, 0x2}}}, &(0x7f0000000d80)={0x84, &(0x7f0000000940)={0x0, 0x13, 0x45, "d417ab3cc3653324f879f5fc46461837bf0c5fbe03efcb483a42c386e3dc4a17ecae7ae1a7a0323fa504a1105771bddd5a7cb8f7c52bc767b17e772ba1c7fa3496d4d7b5de"}, &(0x7f00000009c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000a00)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000a40)={0x20, 0x0, 0x4, {0x3, 0x3}}, &(0x7f0000000a80)={0x20, 0x0, 0x4, {0x400}}, &(0x7f0000000ac0)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000000b00)={0x40, 0x9, 0x1, 0x9}, &(0x7f0000000b40)={0x40, 0xb, 0x2, "99f6"}, &(0x7f0000000b80)={0x40, 0xf, 0x2, 0x7}, &(0x7f0000000bc0)={0x40, 0x13, 0x6, @multicast}, &(0x7f0000000c00)={0x40, 0x17, 0x6, @local}, &(0x7f0000000c40)={0x40, 0x19, 0x2, "8a87"}, &(0x7f0000000c80)={0x40, 0x1a, 0x2, 0xf}, &(0x7f0000000cc0)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000d00)={0x40, 0x1e, 0x1}, &(0x7f0000000d40)={0x40, 0x21, 0x1, 0xc}})
connect$inet6(r13, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
mount$9p_fd(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB="32eb7766646e6f3d", @ANYRESHEX=r3, @ANYBLOB=',\x00'])

0s ago: executing program 1 (id=1630):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0)

kernel console output (not intermixed with test programs):

 packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  901.699846][T10963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  901.773017][T10963] batman_adv: batadv0: Adding interface: batadv_slave_1
[  901.773034][T10963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  901.773062][T10963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  903.447416][   T45] usb 3-1: USB disconnect, device number 79
[  903.457257][   T45] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  903.874806][ T9859] Bluetooth: hci5: command tx timeout
[  905.054675][   T31] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  905.216945][   T31] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  905.217010][   T31] usb 2-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[  905.217036][   T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  905.223748][   T31] usb 2-1: config 0 descriptor??
[  905.286209][   T31] smsusb:smsusb_probe: board id=8, interface number 0
[  905.286305][   T31] smsusb:smsusb_probe: Device initialized with return code -19
[  905.388594][T10963] hsr_slave_0: entered promiscuous mode
[  905.390098][T10963] hsr_slave_1: entered promiscuous mode
[  905.397014][T10963] debugfs: 'hsr0' already exists in 'hsr'
[  905.397044][T10963] Cannot create hsr debugfs directory
[  906.100519][ T9859] Bluetooth: hci5: command tx timeout
[  906.727670][ T5902] usb 2-1: USB disconnect, device number 74
[  911.586714][ T1233] bridge_slave_1: left allmulticast mode
[  911.586750][ T1233] bridge_slave_1: left promiscuous mode
[  911.587030][ T1233] bridge0: port 2(bridge_slave_1) entered disabled state
[  911.679225][ T1233] bridge_slave_0: left allmulticast mode
[  911.679261][ T1233] bridge_slave_0: left promiscuous mode
[  911.679561][ T1233] bridge0: port 1(bridge_slave_0) entered disabled state
[  919.106559][ T5156] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  919.116162][ T5902] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  919.133765][ T5156] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  919.174758][ T5156] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  919.176810][ T5156] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  919.181264][ T5156] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  919.264646][ T5902] usb 2-1: Using ep0 maxpacket: 16
[  919.267241][ T5902] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 8.00
[  919.267269][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  919.273232][ T5902] usb 2-1: config 0 descriptor??
[  919.277878][ T5902] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  919.279894][ T5902] usb 2-1: Detected FT4232H
[  919.704289][ T5902] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  919.718217][ T5902] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  919.742326][ T5902] usb 2-1: USB disconnect, device number 75
[  919.761367][ T5902] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  919.774868][ T5902] ftdi_sio 2-1:0.0: device disconnected
[  919.899477][ T1233] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  919.999206][ T1233] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  920.068358][ T1233] bond0 (unregistering): Released all slaves
[  920.124647][ T6070] usb 3-1: new full-speed USB device number 80 using dummy_hcd
[  920.280351][ T6070] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  920.280410][ T6070] usb 3-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[  920.280434][ T6070] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  920.323186][ T6070] usb 3-1: config 0 descriptor??
[  920.776630][ T6070] uclogic 0003:5543:0522.0017: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.2-1/input0
[  920.884629][ T6008] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  920.940746][ T1233] hsr_slave_0: left promiscuous mode
[  920.980086][ T1233] hsr_slave_1: left promiscuous mode
[  920.980820][ T1233] batman_adv: batadv0: Removing interface: batadv_slave_0
[  921.034683][ T6008] usb 2-1: Using ep0 maxpacket: 32
[  921.038522][ T1233] batman_adv: batadv0: Removing interface: batadv_slave_1
[  921.039671][ T6008] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  921.039695][ T6008] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  921.039715][ T6008] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  921.039737][ T6008] usb 2-1: config 1 has no interface number 0
[  921.039783][ T6008] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  921.039809][ T6008] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  921.039850][ T6008] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  921.039872][ T6008] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  921.151179][ T6008] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  921.224873][ T9859] Bluetooth: hci2: command tx timeout
[  921.350471][ T6008] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[  922.182366][ T6008] usb 2-1: USB disconnect, device number 76
[  922.194025][ T6008] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  922.425608][ T1233] team0 (unregistering): Port device team_slave_1 removed
[  922.565703][ T1233] team0 (unregistering): Port device team_slave_0 removed
[  923.359362][ T9859] Bluetooth: hci2: command tx timeout
[  924.744598][ T6070] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  924.938121][ T6070] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[  924.938158][ T6070] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[  924.938186][ T6070] usb 2-1: config 1 interface 0 has no altsetting 0
[  924.941369][ T6070] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[  924.941398][ T6070] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  924.941419][ T6070] usb 2-1: Product: syz
[  924.941435][ T6070] usb 2-1: Manufacturer: syz
[  924.941450][ T6070] usb 2-1: SerialNumber: syz
[  925.028484][T11278] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  925.028773][T11278] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  925.406836][ T9859] Bluetooth: hci2: command tx timeout
[  925.449185][T11278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  925.450761][T11278] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  925.661630][T11281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  925.662803][T11281] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  925.851501][T11283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1234'.
[  925.854157][T11283] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1234'.
[  926.316988][   T31] usb 3-1: USB disconnect, device number 80
[  927.029832][ T6070] rtl8150 2-1:1.0: couldn't reset the device
[  927.030199][ T6070] rtl8150 2-1:1.0: probe with driver rtl8150 failed with error -5
[  927.063330][ T6070] usb 2-1: USB disconnect, device number 77
[  927.222189][T11135] chnl_net:caif_netlink_parms(): no params data found
[  927.464542][ T9859] Bluetooth: hci2: command tx timeout
[  927.833660][T11290] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1237'.
[  929.554524][ T6070] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  929.590059][T11135] bridge0: port 1(bridge_slave_0) entered blocking state
[  929.590193][T11135] bridge0: port 1(bridge_slave_0) entered disabled state
[  929.590396][T11135] bridge_slave_0: entered allmulticast mode
[  929.604207][T11135] bridge_slave_0: entered promiscuous mode
[  929.659080][T11135] bridge0: port 2(bridge_slave_1) entered blocking state
[  929.659320][T11135] bridge0: port 2(bridge_slave_1) entered disabled state
[  929.659556][T11135] bridge_slave_1: entered allmulticast mode
[  929.662688][T11135] bridge_slave_1: entered promiscuous mode
[  929.724787][ T6070] usb 3-1: Using ep0 maxpacket: 32
[  929.728165][ T6070] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  929.728195][ T6070] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  929.733733][ T6070] usb 3-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=4d.a7
[  929.733760][ T6070] usb 3-1: New USB device strings: Mfr=152, Product=158, SerialNumber=3
[  929.733782][ T6070] usb 3-1: Product: syz
[  929.733796][ T6070] usb 3-1: Manufacturer: syz
[  929.733811][ T6070] usb 3-1: SerialNumber: syz
[  929.806724][ T6070] usb 3-1: config 0 descriptor??
[  929.819236][ T6070] usb 3-1: no audio or video endpoints found
[  930.024361][ T5848] usb 3-1: USB disconnect, device number 81
[  931.268830][T11135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  931.309096][T11135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  931.711150][T11135] team0: Port device team_slave_0 added
[  931.737804][T11135] team0: Port device team_slave_1 added
[  934.031612][T11135] batman_adv: batadv0: Adding interface: batadv_slave_0
[  934.031631][T11135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  934.031662][T11135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  934.256600][T11135] batman_adv: batadv0: Adding interface: batadv_slave_1
[  934.256621][T11135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  934.256651][T11135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  934.504952][ T6070] usb 2-1: new full-speed USB device number 78 using dummy_hcd
[  934.594083][ T5156] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  934.614204][ T5156] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  934.624308][ T5156] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  934.643769][ T5156] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  934.657547][ T5156] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  934.679881][ T6070] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  934.679933][ T6070] usb 2-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[  934.679955][ T6070] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  934.731097][ T6070] usb 2-1: config 0 descriptor??
[  935.193028][ T6070] uclogic 0003:5543:0522.0018: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.1-1/input0
[  935.433284][ T5902] usb 2-1: USB disconnect, device number 78
[  935.513040][T11259] chnl_net:caif_netlink_parms(): no params data found
[  935.599770][T11326] fido_id[11326]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  936.012772][T11328] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1245'.
[  936.180233][   T38] audit: type=1326 audit(1758810220.436:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11336 comm="syz.2.1249" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdff85feec9 code=0x0
[  937.539384][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  937.539463][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  937.576382][ T5156] Bluetooth: hci0: command tx timeout
[  938.204582][ T5949] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  938.359306][ T5949] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  938.359440][ T5949] usb 2-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[  938.359466][ T5949] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  938.411174][ T5949] usb 2-1: config 0 descriptor??
[  938.428407][ T5949] smsusb:smsusb_probe: board id=8, interface number 0
[  938.428496][ T5949] smsusb:smsusb_probe: Device initialized with return code -19
[  938.449994][T11135] hsr_slave_0: entered promiscuous mode
[  938.451573][T11135] hsr_slave_1: entered promiscuous mode
[  939.624592][ T5156] Bluetooth: hci0: command tx timeout
[  939.803023][ T6008] usb 2-1: USB disconnect, device number 79
[  939.876882][T11358] input: syz1 as /devices/virtual/input/input28
[  940.000844][T11259] bridge0: port 1(bridge_slave_0) entered blocking state
[  940.001086][T11259] bridge0: port 1(bridge_slave_0) entered disabled state
[  940.001307][T11259] bridge_slave_0: entered allmulticast mode
[  940.010050][T11259] bridge_slave_0: entered promiscuous mode
[  940.050940][T11259] bridge0: port 2(bridge_slave_1) entered blocking state
[  940.051116][T11259] bridge0: port 2(bridge_slave_1) entered disabled state
[  940.051335][T11259] bridge_slave_1: entered allmulticast mode
[  940.061014][T11259] bridge_slave_1: entered promiscuous mode
[  940.255001][ T6008] usb 2-1: new full-speed USB device number 80 using dummy_hcd
[  940.388546][T11259] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  940.417595][ T6008] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  940.417660][ T6008] usb 2-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[  940.417684][ T6008] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  940.438002][ T6008] usb 2-1: config 0 descriptor??
[  940.530528][T11259] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  940.924918][ T6008] uclogic 0003:5543:0522.0019: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.1-1/input0
[  941.088400][   T38] audit: type=1326 audit(1758810225.346:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11371 comm="syz.2.1257" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdff85feec9 code=0x0
[  941.107269][ T5949] usb 2-1: USB disconnect, device number 80
[  941.585293][T11259] team0: Port device team_slave_0 added
[  941.714631][ T5156] Bluetooth: hci0: command tx timeout
[  942.527736][T11378] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1260'.
[  942.543636][T11259] team0: Port device team_slave_1 added
[  943.163714][T11391] netlink: 'syz.1.1264': attribute type 1 has an invalid length.
[  943.163738][T11391] nbd: error processing sock list
[  943.164104][T11391] block nbd0: shutting down sockets
[  943.282898][T11259] batman_adv: batadv0: Adding interface: batadv_slave_0
[  943.282917][T11259] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  943.282948][T11259] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  943.330480][T11259] batman_adv: batadv0: Adding interface: batadv_slave_1
[  943.330498][T11259] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  943.330528][T11259] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  943.914534][ T9859] Bluetooth: hci0: command tx timeout
[  944.043616][T11402] Bluetooth: MGMT ver 1.23
[  945.064779][ T5848] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  945.203669][T11259] hsr_slave_0: entered promiscuous mode
[  945.211589][T11259] hsr_slave_1: entered promiscuous mode
[  945.212609][T11259] debugfs: 'hsr0' already exists in 'hsr'
[  945.212635][T11259] Cannot create hsr debugfs directory
[  945.214451][T11324] chnl_net:caif_netlink_parms(): no params data found
[  945.239137][ T5848] usb 3-1: Using ep0 maxpacket: 32
[  945.241682][ T5848] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  945.241765][ T5848] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  945.241812][ T5848] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  945.241837][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.296721][ T5848] usb 3-1: config 0 descriptor??
[  945.349029][ T5848] hub 3-1:0.0: bad descriptor, ignoring hub
[  945.349070][ T5848] hub 3-1:0.0: probe with driver hub failed with error -5
[  945.352646][ T5848] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  945.644968][ T5949] usb 3-1: USB disconnect, device number 82
[  948.783946][T11324] bridge0: port 1(bridge_slave_0) entered blocking state
[  948.784090][T11324] bridge0: port 1(bridge_slave_0) entered disabled state
[  948.784285][T11324] bridge_slave_0: entered allmulticast mode
[  949.342781][T11324] bridge_slave_0: entered promiscuous mode
[  949.503010][T11324] bridge0: port 2(bridge_slave_1) entered blocking state
[  949.503146][T11324] bridge0: port 2(bridge_slave_1) entered disabled state
[  949.503432][T11324] bridge_slave_1: entered allmulticast mode
[  949.529653][T11324] bridge_slave_1: entered promiscuous mode
[  950.804247][T11454] input: syz1 as /devices/virtual/input/input29
[  951.370784][ T1233] bridge_slave_1: left allmulticast mode
[  951.371324][ T1233] bridge_slave_1: left promiscuous mode
[  951.393637][ T1233] bridge0: port 2(bridge_slave_1) entered disabled state
[  951.685931][ T1233] bridge_slave_0: left allmulticast mode
[  951.685967][ T1233] bridge_slave_0: left promiscuous mode
[  951.686265][ T1233] bridge0: port 1(bridge_slave_0) entered disabled state
[  951.828938][ T1233] bridge_slave_1: left allmulticast mode
[  951.828969][ T1233] bridge_slave_1: left promiscuous mode
[  951.829203][ T1233] bridge0: port 2(bridge_slave_1) entered disabled state
[  952.096376][ T1233] bridge_slave_0: left allmulticast mode
[  952.096413][ T1233] bridge_slave_0: left promiscuous mode
[  952.096708][ T1233] bridge0: port 1(bridge_slave_0) entered disabled state
[  953.524163][T11478] atomic_op ffff8880395c7a18 conn xmit_atomic 0000000000000000
[  955.112821][T11482] input: syz1 as /devices/virtual/input/input30
[  955.676645][ T1233] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  956.375232][ T1233] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  956.504083][ T1233] bond0 (unregistering): Released all slaves
[  958.294587][ T5902] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  958.622122][ T5156] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  958.640162][ T5156] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  958.642326][ T5156] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  958.642608][ T1233] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  958.647628][ T5902] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  958.647694][ T5902] usb 2-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[  958.647718][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  958.658888][ T5902] usb 2-1: config 0 descriptor??
[  959.140920][ T5156] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  959.287410][ T5156] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  959.392345][ T5902] smsusb:smsusb_probe: board id=8, interface number 0
[  959.392431][ T5902] smsusb:smsusb_probe: Device initialized with return code -19
[  959.550719][ T1233] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  959.565141][ T5902] usb 2-1: USB disconnect, device number 81
[  959.717691][ T1233] bond0 (unregistering): Released all slaves
[  961.441354][ T5156] Bluetooth: hci1: command tx timeout
[  962.079054][T11324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  963.474527][ T5156] Bluetooth: hci1: command tx timeout
[  963.758084][T11324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  965.544630][ T5156] Bluetooth: hci1: command tx timeout
[  966.605132][ T1233] hsr_slave_0: left promiscuous mode
[  967.258926][ T1233] hsr_slave_1: left promiscuous mode
[  967.259950][ T1233] batman_adv: batadv0: Removing interface: batadv_slave_0
[  967.307279][ T1233] batman_adv: batadv0: Removing interface: batadv_slave_1
[  967.535358][ T1233] hsr_slave_0: left promiscuous mode
[  967.601735][T11561] overlayfs: failed to resolve './file0': -2
[  967.607947][ T1233] hsr_slave_1: left promiscuous mode
[  967.609061][ T1233] batman_adv: batadv0: Removing interface: batadv_slave_0
[  967.630075][ T5156] Bluetooth: hci1: command tx timeout
[  967.668263][ T1233] batman_adv: batadv0: Removing interface: batadv_slave_1
[  968.265540][T11567] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1320'.
[  970.186911][ T1233] team0 (unregistering): Port device team_slave_1 removed
[  970.337156][ T1233] team0 (unregistering): Port device team_slave_0 removed
[  971.495385][ T1233] team0 (unregistering): Port device team_slave_1 removed
[  971.585471][ T1233] team0 (unregistering): Port device team_slave_0 removed
[  973.035224][T11324] team0: Port device team_slave_0 added
[  973.145438][T11324] team0: Port device team_slave_1 added
[  973.299396][T11586] overlayfs: failed to resolve './file0': -2
[  973.542525][T11324] batman_adv: batadv0: Adding interface: batadv_slave_0
[  973.542544][T11324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  973.542574][T11324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  973.589855][T11324] batman_adv: batadv0: Adding interface: batadv_slave_1
[  973.589875][T11324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  973.589907][T11324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  973.694674][   T31] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  973.864820][   T31] usb 3-1: Using ep0 maxpacket: 32
[  973.867363][   T31] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  973.867389][   T31] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  973.867410][   T31] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  973.867431][   T31] usb 3-1: config 1 has no interface number 0
[  973.867490][   T31] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  973.867523][   T31] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  973.867567][   T31] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  973.867591][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  973.901548][   T31] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  974.754260][   T31] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  974.987768][T11609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  974.991433][T11609] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  975.231146][T11593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  975.232482][T11593] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  975.233527][T11324] hsr_slave_0: entered promiscuous mode
[  975.243289][T11324] hsr_slave_1: entered promiscuous mode
[  975.248247][T11324] debugfs: 'hsr0' already exists in 'hsr'
[  975.248278][T11324] Cannot create hsr debugfs directory
[  975.313981][ T6008] usb 3-1: USB disconnect, device number 83
[  975.325519][ T6008] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  976.816084][T11620] overlayfs: failed to resolve './file0': -2
[  977.400815][ T9859] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  977.415154][ T9859] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  977.419447][ T9859] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  977.423922][ T9859] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  977.444943][ T9859] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  978.744891][T11499] chnl_net:caif_netlink_parms(): no params data found
[  978.754572][T11645] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1342'.
[  979.544553][ T5156] Bluetooth: hci5: command tx timeout
[  980.304544][ T5902] usb 2-1: new full-speed USB device number 82 using dummy_hcd
[  980.558708][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  980.558771][ T5902] usb 2-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[  980.558794][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  980.578153][ T5902] usb 2-1: config 0 descriptor??
[  982.055449][ T5156] Bluetooth: hci5: command tx timeout
[  982.117001][ T5902] uclogic 0003:5543:0522.001A: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.1-1/input0
[  982.369595][ T5949] usb 2-1: USB disconnect, device number 82
[  982.945753][T11499] bridge0: port 1(bridge_slave_0) entered blocking state
[  982.945998][T11499] bridge0: port 1(bridge_slave_0) entered disabled state
[  982.946420][T11499] bridge_slave_0: entered allmulticast mode
[  982.955954][T11499] bridge_slave_0: entered promiscuous mode
[  983.110484][T11499] bridge0: port 2(bridge_slave_1) entered blocking state
[  983.114897][T11499] bridge0: port 2(bridge_slave_1) entered disabled state
[  983.115298][T11499] bridge_slave_1: entered allmulticast mode
[  983.118402][T11499] bridge_slave_1: entered promiscuous mode
[  983.638545][    C0] vkms_vblank_simulate: vblank timer overrun
[  984.551701][ T5156] Bluetooth: hci5: command tx timeout
[  984.692570][    C0] vkms_vblank_simulate: vblank timer overrun
[  984.973640][    C0] vkms_vblank_simulate: vblank timer overrun
[  985.081853][    C0] vkms_vblank_simulate: vblank timer overrun
[  985.095979][T11631] chnl_net:caif_netlink_parms(): no params data found
[  985.128593][T11499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  985.170132][T11499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  985.586052][    C0] vkms_vblank_simulate: vblank timer overrun
[  986.056152][    C0] vkms_vblank_simulate: vblank timer overrun
[  986.389811][   T31] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  986.574783][   T31] usb 2-1: Using ep0 maxpacket: 32
[  986.690792][    C0] vkms_vblank_simulate: vblank timer overrun
[  986.695762][ T5156] Bluetooth: hci5: command tx timeout
[  987.083755][    C0] vkms_vblank_simulate: vblank timer overrun
[  987.535118][   T31] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  987.535146][   T31] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  987.535165][   T31] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  987.535184][   T31] usb 2-1: config 1 has no interface number 0
[  987.535226][   T31] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  987.535251][   T31] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  987.535290][   T31] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  987.535311][   T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  987.546833][    C0] vkms_vblank_simulate: vblank timer overrun
[  987.719413][   T31] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  987.772955][   T31] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[  988.511334][    C0] vkms_vblank_simulate: vblank timer overrun
[  988.607527][T11499] team0: Port device team_slave_0 added
[  988.762663][T11499] team0: Port device team_slave_1 added
[  988.826538][   T31] snd_usb_pod 2-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  989.108782][ T1233] bridge_slave_1: left allmulticast mode
[  989.108950][ T1233] bridge_slave_1: left promiscuous mode
[  989.109251][ T1233] bridge0: port 2(bridge_slave_1) entered disabled state
[  989.146550][ T1233] bridge_slave_0: left allmulticast mode
[  989.146586][ T1233] bridge_slave_0: left promiscuous mode
[  989.146880][ T1233] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.189188][ T1233] bridge_slave_1: left allmulticast mode
[  989.189222][ T1233] bridge_slave_1: left promiscuous mode
[  989.189523][ T1233] bridge0: port 2(bridge_slave_1) entered disabled state
[  989.236209][ T1233] bridge_slave_0: left allmulticast mode
[  989.236241][ T1233] bridge_slave_0: left promiscuous mode
[  989.236497][ T1233] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.300506][ T1233] bridge_slave_1: left allmulticast mode
[  989.300540][ T1233] bridge_slave_1: left promiscuous mode
[  989.300805][ T1233] bridge0: port 2(bridge_slave_1) entered disabled state
[  989.366340][ T1233] bridge_slave_0: left allmulticast mode
[  989.366372][ T1233] bridge_slave_0: left promiscuous mode
[  989.366646][ T1233] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.558780][    C0] vkms_vblank_simulate: vblank timer overrun
[  989.785324][ T1233] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  989.899631][ T1233] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  989.968062][ T1233] bond0 (unregistering): Released all slaves
[  990.036542][    C0] vkms_vblank_simulate: vblank timer overrun
[  990.225349][ T1233] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  990.316971][ T1233] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  990.381835][ T1233] bond0 (unregistering): Released all slaves
[  990.625525][ T1233] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  990.705419][ T1233] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  990.753154][ T1233] bond0 (unregistering): Released all slaves
[  990.789888][ T5949] usb 2-1: USB disconnect, device number 83
[  990.805708][ T5949] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  992.285622][    C1] vkms_vblank_simulate: vblank timer overrun
[  993.198220][    C1] vkms_vblank_simulate: vblank timer overrun
[  993.266987][T11499] batman_adv: batadv0: Adding interface: batadv_slave_0
[  993.267004][T11499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  993.267030][T11499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  993.271700][T11631] bridge0: port 1(bridge_slave_0) entered blocking state
[  993.271847][T11631] bridge0: port 1(bridge_slave_0) entered disabled state
[  993.272062][T11631] bridge_slave_0: entered allmulticast mode
[  993.317518][T11631] bridge_slave_0: entered promiscuous mode
[  993.367191][T11499] batman_adv: batadv0: Adding interface: batadv_slave_1
[  993.367207][T11499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  993.367233][T11499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  993.367984][T11631] bridge0: port 2(bridge_slave_1) entered blocking state
[  993.368119][T11631] bridge0: port 2(bridge_slave_1) entered disabled state
[  993.368298][T11631] bridge_slave_1: entered allmulticast mode
[  993.371411][T11631] bridge_slave_1: entered promiscuous mode
[  993.702262][T11631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  994.178784][    C1] vkms_vblank_simulate: vblank timer overrun
[  994.342010][ T1233] hsr_slave_0: left promiscuous mode
[  994.402541][ T1233] hsr_slave_1: left promiscuous mode
[  994.403522][ T1233] batman_adv: batadv0: Removing interface: batadv_slave_0
[  994.440123][ T1233] batman_adv: batadv0: Removing interface: batadv_slave_1
[  994.616727][ T9859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  994.642228][ T9859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  994.643623][ T9859] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  994.661344][ T9859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  994.662401][ T9859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  994.705937][ T1233] hsr_slave_0: left promiscuous mode
[  994.778835][ T1233] hsr_slave_1: left promiscuous mode
[  994.779572][ T1233] batman_adv: batadv0: Removing interface: batadv_slave_0
[  994.836628][ T1233] batman_adv: batadv0: Removing interface: batadv_slave_1
[  994.984692][ T1233] hsr_slave_0: left promiscuous mode
[  995.005672][ T1233] hsr_slave_1: left promiscuous mode
[  995.006632][ T1233] batman_adv: batadv0: Removing interface: batadv_slave_0
[  995.028876][ T1233] batman_adv: batadv0: Removing interface: batadv_slave_1
[  995.134298][    C1] vkms_vblank_simulate: vblank timer overrun
[  995.298578][    C1] vkms_vblank_simulate: vblank timer overrun
[  995.298709][   T45] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  995.370475][    C1] vkms_vblank_simulate: vblank timer overrun
[  995.475284][    C1] vkms_vblank_simulate: vblank timer overrun
[  995.475787][   T45] usb 3-1: Using ep0 maxpacket: 32
[  995.480262][   T45] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  995.480288][   T45] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  995.480310][   T45] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  995.480332][   T45] usb 3-1: config 1 has no interface number 0
[  995.480385][   T45] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  995.480412][   T45] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  995.480455][   T45] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  995.480480][   T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  995.548311][   T45] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  995.639343][    C1] vkms_vblank_simulate: vblank timer overrun
[  995.724510][   T45] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  995.726617][ T1233] team0 (unregistering): Port device team_slave_1 removed
[  995.761941][    C1] vkms_vblank_simulate: vblank timer overrun
[  995.845315][ T1233] team0 (unregistering): Port device team_slave_0 removed
[  995.878169][    C1] vkms_vblank_simulate: vblank timer overrun
[  996.208827][    C1] vkms_vblank_simulate: vblank timer overrun
[  996.381366][    C1] vkms_vblank_simulate: vblank timer overrun
[  996.617746][    C1] vkms_vblank_simulate: vblank timer overrun
[  996.754102][ T9859] Bluetooth: hci2: command tx timeout
[  996.754165][    C1] vkms_vblank_simulate: vblank timer overrun
[  996.754336][   T45] snd_usb_pod 3-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  996.872883][    C1] vkms_vblank_simulate: vblank timer overrun
[  996.937483][    C1] vkms_vblank_simulate: vblank timer overrun
[  997.026629][    C1] vkms_vblank_simulate: vblank timer overrun
[  997.090659][    C1] vkms_vblank_simulate: vblank timer overrun
[  997.184978][    C1] vkms_vblank_simulate: vblank timer overrun
[  997.270623][ T1233] team0 (unregistering): Port device team_slave_1 removed
[  997.305645][    C1] vkms_vblank_simulate: vblank timer overrun
[  997.395401][ T1233] team0 (unregistering): Port device team_slave_0 removed
[  997.427756][    C1] vkms_vblank_simulate: vblank timer overrun
[  997.485671][    C1] vkms_vblank_simulate: vblank timer overrun
[  997.536403][    C1] vkms_vblank_simulate: vblank timer overrun
[  997.628864][    C1] vkms_vblank_simulate: vblank timer overrun
[  997.731069][    C1] vkms_vblank_simulate: vblank timer overrun
[  997.962931][    C1] vkms_vblank_simulate: vblank timer overrun
[  998.033498][    C1] vkms_vblank_simulate: vblank timer overrun
[  998.036288][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  998.036507][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  998.245027][    C1] vkms_vblank_simulate: vblank timer overrun
[  998.328313][    C1] vkms_vblank_simulate: vblank timer overrun
[  998.368965][   T45] usb 3-1: USB disconnect, device number 84
[  998.376691][   T45] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  998.593950][    C1] vkms_vblank_simulate: vblank timer overrun
[  998.706932][ T1233] team0 (unregistering): Port device team_slave_1 removed
[  998.743231][    C1] vkms_vblank_simulate: vblank timer overrun
[  999.085410][    C1] vkms_vblank_simulate: vblank timer overrun
[  999.085623][ T9859] Bluetooth: hci2: command tx timeout
[  999.096203][ T1233] team0 (unregistering): Port device team_slave_0 removed
[  999.893208][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1000.499537][T11631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1000.964750][   T31] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[ 1001.112049][T11499] hsr_slave_0: entered promiscuous mode
[ 1001.113041][T11499] hsr_slave_1: entered promiscuous mode
[ 1001.125961][   T31] usb 2-1: Using ep0 maxpacket: 32
[ 1001.128865][   T31] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1001.128893][   T31] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1001.128917][   T31] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1001.128940][   T31] usb 2-1: config 1 has no interface number 0
[ 1001.128994][   T31] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1001.129023][   T31] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1001.129068][   T31] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1001.129093][   T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1001.144579][ T9859] Bluetooth: hci2: command tx timeout
[ 1001.232605][   T31] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[ 1001.298415][T11503] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[ 1001.307868][T11631] team0: Port device team_slave_0 added
[ 1001.312106][T11631] team0: Port device team_slave_1 added
[ 1001.353854][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1001.452853][T11503] usb 3-1: Using ep0 maxpacket: 16
[ 1001.455583][T11503] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 8.00
[ 1001.455617][T11503] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1001.462453][T11503] usb 3-1: config 0 descriptor??
[ 1001.477900][T11503] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[ 1001.496074][T11503] usb 3-1: Detected FT4232H
[ 1001.562942][   T31] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[ 1001.902760][T11503] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1001.912634][T11503] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1001.933625][T11503] usb 3-1: USB disconnect, device number 85
[ 1001.953229][T11503] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1001.954143][T11503] ftdi_sio 3-1:0.0: device disconnected
[ 1001.992460][T11777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1002.004877][T11777] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1002.029320][T11777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1002.031776][T11777] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1002.103569][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1002.122330][   T31] usb 2-1: USB disconnect, device number 84
[ 1002.140052][   T31] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[ 1002.170799][T11631] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1002.170817][T11631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1002.170846][T11631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1002.237545][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1002.362917][T11631] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1002.362936][T11631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1002.362967][T11631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1002.970768][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1003.709850][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1003.724576][ T9859] Bluetooth: hci2: command tx timeout
[ 1003.935730][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1003.961844][T11631] hsr_slave_0: entered promiscuous mode
[ 1003.966115][T11631] hsr_slave_1: entered promiscuous mode
[ 1003.967128][T11631] debugfs: 'hsr0' already exists in 'hsr'
[ 1003.967155][T11631] Cannot create hsr debugfs directory
[ 1004.294731][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1004.875849][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1005.350871][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1006.048748][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1006.502308][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1006.773136][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1007.109636][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1007.426863][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1007.808501][ T5949] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[ 1007.968360][ T5949] usb 2-1: Using ep0 maxpacket: 16
[ 1007.981062][ T5949] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 8.00
[ 1007.981093][ T5949] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1008.054712][ T5949] usb 2-1: config 0 descriptor??
[ 1008.062702][ T5949] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[ 1008.088323][ T5949] usb 2-1: Detected FT4232H
[ 1008.347814][T11499] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1008.469078][ T5949] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1008.489006][ T5949] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1008.510437][ T5949] usb 2-1: USB disconnect, device number 85
[ 1008.537534][ T5949] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1008.538347][ T5949] ftdi_sio 2-1:0.0: device disconnected
[ 1008.545391][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1008.697552][T11499] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1008.800264][T11499] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1009.091695][T11751] chnl_net:caif_netlink_parms(): no params data found
[ 1009.105757][T11499] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1009.366085][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1012.923041][T11861] FAULT_INJECTION: forcing a failure.
[ 1012.923041][T11861] name failslab, interval 1, probability 0, space 0, times 0
[ 1012.923126][T11861] CPU: 0 UID: 0 PID: 11861 Comm: syz.1.1401 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1012.923153][T11861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1012.923168][T11861] Call Trace:
[ 1012.923177][T11861]  <TASK>
[ 1012.923188][T11861]  dump_stack_lvl+0x189/0x250
[ 1012.923227][T11861]  ? __pfx____ratelimit+0x10/0x10
[ 1012.923262][T11861]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1012.923295][T11861]  ? __pfx__printk+0x10/0x10
[ 1012.923326][T11861]  ? __pfx___might_resched+0x10/0x10
[ 1012.923350][T11861]  ? fs_reclaim_acquire+0x7d/0x100
[ 1012.923382][T11861]  should_fail_ex+0x46c/0x600
[ 1012.923419][T11861]  ? __alloc_skb+0x112/0x2d0
[ 1012.923450][T11861]  should_failslab+0xa8/0x100
[ 1012.923481][T11861]  ? __alloc_skb+0x112/0x2d0
[ 1012.923528][T11861]  kmem_cache_alloc_node_noprof+0x77/0x330
[ 1012.923569][T11861]  __alloc_skb+0x112/0x2d0
[ 1012.923618][T11861]  netlink_sendmsg+0x5c6/0xb30
[ 1012.923661][T11861]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1012.923702][T11861]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1012.923724][T11861]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1012.923757][T11861]  __sock_sendmsg+0x21c/0x270
[ 1012.923789][T11861]  ____sys_sendmsg+0x508/0x820
[ 1012.923818][T11861]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1012.923869][T11861]  ? import_iovec+0x74/0xa0
[ 1012.923902][T11861]  ___sys_sendmsg+0x21f/0x2a0
[ 1012.923928][T11861]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1012.923994][T11861]  ? __fget_files+0x2a/0x420
[ 1012.924029][T11861]  ? __fget_files+0x3a6/0x420
[ 1012.924074][T11861]  __x64_sys_sendmsg+0x1a1/0x260
[ 1012.924102][T11861]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1012.924137][T11861]  ? __pfx_ksys_write+0x10/0x10
[ 1012.924164][T11861]  ? rcu_is_watching+0x15/0xb0
[ 1012.924205][T11861]  ? do_syscall_64+0xbe/0x3b0
[ 1012.924233][T11861]  do_syscall_64+0xfa/0x3b0
[ 1012.924257][T11861]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1012.924280][T11861]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1012.924303][T11861]  ? clear_bhb_loop+0x60/0xb0
[ 1012.924331][T11861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1012.924353][T11861] RIP: 0033:0x7f8ba0d5eec9
[ 1012.924379][T11861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1012.924400][T11861] RSP: 002b:00007f8b9ef7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1012.924425][T11861] RAX: ffffffffffffffda RBX: 00007f8ba0fb6180 RCX: 00007f8ba0d5eec9
[ 1012.924443][T11861] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000008
[ 1012.924458][T11861] RBP: 00007f8b9ef7c090 R08: 0000000000000000 R09: 0000000000000000
[ 1012.924473][T11861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1012.924487][T11861] R13: 00007f8ba0fb6218 R14: 00007f8ba0fb6180 R15: 00007ffe8c01e208
[ 1012.924523][T11861]  </TASK>
[ 1014.452807][T11631] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1014.496215][T11751] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1014.496307][T11751] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.496448][T11751] bridge_slave_0: entered allmulticast mode
[ 1014.498690][T11751] bridge_slave_0: entered promiscuous mode
[ 1014.502221][T11631] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1014.884848][T11751] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1014.885101][T11751] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.885341][T11751] bridge_slave_1: entered allmulticast mode
[ 1014.888134][T11751] bridge_slave_1: entered promiscuous mode
[ 1014.900336][T11631] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1015.500679][T11631] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1017.611317][T11891] netlink: 'syz.2.1409': attribute type 1 has an invalid length.
[ 1017.658534][T11894] netlink: 'syz.2.1409': attribute type 1 has an invalid length.
[ 1018.202576][T11751] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1018.239523][T11751] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1018.685402][T11751] team0: Port device team_slave_0 added
[ 1018.705909][T11751] team0: Port device team_slave_1 added
[ 1019.249509][T11751] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1019.249537][T11751] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1019.249560][T11751] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1019.288850][T11751] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1019.288872][T11751] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1019.288904][T11751] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1019.546756][T11751] hsr_slave_0: entered promiscuous mode
[ 1019.548211][T11751] hsr_slave_1: entered promiscuous mode
[ 1019.549211][T11751] debugfs: 'hsr0' already exists in 'hsr'
[ 1019.549236][T11751] Cannot create hsr debugfs directory
[ 1019.865075][T11912] input: syz1 as /devices/virtual/input/input31
[ 1020.614942][ T6046] bridge_slave_1: left allmulticast mode
[ 1020.614973][ T6046] bridge_slave_1: left promiscuous mode
[ 1020.615204][ T6046] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1020.695565][ T5156] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1020.710510][ T5156] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1020.712328][ T5156] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1020.714083][ T5156] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1020.715559][ T5156] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1020.846269][ T6046] bridge_slave_0: left allmulticast mode
[ 1020.846304][ T6046] bridge_slave_0: left promiscuous mode
[ 1020.846662][ T6046] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1021.200686][T11926] Bluetooth: MGMT ver 1.23
[ 1022.751592][T11933] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1417'.
[ 1023.053157][ T9859] Bluetooth: hci0: command tx timeout
[ 1023.933943][ T6046] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1024.099270][T11943] FAULT_INJECTION: forcing a failure.
[ 1024.099270][T11943] name failslab, interval 1, probability 0, space 0, times 0
[ 1024.099318][T11943] CPU: 0 UID: 0 PID: 11943 Comm: syz.1.1419 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1024.099369][T11943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1024.099396][T11943] Call Trace:
[ 1024.099405][T11943]  <TASK>
[ 1024.099415][T11943]  dump_stack_lvl+0x189/0x250
[ 1024.099453][T11943]  ? __pfx____ratelimit+0x10/0x10
[ 1024.099488][T11943]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1024.099521][T11943]  ? __pfx__printk+0x10/0x10
[ 1024.099552][T11943]  ? __pfx___might_resched+0x10/0x10
[ 1024.099582][T11943]  should_fail_ex+0x46c/0x600
[ 1024.099621][T11943]  should_failslab+0xa8/0x100
[ 1024.099654][T11943]  __kmalloc_noprof+0xcb/0x430
[ 1024.099683][T11943]  ? alloc_pipe_info+0x1fd/0x4e0
[ 1024.099718][T11943]  alloc_pipe_info+0x1fd/0x4e0
[ 1024.099751][T11943]  splice_direct_to_actor+0xa6e/0xcd0
[ 1024.099785][T11943]  ? __lock_acquire+0xab9/0xd20
[ 1024.099828][T11943]  ? __lock_acquire+0xab9/0xd20
[ 1024.099857][T11943]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1024.099887][T11943]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1024.099930][T11943]  do_splice_direct+0x187/0x270
[ 1024.099963][T11943]  ? __pfx_do_splice_direct+0x10/0x10
[ 1024.099995][T11943]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1024.100035][T11943]  ? rw_verify_area+0x25b/0x4e0
[ 1024.100068][T11943]  do_sendfile+0x4ec/0x7f0
[ 1024.100088][T11943]  ? __pfx_vfs_write+0x10/0x10
[ 1024.100122][T11943]  ? __pfx_do_sendfile+0x10/0x10
[ 1024.100158][T11943]  __se_sys_sendfile64+0x13e/0x190
[ 1024.100195][T11943]  ? __pfx___se_sys_sendfile64+0x10/0x10
[ 1024.100225][T11943]  ? rcu_is_watching+0x15/0xb0
[ 1024.100265][T11943]  ? do_syscall_64+0xbe/0x3b0
[ 1024.100297][T11943]  do_syscall_64+0xfa/0x3b0
[ 1024.100317][T11943]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1024.100350][T11943]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1024.100372][T11943]  ? clear_bhb_loop+0x60/0xb0
[ 1024.100399][T11943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1024.100421][T11943] RIP: 0033:0x7f8ba0d5eec9
[ 1024.100440][T11943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1024.100459][T11943] RSP: 002b:00007f8b9efbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1024.100483][T11943] RAX: ffffffffffffffda RBX: 00007f8ba0fb5fa0 RCX: 00007f8ba0d5eec9
[ 1024.100501][T11943] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[ 1024.100515][T11943] RBP: 00007f8b9efbe090 R08: 0000000000000000 R09: 0000000000000000
[ 1024.100530][T11943] R10: 0000000024002de8 R11: 0000000000000246 R12: 0000000000000001
[ 1024.100545][T11943] R13: 00007f8ba0fb6038 R14: 00007f8ba0fb5fa0 R15: 00007ffe8c01e208
[ 1024.100580][T11943]  </TASK>
[ 1024.284530][ T6022] usb 3-1: new full-speed USB device number 86 using dummy_hcd
[ 1024.416022][ T6046] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1024.479061][ T6022] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1024.479089][ T6022] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1024.507481][ T6022] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=95.91
[ 1024.507513][ T6022] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1024.507534][ T6022] usb 3-1: Product: syz
[ 1024.507549][ T6022] usb 3-1: Manufacturer: syz
[ 1024.507564][ T6022] usb 3-1: SerialNumber: syz
[ 1024.507630][ T6046] bond0 (unregistering): Released all slaves
[ 1024.604792][ T6022] usb 3-1: config 0 descriptor??
[ 1024.895859][T11503] usb 3-1: USB disconnect, device number 86
[ 1025.144501][ T9859] Bluetooth: hci0: command tx timeout
[ 1025.218106][ T6046] hsr_slave_0: left promiscuous mode
[ 1025.235992][ T6046] hsr_slave_1: left promiscuous mode
[ 1025.238661][ T6046] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1025.298542][ T6046] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1026.294669][ T6008] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[ 1027.104007][ T6046] team0 (unregistering): Port device team_slave_1 removed
[ 1027.234768][ T9859] Bluetooth: hci0: command tx timeout
[ 1027.325261][ T6046] team0 (unregistering): Port device team_slave_0 removed
[ 1028.103401][ T6008] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[ 1028.871065][ T6008] usb 2-1: Using ep0 maxpacket: 32
[ 1028.915313][ T6008] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[ 1028.915564][ T6008] usb 2-1: config 0 has no interface number 0
[ 1028.916526][ T6008] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1028.916663][ T6008] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1028.916804][ T6008] usb 2-1: config 0 interface 85 has no altsetting 0
[ 1029.003365][ T6008] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1029.003493][ T6008] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1029.003757][ T6008] usb 2-1: Product: syz
[ 1029.003945][ T6008] usb 2-1: Manufacturer: syz
[ 1029.004093][ T6008] usb 2-1: SerialNumber: syz
[ 1029.124972][ T6008] usb 2-1: config 0 descriptor??
[ 1029.313488][ T9859] Bluetooth: hci0: command tx timeout
[ 1029.334176][ T6008] appletouch 2-1:0.85: Failed to read mode from device.
[ 1029.341925][ T6008] appletouch 2-1:0.85: probe with driver appletouch failed with error -5
[ 1030.397302][T11631] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1030.659998][T11631] 8021q: adding VLAN 0 to HW filter on device team0
[ 1030.960856][T10214] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1030.961024][T10214] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1031.218907][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1031.219108][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1031.415115][ T6022] usb 2-1: USB disconnect, device number 87
[ 1031.834105][T11920] chnl_net:caif_netlink_parms(): no params data found
[ 1036.014050][T12044] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1440'.
[ 1037.537180][T11751] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1037.742991][T11751] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1039.615030][T11751] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1039.616837][ T5156] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1039.631204][ T5156] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1039.643012][ T5156] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1039.648218][ T5156] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1039.663496][ T5156] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1039.810438][T12067] FAULT_INJECTION: forcing a failure.
[ 1039.810438][T12067] name failslab, interval 1, probability 0, space 0, times 0
[ 1039.810474][T12067] CPU: 0 UID: 0 PID: 12067 Comm: syz.1.1447 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1039.810500][T12067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1039.810520][T12067] Call Trace:
[ 1039.810529][T12067]  <TASK>
[ 1039.810539][T12067]  dump_stack_lvl+0x189/0x250
[ 1039.810576][T12067]  ? __pfx____ratelimit+0x10/0x10
[ 1039.810609][T12067]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1039.810641][T12067]  ? __pfx__printk+0x10/0x10
[ 1039.810672][T12067]  ? __pfx___might_resched+0x10/0x10
[ 1039.810700][T12067]  should_fail_ex+0x46c/0x600
[ 1039.810738][T12067]  should_failslab+0xa8/0x100
[ 1039.810771][T12067]  __kmalloc_noprof+0xcb/0x430
[ 1039.810799][T12067]  ? tomoyo_encode+0x28b/0x550
[ 1039.810836][T12067]  tomoyo_encode+0x28b/0x550
[ 1039.810873][T12067]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1039.810917][T12067]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1039.810943][T12067]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1039.810973][T12067]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1039.811005][T12067]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1039.811038][T12067]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1039.811079][T12067]  ? __lock_acquire+0xab9/0xd20
[ 1039.811131][T12067]  ? __fget_files+0x2a/0x420
[ 1039.811165][T12067]  ? __fget_files+0x2a/0x420
[ 1039.811194][T12067]  ? __fget_files+0x3a6/0x420
[ 1039.811223][T12067]  ? __fget_files+0x2a/0x420
[ 1039.811258][T12067]  security_file_ioctl+0xcb/0x2d0
[ 1039.811289][T12067]  __se_sys_ioctl+0x47/0x170
[ 1039.811335][T12067]  do_syscall_64+0xfa/0x3b0
[ 1039.811356][T12067]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1039.811389][T12067]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1039.811412][T12067]  ? clear_bhb_loop+0x60/0xb0
[ 1039.811439][T12067]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1039.811466][T12067] RIP: 0033:0x7f8ba0d5eec9
[ 1039.811486][T12067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1039.811505][T12067] RSP: 002b:00007f8b9efbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1039.811534][T12067] RAX: ffffffffffffffda RBX: 00007f8ba0fb5fa0 RCX: 00007f8ba0d5eec9
[ 1039.811552][T12067] RDX: 00002000000002c0 RSI: 00000000c058565d RDI: 0000000000000003
[ 1039.811567][T12067] RBP: 00007f8b9efbe090 R08: 0000000000000000 R09: 0000000000000000
[ 1039.811581][T12067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1039.811596][T12067] R13: 00007f8ba0fb6038 R14: 00007f8ba0fb5fa0 R15: 00007ffe8c01e208
[ 1039.811631][T12067]  </TASK>
[ 1039.811653][T12067] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1040.413133][T11751] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1040.475274][T11920] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1040.475408][T11920] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1040.475607][T11920] bridge_slave_0: entered allmulticast mode
[ 1040.477626][T11920] bridge_slave_0: entered promiscuous mode
[ 1040.996371][T12082] FAULT_INJECTION: forcing a failure.
[ 1040.996371][T12082] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1040.996449][T12082] CPU: 1 UID: 0 PID: 12082 Comm: syz.2.1451 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1040.996476][T12082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1040.996490][T12082] Call Trace:
[ 1040.996500][T12082]  <TASK>
[ 1040.996509][T12082]  dump_stack_lvl+0x189/0x250
[ 1040.996547][T12082]  ? __pfx____ratelimit+0x10/0x10
[ 1040.996581][T12082]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1040.996614][T12082]  ? __pfx__printk+0x10/0x10
[ 1040.996652][T12082]  should_fail_ex+0x46c/0x600
[ 1040.996696][T12082]  strncpy_from_user+0x36/0x290
[ 1040.996730][T12082]  getname_flags+0xf3/0x540
[ 1040.996770][T12082]  do_sys_openat2+0xbc/0x1c0
[ 1040.996791][T12082]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1040.996826][T12082]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1040.996863][T12082]  __x64_sys_openat+0x138/0x170
[ 1040.996892][T12082]  do_syscall_64+0xfa/0x3b0
[ 1040.996912][T12082]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1040.996944][T12082]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1040.996967][T12082]  ? clear_bhb_loop+0x60/0xb0
[ 1040.996993][T12082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1040.997015][T12082] RIP: 0033:0x7fdff85fd710
[ 1040.997034][T12082] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44
[ 1040.997054][T12082] RSP: 002b:00007fdff6823b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1040.997077][T12082] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdff85fd710
[ 1040.997093][T12082] RDX: 0000000000000000 RSI: 00007fdff6823c10 RDI: 00000000ffffff9c
[ 1040.997107][T12082] RBP: 00007fdff6823c10 R08: 0000000000000000 R09: 0023706f6f6c2f76
[ 1040.997122][T12082] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[ 1040.997136][T12082] R13: 00007fdff8856218 R14: 00007fdff8856180 R15: 00007ffd7768fa78
[ 1040.997169][T12082]  </TASK>
[ 1041.674596][T11920] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1041.674747][T11920] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1041.674982][T11920] bridge_slave_1: entered allmulticast mode
[ 1041.677744][T11920] bridge_slave_1: entered promiscuous mode
[ 1041.777603][ T9859] Bluetooth: hci1: command tx timeout
[ 1042.137778][T11920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1042.167864][T11920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1043.594118][T11920] team0: Port device team_slave_0 added
[ 1043.623925][T11920] team0: Port device team_slave_1 added
[ 1043.794759][ T9859] Bluetooth: hci1: command tx timeout
[ 1044.107340][T11920] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1044.107367][T11920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1044.107391][T11920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1044.181598][T11920] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1044.181615][T11920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1044.181641][T11920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1044.529561][   T37] bridge_slave_1: left allmulticast mode
[ 1044.529594][   T37] bridge_slave_1: left promiscuous mode
[ 1044.529866][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1044.604192][   T37] bridge_slave_0: left allmulticast mode
[ 1044.604228][   T37] bridge_slave_0: left promiscuous mode
[ 1044.610811][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1044.634489][ T6008] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[ 1045.164703][ T6008] usb 3-1: Using ep0 maxpacket: 8
[ 1045.168282][ T6008] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1045.168309][ T6008] usb 3-1: config 0 has no interfaces?
[ 1045.168343][ T6008] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[ 1045.168368][ T6008] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1045.227788][ T6008] usb 3-1: config 0 descriptor??
[ 1045.272167][T12125] hub 9-0:1.0: USB hub found
[ 1045.272501][T12125] hub 9-0:1.0: 1 port detected
[ 1045.446886][ T5949] usb 3-1: USB disconnect, device number 87
[ 1045.765400][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1045.864513][ T9859] Bluetooth: hci1: command tx timeout
[ 1045.887032][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1045.962143][   T37] bond0 (unregistering): Released all slaves
[ 1046.299337][T11920] hsr_slave_0: entered promiscuous mode
[ 1046.310784][T11920] hsr_slave_1: entered promiscuous mode
[ 1046.318608][T11920] debugfs: 'hsr0' already exists in 'hsr'
[ 1046.318640][T11920] Cannot create hsr debugfs directory
[ 1046.444752][   T37] hsr_slave_0: left promiscuous mode
[ 1046.487436][   T37] hsr_slave_1: left promiscuous mode
[ 1046.488634][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1046.521403][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1047.637087][   T37] team0 (unregistering): Port device team_slave_1 removed
[ 1047.805181][   T37] team0 (unregistering): Port device team_slave_0 removed
[ 1047.945687][ T9859] Bluetooth: hci1: command tx timeout
[ 1050.756288][T12064] chnl_net:caif_netlink_parms(): no params data found
[ 1051.736989][T11751] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1053.522536][T12064] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1053.522747][T12064] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1053.522971][T12064] bridge_slave_0: entered allmulticast mode
[ 1053.536461][T12064] bridge_slave_0: entered promiscuous mode
[ 1053.556713][T12179] netlink: 372 bytes leftover after parsing attributes in process `syz.2.1480'.
[ 1054.520660][T12064] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1054.520811][T12064] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1054.521062][T12064] bridge_slave_1: entered allmulticast mode
[ 1054.524024][T12064] bridge_slave_1: entered promiscuous mode
[ 1055.098474][T12064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1055.328291][T12064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1055.974527][ T6008] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[ 1055.974731][ T6070] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[ 1056.133508][ T6070] usb 3-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[ 1056.133546][ T6070] usb 3-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[ 1056.133573][ T6070] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1056.138268][ T6070] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[ 1056.138306][ T6070] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1056.138333][ T6070] usb 3-1: Product: syz
[ 1056.138352][ T6070] usb 3-1: Manufacturer: syz
[ 1056.138368][ T6070] usb 3-1: SerialNumber: syz
[ 1056.157680][T12201] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1056.157847][T12201] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1056.235886][ T6008] usb 2-1: Using ep0 maxpacket: 32
[ 1056.240586][ T6008] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1056.240623][ T6008] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1056.240656][ T6008] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1056.240678][ T6008] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1056.296579][ T6008] usb 2-1: config 0 descriptor??
[ 1056.309704][ T5156] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1056.337808][ T5156] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1056.340239][ T5156] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1056.365523][ T5156] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1056.372578][ T5156] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1056.430488][T12064] team0: Port device team_slave_0 added
[ 1056.466564][T12064] team0: Port device team_slave_1 added
[ 1056.553727][ T6008] usb 2-1: USB disconnect, device number 88
[ 1056.647974][T12201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1056.648725][T12201] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1056.842162][T12210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1056.842737][T12210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1057.176535][T12212] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1484'.
[ 1057.532700][T12064] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1057.532720][T12064] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1057.532750][T12064] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1058.504806][ T5156] Bluetooth: hci2: command tx timeout
[ 1058.572862][ T6070] rtl8150 3-1:1.0: couldn't reset the device
[ 1058.573266][ T6070] rtl8150 3-1:1.0: probe with driver rtl8150 failed with error -5
[ 1058.627315][ T6070] usb 3-1: USB disconnect, device number 88
[ 1060.037594][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1060.037676][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1060.241973][T12064] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1060.241993][T12064] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1060.242024][T12064] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1060.589686][ T5156] Bluetooth: hci2: command tx timeout
[ 1062.337718][   T45] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[ 1062.682354][ T5156] Bluetooth: hci2: command tx timeout
[ 1064.687098][   T45] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[ 1064.687135][   T45] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[ 1064.687163][   T45] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1064.730635][   T45] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[ 1064.730656][   T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1064.730669][   T45] usb 2-1: Product: syz
[ 1064.730679][   T45] usb 2-1: Manufacturer: syz
[ 1064.730689][   T45] usb 2-1: SerialNumber: syz
[ 1064.754531][ T9859] Bluetooth: hci2: command tx timeout
[ 1064.791196][T12242] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1064.791348][T12242] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1064.799850][T11920] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1065.043021][   T45] rtl8150 2-1:1.0: couldn't reset the device
[ 1065.043383][   T45] rtl8150 2-1:1.0: probe with driver rtl8150 failed with error -5
[ 1065.085015][   T45] usb 2-1: USB disconnect, device number 89
[ 1065.099091][T11920] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1065.195424][T12064] hsr_slave_0: entered promiscuous mode
[ 1065.196741][T12064] hsr_slave_1: entered promiscuous mode
[ 1065.273968][T11920] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1065.424609][   T45] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[ 1066.256313][T11920] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1066.264589][   T45] usb 2-1: Using ep0 maxpacket: 32
[ 1066.267418][   T45] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1066.267444][   T45] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1066.267466][   T45] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1066.267488][   T45] usb 2-1: config 1 has no interface number 0
[ 1066.267540][   T45] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1066.267569][   T45] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1066.267612][   T45] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1066.267637][   T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1066.368890][   T45] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[ 1066.687732][   T45] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[ 1067.154768][T12248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1067.158669][T12248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1067.233302][T12248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1067.233780][T12248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1067.299783][ T6008] usb 2-1: USB disconnect, device number 90
[ 1067.301857][ T6008] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[ 1067.382730][   T37] bridge_slave_1: left allmulticast mode
[ 1067.382766][   T37] bridge_slave_1: left promiscuous mode
[ 1067.383037][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1067.456494][   T37] bridge_slave_0: left allmulticast mode
[ 1067.456529][   T37] bridge_slave_0: left promiscuous mode
[ 1067.456821][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1067.494859][ T5902] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[ 1067.657952][ T5902] usb 3-1: Using ep0 maxpacket: 16
[ 1067.670037][ T5902] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 8.00
[ 1067.670068][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1067.679737][ T5902] usb 3-1: config 0 descriptor??
[ 1067.699885][ T5902] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[ 1067.709374][ T5902] usb 3-1: Detected FT4232H
[ 1068.095370][ T5902] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1068.101915][ T5902] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1068.107816][ T5902] usb 3-1: USB disconnect, device number 89
[ 1068.116099][ T5902] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1068.117021][ T5902] ftdi_sio 3-1:0.0: device disconnected
[ 1068.264592][ T6070] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[ 1068.414700][ T6070] usb 2-1: Using ep0 maxpacket: 16
[ 1068.435580][ T6070] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1068.435634][ T6070] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1068.435661][ T6070] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1068.442205][ T6070] usb 2-1: config 0 descriptor??
[ 1068.954832][ T5949] usb 3-1: new full-speed USB device number 90 using dummy_hcd
[ 1069.136681][ T5949] usb 3-1: config 0 has an invalid interface number: 207 but max is 0
[ 1069.136710][ T5949] usb 3-1: config 0 has no interface number 0
[ 1069.140849][ T5949] usb 3-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[ 1069.141032][ T5949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1069.141111][ T5949] usb 3-1: Product: syz
[ 1069.141126][ T5949] usb 3-1: Manufacturer: syz
[ 1069.141141][ T5949] usb 3-1: SerialNumber: syz
[ 1069.197936][ T5949] usb 3-1: config 0 descriptor??
[ 1069.211038][ T5949] qmi_wwan 3-1:0.207: bogus CDC Union: master=0, slave=1
[ 1069.272946][T12272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1069.273438][T12272] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1069.424954][ T5949] qmi_wwan 3-1:0.207: probe with driver qmi_wwan failed with error -22
[ 1070.593951][ T5949] usb 3-1: USB disconnect, device number 90
[ 1071.050261][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1071.138551][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1071.194310][   T37] bond0 (unregistering): Released all slaves
[ 1071.843203][ T6070] usbhid 2-1:0.0: can't add hid device: -71
[ 1071.851825][ T6070] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1071.944136][ T6070] usb 2-1: USB disconnect, device number 91
[ 1072.085753][ T5902] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[ 1072.276915][ T5902] usb 3-1: Using ep0 maxpacket: 32
[ 1072.298515][ T5902] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[ 1072.298537][ T5902] usb 3-1: config 0 has no interface number 0
[ 1072.298570][ T5902] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1072.298588][ T5902] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1072.298604][ T5902] usb 3-1: config 0 interface 85 has no altsetting 0
[ 1072.338474][ T5902] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1072.338498][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1072.338513][ T5902] usb 3-1: Product: syz
[ 1072.338523][ T5902] usb 3-1: Manufacturer: syz
[ 1072.338534][ T5902] usb 3-1: SerialNumber: syz
[ 1072.396116][ T5902] usb 3-1: config 0 descriptor??
[ 1072.515816][   T37] hsr_slave_0: left promiscuous mode
[ 1072.564581][   T37] hsr_slave_1: left promiscuous mode
[ 1072.570558][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1072.596653][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1072.600140][ T5902] appletouch 3-1:0.85: Failed to read mode from device.
[ 1072.600350][ T5902] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[ 1074.853183][   T45] usb 3-1: USB disconnect, device number 91
[ 1076.074590][ T6008] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[ 1076.224515][ T6008] usb 2-1: Using ep0 maxpacket: 32
[ 1076.227271][ T6008] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1076.227296][ T6008] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1076.227318][ T6008] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1076.227339][ T6008] usb 2-1: config 1 has no interface number 0
[ 1076.227392][ T6008] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1076.227418][ T6008] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1076.227462][ T6008] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1076.227486][ T6008] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1076.380383][ T6008] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[ 1076.589705][ T6008] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[ 1077.276106][   T37] team0 (unregistering): Port device team_slave_1 removed
[ 1077.465864][   T37] team0 (unregistering): Port device team_slave_0 removed
[ 1077.624756][ T6008] snd_usb_pod 2-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[ 1078.935786][ T6070] usb 2-1: USB disconnect, device number 92
[ 1078.938325][ T6070] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[ 1080.012802][T12204] chnl_net:caif_netlink_parms(): no params data found
[ 1080.985663][T12204] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1080.987483][T12204] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1080.987682][T12204] bridge_slave_0: entered allmulticast mode
[ 1080.989757][T12204] bridge_slave_0: entered promiscuous mode
[ 1081.146350][T12204] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1081.146598][T12204] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1081.146850][T12204] bridge_slave_1: entered allmulticast mode
[ 1081.149704][T12204] bridge_slave_1: entered promiscuous mode
[ 1082.492988][T12204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1082.513379][ T5156] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1082.544689][ T5156] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1082.551039][ T5156] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1082.563498][ T5156] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1082.579183][ T5156] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1082.686189][   T38] audit: type=1804 audit(1758810366.916:140): pid=12325 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.1514" name="/newroot/661/file0" dev="tmpfs" ino=3496 res=1 errno=0
[ 1082.689443][T12204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1083.094722][   T45] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[ 1083.096911][T12333] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1517'.
[ 1083.232657][T12204] team0: Port device team_slave_0 added
[ 1083.254535][   T45] usb 2-1: Using ep0 maxpacket: 32
[ 1083.262348][   T45] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1083.262375][   T45] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1083.262398][   T45] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1083.262422][   T45] usb 2-1: config 1 has no interface number 0
[ 1083.262479][   T45] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1083.262508][   T45] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1083.262562][   T45] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1083.262588][   T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1083.279899][T12204] team0: Port device team_slave_1 added
[ 1083.435824][   T45] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[ 1083.722963][   T45] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[ 1084.169335][T12329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1084.169929][T12329] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1084.218572][   T45] usb 2-1: USB disconnect, device number 93
[ 1084.220309][   T45] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[ 1084.623372][T12204] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1084.623386][T12204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1084.623408][T12204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1084.664577][ T5156] Bluetooth: hci0: command tx timeout
[ 1084.720962][T12204] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1084.720981][T12204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1084.721011][T12204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1084.778611][T12064] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1084.864513][T12064] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1085.536116][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1085.567300][T12064] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1086.747112][ T5156] Bluetooth: hci0: command tx timeout
[ 1086.822250][T12064] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1087.198451][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1087.556773][T12204] hsr_slave_0: entered promiscuous mode
[ 1087.558202][T12204] hsr_slave_1: entered promiscuous mode
[ 1087.559116][T12204] debugfs: 'hsr0' already exists in 'hsr'
[ 1087.559141][T12204] Cannot create hsr debugfs directory
[ 1087.627561][   T45] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 1087.774527][   T45] usb 3-1: Using ep0 maxpacket: 16
[ 1087.777332][   T45] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 8.00
[ 1087.777358][   T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1087.826658][   T45] usb 3-1: config 0 descriptor??
[ 1087.865833][   T45] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[ 1087.883371][   T45] usb 3-1: Detected FT4232H
[ 1088.268385][   T45] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1088.283438][   T45] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1088.305839][   T45] usb 3-1: USB disconnect, device number 92
[ 1088.327766][   T45] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1088.330726][   T45] ftdi_sio 3-1:0.0: device disconnected
[ 1088.455584][ T5902] kernel write not supported for file /2157/attr/prev (pid: 5902 comm: kworker/0:4)
[ 1088.824698][ T5156] Bluetooth: hci0: command tx timeout
[ 1089.434502][ T6070] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[ 1089.594598][ T6070] usb 3-1: Using ep0 maxpacket: 32
[ 1089.599745][ T6070] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1089.599809][ T6070] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1089.599833][ T6070] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1089.603177][ T6070] usb 3-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=4d.a7
[ 1089.603208][ T6070] usb 3-1: New USB device strings: Mfr=152, Product=158, SerialNumber=3
[ 1089.603231][ T6070] usb 3-1: Product: syz
[ 1089.603246][ T6070] usb 3-1: Manufacturer: syz
[ 1089.603262][ T6070] usb 3-1: SerialNumber: syz
[ 1089.700460][ T6070] usb 3-1: config 0 descriptor??
[ 1089.703283][T12322] chnl_net:caif_netlink_parms(): no params data found
[ 1089.721398][ T6070] usb 3-1: no audio or video endpoints found
[ 1089.913936][ T6070] usb 3-1: USB disconnect, device number 93
[ 1090.084512][ T5902] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[ 1090.254462][ T5902] usb 2-1: Using ep0 maxpacket: 32
[ 1090.258705][ T5902] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1090.258732][ T5902] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1090.258754][ T5902] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1090.258778][ T5902] usb 2-1: config 1 has no interface number 0
[ 1090.258815][ T5902] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1090.258834][ T5902] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1090.258875][ T5902] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1090.258892][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1090.321495][ T5902] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[ 1090.593168][ T5902] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[ 1090.904461][ T5156] Bluetooth: hci0: command tx timeout
[ 1091.076773][T12369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1091.077362][T12369] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1091.108712][T12322] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1091.108909][T12322] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1091.109155][T12322] bridge_slave_0: entered allmulticast mode
[ 1091.111949][T12322] bridge_slave_0: entered promiscuous mode
[ 1091.172170][T12322] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1091.172341][T12322] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1091.172925][T12322] bridge_slave_1: entered allmulticast mode
[ 1091.237439][T12322] bridge_slave_1: entered promiscuous mode
[ 1091.338807][T11503] usb 2-1: USB disconnect, device number 94
[ 1091.346362][T11503] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[ 1091.444292][T12377] atomic_op ffff8880289c8218 conn xmit_atomic 0000000000000000
[ 1092.102953][T12322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1092.137969][T12322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1092.204937][T12383] 9pnet_fd: Insufficient options for proto=fd
[ 1094.434833][ T6008] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[ 1094.441325][T12322] team0: Port device team_slave_0 added
[ 1094.542316][T12322] team0: Port device team_slave_1 added
[ 1094.564672][ T6008] usb 3-1: device descriptor read/64, error -71
[ 1094.567020][T12402] atomic_op ffff88805a3c2218 conn xmit_atomic 0000000000000000
[ 1094.571959][T12064] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1094.804538][ T6008] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[ 1094.925648][T12322] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1094.925668][T12322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1094.925697][T12322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1094.935330][ T6008] usb 3-1: device descriptor read/64, error -71
[ 1094.995507][T12322] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1094.995528][T12322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1094.995561][T12322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1095.055690][ T6008] usb usb3-port1: attempt power cycle
[ 1095.310770][   T37] bridge_slave_1: left allmulticast mode
[ 1095.310805][   T37] bridge_slave_1: left promiscuous mode
[ 1095.311060][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1095.379598][   T37] bridge_slave_0: left allmulticast mode
[ 1095.379635][   T37] bridge_slave_0: left promiscuous mode
[ 1095.379931][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1095.414763][ T6008] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[ 1095.441123][ T6008] usb 3-1: device descriptor read/8, error -71
[ 1095.444010][   T37] bridge_slave_1: left allmulticast mode
[ 1095.444042][   T37] bridge_slave_1: left promiscuous mode
[ 1095.444302][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1095.516360][   T37] bridge_slave_0: left allmulticast mode
[ 1095.516397][   T37] bridge_slave_0: left promiscuous mode
[ 1095.516721][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1095.695037][ T6008] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[ 1095.717871][ T6008] usb 3-1: device descriptor read/8, error -71
[ 1095.835319][ T6008] usb usb3-port1: unable to enumerate USB device
[ 1096.157577][T12408] 9pnet_fd: Insufficient options for proto=fd
[ 1096.482954][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1096.891443][T12417] overlayfs: missing 'lowerdir'
[ 1096.915499][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1096.988646][   T37] bond0 (unregistering): Released all slaves
[ 1097.420067][T12425] atomic_op ffff8880585f4a18 conn xmit_atomic 0000000000000000
[ 1097.656338][   T31] usb 3-1: new full-speed USB device number 98 using dummy_hcd
[ 1097.817703][   T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1097.817756][   T31] usb 3-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[ 1097.817781][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1097.836979][   T31] usb 3-1: config 0 descriptor??
[ 1098.305677][   T31] uclogic 0003:5543:0522.001B: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.2-1/input0
[ 1098.547080][ T5949] usb 3-1: USB disconnect, device number 98
[ 1099.388356][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1099.475283][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1099.537527][   T37] bond0 (unregistering): Released all slaves
[ 1099.582616][T12064] 8021q: adding VLAN 0 to HW filter on device team0
[ 1099.889285][T12429] 9pnet_fd: Insufficient options for proto=fd
[ 1100.315318][T12322] hsr_slave_0: entered promiscuous mode
[ 1100.316781][T12322] hsr_slave_1: entered promiscuous mode
[ 1100.317668][T12322] debugfs: 'hsr0' already exists in 'hsr'
[ 1100.317691][T12322] Cannot create hsr debugfs directory
[ 1100.723410][ T9859] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1100.742554][ T9859] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1100.743920][ T9859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1100.808314][ T9859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1100.824997][ T9859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1101.394564][ T5902] usb 3-1: new full-speed USB device number 99 using dummy_hcd
[ 1101.550455][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1101.550513][ T5902] usb 3-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[ 1101.550537][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1101.564223][ T5902] usb 3-1: config 0 descriptor??
[ 1102.006992][ T5902] uclogic 0003:5543:0522.001C: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.2-1/input0
[ 1102.208926][ T5949] usb 3-1: USB disconnect, device number 99
[ 1102.226672][   T37] hsr_slave_0: left promiscuous mode
[ 1102.272365][   T37] hsr_slave_1: left promiscuous mode
[ 1102.273293][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1102.306300][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1102.674618][   T37] hsr_slave_0: left promiscuous mode
[ 1102.696835][   T37] hsr_slave_1: left promiscuous mode
[ 1102.697857][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1102.742015][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1102.904597][ T9859] Bluetooth: hci1: command tx timeout
[ 1102.930239][T12454] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1555'.
[ 1103.856248][   T37] team0 (unregistering): Port device team_slave_1 removed
[ 1104.020682][   T37] team0 (unregistering): Port device team_slave_0 removed
[ 1105.005520][ T9859] Bluetooth: hci1: command tx timeout
[ 1105.339559][T12467] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1558'.
[ 1105.975226][   T37] team0 (unregistering): Port device team_slave_1 removed
[ 1106.085606][   T37] team0 (unregistering): Port device team_slave_0 removed
[ 1107.072262][ T9859] Bluetooth: hci1: command tx timeout
[ 1107.814663][ T6008] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[ 1108.011936][ T6008] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1108.011995][ T6008] usb 2-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[ 1108.012019][ T6008] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1108.056739][ T6008] usb 2-1: config 0 descriptor??
[ 1108.123702][ T6008] smsusb:smsusb_probe: board id=8, interface number 0
[ 1108.123812][ T6008] smsusb:smsusb_probe: Device initialized with return code -19
[ 1108.683165][T12204] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1108.752305][T12204] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1108.785489][T12488] input: syz1 as /devices/virtual/input/input34
[ 1109.032684][T12204] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1109.061602][T12204] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1109.154843][ T9859] Bluetooth: hci1: command tx timeout
[ 1109.257404][T12436] chnl_net:caif_netlink_parms(): no params data found
[ 1109.464540][ T6070] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[ 1109.614588][ T6070] usb 3-1: Using ep0 maxpacket: 32
[ 1109.617431][ T6070] usb 3-1: config 0 has an invalid interface number: 106 but max is 0
[ 1109.617459][ T6070] usb 3-1: config 0 has no interface number 0
[ 1109.617494][ T6070] usb 3-1: config 0 interface 106 has no altsetting 0
[ 1109.621686][ T6070] usb 3-1: New USB device found, idVendor=0421, idProduct=6901, bcdDevice=2d.1d
[ 1109.621809][ T6070] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1109.621833][ T6070] usb 3-1: Product: syz
[ 1109.621849][ T6070] usb 3-1: Manufacturer: syz
[ 1109.621864][ T6070] usb 3-1: SerialNumber: syz
[ 1109.633287][ T6070] usb 3-1: config 0 descriptor??
[ 1109.643825][ T6070] cdc_phonet 3-1:0.106: probe with driver cdc_phonet failed with error -22
[ 1109.844507][ T6070] usb 3-1: USB disconnect, device number 100
[ 1110.077816][T12436] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1110.080436][T12436] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1110.080676][T12436] bridge_slave_0: entered allmulticast mode
[ 1110.082917][T12436] bridge_slave_0: entered promiscuous mode
[ 1110.137572][T12436] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1110.137767][T12436] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1110.138017][T12436] bridge_slave_1: entered allmulticast mode
[ 1110.140034][T12436] bridge_slave_1: entered promiscuous mode
[ 1110.343725][ T6070] usb 2-1: USB disconnect, device number 95
[ 1110.458005][T12436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1110.481410][T12436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1111.069018][T12516] IPv6: Can't replace route, no match found
[ 1111.433661][T12436] team0: Port device team_slave_0 added
[ 1111.483686][T12436] team0: Port device team_slave_1 added
[ 1113.106629][ T5902] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[ 1113.475440][ T5902] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1113.477966][ T5902] usb 2-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[ 1113.481091][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1113.511124][ T5902] usb 2-1: config 0 descriptor??
[ 1113.717149][ T5902] smsusb:smsusb_probe: board id=8, interface number 0
[ 1113.720124][ T5902] smsusb:smsusb_probe: Device initialized with return code -19
[ 1114.094449][T12436] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1114.094468][T12436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1114.094499][T12436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1114.197612][T12436] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1114.197626][T12436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1114.197655][T12436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1114.256505][T12322] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1114.355588][T12322] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1114.587394][   T31] libceph: connect (1)[c::]:6789 error -101
[ 1114.588007][   T31] libceph: mon0 (1)[c::]:6789 connect error
[ 1114.602427][   T31] libceph: connect (1)[c::]:6789 error -101
[ 1114.602703][   T31] libceph: mon0 (1)[c::]:6789 connect error
[ 1114.619312][T12547] ceph: No mds server is up or the cluster is laggy
[ 1114.655489][T12322] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1114.875100][ T5902] usb 2-1: USB disconnect, device number 96
[ 1114.898862][T12322] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1115.175779][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1115.504643][ T5902] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[ 1115.694582][ T5902] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[ 1115.694620][ T5902] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[ 1115.694645][ T5902] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1115.697550][ T5902] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[ 1115.697580][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1115.697602][ T5902] usb 2-1: Product: syz
[ 1115.697618][ T5902] usb 2-1: Manufacturer: syz
[ 1115.697635][ T5902] usb 2-1: SerialNumber: syz
[ 1115.772754][T12555] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1115.772892][T12555] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1115.978573][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1116.213994][T12555] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1116.218448][T12555] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1116.260899][T12436] hsr_slave_0: entered promiscuous mode
[ 1116.263496][T12436] hsr_slave_1: entered promiscuous mode
[ 1116.280029][T12436] debugfs: 'hsr0' already exists in 'hsr'
[ 1116.280055][T12436] Cannot create hsr debugfs directory
[ 1116.516585][T12567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1116.517200][T12567] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1116.560267][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1116.769025][T12569] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1580'.
[ 1116.773791][T12569] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1580'.
[ 1117.261332][ T5902] rtl8150 2-1:1.0: couldn't reset the device
[ 1117.261717][ T5902] rtl8150 2-1:1.0: probe with driver rtl8150 failed with error -5
[ 1117.286087][ T5902] usb 2-1: USB disconnect, device number 97
[ 1117.346238][T12492] udevd[12492]: setting owner of /dev/bus/usb/002/097 to uid=0, gid=0 failed: No such file or directory
[ 1117.674934][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1117.777334][ T5156] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1117.801741][ T5156] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1117.803125][ T5156] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1117.814658][ T5156] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1117.828886][ T5156] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1118.650857][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1119.864780][ T5156] Bluetooth: hci2: command tx timeout
[ 1120.052379][   T37] bridge_slave_1: left allmulticast mode
[ 1120.052414][   T37] bridge_slave_1: left promiscuous mode
[ 1120.052707][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1120.162735][   T37] bridge_slave_0: left allmulticast mode
[ 1120.162771][   T37] bridge_slave_0: left promiscuous mode
[ 1120.163070][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1120.234560][ T6070] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[ 1120.397389][ T6070] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1120.397453][ T6070] usb 3-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[ 1120.397479][ T6070] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1120.445961][ T6070] usb 3-1: config 0 descriptor??
[ 1120.461706][ T6070] smsusb:smsusb_probe: board id=8, interface number 0
[ 1120.461792][ T6070] smsusb:smsusb_probe: Device initialized with return code -19
[ 1120.917241][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1120.917360][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1122.014403][ T5156] Bluetooth: hci2: command tx timeout
[ 1122.571865][ T6070] usb 3-1: USB disconnect, device number 101
[ 1124.054652][ T5156] Bluetooth: hci2: command tx timeout
[ 1124.275369][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1124.639535][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1124.697339][   T37] bond0 (unregistering): Released all slaves
[ 1125.524704][   T37] hsr_slave_0: left promiscuous mode
[ 1125.574604][   T37] hsr_slave_1: left promiscuous mode
[ 1125.637653][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1125.985494][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1126.114743][ T5156] Bluetooth: hci2: command tx timeout
[ 1129.396730][T12655] FAULT_INJECTION: forcing a failure.
[ 1129.396730][T12655] name failslab, interval 1, probability 0, space 0, times 0
[ 1129.396769][T12655] CPU: 0 UID: 0 PID: 12655 Comm: syz.1.1603 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1129.396797][T12655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1129.396811][T12655] Call Trace:
[ 1129.396820][T12655]  <TASK>
[ 1129.396831][T12655]  dump_stack_lvl+0x189/0x250
[ 1129.396871][T12655]  ? __pfx____ratelimit+0x10/0x10
[ 1129.396908][T12655]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1129.396943][T12655]  ? __pfx__printk+0x10/0x10
[ 1129.396975][T12655]  ? __pfx___might_resched+0x10/0x10
[ 1129.397002][T12655]  ? fs_reclaim_acquire+0x7d/0x100
[ 1129.397039][T12655]  should_fail_ex+0x46c/0x600
[ 1129.397080][T12655]  should_failslab+0xa8/0x100
[ 1129.397114][T12655]  __kmalloc_noprof+0xcb/0x430
[ 1129.397144][T12655]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1129.397185][T12655]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1129.397221][T12655]  ? tomoyo_domain+0xda/0x130
[ 1129.397262][T12655]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1129.397291][T12655]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1129.397323][T12655]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1129.397356][T12655]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1129.397393][T12655]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1129.397437][T12655]  ? __lock_acquire+0xab9/0xd20
[ 1129.397492][T12655]  ? __fget_files+0x2a/0x420
[ 1129.397528][T12655]  ? __fget_files+0x2a/0x420
[ 1129.397559][T12655]  ? __fget_files+0x3a6/0x420
[ 1129.397589][T12655]  ? __fget_files+0x2a/0x420
[ 1129.397627][T12655]  security_file_ioctl+0xcb/0x2d0
[ 1129.397660][T12655]  __se_sys_ioctl+0x47/0x170
[ 1129.397690][T12655]  do_syscall_64+0xfa/0x3b0
[ 1129.397711][T12655]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1129.397745][T12655]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1129.397768][T12655]  ? clear_bhb_loop+0x60/0xb0
[ 1129.397796][T12655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1129.397819][T12655] RIP: 0033:0x7f8ba0d5eec9
[ 1129.397839][T12655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1129.397859][T12655] RSP: 002b:00007f8b9ef7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1129.397883][T12655] RAX: ffffffffffffffda RBX: 00007f8ba0fb6180 RCX: 00007f8ba0d5eec9
[ 1129.397900][T12655] RDX: ffffffffffffffb6 RSI: 0000000000004c80 RDI: 0000000000000005
[ 1129.397916][T12655] RBP: 00007f8b9ef7c090 R08: 0000000000000000 R09: 0000000000000000
[ 1129.397931][T12655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1129.397945][T12655] R13: 00007f8ba0fb6218 R14: 00007f8ba0fb6180 R15: 00007ffe8c01e208
[ 1129.397981][T12655]  </TASK>
[ 1129.397992][T12655] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1130.307398][   T37] team0 (unregistering): Port device team_slave_1 removed
[ 1130.735283][   T37] team0 (unregistering): Port device team_slave_0 removed
[ 1131.134513][   T45] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[ 1131.291423][   T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1131.291459][   T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1131.291502][   T45] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1131.291528][   T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1131.347949][   T45] usb 2-1: config 0 descriptor??
[ 1132.102094][T12665] binder: 12663:12665 ioctl 40046205 0 returned -22
[ 1134.425535][ T9859] Bluetooth: hci2: command 0x0405 tx timeout
[ 1134.503922][T12322] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1135.135895][   T45] usbhid 2-1:0.0: can't add hid device: -71
[ 1135.136030][   T45] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1135.212408][   T45] usb 2-1: USB disconnect, device number 98
[ 1136.502361][T12577] chnl_net:caif_netlink_parms(): no params data found
[ 1137.462260][T12322] 8021q: adding VLAN 0 to HW filter on device team0
[ 1138.173027][ T6046] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1138.174628][ T6046] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1138.314615][T12436] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1138.339742][T12692] atomic_op ffff88805852da18 conn xmit_atomic 0000000000000000
[ 1138.423974][T12436] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1138.509176][T12436] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1138.577138][T12541] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1138.583024][T12541] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1138.774903][T12436] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1138.825888][T12700] 9pnet_fd: Insufficient options for proto=fd
[ 1138.947212][T12577] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1138.947348][T12577] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1138.947524][T12577] bridge_slave_0: entered allmulticast mode
[ 1138.950199][T12577] bridge_slave_0: entered promiscuous mode
[ 1139.018360][T12577] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1139.018496][T12577] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1139.018695][T12577] bridge_slave_1: entered allmulticast mode
[ 1139.021488][T12577] bridge_slave_1: entered promiscuous mode
[ 1139.720718][T12577] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1139.911228][T12577] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1140.315516][T12577] team0: Port device team_slave_0 added
[ 1140.379186][T12577] team0: Port device team_slave_1 added
[ 1140.816080][T12577] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1140.816099][T12577] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1140.816130][T12577] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1140.820969][T12577] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1140.820985][T12577] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1140.821016][T12577] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1141.306983][T12577] hsr_slave_0: entered promiscuous mode
[ 1141.308297][T12577] hsr_slave_1: entered promiscuous mode
[ 1141.558969][   T37] bridge_slave_1: left allmulticast mode
[ 1141.559004][   T37] bridge_slave_1: left promiscuous mode
[ 1141.559272][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1141.627951][   T37] bridge_slave_0: left allmulticast mode
[ 1141.627977][   T37] bridge_slave_0: left promiscuous mode
[ 1141.628237][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1142.405258][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1142.486943][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1142.573712][   T37] bond0 (unregistering): Released all slaves
[ 1143.064782][   T37] hsr_slave_0: left promiscuous mode
[ 1143.104522][   T37] hsr_slave_1: left promiscuous mode
[ 1143.105314][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1143.147149][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1143.737722][ T5156] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1143.741868][ T5156] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1143.743233][ T5156] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1143.745521][ T5156] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1143.746930][ T5156] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1144.067031][   T37] team0 (unregistering): Port device team_slave_1 removed
[ 1144.206704][   T37] team0 (unregistering): Port device team_slave_0 removed
[ 1145.513669][T12436] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1145.667672][T12436] 8021q: adding VLAN 0 to HW filter on device team0
[ 1145.778778][ T3969] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1145.779035][ T3969] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1145.784721][ T9859] Bluetooth: hci0: command tx timeout
[ 1145.849670][ T3619] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1145.852568][ T3619] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1146.399558][T12715] chnl_net:caif_netlink_parms(): no params data found
[ 1147.562928][T12715] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1147.563074][T12715] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1147.563296][T12715] bridge_slave_0: entered allmulticast mode
[ 1147.587279][T12715] bridge_slave_0: entered promiscuous mode
[ 1147.779185][T12577] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1147.820875][T12715] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1147.821109][T12715] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1147.821293][T12715] bridge_slave_1: entered allmulticast mode
[ 1147.823239][T12715] bridge_slave_1: entered promiscuous mode
[ 1147.851971][T12577] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1147.864710][ T9859] Bluetooth: hci0: command tx timeout
[ 1147.966273][T12577] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1148.112847][T12577] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1148.182896][T12715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1148.216971][T12715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1148.456055][T12715] team0: Port device team_slave_0 added
[ 1148.545421][T12715] team0: Port device team_slave_1 added
[ 1148.810125][T12715] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1148.810141][T12715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1148.810175][T12715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1148.825651][T12715] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1148.825672][T12715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1148.825704][T12715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1148.830424][T12436] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1148.924535][ T6070] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[ 1148.985718][T11503] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 1149.084570][ T6070] usb 2-1: Using ep0 maxpacket: 32
[ 1149.086920][   T37] bridge_slave_1: left allmulticast mode
[ 1149.086955][   T37] bridge_slave_1: left promiscuous mode
[ 1149.087238][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1149.088973][ T6070] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1149.089000][ T6070] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1149.089023][ T6070] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1149.089046][ T6070] usb 2-1: config 1 has no interface number 0
[ 1149.089179][ T6070] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1149.089208][ T6070] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1149.089256][ T6070] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1149.089281][ T6070] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1149.135081][T11503] usb 3-1: Using ep0 maxpacket: 32
[ 1149.140747][T11503] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1149.140781][T11503] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1149.140808][T11503] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1149.140834][T11503] usb 3-1: config 1 has no interface number 0
[ 1149.140891][T11503] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1149.140925][T11503] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1149.140976][T11503] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1149.141004][T11503] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1149.188250][T11503] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[ 1149.293362][ T6070] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[ 1149.349793][   T37] bridge_slave_0: left allmulticast mode
[ 1149.350055][   T37] bridge_slave_0: left promiscuous mode
[ 1149.350898][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1149.391920][T11503] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[ 1149.632075][ T6070] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[ 1149.946410][ T9859] Bluetooth: hci0: command tx timeout
[ 1150.930853][ T6070] snd_usb_pod 2-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[ 1151.536159][T11503] snd_usb_pod 3-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[ 1151.580739][T12742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1151.583949][T12742] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1152.043200][ T9859] Bluetooth: hci0: command tx timeout
[ 1152.995963][T11503] usb 3-1: USB disconnect, device number 102
[ 1152.998805][T11503] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[ 1154.296653][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1154.356005][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1154.387610][   T37] bond0 (unregistering): Released all slaves
[ 1154.679878][T12715] hsr_slave_0: entered promiscuous mode
[ 1154.681955][T12715] hsr_slave_1: entered promiscuous mode
[ 1154.682927][T12715] debugfs: 'hsr0' already exists in 'hsr'
[ 1154.682953][T12715] Cannot create hsr debugfs directory
[ 1154.775655][ T5949] usb 2-1: USB disconnect, device number 99
[ 1154.778291][ T5949] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[ 1155.525661][   T37] hsr_slave_0: left promiscuous mode
[ 1155.577638][   T37] hsr_slave_1: left promiscuous mode
[ 1155.578683][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1155.628181][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1155.774576][ T6008] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[ 1155.894510][ T6070] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[ 1155.924509][ T6008] usb 2-1: Using ep0 maxpacket: 32
[ 1155.928873][ T6008] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1155.928948][ T6008] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1155.928972][ T6008] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1155.931874][ T6008] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=4d.a7
[ 1155.931904][ T6008] usb 2-1: New USB device strings: Mfr=152, Product=158, SerialNumber=3
[ 1155.931927][ T6008] usb 2-1: Product: syz
[ 1155.931944][ T6008] usb 2-1: Manufacturer: syz
[ 1155.931959][ T6008] usb 2-1: SerialNumber: syz
[ 1156.008107][ T6008] usb 2-1: config 0 descriptor??
[ 1156.020794][ T6008] usb 2-1: no audio or video endpoints found
[ 1156.047302][ T6070] usb 3-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[ 1156.047335][ T6070] usb 3-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[ 1156.047362][ T6070] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1156.050620][ T6070] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[ 1156.050649][ T6070] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1156.050671][ T6070] usb 3-1: Product: syz
[ 1156.050687][ T6070] usb 3-1: Manufacturer: syz
[ 1156.050702][ T6070] usb 3-1: SerialNumber: syz
[ 1156.127828][T12757] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1156.128132][T12757] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1156.213881][ T6008] usb 2-1: USB disconnect, device number 100
[ 1156.546843][T12757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1156.553704][T12757] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1156.816549][T12760] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1156.817797][T12760] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1157.043717][T12763] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1623'.
[ 1157.061071][T12763] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1623'.
[ 1157.335166][   T37] team0 (unregistering): Port device team_slave_1 removed
[ 1157.384933][ T5949] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[ 1157.573376][ T5949] usb 2-1: Using ep0 maxpacket: 32
[ 1157.585326][ T5949] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1157.585354][ T5949] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1157.585461][ T5949] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1157.585486][ T5949] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1157.635570][ T5949] usb 2-1: config 0 descriptor??
[ 1157.650753][   T37] team0 (unregistering): Port device team_slave_0 removed
[ 1157.877457][ T6008] usb 2-1: USB disconnect, device number 101
[ 1161.450360][ T6070] rtl8150 3-1:1.0: couldn't reset the device
[ 1161.450694][ T6070] rtl8150 3-1:1.0: probe with driver rtl8150 failed with error -5
[ 1163.485669][ T5156] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1163.506987][ T5156] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1163.523838][ T5156] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1163.530987][ T5156] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1163.541915][ T5156] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1163.690045][ T5949] usb 3-1: USB disconnect, device number 103
[ 1164.215981][ T5949] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 1164.364558][ T5949] usb 3-1: Using ep0 maxpacket: 32
[ 1164.383899][ T5949] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[ 1164.383932][ T5949] usb 3-1: config 0 has an invalid interface number: 130 but max is 0
[ 1164.383957][ T5949] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[ 1164.383983][ T5949] usb 3-1: config 0 has no interface number 0
[ 1164.384003][ T5949] usb 3-1: config 0 has no interface number 1
[ 1164.384075][ T5949] usb 3-1: config 0 interface 2 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1164.384108][ T5949] usb 3-1: config 0 interface 2 has no altsetting 0
[ 1164.384131][ T5949] usb 3-1: config 0 interface 130 has no altsetting 0
[ 1164.389720][ T5949] usb 3-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[ 1164.389756][ T5949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1164.389781][ T5949] usb 3-1: Product: syz
[ 1164.389798][ T5949] usb 3-1: Manufacturer: syz
[ 1164.389817][ T5949] usb 3-1: SerialNumber: syz
[ 1164.414590][ T5949] usb 3-1: config 0 descriptor??
[ 1164.812674][T12783] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1164.962150][ T5949] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1165.160115][T12783] ==================================================================
[ 1165.160138][T12783] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x2c72/0x53e0
[ 1165.160167][T12783] Read of size 1 at addr ffff88805b5b87f0 by task syz.2.1629/12783
[ 1165.160187][T12783] 
[ 1165.160201][T12783] CPU: 0 UID: 0 PID: 12783 Comm: syz.2.1629 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1165.160229][T12783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1165.160244][T12783] Call Trace:
[ 1165.160254][T12783]  <TASK>
[ 1165.160264][T12783]  dump_stack_lvl+0x189/0x250
[ 1165.160299][T12783]  ? __kasan_check_byte+0x12/0x40
[ 1165.160340][T12783]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1165.160374][T12783]  ? lock_release+0x4b/0x3e0
[ 1165.160411][T12783]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1165.160434][T12783]  print_report+0xca/0x240
[ 1165.160462][T12783]  ? xfrm_state_find+0x2c72/0x53e0
[ 1165.160482][T12783]  kasan_report+0x118/0x150
[ 1165.160513][T12783]  ? xfrm_state_find+0x2c72/0x53e0
[ 1165.160538][T12783]  xfrm_state_find+0x2c72/0x53e0
[ 1165.160571][T12783]  ? xfrm_state_find+0x2bf/0x53e0
[ 1165.160597][T12783]  ? __pfx_xfrm_state_find+0x10/0x10
[ 1165.160619][T12783]  ? do_raw_spin_lock+0x121/0x290
[ 1165.160652][T12783]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[ 1165.160698][T12783]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[ 1165.160726][T12783]  ? __lock_acquire+0xab9/0xd20
[ 1165.160767][T12783]  ? xfrm_sk_policy_lookup+0x9d/0x750
[ 1165.160801][T12783]  ? xfrm_sk_policy_lookup+0x9d/0x750
[ 1165.160830][T12783]  ? xfrm_expand_policies+0x41f/0x6a0
[ 1165.160860][T12783]  xfrm_lookup_with_ifid+0x2a7/0x1a90
[ 1165.160892][T12783]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[ 1165.160918][T12783]  ? rcuref_put+0x1b7/0x210
[ 1165.160941][T12783]  ? __pfx_rcuref_put+0x10/0x10
[ 1165.160966][T12783]  ? reacquire_held_locks+0x127/0x1d0
[ 1165.161003][T12783]  xfrm_lookup_route+0x3c/0x1c0
[ 1165.161030][T12783]  __ip4_datagram_connect+0x9a5/0x1270
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1165.161067][T12783]  __ip6_datagram_connect+0x9f0/0x1150
[ 1165.161102][T12783]  ? __pfx___ip6_datagram_connect+0x10/0x10
[ 1165.161138][T12783]  ? lock_sock_nested+0xdd/0x130
[ 1165.161168][T12783]  ip6_datagram_connect_v6_only+0x63/0xa0
[ 1165.161199][T12783]  __sys_connect+0x320/0x450
[ 1165.161232][T12783]  ? __pfx___sys_connect+0x10/0x10
[ 1165.161272][T12783]  ? rcu_is_watching+0x15/0xb0
[ 1165.161320][T12783]  __x64_sys_connect+0x7a/0x90
[ 1165.161355][T12783]  do_syscall_64+0xfa/0x3b0
[ 1165.161377][T12783]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1165.161410][T12783]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.161432][T12783]  ? clear_bhb_loop+0x60/0xb0
[ 1165.161457][T12783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.161480][T12783] RIP: 0033:0x7fdff85feec9
[ 1165.161500][T12783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1165.161500][T12783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1165.161524][T12783] RSP: 002b:00007fdff6866038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 1165.161549][T12783] RAX: ffffffffffffffda RBX: 00007fdff8855fa0 RCX: 00007fdff85feec9
[ 1165.161567][T12783] RDX: 000000000000001c RSI: 0000200000000000 RDI: 000000000000000a
[ 1165.161582][T12783] RBP: 00007fdff8681f91 R08: 0000000000000000 R09: 0000000000000000
[ 1165.161597][T12783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1165.161611][T12783] R13: 00007fdff8856038 R14: 00007fdff8855fa0 R15: 00007ffd7768fa78
[ 1165.161639][T12783]  </TASK>
[ 1165.161648][T12783] 
[ 1165.161654][T12783] Allocated by task 12179:
[ 1165.161666][T12783]  kasan_save_track+0x3e/0x80
[ 1165.161690][T12783]  __kasan_slab_alloc+0x6c/0x80
[ 1165.161715][T12783]  kmem_cache_alloc_noprof+0x143/0x310
[ 1165.161744][T12783]  xfrm_state_alloc+0x24/0x2f0
[ 1165.161773][T12783]  __find_acq_core+0x8a7/0x1c00
[ 1165.161793][T12783]  xfrm_find_acq+0x8f/0xd0
[ 1165.161813][T12783]  xfrm_alloc_userspi+0x6b3/0xc90
[ 1165.161836][T12783]  xfrm_user_rcv_msg+0x7a3/0xab0
[ 1165.161859][T12783]  netlink_rcv_skb+0x205/0x470
[ 1165.161887][T12783]  xfrm_netlink_rcv+0x79/0x90
[ 1165.161908][T12783]  netlink_unicast+0x843/0xa10
[ 1165.161933][T12783]  netlink_sendmsg+0x805/0xb30
[ 1165.161961][T12783]  __sock_sendmsg+0x21c/0x270
[ 1165.161985][T12783]  ____sys_sendmsg+0x508/0x820
[ 1165.162003][T12783]  ___sys_sendmsg+0x21f/0x2a0
[ 1165.162022][T12783]  __x64_sys_sendmsg+0x1a1/0x260
[ 1165.162043][T12783]  do_syscall_64+0xfa/0x3b0
[ 1165.162061][T12783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.162082][T12783] 
[ 1165.162087][T12783] Freed by task 31:
[ 1165.162098][T12783]  kasan_save_track+0x3e/0x80
[ 1165.162121][T12783]  kasan_save_free_info+0x46/0x50
[ 1165.162140][T12783]  __kasan_slab_free+0x5b/0x80
[ 1165.162165][T12783]  kmem_cache_free+0x195/0x510
[ 1165.162194][T12783]  xfrm_state_gc_task+0x54e/0x6d0
[ 1165.162218][T12783]  process_scheduled_works+0xade/0x17b0
[ 1165.162244][T12783]  worker_thread+0x8a0/0xda0
[ 1165.162269][T12783]  kthread+0x70e/0x8a0
[ 1165.162299][T12783]  ret_from_fork+0x436/0x7d0
[ 1165.162332][T12783]  ret_from_fork_asm+0x1a/0x30
[ 1165.162353][T12783] 
[ 1165.162359][T12783] The buggy address belongs to the object at ffff88805b5b8480
[ 1165.162359][T12783]  which belongs to the cache xfrm_state of size 992
[ 1165.162379][T12783] The buggy address is located 880 bytes inside of
[ 1165.162379][T12783]  freed 992-byte region [ffff88805b5b8480, ffff88805b5b8860)
[ 1165.162403][T12783] 
[ 1165.162409][T12783] The buggy address belongs to the physical page:
[ 1165.162429][T12783] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805b5b8480 pfn:0x5b5b8
[ 1165.162456][T12783] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1165.162475][T12783] flags: 0x80000000000040(head|node=0|zone=1)
[ 1165.162499][T12783] page_type: f5(slab)
[ 1165.162519][T12783] raw: 0080000000000040 ffff888142af9dc0 dead000000000122 0000000000000000
[ 1165.162538][T12783] raw: ffff88805b5b8480 00000000800e000b 00000000f5000000 0000000000000000
[ 1165.162559][T12783] head: 0080000000000040 ffff888142af9dc0 dead000000000122 0000000000000000
[ 1165.162579][T12783] head: ffff88805b5b8480 00000000800e000b 00000000f5000000 0000000000000000
[ 1165.162599][T12783] head: 0080000000000002 ffffea00016d6e01 00000000ffffffff 00000000ffffffff
[ 1165.162618][T12783] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000004
[ 1165.162630][T12783] page dumped because: kasan: bad access detected
[ 1165.162646][T12783] page_owner tracks the page as allocated
[ 1165.162655][T12783] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6059, tgid 6048 (syz.2.32), ts 117402897633, free_ts 117351082242
[ 1165.162693][T12783]  post_alloc_hook+0x240/0x2a0
[ 1165.162723][T12783]  get_page_from_freelist+0x2119/0x21b0
[ 1165.162743][T12783]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1165.162764][T12783]  alloc_pages_mpol+0xd1/0x380
[ 1165.162790][T12783]  allocate_slab+0x8a/0x370
[ 1165.162810][T12783]  ___slab_alloc+0x8d1/0xdc0
[ 1165.162826][T12783]  kmem_cache_alloc_noprof+0xe6/0x310
[ 1165.162853][T12783]  xfrm_state_alloc+0x24/0x2f0
[ 1165.162882][T12783]  xfrm_add_sa+0x17d1/0x4070
[ 1165.162904][T12783]  xfrm_user_rcv_msg+0x7a3/0xab0
[ 1165.162926][T12783]  netlink_rcv_skb+0x205/0x470
[ 1165.162952][T12783]  xfrm_netlink_rcv+0x79/0x90
[ 1165.162974][T12783]  netlink_unicast+0x843/0xa10
[ 1165.162997][T12783]  netlink_sendmsg+0x805/0xb30
[ 1165.163025][T12783]  __sock_sendmsg+0x21c/0x270
[ 1165.163049][T12783]  ____sys_sendmsg+0x508/0x820
[ 1165.163067][T12783] page last free pid 6063 tgid 6063 stack trace:
[ 1165.163079][T12783]  __free_frozen_pages+0xb59/0xce0
[ 1165.163109][T12783]  __slab_free+0x2db/0x390
[ 1165.163128][T12783]  qlist_free_all+0x97/0x140
[ 1165.163150][T12783]  kasan_quarantine_reduce+0x148/0x160
[ 1165.163173][T12783]  __kasan_slab_alloc+0x22/0x80
[ 1165.163197][T12783]  kmem_cache_alloc_noprof+0x143/0x310
[ 1165.163224][T12783]  taskstats_exit+0x147/0xa20
[ 1165.163247][T12783]  do_exit+0x630/0x2300
[ 1165.163263][T12783]  do_group_exit+0x21c/0x2d0
[ 1165.163281][T12783]  __x64_sys_exit_group+0x3f/0x40
[ 1165.163300][T12783]  x64_sys_call+0x21f7/0x2200
[ 1165.163327][T12783]  do_syscall_64+0xfa/0x3b0
[ 1165.163346][T12783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.163367][T12783] 
[ 1165.163373][T12783] Memory state around the buggy address:
[ 1165.163385][T12783]  ffff88805b5b8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1165.163401][T12783]  ffff88805b5b8700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1165.163418][T12783] >ffff88805b5b8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1165.163429][T12783]                                                              ^
[ 1165.163443][T12783]  ffff88805b5b8800: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1165.163458][T12783]  ffff88805b5b8880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1165.163470][T12783] ==================================================================
[ 1165.460723][T12783] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1165.460751][T12783] CPU: 1 UID: 0 PID: 12783 Comm: syz.2.1629 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1165.460789][T12783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1165.460818][T12783] Call Trace:
[ 1165.460828][T12783]  <TASK>
[ 1165.460840][T12783]  dump_stack_lvl+0x99/0x250
[ 1165.460885][T12783]  ? __asan_memcpy+0x40/0x70
[ 1165.460912][T12783]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1165.460948][T12783]  ? __pfx__printk+0x10/0x10
[ 1165.460983][T12783]  vpanic+0x281/0x750
[ 1165.461019][T12783]  ? preempt_schedule+0xae/0xc0
[ 1165.461056][T12783]  ? __pfx_vpanic+0x10/0x10
[ 1165.461090][T12783]  ? preempt_schedule_common+0x83/0xd0
[ 1165.461126][T12783]  ? preempt_schedule+0xae/0xc0
[ 1165.461159][T12783]  ? __pfx_preempt_schedule+0x10/0x10
[ 1165.461200][T12783]  panic+0xb9/0xc0
[ 1165.461235][T12783]  ? __pfx_panic+0x10/0x10
[ 1165.461273][T12783]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 1165.461315][T12783]  ? xfrm_state_find+0x2c72/0x53e0
[ 1165.461336][T12783]  check_panic_on_warn+0x89/0xb0
[ 1165.461362][T12783]  ? xfrm_state_find+0x2c72/0x53e0
[ 1165.461385][T12783]  end_report+0x78/0x160
[ 1165.461416][T12783]  kasan_report+0x129/0x150
[ 1165.461450][T12783]  ? xfrm_state_find+0x2c72/0x53e0
[ 1165.461478][T12783]  xfrm_state_find+0x2c72/0x53e0
[ 1165.461514][T12783]  ? xfrm_state_find+0x2bf/0x53e0
[ 1165.461550][T12783]  ? __pfx_xfrm_state_find+0x10/0x10
[ 1165.461573][T12783]  ? do_raw_spin_lock+0x121/0x290
[ 1165.461631][T12783]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[ 1165.461682][T12783]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[ 1165.461715][T12783]  ? __lock_acquire+0xab9/0xd20
[ 1165.461761][T12783]  ? xfrm_sk_policy_lookup+0x9d/0x750
[ 1165.461800][T12783]  ? xfrm_sk_policy_lookup+0x9d/0x750
[ 1165.461833][T12783]  ? xfrm_expand_policies+0x41f/0x6a0
[ 1165.461867][T12783]  xfrm_lookup_with_ifid+0x2a7/0x1a90
[ 1165.461905][T12783]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[ 1165.461937][T12783]  ? rcuref_put+0x1b7/0x210
[ 1165.461964][T12783]  ? __pfx_rcuref_put+0x10/0x10
[ 1165.461992][T12783]  ? reacquire_held_locks+0x127/0x1d0
[ 1165.462034][T12783]  xfrm_lookup_route+0x3c/0x1c0
[ 1165.462066][T12783]  __ip4_datagram_connect+0x9a5/0x1270
[ 1165.462106][T12783]  __ip6_datagram_connect+0x9f0/0x1150
[ 1165.462148][T12783]  ? __pfx___ip6_datagram_connect+0x10/0x10
[ 1165.462186][T12783]  ? lock_sock_nested+0xdd/0x130
[ 1165.462219][T12783]  ip6_datagram_connect_v6_only+0x63/0xa0
[ 1165.462255][T12783]  __sys_connect+0x320/0x450
[ 1165.462289][T12783]  ? __pfx___sys_connect+0x10/0x10
[ 1165.462333][T12783]  ? rcu_is_watching+0x15/0xb0
[ 1165.462378][T12783]  __x64_sys_connect+0x7a/0x90
[ 1165.462415][T12783]  do_syscall_64+0xfa/0x3b0
[ 1165.462437][T12783]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1165.462475][T12783]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.462501][T12783]  ? clear_bhb_loop+0x60/0xb0
[ 1165.462538][T12783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.462564][T12783] RIP: 0033:0x7fdff85feec9
[ 1165.462587][T12783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1165.462612][T12783] RSP: 002b:00007fdff6866038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 1165.462639][T12783] RAX: ffffffffffffffda RBX: 00007fdff8855fa0 RCX: 00007fdff85feec9
[ 1165.462659][T12783] RDX: 000000000000001c RSI: 0000200000000000 RDI: 000000000000000a
[ 1165.462677][T12783] RBP: 00007fdff8681f91 R08: 0000000000000000 R09: 0000000000000000
[ 1165.462695][T12783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1165.462712][T12783] R13: 00007fdff8856038 R14: 00007fdff8855fa0 R15: 00007ffd7768fa78
[ 1165.462743][T12783]  </TASK>
[ 1165.463104][T12783] Kernel Offset: disabled