last executing test programs:

2m49.439242126s ago: executing program 1 (id=454):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x7ff, 0x12)
bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x58)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20000}, 0x40c0)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
setns(r5, 0x8020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x0, &(0x7f00000005c0)={0x8, 0x70, 0x80000, {r0}}, 0x20)

2m48.812046292s ago: executing program 1 (id=457):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'team0\x00', <r2=>0x0})
syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020100090a000000007fffffff0000000200100000e9000000e9000000000000030005000000000002000000ac1414000000000000000000030006000000000002"], 0x50}}, 0x0)
sendmmsg(r3, &(0x7f0000000180), 0x40000000000007b, 0x4004)
ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x560e, &(0x7f0000000140))
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000100)={0x24d, 0xa, 0x0, 0x0, 0x3e, 0x180, 0x8, 0x0, {}, {}, {}, {}, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0)

2m48.19918228s ago: executing program 1 (id=458):
preadv(0xffffffffffffffff, 0x0, 0x0, 0x154, 0xf5ffffff)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fd5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f0000000040)="660f388106f34998460f1a6086da3f363e673e460fc77ebef2400fd6ee0f22c03e0fc75a8566470f3880649d050f3235004000000f30430f92c6", 0x3a}], 0x1, 0x44, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
writev(r0, &(0x7f0000000580)=[{&(0x7f0000000000)="2282", 0x2}], 0x1)

2m47.969547088s ago: executing program 1 (id=461):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000280)={'#! ', './file1'}, 0xb)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800003, 0x11, r0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
fallocate(r4, 0x0, 0x3, 0x10fff9)
lseek(r4, 0x802, 0x3)

2m45.698926901s ago: executing program 1 (id=469):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x5, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010003c85f6208"], 0x0)
pipe2$watch_queue(&(0x7f00000002c0), 0x80)
epoll_create(0x7)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
socket$inet6_dccp(0xa, 0x6, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x2, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
landlock_create_ruleset(&(0x7f0000003800)={0x0, 0x2, 0x1}, 0x18, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
socket$inet(0x2, 0x6, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYRES64=r0, @ANYRESHEX=r0], 0x20)

2m44.463130659s ago: executing program 1 (id=474):
pipe2$9p(&(0x7f0000000040), 0x80000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x38, r3, 0x5, 0x70bd2f, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffb}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000004}, 0xa040)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
recvfrom$inet6(r5, 0x0, 0x0, 0x10042, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_io_uring_setup(0x88b, &(0x7f0000000140)={0x0, 0xa34e, 0x8, 0x4, 0xbfdffffc}, &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x8, 0x0, 0x800, 0x2, &(0x7f00000000c0)="e070cbb7ee7cfcac201b348930fcdc6bec40b4cc3be918326e22b5a1b37d3d87a8e065be1f", 0x1ff, 0x0, 0x0, {0x3}})
io_uring_enter(r6, 0x47f6, 0x2000000, 0x2, 0x0, 0x0)

2m28.901267337s ago: executing program 32 (id=474):
pipe2$9p(&(0x7f0000000040), 0x80000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x38, r3, 0x5, 0x70bd2f, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffb}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000004}, 0xa040)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
recvfrom$inet6(r5, 0x0, 0x0, 0x10042, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_io_uring_setup(0x88b, &(0x7f0000000140)={0x0, 0xa34e, 0x8, 0x4, 0xbfdffffc}, &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x8, 0x0, 0x800, 0x2, &(0x7f00000000c0)="e070cbb7ee7cfcac201b348930fcdc6bec40b4cc3be918326e22b5a1b37d3d87a8e065be1f", 0x1ff, 0x0, 0x0, {0x3}})
io_uring_enter(r6, 0x47f6, 0x2000000, 0x2, 0x0, 0x0)

1m47.851081624s ago: executing program 4 (id=656):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
fanotify_init(0x200, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00')
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000840)={0x2, 0x3, 0x0, 0x2, 0xc, 0x0, 0x700, 0x0, [@sadb_address={0x3, 0x6, 0xb8, 0x0, 0x0, @in={0x2, 0x3, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x3, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e23, @dev}}, @sadb_key={0x2, 0x8, 0x8, 0x0, "b6"}]}, 0x60}, 0x1, 0x7}, 0x0)
r3 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write(r5, &(0x7f0000000340), 0x11000)
munmap(&(0x7f0000003000/0x4000)=nil, 0x4000)
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
read$FUSE(r1, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000140), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8041, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x800, 0x0, 0xfffffffffffffffe}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280), 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000000)={0x8000, r1}, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000000180)={0x6, 'dvmrp0\x00', {0x2}, 0xfe00})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000b00)={0x0, 'gretap0\x00', {0x2}, 0x80})

1m47.048920091s ago: executing program 4 (id=657):
r0 = add_key$keyring(&(0x7f0000000200), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000940)='asymmetric\x00', &(0x7f0000000900)=@chain={'key_or_keyring:', r0})
io_uring_setup(0x59b1, &(0x7f0000000100)={0x0, 0x6d37, 0x100, 0x10, 0xa6})
r1 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
socket(0x10, 0x803, 0x0)
close(r1)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r3, r2, &(0x7f0000002080)=0x64, 0x237)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

1m46.316763671s ago: executing program 4 (id=662):
r0 = add_key$keyring(&(0x7f0000000200), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000940)='asymmetric\x00', &(0x7f0000000900)=@chain={'key_or_keyring:', r0})
io_uring_setup(0x59b1, &(0x7f0000000100)={0x0, 0x6d37, 0x100, 0x10, 0xa6})
r1 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff)
r2 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x80, 0xfffffe00, 0x0, 0x2, 0x1, 0x1000000}})
execveat$binfmt(0xffffffffffffff9c, r1, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r4, r3, &(0x7f0000002080)=0x64, 0x237)
writev(r4, &(0x7f00000001c0)=[{&(0x7f0000000080)="f4", 0x1}], 0x1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_NOP={0x0, 0x12})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

1m45.421306251s ago: executing program 4 (id=669):
socket$inet6(0xa, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
prctl$PR_SET_SECCOMP(0x3d, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4)
socket$rds(0x15, 0x5, 0x0)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="0203100802"], 0x10}}, 0x0)
sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)
recvmmsg(r0, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400})

1m45.013337006s ago: executing program 4 (id=670):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200), 0x800)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
unshare(0x22020600)
socket$inet_udp(0x2, 0x2, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000000c0)={0x8, 0x1, 0x2, "3a7107ca5de21f000000f373000000e0ff00", 0x56595559})
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xff, 0x0, 0x0, 0x20, 0x572, 0xcb01, 0x663d, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x5b, 0xe8, 0xeb}}]}}]}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=@newsa={0x144, 0x10, 0x713, 0x0, 0x0, {{@in=@rand_addr=0x64010100, @in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xeb}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b}, {@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x2, 0x32}, @in6=@mcast2, {0x0, 0x0, 0xfffffffffffeffff, 0x0, 0x4, 0x6}, {0xfffffffffffff461, 0x0, 0x0, 0x10000}, {0x0, 0x2}, 0x70bd27, 0x0, 0x2, 0x1, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @mark={0xc, 0x15, {0x35075a, 0x4}}]}, 0x144}}, 0x800)
sendmsg$nl_xfrm(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[], 0x34c}}, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00030f14000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0x4b0}}, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x440, 0x0)
bind$inet6(r6, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r8, &(0x7f0000000080)="f5cf1d30f55a4eef6ef6c9ed0f805dc92caeb9be5b", 0x15, 0x80c0, 0x0, 0x0)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000003c0), r0)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)={0x18, r9, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x84}, 0x40000c0)

1m40.09659403s ago: executing program 4 (id=689):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
unshare(0x40020000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) (async)
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704", 0x8}], 0x1}, 0x48005) (async)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704", 0x8}], 0x1}, 0x48005)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r6=>0x0})
connect$can_j1939(r3, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840) (async)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0) (async)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[], 0x28}}, 0x0) (async)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[], 0x28}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140))
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000080)='/#!&*.\x00', &(0x7f00000000c0)='k', 0x1)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000100)=<r7=>0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10) (async)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
connect$inet(r8, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r8, 0x0, 0x0, 0xe61e2840a154b0c0, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10) (async)
sendto$inet(r8, 0x0, 0x0, 0xe61e2840a154b0c0, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0xfffffffffffffdea, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000041e5a54999a297586bdbdf25017c00000400368000000c00090000000000000000008d0000000000000000000000d38053688fa9e92693301efdc57aca2d7112ec24b2df146ebd3bb623192fd0f3fb80b0eb46aa41101d7dc2f9fa41ae58fa1f8ac2a8f9009407d7f9d514ec900857bfa37f0bf19df1458849bae799641fe856f42f372bf5b0d46d1ddf4c0bf9b08f2e64165512f985e2501307503d201756df21654fdfb8cddf818e3f706b5db4c03bab8254df6a139894a5d462884a942e70f6f4deeaf3949da6357eb2985ce0a57ba8ad943dc9d6f4309efcba55fb9784fddc62048649c706a4dd1836c56be71551ce09d5ec2fcfb5f5131f0416", @ANYRES32=r7, @ANYBLOB="1df074c70724cdf75f0b5313ab5b5991b999b32b2f88d39a8e6e88b1d395d2f35097736590d642e30b800d0d31682d125f33be17996b7ae2b8c833f1cb0d3d8216df5de26dc842aa6c03a3cef937c71f25c70c08e3b7765b4fa1bde4750c9518251d230004000180"], 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

1m25.04077178s ago: executing program 33 (id=689):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
unshare(0x40020000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) (async)
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704", 0x8}], 0x1}, 0x48005) (async)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704", 0x8}], 0x1}, 0x48005)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r6=>0x0})
connect$can_j1939(r3, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840) (async)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0) (async)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[], 0x28}}, 0x0) (async)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[], 0x28}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140))
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000080)='/#!&*.\x00', &(0x7f00000000c0)='k', 0x1)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000100)=<r7=>0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10) (async)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
connect$inet(r8, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r8, 0x0, 0x0, 0xe61e2840a154b0c0, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10) (async)
sendto$inet(r8, 0x0, 0x0, 0xe61e2840a154b0c0, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0xfffffffffffffdea, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000041e5a54999a297586bdbdf25017c00000400368000000c00090000000000000000008d0000000000000000000000d38053688fa9e92693301efdc57aca2d7112ec24b2df146ebd3bb623192fd0f3fb80b0eb46aa41101d7dc2f9fa41ae58fa1f8ac2a8f9009407d7f9d514ec900857bfa37f0bf19df1458849bae799641fe856f42f372bf5b0d46d1ddf4c0bf9b08f2e64165512f985e2501307503d201756df21654fdfb8cddf818e3f706b5db4c03bab8254df6a139894a5d462884a942e70f6f4deeaf3949da6357eb2985ce0a57ba8ad943dc9d6f4309efcba55fb9784fddc62048649c706a4dd1836c56be71551ce09d5ec2fcfb5f5131f0416", @ANYRES32=r7, @ANYBLOB="1df074c70724cdf75f0b5313ab5b5991b999b32b2f88d39a8e6e88b1d395d2f35097736590d642e30b800d0d31682d125f33be17996b7ae2b8c833f1cb0d3d8216df5de26dc842aa6c03a3cef937c71f25c70c08e3b7765b4fa1bde4750c9518251d230004000180"], 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

18.820550659s ago: executing program 2 (id=977):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='illinois\x00', 0x9)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000000)='\x00', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
socket$netlink(0x10, 0x3, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
shutdown(r0, 0x1)
syz_usb_connect(0x0, 0x3c3, 0x0, 0x0)

17.002313557s ago: executing program 2 (id=983):
socket(0x3, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000044c0), 0x141802)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r2, 0x40045402, &(0x7f0000004500))
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0xfffffffffffffffe}, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$VT_OPENQRY(r3, 0x5600, &(0x7f0000000100))
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
migrate_pages(0x0, 0x3, &(0x7f00000002c0)=0x2d, &(0x7f0000000280)=0xa)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYRESOCT=r4], 0x110}, 0x1, 0x0, 0x0, 0x884}, 0x4008880)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r8=>0x0})
bind$packet(r7, &(0x7f0000000300)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @remote}, 0x14)
bind$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
prctl$PR_MCE_KILL(0x21, 0x1, 0x1)
ioctl$I2C_PEC(r6, 0x708, 0x2)
ioctl$I2C_SMBUS(r6, 0x720, &(0x7f0000000100)={0x1, 0x4, 0x5, &(0x7f0000000080)={0x13, "14a6c63d876ff44271f1aca6e4482707dab7299602aed83463604d70b41d4008e3"}})

14.723301653s ago: executing program 3 (id=988):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1}, 0x18)
fcntl$dupfd(r0, 0x406, r0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7279, 0x0, 0x4, 0x18e}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x3516, 0x0, 0x1000000, 0x0, 0x0)

14.574534552s ago: executing program 2 (id=990):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
fallocate(r2, 0x0, 0x3, 0x10fff9)
lseek(r2, 0x802, 0x3)

14.354828187s ago: executing program 3 (id=992):
r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='cgroup\x00')
preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000480)=""/128, 0x80}], 0x1, 0x12e, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001440), 0x2202, 0x0)
io_setup(0x104, &(0x7f0000000180)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f00000006c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x4, r2, &(0x7f0000000000)="12", 0x1, 0x3e80000000}])
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES64=r0, @ANYBLOB="1300"/12, @ANYRES32=0x0, @ANYBLOB="c9bd384e9662"], 0x20)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}, 0x1})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_open_dev$video4linux(&(0x7f0000000240), 0x5, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r6, 0xc0305602, &(0x7f0000000180)={0x0, 0x10})
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
fsopen(&(0x7f00000000c0)='adfs\x00', 0x1)
r8 = socket$inet6(0xa, 0x2, 0x0)
r9 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r9, 0x114, 0x6, 0x0, 0xd)
setsockopt$inet6_int(r8, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
setsockopt$inet6_IPV6_HOPOPTS(r8, 0x29, 0x36, &(0x7f0000000080)=ANY=[], 0x8)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r8, 0x29, 0xb, &(0x7f0000000040)=0x7, 0x4)
recvmmsg(r8, &(0x7f0000001040)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x10183, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r8)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_EXTERNAL_AUTH(r5, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x84, r10, 0x400, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x5, 0x3}}}}, [@NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac=@device_b}, @NL80211_ATTR_PMKID={0x14, 0x55, "1a4fcd658460799c913f21333ce84d6e"}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x5d}, @NL80211_ATTR_PMKID={0x14, 0x55, "9fd758d072963f4820b6e7336b18256e"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PMKID={0x14, 0x55, "030878b92592d7d4002b9a690368d1a9"}]}, 0x84}, 0x1, 0x0, 0x0, 0x41}, 0x24004000)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)={0x34, r7, 0x303, 0x0, 0x0, {0x13}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)

13.202501563s ago: executing program 3 (id=994):
r0 = socket$igmp(0x2, 0x3, 0x2)
socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x3, 0x8000000003c)
socket(0x3, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x200f, 0xfffffffffffffffe}, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106161154d00000000000109022400010000000009040400010300000009210000000122f80409058103"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000340)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = getpid()
syz_pidfd_open(r4, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1})
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
ioctl$VIDIOC_QBUF(r5, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0xe4})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mremap(&(0x7f0000536000/0x2000)=nil, 0x2000, 0x400000, 0x0, &(0x7f000082a000/0x400000)=nil)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x9, 0x3, 0x288, 0x108, 0xffffffff, 0xffffffff, 0x108, 0xffffffff, 0x1f0, 0xffffffff, 0xffffffff, 0x1f0, 0xffffffff, 0x3, &(0x7f0000000040), {[{{@uncond, 0x0, 0xc0, 0x108, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xd}}, @inet=@rpfilter={{0x28}, {0x11}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@private=0xa010100, 'bridge_slave_0\x00', {0x9}}}}, {{@ip={@broadcast, @private=0xa010101, 0x0, 0xff000000, 'geneve0\x00', 'macvtap0\x00', {0xff}, {0xff}, 0x449924134447b7a7, 0x2, 0x48}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@icmp={{0x28}, {0xb, "a763", 0x1}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x3000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f0000000100)=@urb_type_control={0x2, {}, 0x0, 0x44, &(0x7f0000000080)={0x2, 0x3, 0x37, 0xfff8}, 0x8, 0x20, 0x3, 0x0, 0x4c1, 0x404, 0x0})

10.912099847s ago: executing program 5 (id=996):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r1, 0x3ba0, &(0x7f00000001c0)={0x48, 0x4, 0x0, 0x0, 0xda, &(0x7f0000000080)="89757f7b55533e60bbda5314eca8fa00c9116cc70e3b80f5dd1d7bf369711efc069bb80ddc015b1257983a9349ce3ed8d64b2f8ffd1b543ad7ab77ff9ab545fe187608adeb17254d34084c13e253984d7e95731a7edfa88cebeef753aaaa76cfd3dc33a78b760a0a380a29a369381bd39dcda30c7623928ae2e4107b339964f94f5232221d5c135dd05f0ea8991dae60257832feeb45b0d4d9e2926c324f9a57e765a4280245af931a368e3dfd45dab2948398d176b5fe904eda40d9ff8e4e2dee4907d5d9913f26ed6168407e2367358cafd558df8018b9c781", 0x7})
r2 = syz_io_uring_setup(0x235, &(0x7f00000002c0)={0x0, 0x4533, 0x40, 0x2, 0x2b1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x201}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
r7 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88"], 0x0)
pipe(&(0x7f0000001240)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_CREATE_ID(r8, 0x0, 0x0)
sendfile(r9, r6, 0x0, 0x24)

10.01426337s ago: executing program 2 (id=999):
r0 = syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x480a00)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, 0xffffffffffffffff)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
setns(r2, 0x8020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x8800, &(0x7f0000001dc0)={0xf, 0x84, 0x40000}, 0x20)
syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x480a00) (async)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, 0xffffffffffffffff) (async)
getpid() (async)
syz_pidfd_open(r1, 0x0) (async)
setns(r2, 0x8020000) (async)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x8800, &(0x7f0000001dc0)={0xf, 0x84, 0x40000}, 0x20) (async)

9.358819739s ago: executing program 2 (id=1001):
socket$inet6_sctp(0xa, 0x801, 0x84)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x80, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
setsockopt(r3, 0x84, 0x80, &(0x7f0000000000)="f89fcfb587a4792b", 0x8)
socket$inet6(0x10, 0x80000, 0x3)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r4, 0xc058560f, &(0x7f00000001c0)=@mmap={0x0, 0x1, 0x4, 0x20, 0x0, {0x77359400}, {0x4, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x291d, 0x1, {}, 0x5})
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000100)=0x1)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0x40086602, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x200, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0xf}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=@newtfilter={0x38, 0x2c, 0xd2b, 0x10000, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x1}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x16}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x893}, 0x24040084)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)

8.944104264s ago: executing program 2 (id=1002):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x182)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e24, 0x7b2f, @private0, 0x9}, 0x1c)
sched_setscheduler(0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x3b, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000ec13b2106d04d308280b0102030109022900010000000009046900000e010000082402010202"], 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r2 = socket$kcm(0x29, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES16=r2], 0x48)
socket$inet6(0xa, 0x80803, 0x87)
syz_emit_ethernet(0x5e, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd603000bb00282b00fc020000000000000000000000000000fe8000000000000000000000000000aa87"], 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000100)={'syz0\x00', {}, 0x2b, [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x800, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x20, 0x401, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x100000, 0x4000000, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xffffe, 0x0, 0x0, 0x0, 0x3, 0x0, 0x401, 0x0, 0x0, 0xc, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x0, 0x0, 0xffffffff], [0x2, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x4ca, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d93, 0x4, 0x0, 0x3, 0x4, 0x4, 0x0, 0x409, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180d, 0xfffffffd, 0x1, 0x0, 0x0, 0x80, 0x0, 0x0, 0x58000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x10000000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffe, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0xd9be, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x553, 0x0, 0x0, 0x0, 0x3, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xb0d, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x7f, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0xef86, 0x0, 0x0, 0xacc]}, 0x45c)
ioctl$UI_DEV_SETUP(r3, 0x5501, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0xff04, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
read(r3, &(0x7f00000007c0)=""/4096, 0x1000)
write$input_event(r3, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f687372000000001400010076657468315f766c616e"], 0xfc}}, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r7, 0x8970, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @multicast2}}}})
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff038}, {0x6, 0x37, 0x0, 0x9}]}, 0x10)

7.926166705s ago: executing program 3 (id=1004):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002840)=ANY=[], 0x48}}, 0x1004c000)
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
write$tcp_mem(r2, &(0x7f00000001c0)={0x1, 0x20, 0x7f, 0x20, 0x6}, 0x48)

7.839247003s ago: executing program 6 (id=1005):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000000140)={0x10, 0x0, 0x25dfdbfe, 0x1}, 0xfffffffffffffe55)
bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfe, 0x4}, 0xc)

7.762748588s ago: executing program 0 (id=1006):
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/netfilter\x00')
fchdir(r0)
r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x3f2e}, 0x8, 0x0)
landlock_restrict_self(r1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc})
openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x20042, 0x30)

7.687128763s ago: executing program 6 (id=1007):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
io_setup(0xffff, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000140)=ANY=[], 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_PROTOINFO={0x8, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0x4}}, @CTA_TUPLE_REPLY={0x38, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}]}, @CTA_TIMEOUT={0x8}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x2}]}, 0x64}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000000000000040008000000000", @ANYBLOB="feffffff00"/14, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300"/14], 0x50)
keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/51, 0x33, 0x0)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4})
r4 = gettid()
r5 = syz_io_uring_setup(0x17af, &(0x7f0000000500)={0x0, 0xbc48, 0x13290, 0x0, 0x1e1}, &(0x7f0000000300)=<r6=>0x0, &(0x7f0000000340)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r5})
io_uring_enter(r5, 0x1, 0x2, 0x1, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r4}, &(0x7f0000bbdffc)=<r8=>0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, 0x0, 0x300, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0xa001)
timer_settime(r8, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
ioctl$FBIOGETCMAP(r3, 0x4604, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)

7.626788133s ago: executing program 3 (id=1008):
openat$ppp(0xffffffffffffff9c, &(0x7f0000000580), 0x4040, 0x0)
r0 = getpid()
r1 = syz_open_procfs(r0, &(0x7f0000000ac0)='net/igmp\x00')
openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x41)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x804, 0x6, 0xfffa}, 0x3d, [0x6, 0xc95a, 0xfffffff3, 0x8, 0x80, 0x2, 0x1, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0xa, 0x0, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x7, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xfffffffe, 0xfffffffe, 0x1f461e2c, 0x3, 0xe661, 0x4, 0x1000007, 0x3, 0x8001, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0xa, 0x7, 0x103, 0x0, 0x5, 0x3d, 0x8f, 0x6, 0x1, 0x4, 0x5, 0x4, 0x5, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x1000], [0x10000007, 0xffff, 0x12b, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0x3, 0xf9, 0xd, 0x2bf, 0x6c9, 0x1ff, 0xfffffffe, 0x3, 0x0, 0x7, 0x10000005, 0x2f, 0xe, 0x313, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x80, 0x5, 0x400, 0x1, 0x6, 0x400001, 0xff, 0x1005, 0x7ff, 0x4f31, 0x4, 0xffffffff, 0x6, 0x1000004, 0x9, 0x4, 0x9, 0xfffffff7, 0x9, 0x7, 0x5, 0x0, 0x3, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x8, 0x3, 0x4, 0x1, 0x7, 0x6, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x1, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x7fff, 0x5, 0x5, 0x0, 0x1ef, 0x9, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0x8, 0x9, 0x2, 0x60002, 0xf, 0x8, 0x84, 0x6d01, 0x5, 0x3b, 0x2, 0x200, 0x80, 0x3, 0x4, 0x8, 0x0, 0xa2, 0x7, 0x53cf697b, 0x8, 0x4, 0x54fe12da, 0xbf, 0x5, 0x101, 0x400000, 0xfffffff9, 0x0, 0x1, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb31, 0x3, 0xd6f, 0x5, 0x938, 0x6, 0x6, 0x55bf, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x3, 0x104, 0x80000000, 0x6, 0x7fff, 0x8ffff, 0xa61c, 0x2, 0x5, 0x1, 0xfffffff8, 0x8000014c, 0x60a7, 0x6, 0x2, 0xffffffff, 0x80000003, 0x5, 0x8, 0xff, 0x103, 0x3, 0xffff, 0xffffffff, 0x8, 0x100, 0x6, 0xa, 0x2, 0x4, 0x6, 0x1, 0xc4d9, 0x3, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c0b, 0x0, 0x1, 0x5, 0xb1c, 0x1, 0x1fc, 0xfff, 0xffffffff]}, 0x45c)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=@canfd={{}, 0x80, 0x2, 0x0, 0x0, "0e7692fddc9d8ba5a0ac79669b2947a81f2e3c8973fc2af2a7fa10b9126ea28baed9b57d82ab23db557c307ae88da9c6c68d8ceae8e69b06707297b87f8c925a"}, 0x48}, 0x2, 0x0, 0x0, 0x4105}, 0x0)
write$char_usb(r2, &(0x7f0000000040)="e2", 0x918)
pread64(r1, &(0x7f0000000240)=""/76, 0x4c, 0x33c)
r3 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000800)={{0x12, 0x1, 0x0, 0x96, 0x5d, 0x6, 0x40, 0x133e, 0x815, 0x7e66, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x87, 0x28, 0x0, [], [{{0x9, 0x5, 0x5, 0x3}}]}}]}}]}}, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff020}, {0x6}]}, 0x10)
listen(r4, 0x5)
setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f00000005c0)='wg1\x00', 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r6, &(0x7f0000000140), 0x10)
ioctl$SIOCGSTAMPNS(r6, 0x8907, 0x0)
sendmsg$can_bcm(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="050000000300000000000000", @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
read(r6, &(0x7f0000001480)=""/4096, 0x38)
syz_usb_control_io$uac1(r3, &(0x7f0000000740)={0x14, &(0x7f0000000600)={0x0, 0x1, 0x45, {0x45, 0x5, "7f25f1bda7ba727ff8614622b93a599b6f53e3147143fbdaefa6c7177d04a64c6805d40b473e3f1f992ec60fd566ca10e25fa071dc0a3fcd2115e60b745e6cec04d6cc"}}, &(0x7f0000000680)={0x0, 0x3, 0x84, @string={0x84, 0x3, "dec53a3737dcf1c866384deece9896e19e18911d006e65494c8368d72aaed9bd45e16db7c1cfc7cf0ca563033da44b0dcf3219de6c294a7ee9b5e9bcc56e35542e885f1a5a7501e6e9a2db403d9ffe64b90c896996bb8fe322bfa30a268ee3404c9ed81bd2f206695d2f9200a9cfa670df69d0ba6bb176a01f3dc85314c32451d9b9"}}}, &(0x7f0000000a40)={0x44, &(0x7f0000000840)={0x0, 0x16, 0x99, "24a38c8904a1afee5aebac3f5741a0ff936b58d809c1a95a837f86e4277e6b3146b0744224ec4449ab5c1ea5fe9bfd76e73276d36e90d1d539875742c0f5b39f2ed0842e1eeb59da081b97a0b793a5b220fbeb7bbde1273680bf91fb203332efa95e965178c23e581e123bd9205186ea1fe6db04e816bf9b33a5625768cc109ef2c029311310de59c8e29e26aba057e0eed0df23944b5555ac"}, &(0x7f0000000780)={0x0, 0xa, 0x1, 0x9}, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000900)={0x20, 0x81, 0x2, "9f80"}, &(0x7f0000000940)={0x20, 0x82, 0x3, "55f9d7"}, &(0x7f0000000980)={0x20, 0x83, 0x1, "f8"}, &(0x7f00000009c0)={0x20, 0x84, 0x3, "911bb3"}, &(0x7f0000000a00)={0x20, 0x85, 0x3, "ec0e88"}})
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r8 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r8, 0xc0184800, &(0x7f0000000100)={0x4004, r7, 0x2})
sendmmsg$inet_sctp(r4, &(0x7f0000003140)=[{&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000200)="1b", 0x1}], 0x1, &(0x7f0000000480)=[@prinfo={0x18, 0x84, 0x5, {0x30, 0x6}}], 0x18, 0xc050}], 0x1, 0x1)
sendmsg$kcm(r1, &(0x7f0000000540)={&(0x7f0000000000)=@caif=@dgm={0x25, 0xe4, 0x8}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000080)="e2dc8047b578f25d59fa29874659e6f4523af6a20a7a69d0b67832f15c3239051ffa8fd0093d4183445917014b286d7eb10d172973b89c9bded5155a4f4284a384dbbf0a2c669b1fcdb207bda00e3081eaf02943269c6daca49b52040b16ff19e05e03afc40768dc45834c6ea220d0cea8394a53d4581e58c7ac6a06c05bda0ef169217bcc04b6f6baa3e585a7761d43e22dcee45f10c4ed1d06b13c2798f4af7909a4c3024e0df2c11412dee096b404521a65c6760268108f34cfde4b1acd5efa19fe00d81cf55725be42fba7c8d6fc5abf48", 0xd3}, {&(0x7f0000000180)="fddb2f6b120eb3afcc39685946004f302bec44e0b09630f6b40ca7baa639aceb3d6eca534cb0557c12325e796fa41c59f40671169c29425e3860251e37b667780ed64d6181f4f27cc9dc83e44951a74dd8d7720177f782be85f49dc59d6b8983ed6c0478bfdd13a63c158f92ee10ef9cec5c067f208b9eadb95e484a34bf590e7fde7df590c051f90b7791a54e74d73a4cb522f5ea1bdea459", 0x99}, {&(0x7f00000002c0)="a29b624da9b01ace6d3befcdc644a409054112d2ff764b0bd8d0ae5b3ef8087a8a53be9a19ae00569e3347ba08574383b7a9fa31d4dfda69d3f831ec8dd81e", 0x3f}, {&(0x7f0000000300)="9ecabbd646ae357defcaf20c81698bc049c855c543349950e9ae0241dff42142b56364bfcd1d3f5ccbb5391aecd97ba5c5ce34b53ab3ab7d3d57e10adfead2cd379882bdd88e84083f23140049ce2a788b17eda8805743ab43d6d4e910247d97e379985fd071bd9213d81ccf370be4bb518bccd7c99fa0ae80284dd37e336f2520fbd5f5caa932da7328f54b27eab1693efc22b2b368f15402587a7fe0aadfe019b9ee010a4a3dc6b85d819b3bc991e9384b6cd8d8a67cd61a37ed5e", 0xbc}, {&(0x7f00000003c0)="58ee400b022e54e6464e17a979a1b310abd8a3d1ee0a32cfb8645c4c7751bc3279faaf6ede4c6166281232fec3d4c885b6ba59bae76007143e41773cf3486dc7dd4568de797b2d", 0x47}], 0x5, &(0x7f00000004c0)=[{0x70, 0x10f, 0x1000, "931dd79dbf989b45ccbc5f1967211d72ad3a59abc4bcf4ab0070ed466b5a1e62b2a2e7d2e8f91c47bbbedbb589bb51bcebf0d21631075b1483add41c448b44d1eb6d649ff428661aaf95a07af4277cdc50368ec51135ce020f24"}], 0x70}, 0x20000000)

7.55659081s ago: executing program 5 (id=1009):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
fallocate(r2, 0x0, 0x3, 0x10fff9)
lseek(r2, 0x802, 0x3)

7.283245816s ago: executing program 0 (id=1010):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f0000000140)={'filter\x00', 0x0, 0x3, 0xbb, [0x6, 0x4, 0xc, 0x3, 0x4, 0x7fff], 0x2, &(0x7f0000000080)=[{}, {}], &(0x7f0000000200)=""/187}, &(0x7f00000000c0)=0x78)
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_int(r1, 0x29, 0xd1, &(0x7f0000000300)=0x8000001, 0x4)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x143002, 0x9813eadff76cb9d3)
r3 = socket(0x8000000010, 0x2, 0x0)
write(r3, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f000009", 0xf9)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0x609002, 0x0)
fcntl$getflags(r6, 0x3)
sendto$inet(r5, &(0x7f0000000040)='\f\x00', 0x2, 0x0, &(0x7f0000000340)={0x2, 0x2}, 0x10)
ioctl$sock_inet_SIOCSARP(r4, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}})
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r7, 0x2000085, 0x81, &(0x7f00000003c0)="4262020100000000000005f31b69c708fa00", 0x12)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x34, 0x2, 0x3, 0x301, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x15}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x7}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x1d}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
io_uring_enter(r2, 0xa7, 0xa9e4, 0x18, &(0x7f0000000340)={[0x3]}, 0xffffffffffffff67)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e21, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0xff}, 0x1c)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000000))

5.973599705s ago: executing program 0 (id=1011):
r0 = socket$igmp(0x2, 0x3, 0x2)
socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x3, 0x8000000003c)
socket(0x3, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x200f, 0xfffffffffffffffe}, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106161154d00000000000109022400010000000009040400010300000009210000000122f80409058103"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000340)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = getpid()
syz_pidfd_open(r4, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1})
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
ioctl$VIDIOC_QBUF(r5, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0xe4})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mremap(&(0x7f0000536000/0x2000)=nil, 0x2000, 0x400000, 0x0, &(0x7f000082a000/0x400000)=nil)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x9, 0x3, 0x288, 0x108, 0xffffffff, 0xffffffff, 0x108, 0xffffffff, 0x1f0, 0xffffffff, 0xffffffff, 0x1f0, 0xffffffff, 0x3, &(0x7f0000000040), {[{{@uncond, 0x0, 0xc0, 0x108, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xd}}, @inet=@rpfilter={{0x28}, {0x11}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@private=0xa010100, 'bridge_slave_0\x00', {0x9}}}}, {{@ip={@broadcast, @private=0xa010101, 0x0, 0xff000000, 'geneve0\x00', 'macvtap0\x00', {0xff}, {0xff}, 0x449924134447b7a7, 0x2, 0x48}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@icmp={{0x28}, {0xb, "a763", 0x1}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x3000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
eventfd(0x4)
r6 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000100)=@urb_type_control={0x2, {}, 0x0, 0x44, &(0x7f0000000080)={0x2, 0x3, 0x37, 0xfff8}, 0x8, 0x20, 0x3, 0x0, 0x4c1, 0x404, 0x0})

4.183493571s ago: executing program 6 (id=1012):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x82, 0x42081)
ioctl$I2C_TIMEOUT(r1, 0x702, 0xfffffffffffffffc)
r2 = syz_usb_connect(0x5, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="120110019bde521023398a71d7d80102030109022400010509401909047b07022d51d5980905eb0220000202050905e6"], 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYRES64=r2, @ANYRES32=0x0, @ANYBLOB="00000100"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="01007c165693ef37f819e7ee0000000000000000000000000000002000000000008dfcf10659e187f1aa76c2435901eeff0f46e03b1d23e51d44cb412517384c90f20d3ad2a6021db15f0f45a796b5ade59fd7dd44563940e2f96e506953c8953a8a9fe2930f4fa6e42dd9c1f2626deb6278d6a619ef8d16ac7da0a14d"], 0x50)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'erspan0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="480000001400030400000000000000000a3f0000", @ANYRES32=<r9=>r8, @ANYBLOB="14000200ff2300000000000000000000000000011400060000000000060000000000000000000000080008000004"], 0x48}}, 0x40)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES16=r9, @ANYRES32=r6, @ANYBLOB="0008000000000000200012800b00010065727370616e00000004001200"], 0x40}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r3, 0x2c9ab000)
sendmsg$key(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x10}}, 0x40044)
openat$dir(0xffffffffffffff9c, &(0x7f0000000600)='./file0/file0\x00', 0x1a3500, 0x4)
r10 = syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2)
syz_usb_connect(0x0, 0x41, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000d22a6640da0320283c520000000109022f0001000000000904000000ef040100052406000105240000000d240f0100518e34d2be"], 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r10, 0xc0145608, &(0x7f00000000c0)={0xfc, 0x2, 0x4})
ioctl$vim2m_VIDIOC_EXPBUF(r10, 0xc0405668, &(0x7f0000000100)={0xa788cd7c1b402ab8, 0x1, 0x2, 0x84000})
r11 = syz_open_dev$vbi(&(0x7f0000000140), 0x0, 0x2)
ioctl$VIDIOC_QUERYBUF_DMABUF(r11, 0xc0585609, &(0x7f0000000000)={0x8, 0x6, 0x4, 0x800, 0x1, {0x0, 0xea60}, {0x1, 0xc, 0xb, 0x4, 0x6, 0x91, "7ceff579"}, 0x3, 0x4, {}, 0x5})
r12 = io_uring_setup(0x1694, &(0x7f0000000080)={0x0, 0x639f})
io_uring_register$IORING_REGISTER_BUFFERS(r12, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r12, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000003740)=""/4096, 0x1900}], 0x0, 0x11a}, 0x20)
r13 = socket$inet6(0xa, 0x2, 0x0)
execve(&(0x7f0000000400)='./file0\x00', &(0x7f00000001c0)={[&(0x7f0000000100)='/[:+&\x00', &(0x7f0000000140)='*\x00', &(0x7f0000000180)='#*[-$\x00']}, &(0x7f0000000580)={[&(0x7f0000000300)='.-\x00', &(0x7f0000000240)=':&G\x00', &(0x7f0000000380)='#]\x00', &(0x7f0000000440)='%@-\x00', &(0x7f0000000280)='\x00', &(0x7f0000000900)='\x00\xb7\xad\x12\x9e\xf6\x86\xfd\xd9\x85\xd7d\xbf\xe5&D/\xa7\xf0\aW/~\xc2\x19eF\xfe\xed\xf4n\x82E\xd8\xe5\xad\xf9#m=Oi\x19\xb6s\x96\xe7\x9f\xcd\x1f?\x18YI\xfe\x04\xf2\x16P\x1f\xda\x17\x8f\xfb\xb9\x96\'\xb4\xf0\x86\xfd\xffF\xb5\x1e\xc0\xba\xb1\xea\x9d\xefo\x84\xe9\xb0\xc7\xba\xa0\xf4\xb3h>>\x89\x9c[\xb6]t\xa4\xce\x82\x15\xe7\xc7\xc3\x00\xce\x82w\xd2\x0f\xac\x1b\x86\x0f\\\xb3\xb8\xee\xa6\x11\x81-\xea\x87\xb7%[\xf0\xeag\xc0\xe6\xb8\xcc2\xa3\x87\xd1\xe7\x9f\x94f,\xc1\xdf5\xa90\x8b\xbb]\xea}\x9b\xc4\x0e\x10\xfd\xc1\x1fU\xc2:\x9f\xb1(\x00[*9C\x99\x96\x80\xc0', &(0x7f00000004c0)='\x00', &(0x7f00000009c0)=' \x7f\xfa\x80\xab\x9a\b\xa2\xd9uH\xba\x8bw},\x00\xaeT\xffT_\a\x8b\xb8a\xc7\nl\x91\xecy\x15\x10\xecb\x1e\x15\xf3\x99a\x9aDLq\xaa\x9fFp\xcf#\xcd\x96U\x89\x1f\xf7\x1c\x9d\xb1\xb8\x86\x84\xe9fP\xcd\x00P\xc1z\x90\xf8a\xad\xf0&i\xf0\xa6\x0f\xb4\xdf\\\xefC\x1b\x8fq$\"\x1b\xe9S\xaa:\xec\xd2~bJ{\x80Z\x10\x8d\x91R\x94\xe0\xdd\xe8\xe1/g\a\x9d\xfe.\xad8l\xe0\x7ff\xac\x98\a\x93y\xc04?y\xc3\xfal5\xc6\xb6+\xdb\xedr\x14\xe3\x18<:\xd4P\xdb\xe5BP\xb1+>m+e\xbf\xe0\xe0', &(0x7f0000000340)='\x00', &(0x7f0000000540)='}&@\x00']})
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000000208050000000000000000000a00000545f3ede489f4c735a77562946de5569173ce2abcd01ffe300f6f2013968062ba81b7749ea8a444bf2cd2b7453fb92c953854532967529ce5e057fc9288f68b49b9c326805743df419ac649d52eba7e04fe89aca74b2f24e250b8b9aa3e180b25ebeb579eb387b25892f4f947172822cfb4570915fdc40e266d6eb9b2f4a4225e036c6adc9a36d0f294afd1d0f1fabc77"], 0x14}, 0x1, 0x0, 0x0, 0x4008020}, 0x4010)
syz_emit_ethernet(0x1f, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffff000000e8ff000011424203"], 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r13, 0x29, 0x23, &(0x7f0000000800)={{{@in=@multicast1, @in=@local, 0x0, 0x56, 0x0, 0x0, 0xa}, {0x7, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffe, 0x2000000, 0x2}, {0x1, 0xfffffffffffffffd, 0xff}, 0x1, 0xfffffffc, 0x1}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x2b}, 0x2, @in=@broadcast, 0x3507, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r13, &(0x7f0000000640)={0xa, 0x0, 0x0, @loopback}, 0x1c)

3.763021057s ago: executing program 5 (id=1013):
r0 = add_key$user(&(0x7f0000000480), &(0x7f0000000000)={'syz', 0x1}, &(0x7f0000000600)="5fce607c8ee5dacbb71c397174e2", 0xe, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
r2 = add_key$user(&(0x7f0000006400), &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000680)="3e12d23d", 0x4, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r2}, 0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x15)
getsockopt$SO_COOKIE(r3, 0x1, 0x47, &(0x7f0000000240), &(0x7f0000000300)=0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x3)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_usbip_server_init(0x3)

2.370571535s ago: executing program 3 (id=1014):
socket(0x3, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000044c0), 0x141802)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r2, 0x40045402, &(0x7f0000004500))
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0xfffffffffffffffe}, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$VT_OPENQRY(r3, 0x5600, &(0x7f0000000100))
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
migrate_pages(0x0, 0x3, &(0x7f00000002c0)=0x2d, &(0x7f0000000280)=0xa)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYRESOCT=r4], 0x110}, 0x1, 0x0, 0x0, 0x884}, 0x4008880)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r8=>0x0})
bind$packet(r7, &(0x7f0000000300)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @remote}, 0x14)
bind$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
prctl$PR_MCE_KILL(0x21, 0x1, 0x1)
ioctl$I2C_PEC(r6, 0x708, 0x2)
ioctl$I2C_SMBUS(r6, 0x720, &(0x7f0000000100)={0x1, 0x4, 0x5, &(0x7f0000000080)={0x13, "14a6c63d876ff44271f1aca6e4482707dab7299602aed83463604d70b41d4008e3"}})

1.882427428s ago: executing program 0 (id=1015):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/config', 0x0, 0x1ce)
utimensat(r0, &(0x7f0000001280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x100)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8983, &(0x7f0000000000)={0x8, 'batadv0\x00', {'veth1_to_batadv\x00'}, 0x2})
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000100)={@loopback, @rand_addr, <r2=>0x0}, &(0x7f0000000140)=0xc)
pipe2$watch_queue(&(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000440)={r0, r3})
sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="b40000006c0004002abd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0898000080400100240012800b000100677265746170000014000280050009000300000005001600010000000a000100aaaaaaaaaabb00000800200000080000540034801400350076657468315f766972745f7769666900140035006c6f0000000000000000000000000000140035006d6163767461703000000000000000001400350067656e6576653100000000000000000008000a00", @ANYRES32=r2, @ANYBLOB="3592"], 0xb4}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r4 = syz_io_uring_setup(0x13f7, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0xc0}, &(0x7f00000002c0), &(0x7f0000000640))
connect$inet(r0, &(0x7f0000000380)={0x2, 0x4e25, @multicast2}, 0x10)
io_uring_enter(r4, 0x47bc, 0x20, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000340)={0xeb3, 0x7fff, {0xffffffffffffffff}, {<r5=>0xffffffffffffffff}, 0x7, 0x3})
quotactl_fd$Q_QUOTAOFF(r4, 0xffffffff80000302, r5, 0x0)
sendmmsg$inet6(r1, &(0x7f0000000780)=[{{&(0x7f0000001140)={0xa, 0x4e23, 0x0, @private2, 0x2}, 0x1c, &(0x7f0000000080)=[{&(0x7f00000011c0)="99", 0x1}], 0x1}}, {{&(0x7f0000000240)={0xa, 0x4e22, 0xb7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000400)="f64c8fd3e81287", 0x7}], 0x1}}], 0x2, 0x0)

1.815246609s ago: executing program 5 (id=1016):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='illinois\x00', 0x9)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000000)='\x00', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
socket$netlink(0x10, 0x3, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
shutdown(r0, 0x1)
syz_usb_connect(0x0, 0x3c3, 0x0, 0x0)

1.597585777s ago: executing program 0 (id=1017):
r0 = socket(0x10, 0x3, 0x0)
mknod$loop(&(0x7f0000000080)='./file0/file0\x00', 0x8000, 0x0)
execve(&(0x7f0000019100)='./file0\x00', 0x0, 0x0)
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
chown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r1 = getpid()
fcntl$lock(r0, 0x25, &(0x7f00000000c0)={0x1, 0x3, 0x4, 0x8, r1})
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x4}, 0x10)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x6, 0x2)
ioctl$vim2m_VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f0000000140)={0x1, @pix={0x3, 0x5, 0x30314742, 0x1, 0x0, 0xffffffff, 0x9, 0x7, 0x0, 0x3, 0x2}})
write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200020000", 0x1c)

1.388734253s ago: executing program 6 (id=1018):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
socket(0x2, 0x80805, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x5, 0x141101)
socket$inet6_udp(0xa, 0x2, 0x0)
dup(r0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet(0x2, 0x3, 0x2)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r3}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

1.178846602s ago: executing program 0 (id=1019):
r0 = socket$igmp(0x2, 0x3, 0x2)
socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x3, 0x8000000003c)
socket(0x3, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x200f, 0xfffffffffffffffe}, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106161154d00000000000109022400010000000009040400010300000009210000000122f80409058103"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000340)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = getpid()
syz_pidfd_open(r4, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1})
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
ioctl$VIDIOC_QBUF(r5, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0xe4})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mremap(&(0x7f0000536000/0x2000)=nil, 0x2000, 0x400000, 0x0, &(0x7f000082a000/0x400000)=nil)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x9, 0x3, 0x288, 0x108, 0xffffffff, 0xffffffff, 0x108, 0xffffffff, 0x1f0, 0xffffffff, 0xffffffff, 0x1f0, 0xffffffff, 0x3, &(0x7f0000000040), {[{{@uncond, 0x0, 0xc0, 0x108, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xd}}, @inet=@rpfilter={{0x28}, {0x11}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@private=0xa010100, 'bridge_slave_0\x00', {0x9}}}}, {{@ip={@broadcast, @private=0xa010101, 0x0, 0xff000000, 'geneve0\x00', 'macvtap0\x00', {0xff}, {0xff}, 0x449924134447b7a7, 0x2, 0x48}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@icmp={{0x28}, {0xb, "a763", 0x1}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x3000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f0000000100)=@urb_type_control={0x2, {}, 0x0, 0x44, &(0x7f0000000080)={0x2, 0x3, 0x37, 0xfff8}, 0x8, 0x20, 0x3, 0x0, 0x4c1, 0x404, 0x0})

1.076836767s ago: executing program 6 (id=1020):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x80000000000008, &(0x7f0000000040)='@', 0x1)
getsockopt$bt_hci(r0, 0x0, 0x2, &(0x7f00000000c0)=""/115, &(0x7f0000000140)=0x73)
r1 = socket(0x1e, 0x4, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x22d81, 0x0)
r2 = socket$kcm(0xa, 0x1, 0x106)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4)
sendmsg$kcm(r2, &(0x7f00000019c0)={0x0, 0x0, 0x0}, 0x24004059)
close(r2)
getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x89, &(0x7f0000000000), &(0x7f0000000180)=0x4)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000140)={0x0, 0x5, 0x0, 0x0, 0x1, "5a5f0020008a3fc945e8724a114177ffffef00"})
r5 = syz_open_pts(r4, 0x0)
r6 = dup(r5)
ioctl$TCGETS2(r6, 0x802c542a, &(0x7f0000000040))
openat$nvram(0xffffffffffffff9c, &(0x7f0000000180), 0x399b40, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@empty, @in=@multicast1}}, {{@in=@local}, 0x0, @in=@private}}, &(0x7f0000000380)=0xe8)
getsockopt$inet_opts(r0, 0x0, 0x9, 0xffffffffffffffff, &(0x7f0000000000)=0x28)
syz_emit_ethernet(0x7e, &(0x7f0000000300)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "018100", 0x48, 0x11, 0x0, @local, @local, {[], {0x4e20, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x2, "88c73b21f267636d01dbe5712c1c941e1cdafbbb43f09c70", "e13808ca72381f41e5fff9620915b6f78670dfaf9a2038083179cf6b7931c9b4"}}}}}}}, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)

914.916499ms ago: executing program 5 (id=1021):
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0)
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
close(0xffffffffffffffff)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r2, r1, &(0x7f0000002080)=0x64, 0x237)
writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000080)="f4", 0x1}], 0x1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_NOP={0x0, 0x12})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

687.344494ms ago: executing program 6 (id=1022):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000280)={'#! ', './file1'}, 0xb)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
poll(&(0x7f0000000000)=[{r1, 0x1000}], 0x1, 0xf45)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), r0)
sendmsg$IPVS_CMD_ZERO(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000002c0)={&(0x7f00000000c0)={0x48, r3, 0x20, 0x70bd2b, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8bb8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x40891}, 0x40000)
setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000240), 0x4)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800003, 0x11, r0, 0x0)
r4 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000000000000000000d7a388ba7eb48c166ec8ec01eaabfa24c564ae4f06123223df15d2b7e78c8e51cfe058514a03000000b5942e7b093590e21aa73cb793e22ca613f6b39595aa3da7e1d26e1f835b81afead897ea2d7f43272687c8cd36e1523fd19d890b6390a41d8ab7fbe8bab169dd1d3e4a5959825271f3645b41331ee957364c163f2a8c7cc841db1b90a0e38a", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x8, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x70030000}}}, &(0x7f0000000200)='GPL\x00', 0x5, 0x100b, &(0x7f0000001e40)=""/4107, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

0s ago: executing program 5 (id=1023):
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff)
r1 = accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @broadcast}, &(0x7f0000000080)=0x10, 0x0)
io_cancel(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8, 0x5, r1, &(0x7f00000000c0)="7b32f926ab1229f92c2da29725332a0845f5e73fb58f37bed5647310a07f2db7026a5e5d5c528f97913849ae97d8d701c568c2a815a6ffe9769830d29ee0bfc713c1cff2980b77dabf2a13258642f78c40025f68ec9be767326135ba86fafe485998774de1f85394898da4ff69a00201e9a3fa4b9443d112c9694b7148e30daa16536ae2fd2025ea3fe587c910419891fbe611dd192322597008a7639f8f8fcc1187799e25a017e9370cc4c31b3e96a4bed02d8ae7587b1b039975e99850e714cc5d883595337b40759c3d22e10b63535864d244d6b62f0dd3af8f11df42e6287d2a632128ee40c6", 0xe8, 0x8000000000000000, 0x0, 0x2}, &(0x7f0000000200))
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r4 = syz_open_dev$evdev(&(0x7f0000000240), 0x1, 0x202401)
ioctl$EVIOCGMASK(r4, 0x80104592, &(0x7f0000000380)={0x1, 0x81, &(0x7f0000000280)="811a0ceed5656338001702fdc1d7e7f5f887f8331afbca9ba67359de5c32167734c15e23a66622e7c323b222299cd6349b73661826bea236bd1ac75ccc227fdc15267484fba5eec145047a1f7ae500020673ee8a3239837a8cb5c700fc893bfb6f86c3b6a2644e0ccadd207da6a027b885abc735ff17b182cf69d41d1d3eefcde9"})
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r3, &(0x7f0000000040)={0xa})
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000001740)={0x0, 0x1d, &(0x7f00000005c0)=[{&(0x7f0000001600)=""/18, 0x12}], 0x1, &(0x7f0000001880)}, 0x60)
r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000540)={'\x00', 0x7ff, 0x3, 0xc, 0xb, 0x59c, 0xffffffffffffffff})
ioctl$BLKTRACESTART(r6, 0x1274, 0x0)
write$char_usb(r2, &(0x7f0000000040)="e2", 0x2250)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_GET(r7, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000940)={0x14, r0, 0x705, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20004000}, 0x4000)

kernel console output (not intermixed with test programs):

er after parsing attributes in process `syz.2.472'.
[  216.816032][T10176] netlink: 'syz.0.475': attribute type 27 has an invalid length.
[  216.824005][ T5891] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  216.930511][T10176] netlink: 'syz.0.475': attribute type 9 has an invalid length.
[  216.946406][T10176] netlink: 8 bytes leftover after parsing attributes in process `syz.0.475'.
[  216.996574][ T5891] usb 4-1: Using ep0 maxpacket: 8
[  217.068035][ T5891] usb 4-1: config 0 has an invalid interface number: 176 but max is 2
[  217.076468][ T5891] usb 4-1: config 0 has an invalid interface number: 49 but max is 2
[  217.084656][ T5891] usb 4-1: config 0 has no interface number 1
[  217.173096][ T5891] usb 4-1: config 0 has no interface number 2
[  217.199848][ T5891] usb 4-1: New USB device found, idVendor=dec6, idProduct=92c3, bcdDevice=29.ac
[  217.217208][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.250996][ T5891] usb 4-1: config 0 descriptor??
[  217.303051][T10180] syz.0.476 (10180): drop_caches: 2
[  217.318007][T10180] syz.0.476 (10180): drop_caches: 2
[  217.336425][   T54] usb 5-1: USB disconnect, device number 24
[  217.381527][   T54] usblp0: removed
[  217.943748][   T10] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  218.171237][   T10] usb 1-1: config 0 has no interfaces?
[  218.399440][   T10] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  218.462993][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.481856][   T10] usb 1-1: Product: syz
[  218.502112][   T10] usb 1-1: Manufacturer: syz
[  218.520475][   T10] usb 1-1: SerialNumber: syz
[  218.545021][   T10] usb 1-1: config 0 descriptor??
[  220.732946][   T54] usb 4-1: USB disconnect, device number 32
[  220.988939][   T54] usb 1-1: USB disconnect, device number 29
[  221.264720][T10208] tap0: tun_chr_ioctl cmd 1074025677
[  221.276476][T10208] tap0: linktype set to 0
[  221.314319][T10208] netlink: 8 bytes leftover after parsing attributes in process `syz.0.482'.
[  221.334144][T10208] netlink: 36 bytes leftover after parsing attributes in process `syz.0.482'.
[  222.026031][T10219] netlink: 'syz.2.486': attribute type 27 has an invalid length.
[  222.099592][T10219] netlink: 'syz.2.486': attribute type 9 has an invalid length.
[  222.146362][T10219] netlink: 8 bytes leftover after parsing attributes in process `syz.2.486'.
[  222.226690][   T54] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  222.660745][   T54] usb 1-1: config 0 has no interfaces?
[  222.763266][   T54] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  222.824872][   T54] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.908670][   T54] usb 1-1: Product: syz
[  222.912886][   T54] usb 1-1: Manufacturer: syz
[  222.976380][   T10] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  223.065008][   T54] usb 1-1: SerialNumber: syz
[  223.129030][   T10] usb 3-1: device descriptor read/64, error -71
[  223.232327][   T54] usb 1-1: config 0 descriptor??
[  223.330924][T10237] netlink: 12 bytes leftover after parsing attributes in process `syz.3.489'.
[  223.396979][   T10] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  223.535070][T10240] netlink: 12 bytes leftover after parsing attributes in process `syz.4.490'.
[  223.646358][   T10] usb 3-1: device descriptor read/64, error -71
[  223.766736][   T10] usb usb3-port1: attempt power cycle
[  223.785631][T10241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  223.794620][T10241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  224.106452][   T10] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  224.137009][   T10] usb 3-1: device descriptor read/8, error -71
[  224.390395][   T10] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  224.423355][   T10] usb 3-1: device descriptor read/8, error -71
[  224.496742][ T5891] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  224.536967][   T10] usb usb3-port1: unable to enumerate USB device
[  224.704726][ T5891] usb 4-1: config 0 has no interfaces?
[  224.731719][ T5891] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  224.741218][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.757160][ T5891] usb 4-1: Product: syz
[  224.766072][ T5891] usb 4-1: Manufacturer: syz
[  224.779749][ T5891] usb 4-1: SerialNumber: syz
[  224.864339][ T5891] usb 4-1: config 0 descriptor??
[  224.886466][   T10] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  225.069471][   T10] usb 5-1: config 0 has no interfaces?
[  225.249398][T10252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  225.260271][T10252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  225.482748][   T10] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  225.533905][   T54] usb 1-1: USB disconnect, device number 30
[  225.587686][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.639040][   T10] usb 5-1: Product: syz
[  225.686939][   T10] usb 5-1: Manufacturer: syz
[  225.740795][   T10] usb 5-1: SerialNumber: syz
[  225.776908][   T10] usb 5-1: config 0 descriptor??
[  225.820480][T10258] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  226.426639][   T54] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  226.567690][T10265] ptrace attach of "./syz-executor exec"[5854] was attempted by "./syz-executor exec"[10265]
[  226.981304][   T54] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.006321][   T54] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  227.022471][   T54] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.045836][   T54] usb 1-1: config 0 descriptor??
[  227.463445][   T54] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor
[  227.567540][   T54] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0003/input/input10
[  227.847567][   T54] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  228.217788][   T54] usb 5-1: USB disconnect, device number 25
[  228.373726][   T10] usb 4-1: USB disconnect, device number 33
[  228.675081][T10273] netlink: 'syz.3.498': attribute type 27 has an invalid length.
[  228.740831][T10273] netlink: 'syz.3.498': attribute type 9 has an invalid length.
[  228.782729][T10273] netlink: 8 bytes leftover after parsing attributes in process `syz.3.498'.
[  229.013715][   T10] usb 1-1: USB disconnect, device number 31
[  229.361910][T10283] netlink: 8 bytes leftover after parsing attributes in process `syz.3.501'.
[  229.414447][T10283] netlink: 8 bytes leftover after parsing attributes in process `syz.3.501'.
[  230.093628][T10297] bridge: RTM_NEWNEIGH with invalid ether address
[  230.400009][T10299] 8021q: adding VLAN 0 to HW filter on device batadv1
[  230.422904][T10299] team0: Port device batadv1 added
[  231.096396][   T10] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  231.272003][   T10] usb 3-1: config 0 has no interfaces?
[  231.283800][   T10] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  231.300408][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.396399][   T54] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  231.633755][   T10] usb 3-1: Product: syz
[  231.643232][   T10] usb 3-1: Manufacturer: syz
[  231.653700][   T10] usb 3-1: SerialNumber: syz
[  231.680651][   T54] usb 5-1: config 0 has no interfaces?
[  231.691501][   T54] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  231.701211][   T54] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.713788][   T10] usb 3-1: config 0 descriptor??
[  231.743217][   T54] usb 5-1: Product: syz
[  231.779082][   T54] usb 5-1: Manufacturer: syz
[  231.852394][   T54] usb 5-1: SerialNumber: syz
[  231.998819][   T54] usb 5-1: config 0 descriptor??
[  232.508766][T10310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  232.529206][T10310] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  232.867766][ T5834] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  232.876605][ T5834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  232.884168][ T5834] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  232.892837][ T5834] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  232.900481][ T5834] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  232.918829][ T5839] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  232.953894][ T5839] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  232.961730][ T5839] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  232.970137][ T5839] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  232.978136][ T5839] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  233.218776][T10319] netlink: 'syz.3.511': attribute type 9 has an invalid length.
[  233.226674][T10319] netlink: 8 bytes leftover after parsing attributes in process `syz.3.511'.
[  233.803283][T10323] syz.3.513 (10323): drop_caches: 2
[  234.001068][T10323] syz.3.513 (10323): drop_caches: 2
[  234.515206][   T54] usb 3-1: USB disconnect, device number 22
[  234.545575][T10335] lo: entered promiscuous mode
[  234.551840][T10335] tunl0: entered promiscuous mode
[  234.558039][T10335] gre0: entered promiscuous mode
[  234.563801][T10335] gretap0: entered promiscuous mode
[  234.570040][T10335] erspan0: entered promiscuous mode
[  234.575701][T10335] ip_vti0: entered promiscuous mode
[  234.625808][T10315] chnl_net:caif_netlink_parms(): no params data found
[  234.687687][T10332] xt_l2tp: v2 doesn't support IP mode
[  235.012352][   T10] usb 5-1: USB disconnect, device number 26
[  235.026469][ T5839] Bluetooth: hci5: command tx timeout
[  235.117038][T10348] netlink: 'syz.3.520': attribute type 13 has an invalid length.
[  235.379050][T10348] 8021q: adding VLAN 0 to HW filter on device bond0
[  235.401290][T10348] 8021q: adding VLAN 0 to HW filter on device team0
[  235.439736][T10354] netlink: 'syz.4.522': attribute type 9 has an invalid length.
[  235.455712][T10348] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  235.480610][T10354] netlink: 8 bytes leftover after parsing attributes in process `syz.4.522'.
[  235.774937][T10361] 8021q: adding VLAN 0 to HW filter on device batadv4
[  235.856793][T10361] team0: Port device batadv4 added
[  236.085351][T10315] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.126514][T10315] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.180076][T10315] bridge_slave_0: entered allmulticast mode
[  236.208588][T10315] bridge_slave_0: entered promiscuous mode
[  236.275555][T10315] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.337328][T10315] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.345836][T10374] syz.0.526: attempt to access beyond end of device
[  236.345836][T10374] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  236.391955][T10315] bridge_slave_1: entered allmulticast mode
[  236.420849][T10315] bridge_slave_1: entered promiscuous mode
[  236.564020][T10366] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  236.570109][T10366] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  236.666648][T10315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.686612][ T5835] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  236.754194][T10315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.895383][ T5835] usb 4-1: config 0 has no interfaces?
[  236.903007][T10379] netlink: 368 bytes leftover after parsing attributes in process `syz.2.528'.
[  236.943171][T10381] netlink: 56 bytes leftover after parsing attributes in process `syz.4.529'.
[  237.034507][ T5835] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  237.057244][ T5835] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.098113][ T5835] usb 4-1: Product: syz
[  237.098487][T10381] netlink: 8 bytes leftover after parsing attributes in process `syz.4.529'.
[  237.102305][ T5835] usb 4-1: Manufacturer: syz
[  237.173787][ T5835] usb 4-1: SerialNumber: syz
[  237.208870][ T5835] usb 4-1: config 0 descriptor??
[  237.209934][T10315] team0: Port device team_slave_0 added
[  237.246784][   T54] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  237.312620][T10387] netlink: 40 bytes leftover after parsing attributes in process `syz.0.530'.
[  237.323302][T10315] team0: Port device team_slave_1 added
[  237.406545][   T54] usb 3-1: device descriptor read/64, error -71
[  237.500318][T10315] batman_adv: batadv0: Adding interface: batadv_slave_0
[  237.525737][T10315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.588269][T10315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  237.677194][T10315] batman_adv: batadv0: Adding interface: batadv_slave_1
[  237.717053][   T54] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  237.746521][T10315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.797810][T10315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  237.866470][   T54] usb 3-1: device descriptor read/64, error -71
[  237.976803][   T54] usb usb3-port1: attempt power cycle
[  238.020643][T10395] netlink: 8 bytes leftover after parsing attributes in process `syz.4.531'.
[  238.111003][T10315] hsr_slave_0: entered promiscuous mode
[  238.126130][T10315] hsr_slave_1: entered promiscuous mode
[  238.143478][T10315] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  238.155200][T10315] Cannot create hsr debugfs directory
[  238.172458][T10393] netlink: 8 bytes leftover after parsing attributes in process `syz.4.531'.
[  238.241737][ T5835] usb 1-1: new full-speed USB device number 32 using dummy_hcd
[  238.336919][   T54] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  238.389398][   T54] usb 3-1: device descriptor read/8, error -71
[  238.426984][T10399] netlink: 'syz.4.533': attribute type 9 has an invalid length.
[  238.455053][T10399] netlink: 8 bytes leftover after parsing attributes in process `syz.4.533'.
[  238.471598][ T5835] usb 1-1: config 2 has an invalid interface number: 1 but max is 0
[  238.512754][ T5835] usb 1-1: config 2 has no interface number 0
[  238.556548][ T5835] usb 1-1: config 2 interface 1 has no altsetting 0
[  238.586352][ T5835] usb 1-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=47.78
[  238.621495][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.657092][   T54] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  238.676415][ T5835] usb 1-1: Product: syz
[  238.706651][ T5835] usb 1-1: Manufacturer: syz
[  238.712101][   T54] usb 3-1: device descriptor read/8, error -71
[  238.747052][ T5835] usb 1-1: SerialNumber: syz
[  238.877097][   T54] usb usb3-port1: unable to enumerate USB device
[  239.053525][ T5835] snd-usb-audio 1-1:2.1: probe with driver snd-usb-audio failed with error -22
[  239.087816][T10403] syz.4.534 (10403): drop_caches: 2
[  239.100297][ T5835] snd-usb-us122l 1-1:2.1: usb_set_interface error
[  239.121685][ T5835] snd-usb-us122l 1-1:2.1: probe with driver snd-usb-us122l failed with error -22
[  239.142849][T10403] syz.4.534 (10403): drop_caches: 2
[  239.197152][ T5835] usb 1-1: USB disconnect, device number 32
[  239.221736][T10315] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  239.329150][T10315] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  239.377862][T10315] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  239.422028][ T9878] udevd[9878]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:2.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  239.468260][T10315] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  239.665288][T10408] netlink: 'syz.4.535': attribute type 13 has an invalid length.
[  239.837053][T10408] 8021q: adding VLAN 0 to HW filter on device bond0
[  239.845762][T10408] 8021q: adding VLAN 0 to HW filter on device team0
[  239.856632][T10408] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  240.052159][ T5894] usb 4-1: USB disconnect, device number 34
[  240.223592][T10315] 8021q: adding VLAN 0 to HW filter on device bond0
[  240.289837][T10315] 8021q: adding VLAN 0 to HW filter on device team0
[  240.335812][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.342967][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state
[  240.467843][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.475073][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  241.018982][T10315] 8021q: adding VLAN 0 to HW filter on device batadv0
[  241.037847][T10427] syz.4.539: attempt to access beyond end of device
[  241.037847][T10427] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  241.259870][T10315] veth0_vlan: entered promiscuous mode
[  241.323936][T10315] veth1_vlan: entered promiscuous mode
[  241.432060][T10315] veth0_macvtap: entered promiscuous mode
[  241.466061][T10315] veth1_macvtap: entered promiscuous mode
[  241.552502][T10315] batman_adv: batadv0: Interface activated: batadv_slave_0
[  241.562822][T10436] netlink: 'syz.0.543': attribute type 9 has an invalid length.
[  241.580624][T10315] batman_adv: batadv0: Interface activated: batadv_slave_1
[  241.588358][T10436] netlink: 8 bytes leftover after parsing attributes in process `syz.0.543'.
[  241.602568][T10315] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  241.612997][T10315] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  241.625795][T10315] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  241.636903][T10315] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  242.006590][ T5894] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  242.042142][T10444] 8021q: adding VLAN 0 to HW filter on device batadv2
[  242.093114][T10444] team0: Port device batadv2 added
[  242.173356][T10441] netlink: 8 bytes leftover after parsing attributes in process `syz.3.542'.
[  242.248063][ T5894] usb 1-1: Using ep0 maxpacket: 32
[  242.268099][ T5894] usb 1-1: config 0 has an invalid interface number: 35 but max is 0
[  242.315580][ T5894] usb 1-1: config 0 has no interface number 0
[  242.349086][ T5894] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  242.413246][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.446547][ T5894] usb 1-1: Product: syz
[  242.450769][ T5894] usb 1-1: Manufacturer: syz
[  242.475785][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.496331][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.582022][ T5894] usb 1-1: SerialNumber: syz
[  242.617259][ T5894] usb 1-1: config 0 descriptor??
[  242.966407][ T5894] radio-si470x 1-1:0.35: this is not a si470x device.
[  243.130565][ T5894] radio-raremono 1-1:0.35: Thanko's Raremono connected: (10C4:818A)
[  243.146447][ T3474] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  243.206821][   T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  243.239586][   T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  243.349289][ T3474] usb 5-1: config 0 has no interfaces?
[  243.368170][ T3474] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  243.377608][ T3474] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.385644][ T3474] usb 5-1: Product: syz
[  243.431909][ T3474] usb 5-1: Manufacturer: syz
[  243.454705][ T5894] radio-raremono 1-1:0.35: raremono_cmd_main failed (-71)
[  243.456847][ T3474] usb 5-1: SerialNumber: syz
[  243.466669][   T24] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  243.551818][ T5894] radio-raremono 1-1:0.35: V4L2 device registered as radio48
[  243.552451][ T3474] usb 5-1: config 0 descriptor??
[  243.574726][ T5894] usb 1-1: USB disconnect, device number 33
[  243.601331][ T5894] radio-raremono 1-1:0.35: Thanko's Raremono disconnected
[  243.667944][   T24] usb 4-1: config 0 has no interfaces?
[  243.796731][   T24] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  243.813844][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.866436][   T24] usb 4-1: Product: syz
[  243.870662][   T24] usb 4-1: Manufacturer: syz
[  243.932989][   T24] usb 4-1: SerialNumber: syz
[  244.034263][   T24] usb 4-1: config 0 descriptor??
[  244.440699][T10473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  244.452790][T10473] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  245.516889][T10487] FAULT_INJECTION: forcing a failure.
[  245.516889][T10487] name failslab, interval 1, probability 0, space 0, times 0
[  245.541193][   T24] usb 5-1: USB disconnect, device number 27
[  245.584293][T10489] syz.2.554 (10489): drop_caches: 2
[  245.603142][T10489] syz.2.554 (10489): drop_caches: 2
[  245.636495][T10487] CPU: 0 UID: 0 PID: 10487 Comm: syz.5.553 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  245.636525][T10487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  245.636550][T10487] Call Trace:
[  245.636558][T10487]  <TASK>
[  245.636566][T10487]  dump_stack_lvl+0x241/0x360
[  245.636604][T10487]  ? __pfx_dump_stack_lvl+0x10/0x10
[  245.636632][T10487]  ? __pfx__printk+0x10/0x10
[  245.636664][T10487]  ? __pfx___might_resched+0x10/0x10
[  245.636693][T10487]  should_fail_ex+0x424/0x570
[  245.636718][T10487]  should_failslab+0xac/0x100
[  245.636747][T10487]  kmem_cache_alloc_noprof+0x78/0x390
[  245.636773][T10487]  ? key_alloc+0x341/0xff0
[  245.636797][T10487]  ? key_user_lookup+0x1b2/0x450
[  245.636827][T10487]  key_alloc+0x341/0xff0
[  245.636856][T10487]  ? kmemdup_noprof+0x55/0x70
[  245.636889][T10487]  request_key_auth_new+0x6a5/0x900
[  245.636917][T10487]  ? irqentry_exit+0x63/0x90
[  245.636945][T10487]  ? __pfx_request_key_auth_new+0x10/0x10
[  245.636978][T10487]  ? key_user_put+0x52/0x60
[  245.637017][T10487]  request_key_and_link+0x1125/0x19c0
[  245.637052][T10487]  ? request_key_and_link+0x49c/0x19c0
[  245.637084][T10487]  ? __pfx_request_key_and_link+0x10/0x10
[  245.637124][T10487]  ? __pfx_dns_resolver_cmp+0x10/0x10
[  245.637147][T10487]  ? __pfx_keyring_search_iterator+0x10/0x10
[  245.637172][T10487]  ? rcu_is_watching+0x15/0xb0
[  245.637201][T10487]  request_key_tag+0x52/0x190
[  245.637231][T10487]  dns_query+0x321/0x740
[  245.637258][T10487]  ceph_parse_ips+0x731/0xd20
[  245.637300][T10487]  ? __pfx_ceph_parse_ips+0x10/0x10
[  245.637326][T10487]  ? __lock_acquire+0xad5/0xd80
[  245.637352][T10487]  ? __fs_parse+0x5c5/0x710
[  245.637375][T10487]  ceph_parse_mon_ips+0x6b/0xc0
[  245.637399][T10487]  ceph_parse_source+0x985/0xe80
[  245.637435][T10487]  ? __pfx_ceph_parse_source+0x10/0x10
[  245.637471][T10487]  ceph_parse_mount_param+0x16d6/0x20b0
[  245.637500][T10487]  ? __pfx_ceph_parse_mount_param+0x10/0x10
[  245.637531][T10487]  ? static_key_count+0x41/0x70
[  245.637555][T10487]  vfs_parse_fs_param+0x1a5/0x420
[  245.637589][T10487]  __se_sys_fsconfig+0xc20/0xf40
[  245.637621][T10487]  ? __pfx___se_sys_fsconfig+0x10/0x10
[  245.637641][T10487]  ? ksys_write+0x275/0x2d0
[  245.637676][T10487]  ? __x64_sys_fsconfig+0x20/0xc0
[  245.637701][T10487]  do_syscall_64+0xf3/0x230
[  245.637744][T10487]  ? clear_bhb_loop+0x45/0xa0
[  245.637770][T10487]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.637791][T10487] RIP: 0033:0x7f648718d169
[  245.637811][T10487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.637829][T10487] RSP: 002b:00007f6487f68038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[  245.637853][T10487] RAX: ffffffffffffffda RBX: 00007f64873a5fa0 RCX: 00007f648718d169
[  245.637869][T10487] RDX: 0000200000000000 RSI: 0000000000000001 RDI: 0000000000000003
[  245.637883][T10487] RBP: 00007f6487f68090 R08: 0000000000000000 R09: 0000000000000000
[  245.637896][T10487] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000002
[  245.637910][T10487] R13: 0000000000000000 R14: 00007f64873a5fa0 R15: 00007f64874cfa28
[  245.637942][T10487]  </TASK>
[  245.638710][T10487] libceph: resolve '0..' (ret=-3): failed
[  246.187998][T10491] syz.2.555: attempt to access beyond end of device
[  246.187998][T10491] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  246.635391][T10499] netlink: 8 bytes leftover after parsing attributes in process `syz.4.558'.
[  246.659331][T10499] netlink: 8 bytes leftover after parsing attributes in process `syz.4.558'.
[  246.965879][T10511] 8021q: adding VLAN 0 to HW filter on device batadv3
[  247.003111][T10511] team0: Port device batadv3 added
[  247.251244][   T10] usb 4-1: USB disconnect, device number 35
[  247.482409][T10523] netlink: 56 bytes leftover after parsing attributes in process `syz.3.564'.
[  247.532756][T10523] netlink: 16 bytes leftover after parsing attributes in process `syz.3.564'.
[  247.925376][T10529] syz.3.565 (10529): drop_caches: 2
[  248.274386][T10529] syz.3.565 (10529): drop_caches: 2
[  248.896018][T10548] syz.5.572: attempt to access beyond end of device
[  248.896018][T10548] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  248.938661][T10545] FAULT_INJECTION: forcing a failure.
[  248.938661][T10545] name failslab, interval 1, probability 0, space 0, times 0
[  249.025552][T10545] CPU: 1 UID: 0 PID: 10545 Comm: syz.3.570 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  249.025574][T10545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  249.025583][T10545] Call Trace:
[  249.025589][T10545]  <TASK>
[  249.025595][T10545]  dump_stack_lvl+0x241/0x360
[  249.025624][T10545]  ? __pfx_dump_stack_lvl+0x10/0x10
[  249.025645][T10545]  ? __pfx__printk+0x10/0x10
[  249.025669][T10545]  ? __pfx___might_resched+0x10/0x10
[  249.025691][T10545]  should_fail_ex+0x424/0x570
[  249.025710][T10545]  should_failslab+0xac/0x100
[  249.025734][T10545]  __kmalloc_noprof+0xdf/0x4d0
[  249.025754][T10545]  ? tomoyo_encode+0x26f/0x540
[  249.025780][T10545]  tomoyo_encode+0x26f/0x540
[  249.025803][T10545]  ? __pfx_anon_inodefs_dname+0x10/0x10
[  249.025827][T10545]  tomoyo_realpath_from_path+0x59e/0x5e0
[  249.025871][T10545]  tomoyo_path_number_perm+0x245/0x790
[  249.025903][T10545]  ? tomoyo_path_number_perm+0x215/0x790
[  249.025933][T10545]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  249.025960][T10545]  ? sb_end_write+0xe9/0x1c0
[  249.025991][T10545]  ? vfs_write+0xb29/0xd10
[  249.026036][T10545]  ? ksys_write+0x266/0x2d0
[  249.026057][T10545]  security_file_ioctl+0xc6/0x2a0
[  249.026076][T10545]  __se_sys_ioctl+0x46/0x160
[  249.026096][T10545]  do_syscall_64+0xf3/0x230
[  249.026115][T10545]  ? clear_bhb_loop+0x45/0xa0
[  249.026132][T10545]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.026146][T10545] RIP: 0033:0x7f26fd78d169
[  249.026160][T10545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.026173][T10545] RSP: 002b:00007f26fe533038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  249.026189][T10545] RAX: ffffffffffffffda RBX: 00007f26fd9a5fa0 RCX: 00007f26fd78d169
[  249.026200][T10545] RDX: 0000200000000040 RSI: 000000004008ae61 RDI: 0000000000000004
[  249.026210][T10545] RBP: 00007f26fe533090 R08: 0000000000000000 R09: 0000000000000000
[  249.026220][T10545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  249.026235][T10545] R13: 0000000000000000 R14: 00007f26fd9a5fa0 R15: 00007f26fdacfa28
[  249.026267][T10545]  </TASK>
[  249.238825][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.265353][T10545] ERROR: Out of memory at tomoyo_realpath_from_path.
[  249.274688][T10551] netlink: 4 bytes leftover after parsing attributes in process `syz.5.573'.
[  249.710903][ T5893] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  249.745554][T10556] 8021q: adding VLAN 0 to HW filter on device batadv2
[  249.768447][T10556] team0: Port device batadv2 added
[  249.892658][ T5893] usb 5-1: config 0 has no interfaces?
[  249.911176][ T5893] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  249.961191][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.017792][ T5893] usb 5-1: Product: syz
[  250.022014][ T5893] usb 5-1: Manufacturer: syz
[  250.047476][ T5893] usb 5-1: SerialNumber: syz
[  250.080130][ T5893] usb 5-1: config 0 descriptor??
[  250.418712][ T5891] usb 5-1: USB disconnect, device number 28
[  250.498468][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  250.656934][ T5893] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  250.827911][ T5893] usb 6-1: Using ep0 maxpacket: 32
[  250.847218][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  250.880015][ T5893] usb 6-1: config 0 has an invalid interface number: 221 but max is 0
[  250.896560][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  250.915517][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  250.952070][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  250.952098][ T5893] usb 6-1: config 0 has no interface number 0
[  250.983779][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  251.019559][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  251.028783][ T5893] usb 6-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  251.046361][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  251.072545][ T5893] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.095569][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  251.107295][ T5893] usb 6-1: Product: syz
[  251.130375][ T5893] usb 6-1: Manufacturer: syz
[  251.139455][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  251.149442][ T5893] usb 6-1: SerialNumber: syz
[  251.176459][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  251.209330][ T5893] usb 6-1: config 0 descriptor??
[  251.223074][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  251.251437][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  251.272746][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  251.285861][T10580] vcan0: tx drop: invalid da for name 0x0000000080000004
[  251.320633][T10588] 8021q: adding VLAN 0 to HW filter on device batadv5
[  251.330547][T10588] team0: Port device batadv5 added
[  252.307355][T10605] netlink: 8 bytes leftover after parsing attributes in process `syz.4.589'.
[  252.371647][T10605] netlink: 4 bytes leftover after parsing attributes in process `syz.4.589'.
[  252.406468][T10605] netlink: 'syz.4.589': attribute type 15 has an invalid length.
[  255.117582][ T5891] usb 6-1: USB disconnect, device number 2
[  255.455698][T10640] syz.4.596: attempt to access beyond end of device
[  255.455698][T10640] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  255.593581][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  255.600034][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  256.733623][T10635] vivid-007: =================  START STATUS  =================
[  256.746352][   T24] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  256.817138][T10635] vivid-007: Enable Output Cropping: true
[  256.841408][T10635] vivid-007: Enable Output Composing: true
[  256.862193][T10635] vivid-007: Enable Output Scaler: true
[  256.870603][T10635] vivid-007: Tx RGB Quantization Range: Automatic
[  256.888652][T10635] vivid-007: Transmit Mode: HDMI
[  256.897719][T10635] vivid-007: Hotplug Present: 0x00000000
[  256.949339][T10635] vivid-007: RxSense Present: 0x00000000
[  256.956549][   T24] usb 1-1: Using ep0 maxpacket: 32
[  256.989049][   T24] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  257.007197][   T24] usb 1-1: config 0 has no interface number 0
[  257.106685][T10635] vivid-007: EDID Present: 0x00000000
[  257.112237][T10635] vivid-007: ==================  END STATUS  ==================
[  257.223292][   T24] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  257.264222][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.282876][   T24] usb 1-1: Product: syz
[  257.343737][   T24] usb 1-1: Manufacturer: syz
[  257.354960][   T24] usb 1-1: SerialNumber: syz
[  257.382658][   T24] usb 1-1: config 0 descriptor??
[  257.400716][T10673] trusted_key: syz.2.606 sent an empty control message without MSG_MORE.
[  257.414699][   T24] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  257.423870][ T5891] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  257.431702][   T24] usb 1-1: selecting invalid altsetting 1
[  257.439677][   T24] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  257.457120][   T24] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  257.468292][   T24] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  257.499771][   T24] usb 1-1: media controller created
[  257.618608][T10658] netlink: 8 bytes leftover after parsing attributes in process `syz.0.604'.
[  257.667127][ T5891] usb 5-1: Using ep0 maxpacket: 32
[  257.680386][ T5891] usb 5-1: config 0 has an invalid interface number: 221 but max is 0
[  257.687703][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  257.707248][ T5891] usb 5-1: config 0 has no interface number 0
[  257.789698][   T24] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  257.828810][   T24] zl10353_read_register: readreg error (reg=127, ret==-71)
[  257.853593][ T5891] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  257.867222][   T24] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  257.932599][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.969842][ T5891] usb 5-1: Product: syz
[  258.013421][   T24] usb 1-1: USB disconnect, device number 34
[  258.019961][ T5891] usb 5-1: Manufacturer: syz
[  258.035898][ T5891] usb 5-1: SerialNumber: syz
[  258.078145][ T5891] usb 5-1: config 0 descriptor??
[  259.642323][T10687] 8021q: adding VLAN 0 to HW filter on device batadv1
[  259.690817][T10687] team0: Port device batadv1 added
[  261.016700][ T5893] usb 5-1: USB disconnect, device number 29
[  261.921482][T10707] syz.4.617 (10707): drop_caches: 2
[  262.484210][T10707] syz.4.617 (10707): drop_caches: 2
[  262.885291][T10726] netlink: 96 bytes leftover after parsing attributes in process `syz.3.619'.
[  262.969979][T10726] netlink: 120 bytes leftover after parsing attributes in process `syz.3.619'.
[  263.280766][T10726] vlan3: entered allmulticast mode
[  263.355424][T10726] erspan0: entered allmulticast mode
[  263.613723][T10740] syz.2.624 (10740): drop_caches: 2
[  263.654492][T10740] syz.2.624 (10740): drop_caches: 2
[  264.576415][   T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  264.750643][   T24] usb 6-1: Using ep0 maxpacket: 8
[  265.063642][   T24] usb 6-1: config index 0 descriptor too short (expected 6427, got 27)
[  265.088956][   T24] usb 6-1: config 0 has an invalid interface number: 21 but max is 0
[  265.126449][   T24] usb 6-1: config 0 has no interface number 0
[  265.132596][   T24] usb 6-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  265.206352][   T24] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  265.295253][   T24] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  265.326594][   T24] usb 6-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  265.403250][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.537466][   T24] usb 6-1: config 0 descriptor??
[  265.597468][T11124] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  266.195127][ T5891] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  266.359021][   T24] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.21/input/input12
[  266.439156][ T5891] usb 3-1: no configurations
[  266.469151][ T5891] usb 3-1: can't read configurations, error -22
[  266.636399][ T5891] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  266.930593][ T5891] usb 3-1: no configurations
[  267.100457][ T5891] usb 3-1: can't read configurations, error -22
[  267.126446][ T5891] usb usb3-port1: attempt power cycle
[  267.486474][ T5891] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  267.529040][ T5891] usb 3-1: no configurations
[  267.545771][ T5891] usb 3-1: can't read configurations, error -22
[  267.816872][ T5891] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  267.852629][ T5891] usb 3-1: no configurations
[  267.999439][ T5891] usb 3-1: can't read configurations, error -22
[  268.036378][ T5891] usb usb3-port1: unable to enumerate USB device
[  268.403510][   T24] usb 6-1: USB disconnect, device number 3
[  268.409452][    C1] keyspan_remote 6-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19
[  269.806370][   T24] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  269.907455][   T10] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  270.006342][   T24] usb 1-1: Using ep0 maxpacket: 32
[  270.034233][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  270.060711][ T3474] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  270.161610][   T10] usb 4-1: config 0 has no interfaces?
[  270.173951][   T10] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  270.199965][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.301084][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  270.326850][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  270.365921][   T10] usb 4-1: Product: syz
[  270.380912][   T24] usb 1-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  270.391752][   T10] usb 4-1: Manufacturer: syz
[  270.407012][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.468628][ T3474] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  270.487007][   T24] usb 1-1: config 0 descriptor??
[  270.505279][ T3474] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  270.525757][   T10] usb 4-1: SerialNumber: syz
[  270.565767][ T3474] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  270.582470][   T10] usb 4-1: config 0 descriptor??
[  270.774662][ T3474] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  270.903917][ T3474] usb 6-1: Manufacturer: syz
[  271.007165][ T3474] usb 6-1: config 0 descriptor??
[  271.034611][ T3474] igorplugusb 6-1:0.0: incorrect number of endpoints
[  271.054713][   T24] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5011.0004/input/input13
[  271.178895][T11198] netlink: 8 bytes leftover after parsing attributes in process `syz.4.650'.
[  271.206514][T11198] netlink: 4 bytes leftover after parsing attributes in process `syz.4.650'.
[  271.216579][T11186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  271.232813][T11186] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  271.251487][T11198] netlink: 'syz.4.650': attribute type 14 has an invalid length.
[  271.341982][   T24] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5011.0004/input/input14
[  271.540481][   T24] kye 0003:0458:5011.0004: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.0-1/input0
[  271.623097][   T24] usb 1-1: USB disconnect, device number 35
[  272.086733][T11183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  272.088016][T11183] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  273.776357][ T3474] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  273.965572][ T5891] usb 6-1: USB disconnect, device number 4
[  274.037922][ T3474] usb 3-1: no configurations
[  274.046485][ T3474] usb 3-1: can't read configurations, error -22
[  274.226766][ T3474] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  274.241514][T11228] syz.4.657 (11228): drop_caches: 2
[  274.415469][T11228] syz.4.657 (11228): drop_caches: 2
[  274.449773][   T10] usb 4-1: USB disconnect, device number 36
[  274.497842][ T3474] usb 3-1: no configurations
[  274.529264][ T3474] usb 3-1: can't read configurations, error -22
[  274.688779][ T3474] usb usb3-port1: attempt power cycle
[  275.008464][T11237] syz.4.662 (11237): drop_caches: 2
[  275.052999][T11237] syz.4.662 (11237): drop_caches: 2
[  275.068635][ T3474] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  275.119658][ T3474] usb 3-1: no configurations
[  275.151541][ T3474] usb 3-1: can't read configurations, error -22
[  275.306468][ T3474] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  275.381835][ T3474] usb 3-1: no configurations
[  275.395571][ T3474] usb 3-1: can't read configurations, error -22
[  275.427485][ T3474] usb usb3-port1: unable to enumerate USB device
[  275.649091][ T5835] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  275.806336][ T5835] usb 6-1: Using ep0 maxpacket: 8
[  275.813984][ T5835] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  275.825487][ T5835] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  275.942713][ T5835] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 239, changing to 11
[  275.966358][ T5835] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 9059, setting to 1024
[  275.995067][ T5835] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  276.052639][ T5835] usb 6-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1
[  276.066370][ T5835] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.120854][ T5835] usb 6-1: Product: syz
[  276.136276][ T5835] usb 6-1: Manufacturer: syz
[  276.154390][ T5835] usb 6-1: SerialNumber: syz
[  276.232692][ T5835] usb 6-1: config 0 descriptor??
[  276.457717][ T5835] rc_core: IR keymap rc-imon-rsc not found
[  276.474665][ T5835] Registered IR keymap rc-empty
[  276.501394][ T5835] rc rc0: iMON Station as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  276.603136][ T5835] input: iMON Station as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input15
[  276.656373][ T5891] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  276.846313][ T5891] usb 5-1: Using ep0 maxpacket: 32
[  277.479896][ T5891] usb 5-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=66.3d
[  277.695655][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.780031][ T5891] usb 5-1: config 0 descriptor??
[  277.889453][ T5891] cx82310_eth 5-1:0.0: probe with driver cx82310_eth failed with error -22
[  277.980108][ T5891] cxacru 5-1:0.0: usbatm_usb_probe: bind failed: -19!
[  278.307498][ T5835] usb 6-1: USB disconnect, device number 5
[  278.530060][T11291] fuse: Unknown parameter '�d'
[  279.023402][T11300] program syz.3.682 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  279.068280][T11300] blktrace: Concurrent blktraces are not allowed on sg0
[  279.114527][T11300] relay: one or more items not logged [item size (56) > sub-buffer size (3)]
[  280.036343][ T5835] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  280.287512][ T5835] usb 4-1: no configurations
[  280.327914][ T5835] usb 4-1: can't read configurations, error -22
[  280.696367][ T5835] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  280.865632][   T24] usb 5-1: USB disconnect, device number 30
[  280.908016][T11320] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  280.967387][T11320] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  281.043140][ T5835] usb 4-1: no configurations
[  281.058039][ T5835] usb 4-1: can't read configurations, error -22
[  281.084938][ T5835] usb usb4-port1: attempt power cycle
[  281.220917][T11324] netlink: 4 bytes leftover after parsing attributes in process `syz.4.689'.
[  281.253097][T11326] netlink: 4 bytes leftover after parsing attributes in process `syz.4.689'.
[  281.483653][ T5835] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  281.561323][ T5835] usb 4-1: no configurations
[  281.574026][ T5835] usb 4-1: can't read configurations, error -22
[  281.736505][ T5835] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  281.768296][ T5835] usb 4-1: no configurations
[  281.773999][ T5835] usb 4-1: can't read configurations, error -22
[  281.971317][ T5835] usb usb4-port1: unable to enumerate USB device
[  283.166328][ T5835] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  283.326718][ T5835] usb 3-1: device descriptor read/64, error -71
[  283.596379][ T5835] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  283.749659][ T5835] usb 3-1: device descriptor read/64, error -71
[  283.858562][ T5835] usb usb3-port1: attempt power cycle
[  284.246592][ T5835] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  284.297004][ T5835] usb 3-1: device descriptor read/8, error -71
[  284.411878][T11357] FAULT_INJECTION: forcing a failure.
[  284.411878][T11357] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  284.458261][T11357] CPU: 0 UID: 0 PID: 11357 Comm: syz.0.701 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  284.458295][T11357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  284.458309][T11357] Call Trace:
[  284.458318][T11357]  <TASK>
[  284.458327][T11357]  dump_stack_lvl+0x241/0x360
[  284.458368][T11357]  ? __pfx_dump_stack_lvl+0x10/0x10
[  284.458400][T11357]  ? __pfx__printk+0x10/0x10
[  284.458450][T11357]  should_fail_ex+0x424/0x570
[  284.458480][T11357]  _copy_to_user+0x31/0xb0
[  284.458514][T11357]  simple_read_from_buffer+0xc4/0x170
[  284.458551][T11357]  proc_fail_nth_read+0x1ef/0x260
[  284.458577][T11357]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  284.458604][T11357]  ? rw_verify_area+0x246/0x630
[  284.458626][T11357]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  284.458649][T11357]  vfs_read+0x21f/0xb90
[  284.458679][T11357]  ? __pfx___mutex_lock+0x10/0x10
[  284.458708][T11357]  ? __pfx_vfs_read+0x10/0x10
[  284.458735][T11357]  ? __fget_files+0x2a/0x420
[  284.458756][T11357]  ? __fget_files+0x39d/0x420
[  284.458774][T11357]  ? __fget_files+0x2a/0x420
[  284.458804][T11357]  ksys_read+0x19d/0x2d0
[  284.458831][T11357]  ? __pfx_ksys_read+0x10/0x10
[  284.458862][T11357]  ? do_syscall_64+0xb6/0x230
[  284.458891][T11357]  do_syscall_64+0xf3/0x230
[  284.458918][T11357]  ? clear_bhb_loop+0x45/0xa0
[  284.458944][T11357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.458965][T11357] RIP: 0033:0x7f7fb338bb7c
[  284.458984][T11357] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  284.459002][T11357] RSP: 002b:00007f7fb41a3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  284.459026][T11357] RAX: ffffffffffffffda RBX: 00007f7fb35a5fa0 RCX: 00007f7fb338bb7c
[  284.459042][T11357] RDX: 000000000000000f RSI: 00007f7fb41a30a0 RDI: 0000000000000005
[  284.459055][T11357] RBP: 00007f7fb41a3090 R08: 0000000000000000 R09: 0000000000000000
[  284.459069][T11357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  284.459082][T11357] R13: 0000000000000000 R14: 00007f7fb35a5fa0 R15: 00007f7fb36cfa28
[  284.459116][T11357]  </TASK>
[  284.736330][ T5835] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  284.815772][ T5835] usb 3-1: device descriptor read/8, error -71
[  284.940319][ T5835] usb usb3-port1: unable to enumerate USB device
[  285.256517][ T5891] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  285.467589][T11372] netlink: 8 bytes leftover after parsing attributes in process `syz.3.706'.
[  285.496559][ T5891] usb 1-1: config 0 has no interfaces?
[  285.504302][ T5891] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  285.542269][T11372] netlink: 8 bytes leftover after parsing attributes in process `syz.3.706'.
[  285.556784][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.566408][ T5891] usb 1-1: Product: syz
[  285.570642][ T5891] usb 1-1: Manufacturer: syz
[  285.575326][ T5891] usb 1-1: SerialNumber: syz
[  285.600518][ T5891] usb 1-1: config 0 descriptor??
[  285.844888][T11364] ALSA: seq fatal error: cannot create timer (-19)
[  285.944207][T11383] fuse: Bad value for 'fd'
[  285.990932][   T30] kauditd_printk_skb: 39 callbacks suppressed
[  285.990952][   T30] audit: type=1326 audit(1743980179.598:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.2.711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562e18d169 code=0x7ffc0000
[  286.009918][T11383] syzkaller1: entered promiscuous mode
[  286.030010][T11385] netlink: 'syz.5.709': attribute type 21 has an invalid length.
[  286.059636][T11383] syzkaller1: entered allmulticast mode
[  286.069459][   T30] audit: type=1326 audit(1743980179.598:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.2.711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f562e18d169 code=0x7ffc0000
[  286.143760][   T30] audit: type=1326 audit(1743980179.598:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.2.711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562e18d169 code=0x7ffc0000
[  286.171024][   T30] audit: type=1326 audit(1743980179.598:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.2.711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f562e18d169 code=0x7ffc0000
[  286.194894][T11385] netlink: 144 bytes leftover after parsing attributes in process `syz.5.709'.
[  286.212249][   T30] audit: type=1326 audit(1743980179.618:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.2.711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562e18d169 code=0x7ffc0000
[  286.300845][   T30] audit: type=1326 audit(1743980179.628:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.2.711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f562e18d169 code=0x7ffc0000
[  286.333309][   T30] audit: type=1326 audit(1743980179.628:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.2.711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562e18d169 code=0x7ffc0000
[  286.366455][   T30] audit: type=1326 audit(1743980179.628:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.2.711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f562e18d169 code=0x7ffc0000
[  286.396693][   T30] audit: type=1326 audit(1743980179.708:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.2.711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562e18d169 code=0x7ffc0000
[  286.426411][   T30] audit: type=1326 audit(1743980179.708:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.2.711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562e18d169 code=0x7ffc0000
[  287.776413][ T5891] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  287.887146][ T5835] usb 1-1: USB disconnect, device number 36
[  287.976638][ T5891] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  288.088163][ T5891] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  288.256539][ T5891] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  288.319447][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.487236][T11403] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  288.499160][ T5891] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  288.644787][T11413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.719'.
[  288.938057][T11417] netlink: 8 bytes leftover after parsing attributes in process `syz.2.720'.
[  289.007489][T11417] netlink: 8 bytes leftover after parsing attributes in process `syz.2.720'.
[  289.030306][T11405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.044726][T11405] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.240467][T11422] blktrace: Concurrent blktraces are not allowed on sg0
[  289.723992][T11434] syz.0.727 (11434): drop_caches: 2
[  289.782367][T11434] syz.0.727 (11434): drop_caches: 2
[  289.796416][ T5835] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  289.906386][ T3474] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  289.956544][ T5835] usb 3-1: Using ep0 maxpacket: 8
[  289.971512][ T5835] usb 3-1: config 0 has an invalid interface number: 176 but max is 2
[  289.992666][ T5835] usb 3-1: config 0 has an invalid interface number: 49 but max is 2
[  290.036799][ T5835] usb 3-1: config 0 has no interface number 1
[  290.075481][ T5835] usb 3-1: config 0 has no interface number 2
[  290.121795][ T3474] usb 4-1: config 0 has no interfaces?
[  290.149864][ T5835] usb 3-1: New USB device found, idVendor=dec6, idProduct=92c3, bcdDevice=29.ac
[  290.162687][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.176935][ T5835] usb 3-1: config 0 descriptor??
[  290.221023][ T3474] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  290.230282][ T3474] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.250254][ T3474] usb 4-1: Product: syz
[  290.256485][ T3474] usb 4-1: Manufacturer: syz
[  290.261101][ T3474] usb 4-1: SerialNumber: syz
[  290.284202][ T3474] usb 4-1: config 0 descriptor??
[  290.373026][ T3474] usb 6-1: USB disconnect, device number 7
[  291.401209][   T30] audit: type=1326 audit(1743980185.018:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11441 comm="syz.5.729" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f648718d169 code=0x0
[  292.816481][T11455] netlink: 28 bytes leftover after parsing attributes in process `syz.5.733'.
[  292.849603][T11457] bridge0: port 3(syz_tun) entered blocking state
[  292.916396][ T5891] usb 4-1: USB disconnect, device number 41
[  292.938463][T11455] netlink: 8 bytes leftover after parsing attributes in process `syz.5.733'.
[  292.943326][T11457] bridge0: port 3(syz_tun) entered disabled state
[  293.041258][   T10] usb 3-1: USB disconnect, device number 39
[  293.063690][T11457] syz_tun: entered allmulticast mode
[  293.133315][T11457] syz_tun: entered promiscuous mode
[  293.148320][T11457] bridge0: port 3(syz_tun) entered blocking state
[  293.154952][T11457] bridge0: port 3(syz_tun) entered forwarding state
[  293.242066][T11460] netlink: 8 bytes leftover after parsing attributes in process `syz.0.735'.
[  293.263074][T11465] netlink: 8 bytes leftover after parsing attributes in process `syz.0.735'.
[  293.362883][T11470] syz.2.738 (11470): drop_caches: 2
[  293.382325][T11470] syz.2.738 (11470): drop_caches: 2
[  293.394165][T11470] syz.2.738 (11470): drop_caches: 2
[  293.675747][T11479] fuse: Bad value for 'fd'
[  293.720401][T11479] fuse: Unknown parameter '�G^N�x�bbXǤ�V�)��X���.{gl�YD�1aE�ƹ��N��0#b�u
���QRs���dO�$�xO'
[  293.887371][T11484] FAULT_INJECTION: forcing a failure.
[  293.887371][T11484] name failslab, interval 1, probability 0, space 0, times 0
[  293.916513][T11484] CPU: 0 UID: 0 PID: 11484 Comm: syz.0.743 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  293.916543][T11484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  293.916554][T11484] Call Trace:
[  293.916561][T11484]  <TASK>
[  293.916570][T11484]  dump_stack_lvl+0x241/0x360
[  293.916606][T11484]  ? __pfx_dump_stack_lvl+0x10/0x10
[  293.916634][T11484]  ? __pfx__printk+0x10/0x10
[  293.916682][T11484]  ? __pfx___might_resched+0x10/0x10
[  293.916715][T11484]  should_fail_ex+0x424/0x570
[  293.916754][T11484]  should_failslab+0xac/0x100
[  293.916782][T11484]  __kmalloc_noprof+0xdf/0x4d0
[  293.916827][T11484]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  293.916851][T11484]  ? apparmor_capable+0x13b/0x1b0
[  293.916877][T11484]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  293.916917][T11484]  genl_rcv_msg+0x819/0xf00
[  293.916949][T11484]  ? __pfx_genl_rcv_msg+0x10/0x10
[  293.916969][T11484]  ? stack_trace_save+0x11a/0x1d0
[  293.917012][T11484]  ? __pfx_stack_trace_save+0x10/0x10
[  293.917042][T11484]  ? stack_depot_save_flags+0x44/0x940
[  293.917062][T11484]  ? stack_trace_snprint+0x71/0xf0
[  293.917121][T11484]  ? __lock_acquire+0xad5/0xd80
[  293.917145][T11484]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  293.917175][T11484]  ? __pfx_nl80211_start_ap+0x10/0x10
[  293.917203][T11484]  ? __pfx_nl80211_post_doit+0x10/0x10
[  293.917236][T11484]  netlink_rcv_skb+0x208/0x480
[  293.917267][T11484]  ? __pfx_genl_rcv_msg+0x10/0x10
[  293.917290][T11484]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  293.917341][T11484]  ? netlink_deliver_tap+0x2e/0x1b0
[  293.917377][T11484]  genl_rcv+0x28/0x40
[  293.917397][T11484]  netlink_unicast+0x7f8/0x9a0
[  293.917433][T11484]  ? __pfx_netlink_unicast+0x10/0x10
[  293.917460][T11484]  ? skb_put+0x114/0x1f0
[  293.917485][T11484]  netlink_sendmsg+0x8c3/0xcd0
[  293.917528][T11484]  ? __pfx_netlink_sendmsg+0x10/0x10
[  293.917563][T11484]  ? aa_sock_msg_perm+0x91/0x160
[  293.917598][T11484]  ? __pfx_netlink_sendmsg+0x10/0x10
[  293.917625][T11484]  __sock_sendmsg+0x221/0x270
[  293.917658][T11484]  ____sys_sendmsg+0x523/0x860
[  293.917689][T11484]  ? __pfx_____sys_sendmsg+0x10/0x10
[  293.917710][T11484]  ? __fget_files+0x2a/0x420
[  293.917732][T11484]  ? __fget_files+0x2a/0x420
[  293.917778][T11484]  __sys_sendmsg+0x271/0x360
[  293.917807][T11484]  ? __pfx___sys_sendmsg+0x10/0x10
[  293.917895][T11484]  ? do_syscall_64+0xb6/0x230
[  293.917926][T11484]  do_syscall_64+0xf3/0x230
[  293.917953][T11484]  ? clear_bhb_loop+0x45/0xa0
[  293.917979][T11484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.918000][T11484] RIP: 0033:0x7f7fb338d169
[  293.918020][T11484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  293.918038][T11484] RSP: 002b:00007f7fb41a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  293.918062][T11484] RAX: ffffffffffffffda RBX: 00007f7fb35a5fa0 RCX: 00007f7fb338d169
[  293.918078][T11484] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  293.918092][T11484] RBP: 00007f7fb41a3090 R08: 0000000000000000 R09: 0000000000000000
[  293.918105][T11484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  293.918119][T11484] R13: 0000000000000000 R14: 00007f7fb35a5fa0 R15: 00007f7fb36cfa28
[  293.918153][T11484]  </TASK>
[  294.768053][T11489] FAULT_INJECTION: forcing a failure.
[  294.768053][T11489] name failslab, interval 1, probability 0, space 0, times 0
[  294.836990][T11489] CPU: 0 UID: 0 PID: 11489 Comm: syz.5.746 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  294.837019][T11489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  294.837031][T11489] Call Trace:
[  294.837039][T11489]  <TASK>
[  294.837046][T11489]  dump_stack_lvl+0x241/0x360
[  294.837078][T11489]  ? __pfx_dump_stack_lvl+0x10/0x10
[  294.837122][T11489]  ? __pfx__printk+0x10/0x10
[  294.837148][T11489]  ? __pfx___might_resched+0x10/0x10
[  294.837173][T11489]  should_fail_ex+0x424/0x570
[  294.837206][T11489]  should_failslab+0xac/0x100
[  294.837230][T11489]  __kmalloc_noprof+0xdf/0x4d0
[  294.837269][T11489]  ? tomoyo_encode+0x26f/0x540
[  294.837298][T11489]  tomoyo_encode+0x26f/0x540
[  294.837329][T11489]  tomoyo_realpath_from_path+0x59e/0x5e0
[  294.837369][T11489]  tomoyo_path_number_perm+0x245/0x790
[  294.837399][T11489]  ? tomoyo_path_number_perm+0x215/0x790
[  294.837428][T11489]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  294.837456][T11489]  ? sb_end_write+0xe9/0x1c0
[  294.837485][T11489]  ? vfs_write+0xb29/0xd10
[  294.837544][T11489]  ? ksys_write+0x266/0x2d0
[  294.837574][T11489]  security_file_ioctl+0xc6/0x2a0
[  294.837599][T11489]  __se_sys_ioctl+0x46/0x160
[  294.837627][T11489]  do_syscall_64+0xf3/0x230
[  294.837664][T11489]  ? clear_bhb_loop+0x45/0xa0
[  294.837690][T11489]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.837710][T11489] RIP: 0033:0x7f648718d169
[  294.837728][T11489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  294.837763][T11489] RSP: 002b:00007f6487f68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  294.837787][T11489] RAX: ffffffffffffffda RBX: 00007f64873a5fa0 RCX: 00007f648718d169
[  294.837802][T11489] RDX: 0000200000000000 RSI: 0000000040405514 RDI: 0000000000000003
[  294.837816][T11489] RBP: 00007f6487f68090 R08: 0000000000000000 R09: 0000000000000000
[  294.837830][T11489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  294.837843][T11489] R13: 0000000000000000 R14: 00007f64873a5fa0 R15: 00007f64874cfa28
[  294.837876][T11489]  </TASK>
[  294.837899][T11489] ERROR: Out of memory at tomoyo_realpath_from_path.
[  294.839140][T11492] FAULT_INJECTION: forcing a failure.
[  294.839140][T11492] name failslab, interval 1, probability 0, space 0, times 0
[  295.116786][T11492] CPU: 1 UID: 0 PID: 11492 Comm: syz.2.747 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  295.116809][T11492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  295.116818][T11492] Call Trace:
[  295.116825][T11492]  <TASK>
[  295.116831][T11492]  dump_stack_lvl+0x241/0x360
[  295.116859][T11492]  ? __pfx_dump_stack_lvl+0x10/0x10
[  295.116886][T11492]  ? __pfx__printk+0x10/0x10
[  295.116910][T11492]  ? __pfx___might_resched+0x10/0x10
[  295.116932][T11492]  should_fail_ex+0x424/0x570
[  295.116951][T11492]  should_failslab+0xac/0x100
[  295.116973][T11492]  __kvmalloc_node_noprof+0x170/0x5a0
[  295.116995][T11492]  ? traverse+0xd6/0x550
[  295.117021][T11492]  traverse+0xd6/0x550
[  295.117047][T11492]  seq_read_iter+0xc7f/0xda0
[  295.117070][T11492]  ? rcu_is_watching+0x15/0xb0
[  295.117099][T11492]  ? kernfs_fop_read_iter+0x142/0x650
[  295.117123][T11492]  copy_splice_read+0x63f/0xb50
[  295.117149][T11492]  ? __pfx_copy_splice_read+0x10/0x10
[  295.117179][T11492]  ? alloc_pipe_info+0x370/0x4d0
[  295.117197][T11492]  ? __pfx_copy_splice_read+0x10/0x10
[  295.117216][T11492]  splice_direct_to_actor+0x4af/0xc90
[  295.117248][T11492]  ? __pfx_direct_splice_actor+0x10/0x10
[  295.117268][T11492]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  295.117294][T11492]  do_splice_direct+0x281/0x3d0
[  295.117317][T11492]  ? __pfx_do_splice_direct+0x10/0x10
[  295.117337][T11492]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  295.117362][T11492]  ? rw_verify_area+0x246/0x630
[  295.117381][T11492]  do_sendfile+0x582/0x8c0
[  295.117407][T11492]  ? __pfx_do_sendfile+0x10/0x10
[  295.117436][T11492]  __se_sys_sendfile64+0x102/0x1e0
[  295.117458][T11492]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  295.117482][T11492]  ? do_syscall_64+0xb6/0x230
[  295.117501][T11492]  do_syscall_64+0xf3/0x230
[  295.117517][T11492]  ? clear_bhb_loop+0x45/0xa0
[  295.117534][T11492]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.117547][T11492] RIP: 0033:0x7f562e18d169
[  295.117559][T11492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.117571][T11492] RSP: 002b:00007f562ef09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  295.117586][T11492] RAX: ffffffffffffffda RBX: 00007f562e3a5fa0 RCX: 00007f562e18d169
[  295.117597][T11492] RDX: 0000200000002700 RSI: 0000000000000006 RDI: 0000000000000007
[  295.117606][T11492] RBP: 00007f562ef09090 R08: 0000000000000000 R09: 0000000000000000
[  295.117616][T11492] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  295.117624][T11492] R13: 0000000000000000 R14: 00007f562e3a5fa0 R15: 00007f562e4cfa28
[  295.117644][T11492]  </TASK>
[  295.839138][   T30] audit: type=1326 audit(1743980189.448:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  295.972038][   T30] audit: type=1326 audit(1743980189.448:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  296.094578][   T30] audit: type=1326 audit(1743980189.448:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  296.215089][   T30] audit: type=1326 audit(1743980189.448:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  296.332369][   T30] audit: type=1326 audit(1743980189.448:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  296.475776][T11509] 8021q: adding VLAN 0 to HW filter on device batadv3
[  296.506354][   T30] audit: type=1326 audit(1743980189.458:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  296.596605][   T30] audit: type=1326 audit(1743980189.458:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  296.632306][T11509] team0: Port device batadv3 added
[  296.700952][   T30] audit: type=1326 audit(1743980189.458:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  296.836155][   T30] audit: type=1326 audit(1743980189.458:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  296.999746][   T30] audit: type=1326 audit(1743980189.458:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  297.026552][   T30] audit: type=1326 audit(1743980189.458:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  297.048993][   T30] audit: type=1326 audit(1743980189.458:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  297.071252][   T30] audit: type=1326 audit(1743980189.458:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  297.093806][   T30] audit: type=1326 audit(1743980189.458:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  297.156393][   T30] audit: type=1326 audit(1743980189.458:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11501 comm="syz.5.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f648718d169 code=0x7ffc0000
[  297.291082][ T5893] IPVS: starting estimator thread 0...
[  297.317608][ T5893] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  297.388430][T11519] IPVS: using max 28 ests per chain, 67200 per kthread
[  297.434837][ T5893] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  297.702429][ T5834] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  297.711337][ T5834] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  297.722888][ T5834] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  297.736036][ T5834] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  297.743878][ T5834] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  297.765375][ T5839] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  297.803403][ T5839] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  297.811007][ T5839] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  297.820701][ T5839] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  297.828763][ T5839] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  298.296924][ T5893] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  298.305819][T11528] loop2: detected capacity change from 0 to 7
[  298.408410][T11528] Dev loop2: unable to read RDB block 7
[  298.414190][T11528]  loop2: unable to read partition table
[  298.434970][T11532] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  298.455905][T11528] loop2: partition table beyond EOD, truncated
[  298.497315][T11528] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  298.547671][ T5893] usb 4-1: Using ep0 maxpacket: 16
[  298.564256][ T5893] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  298.599140][ T5893] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  298.683346][ T5893] usb 4-1: config 0 has no interface number 0
[  298.771031][ T5893] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  298.854399][   T12] IPVS: stop unused estimator thread 0...
[  298.901319][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.959316][ T5893] usb 4-1: Product: syz
[  298.968453][T11524] chnl_net:caif_netlink_parms(): no params data found
[  299.067071][ T5893] usb 4-1: Manufacturer: syz
[  299.071769][ T5893] usb 4-1: SerialNumber: syz
[  299.112256][ T5893] usb 4-1: config 0 descriptor??
[  299.431740][T11526] input: syz0 as /devices/virtual/input/input17
[  299.537946][T11524] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.564571][T11524] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.590830][T11524] bridge_slave_0: entered allmulticast mode
[  299.621161][T11524] bridge_slave_0: entered promiscuous mode
[  299.651211][T11524] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.697638][T11524] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.745595][T11524] bridge_slave_1: entered allmulticast mode
[  299.797572][T11524] bridge_slave_1: entered promiscuous mode
[  299.907108][ T5834] Bluetooth: hci6: command tx timeout
[  300.084220][ T3474] usb 4-1: USB disconnect, device number 42
[  300.117734][T11524] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  300.284694][T11524] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  300.377364][T11524] team0: Port device team_slave_0 added
[  300.404846][T11524] team0: Port device team_slave_1 added
[  300.484651][T11524] batman_adv: batadv0: Adding interface: batadv_slave_0
[  300.500791][T11524] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  300.539461][T11524] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  300.581031][T11524] batman_adv: batadv0: Adding interface: batadv_slave_1
[  300.596158][T11524] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  300.713967][T11524] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  300.982337][T11524] hsr_slave_0: entered promiscuous mode
[  300.998434][T11524] hsr_slave_1: entered promiscuous mode
[  301.034448][T11524] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  301.164427][T11524] Cannot create hsr debugfs directory
[  301.296394][ T5835] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  301.447506][ T5835] usb 3-1: device descriptor read/64, error -71
[  301.986892][ T5834] Bluetooth: hci6: command tx timeout
[  302.016698][ T5835] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  302.166725][ T5835] usb 3-1: device descriptor read/64, error -71
[  302.286917][ T5835] usb usb3-port1: attempt power cycle
[  302.348924][T11524] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  302.389754][T11524] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  302.470246][T11524] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  302.526520][ T5893] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  302.540189][T11524] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  302.676557][ T5835] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  302.727614][ T5893] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  302.727967][ T5835] usb 3-1: device descriptor read/8, error -71
[  302.777496][ T5893] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  302.835606][ T5893] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.890863][ T5893] usb 6-1: Product: syz
[  302.895081][ T5893] usb 6-1: Manufacturer: syz
[  302.936494][ T5893] usb 6-1: SerialNumber: syz
[  302.942227][T11587] syz.0.776 (11587): drop_caches: 2
[  302.957833][T11583] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  302.971974][T11524] 8021q: adding VLAN 0 to HW filter on device bond0
[  303.017552][ T5835] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  303.055434][T11587] syz.0.776 (11587): drop_caches: 2
[  303.073323][ T5835] usb 3-1: device descriptor read/8, error -71
[  303.113815][T11524] 8021q: adding VLAN 0 to HW filter on device team0
[  303.210115][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.217338][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[  303.236956][ T5893] usblp 6-1:1.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 2 vid 0x0525 pid 0xA4A8
[  303.237282][ T5835] usb usb3-port1: unable to enumerate USB device
[  303.312360][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.319897][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[  303.634591][T11592] IPVS: Error connecting to the multicast addr
[  303.813301][T11524] 8021q: adding VLAN 0 to HW filter on device batadv0
[  303.935219][T11524] veth0_vlan: entered promiscuous mode
[  303.989582][T11524] veth1_vlan: entered promiscuous mode
[  304.077675][ T5834] Bluetooth: hci6: command tx timeout
[  304.160806][T11524] veth0_macvtap: entered promiscuous mode
[  304.181851][T11524] veth1_macvtap: entered promiscuous mode
[  304.203394][T11605] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.333488][T11524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  304.346629][T11605] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.381220][T11605] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.386998][T11524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  304.416769][T11605] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.446397][ T5893] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  304.485264][T11524] batman_adv: batadv0: Interface activated: batadv_slave_0
[  304.521230][T11524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  304.583729][T11524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  304.652570][T11524] batman_adv: batadv0: Interface activated: batadv_slave_1
[  304.722485][T11524] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  304.775277][T11524] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  304.814636][T11524] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  304.849906][T11524] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  304.928414][T11612] syz.3.782 (11612): drop_caches: 2
[  304.941299][T11612] syz.3.782 (11612): drop_caches: 2
[  304.997166][T11614] netlink: 8 bytes leftover after parsing attributes in process `syz.3.783'.
[  305.006085][T11614] netlink: 16 bytes leftover after parsing attributes in process `syz.3.783'.
[  305.315501][ T5891] usb 6-1: USB disconnect, device number 8
[  305.378004][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  305.385868][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  305.448711][ T5891] usblp0: removed
[  305.822983][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  305.856946][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.147315][ T5834] Bluetooth: hci6: command tx timeout
[  306.557615][T11635] syz.3.788 (11635): drop_caches: 2
[  306.563340][T11635] syz.3.788 (11635): drop_caches: 2
[  306.635773][T11637] syz.5.789 (11637): drop_caches: 2
[  306.673382][T11637] syz.5.789 (11637): drop_caches: 2
[  306.727283][T11640] netlink: 8 bytes leftover after parsing attributes in process `syz.6.790'.
[  306.738524][T11640] netlink: 16 bytes leftover after parsing attributes in process `syz.6.790'.
[  306.805236][T11640] batadv0: entered promiscuous mode
[  306.847772][T11643] netlink: 24 bytes leftover after parsing attributes in process `syz.5.791'.
[  306.907292][T11640] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  307.126988][T11646] netlink: 156 bytes leftover after parsing attributes in process `syz.3.792'.
[  307.176380][ T5891] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  307.399316][ T5891] usb 6-1: unable to get BOS descriptor or descriptor too short
[  307.435617][ T5891] usb 6-1: not running at top speed; connect to a high speed hub
[  307.496017][ T5891] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  307.540967][ T5891] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  307.608670][ T5891] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  307.642951][ T5891] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.686471][ T5891] usb 6-1: Product: syz
[  307.690716][ T5891] usb 6-1: Manufacturer: syz
[  307.745186][ T5891] usb 6-1: SerialNumber: syz
[  308.017113][ T5891] usb 6-1: 0:2 : does not exist
[  308.030314][ T5891] usb 6-1: unit 4 not found!
[  308.077098][ T5891] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[  308.139894][ T5891] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5)
[  308.213520][ T5891] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5)
[  308.273960][ T5891] usb 6-1: USB disconnect, device number 9
[  308.517482][T10445] udevd[10445]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  308.698096][T11661] netlink: 8 bytes leftover after parsing attributes in process `syz.3.794'.
[  308.711976][T11661] netlink: 32 bytes leftover after parsing attributes in process `syz.3.794'.
[  311.096331][   T24] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  311.290740][   T24] usb 6-1: Using ep0 maxpacket: 16
[  311.335911][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[  311.419562][   T24] usb 6-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[  311.458938][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.538624][   T24] usb 6-1: config 0 descriptor??
[  312.027254][   T24] input: HID 0458:5013 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5013.0006/input/input18
[  312.162921][   T24] input: HID 0458:5013 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5013.0006/input/input19
[  312.196549][T11680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  312.228001][   T24] kye 0003:0458:5013.0006: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0458:5013] on usb-dummy_hcd.5-1/input0
[  312.230100][T11680] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  312.319252][   T24] usb 6-1: USB disconnect, device number 10
[  313.750121][ T5891] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  313.945812][ T5891] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  313.987429][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.026617][ T5891] usb 1-1: Product: syz
[  314.030832][ T5891] usb 1-1: Manufacturer: syz
[  314.035447][ T5891] usb 1-1: SerialNumber: syz
[  314.078710][ T5891] r8152-cfgselector 1-1: Unknown version 0x0000
[  314.106547][ T5891] r8152-cfgselector 1-1: config 0 descriptor??
[  314.524976][ T5891] r8152-cfgselector 1-1: USB disconnect, device number 37
[  314.942616][T11726] netlink: 44 bytes leftover after parsing attributes in process `syz.5.814'.
[  317.031414][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  317.038050][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  320.905686][T11808] input: syz0 as /devices/virtual/input/input20
[  324.275474][   T30] kauditd_printk_skb: 66 callbacks suppressed
[  324.275494][   T30] audit: type=1326 audit(1743980217.888:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11838 comm="syz.5.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648718d169 code=0x7fc00000
[  326.356345][   T30] audit: type=1326 audit(1743980219.968:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11870 comm="syz.2.866" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f562e18d169 code=0x0
[  327.668330][T11883] netlink: 8 bytes leftover after parsing attributes in process `syz.2.868'.
[  328.519909][   T24] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  328.756375][ T5891] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  328.877228][   T24] usb 3-1: config 0 has no interfaces?
[  328.924524][   T24] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  328.986462][ T5891] usb 6-1: Using ep0 maxpacket: 8
[  328.986465][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.986489][   T24] usb 3-1: Product: syz
[  329.065705][ T5891] usb 6-1: unable to get BOS descriptor or descriptor too short
[  329.084122][ T5891] usb 6-1: no configurations
[  329.093878][ T5891] usb 6-1: can't read configurations, error -22
[  329.174761][   T24] usb 3-1: Manufacturer: syz
[  329.231869][   T24] usb 3-1: SerialNumber: syz
[  329.267031][   T24] usb 3-1: config 0 descriptor??
[  329.983622][T11901] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  329.993611][T11901] Bluetooth: hci6: Error when powering off device on rfkill (-4)
[  330.336486][   T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  330.516444][   T24] usb 7-1: Using ep0 maxpacket: 8
[  330.544262][   T24] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  330.560153][   T24] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  330.613084][   T24] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  330.652928][T11917] FAULT_INJECTION: forcing a failure.
[  330.652928][T11917] name failslab, interval 1, probability 0, space 0, times 0
[  330.703147][   T24] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  330.768828][T11917] CPU: 1 UID: 0 PID: 11917 Comm: syz.3.878 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  330.768862][T11917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  330.768877][T11917] Call Trace:
[  330.768886][T11917]  <TASK>
[  330.768896][T11917]  dump_stack_lvl+0x241/0x360
[  330.768950][T11917]  ? __pfx_dump_stack_lvl+0x10/0x10
[  330.768990][T11917]  ? __pfx__printk+0x10/0x10
[  330.769019][T11917]  ? __pfx___might_resched+0x10/0x10
[  330.769047][T11917]  should_fail_ex+0x424/0x570
[  330.769074][T11917]  should_failslab+0xac/0x100
[  330.769105][T11917]  __kmalloc_noprof+0xdf/0x4d0
[  330.769131][T11917]  ? tomoyo_encode+0x26f/0x540
[  330.769164][T11917]  tomoyo_encode+0x26f/0x540
[  330.769193][T11917]  ? __pfx_anon_inodefs_dname+0x10/0x10
[  330.769225][T11917]  tomoyo_realpath_from_path+0x59e/0x5e0
[  330.769266][T11917]  tomoyo_path_number_perm+0x245/0x790
[  330.769294][T11917]  ? tomoyo_path_number_perm+0x215/0x790
[  330.769320][T11917]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  330.769345][T11917]  ? sb_end_write+0xe9/0x1c0
[  330.769375][T11917]  ? vfs_write+0xb29/0xd10
[  330.769431][T11917]  ? ksys_write+0x266/0x2d0
[  330.769460][T11917]  security_file_ioctl+0xc6/0x2a0
[  330.769486][T11917]  __se_sys_ioctl+0x46/0x160
[  330.769561][T11917]  do_syscall_64+0xf3/0x230
[  330.769587][T11917]  ? clear_bhb_loop+0x45/0xa0
[  330.769623][T11917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.769642][T11917] RIP: 0033:0x7f26fd78d169
[  330.769659][T11917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  330.769675][T11917] RSP: 002b:00007f26fe533038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  330.769697][T11917] RAX: ffffffffffffffda RBX: 00007f26fd9a5fa0 RCX: 00007f26fd78d169
[  330.769712][T11917] RDX: 0000000000000000 RSI: 000000004008ae61 RDI: 0000000000000004
[  330.769724][T11917] RBP: 00007f26fe533090 R08: 0000000000000000 R09: 0000000000000000
[  330.769736][T11917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  330.769748][T11917] R13: 0000000000000000 R14: 00007f26fd9a5fa0 R15: 00007f26fdacfa28
[  330.769777][T11917]  </TASK>
[  330.769847][   T24] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  330.996572][T11917] ERROR: Out of memory at tomoyo_realpath_from_path.
[  331.132089][T11921] netlink: 4 bytes leftover after parsing attributes in process `syz.0.880'.
[  331.378733][   T24] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  331.391945][   T24] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  331.456329][   T24] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  331.476294][   T24] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  331.495719][T11927] netlink: 8 bytes leftover after parsing attributes in process `syz.0.881'.
[  331.535952][   T24] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  331.608930][   T24] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  331.610449][T11930] netlink: 'syz.3.883': attribute type 9 has an invalid length.
[  331.666996][   T54] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  331.695452][   T24] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  331.698568][T11930] netlink: 8 bytes leftover after parsing attributes in process `syz.3.883'.
[  331.742711][   T24] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  331.816057][   T24] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  331.834418][   T54] usb 6-1: Using ep0 maxpacket: 32
[  331.856836][   T24] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  331.876835][   T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  331.920571][   T54] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0
[  331.941227][ T5835] usb 3-1: USB disconnect, device number 44
[  331.959952][   T24] usb 7-1: string descriptor 0 read error: -22
[  331.967926][   T24] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  331.979175][   T54] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  331.996334][   T54] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  332.021463][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.037902][   T54] usb 6-1: Product: syz
[  332.056307][   T54] usb 6-1: Manufacturer: syz
[  332.074928][   T54] usb 6-1: SerialNumber: syz
[  332.121525][   T54] usb 6-1: config 0 descriptor??
[  332.156444][   T24] adutux 7-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  332.434192][ T5835] usb 6-1: USB disconnect, device number 13
[  332.586836][ T5891] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  332.658946][ T3474] usb 7-1: USB disconnect, device number 2
[  332.665284][T11944] usb 7-1: Couldn't submit interrupt_out_urb -19
[  332.856276][ T5891] usb 3-1: Using ep0 maxpacket: 8
[  333.105040][ T5891] usb 3-1: unable to get BOS descriptor or descriptor too short
[  333.141118][ T5891] usb 3-1: no configurations
[  333.171445][ T5891] usb 3-1: can't read configurations, error -22
[  333.691727][T11951] syz.5.889 (11951): drop_caches: 2
[  333.700120][T11951] syz.5.889 (11951): drop_caches: 2
[  333.751104][T11957] syz.2.891 (11957): drop_caches: 2
[  333.756716][T11957] syz.2.891 (11957): drop_caches: 2
[  333.763337][T11957] syz.2.891 (11957): drop_caches: 2
[  334.273798][T11964] netlink: 8 bytes leftover after parsing attributes in process `syz.2.894'.
[  335.176524][ T3474] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  335.463891][T11983] syz.2.899: attempt to access beyond end of device
[  335.463891][T11983] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  335.484744][T11962] netlink: 'syz.6.895': attribute type 2 has an invalid length.
[  335.515957][ T3474] usb 4-1: Using ep0 maxpacket: 16
[  335.644206][ T3474] usb 4-1: config 0 has an invalid interface number: 4 but max is 0
[  335.809814][ T3474] usb 4-1: config 0 has no interface number 0
[  335.815998][ T3474] usb 4-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  335.938596][ T3474] usb 4-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  336.030941][ T3474] usb 4-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  336.205206][ T3474] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.271930][ T3474] usb 4-1: config 0 descriptor??
[  336.746394][   T24] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  336.797852][T11976] x_tables: duplicate underflow at hook 3
[  336.860652][T11995] syz.6.903: attempt to access beyond end of device
[  336.860652][T11995] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  336.986352][   T24] usb 3-1: Using ep0 maxpacket: 8
[  337.420921][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  337.451052][   T24] usb 3-1: no configurations
[  337.596457][   T24] usb 3-1: can't read configurations, error -22
[  337.701403][T11999] syz.5.904 (11999): drop_caches: 2
[  337.761665][T11999] syz.5.904 (11999): drop_caches: 2
[  338.416342][ T5835] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  338.605678][ T5835] usb 7-1: Using ep0 maxpacket: 16
[  338.686783][ T5835] usb 7-1: config 0 has an invalid interface number: 4 but max is 0
[  338.726424][   T24] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  338.756365][ T5835] usb 7-1: config 0 has no interface number 0
[  338.850702][ T5835] usb 7-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  339.005145][ T5835] usb 7-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  339.069162][   T24] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  339.085573][ T5835] usb 7-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  339.246365][   T24] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  339.283989][ T5835] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.292411][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.322003][   T24] usb 3-1: Product: syz
[  339.362213][   T24] usb 3-1: Manufacturer: syz
[  339.368478][ T3474] usbhid 4-1:0.4: can't add hid device: -71
[  339.374495][   T24] usb 3-1: SerialNumber: syz
[  339.387860][ T5835] usb 7-1: config 0 descriptor??
[  339.392966][ T3474] usbhid 4-1:0.4: probe with driver usbhid failed with error -71
[  339.408453][T12006] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  339.410626][ T3474] usb 4-1: USB disconnect, device number 44
[  339.494492][T12019] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  339.626710][   T24] usblp 3-1:1.0: usblp0: USB Bidirectional printer dev 48 if 0 alt 0 proto 2 vid 0x0525 pid 0xA4A8
[  339.957370][T12005] x_tables: duplicate underflow at hook 3
[  340.062295][ T3474] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  340.438522][ T3474] usb 4-1: Using ep0 maxpacket: 32
[  340.455226][ T3474] usb 4-1: config 0 has an invalid interface number: 221 but max is 0
[  340.463675][ T3474] usb 4-1: config 0 has no interface number 0
[  340.473159][ T3474] usb 4-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  340.492030][ T3474] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.601731][ T3474] usb 4-1: Product: syz
[  340.627788][ T3474] usb 4-1: Manufacturer: syz
[  340.656147][ T3474] usb 4-1: SerialNumber: syz
[  340.709842][ T3474] usb 4-1: config 0 descriptor??
[  341.954897][ T5835] usbhid 7-1:0.4: can't add hid device: -71
[  341.961194][ T5835] usbhid 7-1:0.4: probe with driver usbhid failed with error -71
[  341.999652][ T5835] usb 7-1: USB disconnect, device number 3
[  342.178078][ T3474] usb 3-1: USB disconnect, device number 48
[  342.195593][T12033] syz.5.911: attempt to access beyond end of device
[  342.195593][T12033] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  342.249084][ T3474] usblp0: removed
[  342.585326][  T918] usb 4-1: USB disconnect, device number 45
[  342.746622][ T5835] usb 3-1: new full-speed USB device number 49 using dummy_hcd
[  342.754403][ T3474] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  342.939497][ T5835] usb 3-1: not running at top speed; connect to a high speed hub
[  342.948019][ T3474] usb 7-1: Using ep0 maxpacket: 32
[  342.978836][ T3474] usb 7-1: config 0 interface 0 has no altsetting 0
[  342.985677][ T5835] usb 3-1: config 1 interface 0 altsetting 7 endpoint 0x1 has invalid maxpacket 1023, setting to 64
[  343.009601][ T3474] usb 7-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  343.026308][ T5835] usb 3-1: config 1 interface 0 altsetting 7 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  343.047269][ T3474] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.079285][ T3474] usb 7-1: Product: syz
[  343.083500][ T3474] usb 7-1: Manufacturer: syz
[  343.098886][ T5835] usb 3-1: config 1 interface 0 has no altsetting 0
[  343.129163][ T3474] usb 7-1: SerialNumber: syz
[  343.138778][ T5835] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  343.147963][ T5896] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  343.167551][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.175815][ T5835] usb 3-1: Product: Ё
[  343.196063][ T5835] usb 3-1: Manufacturer: ю
[  343.203075][ T3474] usb 7-1: config 0 descriptor??
[  343.211050][ T5835] usb 3-1: SerialNumber: ࠖ
[  343.242926][T12043] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  343.256582][T12043] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  343.321765][ T5896] usb 4-1: Using ep0 maxpacket: 8
[  343.361610][ T5896] usb 4-1: unable to get BOS descriptor or descriptor too short
[  343.371813][ T5896] usb 4-1: no configurations
[  343.385438][ T5896] usb 4-1: can't read configurations, error -22
[  343.436559][  T918] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  343.549858][ T5835] usb 3-1: USB disconnect, device number 49
[  343.616633][  T918] usb 6-1: Using ep0 maxpacket: 8
[  343.630955][  T918] usb 6-1: config 0 has an invalid interface number: 88 but max is 0
[  343.640226][ T3474] gs_usb 7-1:0.0: Configuring for 1 interfaces
[  343.656762][  T918] usb 6-1: config 0 has no interface number 0
[  343.669462][  T918] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  343.680075][  T918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.852680][  T918] usb 6-1: Product: syz
[  343.896335][  T918] usb 6-1: Manufacturer: syz
[  343.906597][  T918] usb 6-1: SerialNumber: syz
[  343.962359][  T918] usb 6-1: config 0 descriptor??
[  343.979055][  T918] gspca_main: se401-2.14.0 probing 047d:5003
[  344.078431][ T5835] usb 7-1: USB disconnect, device number 4
[  344.188986][T12047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  344.239529][T12047] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  345.167933][  T918] gspca_se401: read req failed req 0x06 error -19
[  345.231628][  T918] usb 6-1: USB disconnect, device number 14
[  345.285193][T12077] syz.2.927: attempt to access beyond end of device
[  345.285193][T12077] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  345.566545][ T5896] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  345.764082][ T5896] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  345.797135][ T5896] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 7
[  345.850498][T12080] bridge0: port 3(syz_tun) entered disabled state
[  345.870938][ T5896] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  345.916513][ T5896] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.080785][ T5896] usb 7-1: Product: syz
[  346.085009][ T5896] usb 7-1: Manufacturer: syz
[  346.143355][T12080] syz_tun (unregistering): left allmulticast mode
[  346.162440][ T5896] usb 7-1: SerialNumber: syz
[  346.196389][T12080] syz_tun (unregistering): left promiscuous mode
[  346.213127][T12080] bridge0: port 3(syz_tun) entered disabled state
[  346.253140][  T918] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  346.296069][ T5896] usb 7-1: config 0 descriptor??
[  346.506266][  T918] usb 4-1: Using ep0 maxpacket: 8
[  346.629736][ T5896] usb 7-1: USB disconnect, device number 5
[  346.759826][  T918] usb 4-1: unable to get BOS descriptor or descriptor too short
[  346.777366][T12103] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.826295][  T918] usb 4-1: no configurations
[  346.830945][  T918] usb 4-1: can't read configurations, error -22
[  347.209691][ T5972] udevd[5972]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  347.784166][T12125] veth4: entered allmulticast mode
[  347.887317][T12126] veth6: entered allmulticast mode
[  348.198405][T12137] blktrace: Concurrent blktraces are not allowed on sg0
[  348.546346][ T5891] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  348.660804][T12147] syz.6.940: attempt to access beyond end of device
[  348.660804][T12147] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  348.804786][ T5891] usb 3-1: config 0 has no interfaces?
[  348.835109][ T5891] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  348.844398][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.854506][ T5891] usb 3-1: Product: syz
[  348.870744][ T5891] usb 3-1: Manufacturer: syz
[  348.909240][ T5891] usb 3-1: SerialNumber: syz
[  348.968662][ T5891] usb 3-1: config 0 descriptor??
[  349.126287][   T24] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  349.381403][   T24] usb 4-1: config 0 has no interfaces?
[  349.462743][T12145] xt_cgroup: path and classid specified
[  349.468474][   T24] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  349.550839][T12159] input: syz0 as /devices/virtual/input/input21
[  349.604247][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.690052][   T24] usb 4-1: Product: syz
[  349.697877][   T24] usb 4-1: Manufacturer: syz
[  349.704096][   T24] usb 4-1: SerialNumber: syz
[  349.758259][   T24] usb 4-1: config 0 descriptor??
[  350.465829][ T5891] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  351.413396][ T5891] usb 7-1: config 0 has no interfaces?
[  351.432158][ T5891] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  351.441717][ T5891] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.452999][ T5891] usb 7-1: Product: syz
[  351.472254][ T5891] usb 7-1: Manufacturer: syz
[  351.489145][ T5891] usb 7-1: SerialNumber: syz
[  351.513571][ T5891] usb 7-1: config 0 descriptor??
[  352.703638][T12178] overlayfs: missing 'lowerdir'
[  352.925361][ T5893] usb 4-1: USB disconnect, device number 50
[  353.052156][   T24] usb 3-1: USB disconnect, device number 50
[  353.076914][T12178] FAULT_INJECTION: forcing a failure.
[  353.076914][T12178] name failslab, interval 1, probability 0, space 0, times 0
[  353.146444][T12178] CPU: 1 UID: 0 PID: 12178 Comm: syz.3.946 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  353.146476][T12178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  353.146489][T12178] Call Trace:
[  353.146497][T12178]  <TASK>
[  353.146505][T12178]  dump_stack_lvl+0x241/0x360
[  353.146543][T12178]  ? __pfx_dump_stack_lvl+0x10/0x10
[  353.146573][T12178]  ? __pfx__printk+0x10/0x10
[  353.146618][T12178]  ? __pfx___might_resched+0x10/0x10
[  353.146649][T12178]  should_fail_ex+0x424/0x570
[  353.146677][T12178]  should_failslab+0xac/0x100
[  353.146707][T12178]  __kmalloc_noprof+0xdf/0x4d0
[  353.146734][T12178]  ? splice_from_pipe_next+0x616/0x670
[  353.146761][T12178]  ? kernfs_fop_write_iter+0x15a/0x510
[  353.146793][T12178]  kernfs_fop_write_iter+0x15a/0x510
[  353.146828][T12178]  iter_file_splice_write+0xbdf/0x1530
[  353.146887][T12178]  ? __pfx_iter_file_splice_write+0x10/0x10
[  353.146931][T12178]  ? rcu_read_lock_any_held+0xbb/0x160
[  353.146973][T12178]  ? __pfx_iter_file_splice_write+0x10/0x10
[  353.147003][T12178]  direct_splice_actor+0x11b/0x220
[  353.147036][T12178]  splice_direct_to_actor+0x595/0xc90
[  353.147084][T12178]  ? __pfx_direct_splice_actor+0x10/0x10
[  353.147115][T12178]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  353.147155][T12178]  do_splice_direct+0x281/0x3d0
[  353.147194][T12178]  ? __pfx_do_splice_direct+0x10/0x10
[  353.147224][T12178]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  353.147263][T12178]  ? rw_verify_area+0x246/0x630
[  353.147291][T12178]  do_sendfile+0x582/0x8c0
[  353.147332][T12178]  ? __pfx_do_sendfile+0x10/0x10
[  353.147376][T12178]  __se_sys_sendfile64+0x102/0x1e0
[  353.147410][T12178]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  353.147447][T12178]  ? do_syscall_64+0xb6/0x230
[  353.147476][T12178]  do_syscall_64+0xf3/0x230
[  353.147501][T12178]  ? clear_bhb_loop+0x45/0xa0
[  353.147526][T12178]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.147547][T12178] RIP: 0033:0x7f26fd78d169
[  353.147565][T12178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.147589][T12178] RSP: 002b:00007f26fe533038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  353.147612][T12178] RAX: ffffffffffffffda RBX: 00007f26fd9a5fa0 RCX: 00007f26fd78d169
[  353.147628][T12178] RDX: 0000200000000000 RSI: 0000000000000004 RDI: 0000000000000004
[  353.147641][T12178] RBP: 00007f26fe533090 R08: 0000000000000000 R09: 0000000000000000
[  353.147654][T12178] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  353.147674][T12178] R13: 0000000000000000 R14: 00007f26fd9a5fa0 R15: 00007f26fdacfa28
[  353.147706][T12178]  </TASK>
[  353.592500][ T3474] usb 7-1: USB disconnect, device number 6
[  353.893519][ T5893] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  353.913460][T12190] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  353.941488][T12190] vivid-000: disconnect
[  354.048018][T12192] blktrace: Concurrent blktraces are not allowed on sg0
[  354.104240][ T5893] usb 6-1: config 33 has 0 interfaces, different from the descriptor's value: 9
[  354.148392][ T5893] usb 6-1: New USB device found, idVendor=17ef, idProduct=60a3, bcdDevice= 0.00
[  354.177184][ T5893] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.363436][T12196] syz.2.952: attempt to access beyond end of device
[  354.363436][T12196] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  354.658735][T12199] input: syz0 as /devices/virtual/input/input22
[  355.729058][T12208] block device autoloading is deprecated and will be removed.
[  356.192902][  T918] usb 6-1: USB disconnect, device number 15
[  356.199752][T12184] vivid-000: reconnect
[  356.351622][ T5891] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  356.581568][ T5891] usb 3-1: config 0 has no interfaces?
[  356.778024][ T5891] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  356.836404][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.978790][ T5891] usb 3-1: Product: syz
[  356.983015][ T5891] usb 3-1: Manufacturer: syz
[  357.032858][ T5891] usb 3-1: SerialNumber: syz
[  357.064398][ T5891] usb 3-1: config 0 descriptor??
[  357.106417][ T3474] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  357.290445][ T3474] usb 4-1: config 0 has no interfaces?
[  357.301968][ T3474] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  357.320362][T12228] blktrace: Concurrent blktraces are not allowed on sg0
[  357.375438][ T3474] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.464840][ T3474] usb 4-1: Product: syz
[  357.483562][ T3474] usb 4-1: Manufacturer: syz
[  357.504320][ T3474] usb 4-1: SerialNumber: syz
[  357.534987][ T3474] usb 4-1: config 0 descriptor??
[  357.658570][T12232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  357.831938][T12232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  359.136525][ T3474] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  359.298641][ T3474] usb 6-1: config 0 has an invalid interface number: 223 but max is 0
[  359.310371][ T3474] usb 6-1: config 0 has no interface number 0
[  359.349803][ T3474] usb 6-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice=72.28
[  359.362522][ T3474] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.443885][ T3474] usb 6-1: Product: syz
[  359.484268][ T3474] usb 6-1: Manufacturer: syz
[  359.502407][ T3474] usb 6-1: SerialNumber: syz
[  359.754405][ T5835] usb 3-1: USB disconnect, device number 51
[  359.782072][ T3474] usb 6-1: config 0 descriptor??
[  359.818418][ T3474] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.223/input/input23
[  360.010012][ T5196] bcm5974 6-1:0.223: could not read from device
[  360.091117][ T5196] bcm5974 6-1:0.223: could not read from device
[  360.119501][ T3474] usb 6-1: USB disconnect, device number 16
[  360.675904][T12254] syz.6.970 (12254): drop_caches: 2
[  360.799757][T12254] syz.6.970 (12254): drop_caches: 2
[  361.276647][ T3474] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  361.309548][ T5835] usb 4-1: USB disconnect, device number 51
[  361.336172][T12266] blktrace: Concurrent blktraces are not allowed on sg0
[  361.552634][ T3474] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  361.563946][ T3474] usb 6-1: config 0 interface 0 has no altsetting 0
[  361.639838][ T3474] usb 6-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00
[  361.686285][ T3474] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.752343][ T3474] usb 6-1: config 0 descriptor??
[  361.846341][ T5835] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  361.950873][T12272] netlink: 52 bytes leftover after parsing attributes in process `syz.6.976'.
[  361.991379][   T24] usb 6-1: USB disconnect, device number 17
[  362.112072][ T5835] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  362.125411][T12273] netlink: 'syz.6.976': attribute type 6 has an invalid length.
[  362.162947][ T5835] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  362.260439][ T5835] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.287601][ T5835] usb 4-1: Product: syz
[  362.354816][ T5835] usb 4-1: Manufacturer: syz
[  362.646288][ T5835] usb 4-1: SerialNumber: syz
[  362.671755][T12268] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  362.884306][T12278] FAULT_INJECTION: forcing a failure.
[  362.884306][T12278] name failslab, interval 1, probability 0, space 0, times 0
[  362.906323][T12278] CPU: 1 UID: 0 PID: 12278 Comm: syz.5.978 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  362.906362][T12278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  362.906379][T12278] Call Trace:
[  362.906388][T12278]  <TASK>
[  362.906396][T12278]  dump_stack_lvl+0x241/0x360
[  362.906434][T12278]  ? __pfx_dump_stack_lvl+0x10/0x10
[  362.906465][T12278]  ? __pfx__printk+0x10/0x10
[  362.906509][T12278]  should_fail_ex+0x424/0x570
[  362.906536][T12278]  should_failslab+0xac/0x100
[  362.906567][T12278]  __kmalloc_cache_noprof+0x73/0x370
[  362.906589][T12278]  ? sctp_add_bind_addr+0x89/0x3a0
[  362.906613][T12278]  sctp_add_bind_addr+0x89/0x3a0
[  362.906636][T12278]  sctp_copy_local_addr_list+0x313/0x500
[  362.906658][T12278]  ? sctp_copy_local_addr_list+0xad/0x500
[  362.906678][T12278]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  362.906700][T12278]  ? sctp_v6_is_any+0x60/0x70
[  362.906723][T12278]  ? sctp_copy_one_addr+0x94/0x360
[  362.906745][T12278]  sctp_bind_addr_copy+0x176/0x3b0
[  362.906770][T12278]  sctp_connect_new_asoc+0x337/0x700
[  362.906788][T12278]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  362.906801][T12278]  ? sctp_sendmsg+0xf30/0x3620
[  362.906830][T12278]  ? sctp_endpoint_lookup_assoc+0xc9/0x250
[  362.906853][T12278]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  362.906872][T12278]  sctp_sendmsg+0x2009/0x3620
[  362.906911][T12278]  ? __pfx_sctp_sendmsg+0x10/0x10
[  362.906937][T12278]  ? aa_sk_perm+0x96f/0xac0
[  362.906969][T12278]  ? inet_sendmsg+0x330/0x390
[  362.906989][T12278]  __sock_sendmsg+0x1a6/0x270
[  362.907013][T12278]  ____sys_sendmsg+0x523/0x860
[  362.907036][T12278]  ? __pfx_____sys_sendmsg+0x10/0x10
[  362.907050][T12278]  ? __fget_files+0x2a/0x420
[  362.907074][T12278]  ? __fget_files+0x2a/0x420
[  362.907094][T12278]  __sys_sendmmsg+0x3a0/0x7b0
[  362.907120][T12278]  ? __pfx___sys_sendmmsg+0x10/0x10
[  362.907163][T12278]  ? rcu_read_lock_any_held+0xbb/0x160
[  362.907184][T12278]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  362.907207][T12278]  ? vfs_write+0xb29/0xd10
[  362.907232][T12278]  ? ksys_write+0x24e/0x2d0
[  362.907252][T12278]  ? __mutex_unlock_slowpath+0x229/0x800
[  362.907293][T12278]  ? ksys_write+0x275/0x2d0
[  362.907319][T12278]  __x64_sys_sendmmsg+0xa0/0xb0
[  362.907337][T12278]  do_syscall_64+0xf3/0x230
[  362.907356][T12278]  ? clear_bhb_loop+0x45/0xa0
[  362.907374][T12278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.907388][T12278] RIP: 0033:0x7f648718d169
[  362.907401][T12278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  362.907414][T12278] RSP: 002b:00007f6487f68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  362.907431][T12278] RAX: ffffffffffffffda RBX: 00007f64873a5fa0 RCX: 00007f648718d169
[  362.907443][T12278] RDX: 0000000000000002 RSI: 0000200000000780 RDI: 0000000000000003
[  362.907453][T12278] RBP: 00007f6487f68090 R08: 0000000000000000 R09: 0000000000000000
[  362.907462][T12278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  362.907471][T12278] R13: 0000000000000000 R14: 00007f64873a5fa0 R15: 00007f64874cfa28
[  362.907494][T12278]  </TASK>
[  363.407356][ T5835] usblp 4-1:1.0: usblp0: USB Bidirectional printer dev 52 if 0 alt 0 proto 2 vid 0x0525 pid 0xA4A8
[  363.646906][ T5891] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  363.770093][ T5835] usb 4-1: USB disconnect, device number 52
[  363.782186][ T5835] usblp0: removed
[  363.830385][ T5891] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  363.858409][ T5891] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  363.894507][ T5891] usb 6-1: config 1 has no interface number 0
[  363.910920][ T5891] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  363.935901][ T5891] usb 6-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  364.018870][ T5891] usb 6-1: too many endpoints for config 1 interface 1 altsetting 1: 48, using maximum allowed: 30
[  364.060337][ T5891] usb 6-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[  364.126712][ T5891] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  364.146168][ T5891] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.154284][ T5891] usb 6-1: Product: syz
[  364.178948][ T5891] usb 6-1: Manufacturer: syz
[  364.192837][ T5891] usb 6-1: SerialNumber: syz
[  364.441536][T12298] netlink: 12 bytes leftover after parsing attributes in process `syz.3.985'.
[  364.531970][T12298] netlink: 'syz.3.985': attribute type 9 has an invalid length.
[  364.581417][T12298] netlink: 8 bytes leftover after parsing attributes in process `syz.3.985'.
[  365.077562][T12280] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  365.086374][T12280] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.324031][T12308] blktrace: Concurrent blktraces are not allowed on sg0
[  365.373883][   T30] audit: type=1400 audit(1743980258.918:223): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=3A3A0AE10CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A552C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=12279 comm="syz.5.979"
[  365.750722][ T5891] cdc_ncm 6-1:1.1: failed GET_NTB_PARAMETERS
[  365.764179][ T5891] cdc_ncm 6-1:1.1: bind() failure
[  365.801092][ T5891] usb 6-1: USB disconnect, device number 18
[  365.979754][T12310] netlink: 'syz.3.987': attribute type 10 has an invalid length.
[  366.018243][T12310] syz_tun: entered promiscuous mode
[  366.049379][T12310] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  367.116608][ T5835] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  367.245182][T12331] loop6: detected capacity change from 0 to 63
[  367.273629][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 0
[  367.309492][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  367.318800][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  367.342738][    C1] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  367.351914][    C1] Buffer I/O error on dev loop6, logical block 1, async page read
[  367.370050][    C1] I/O error, dev loop6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  367.379321][    C1] Buffer I/O error on dev loop6, logical block 2, async page read
[  367.387231][    C1] I/O error, dev loop6, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  367.396589][    C1] Buffer I/O error on dev loop6, logical block 3, async page read
[  367.416484][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  367.425626][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  367.433541][    C1] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  367.442705][    C1] Buffer I/O error on dev loop6, logical block 1, async page read
[  367.450610][    C1] I/O error, dev loop6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  367.459877][    C1] Buffer I/O error on dev loop6, logical block 2, async page read
[  367.467803][    C1] I/O error, dev loop6, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  367.477044][    C1] Buffer I/O error on dev loop6, logical block 3, async page read
[  367.496470][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  367.505635][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  367.529012][    C0] Buffer I/O error on dev loop6, logical block 1, async page read
[  367.646843][ T5835] usb 7-1: Using ep0 maxpacket: 16
[  367.656879][ T5835] usb 7-1: config 0 has an invalid interface number: 4 but max is 0
[  367.665007][ T5835] usb 7-1: config 0 has no interface number 0
[  367.671880][ T5835] usb 7-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  367.751635][ T5835] usb 7-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  367.820039][ T5835] usb 7-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  367.881907][ T5835] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.962017][ T5835] usb 7-1: config 0 descriptor??
[  368.486332][ T5893] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  368.512362][T12326] x_tables: duplicate underflow at hook 3
[  368.696596][ T5893] usb 4-1: Using ep0 maxpacket: 16
[  368.707273][ T5893] usb 4-1: config 0 has an invalid interface number: 4 but max is 0
[  368.715682][ T5893] usb 4-1: config 0 has no interface number 0
[  368.722943][ T5893] usb 4-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.746302][ T5893] usb 4-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.779770][ T5893] usb 4-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  368.811931][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.900002][ T5893] usb 4-1: config 0 descriptor??
[  369.517849][T12339] x_tables: duplicate underflow at hook 3
[  370.082798][ T5835] usbhid 7-1:0.4: can't add hid device: -71
[  370.099694][ T5835] usbhid 7-1:0.4: probe with driver usbhid failed with error -71
[  370.208637][ T5835] usb 7-1: USB disconnect, device number 7
[  370.723913][T12351] blktrace: Concurrent blktraces are not allowed on sg0
[  371.700924][T12363] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1000'.
[  372.383466][ T5893] usbhid 4-1:0.4: can't add hid device: -71
[  372.390733][ T5893] usbhid 4-1:0.4: probe with driver usbhid failed with error -71
[  372.486842][ T5893] usb 4-1: USB disconnect, device number 53
[  373.786537][ T5896] usb 4-1: new full-speed USB device number 54 using dummy_hcd
[  373.897976][ T5835] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  374.019619][ T5896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10
[  374.037691][   T36] bridge_slave_1: left allmulticast mode
[  374.051029][ T5896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  374.079229][   T36] bridge_slave_1: left promiscuous mode
[  374.086441][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  374.093821][ T5896] usb 4-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66
[  374.103449][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.122131][ T5896] usb 4-1: Product: syz
[  374.131958][ T5896] usb 4-1: Manufacturer: syz
[  374.140324][ T5896] usb 4-1: SerialNumber: syz
[  374.185066][ T5896] usb 4-1: config 0 descriptor??
[  374.212538][ T5896] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -90
[  374.269627][ T5835] usb 7-1: config 0 has no interfaces?
[  374.298222][ T5835] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  374.307479][ T5835] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.315464][ T5835] usb 7-1: Product: syz
[  374.347641][   T36] bridge_slave_0: left allmulticast mode
[  374.380579][ T5835] usb 7-1: Manufacturer: syz
[  374.399930][ T5835] usb 7-1: SerialNumber: syz
[  374.429886][ T5835] usb 7-1: config 0 descriptor??
[  374.438042][   T36] bridge_slave_0: left promiscuous mode
[  374.490962][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  374.603795][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  374.613385][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  374.623692][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  374.632311][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  374.641244][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  374.736311][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  374.756845][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  374.764308][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  374.775925][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  374.784795][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  376.833094][ T5891] usb 7-1: USB disconnect, device number 8
[  376.867011][ T5839] Bluetooth: hci0: command tx timeout
[  377.271052][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  377.336549][ T5835] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  377.361586][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  377.415876][T12400] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  377.422410][T12400] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  377.497149][   T36] bond0 (unregistering): Released all slaves
[  377.528220][ T5835] usb 7-1: Using ep0 maxpacket: 16
[  377.558045][ T5835] usb 7-1: config 5 has an invalid interface number: 123 but max is 0
[  377.576432][ T5835] usb 7-1: config 5 has no interface number 0
[  377.605536][ T5835] usb 7-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  377.664563][ T5835] usb 7-1: config 5 interface 123 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 32
[  377.669970][T12400] vhci_hcd vhci_hcd.0: Device attached
[  377.718915][ T5835] usb 7-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xE6, changing to 0x86
[  377.803435][ T5835] usb 7-1: config 5 interface 123 altsetting 7 endpoint 0x86 has invalid wMaxPacketSize 0
[  377.913962][ T5893] usb 43-1: new high-speed USB device number 2 using vhci_hcd
[  377.924134][ T5835] usb 7-1: config 5 interface 123 has no altsetting 0
[  377.961058][ T5835] usb 7-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  377.995349][ T5835] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.005700][ T5835] usb 7-1: Product: syz
[  378.010083][ T5835] usb 7-1: Manufacturer: syz
[  378.018327][ T5835] usb 7-1: SerialNumber: syz
[  378.062265][T12397] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  378.203457][ T3474] usb 4-1: USB disconnect, device number 54
[  378.252763][T12401] vhci_hcd: connection reset by peer
[  378.288309][   T13] vhci_hcd: stop threads
[  378.292641][   T13] vhci_hcd: release socket
[  378.331575][T12408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  378.356622][T12408] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  378.404477][   T13] vhci_hcd: disconnect device
[  378.472750][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  378.479522][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  378.937815][ T5835] ni6501 7-1:5.123: driver 'ni6501' failed to auto-configure device.
[  378.947124][ T5839] Bluetooth: hci0: command tx timeout
[  379.047449][ T5835] usb 7-1: USB disconnect, device number 9
[  379.534368][T12386] chnl_net:caif_netlink_parms(): no params data found
[  379.959765][   T36] hsr_slave_0: left promiscuous mode
[  380.136426][   T36] hsr_slave_1: left promiscuous mode
[  380.168800][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  380.278309][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  380.593060][   T36] team0 (unregistering): Port device batadv3 removed
[  380.679860][   T36] team0 (unregistering): Port device batadv2 removed
[  380.782270][T12443] syz.5.1021 (12443): drop_caches: 2
[  380.794178][   T36] team0 (unregistering): Port device batadv1 removed
[  380.866545][T12443] syz.5.1021 (12443): drop_caches: 2
[  381.026624][   T31] INFO: task syz.1.474:10173 blocked for more than 143 seconds.
[  381.036555][ T5839] Bluetooth: hci0: command tx timeout
[  381.054640][   T31]       Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  381.125424][   T31]       Blocked by coredump.
[  381.238980][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  381.288544][   T31] task:syz.1.474       state:D stack:25080 pid:10173 tgid:10170 ppid:5856   task_flags:0x400548 flags:0x00024002
[  381.396338][   T31] Call Trace:
[  381.399675][   T31]  <TASK>
[  381.402623][   T31]  __schedule+0x1b88/0x5240
[  381.426404][   T31]  ? schedule+0x163/0x360
[  381.430798][   T31]  ? __pfx___schedule+0x10/0x10
[  381.435669][   T31]  ? register_lock_class+0x54/0x330
[  381.474111][   T31]  ? schedule+0x90/0x360
[  381.506314][   T31]  ? schedule+0x90/0x360
[  381.510622][   T31]  schedule+0x163/0x360
[  381.514808][   T31]  schedule_timeout+0xb1/0x2b0
[  381.566420][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  381.571852][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  381.595008][   T31]  ? lockdep_hardirqs_on+0x9d/0x150
[  381.606271][   T31]  ? wait_for_completion+0x2d4/0x600
[  381.626266][   T31]  wait_for_completion+0x32f/0x600
[  381.631431][   T31]  ? __pfx_try_to_wake_up+0x10/0x10
[  381.646257][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  381.651949][   T31]  ? io_wq_put_and_exit+0x1b3/0x750
[  381.676261][   T31]  io_wq_put_and_exit+0x374/0x750
[  381.681359][   T31]  ? io_wq_put_and_exit+0x1b3/0x750
[  381.706540][   T31]  ? __pfx_xa_find_after+0x10/0x10
[  381.711705][   T31]  ? __pfx_io_wq_put_and_exit+0x10/0x10
[  381.750519][   T31]  ? io_uring_clean_tctx+0x10c/0x1e0
[  381.755845][   T31]  ? io_uring_del_tctx_node+0x266/0x2b0
[  381.786293][   T31]  io_uring_clean_tctx+0x16a/0x1e0
[  381.827204][   T31]  ? __pfx_io_uring_clean_tctx+0x10/0x10
[  381.832856][   T31]  ? percpu_counter_add_batch+0x1a2/0x1f0
[  381.846255][   T31]  io_uring_cancel_generic+0x74f/0x800
[  381.887051][   T31]  ? __pfx_io_uring_cancel_generic+0x10/0x10
[  381.893069][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[  381.926424][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  381.931681][   T31]  ? io_uring_unreg_ringfd+0x52f/0x540
[  381.966350][   T31]  do_exit+0x685/0x27f0
[  381.981091][   T31]  ? do_raw_spin_lock+0x151/0x370
[  381.986128][   T31]  ? __pfx_do_exit+0x10/0x10
[  382.016455][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  382.021885][   T31]  do_group_exit+0x207/0x2c0
[  382.056259][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  382.076292][   T31]  ? lockdep_hardirqs_on+0x9d/0x150
[  382.086588][   T31]  get_signal+0x1696/0x1730
[  382.091130][   T31]  ? __pfx_get_signal+0x10/0x10
[  382.095987][   T31]  arch_do_signal_or_restart+0x98/0x840
[  382.121200][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  382.127833][   T31]  ? syscall_exit_to_user_mode+0xa3/0x340
[  382.176775][   T31]  syscall_exit_to_user_mode+0xce/0x340
[  382.182359][   T31]  do_syscall_64+0x100/0x230
[  382.216995][   T31]  ? clear_bhb_loop+0x45/0xa0
[  382.221715][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.236382][   T31] RIP: 0033:0x7f7507f8d169
[  382.247472][   T31] RSP: 002b:00007f7508e470e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  382.276723][   T31] RAX: fffffffffffffe00 RBX: 00007f75081a6088 RCX: 00007f7507f8d169
[  382.316310][   T31] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f75081a6088
[  382.346280][   T31] RBP: 00007f75081a6080 R08: 0000000000000000 R09: 0000000000000000
[  382.366398][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75081a608c
[  382.396626][   T31] R13: 0000000000000000 R14: 00007f75082cf940 R15: 00007f75082cfa28
[  382.404645][   T31]  </TASK>
[  382.408272][   T31] 
[  382.408272][   T31] Showing all locks held in the system:
[  382.416031][   T31] 3 locks held by kworker/u8:0/12:
[  382.423220][   T31]  #0: ffff88814d143148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0
[  382.447290][   T31]  #1: ffffc90000117c60 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0
[  382.466352][   T31]  #2: ffffffff900fd388 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x110/0x16a0
[  382.475931][   T31] 3 locks held by kworker/u8:1/13:
[  382.481478][   T31] 1 lock held by khungtaskd/31:
[  382.496356][   T31]  #0: ffffffff8ed3dfe0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x30/0x180
[  382.516414][   T31] 5 locks held by kworker/u8:2/36:
[  382.521572][   T31]  #0: ffff88801bef6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0
[  382.534369][   T31]  #1: ffffc90000ad7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0
[  382.545425][   T31]  #2: ffffffff900f0850 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17c/0xd60
[  382.555284][   T31]  #3: ffffffff900fd388 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xde/0x880
[  382.566629][   T31]  #4: ffffffff8ed434f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x454/0x830
[  382.606266][   T31] 3 locks held by kworker/u8:4/82:
[  382.616816][   T31]  #0: ffff88801b089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0
[  382.656247][   T31]  #1: ffffc900015b7c60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0
[  382.678003][   T31]  #2: ffffffff900fd388 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  382.687435][   T31] 2 locks held by kworker/u8:5/1089:
[  382.696560][   T31] 1 lock held by dhcpcd/5505:
[  382.701271][   T31]  #0: ffffffff900fd388 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x34e/0x1d80
[  382.716613][   T31] 2 locks held by getty/5587:
[  382.721337][   T31]  #0: ffff8880313440a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  382.731573][   T31]  #1: ffffc900036db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x5bb/0x1700
[  382.746733][   T31] 5 locks held by kworker/0:5/5893:
[  382.751961][   T31]  #0: ffff8881446db548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0
[  382.776440][   T31]  #1: ffffc9000431fc60 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0
[  382.816315][   T31]  #2: ffff888146ffe198 (&dev->mutex){....}-{4:4}, at: hub_event+0x200/0x50f0
[  382.836249][   T31]  #3: ffff888147311510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x2494/0x50f0
[  382.866969][   T31]  #4: ffff888146f97d68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x24cd/0x50f0
[  382.906269][   T31] 2 locks held by iou-wrk-10173/10178:
[  382.911791][   T31] 1 lock held by syz-executor/10315:
[  382.946269][   T31]  #0: ffffffff8ed434f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x454/0x830
[  382.976750][   T31] 1 lock held by syz.4.689/11324:
[  382.981838][   T31]  #0: ffffffff900fd388 (rtnl_mutex){+.+.}-{4:4}, at: netdev_run_todo+0x75c/0xf30
[  382.996402][   T31] 2 locks held by syz-executor/12386:
[  383.001814][   T31]  #0: ffffffff8f890aa0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x22/0x250
[  383.016515][   T31]  #1: ffffffff900fd388 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xd68/0x1fe0
[  383.027253][   T31] 
[  383.029609][   T31] =============================================
[  383.029609][   T31] 
[  383.116658][ T5839] Bluetooth: hci0: command tx timeout
[  383.146762][   T31] NMI backtrace for cpu 0
[  383.146785][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  383.146812][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  383.146825][   T31] Call Trace:
[  383.146834][   T31]  <TASK>
[  383.146842][   T31]  dump_stack_lvl+0x241/0x360
[  383.146881][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  383.146913][   T31]  ? __pfx__printk+0x10/0x10
[  383.146954][   T31]  nmi_cpu_backtrace+0x4ab/0x4e0
[  383.146995][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  383.147025][   T31]  ? _printk+0xd5/0x120
[  383.147054][   T31]  ? __wake_up_klogd+0xcc/0x110
[  383.147094][   T31]  ? __pfx__printk+0x10/0x10
[  383.147127][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  383.147152][   T31]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  383.147190][   T31]  watchdog+0x1058/0x10a0
[  383.147214][   T31]  ? watchdog+0x1ea/0x10a0
[  383.147241][   T31]  ? __pfx_watchdog+0x10/0x10
[  383.147263][   T31]  kthread+0x7b7/0x940
[  383.147295][   T31]  ? __pfx_watchdog+0x10/0x10
[  383.147317][   T31]  ? __pfx_kthread+0x10/0x10
[  383.147344][   T31]  ? __pfx_kthread+0x10/0x10
[  383.147373][   T31]  ? __pfx_kthread+0x10/0x10
[  383.147402][   T31]  ? __pfx_kthread+0x10/0x10
[  383.147431][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  383.147451][   T31]  ? lockdep_hardirqs_on+0x9d/0x150
[  383.147476][   T31]  ? __pfx_kthread+0x10/0x10
[  383.147506][   T31]  ret_from_fork+0x4b/0x80
[  383.147527][   T31]  ? __pfx_kthread+0x10/0x10
[  383.147555][   T31]  ret_from_fork_asm+0x1a/0x30
[  383.147591][   T31]  </TASK>
[  383.147599][   T31] Sending NMI from CPU 0 to CPUs 1:
[  383.309056][    C1] NMI backtrace for cpu 1
[  383.309074][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  383.309096][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  383.309107][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  383.309132][    C1] Code: cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 a1 17 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
[  383.309148][    C1] RSP: 0018:ffffc90000197dc0 EFLAGS: 000002c6
[  383.309164][    C1] RAX: 0f4c1b9e9e8a4c00 RBX: ffffffff8197af7e RCX: ffffffff8c30995c
[  383.309178][    C1] RDX: 0000000000000001 RSI: ffffffff8e69c681 RDI: ffffffff8ca1b660
[  383.309191][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732b5b R09: 1ffff110170e656b
[  383.309204][    C1] R10: dffffc0000000000 R11: ffffed10170e656c R12: 1ffff92000032fd2
[  383.309217][    C1] R13: 1ffff11003ad9b40 R14: 0000000000000001 R15: dffffc0000000000
[  383.309229][    C1] FS:  0000000000000000(0000) GS:ffff888125096000(0000) knlGS:0000000000000000
[  383.309243][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  383.309255][    C1] CR2: 0000200000404030 CR3: 000000007a4e8000 CR4: 00000000003526f0
[  383.309277][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  383.309287][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  383.309298][    C1] Call Trace:
[  383.309307][    C1]  <TASK>
[  383.309314][    C1]  default_idle+0x13/0x20
[  383.309336][    C1]  default_idle_call+0x74/0xb0
[  383.309360][    C1]  do_idle+0x22e/0x5d0
[  383.309386][    C1]  ? __pfx_do_idle+0x10/0x10
[  383.309415][    C1]  cpu_startup_entry+0x42/0x60
[  383.309436][    C1]  start_secondary+0xfe/0x100
[  383.309453][    C1]  common_startup_64+0x13e/0x147
[  383.309485][    C1]  </TASK>
[  383.494085][ T5893] vhci_hcd: vhci_device speed not set
[  383.796264][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  383.803179][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  383.814692][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  383.824787][   T31] Call Trace:
[  383.828078][   T31]  <TASK>
[  383.831020][   T31]  dump_stack_lvl+0x241/0x360
[  383.835718][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  383.840936][   T31]  ? __pfx__printk+0x10/0x10
[  383.845548][   T31]  ? vscnprintf+0x5d/0x90
[  383.849898][   T31]  panic+0x349/0x880
[  383.853807][   T31]  ? __pfx_preempt_schedule+0x10/0x10
[  383.859189][   T31]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  383.865359][   T31]  ? __pfx_panic+0x10/0x10
[  383.869821][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  383.875204][   T31]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  383.881370][   T31]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  383.887542][   T31]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  383.893742][   T31]  watchdog+0x1097/0x10a0
[  383.898080][   T31]  ? watchdog+0x1ea/0x10a0
[  383.902510][   T31]  ? __pfx_watchdog+0x10/0x10
[  383.907195][   T31]  kthread+0x7b7/0x940
[  383.911279][   T31]  ? __pfx_watchdog+0x10/0x10
[  383.915957][   T31]  ? __pfx_kthread+0x10/0x10
[  383.920560][   T31]  ? __pfx_kthread+0x10/0x10
[  383.925169][   T31]  ? __pfx_kthread+0x10/0x10
[  383.929768][   T31]  ? __pfx_kthread+0x10/0x10
[  383.934376][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  383.939579][   T31]  ? lockdep_hardirqs_on+0x9d/0x150
[  383.944783][   T31]  ? __pfx_kthread+0x10/0x10
[  383.949385][   T31]  ret_from_fork+0x4b/0x80
[  383.953806][   T31]  ? __pfx_kthread+0x10/0x10
[  383.958405][   T31]  ret_from_fork_asm+0x1a/0x30
[  383.963185][   T31]  </TASK>
[  383.966539][   T31] Kernel Offset: disabled
[  383.970890][   T31] Rebooting in 86400 seconds..