last executing test programs:

12.770911606s ago: executing program 2 (id=6664):
syz_emit_ethernet(0x66, &(0x7f00000001c0)={@broadcast, @broadcast, @void, {@ipv4={0x800, @tcp={{0x11, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @private, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@multicast2}, {@loopback}, {@multicast1}, {@dev}, {@dev}]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00\a'], 0xd)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000b22000/0x1000)=nil, 0x1000)

10.797421429s ago: executing program 2 (id=6673):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
mkdir(0x0, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5414, 0x20200005)
r5 = semget(0x0, 0x1, 0x2f9)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_INFO(r5, 0xe, 0x0)
msgctl$MSG_STAT(0x0, 0xb, &(0x7f00000001c0)=""/54)
msgrcv(0x0, 0x0, 0x0, 0x0, 0x0)
msgsnd(0x0, &(0x7f00000001c0)={0x3}, 0x8, 0x0)

9.575011328s ago: executing program 2 (id=6675):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000500)=ANY=[@ANYBLOB="000005"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0xf0}, 0x0, 0x0}, 0x0)
r1 = syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7, 0x80, 0x2f, [{{0x9, 0x4, 0x0, 0x10, 0x2, 0x7, 0x1, 0x0, 0x3, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0xb7, 0x0, 0xd}}, [{{0x9, 0x5, 0x82, 0x2, 0x8, 0x6, 0x91, 0x3}}]}}}]}}]}}, &(0x7f00000001c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0x6, 0x9, 0x9, 0xc7, 0x9}, 0xbc, &(0x7f0000000100)={0x5, 0xf, 0xbc, 0x1, [@generic={0xb7, 0x10, 0x3, "5113d43e1003fc32f80be2c4ec72a7b98084dfe07d40c6aa7f4129e1a4210805fe231ea8b0a080cf2e3f4a3db6d7d96ec9147ecabaa41155ac6171b222903d074f3999bdb2dbfc856abd300a7665da95d3cfbe07d87be7775a87a854b7dbc9a28464d9f3e2cc46410308cbfa32231dca4d2d89a5df9a9a5ea736327612e852adb1d788bde1da7b8356a92c60ceb1b5947bdefb69bb98f79d0ff12ab27872250fdf799b1b8bce162611e102b87195160941ef4cd3"}]}, 0x1, [{0xdd, &(0x7f0000000380)=@string={0xdd, 0x3, "f834d24681622b25419c65c91138644c945466b461e2102ebdbf378d89345089acc2876542e1ef42ba90b6f986098653f5ddae5ec6324f46659005c2b9d59722bc73b88a01edfc11f82bb837d31d8fbaf27e91969fd5a722872bb20a418fc351b3e782f926905f95e7569625cddecc823f2ea94c6c83684b89f0671783576bb0a3e3623422aaa43d448fcd584e3fdb81676e3f47dd71396a5021e303cab161efd86c9e1c09ac48e3bec8eabe0719ceacb1f67ddc208f706873186c7e8d7ae535a1675616d12d1bfa35fe7c9e71ca95912be5954546dbab801bd53f"}}]})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x0, &(0x7f0000006100))
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x1}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x100008b}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x40)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x41, 0x3, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x60000, 0x7, 0x13, r4, 0x0)
syz_usb_control_io$printer(r1, &(0x7f00000002c0)={0x14, &(0x7f0000000200)={0x0, 0x2, 0x6, {0x6, 0x20, "7dcc8cfd"}}, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}}, &(0x7f0000000780)={0x34, &(0x7f0000000580)={0x0, 0x16, 0xb8, "a56f91975d621ab5b0993cf7af40163d79356dd6e07eedc3a036ad227def65a47541f0a96d7d1a2c340e89d9ea36be9a5d89047813ef126068c5c08fc5b1288e3d2f52bee56f99f3d994d6252428f668286096e1f4a3f2ebb2ba01e8d94c481c7b46147f61de38d34f1de5a14029cad842ce428a77099dace86317af159395e45b9e68f57f62e2e5e6b12cad418c556dc34c3f8f31e700fdaa6cd19c5911c3c32cccc39e462b84b29810d6939b9ee5268d93861cc90cff5c"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000680)={0x20, 0x0, 0x7b, {0x79, "b0c676f702dd0726824d2ae519d9881aca1ddda0ac54e395b892a5081487bd0a9b5d2a9ff21221109c2dcbf290d995868426688848c7be20dad6f085623e25ccdc1050442311c1202052e77cf74f7938dd9d0b5ac59cc660f5aab85730d69179758ad292615f9af0157483eedd0c353b93403d1510424b804d"}}, &(0x7f00000004c0)={0x20, 0x1, 0x1, 0x6}, &(0x7f0000000740)={0x20, 0x0, 0x1, 0x4}})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="000312"], 0x0, 0x0}, 0x0)

5.649266226s ago: executing program 0 (id=6689):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000000000010961b080000000000000109022400010000000109040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000c80)={0x24, 0x0, 0x0, &(0x7f0000000c00)={0x0, 0x22, 0x7, {[@local=@item_4={0x3, 0x2, 0x0, "3c8dde86"}, @local, @global]}}, 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000180)={0x0, 0x0, 0x8, "751735a53780dd06"}, 0x0, 0x0})

5.355230959s ago: executing program 2 (id=6691):
userfaultfd(0x801)
userfaultfd(0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000200), &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r5, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080), 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index, 0x0, 0x0})
io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2)

4.348728993s ago: executing program 4 (id=6694):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="340000001a00010000000000000000000200"/28], 0x34}}, 0x0)

4.275087055s ago: executing program 3 (id=6695):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f0000003bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
splice(r2, 0x0, r3, &(0x7f00000002c0), 0x6, 0x0)
close(r0)

4.143109705s ago: executing program 2 (id=6696):
socket$kcm(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getpid()
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r2=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7c, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000140)={0x2, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000040)=0x1)
close_range(r3, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000280)={r2, @in6={{0xa, 0x0, 0x0, @empty, 0x400000}}, 0x0, 0xfff9, 0x3, 0x0, 0x20, 0x0, 0x30}, 0x9c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0), 0x100000000000022d)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10)
truncate(0x0, 0xffffffffffff0001)
sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(0x0, 0xd)

4.117745853s ago: executing program 4 (id=6697):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f00000000c0)=@framed={{0x18, 0x4}, [@printk={@lli, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xb1}}]}, 0x0}, 0x90)
r2 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0x14, &(0x7f0000000000), 0x4)
sendmsg$kcm(r2, &(0x7f00000002c0)={&(0x7f0000000100)=@caif=@dgm={0x25, 0x14}, 0x80, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = eventfd2(0x0, 0x0)
sendmsg$NL80211_CMD_DEL_PMK(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="04001208010300", @ANYRES32=0x0, @ANYBLOB="0c009900ffffffff530000000a000600ffffffffffff00000a000600ffffffffffff00000a000600ffffffffffff00000a0006000802110000010000"], 0x58}, 0x1, 0x0, 0x0, 0x20000800}, 0x8000)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x0, 0x0, 0x2, r4})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000580)={0x0, 0x0, 0x0, r4})
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xe)
ioctl$TIOCSSOFTCAR(r5, 0x5434, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r6 = socket(0x10, 0x80803, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e00010200"/20, @ANYRES32=0x0, @ANYBLOB="bf"], 0x1c}}, 0x0)
recvmmsg(r6, &(0x7f0000001bc0)=[{{0x0, 0x0, 0x0}}], 0x7, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$inet_icmp(0x2, 0x2, 0x1)
setpriority(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

3.290936244s ago: executing program 3 (id=6700):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000ac0)=@delchain={0x24c, 0x65, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_u32={{0x8}, {0x38, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_DIVISOR={0x8, 0x4, 0xa}, @TCA_U32_MARK={0x10}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0x1cc, 0x2, [@TCA_ROUTE4_TO={0x8}, @TCA_ROUTE4_ACT={0x1c0, 0x6, [@m_nat={0x9c, 0x0, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff}}]}, {0x49, 0x6, "17a3a496e0b06ed4b17c112d919b00b3961dacbd47d9dd716cb9e3eeb2118c01ec30dc86f8f94756684ff97abdf1a26ea4833cb4d10d78455e1ae1bcb85f22df4cc4cb4f84"}, {0xc}, {0xc}}}, @m_sample={0x120, 0x19, 0x0, 0x0, {{0xb}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x1}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x7}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0xd}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0xfffffff8, 0x1, 0x8, 0x7}}]}, {0xbc, 0x6, "395ade187942502c996532f6fa5ea74b924d04b8c47c35e512edf93f1c4e295b0858d3a562933123e7ffefe31e429f64f413a49e854a8ea26b1dacfe697da6eee875b7bc1840962a1d492b084586d1df18b29a21924a2799333aa026651e4f2ff2c391b262425a1d0eab931380e5c80cfa9be9cea8e45c7817c1e19d2cf19c610ff8c02cceecdff67a979c13f26e18913dd1ead832b6d0a1c4d7bf3d5e5ce5727eee46ee086742d0fc328e0af350c79b9a26ac65a7739fff"}, {0xc, 0x7, {0x0, 0xa924cd17ae37eb53}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}]}, 0x24c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r2 = getpid()
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b700000000000000950000000000000039b7b080196c98bdc468155432bb43bf7f35e29adf47e8981ef8e34077ea5ef94d03d03a7b40b45aa8952e42dd58c58451acd167fed2864390752f418b"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_int(r6, 0x1, 0x3f, &(0x7f0000000100), &(0x7f0000000240)=0x4)
close(0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000035000bae0ad881c40650f5e50c24fc60", 0x14}], 0x1}, 0x0)
mincore(&(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f0000000000)=""/60)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0, 0xa0}}, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b000000", 0xd, 0x0, 0x0, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="110800000000000000002000000024002d80050004000000000005000100b10000001000020003000000080003000300000008000300", @ANYRES32=r8], 0x40}}, 0x0)
sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x24, 0x0, 0x8, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0xe75568b49369feb2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000044}, 0x4040004)

3.210663269s ago: executing program 2 (id=6701):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000500)=ANY=[@ANYBLOB="000005"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0xf0}, 0x0, 0x0}, 0x0)
r1 = syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7, 0x80, 0x2f, [{{0x9, 0x4, 0x0, 0x10, 0x2, 0x7, 0x1, 0x0, 0x3, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0xb7, 0x0, 0xd}}, [{{0x9, 0x5, 0x82, 0x2, 0x8, 0x6, 0x91, 0x3}}]}}}]}}]}}, &(0x7f00000001c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0x6, 0x9, 0x9, 0xc7, 0x9}, 0xbc, &(0x7f0000000100)={0x5, 0xf, 0xbc, 0x1, [@generic={0xb7, 0x10, 0x3, "5113d43e1003fc32f80be2c4ec72a7b98084dfe07d40c6aa7f4129e1a4210805fe231ea8b0a080cf2e3f4a3db6d7d96ec9147ecabaa41155ac6171b222903d074f3999bdb2dbfc856abd300a7665da95d3cfbe07d87be7775a87a854b7dbc9a28464d9f3e2cc46410308cbfa32231dca4d2d89a5df9a9a5ea736327612e852adb1d788bde1da7b8356a92c60ceb1b5947bdefb69bb98f79d0ff12ab27872250fdf799b1b8bce162611e102b87195160941ef4cd3"}]}, 0x1, [{0xdd, &(0x7f0000000380)=@string={0xdd, 0x3, "f834d24681622b25419c65c91138644c945466b461e2102ebdbf378d89345089acc2876542e1ef42ba90b6f986098653f5ddae5ec6324f46659005c2b9d59722bc73b88a01edfc11f82bb837d31d8fbaf27e91969fd5a722872bb20a418fc351b3e782f926905f95e7569625cddecc823f2ea94c6c83684b89f0671783576bb0a3e3623422aaa43d448fcd584e3fdb81676e3f47dd71396a5021e303cab161efd86c9e1c09ac48e3bec8eabe0719ceacb1f67ddc208f706873186c7e8d7ae535a1675616d12d1bfa35fe7c9e71ca95912be5954546dbab801bd53f"}}]})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x0, &(0x7f0000006100))
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x1}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x100008b}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x40)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x41, 0x3, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x60000, 0x7, 0x13, r4, 0x0)
syz_usb_control_io$printer(r1, &(0x7f00000002c0)={0x14, &(0x7f0000000200)={0x0, 0x2, 0x6, {0x6, 0x20, "7dcc8cfd"}}, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}}, &(0x7f0000000780)={0x34, &(0x7f0000000580)={0x0, 0x16, 0xb8, "a56f91975d621ab5b0993cf7af40163d79356dd6e07eedc3a036ad227def65a47541f0a96d7d1a2c340e89d9ea36be9a5d89047813ef126068c5c08fc5b1288e3d2f52bee56f99f3d994d6252428f668286096e1f4a3f2ebb2ba01e8d94c481c7b46147f61de38d34f1de5a14029cad842ce428a77099dace86317af159395e45b9e68f57f62e2e5e6b12cad418c556dc34c3f8f31e700fdaa6cd19c5911c3c32cccc39e462b84b29810d6939b9ee5268d93861cc90cff5c"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000680)={0x20, 0x0, 0x7b, {0x79, "b0c676f702dd0726824d2ae519d9881aca1ddda0ac54e395b892a5081487bd0a9b5d2a9ff21221109c2dcbf290d995868426688848c7be20dad6f085623e25ccdc1050442311c1202052e77cf74f7938dd9d0b5ac59cc660f5aab85730d69179758ad292615f9af0157483eedd0c353b93403d1510424b804d"}}, &(0x7f00000004c0)={0x20, 0x1, 0x1, 0x6}, &(0x7f0000000740)={0x20, 0x0, 0x1, 0x4}})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

3.180859417s ago: executing program 0 (id=6702):
epoll_create1(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007311430000000000851000000200000001000000000000009500170fdb2966eeda05adb5e8381bd4"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r1, 0x0, 0xf7)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
syz_io_uring_setup(0x690b, &(0x7f00000006c0)={0x0, 0x0, 0x10100, 0x0, 0x328}, &(0x7f0000000200), &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_setup(0x1868, &(0x7f0000000140), &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000240))
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x200, 0x0)
io_uring_enter(r4, 0x1846, 0xcc2e, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440), 0x10)
r7 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r7, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
sendmsg$tipc(r7, &(0x7f0000000340)={&(0x7f0000000040)=@name, 0x10, 0x0}, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000ac0)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB], 0x368}}, 0x0)

2.932072435s ago: executing program 4 (id=6703):
r0 = dup(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x0, 0x6cc, 0x6b9, 0x0, 0xffffffffffffffff, 0x9}, 0x48)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
r5 = accept4$inet(0xffffffffffffffff, &(0x7f0000000280), &(0x7f0000000300)=0x10, 0x800)
mknodat$loop(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x0, 0x0)
io_setup(0x800, &(0x7f0000000000)=<r6=>0x0)
r7 = eventfd(0x0)
io_submit(r6, 0x1, &(0x7f0000000940)=[&(0x7f0000000240)={0x0, 0x0, 0x8, 0x0, 0x0, r7, 0x0, 0x4f}])
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_aout(r8, &(0x7f00000002c0)=ANY=[], 0xc1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r8, 0x0)
bind$inet(r5, &(0x7f0000000380)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/address_bits', 0x0, 0x100)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000200)={[0x9, 0x2, 0x43, 0x3, 0x7, 0x3, 0xa86d, 0x5, 0x3, 0x5, 0x7b80, 0x3, 0x8, 0x3623, 0x492f, 0x80000000], 0xf000, 0x15c80})
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x2b, 0x3, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f0000000000)={0xc, <r9=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000300)={0x48, 0x5, r9, 0x0, 0xffffffffffffffff, 0x1})

2.867350143s ago: executing program 1 (id=6704):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000200000002000000005000000030000000100000f040000000a00000010"], &(0x7f0000000f80)=""/4115, 0x3d, 0x1013}, 0x20)

2.724377488s ago: executing program 1 (id=6705):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000340)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
r3 = syz_open_dev$video4linux(&(0x7f0000000280), 0x2004, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r3, 0xc040563d, &(0x7f0000000880)={0x1, 0x10})
prctl$PR_SCHED_CORE(0x53564d41, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000004680)=@newchain={0x65c, 0x64, 0x100, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x5}, {0x0, 0x2}}, [@TCA_CHAIN={0x8, 0xb, 0x5}, @filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_LINK={0x8, 0x3, 0x8}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x6}}, @filter_kind_options=@f_basic={{0xa}, {0x5e4, 0x2, [@TCA_BASIC_EMATCHES={0x498, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7f}}, @TCA_EMATCH_TREE_LIST={0x1ac, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x108, 0x2, 0x0, 0x0, {{0x7f, 0x0, 0xaf3}, "660fae0e8b5a5d7eb809c912b3fd388c74018a8bd579625937bb47a8787ffa8de695b2cd7313098a434d50540c45b9f3e203d2bffeed2ae7ea93c9efc7360fc3edd213fd25562bf47b3cc099d8d1c90f52e401ef6c728a8c553c2994da5e894d8c9754dbb157557e536ede5e2690797df409c13dffb1c6511405a1b17e00c915e0edb5d73baa455714c4f9e774693189844f243cba146aef48330c587fea13dafe689a684f9962f2738c223d4fcb72e7521defac21c2c6f89181bd6b0203ec3e456b8331bd317d7c7d89b1550cc99d5cd5e0c184a1a278771b6814cff73002b6ae2aaea3535d9a023a12c87a3a9a75b93fb5fcde31d8cc13bf3d"}}, @TCF_EM_IPT={0x74, 0x2, 0x0, 0x0, {{0xd1, 0x9, 0xf}, [@TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_HOOK={0x8}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_DATA={0x24, 0x5, "9d504792353ba2100c178a2e3d6adf8fb028363ff1b3c99e3694676dbcfee507"}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x3c}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x4}]}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0xc2cf, 0x3, 0x7}, {0xffff, 0x1, 0x5, 0x1}}}, @TCF_EM_IPSET={0x10, 0x0, 0x0, 0x0, {{0x7, 0x8, 0x4}, {0x2, 0x1, 0x7}}}]}, @TCA_EMATCH_TREE_LIST={0x128, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x70ca, 0x1, 0x8}, {0x736dd429, 0x0, 0x2, 0x2, 0x7, 0x2, 0x1}}}, @TCF_EM_NBYTE={0x18, 0x3, 0x0, 0x0, {{0x8}, {0xe7, 0x6, 0x2, "7f30c0291a6b"}}}, @TCF_EM_IPT={0x1c, 0x2, 0x0, 0x0, {{0x200, 0x9, 0x2}, [@TCA_EM_IPT_NFPROTO={0x5}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x9}]}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x1000, 0x8, 0x6}, {0x4, 0x4, 0x4}}}, @TCF_EM_META={0xc8, 0x1, 0x0, 0x0, {{0x5, 0x4, 0x280}, [@TCA_EM_META_LVALUE={0x1a, 0x2, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="59195f", @TCF_META_TYPE_VAR="79cf8ce6bd9866", @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x400, 0x0, 0x2}, {0x101, 0x4, 0x1}}}, @TCA_EM_META_LVALUE={0x31, 0x2, [@TCF_META_TYPE_VAR="b144efcb98ce", @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR="508610a823", @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="69e899ac17835db75543", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x8]}, @TCA_EM_META_RVALUE={0x17, 0x3, [@TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="85c52c21acb2", @TCF_META_TYPE_VAR="1ed143dfce4d591a68"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0xfb63, 0x81, 0x2}, {0x8, 0x40, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0x0, 0x1}, {0x5, 0xff, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x7, 0x6, 0x2}, {0x6, 0x81, 0x2}}}, @TCA_EM_META_RVALUE={0x15, 0x3, [@TCF_META_TYPE_VAR="de2247", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="4a12b179caaf", @TCF_META_TYPE_INT=0x6]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x6, 0x4, 0x2}, {0x8, 0x2, 0x1}}}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x190, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xf035, 0x8, 0x257d}, {0xffffffffffffffff, 0x2, 0x4}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x0, 0x1, 0x1}, {0x0, 0x80000000, 0x0, 0x0, 0x6, 0x1}}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x8, 0x7, 0x68}, {{0x3, 0x1, 0x1, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x3}, {0x4, 0x100, 0x3, 0xf0}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x2, 0x3, 0x2}, {0x5, 0xb1db, 0x5, 0xe}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xfffe, 0x7, 0x7ff}, {{0x0, 0x0, 0x1}, {0x3, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0xd4, 0x1, 0x0, 0x0, {{0x9, 0x4, 0x2}, [@TCA_EM_META_RVALUE={0x8, 0x3, [@TCF_META_TYPE_INT=0x5]}, @TCA_EM_META_RVALUE={0x13, 0x3, [@TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="11ab41fedf6902", @TCF_META_TYPE_VAR="6fd5c8", @TCF_META_TYPE_VAR='V']}, @TCA_EM_META_LVALUE={0xd, 0x2, [@TCF_META_TYPE_VAR="c5", @TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x6]}, @TCA_EM_META_RVALUE={0xc, 0x3, [@TCF_META_TYPE_VAR="eb078a", @TCF_META_TYPE_VAR="19e7b77a66"]}, @TCA_EM_META_RVALUE={0x2b, 0x3, [@TCF_META_TYPE_VAR="6d5df65b74f63093801d", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="4e9f6ec3e54f979c77", @TCF_META_TYPE_VAR="fccef635"]}, @TCA_EM_META_RVALUE={0x28, 0x3, [@TCF_META_TYPE_VAR="138edbc285ff", @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR="98650c9cd96b", @TCF_META_TYPE_VAR="d0988f245edbb0", @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="3ebe", @TCF_META_TYPE_VAR="f91969ca", @TCF_META_TYPE_VAR="7f724f"]}, @TCA_EM_META_RVALUE={0xb, 0x3, [@TCF_META_TYPE_VAR="fc4fb2", @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_RVALUE={0x7, 0x3, [@TCF_META_TYPE_VAR="e85858"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x3, 0x7f, 0x1}, {0x7, 0x9}}}, @TCA_EM_META_RVALUE={0x1b, 0x3, [@TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="35cf1a", @TCF_META_TYPE_VAR="48b3ec9a4bfb4daca2ea", @TCF_META_TYPE_VAR="dcf8cde4c45f"]}]}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x8f, 0x2, 0xc}, {0x0, 0x4, 0x2, "3d5cc9c2"}}}, @TCF_EM_NBYTE={0x1c, 0x3, 0x0, 0x0, {{0x800, 0x2, 0x4}, {0x2, 0xa, 0x2, "3d562f5eaa7c453942ae"}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2bff}}]}, @TCA_BASIC_EMATCHES={0x148, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x102, 0x0, 0x0, {{0x1, 0x2, 0x1}, {0x3, 0x0, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x110, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc8, 0x2, 0x0, 0x0, {{0x6, 0x0, 0x3}, "6c4257f7b4d0b3925518a02bde4c77be4c004859b17da40249a11fadee19765c078a56cfaf4bdb2f83dc02078be14c8247b2eb3dd533909824a4551d8a7919d5958050f563798aef3dc53d38ea025d2f627215574c1cd13809bc29b878327f08ceed1e9f960688964ac82d7f33b5afa008cb2b6b5a15e6519dc58b1c30db1f825686c242d2cd034d64a510d2979a2d7514d5512b1f4da1588c9ecf3c509cbb3b93f6bf7f2b2a0fde5f6b8a711c04a024f6f14de13afef4111e05"}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0xf, 0x8, 0x401}, {0x1, 0x1, 0xc4f3ea98c2d3452}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0xb3a, 0x8, 0x9}, {0xffffffffffffffff}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x0, 0x8, 0xf60}, {0x0, 0x2, 0x1}}}, @TCF_EM_NBYTE={0x14, 0x1, 0x0, 0x0, {{0x0, 0x2, 0xd}, {0x80, 0x3, 0x2, "44bc7e"}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x113}}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x9}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x20000365}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_cgroup={{0xb}, {0x8, 0x2, [@TCA_CGROUP_ACT={0x4}]}}]}, 0x65c}}, 0x0)
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(0xffffffffffffffff, 0x3b8b, &(0x7f00000001c0)={0x10})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r6, 0x0, &(0x7f0000000200))
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000240)=[<r7=>0x0, 0x0], 0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r7], &(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000040)})

1.662768487s ago: executing program 1 (id=6706):
socket$kcm(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getpid()
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r2=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7c, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000140)={0x2, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000040)=0x1)
close_range(r3, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000280)={r2, @in6={{0xa, 0x0, 0x0, @empty, 0x400000}}, 0x0, 0xfff9, 0x3, 0x0, 0x20, 0x0, 0x30}, 0x9c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00')
writev(r5, &(0x7f00000003c0), 0x100000000000022d)
r6 = socket$inet(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10)
truncate(0x0, 0xffffffffffff0001)
sendto$inet(r6, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(0x0, 0xd)

1.662286603s ago: executing program 3 (id=6707):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="340000001a00010000000000000000000200"/28], 0x34}}, 0x0)

1.631348486s ago: executing program 0 (id=6708):
r0 = socket$kcm(0xa, 0x3, 0x3a)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = inotify_init1(0x0)
fcntl$setown(r2, 0x8, 0xffffffffffffffff)
fcntl$getownex(r2, 0x10, &(0x7f0000000140)={0x0, <r3=>0x0})
r4 = syz_open_procfs(r3, &(0x7f0000000600)='fd/4\x00')
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r4, 0x40086610, &(0x7f0000000180)={@desc={0x1, 0x2000000, @desc3}})
bpf$ITER_CREATE(0x21, 0x0, 0x0)
fchdir(0xffffffffffffffff)
r5 = inotify_init1(0x0)
fcntl$setown(r5, 0x8, 0xffffffffffffffff)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r7=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001840)={0xffffffffffffffff, r7, 0x25, 0x0, @val=@netfilter}, 0x40)
syz_emit_ethernet(0xfdef, &(0x7f00000000c0)=ANY=[], 0x0)

1.553175036s ago: executing program 4 (id=6709):
syz_emit_ethernet(0x66, &(0x7f00000001c0)={@broadcast, @broadcast, @void, {@ipv4={0x800, @tcp={{0x11, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @private, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@multicast2}, {@loopback}, {@multicast1}, {@dev}, {@dev}]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00\a'], 0xd)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mlock(&(0x7f0000b22000/0x1000)=nil, 0x1000)

1.552142999s ago: executing program 3 (id=6710):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000002c0)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d1d0b90c8997e6917226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67a4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be4200"/280, 0x118}], 0x1}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000700)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff6bb3bf", 0x2c}, {0x0}, {&(0x7f0000000a40)="bd2f6aa36cea0e62ac00a4539dd80281164750339fcc3cd1f7bb1b74e98dbbe81e997d4847ee5d06a72e6f1c6b8a873c7ea7760f102483b578526af9775e51b84818d03da71c7a9a2b18fac6dde3bbf18625abe82bdc6e47e081c06eb1d6ab55a68e53e8", 0x64}], 0x3}}, {{0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000014c0)="23004e4ee760d48ddc6b7a1ebfc6e0276028840fb20d5233e81c802684e8ac1dc195296ffaaeace75a07a652ee918f67beb970cd36769470", 0x38}], 0x1}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002280)="1ee88f78de7d5700000000000000000ba43f6c86558705d98691e6344fa3745cc92c1f80fc01a77c28bb75872fc4f9be9660bb62708d0f52f4958fb4cc5144775062cc7225eacd29050004f1a4e88318cff6bae9a6a4aee6f6f1b02d153edb794343efc7e358738aa1b02626f397aa8aaa3be89dc6554c565b5d43cc62a7a967f8599061f8cbf7b21223108b846f4be652fad4fe9ac5aad1797764102df4f534fbdfb8d9aa1e62f3a90b9ca970be4768f8d9fd5b4c751a10944f3ad8024906a97daed1bfe2beda7f74ac8314344c19c33fdb0ba66a48f09a1b189ceecbb40bc63c2c5db9856fbbaa90ad7a5f021d3ab9ad8897a5cf188cc94a9e5d375b9ce822f50126998199bc04232c94714a658235ea2d423d8213da619e7bd00e3719f36e0c302a51e28179604d", 0x129}, {&(0x7f0000001bc0)="5c89eeb1aa86c6f680f09cc1c1d4bc5fc6a067d295afd3aa97af3d777b81db48f9ceb270e506af840503c6fbf20760e4cd8df9c220cd0728585229123d5c61507d00561b8f1a15e64fa2779be424fdeff46058eaee7acfc80b2ae9840e9ac1e33ac8378c98695a08bdb8f2a756b1704c036e3b0ff2d1e9d397a82e24debd371e6855b7dc2dea47d57a9dfbf4fb2ccb3f975c3851c6b5399ab80c4ba95604f70a69674cfe820d82fb06b243625a8a9e4ee52e7c2ec4d63241fb00efd1a485a36dfb4a7dd573c6584c4afc55b3ff0a93509fe41aa0e8892c95ccad3e0435071aff78177e946cf231de4f389b695c5f49772b8abb6b88226fd4c2b0c57d47b98f2aa1b2ec38c4a97f3783023f04cdb380dd6a00d2fc63c932a987686372", 0x11c}], 0x2}}], 0x4, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

1.413303227s ago: executing program 4 (id=6711):
socket$kcm(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getpid()
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r2=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7c, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000140)={0x2, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000040)=0x1)
close_range(r3, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000280)={r2, @in6={{0xa, 0x0, 0x0, @empty, 0x400000}}, 0x0, 0xfff9, 0x3, 0x0, 0x20, 0x0, 0x30}, 0x9c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0), 0x100000000000022d)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10)
truncate(0x0, 0xffffffffffff0001)
sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(0x0, 0xd)

1.299081218s ago: executing program 3 (id=6712):
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000080)=0xfffffffc, 0x4)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @empty}, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r1, 0x29, 0x3, &(0x7f0000004240)=0x40000008, 0x4)
recvmmsg(r1, &(0x7f0000001fc0)=[{{0x0, 0x0, &(0x7f0000000a80)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000a00)=""/98, 0x62}], 0x6, &(0x7f0000000b00)=""/4096, 0x1000}}], 0x1, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
syz_open_dev$vbi(0x0, 0x0, 0x2)
syz_io_uring_submit(0x0, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = dup(r5)
ioctl$PPPIOCCONNECT(r6, 0x40047435, &(0x7f00000002c0)=0x2)
socket$inet6_dccp(0xa, 0x6, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='freezer.parent_freezing\x00', 0x275a, 0x0)
write$binfmt_aout(r7, &(0x7f0000000180)=ANY=[], 0xc1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r7, 0x0)
ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246)

1.100683677s ago: executing program 0 (id=6713):
sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r4, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc00080005000a000000140004"], 0x58}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="090dc4c6000000f0ff000700000008000300", @ANYRES32=r5, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc000800050008"], 0x58}}, 0x0)

597.347304ms ago: executing program 0 (id=6714):
syz_open_procfs(0x0, &(0x7f0000000040)='net/l2cap\x00')
syz_open_procfs(0x0, &(0x7f0000000500)='net/udp6\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
syz_emit_vhci(&(0x7f000001aa80)=ANY=[@ANYBLOB="02c8e042003e00010011f50200070005030e0029005900008001020000020201f002080400070008000a09020006000d0008000d000800060008000d9008000200070002008bad6fbb725111465b42747181ad8d699092ab9f90cff59a84afc447031ab639fb95c89bb3f9af2db413db0c4bdf900e6a6a980610c9d6da862df9528ea1f42109c11209d5e216305c1768c6836fbc7bb79a76f9a06358c4fbfe7f98541940a659fcf558bf795cf1d9d0b554d943ccbbbb018c315f7075aa2768a169ada382c64e0fb53af309dd40b953cefaccfe3f2b2116cf5f8d0255ea9dc20db4cf40bce273b03b87c227e33aff5425e2a7a122b597cfbd4457ff3fe1599cb7ebc7d8c4a0560a3e9863952c9da19e138ece5388d893aabb1b804b7221f601854a3f"], 0x47)
syz_emit_vhci(&(0x7f0000001a00)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x3, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_req={{0x6, 0x81, 0x4}, {0xfd7, 0xd}}}}, 0x11)
syz_emit_vhci(&(0x7f0000001900)=ANY=[@ANYBLOB="02c950580054000100010d020077190f7f0400800307000f04040006001d050e0003008e001807fd0400070008000e120300010001071004000100010110040400040000ee03000b0004000d000202ff070501000c03050010000f000060885a221babd056e411370be71b89af4e94940ecf92572fe2771b0ee4f8937fb30f2cd46e45456f905fe2051a75e3aad93aa395bf7ac5bd69f25e9c7c8903b7e5b4034fee4db004d5428eb6fbcb6d8912ed3369da78adaa679ab1b67dd68352899103024de2913051f77e9db5e59ed4791376ca81b6cc106aa51a3dbdf39b10fe019018e929a3"], 0x5d)
syz_emit_vhci(&(0x7f00000007c0)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x3, 0x1}}}, 0x6)
r1 = accept$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @remote}, &(0x7f0000000180)=0x10)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x0, 0x0, 0x190, 0xffffffff, 0xffffffff, 0x2e0, 0x2e0, 0x2e0, 0xffffffff, 0x4, &(0x7f0000000200), {[{{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@icmp={{0x28}, {0x18, "be75"}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x190}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x4, [0x0, 0x2, 0x0, 0x4, 0x4], 0x6, 0x4}, {0x2, [0x1, 0xe4ad78b0628e00de, 0x4, 0x2, 0x6], 0x6, 0x4}}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@ah={{0x30}, {[0x4]}}, @common=@osf={{0x50}, {'syz0\x00', 0x0, 0xc}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @local, 0xa, 0xe, [0x18, 0x2b, 0x25, 0x0, 0x31, 0x1, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x3, 0x0, 0x3a, 0x14], 0x1, 0x8, 0xb840000000000000}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8)
syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="042fff010000000000000108503fa507119223581b720dc37e3f5f308dffeba1497da12d61f9c235d10aa5533f98953b12f963d2b0a9c33c7a3ffdd8cb94352428c0cafd01f81011c5b65236508a7edd4ba3b827e95bbea152d4d31bb56ae7f94b1194d7b61296cd8dd9e8922403eeea87865c969e841f057692ef7a3c7879ba77423f0cb72bb17c419ca7a1f322edd01c3e3e4eaf5e14a291b69acef31ea5dcdbb859a8e3fbbff6e918b77efd4b87e041529699fc2daea0485ae4dc1d1d110f833b2ef9752235e673bdc6aab2f6ca122f966f0015e71444da07df002d1dd2952ceafbc79ae0688a789889844c63bb25d2a1a1e99aa900ca8a0000000000000000"], 0x102)
syz_emit_vhci(&(0x7f0000000780)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x2, 0xa}, @l2cap_cid_le_signaling={{0x6}, @l2cap_conn_param_update_rsp={{0x13, 0x6, 0x2}, {0x5}}}}, 0xf)
r2 = socket$l2tp(0x2, 0x2, 0x73)
r3 = syz_clone(0x41002100, &(0x7f0000000800)="7522d8e902e49c75d7908934bfb14c9aae0d22085bc9ec", 0x17, &(0x7f0000000840), &(0x7f0000000880), &(0x7f00000008c0)="051de010d9929492d8aa423ac21e6292cea77139900dd4f3b3c378103ac23f34173fa030fc965bb2331ff600449983cb7837d62abd356a20099eca8de25e221f7201b80e2ffd5957084c2f7f55ba45d54b771e7867faed93936b819dc6dca9356f3e0d9594dc7cbc44fad7dfb664be07d036e91f80b3cc7898c2c8663cc0cafcc7eeac1bcd9b47ed35b78f236287182f37293b691b86181270da6f32e3d0c2511704554d80e8675841e678dacb333e21dda12f15c1271ec0b391b6c17fee3a994668513dd5f656deb6961670e49f050e7983c45481e77232ee240816d36c6cad5c0edcf531f367344ae981d5658b41a6128ddcca35bf1f3acd3e4bf6c562dcd4081e891f60faca3bdb6f1ccb909bf673f444b6754beb8bf865885405773c5d5f6b993ba75eb8cd9f393df10322ff79916b67ca1e0d473914da1c7ab4a296c4e1e72ea1be230846fff8bfb0615a6f370ab29705a6f8b783b5eda7d14f1a5a31d7c5c5b397f1227130d3a022ad4f421e46dc10312f8365f9bafb93aa35f359f574a19f2a07c45c8e85d141a6c32632a9e2b446ecf8a3aedc9984cfb3bcd203cf72141446597b2b0954406a509267ca437f18c1b64b179217fec742fc60ee0f0e46014fcf4ce7565408bb7a2b972a0966d223cbb5b4f9fac8f77fa031bf71ae2a0623d3d80935826e0cfa0c0fc95218e740bf4ad78d9a8eec7021bd6407c2da8b492468a62984e0d6a232af1b5bbda85ef4af83aa0c93228c93f118eb186c14fc39a4db23d234f5f7579ff0a87606bfaa1afdbbc1a2c4f0a4a5c52a608157cea860b43a5b78ab25bd5cedc31f5e51176e556a1bed530abeb75421011b7a4e29103c2892a8de388c495c602fe1946d7cedff7e37ff44a4c61624f44bb15c6f8e7735857c402ec6de182cdaf194eecf76256dab78c9e73d2f7d97249cce882148521ce46c541bf5fd05e5e6b34e097717d81bea338dae5368bf9dbfc207166f10ffb3bd25574b28934e5cf99f21b3c5ac17de7dea6e4fffb4cfedcb83e16757f4062ec1cfe7834f40e8feae0fc3944689de622f5f3df4904d94dfe76a3ff3991569ff441598577502e62e579a982f3b01fc69eb537d6750a2a18933e8719a49f742a55c00c07f02ea01432a0888d0b8712276bd692fa4b9a727e57ba7077be2726d0729d9b1f2952c25ef8e4600c60d9875bbee91059038ca5f8b9a38b9e4c12dec7673f43a4e4ed5f992c33eccac16459d0581de08f4cac484afe4b43559d0cadc5898bade5dfd72655062e54fd35be820e39d509b4e7600f3f24954a6368593570c9c4d36edf0832f7557d4fe29f7595205b3e9134dd278b3f38cb8026964a8ef9ee19eca7ed1c599923de26f57598d57dbc4ef55dab0224e4af0a3d4150cba21b87da7f233ab8d3aa12e7147079a01d7bb75adc78a312cda6ccd62cb959716fcf27776b8b8209aa1d54937fca6bddd9482c0fb61b0ea8d01ae7053fa863f4947feb8baa065bea4ab5c045e809ca4b0ca657012b5ba7acbe180e35bc7f97ee278464a9673652728b321f28b715994cab32c5101674b80819c46adf34dc2a199e29a2495ba89700e6d923bb594768d20229bf91e00ce70db68ebaaaf5638c0137f42e0a5b13ce9c11b24a08d2a3c187be5d913595ca24ea2172a7bc367a6a20449d51df8c94674345ce0b668b3f74ef3e8c22889a041aca8d75176734f4c5308967b975cc84cd91cd413236e4c6fe651a76ed5e0e26e45e8ea8ddeef3edee6d0c3dd58051d1bb9c94f283b8491a38b3128cd31478f2f6328255e3dfcf9694fec1dbb28c9c9bc883711c0201c6b43ad7031e62604250c21df386197514e6bb7bc9052a71746894339e9fa4d9207bf335727c4e827099f198e9176e0e5c6d791aade8b34589505fa62c99090a7f00e835d44a7a5878b04b2bb079b8b317e0a6efec9f742e958dc4e67b0f3e1452388c39d02ceeda1fd0a2c1298a17aac50dd6ecfc57f9cba9d03b8721e93f3337f0eaae38a3cab104a6ae410a697cba7080dae85820fb3c54cf2cf7391a6707b89743f17c0376623880211d3bff7196f4d75253a6a5bb662d8ee16a53a9b8f431f6591f00d185aa05092105eccb9c858c71d3ac3aa4028b33ee0e1ab384c722dc29ac707b3602df454941cacbb987de1bb1737e33ec41a673580b3929e7d333c26f1c2a2f1d1a43b169c353b2a9e792285cfeb9c0e1284f083f6d2ba72764306a8a7f90e985442fcf1f7ab9283da9d22a7137a540fa56cdb5ab52d532fbfe828ed60d868655339fbe3c731d4cf96f35c3d87257f50bc1e5e40ab9e549050d288d83ce8038089f2a399436a4f152047dccb63d10b9bba888e07bbafd86f9c00fb49f48e39343691517418ce9af202efbb2dfef12229d4d31e757192983298223d009dd761b2d4101b10cc746bba3e9abe3d2a0e21b1e4cc20acf9107e65faadade6da9648d6647ab73149ca7f91e54ae57cdf781032eebd0bdd39542c836c46f394df98209dbe9a85568c82f8d5b30fdad4659f10dcd159f63ac8c8798d720131d90a0a1fa5664ebaa8e1288ae315f0828879f9591d892d6d87f0b90a4f4e0cc5926c20930ae3f3675ec8dfbc48506582e58f78bcebf15a5f18abc0fbbbbe5e2fc63245a32141ecfc0bbede53b26dbce1913d4df6238d1d02b86bfe4395efb35e9feaf7566676c0436a618bd7b628a221f48ff9785527a1392cdd7c544a62b24e9bffbaf8d084e1922d2049414f4f82c6d2da9e6cc5688e27576f7b972b83a9dfcab05b36cace5b5e23282c9a33bdcaa1476e9ba059f4be69f75f33245f9b84be4601c810f09f86ca2bd90ba91fe0a7fd8b55a95bc7721e18bae9bbe8128519c9f426c3024ddeff0775c149fac34f134f0043651b2f5083e6772500139f462f994f137c5f4842f4e2f84c9c8770a6e24ea7ff44747b5cc926a9bf87632672580fe81a690671772a7eff984f85c417a6d4e2cd2fcbd43396314740741708ba7e281dad962b1d19e5aef435577c9339a01a46fd1683683ba8217dbe507cd0e5a9e2d354e03fc8c8c9349feda729e10e12382d8a860569ea66433a3c1cfd4dfa2f4bc9ee9e91cd97249330d870002ee8855a621653ca9e3d5f3c475a74790137777027ab4204c0fe6471ee89434a2e1edfe666ef30acf2e82c9b0ac17dbdeb0646a2de30721b2a4c9758ac62af4944a6775021180d64cb782d8d85dbb17a461fdbf0f1198ede9258c493308884aeea014146c7e648ecd720fd747808597c93e68c13edd8a517ef3f6b94b3ec90bb523a056cc35d352e441562a1db09ca01821e54c8283d471ad9f513fa6f733e18497058d4ef602a9cf42e8207b754c4d2f10a0b3bb37bedcc896eb8edbdc9394acb1895528dbdbd72fd76102076bcaee5ee946a7924511cbce9b7f65103a6493491c168315cccadfdc9f535512558f7f677eed4a5a44e1e91e85c52c50c19f8644eb27c14da41aa8a8227f73c3ef1d32bbe8d174b8da7ba740b8a3a6afa25ad26e6be1909ae75a16592dd011cddecccd93ae17c7ed05d469622b32c97fd959833e68d273b32d7a9c742cc85c43529b6f9acf7f5134fdb11dde8ad0b5baecf1c00cac9e6aeca9086544621801b02ab1faf3194e00bf7231c13bb327f209da5a38d3a5e88d4828879fe0caea863f3e710f057d6f84b6e8c6d25cecadf8e7ae7b3eae22a1bdf1ed2990f8df70dcde42b5c509e623a4dfab363787bf336f8c9014f8721045a0c7f19971c1d0c553012beddd891fab1e4660a1c05b5f159096c12441f8cd0e2127969c69818b3dea0118a096fa7e9d1504bc6d31e75f37335e974ddbb0e1ec2b672d419f2c47f8d99058131011fcdda9ac2706dc8a367d6ec71966d67645fa75e48a32b23b0b4acb7294ba27e0c8fa0ec5d8eb4692e5b12a00a8416aee74c19aa095763af8189f766d41993e62e15d8f129d068765f675fb59da629e4e13152572aa2a6af1b48e953b622491d3842390e590d944653ab926ea546f64ecd107a46fb27cf0ffbe8ce89e21b638e9380006604f4a3a44aa40655c6a2305596cf261a637cf0389efc5865692c62f90abe1a0df9adb02b67518b3e5568d94751dfa80233439f3a997868af01237de36eae1848e42431865c89a0081ca3792f13966774419b39611a179234133714c73de0990b4fc0849f8d2bae4e144fa352df00bec0b07663c84df8fb2b89ad47cfc61959763260a0a3617c6c4b633ecbfc19b41f68577fe36a3fb4884ca8207b5cfccfd8ccb0655f15daa705af5d7280333f74c1fdb90a8c7d5f63ac37f9017a8d9cbbf1bef827e84c0cd34e047fcc7ee198ab2ab332d45aeb9e57a39ea671d1e871f97cdfffe517b13955b3e47864492fdb514be883fb73272454c8705a711f302f4a8e4ba442bdf2c2277fcc1f7b4f491cbbbb323dadbce670cf683c7e7c9cdd4d8ce375f5745ad9e5a9580734852d2cc3f16de59d7f01f74ce86d8de975180adb31eb9f2550575b6d18990654a5b0b741f6829bd05d233d3405ec94f02c93d0060be2d601afc0072cf9a60d1cc621f7f159c0b8dde8cf11979bf8927970a041b4194db97414eedebc83f1c42cd93569d42125d98fc97dbdafb6ad7f0940175cf7ca9885727485985c98bdf45eed3f072ddee1523577fd77c8b948173a66e1271d10c40dc38d290271d39995acd6bd89ab5f726493121aadcb9a6c5485b0ce9dae7345ec23a09cfe537543153514d936471958c5832a09c865e60cdc301be256bf7c3ea9763865a18236f5d2f47120077d49f497a308f23e7bb98e53e5b2617d5ef5ace503a6241c4dd08506e2a7617d0e9fe30e189c247522cffc0e297ea3656ffdffc6f232c654a2df5612d4e0c3e51a5678e7c6f55f52433ba27b22b8334338425d869074016ee13b5bb23721822a9f2c254652f1e85f04845f0f397ec02cb50b66ba658d14376322d94efb52b8f1215d1b81fd144e87572532f3e7aabca317ed690afec050d94650bfc92283702bf25e3fda21abd5a0b0eecdd12b72b47ce8c7ea3113b9178ba376075c66ddb9c027dbd17583265577fa6cfe2342f3a683a305d5a4c433b57b2a38e6d09350ade751cedb9d6c070adbb3dbc1ec36b170d5051fe5092ae23fe4706b956a4eb04e22ca8079f8b403b6c4052f6eefd46ffebdc26e08ecbf8c54fe11cabd0d206394f92889a8deb95e92c273f16f2c78b490d3778b7fe3f3304d5dcad5b4757273ad7fb7bbe583c2665aeaa96b4fb184f310f22fa8a21d2984e8217ac307c2f7710250fef4749b334c5b723e4a77d92fd3fecfb683a21bbbaccbcd085c8b939566ab841e22f104396684601fd1b0c3c4135c93230cfc41d2546fbba0f02c87989761fd9a99883a6821fe85df33e5b0f6b5537636d4354089e2b3019a56fce9984d69a5d5a97fc71ae2cbaf279c0980cd061f6eda75944589720411fbec302bfc785c7aa4c8df656d41f16532d7b7f010aaaca4b1ea544e11f19f667470d020d975b89eb3e7721a80285a079db882d0d12fd86b328f8d3c85de0527979ec41ac591f8aa1c35d39bfed93920997e1e42bdee01426d6e75cc7f555ce537b607a44051ebd7ecd050020dfcf8b343d7b1e59055c96cfbf6645bbb2707dc219f3d4322a5fb8e3c244045251bc263db0816ed7458ef6145aad977415768a842c3515a8190510c6f9a91bbb7df21ed9d056bb51238cc1b811de9e437ffbb274076e484a387f976ea9cf4c33731a7b3f7436c4e40ccda9a3ff71f18ae6a8fdfc03ae61cd179dff3a35c1a87327141b886f9")
prctl$PR_SCHED_CORE(0x3e, 0x0, r3, 0x2, &(0x7f00000018c0))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x8010, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x1e, &(0x7f0000000000)=0x5, 0x4)
recvmmsg(r2, &(0x7f0000000200)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff3a}, 0x106}], 0x1, 0x40002143, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000140)={0x2, 0x4e21, @multicast2}, 0x10)
sendmmsg$inet(r6, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYRES64=r5], 0x70}}], 0x1, 0xc010)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)

571.140563ms ago: executing program 1 (id=6715):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000200000002000000005000000030000000100000f040000000a00000010"], &(0x7f0000000f80)=""/4115, 0x3d, 0x1013}, 0x20)

395.074858ms ago: executing program 1 (id=6716):
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast=0xac14140a, @multicast1}, "040022ebffffffff"}}}}}, 0x0)

309.101424ms ago: executing program 3 (id=6717):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000c000000200003801c0003800c00018008000100000000000c00018008000100ab8e00000c00018008000100", @ANYRES32=r3, @ANYBLOB="4a6e9432af6157e6a58232b860799c02d8291ff7ad874f6f22347794ce6fb36134cfb22838d70e77a18ea5c446e3a1aa5cef71848f7e492f0cc9a4e201dcbebf59a562732bb43b141a2c0fe339d67e215b8e32962e3f1ac9e3de0a7077ea8533d0fd4432b124807733ba289915c435c44408ff0f0000000000004cee880c15940208908e70db383a71017762a2be71c32b0bdb73f4ecbd7c4dd0a80284bb2b505da1104b61b3324ef89367b2eb2cc89acaf5eadb373b0f94f6b436"], 0x40}}, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @private, @dev}, &(0x7f0000000080)=0xc)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'veth1_macvtap\x00', <r5=>0x0})
setsockopt$packet_int(r4, 0x107, 0x0, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={0x1, 0x58, &(0x7f00000000c0)}, 0x10)
r6 = socket(0x26, 0x2, 0x8)
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
r9 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r9, 0xc0045516, &(0x7f00000000c0)=0x81)
ppoll(&(0x7f00000001c0)=[{r8}, {r9}], 0x2, 0x0, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="10000000bec58aaf000000490a000000"], 0x10}, 0x0)
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r10, 0x400448ca, 0x0)
bind$bt_hci(r10, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
bind$bt_hci(r7, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r7, &(0x7f0000000080)=ANY=[], 0x6)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r12=>0x0})
bind$packet(r6, &(0x7f0000000140)={0x11, 0x0, r12, 0x1, 0x0, 0x6, @local}, 0x14)
socket$inet6_udplite(0xa, 0x2, 0x88)

281.730354ms ago: executing program 4 (id=6718):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000ac0)=@delchain={0x24c, 0x65, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_u32={{0x8}, {0x38, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_DIVISOR={0x8, 0x4, 0xa}, @TCA_U32_MARK={0x10}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0x1cc, 0x2, [@TCA_ROUTE4_TO={0x8}, @TCA_ROUTE4_ACT={0x1c0, 0x6, [@m_nat={0x9c, 0x0, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff}}]}, {0x49, 0x6, "17a3a496e0b06ed4b17c112d919b00b3961dacbd47d9dd716cb9e3eeb2118c01ec30dc86f8f94756684ff97abdf1a26ea4833cb4d10d78455e1ae1bcb85f22df4cc4cb4f84"}, {0xc}, {0xc}}}, @m_sample={0x120, 0x19, 0x0, 0x0, {{0xb}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x1}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x7}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0xd}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0xfffffff8, 0x1, 0x8, 0x7}}]}, {0xbc, 0x6, "395ade187942502c996532f6fa5ea74b924d04b8c47c35e512edf93f1c4e295b0858d3a562933123e7ffefe31e429f64f413a49e854a8ea26b1dacfe697da6eee875b7bc1840962a1d492b084586d1df18b29a21924a2799333aa026651e4f2ff2c391b262425a1d0eab931380e5c80cfa9be9cea8e45c7817c1e19d2cf19c610ff8c02cceecdff67a979c13f26e18913dd1ead832b6d0a1c4d7bf3d5e5ce5727eee46ee086742d0fc328e0af350c79b9a26ac65a7739fff"}, {0xc, 0x7, {0x0, 0xa924cd17ae37eb53}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}]}, 0x24c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r2 = getpid()
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b700000000000000950000000000000039b7b080196c98bdc468155432bb43bf7f35e29adf47e8981ef8e34077ea5ef94d03d03a7b40b45aa8952e42dd58c58451acd167fed2864390752f418b"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_int(r7, 0x1, 0x3f, &(0x7f0000000100), &(0x7f0000000240)=0x4)
close(0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000035000bae0ad881c40650f5e50c24fc60", 0x14}], 0x1}, 0x0)
mincore(&(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f0000000000)=""/60)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0, 0xa0}}, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b000000", 0xd, 0x0, 0x0, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r9=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="110800000000000000002000000024002d80050004000000000005000100b10000001000020003000000080003000300000008000300", @ANYRES32=r9], 0x40}}, 0x0)
sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x24, 0x0, 0x8, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0xe75568b49369feb2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000044}, 0x4040004)

208.944353ms ago: executing program 1 (id=6719):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000340)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
r3 = syz_open_dev$video4linux(&(0x7f0000000280), 0x2004, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r3, 0xc040563d, &(0x7f0000000880)={0x1, 0x10})
prctl$PR_SCHED_CORE(0x53564d41, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000004680)=@newchain={0x664, 0x64, 0x100, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x5}, {0x0, 0x2}}, [@TCA_CHAIN={0x8, 0xb, 0x5}, @TCA_RATE={0x6}, @filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_LINK={0x8, 0x3, 0x8}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x6}}, @filter_kind_options=@f_basic={{0xa}, {0x5e4, 0x2, [@TCA_BASIC_EMATCHES={0x498, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7f}}, @TCA_EMATCH_TREE_LIST={0x1ac, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x108, 0x2, 0x0, 0x0, {{0x7f, 0x0, 0xaf3}, "660fae0e8b5a5d7eb809c912b3fd388c74018a8bd579625937bb47a8787ffa8de695b2cd7313098a434d50540c45b9f3e203d2bffeed2ae7ea93c9efc7360fc3edd213fd25562bf47b3cc099d8d1c90f52e401ef6c728a8c553c2994da5e894d8c9754dbb157557e536ede5e2690797df409c13dffb1c6511405a1b17e00c915e0edb5d73baa455714c4f9e774693189844f243cba146aef48330c587fea13dafe689a684f9962f2738c223d4fcb72e7521defac21c2c6f89181bd6b0203ec3e456b8331bd317d7c7d89b1550cc99d5cd5e0c184a1a278771b6814cff73002b6ae2aaea3535d9a023a12c87a3a9a75b93fb5fcde31d8cc13bf3d"}}, @TCF_EM_IPT={0x74, 0x2, 0x0, 0x0, {{0xd1, 0x9, 0xf}, [@TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_HOOK={0x8}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_DATA={0x24, 0x5, "9d504792353ba2100c178a2e3d6adf8fb028363ff1b3c99e3694676dbcfee507"}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x3c}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x4}]}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0xc2cf, 0x3, 0x7}, {0xffff, 0x1, 0x5, 0x1}}}, @TCF_EM_IPSET={0x10, 0x0, 0x0, 0x0, {{0x7, 0x8, 0x4}, {0x2, 0x1, 0x7}}}]}, @TCA_EMATCH_TREE_LIST={0x128, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x70ca, 0x1, 0x8}, {0x736dd429, 0x0, 0x2, 0x2, 0x7, 0x2, 0x1}}}, @TCF_EM_NBYTE={0x18, 0x3, 0x0, 0x0, {{0x8}, {0xe7, 0x6, 0x2, "7f30c0291a6b"}}}, @TCF_EM_IPT={0x1c, 0x2, 0x0, 0x0, {{0x200, 0x9, 0x2}, [@TCA_EM_IPT_NFPROTO={0x5}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x9}]}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x1000, 0x8, 0x6}, {0x4, 0x4, 0x4}}}, @TCF_EM_META={0xc8, 0x1, 0x0, 0x0, {{0x5, 0x4, 0x280}, [@TCA_EM_META_LVALUE={0x1a, 0x2, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="59195f", @TCF_META_TYPE_VAR="79cf8ce6bd9866", @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x400, 0x0, 0x2}, {0x101, 0x4, 0x1}}}, @TCA_EM_META_LVALUE={0x31, 0x2, [@TCF_META_TYPE_VAR="b144efcb98ce", @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR="508610a823", @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="69e899ac17835db75543", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x8]}, @TCA_EM_META_RVALUE={0x17, 0x3, [@TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="85c52c21acb2", @TCF_META_TYPE_VAR="1ed143dfce4d591a68"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0xfb63, 0x81, 0x2}, {0x8, 0x40, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0x0, 0x1}, {0x5, 0xff, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x7, 0x6, 0x2}, {0x6, 0x81, 0x2}}}, @TCA_EM_META_RVALUE={0x15, 0x3, [@TCF_META_TYPE_VAR="de2247", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="4a12b179caaf", @TCF_META_TYPE_INT=0x6]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x6, 0x4, 0x2}, {0x8, 0x2, 0x1}}}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x190, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xf035, 0x8, 0x257d}, {0xffffffffffffffff, 0x2, 0x4}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x0, 0x1, 0x1}, {0x0, 0x80000000, 0x0, 0x0, 0x6, 0x1}}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x8, 0x7, 0x68}, {{0x3, 0x1, 0x1, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x3}, {0x4, 0x100, 0x3, 0xf0}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x2, 0x3, 0x2}, {0x5, 0xb1db, 0x5, 0xe}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xfffe, 0x7, 0x7ff}, {{0x0, 0x0, 0x1}, {0x3, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0xd4, 0x1, 0x0, 0x0, {{0x9, 0x4, 0x2}, [@TCA_EM_META_RVALUE={0x8, 0x3, [@TCF_META_TYPE_INT=0x5]}, @TCA_EM_META_RVALUE={0x13, 0x3, [@TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="11ab41fedf6902", @TCF_META_TYPE_VAR="6fd5c8", @TCF_META_TYPE_VAR='V']}, @TCA_EM_META_LVALUE={0xd, 0x2, [@TCF_META_TYPE_VAR="c5", @TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x6]}, @TCA_EM_META_RVALUE={0xc, 0x3, [@TCF_META_TYPE_VAR="eb078a", @TCF_META_TYPE_VAR="19e7b77a66"]}, @TCA_EM_META_RVALUE={0x2b, 0x3, [@TCF_META_TYPE_VAR="6d5df65b74f63093801d", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="4e9f6ec3e54f979c77", @TCF_META_TYPE_VAR="fccef635"]}, @TCA_EM_META_RVALUE={0x28, 0x3, [@TCF_META_TYPE_VAR="138edbc285ff", @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR="98650c9cd96b", @TCF_META_TYPE_VAR="d0988f245edbb0", @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="3ebe", @TCF_META_TYPE_VAR="f91969ca", @TCF_META_TYPE_VAR="7f724f"]}, @TCA_EM_META_RVALUE={0xb, 0x3, [@TCF_META_TYPE_VAR="fc4fb2", @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_RVALUE={0x7, 0x3, [@TCF_META_TYPE_VAR="e85858"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x3, 0x7f, 0x1}, {0x7, 0x9}}}, @TCA_EM_META_RVALUE={0x1b, 0x3, [@TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="35cf1a", @TCF_META_TYPE_VAR="48b3ec9a4bfb4daca2ea", @TCF_META_TYPE_VAR="dcf8cde4c45f"]}]}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x8f, 0x2, 0xc}, {0x0, 0x4, 0x2, "3d5cc9c2"}}}, @TCF_EM_NBYTE={0x1c, 0x3, 0x0, 0x0, {{0x800, 0x2, 0x4}, {0x2, 0xa, 0x2, "3d562f5eaa7c453942ae"}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2bff}}]}, @TCA_BASIC_EMATCHES={0x148, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x102, 0x0, 0x0, {{0x1, 0x2, 0x1}, {0x3, 0x0, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x110, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc8, 0x2, 0x0, 0x0, {{0x6, 0x0, 0x3}, "6c4257f7b4d0b3925518a02bde4c77be4c004859b17da40249a11fadee19765c078a56cfaf4bdb2f83dc02078be14c8247b2eb3dd533909824a4551d8a7919d5958050f563798aef3dc53d38ea025d2f627215574c1cd13809bc29b878327f08ceed1e9f960688964ac82d7f33b5afa008cb2b6b5a15e6519dc58b1c30db1f825686c242d2cd034d64a510d2979a2d7514d5512b1f4da1588c9ecf3c509cbb3b93f6bf7f2b2a0fde5f6b8a711c04a024f6f14de13afef4111e05"}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0xf, 0x8, 0x401}, {0x1, 0x1, 0xc4f3ea98c2d3452}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0xb3a, 0x8, 0x9}, {0xffffffffffffffff}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x0, 0x8, 0xf60}, {0x0, 0x2, 0x1}}}, @TCF_EM_NBYTE={0x14, 0x1, 0x0, 0x0, {{0x0, 0x2, 0xd}, {0x80, 0x3, 0x2, "44bc7e"}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x113}}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x9}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x20000365}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_cgroup={{0xb}, {0x8, 0x2, [@TCA_CGROUP_ACT={0x4}]}}]}, 0x664}}, 0x0)
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(0xffffffffffffffff, 0x3b8b, &(0x7f00000001c0)={0x10})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r6, 0x0, &(0x7f0000000200))
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000240)=[<r7=>0x0, 0x0], 0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r7], &(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000040)})

0s ago: executing program 0 (id=6720):
epoll_create1(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007311430000000000851000000200000001000000000000009500170fdb2966eeda05adb5e8381bd4"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r1, 0x0, 0xf7)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
syz_io_uring_setup(0x690b, &(0x7f00000006c0)={0x0, 0x0, 0x10100, 0x0, 0x328}, &(0x7f0000000200), &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_setup(0x1868, &(0x7f0000000140), &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000240))
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x200, 0x0)
io_uring_enter(r4, 0x1846, 0xcc2e, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
r7 = socket(0x0, 0x4, 0x0)
setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r7, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
sendmsg$tipc(r7, &(0x7f0000000340)={&(0x7f0000000040)=@name, 0x10, 0x0}, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000ac0)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB], 0x368}}, 0x0)

kernel console output (not intermixed with test programs):

t(1721808033.014:7681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25984 comm="syz.4.6322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1823.623994][    T9] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[ 1823.644075][   T25] usb 1-1: device descriptor read/64, error -71
[ 1823.806590][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1823.839629][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1823.839684][    T9] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1823.839711][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1823.841077][    T9] usb 2-1: config 0 descriptor??
[ 1823.930193][   T25] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 1824.074411][   T25] usb 1-1: device descriptor read/64, error -71
[ 1824.194663][   T25] usb usb1-port1: attempt power cycle
[ 1824.237070][   T29] audit: type=1326 audit(1721808033.734:7682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25984 comm="syz.4.6322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1824.266585][   T29] audit: type=1326 audit(1721808033.734:7683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25984 comm="syz.4.6322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1824.292723][   T29] audit: type=1326 audit(1721808033.764:7684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25984 comm="syz.4.6322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1824.337349][T26004] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1824.351192][   T29] audit: type=1326 audit(1721808033.764:7685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25984 comm="syz.4.6322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1824.392989][   T29] audit: type=1326 audit(1721808033.764:7686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25984 comm="syz.4.6322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1824.417963][   T29] audit: type=1326 audit(1721808033.764:7687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25984 comm="syz.4.6322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1824.451539][   T29] audit: type=1326 audit(1721808033.764:7688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25984 comm="syz.4.6322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1824.474285][   T29] audit: type=1326 audit(1721808033.764:7689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25984 comm="syz.4.6322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1824.520186][    T9] usb 2-1: string descriptor 0 read error: -22
[ 1824.614415][   T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 1824.660105][   T25] usb 1-1: device descriptor read/8, error -71
[ 1824.721622][T25980] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1824.741647][T25980] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1824.973223][    T9] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.00B6/input/input85
[ 1825.053996][   T25] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 1825.066329][    T9] uclogic 0003:256C:006D.00B6: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.1-1/input0
[ 1825.114735][   T25] usb 1-1: device descriptor read/8, error -71
[ 1825.244667][   T25] usb usb1-port1: unable to enumerate USB device
[ 1825.829182][T26017] 9pnet_fd: Insufficient options for proto=fd
[ 1826.264985][T23609] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[ 1826.282855][T23609] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[ 1826.310916][T23609] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[ 1826.321127][T23609] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[ 1826.403289][    T9] usb 2-1: USB disconnect, device number 23
[ 1826.419081][T23609] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[ 1826.428837][T23609] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[ 1826.781623][T26021] chnl_net:caif_netlink_parms(): no params data found
[ 1826.903546][T26038] FAULT_INJECTION: forcing a failure.
[ 1826.903546][T26038] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1826.916906][T26038] CPU: 1 UID: 0 PID: 26038 Comm: syz.4.6335 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1826.927353][T26038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1826.937425][T26038] Call Trace:
[ 1826.940691][T26038]  <TASK>
[ 1826.943610][T26038]  dump_stack_lvl+0x241/0x360
[ 1826.948294][T26038]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1826.953491][T26038]  ? __pfx__printk+0x10/0x10
[ 1826.958095][T26038]  should_fail_ex+0x3b0/0x4e0
[ 1826.962765][T26038]  _copy_from_user+0x2f/0xe0
[ 1826.967343][T26038]  sctp_setsockopt+0xcc/0x11c0
[ 1826.972096][T26038]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1826.977982][T26038]  do_sock_setsockopt+0x3af/0x720
[ 1826.982996][T26038]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1826.988525][T26038]  ? __fget_files+0x29/0x470
[ 1826.993102][T26038]  ? __fget_files+0x3f6/0x470
[ 1826.997766][T26038]  __sys_setsockopt+0x1ae/0x250
[ 1827.002601][T26038]  __x64_sys_setsockopt+0xb5/0xd0
[ 1827.007611][T26038]  do_syscall_64+0xf3/0x230
[ 1827.012101][T26038]  ? clear_bhb_loop+0x35/0x90
[ 1827.016763][T26038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1827.022734][T26038] RIP: 0033:0x7fdda4775f19
[ 1827.027140][T26038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1827.046733][T26038] RSP: 002b:00007fdda5511048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1827.055145][T26038] RAX: ffffffffffffffda RBX: 00007fdda4906038 RCX: 00007fdda4775f19
[ 1827.063106][T26038] RDX: 0000000000000079 RSI: 0000000000000084 RDI: 0000000000000003
[ 1827.071061][T26038] RBP: 00007fdda55110a0 R08: 0000000000000008 R09: 0000000000000000
[ 1827.079109][T26038] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000001
[ 1827.087066][T26038] R13: 000000000000006e R14: 00007fdda4906038 R15: 00007ffcabd343c8
[ 1827.095120][T26038]  </TASK>
[ 1827.099501][    T9] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[ 1827.303953][    T9] usb 2-1: Using ep0 maxpacket: 16
[ 1827.333215][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1827.363697][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1827.403822][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1827.433712][T26026] ALSA: mixer_oss: invalid OSS volume ''
[ 1827.460708][    T9] usb 2-1: New USB device found, idVendor=04d9, idProduct=a072, bcdDevice= 0.00
[ 1827.472865][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1827.486558][    T9] usb 2-1: config 0 descriptor??
[ 1827.656312][T26021] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1827.671004][T26054] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1827.676571][T26021] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1827.695614][T26054] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1827.710487][T26055] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1827.750024][T26021] bridge_slave_0: entered allmulticast mode
[ 1827.768569][T26021] bridge_slave_0: entered promiscuous mode
[ 1827.801333][T26021] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1827.824077][T26021] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1827.833107][T26021] bridge_slave_1: entered allmulticast mode
[ 1827.853491][T26021] bridge_slave_1: entered promiscuous mode
[ 1827.862631][T26052] netlink: 64 bytes leftover after parsing attributes in process `syz.2.6337'.
[ 1827.949958][    T9] holtek_mouse 0003:04D9:A072.00B7: item fetching failed at offset 3/4
[ 1827.973404][T26021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1827.987892][    T9] holtek_mouse 0003:04D9:A072.00B7: hid parse failed: -22
[ 1828.003325][T26021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1828.012772][    T9] holtek_mouse 0003:04D9:A072.00B7: probe with driver holtek_mouse failed with error -22
[ 1828.066422][T26021] team0: Port device team_slave_0 added
[ 1828.081741][T26021] team0: Port device team_slave_1 added
[ 1828.122282][T26021] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1828.133712][T26021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1828.215960][T26021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1828.241877][    T9] usb 2-1: USB disconnect, device number 24
[ 1828.252244][T26021] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1828.261979][T26021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1828.287899][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1828.298418][T26021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1828.358858][T26021] hsr_slave_0: entered promiscuous mode
[ 1828.373064][T26021] hsr_slave_1: entered promiscuous mode
[ 1828.388078][T26021] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1828.397197][T26021] Cannot create hsr debugfs directory
[ 1828.525247][T23609] Bluetooth: hci9: command tx timeout
[ 1828.882796][T26021] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1829.049771][T26021] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1829.104355][ T5198] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[ 1829.192027][T26021] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1829.224214][    T8] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[ 1829.320652][ T5198] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1829.339926][T26021] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1829.350951][ T5198] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1829.364783][   T25] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[ 1829.377558][ T5198] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1829.391800][ T5198] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1829.451964][ T5198] usb 5-1: config 0 descriptor??
[ 1829.468546][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1829.518018][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1829.566407][    T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1829.569628][   T25] usb 2-1: New USB device found, idVendor=05ac, idProduct=b301, bcdDevice=e4.00
[ 1829.594044][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1829.602371][   T25] usb 2-1: Product: syz
[ 1829.606818][   T25] usb 2-1: Manufacturer: syz
[ 1829.613987][   T25] usb 2-1: SerialNumber: syz
[ 1829.637663][   T25] usb 2-1: config 0 descriptor??
[ 1829.668947][    T8] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1829.709135][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1829.767436][    T8] usb 3-1: config 0 descriptor??
[ 1829.835788][T26021] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1829.874435][T26021] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1829.907675][T26021] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1829.934731][T26021] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1830.065104][ T5198] usb 5-1: string descriptor 0 read error: -22
[ 1830.205265][    T8] plantronics 0003:047F:FFFF.00B9: unknown main item tag 0x0
[ 1830.238481][    T8] plantronics 0003:047F:FFFF.00B9: No inputs registered, leaving
[ 1830.266349][T26067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1830.284678][T26067] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1830.286483][    T8] plantronics 0003:047F:FFFF.00B9: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1830.331202][T26021] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1830.553208][ T5141] usb 3-1: USB disconnect, device number 115
[ 1830.566889][ T5198] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.00B8/input/input86
[ 1830.598334][ T5198] uclogic 0003:256C:006D.00B8: input,hidraw1: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.4-1/input0
[ 1830.607376][T26021] 8021q: adding VLAN 0 to HW filter on device team0
[ 1830.617246][T23609] Bluetooth: hci9: command tx timeout
[ 1830.746008][ T5198] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1830.753208][ T5198] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1830.825150][ T5198] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1830.832458][ T5198] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1831.344900][T26021] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1831.471901][T26021] veth0_vlan: entered promiscuous mode
[ 1831.666848][T26021] veth1_vlan: entered promiscuous mode
[ 1831.776174][T26021] veth0_macvtap: entered promiscuous mode
[ 1831.877629][ T5198] usb 5-1: USB disconnect, device number 40
[ 1831.957653][T26079] ALSA: mixer_oss: invalid OSS volume ''
[ 1831.972646][    T8] usb 2-1: USB disconnect, device number 25
[ 1832.049356][T26021] veth1_macvtap: entered promiscuous mode
[ 1832.136373][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1832.167586][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.185367][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1832.206435][T26104] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1832.220610][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.242979][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1832.271730][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.295210][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1832.317705][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.333191][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1832.357907][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.387260][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1832.410350][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.427335][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1832.442903][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.453540][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1832.465636][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.478544][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1832.489553][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.514850][T26021] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1832.563496][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1832.601940][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.630401][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1832.652394][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.676614][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1832.694667][T23609] Bluetooth: hci9: command tx timeout
[ 1832.701682][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.721437][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1832.743730][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.759091][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1832.772765][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.786823][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1832.797498][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.807515][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1832.818192][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.842934][T26112] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1832.850396][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1832.866072][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.884344][T26021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1832.915760][T26021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1832.943491][T26021] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1833.020380][T26114] vlan2: entered promiscuous mode
[ 1833.036994][T26114] batadv0: entered promiscuous mode
[ 1833.077869][T26114] team0: Port device vlan2 added
[ 1833.104369][   T29] kauditd_printk_skb: 60 callbacks suppressed
[ 1833.104389][   T29] audit: type=1326 audit(1721808042.594:7750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26110 comm="syz.4.6354" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x0
[ 1833.132348][T26021] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1833.143578][T26021] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1833.153030][T26021] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1833.162193][T26021] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1833.324084][ T5198] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[ 1833.352367][T14128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1833.366197][T14128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1833.387653][T14141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1833.406212][T14141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1834.006021][ T5198] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1834.054225][ T5198] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1834.099278][ T5198] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1834.133316][ T5198] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1834.160723][ T5198] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1834.193268][ T5198] usb 3-1: config 0 descriptor??
[ 1834.369405][T26140] overlayfs: missing 'lowerdir'
[ 1834.620864][ T5198] plantronics 0003:047F:FFFF.00BA: unknown main item tag 0x0
[ 1834.650455][ T5198] plantronics 0003:047F:FFFF.00BA: No inputs registered, leaving
[ 1834.703471][ T5198] plantronics 0003:047F:FFFF.00BA: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1834.744098][   T25] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 1834.887937][T23609] Bluetooth: hci9: command tx timeout
[ 1834.895256][T26147] bridge1: entered promiscuous mode
[ 1834.976562][ T5198] usb 3-1: USB disconnect, device number 116
[ 1835.007830][   T25] usb 4-1: New USB device found, idVendor=05ac, idProduct=b301, bcdDevice=e4.00
[ 1835.020296][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1835.030874][   T25] usb 4-1: Product: syz
[ 1835.042915][   T25] usb 4-1: Manufacturer: syz
[ 1835.053991][   T25] usb 4-1: SerialNumber: syz
[ 1835.068425][   T25] usb 4-1: config 0 descriptor??
[ 1835.110844][T26152] FAULT_INJECTION: forcing a failure.
[ 1835.110844][T26152] name failslab, interval 1, probability 0, space 0, times 0
[ 1835.136037][T26152] CPU: 0 UID: 0 PID: 26152 Comm: syz.1.6365 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1835.146507][T26152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1835.156594][T26152] Call Trace:
[ 1835.159883][T26152]  <TASK>
[ 1835.162823][T26152]  dump_stack_lvl+0x241/0x360
[ 1835.167522][T26152]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1835.172739][T26152]  ? __pfx__printk+0x10/0x10
[ 1835.177346][T26152]  ? fs_reclaim_acquire+0x93/0x140
[ 1835.182487][T26152]  ? __pfx___might_resched+0x10/0x10
[ 1835.187800][T26152]  should_fail_ex+0x3b0/0x4e0
[ 1835.192503][T26152]  ? tomoyo_encode+0x26f/0x540
[ 1835.197281][T26152]  should_failslab+0xac/0x100
[ 1835.201980][T26152]  ? tomoyo_encode+0x26f/0x540
[ 1835.206754][T26152]  __kmalloc_noprof+0xd8/0x400
[ 1835.211540][T26152]  tomoyo_encode+0x26f/0x540
[ 1835.216150][T26152]  tomoyo_realpath_from_path+0x59e/0x5e0
[ 1835.221825][T26152]  tomoyo_path_number_perm+0x23a/0x880
[ 1835.227319][T26152]  ? tomoyo_path_number_perm+0x208/0x880
[ 1835.232968][T26152]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1835.238997][T26152]  ? __fget_files+0x29/0x470
[ 1835.243605][T26152]  ? __fget_files+0x3f6/0x470
[ 1835.248289][T26152]  ? __fget_files+0x29/0x470
[ 1835.252884][T26152]  security_file_ioctl+0x75/0xb0
[ 1835.257822][T26152]  __se_sys_ioctl+0x47/0x170
[ 1835.262410][T26152]  do_syscall_64+0xf3/0x230
[ 1835.266912][T26152]  ? clear_bhb_loop+0x35/0x90
[ 1835.272020][T26152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1835.277916][T26152] RIP: 0033:0x7fb2ff575f19
[ 1835.282330][T26152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1835.301936][T26152] RSP: 002b:00007fb300351048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1835.310348][T26152] RAX: ffffffffffffffda RBX: 00007fb2ff705f60 RCX: 00007fb2ff575f19
[ 1835.318320][T26152] RDX: 0000000020002e80 RSI: 000000004008af24 RDI: 0000000000000003
[ 1835.326290][T26152] RBP: 00007fb3003510a0 R08: 0000000000000000 R09: 0000000000000000
[ 1835.334257][T26152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1835.342245][T26152] R13: 000000000000000b R14: 00007fb2ff705f60 R15: 00007fffd4e2a278
[ 1835.350270][T26152]  </TASK>
[ 1835.494122][T26152] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1835.510031][ T5143] usb 4-1: USB disconnect, device number 17
[ 1835.702661][T26157] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6368'.
[ 1835.841699][   T29] audit: type=1326 audit(1721808045.334:7751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26156 comm="syz.4.6368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1835.892557][T26164] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1835.924247][   T29] audit: type=1326 audit(1721808045.334:7752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26156 comm="syz.4.6368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1835.945889][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1836.198675][T26177] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6370'.
[ 1836.227896][T26177] vlan2: entered promiscuous mode
[ 1836.554265][   T29] audit: type=1326 audit(1721808046.054:7753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26156 comm="syz.4.6368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1836.595048][   T29] audit: type=1326 audit(1721808046.054:7754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26156 comm="syz.4.6368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1836.686796][   T29] audit: type=1326 audit(1721808046.054:7755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26156 comm="syz.4.6368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1836.802446][T26188] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1836.810728][   T29] audit: type=1326 audit(1721808046.054:7756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26156 comm="syz.4.6368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1836.911925][   T29] audit: type=1326 audit(1721808046.054:7757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26156 comm="syz.4.6368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1836.927955][T26198] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[ 1837.044145][   T29] audit: type=1326 audit(1721808046.054:7758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26156 comm="syz.4.6368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1837.244369][   T29] audit: type=1326 audit(1721808046.054:7759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26156 comm="syz.4.6368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x7fc00000
[ 1838.082691][T26221] FAULT_INJECTION: forcing a failure.
[ 1838.082691][T26221] name failslab, interval 1, probability 0, space 0, times 0
[ 1838.102591][T26221] CPU: 0 UID: 0 PID: 26221 Comm: syz.0.6381 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1838.113058][T26221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1838.123202][T26221] Call Trace:
[ 1838.126490][T26221]  <TASK>
[ 1838.129423][T26221]  dump_stack_lvl+0x241/0x360
[ 1838.134106][T26221]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1838.139303][T26221]  ? __pfx__printk+0x10/0x10
[ 1838.143898][T26221]  ? fs_reclaim_acquire+0x93/0x140
[ 1838.149014][T26221]  ? __pfx___might_resched+0x10/0x10
[ 1838.154293][T26221]  ? dynamic_dname+0x141/0x1b0
[ 1838.159064][T26221]  should_fail_ex+0x3b0/0x4e0
[ 1838.163771][T26221]  ? tomoyo_encode+0x26f/0x540
[ 1838.168537][T26221]  should_failslab+0xac/0x100
[ 1838.173214][T26221]  ? tomoyo_encode+0x26f/0x540
[ 1838.177975][T26221]  __kmalloc_noprof+0xd8/0x400
[ 1838.182746][T26221]  tomoyo_encode+0x26f/0x540
[ 1838.187334][T26221]  ? __pfx_pipefs_dname+0x10/0x10
[ 1838.192362][T26221]  tomoyo_realpath_from_path+0x59e/0x5e0
[ 1838.198005][T26221]  tomoyo_path_number_perm+0x23a/0x880
[ 1838.203463][T26221]  ? tomoyo_path_number_perm+0x208/0x880
[ 1838.209093][T26221]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1838.215102][T26221]  ? __fget_files+0x29/0x470
[ 1838.219693][T26221]  ? __fget_files+0x3f6/0x470
[ 1838.224364][T26221]  ? __fget_files+0x29/0x470
[ 1838.228954][T26221]  security_file_ioctl+0x75/0xb0
[ 1838.233911][T26221]  __se_sys_ioctl+0x47/0x170
[ 1838.238668][T26221]  do_syscall_64+0xf3/0x230
[ 1838.243167][T26221]  ? clear_bhb_loop+0x35/0x90
[ 1838.247841][T26221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1838.253746][T26221] RIP: 0033:0x7f6b0b975f19
[ 1838.258158][T26221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1838.277764][T26221] RSP: 002b:00007f6b0c6ed048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1838.286174][T26221] RAX: ffffffffffffffda RBX: 00007f6b0bb06038 RCX: 00007f6b0b975f19
[ 1838.294139][T26221] RDX: 0000000000000000 RSI: 0000000000005760 RDI: 0000000000000005
[ 1838.302107][T26221] RBP: 00007f6b0c6ed0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1838.310069][T26221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1838.318129][T26221] R13: 000000000000006e R14: 00007f6b0bb06038 R15: 00007ffdd0f47458
[ 1838.326199][T26221]  </TASK>
[ 1838.352651][T26221] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1838.402781][   T29] kauditd_printk_skb: 60 callbacks suppressed
[ 1838.402865][   T29] audit: type=1326 audit(1721808047.894:7820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26182 comm="syz.1.6372" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb2ff575f19 code=0x0
[ 1838.705183][T26231] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1838.764610][   T25] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[ 1838.986094][   T25] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1838.997607][   T25] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1839.020264][   T25] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[ 1839.038488][   T25] usb 4-1: New USB device found, idVendor=413c, idProduct=81d1, bcdDevice=fb.93
[ 1839.126703][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1839.285971][   T25] usb 4-1: Product: syz
[ 1839.314003][   T25] usb 4-1: Manufacturer: syz
[ 1839.332333][   T25] usb 4-1: SerialNumber: syz
[ 1839.366107][   T25] usb 4-1: config 0 descriptor??
[ 1839.686917][T26222] CIFS: VFS: Malformed UNC in devname
[ 1840.025819][T26259] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6391'.
[ 1840.871513][T26276] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1841.380655][ T5198] usb 4-1: USB disconnect, device number 18
[ 1842.463769][   T42] block nbd0: Possible stuck request ffff888020330000: control (read@0,4096B). Runtime 60 seconds
[ 1842.668790][T26285] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1842.801678][T26291] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1843.406479][   T29] audit: type=1326 audit(1721808052.904:7821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26281 comm="syz.3.6399" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f10c2375f19 code=0x0
[ 1843.913812][T26310] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6407'.
[ 1845.433967][   T29] audit: type=1326 audit(1721808054.924:7822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26308 comm="syz.1.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2ff575f19 code=0x7fc00000
[ 1845.471368][   T29] audit: type=1326 audit(1721808054.924:7823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26308 comm="syz.1.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fb2ff575f19 code=0x7fc00000
[ 1845.495013][ T5198] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[ 1845.688777][ T5198] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1845.718195][ T5198] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1845.747668][T26332] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1845.783293][ T5198] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[ 1845.797952][   T29] audit: type=1326 audit(1721808055.274:7824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26308 comm="syz.1.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2ff575f19 code=0x7fc00000
[ 1845.897171][ T5198] usb 4-1: New USB device found, idVendor=413c, idProduct=81d1, bcdDevice=fb.93
[ 1845.912367][ T5198] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1845.924636][   T29] audit: type=1326 audit(1721808055.274:7825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26308 comm="syz.1.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb2ff575f19 code=0x7fc00000
[ 1845.947573][ T5198] usb 4-1: Product: syz
[ 1845.965231][ T5198] usb 4-1: Manufacturer: syz
[ 1845.974378][ T5198] usb 4-1: SerialNumber: syz
[ 1846.002298][ T5198] usb 4-1: config 0 descriptor??
[ 1846.061512][   T29] audit: type=1326 audit(1721808055.274:7826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26308 comm="syz.1.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2ff575f19 code=0x7fc00000
[ 1846.114125][   T29] audit: type=1326 audit(1721808055.274:7827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26308 comm="syz.1.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2ff575f19 code=0x7fc00000
[ 1846.216231][T26321] CIFS: VFS: Malformed UNC in devname
[ 1846.234099][   T29] audit: type=1326 audit(1721808055.274:7828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26308 comm="syz.1.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2ff575f19 code=0x7fc00000
[ 1846.274856][T26343] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1846.460946][   T29] audit: type=1326 audit(1721808055.274:7829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26308 comm="syz.1.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2ff575f19 code=0x7fc00000
[ 1846.521207][   T29] audit: type=1326 audit(1721808055.274:7830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26308 comm="syz.1.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2ff575f19 code=0x7fc00000
[ 1847.285770][ T5141] usb 4-1: USB disconnect, device number 19
[ 1847.365074][T26356] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1847.874000][   T25] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[ 1847.894031][ T5143] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[ 1848.085746][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1848.105771][ T5143] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1848.114112][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1848.146257][ T5143] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1848.153755][   T25] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1848.187019][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1848.191371][ T5143] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1848.214815][   T25] usb 5-1: config 0 descriptor??
[ 1848.229489][ T5143] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1848.265403][ T5143] usb 4-1: config 0 descriptor??
[ 1848.795608][T26378] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1848.875165][   T25] usb 5-1: string descriptor 0 read error: -22
[ 1848.914504][ T5143] usb 4-1: string descriptor 0 read error: -22
[ 1849.083044][T26362] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1849.096017][T26362] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1849.112299][T26383] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1849.123822][T26360] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1849.377587][T26360] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1849.427195][   T25] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.00BB/input/input87
[ 1849.633971][ T5143] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.00BC/input/input88
[ 1849.749755][   T25] uclogic 0003:256C:006D.00BB: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.4-1/input0
[ 1849.762555][ T5143] uclogic 0003:256C:006D.00BC: input,hidraw1: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.3-1/input0
[ 1849.791522][T26389] tap0: tun_chr_ioctl cmd 1074025677
[ 1849.799168][T26389] tap0: linktype set to 6
[ 1850.825126][ T9870] usb 5-1: USB disconnect, device number 41
[ 1850.922351][    T9] usb 4-1: USB disconnect, device number 20
[ 1853.137147][T26409] �eth0_vlan: renamed from bridge_slave_1 (while UP)
[ 1854.214677][ T1241] ieee802154 phy0 wpan0: encryption failed: -22
[ 1854.221982][ T1241] ieee802154 phy1 wpan1: encryption failed: -22
[ 1854.791458][T26416] FAULT_INJECTION: forcing a failure.
[ 1854.791458][T26416] name failslab, interval 1, probability 0, space 0, times 0
[ 1854.804259][T26416] CPU: 1 UID: 0 PID: 26416 Comm: syz.3.6437 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1854.814693][T26416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1854.824769][T26416] Call Trace:
[ 1854.828068][T26416]  <TASK>
[ 1854.831012][T26416]  dump_stack_lvl+0x241/0x360
[ 1854.835734][T26416]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1854.840963][T26416]  ? __pfx__printk+0x10/0x10
[ 1854.845597][T26416]  should_fail_ex+0x3b0/0x4e0
[ 1854.850306][T26416]  ? dst_alloc+0x12b/0x190
[ 1854.854738][T26416]  should_failslab+0xac/0x100
[ 1854.859424][T26416]  ? dst_alloc+0x12b/0x190
[ 1854.863851][T26416]  kmem_cache_alloc_noprof+0x6c/0x2a0
[ 1854.869232][T26416]  ? __pfx_rt6_find_cached_rt+0x10/0x10
[ 1854.874776][T26416]  ? __pfx_ip6_dst_gc+0x10/0x10
[ 1854.879623][T26416]  dst_alloc+0x12b/0x190
[ 1854.883873][T26416]  ip6_pol_route+0xb87/0x15d0
[ 1854.888559][T26416]  ? ip6_pol_route+0x198/0x15d0
[ 1854.893416][T26416]  ? __pfx_ip6_pol_route+0x10/0x10
[ 1854.898537][T26416]  fib6_rule_lookup+0x3c2/0x790
[ 1854.903390][T26416]  ? __pfx_validate_chain+0x10/0x10
[ 1854.908594][T26416]  ? __pfx_ip6_pol_route_output+0x10/0x10
[ 1854.914315][T26416]  ? __pfx_fib6_rule_lookup+0x10/0x10
[ 1854.919689][T26416]  ? __lock_acquire+0x137a/0x2040
[ 1854.924728][T26416]  ? ip6_route_output_flags+0x30/0x610
[ 1854.930196][T26416]  ip6_route_output_flags+0x38e/0x610
[ 1854.935568][T26416]  ip6_dst_lookup_tail+0x1b3/0x14f0
[ 1854.940771][T26416]  ? sk_dst_check+0x29/0x470
[ 1854.945360][T26416]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[ 1854.950995][T26416]  ? sk_dst_check+0x29/0x470
[ 1854.955587][T26416]  ? sk_dst_check+0x2f9/0x470
[ 1854.960267][T26416]  ip6_sk_dst_lookup_flow+0x78c/0xa30
[ 1854.965728][T26416]  ? txopt_get+0x3e0/0x4f0
[ 1854.970141][T26416]  ? __pfx_ip6_sk_dst_lookup_flow+0x10/0x10
[ 1854.976046][T26416]  ? udpv6_sendmsg+0x1be1/0x3270
[ 1854.980982][T26416]  udpv6_sendmsg+0x201c/0x3270
[ 1854.985743][T26416]  ? release_sock+0x30/0x1f0
[ 1854.990340][T26416]  ? __pfx_udplite_getfrag+0x10/0x10
[ 1854.995626][T26416]  ? __pfx_udpv6_sendmsg+0x10/0x10
[ 1855.000733][T26416]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1855.007075][T26416]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1855.012794][T26416]  ? inet_send_prepare+0x1b7/0x260
[ 1855.017908][T26416]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1855.023112][T26416]  ? inet_send_prepare+0x1b7/0x260
[ 1855.028234][T26416]  __sock_sendmsg+0xef/0x270
[ 1855.032825][T26416]  __sys_sendto+0x3a4/0x4f0
[ 1855.037332][T26416]  ? __pfx___sys_sendto+0x10/0x10
[ 1855.042376][T26416]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1855.048357][T26416]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1855.054692][T26416]  __x64_sys_sendto+0xde/0x100
[ 1855.059461][T26416]  do_syscall_64+0xf3/0x230
[ 1855.063963][T26416]  ? clear_bhb_loop+0x35/0x90
[ 1855.068637][T26416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1855.074533][T26416] RIP: 0033:0x7f10c2375f19
[ 1855.078944][T26416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1855.098546][T26416] RSP: 002b:00007f10c30f2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1855.106960][T26416] RAX: ffffffffffffffda RBX: 00007f10c2505f60 RCX: 00007f10c2375f19
[ 1855.114930][T26416] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1855.122894][T26416] RBP: 00007f10c30f20a0 R08: 0000000020000180 R09: 000000000000001c
[ 1855.130860][T26416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1855.138826][T26416] R13: 000000000000000b R14: 00007f10c2505f60 R15: 00007ffd8cc85d58
[ 1855.146807][T26416]  </TASK>
[ 1855.149918][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1855.512957][T26418] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1855.674002][ T5198] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1855.787820][T26434] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.6442'.
[ 1855.886382][ T5198] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1855.951623][ T5198] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1855.988402][ T5198] usb 5-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1856.010411][ T5198] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1856.038882][ T5198] usb 5-1: config 0 descriptor??
[ 1856.470626][ T5198] lenovo 0003:17EF:6067.00BD: hidraw0: USB HID v0.00 Device [HID 17ef:6067] on usb-dummy_hcd.4-1/input0
[ 1856.603713][T26446] FAULT_INJECTION: forcing a failure.
[ 1856.603713][T26446] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1856.619353][T26446] CPU: 1 UID: 0 PID: 26446 Comm: syz.3.6447 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1856.629803][T26446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1856.639855][T26446] Call Trace:
[ 1856.643142][T26446]  <TASK>
[ 1856.646189][T26446]  dump_stack_lvl+0x241/0x360
[ 1856.650942][T26446]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1856.656142][T26446]  ? __pfx__printk+0x10/0x10
[ 1856.660739][T26446]  should_fail_ex+0x3b0/0x4e0
[ 1856.665430][T26446]  _copy_from_user+0x2f/0xe0
[ 1856.670034][T26446]  move_addr_to_kernel+0x82/0x150
[ 1856.675082][T26446]  copy_msghdr_from_user+0x43e/0x680
[ 1856.680403][T26446]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1856.686240][T26446]  __sys_sendmsg+0x23d/0x3a0
[ 1856.690839][T26446]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1856.695953][T26446]  ? vfs_write+0x7c4/0xc90
[ 1856.700392][T26446]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1856.706725][T26446]  ? do_syscall_64+0x100/0x230
[ 1856.711499][T26446]  ? do_syscall_64+0xb6/0x230
[ 1856.716172][T26446]  do_syscall_64+0xf3/0x230
[ 1856.720675][T26446]  ? clear_bhb_loop+0x35/0x90
[ 1856.725359][T26446]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1856.731286][T26446] RIP: 0033:0x7f10c2375f19
[ 1856.735742][T26446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1856.755367][T26446] RSP: 002b:00007f10c30f2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1856.763782][T26446] RAX: ffffffffffffffda RBX: 00007f10c2505f60 RCX: 00007f10c2375f19
[ 1856.771750][T26446] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[ 1856.779731][T26446] RBP: 00007f10c30f20a0 R08: 0000000000000000 R09: 0000000000000000
[ 1856.787729][T26446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1856.795713][T26446] R13: 000000000000000b R14: 00007f10c2505f60 R15: 00007ffd8cc85d58
[ 1856.803691][T26446]  </TASK>
[ 1856.806749][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1856.891113][ T9870] usb 5-1: USB disconnect, device number 42
[ 1858.011010][T26456] bridge1: entered promiscuous mode
[ 1858.319405][T26466] FAULT_INJECTION: forcing a failure.
[ 1858.319405][T26466] name failslab, interval 1, probability 0, space 0, times 0
[ 1858.387760][T26468] ebt_limit: overflow, try lower: 0/0
[ 1859.166465][T26466] CPU: 1 UID: 0 PID: 26466 Comm: syz.4.6454 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1859.177014][T26466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1859.187070][T26466] Call Trace:
[ 1859.190432][T26466]  <TASK>
[ 1859.193354][T26466]  dump_stack_lvl+0x241/0x360
[ 1859.198124][T26466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1859.203321][T26466]  ? __pfx__printk+0x10/0x10
[ 1859.207916][T26466]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[ 1859.213957][T26466]  ? __pfx___might_resched+0x10/0x10
[ 1859.219242][T26466]  should_fail_ex+0x3b0/0x4e0
[ 1859.223926][T26466]  should_failslab+0xac/0x100
[ 1859.228614][T26466]  ? __alloc_skb+0x1c3/0x440
[ 1859.233208][T26466]  kmem_cache_alloc_node_noprof+0x71/0x320
[ 1859.239102][T26466]  __alloc_skb+0x1c3/0x440
[ 1859.243955][T26466]  ? __pfx___alloc_skb+0x10/0x10
[ 1859.248890][T26466]  ? netlink_autobind+0xd6/0x2f0
[ 1859.253825][T26466]  ? netlink_autobind+0x2b0/0x2f0
[ 1859.258854][T26466]  netlink_sendmsg+0x638/0xcb0
[ 1859.263627][T26466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1859.268913][T26466]  ? __import_iovec+0x536/0x820
[ 1859.273758][T26466]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1859.279047][T26466]  ? security_socket_sendmsg+0x87/0xb0
[ 1859.284509][T26466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1859.289795][T26466]  __sock_sendmsg+0x221/0x270
[ 1859.294478][T26466]  ____sys_sendmsg+0x525/0x7d0
[ 1859.299242][T26466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1859.304544][T26466]  __sys_sendmsg+0x2b0/0x3a0
[ 1859.309142][T26466]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1859.314250][T26466]  ? vfs_write+0x7c4/0xc90
[ 1859.318701][T26466]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1859.325028][T26466]  ? do_syscall_64+0x100/0x230
[ 1859.329791][T26466]  ? do_syscall_64+0xb6/0x230
[ 1859.334463][T26466]  do_syscall_64+0xf3/0x230
[ 1859.338963][T26466]  ? clear_bhb_loop+0x35/0x90
[ 1859.343637][T26466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1859.349527][T26466] RIP: 0033:0x7fdda4775f19
[ 1859.353956][T26466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1859.373569][T26466] RSP: 002b:00007fdda5532048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1859.381985][T26466] RAX: ffffffffffffffda RBX: 00007fdda4905f60 RCX: 00007fdda4775f19
[ 1859.389950][T26466] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005
[ 1859.397915][T26466] RBP: 00007fdda55320a0 R08: 0000000000000000 R09: 0000000000000000
[ 1859.405877][T26466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1859.413848][T26466] R13: 000000000000000b R14: 00007fdda4905f60 R15: 00007ffcabd343c8
[ 1859.421839][T26466]  </TASK>
[ 1859.424937][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1859.640968][T26479] FAULT_INJECTION: forcing a failure.
[ 1859.640968][T26479] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1859.840276][T26479] CPU: 0 UID: 0 PID: 26479 Comm: syz.3.6456 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1859.850735][T26479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1859.860825][T26479] Call Trace:
[ 1859.864128][T26479]  <TASK>
[ 1859.867077][T26479]  dump_stack_lvl+0x241/0x360
[ 1859.871782][T26479]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1859.877001][T26479]  ? __pfx__printk+0x10/0x10
[ 1859.881592][T26479]  ? __pfx_lock_release+0x10/0x10
[ 1859.886626][T26479]  ? __lock_acquire+0x137a/0x2040
[ 1859.891684][T26479]  should_fail_ex+0x3b0/0x4e0
[ 1859.896399][T26479]  _copy_from_user+0x2f/0xe0
[ 1859.901013][T26479]  kstrtouint_from_user+0xc6/0x190
[ 1859.906156][T26479]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1859.911912][T26479]  ? __pfx_lock_acquire+0x10/0x10
[ 1859.916978][T26479]  proc_fail_nth_write+0xaa/0x2d0
[ 1859.922036][T26479]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 1859.927967][T26479]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1859.933635][T26479]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1859.939270][T26479]  vfs_write+0x2a2/0xc90
[ 1859.943508][T26479]  ? __pfx_vfs_write+0x10/0x10
[ 1859.948260][T26479]  ? __fget_files+0x29/0x470
[ 1859.952841][T26479]  ? __fget_files+0x3f6/0x470
[ 1859.957511][T26479]  ksys_write+0x1a0/0x2c0
[ 1859.961831][T26479]  ? __pfx_ksys_write+0x10/0x10
[ 1859.966673][T26479]  ? do_syscall_64+0x100/0x230
[ 1859.971431][T26479]  ? do_syscall_64+0xb6/0x230
[ 1859.976101][T26479]  do_syscall_64+0xf3/0x230
[ 1859.980592][T26479]  ? clear_bhb_loop+0x35/0x90
[ 1859.985253][T26479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1859.991135][T26479] RIP: 0033:0x7f10c2374a9f
[ 1859.995547][T26479] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48
[ 1860.015146][T26479] RSP: 002b:00007f10c30d1040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1860.023555][T26479] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f10c2374a9f
[ 1860.031519][T26479] RDX: 0000000000000001 RSI: 00007f10c30d10b0 RDI: 0000000000000003
[ 1860.039476][T26479] RBP: 00007f10c30d10a0 R08: 0000000000000000 R09: 0000000000000000
[ 1860.047432][T26479] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1860.055399][T26479] R13: 000000000000006e R14: 00007f10c2506038 R15: 00007ffd8cc85d58
[ 1860.063455][T26479]  </TASK>
[ 1861.798893][T26509] netlink: 64 bytes leftover after parsing attributes in process `syz.2.6463'.
[ 1861.975368][T26509] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1862.482745][T26524] __find_get_block_slow() failed. block=144115188075855872, b_blocknr=0, b_state=0x00106019, b_size=4096, device sda1 blocksize: 4096
[ 1862.693721][T26524] grow_buffers: requested out-of-range block 144115188075855872 for device sda1
[ 1862.761634][T26524] EXT4-fs warning (device sda1): ext4_resize_fs:2018: can't read last block, resize aborted
[ 1862.867253][   T29] kauditd_printk_skb: 62 callbacks suppressed
[ 1862.867271][   T29] audit: type=1326 audit(1721808072.364:7893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26506 comm="syz.2.6463" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f82bb775f19 code=0x0
[ 1863.078978][ T5141] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[ 1863.325819][ T5141] usb 4-1: Using ep0 maxpacket: 16
[ 1863.336594][ T5141] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1863.356909][ T5141] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1863.595533][T26540] devtmpfs: Too small a size for current use
[ 1864.145235][ T5141] usb 4-1: config 1 has no interface number 1
[ 1864.151426][ T5141] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1864.164388][ T5141] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1864.186922][ T5141] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1864.214005][ T5141] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1864.226238][ T5141] usb 4-1: Product: syz
[ 1864.231389][ T5141] usb 4-1: Manufacturer: syz
[ 1864.236069][ T5141] usb 4-1: SerialNumber: syz
[ 1864.574448][ T5141] usb 4-1: USB disconnect, device number 21
[ 1864.620948][T26552] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1864.772196][T26559] netlink: 104 bytes leftover after parsing attributes in process `syz.2.6478'.
[ 1864.884577][    T8] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[ 1865.102636][    T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1865.223165][    T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[ 1865.327709][    T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[ 1865.384356][    T8] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[ 1865.454812][    T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1865.464098][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1865.472077][    T8] usb 1-1: SerialNumber: syz
[ 1865.480424][T26551] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1865.489648][T26551] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1865.510092][    T8] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[ 1865.719910][T26551] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[ 1865.766004][T26575] netlink: 64 bytes leftover after parsing attributes in process `syz.2.6483'.
[ 1865.775015][    T8] cdc_acm 1-1:1.0: ttyACM0: USB ACM device
[ 1865.778487][    T8] usb 1-1: USB disconnect, device number 4
[ 1865.823284][T26577] __find_get_block_slow() failed. block=144115188075855872, b_blocknr=0, b_state=0x00316019, b_size=4096, device sda1 blocksize: 4096
[ 1865.846367][T26575] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1865.863477][T26577] grow_buffers: requested out-of-range block 144115188075855872 for device sda1
[ 1865.885019][T26577] EXT4-fs warning (device sda1): ext4_resize_fs:2018: can't read last block, resize aborted
[ 1866.064390][ T5198] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[ 1866.294202][   T29] audit: type=1326 audit(1721808075.764:7894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26570 comm="syz.2.6483" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f82bb775f19 code=0x0
[ 1867.686985][ T5198] usb 4-1: Using ep0 maxpacket: 16
[ 1867.694957][ T5198] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 1867.711721][ T5198] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 1044, setting to 1024
[ 1867.729064][ T5198] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1867.741499][ T5198] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1867.758921][ T5198] usb 4-1: config 0 descriptor??
[ 1867.771194][T26566] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1868.001920][T26566] netlink: 112 bytes leftover after parsing attributes in process `syz.3.6480'.
[ 1868.057775][ T5198] usbhid 4-1:0.0: can't add hid device: -71
[ 1868.063744][ T5198] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1868.112363][ T5198] usb 4-1: USB disconnect, device number 22
[ 1868.158881][T26602] FAULT_INJECTION: forcing a failure.
[ 1868.158881][T26602] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1868.198994][T26602] CPU: 0 UID: 0 PID: 26602 Comm: syz.0.6491 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1868.209504][T26602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1868.219581][T26602] Call Trace:
[ 1868.222880][T26602]  <TASK>
[ 1868.225832][T26602]  dump_stack_lvl+0x241/0x360
[ 1868.230971][T26602]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1868.236290][T26602]  ? __pfx__printk+0x10/0x10
[ 1868.240911][T26602]  ? snprintf+0xda/0x120
[ 1868.245182][T26602]  should_fail_ex+0x3b0/0x4e0
[ 1868.249978][T26602]  _copy_to_user+0x2f/0xb0
[ 1868.254416][T26602]  simple_read_from_buffer+0xca/0x150
[ 1868.259816][T26602]  proc_fail_nth_read+0x1e9/0x250
[ 1868.264874][T26602]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1868.270451][T26602]  ? rw_verify_area+0x520/0x6b0
[ 1868.275319][T26602]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1868.281070][T26602]  vfs_read+0x204/0xbc0
[ 1868.285242][T26602]  ? __pfx_lock_release+0x10/0x10
[ 1868.290296][T26602]  ? __pfx_vfs_read+0x10/0x10
[ 1868.294988][T26602]  ? __fget_files+0x29/0x470
[ 1868.299597][T26602]  ? __fget_files+0x3f6/0x470
[ 1868.304315][T26602]  ksys_read+0x1a0/0x2c0
[ 1868.308575][T26602]  ? __pfx_ksys_read+0x10/0x10
[ 1868.313363][T26602]  ? rcu_is_watching+0x15/0xb0
[ 1868.318248][T26602]  ? trace_sys_enter+0x1f/0xd0
[ 1868.323043][T26602]  do_syscall_64+0xf3/0x230
[ 1868.327572][T26602]  ? clear_bhb_loop+0x35/0x90
[ 1868.332270][T26602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1868.338192][T26602] RIP: 0033:0x7f6b0b9749fc
[ 1868.342638][T26602] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[ 1868.362277][T26602] RSP: 002b:00007f6b0c70e040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1868.370724][T26602] RAX: ffffffffffffffda RBX: 00007f6b0bb05f60 RCX: 00007f6b0b9749fc
[ 1868.378732][T26602] RDX: 000000000000000f RSI: 00007f6b0c70e0b0 RDI: 0000000000000005
[ 1868.386729][T26602] RBP: 00007f6b0c70e0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1868.394721][T26602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1868.402710][T26602] R13: 000000000000000b R14: 00007f6b0bb05f60 R15: 00007ffdd0f47458
[ 1868.410721][T26602]  </TASK>
[ 1868.491374][T26608] syzkaller1: entered promiscuous mode
[ 1868.504181][T26608] syzkaller1: entered allmulticast mode
[ 1868.523549][T26608] FAULT_INJECTION: forcing a failure.
[ 1868.523549][T26608] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1868.586922][T26610] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1868.605225][T26608] CPU: 1 UID: 0 PID: 26608 Comm: syz.4.6494 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1868.615775][T26608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1868.625828][T26608] Call Trace:
[ 1868.629099][T26608]  <TASK>
[ 1868.632018][T26608]  dump_stack_lvl+0x241/0x360
[ 1868.636701][T26608]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1868.642337][T26608]  ? __pfx__printk+0x10/0x10
[ 1868.646940][T26608]  ? __pfx_lock_release+0x10/0x10
[ 1868.651970][T26608]  should_fail_ex+0x3b0/0x4e0
[ 1868.656656][T26608]  _copy_from_iter+0x1f6/0x1960
[ 1868.661514][T26608]  ? __pfx_validate_chain+0x10/0x10
[ 1868.666715][T26608]  ? irqentry_exit+0x63/0x90
[ 1868.671303][T26608]  ? lockdep_hardirqs_on+0x99/0x150
[ 1868.676509][T26608]  ? __pfx__copy_from_iter+0x10/0x10
[ 1868.681793][T26608]  ? _parse_integer_fixup_radix+0x4b/0x310
[ 1868.687593][T26608]  ? _parse_integer_limit+0x112/0x200
[ 1868.692960][T26608]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[ 1868.699201][T26608]  tun_get_user+0x445/0x4720
[ 1868.703789][T26608]  ? __lock_acquire+0x137a/0x2040
[ 1868.708820][T26608]  ? __lock_acquire+0x137a/0x2040
[ 1868.713846][T26608]  ? __pfx_tun_get_user+0x10/0x10
[ 1868.718879][T26608]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1868.724333][T26608]  ? tun_get+0x1e/0x2f0
[ 1868.728488][T26608]  ? __pfx_lock_release+0x10/0x10
[ 1868.733518][T26608]  ? tun_get+0x1e/0x2f0
[ 1868.737681][T26608]  ? tun_get+0x27d/0x2f0
[ 1868.741918][T26608]  tun_chr_write_iter+0x113/0x1f0
[ 1868.746936][T26608]  vfs_write+0xa72/0xc90
[ 1868.751171][T26608]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1868.756707][T26608]  ? __pfx_vfs_write+0x10/0x10
[ 1868.761609][T26608]  ksys_write+0x1a0/0x2c0
[ 1868.765935][T26608]  ? __pfx_ksys_write+0x10/0x10
[ 1868.770791][T26608]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1868.777113][T26608]  ? __irq_exit_rcu+0x100/0x1c0
[ 1868.781960][T26608]  ? do_syscall_64+0xb6/0x230
[ 1868.786635][T26608]  do_syscall_64+0xf3/0x230
[ 1868.791134][T26608]  ? clear_bhb_loop+0x35/0x90
[ 1868.795813][T26608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1868.801705][T26608] RIP: 0033:0x7fdda4775f19
[ 1868.806117][T26608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1868.825739][T26608] RSP: 002b:00007fdda5532048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1868.834171][T26608] RAX: ffffffffffffffda RBX: 00007fdda4905f60 RCX: 00007fdda4775f19
[ 1868.842154][T26608] RDX: 0000000000000038 RSI: 00000000200000c0 RDI: 0000000000000003
[ 1868.850123][T26608] RBP: 00007fdda55320a0 R08: 0000000000000000 R09: 0000000000000000
[ 1868.858092][T26608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1868.866148][T26608] R13: 000000000000000b R14: 00007fdda4905f60 R15: 00007ffcabd343c8
[ 1868.874148][T26608]  </TASK>
[ 1869.334875][T20872] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1869.684275][T26631] 9pnet: p9_errstr2errno: server reported unknown error �����sł�n02���䧑���6
[ 1869.723216][T26631] Invalid logical block size (3774)
[ 1869.763792][T26631] xt_nfacct: accounting object `syz1' does not exists
[ 1869.795080][T26634] fuse: Bad value for 'fd'
[ 1869.839529][T20872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1869.860958][T20872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1869.901458][T20872] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1870.344060][T20872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1870.374527][T20872] usb 4-1: config 0 descriptor??
[ 1870.924008][   T55] Bluetooth: hci3: command 0x0406 tx timeout
[ 1871.580436][T20872] usb 4-1: string descriptor 0 read error: -22
[ 1871.591701][T26646] devtmpfs: Too small a size for current use
[ 1871.782405][T26616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1871.824767][T26616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1872.051150][T20872] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.00BE/input/input89
[ 1872.084092][ T5198] usb 3-1: new full-speed USB device number 117 using dummy_hcd
[ 1872.143700][T20872] uclogic 0003:256C:006D.00BE: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.3-1/input0
[ 1872.280040][T26666] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1872.346672][ T5198] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1872.395204][ T5198] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[ 1872.435300][ T5198] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[ 1872.460773][ T5198] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[ 1872.509301][ T5198] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1872.550772][ T5198] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1872.581936][ T5198] usb 3-1: SerialNumber: syz
[ 1872.604710][T26654] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1872.641658][T26654] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1872.670317][ T5198] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[ 1872.685363][   T42] block nbd0: Possible stuck request ffff888020330000: control (read@0,4096B). Runtime 90 seconds
[ 1872.946116][T26654] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[ 1873.055330][ T5198] cdc_acm 3-1:1.0: ttyACM0: USB ACM device
[ 1873.104144][ T5198] usb 3-1: USB disconnect, device number 117
[ 1873.347842][    T8] usb 4-1: USB disconnect, device number 23
[ 1873.704691][T20872] usb 5-1: new full-speed USB device number 43 using dummy_hcd
[ 1873.871037][T26688] netlink: 104 bytes leftover after parsing attributes in process `syz.0.6518'.
[ 1874.470150][T26674] ALSA: mixer_oss: invalid OSS volume ''
[ 1875.254195][ T5198] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1875.381497][T20872] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1875.455065][T20872] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1875.509386][T20872] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[ 1875.573814][T20872] usb 5-1: New USB device found, idVendor=413c, idProduct=81d1, bcdDevice=fb.93
[ 1875.598655][T20872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1875.634208][T20872] usb 5-1: Product: syz
[ 1875.640174][ T5198] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1875.659912][T20872] usb 5-1: Manufacturer: syz
[ 1875.665398][ T5198] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1875.680397][T20872] usb 5-1: SerialNumber: syz
[ 1875.714064][ T5198] usb 4-1: config 0 descriptor??
[ 1875.720772][T20872] usb 5-1: config 0 descriptor??
[ 1875.727656][ T5198] cp210x 4-1:0.0: cp210x converter detected
[ 1875.728651][T26705] Bluetooth: MGMT ver 1.23
[ 1876.222264][T26711] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1876.251404][T26683] CIFS: VFS: Malformed UNC in devname
[ 1878.072081][ T5198] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71
[ 1878.081742][T20872] usb 5-1: USB disconnect, device number 43
[ 1878.104609][ T5198] cp210x 4-1:0.0: querying part number failed
[ 1878.187890][ T5198] usb 4-1: cp210x converter now attached to ttyUSB0
[ 1878.227633][ T5198] usb 4-1: USB disconnect, device number 24
[ 1878.274855][ T5198] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1878.293320][T26712] ALSA: mixer_oss: invalid OSS volume ''
[ 1878.318928][ T5198] cp210x 4-1:0.0: device disconnected
[ 1878.621052][T26740] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (2049)
[ 1879.057863][T26727] ALSA: mixer_oss: invalid OSS volume ''
[ 1879.095341][ T5198] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 1879.277855][T26754] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1879.295898][ T5198] usb 1-1: Using ep0 maxpacket: 16
[ 1879.304313][ T5198] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1879.317705][ T5198] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1879.337110][ T5198] usb 1-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[ 1879.348044][ T5198] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1879.360618][T26756] FAULT_INJECTION: forcing a failure.
[ 1879.360618][T26756] name failslab, interval 1, probability 0, space 0, times 0
[ 1879.362379][ T5198] usb 1-1: config 0 descriptor??
[ 1879.382103][T26756] CPU: 1 UID: 0 PID: 26756 Comm: syz.2.6540 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1879.392562][T26756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1879.402631][T26756] Call Trace:
[ 1879.405903][T26756]  <TASK>
[ 1879.408926][T26756]  dump_stack_lvl+0x241/0x360
[ 1879.413779][T26756]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1879.418971][T26756]  ? __pfx__printk+0x10/0x10
[ 1879.423559][T26756]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[ 1879.429531][T26756]  ? __pfx___might_resched+0x10/0x10
[ 1879.434828][T26756]  should_fail_ex+0x3b0/0x4e0
[ 1879.439533][T26756]  should_failslab+0xac/0x100
[ 1879.444232][T26756]  ? __alloc_skb+0x1c3/0x440
[ 1879.448834][T26756]  kmem_cache_alloc_node_noprof+0x71/0x320
[ 1879.454657][T26756]  __alloc_skb+0x1c3/0x440
[ 1879.459069][T26756]  ? __pfx___alloc_skb+0x10/0x10
[ 1879.464002][T26756]  ? netlink_autobind+0xd6/0x2f0
[ 1879.468927][T26756]  ? netlink_autobind+0x2b0/0x2f0
[ 1879.473945][T26756]  netlink_sendmsg+0x638/0xcb0
[ 1879.478733][T26756]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1879.484049][T26756]  ? __import_iovec+0x536/0x820
[ 1879.488925][T26756]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1879.494232][T26756]  ? security_socket_sendmsg+0x87/0xb0
[ 1879.499699][T26756]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1879.504982][T26756]  __sock_sendmsg+0x221/0x270
[ 1879.509652][T26756]  ____sys_sendmsg+0x525/0x7d0
[ 1879.514408][T26756]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1879.519688][T26756]  __sys_sendmsg+0x2b0/0x3a0
[ 1879.524356][T26756]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1879.529457][T26756]  ? vfs_write+0x7c4/0xc90
[ 1879.533902][T26756]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1879.540252][T26756]  ? do_syscall_64+0x100/0x230
[ 1879.545029][T26756]  ? do_syscall_64+0xb6/0x230
[ 1879.549695][T26756]  do_syscall_64+0xf3/0x230
[ 1879.554198][T26756]  ? clear_bhb_loop+0x35/0x90
[ 1879.558861][T26756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1879.564748][T26756] RIP: 0033:0x7f82bb775f19
[ 1879.569147][T26756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1879.588772][T26756] RSP: 002b:00007f82bc4b9048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1879.597292][T26756] RAX: ffffffffffffffda RBX: 00007f82bb905f60 RCX: 00007f82bb775f19
[ 1879.605261][T26756] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000003
[ 1879.613221][T26756] RBP: 00007f82bc4b90a0 R08: 0000000000000000 R09: 0000000000000000
[ 1879.621185][T26756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1879.629148][T26756] R13: 000000000000000b R14: 00007f82bb905f60 R15: 00007ffdad26bf28
[ 1879.637141][T26756]  </TASK>
[ 1879.707322][T26741] ALSA: mixer_oss: invalid OSS volume ''
[ 1880.118787][ T5198] ntrig 0003:1B96:0008.00BF: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.0-1/input0
[ 1880.337640][ T5198] ntrig 0003:1B96:0008.00BF: Firmware version: 2.13.12.1.7 (35a5 3780)
[ 1880.600125][ T5198] usb 1-1: USB disconnect, device number 5
[ 1881.139132][T26783] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1882.137986][T26799] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1882.819219][T26813] fuse: Unknown parameter '00000000000000000000v�%�D300000000000000000000'
[ 1883.476627][T26792] ALSA: mixer_oss: invalid OSS volume ''
[ 1883.531466][T26809] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6554'.
[ 1884.033958][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 1884.103995][ T5143] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[ 1884.233985][    T9] usb 1-1: Using ep0 maxpacket: 32
[ 1884.241105][    T9] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[ 1884.260792][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1884.286240][    T9] usb 1-1: config 0 descriptor??
[ 1884.310306][    T9] gspca_main: nw80x-2.14.0 probing 055f:d001
[ 1884.323926][ T5143] usb 2-1: Using ep0 maxpacket: 16
[ 1884.331645][ T5143] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 1884.343732][ T5143] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 1044, setting to 1024
[ 1884.363978][ T5143] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1884.383611][ T5143] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1884.415993][ T5143] usb 2-1: config 0 descriptor??
[ 1884.421914][T26815] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1884.672600][T26815] netlink: 112 bytes leftover after parsing attributes in process `syz.1.6555'.
[ 1884.719337][ T5143] usbhid 2-1:0.0: can't add hid device: -71
[ 1884.764528][ T5143] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1884.795870][ T5143] usb 2-1: USB disconnect, device number 26
[ 1885.146521][T26817] program syz.0.6556 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1885.209588][T26832] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1885.259411][    C1] sd 0:0:1:0: [sda] tag#6103 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1885.270170][    C1] sd 0:0:1:0: [sda] tag#6103 CDB: Read(6) 08 00 00 00 00 00
[ 1885.337337][    T9] gspca_nw80x: reg_r err -71
[ 1885.342062][    T9] nw80x 1-1:0.0: probe with driver nw80x failed with error -71
[ 1885.385260][    T9] usb 1-1: USB disconnect, device number 6
[ 1885.768504][ T5143] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[ 1885.996209][ T5143] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1886.024785][ T5143] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1886.059293][ T5143] usb 2-1: New USB device found, idVendor=28bd, idProduct=0074, bcdDevice= 0.00
[ 1886.105334][ T5143] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1886.167671][ T5143] usb 2-1: config 0 descriptor??
[ 1886.172668][T26841] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1886.334124][T23609] Bluetooth: hci6: command 0x0406 tx timeout
[ 1887.404683][T20872] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[ 1887.694097][T20872] usb 1-1: Using ep0 maxpacket: 16
[ 1887.788676][T20872] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1887.824558][T26850] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[ 1887.848745][T20872] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1887.881295][T20872] usb 1-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[ 1887.903064][T20872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1887.924860][T20872] usb 1-1: config 0 descriptor??
[ 1888.450940][T20872] ntrig 0003:1B96:0008.00C0: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.0-1/input0
[ 1888.624712][T20872] ntrig 0003:1B96:0008.00C0: Firmware version: 2.13.12.1.7 (35a5 3780)
[ 1888.910992][ T5143] usbhid 2-1:0.0: can't add hid device: -71
[ 1888.934799][T26854] ALSA: mixer_oss: invalid OSS volume ''
[ 1888.947609][ T5143] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1888.950898][ T5198] usb 1-1: USB disconnect, device number 7
[ 1888.999700][ T5143] usb 2-1: USB disconnect, device number 27
[ 1889.145601][T26858] ALSA: mixer_oss: invalid OSS volume ''
[ 1889.356332][    C1] eth0: bad gso: type: 1, size: 1408
[ 1889.623195][ T5143] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[ 1889.842926][ T5143] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1889.942209][ T5143] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1890.098810][ T5143] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1890.143254][ T5143] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1890.167114][ T5143] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1890.200263][ T5143] usb 2-1: config 0 descriptor??
[ 1890.279343][T26877] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6573'.
[ 1890.396827][T26880] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1890.648298][ T5143] plantronics 0003:047F:FFFF.00C1: unknown main item tag 0x0
[ 1890.667133][ T5143] plantronics 0003:047F:FFFF.00C1: No inputs registered, leaving
[ 1890.693583][ T5143] plantronics 0003:047F:FFFF.00C1: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 1891.599464][T17802] usb 2-1: USB disconnect, device number 28
[ 1891.648237][T26888] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[ 1891.800747][T26890] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1892.663573][ T5143] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[ 1892.859802][ T5143] usb 2-1: Using ep0 maxpacket: 16
[ 1892.897033][ T5143] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1892.937467][ T5143] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1892.971152][ T5143] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1893.005039][ T5143] usb 2-1: config 0 descriptor??
[ 1893.269142][ T5143] usbhid 2-1:0.0: can't add hid device: -71
[ 1893.302565][ T5143] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1893.354337][ T5143] usb 2-1: USB disconnect, device number 29
[ 1896.056987][T26940] fuse: Unknown parameter ''
[ 1896.284181][T20779] usb 3-1: new high-speed USB device number 118 using dummy_hcd
[ 1896.349969][   T55] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[ 1896.363786][   T55] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[ 1896.376415][   T55] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[ 1896.385877][   T55] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[ 1896.393456][   T55] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[ 1896.403175][   T55] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[ 1896.494630][T20779] usb 3-1: Using ep0 maxpacket: 32
[ 1896.533266][T20779] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1896.573876][    T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[ 1896.663806][T20779] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1896.698004][T20779] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1896.718439][T20779] usb 3-1: Product: syz
[ 1896.723216][T20779] usb 3-1: Manufacturer: syz
[ 1896.732757][T20779] usb 3-1: SerialNumber: syz
[ 1896.761977][T20779] usb 3-1: config 0 descriptor??
[ 1896.826276][T26935] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1896.866723][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1896.917941][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1896.948333][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1896.964065][    T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1896.974157][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1896.994675][    T9] usb 1-1: config 0 descriptor??
[ 1897.001591][T26944] chnl_net:caif_netlink_parms(): no params data found
[ 1897.095981][T26954] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[ 1897.141012][T20872] usb 3-1: USB disconnect, device number 118
[ 1897.239929][T26944] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1897.247744][T26944] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1897.255237][T26944] bridge_slave_0: entered allmulticast mode
[ 1897.263253][T26944] bridge_slave_0: entered promiscuous mode
[ 1897.273879][T26944] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1897.282657][T26944] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1897.290268][T26944] bridge_slave_1: entered allmulticast mode
[ 1897.293055][T26962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6594'.
[ 1897.300316][T26944] bridge_slave_1: entered promiscuous mode
[ 1897.422331][T26944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1897.446544][    T9] plantronics 0003:047F:FFFF.00C2: unknown main item tag 0x0
[ 1897.458527][    T9] plantronics 0003:047F:FFFF.00C2: No inputs registered, leaving
[ 1897.469835][    T9] plantronics 0003:047F:FFFF.00C2: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[ 1897.489575][T26944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1897.514072][ T5198] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1897.553572][T26944] team0: Port device team_slave_0 added
[ 1897.579817][T26944] team0: Port device team_slave_1 added
[ 1897.696847][T26944] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1897.720560][ T5198] usb 5-1: Using ep0 maxpacket: 32
[ 1897.728939][T26944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1897.768552][T26944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1897.788523][    T9] usb 1-1: USB disconnect, device number 8
[ 1897.793335][ T5198] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1897.803712][ T5198] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1897.826383][T26944] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1897.833372][T26944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1897.860013][ T5198] usb 5-1: Product: syz
[ 1897.864402][ T5198] usb 5-1: Manufacturer: syz
[ 1897.869034][ T5198] usb 5-1: SerialNumber: syz
[ 1897.893012][ T5198] usb 5-1: config 0 descriptor??
[ 1897.905974][ T5198] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1897.943888][T26944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1898.048708][T26944] hsr_slave_0: entered promiscuous mode
[ 1898.065104][T26944] hsr_slave_1: entered promiscuous mode
[ 1898.071682][T26944] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1898.084566][T20779] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[ 1898.092411][T26944] Cannot create hsr debugfs directory
[ 1898.304128][T20779] usb 3-1: Using ep0 maxpacket: 16
[ 1898.354659][T20779] usb 3-1: config 0 descriptor has 1 excess byte, ignoring
[ 1898.394836][T20779] usb 3-1: config 0 interface 0 altsetting 8 has 6 endpoint descriptors, different from the interface descriptor's value: 12
[ 1898.515621][   T55] Bluetooth: hci10: command tx timeout
[ 1899.117011][T20779] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1899.127592][T20779] usb 3-1: New USB device found, idVendor=1199, idProduct=0027, bcdDevice=1e.57
[ 1899.143877][T20779] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1899.151916][T20779] usb 3-1: Product: syz
[ 1899.154974][T26961] netlink: 'syz.4.6595': attribute type 2 has an invalid length.
[ 1899.174172][T20779] usb 3-1: Manufacturer: syz
[ 1899.178853][T20779] usb 3-1: SerialNumber: syz
[ 1899.192222][T20779] usb 3-1: config 0 descriptor??
[ 1899.228827][T20779] sierra 3-1:0.0: Sierra USB modem converter detected
[ 1899.511271][T26965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1899.601410][T26979] cgroup2: Unexpected value for 'nsdelegate'
[ 1899.724258][T26965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1900.149400][T26944] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1900.215877][ T5198] gspca_stk1135: reg_w 0xf err -110
[ 1900.222173][ T5198] gspca_stk1135: serial bus timeout: status=0x00
[ 1900.234254][ T5198] gspca_stk1135: Sensor write failed
[ 1900.239602][ T5198] gspca_stk1135: serial bus timeout: status=0x00
[ 1900.246237][ T5198] gspca_stk1135: Sensor write failed
[ 1900.251580][ T5198] gspca_stk1135: serial bus timeout: status=0x00
[ 1900.266796][ T5198] gspca_stk1135: Sensor read failed
[ 1900.272147][ T5198] gspca_stk1135: serial bus timeout: status=0x00
[ 1900.278988][ T5198] gspca_stk1135: Sensor read failed
[ 1900.284675][ T5198] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1900.291305][ T5198] gspca_stk1135: serial bus timeout: status=0x00
[ 1900.297904][ T5198] gspca_stk1135: Sensor read failed
[ 1900.303147][ T5198] gspca_stk1135: serial bus timeout: status=0x00
[ 1900.312654][ T5198] gspca_stk1135: Sensor read failed
[ 1900.319920][ T5198] gspca_stk1135: serial bus timeout: status=0x00
[ 1900.330041][ T5198] gspca_stk1135: Sensor write failed
[ 1900.346085][ T5198] gspca_stk1135: serial bus timeout: status=0x00
[ 1900.364569][ T5198] gspca_stk1135: Sensor write failed
[ 1900.383996][ T5198] stk1135 5-1:0.0: probe with driver stk1135 failed with error -110
[ 1900.409101][T20779] usb 3-1: Sierra USB modem converter now attached to ttyUSB0
[ 1900.440453][T20779] usb 3-1: Sierra USB modem converter now attached to ttyUSB1
[ 1900.487217][T26944] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1900.499487][T20779] usb 3-1: USB disconnect, device number 119
[ 1900.532654][T20779] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[ 1900.572394][T20779] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1
[ 1900.590968][T20779] sierra 3-1:0.0: device disconnected
[ 1900.603986][T23609] Bluetooth: hci10: command tx timeout
[ 1900.680547][T26944] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1900.839942][T26944] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1900.956391][T26988] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1901.148301][T26944] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1901.173321][T26944] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1901.252067][T26944] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1901.300216][T26944] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1901.307613][T26981] ALSA: mixer_oss: invalid OSS volume ''
[ 1901.332026][T17802] usb 5-1: USB disconnect, device number 44
[ 1901.408562][T26997] workqueue: name exceeds WQ_NAME_LEN. Truncating to: C|+i!�3�rU&6 b�Oo� '�1©
[ 1901.463367][T27000] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1901.643908][T26995] Bluetooth: hci7: command 0x0406 tx timeout
[ 1901.786793][T27005] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6606'.
[ 1901.894257][T17802] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1902.084103][T17802] usb 5-1: Using ep0 maxpacket: 32
[ 1902.104939][T17802] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1902.151176][T17802] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1902.170716][T17802] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1902.182091][T17802] usb 5-1: Product: syz
[ 1902.197030][T17802] usb 5-1: Manufacturer: syz
[ 1902.214818][T17802] usb 5-1: SerialNumber: syz
[ 1902.233477][T17802] usb 5-1: config 0 descriptor??
[ 1902.241246][T27003] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1902.604088][    C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1902.628063][T17802] usb 5-1: USB disconnect, device number 45
[ 1902.684065][   T55] Bluetooth: hci10: command tx timeout
[ 1902.747926][T26944] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1902.769723][   T42] block nbd0: Possible stuck request ffff888020330000: control (read@0,4096B). Runtime 120 seconds
[ 1903.088193][T26944] 8021q: adding VLAN 0 to HW filter on device team0
[ 1904.474161][   T55] Bluetooth: hci3: command 0x0406 tx timeout
[ 1904.557305][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1904.564548][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1904.624390][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1904.631599][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1904.783529][T27019] /dev/nullb0: Can't open blockdev
[ 1905.426927][T26995] Bluetooth: hci10: command tx timeout
[ 1905.643412][T26944] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1905.822926][T27030] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[ 1905.927722][T27033] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[ 1906.056142][T26944] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1906.196469][T26944] veth0_vlan: entered promiscuous mode
[ 1906.228178][T26944] veth1_vlan: entered promiscuous mode
[ 1906.256826][T27038] debugfs: Directory 'C|+i!�3�rU&6 b�Oo� '�1©|y' with parent 'ieee80211' already present!
[ 1906.393456][T27046] FAULT_INJECTION: forcing a failure.
[ 1906.393456][T27046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1906.414257][T27046] CPU: 0 UID: 0 PID: 27046 Comm: syz.0.6616 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1906.424729][T27046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1906.434796][T27046] Call Trace:
[ 1906.438071][T27046]  <TASK>
[ 1906.440991][T27046]  dump_stack_lvl+0x241/0x360
[ 1906.445668][T27046]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1906.450870][T27046]  ? __pfx__printk+0x10/0x10
[ 1906.455471][T27046]  ? snprintf+0xda/0x120
[ 1906.459729][T27046]  should_fail_ex+0x3b0/0x4e0
[ 1906.464420][T27046]  _copy_to_user+0x2f/0xb0
[ 1906.468855][T27046]  simple_read_from_buffer+0xca/0x150
[ 1906.474229][T27046]  proc_fail_nth_read+0x1e9/0x250
[ 1906.479257][T27046]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1906.484807][T27046]  ? rw_verify_area+0x520/0x6b0
[ 1906.489653][T27046]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1906.495211][T27046]  vfs_read+0x204/0xbc0
[ 1906.499377][T27046]  ? __pfx_lock_release+0x10/0x10
[ 1906.504401][T27046]  ? __pfx_vfs_read+0x10/0x10
[ 1906.509072][T27046]  ? __fget_files+0x29/0x470
[ 1906.513729][T27046]  ? __fget_files+0x3f6/0x470
[ 1906.518417][T27046]  ksys_read+0x1a0/0x2c0
[ 1906.522661][T27046]  ? __pfx_ksys_read+0x10/0x10
[ 1906.527422][T27046]  ? do_syscall_64+0x100/0x230
[ 1906.532228][T27046]  ? do_syscall_64+0xb6/0x230
[ 1906.536904][T27046]  do_syscall_64+0xf3/0x230
[ 1906.541405][T27046]  ? clear_bhb_loop+0x35/0x90
[ 1906.546077][T27046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1906.551967][T27046] RIP: 0033:0x7f6b0b9749fc
[ 1906.556373][T27046] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[ 1906.575999][T27046] RSP: 002b:00007f6b0c70e040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1906.584595][T27046] RAX: ffffffffffffffda RBX: 00007f6b0bb05f60 RCX: 00007f6b0b9749fc
[ 1906.592572][T27046] RDX: 000000000000000f RSI: 00007f6b0c70e0b0 RDI: 0000000000000005
[ 1906.600543][T27046] RBP: 00007f6b0c70e0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1906.608510][T27046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1906.616478][T27046] R13: 000000000000000b R14: 00007f6b0bb05f60 R15: 00007ffdd0f47458
[ 1906.624455][T27046]  </TASK>
[ 1906.660689][T26944] veth0_macvtap: entered promiscuous mode
[ 1907.006449][T26944] veth1_macvtap: entered promiscuous mode
[ 1907.817085][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1907.889715][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1907.902729][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1907.914371][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1907.925774][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1907.936731][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1907.949500][ T5143] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[ 1907.961501][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1907.973638][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.003762][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1908.022279][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.035160][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1908.047435][T26995] Bluetooth: hci6: command 0x0406 tx timeout
[ 1908.057659][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.070836][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1908.082050][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.092435][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1908.103444][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.114109][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1908.128651][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.138762][ T5143] usb 2-1: Using ep0 maxpacket: 32
[ 1908.148471][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1908.163083][ T5143] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[ 1908.173642][ T5143] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1908.183948][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.196354][ T5143] usb 2-1: config 0 descriptor??
[ 1908.216029][ T5143] gspca_main: nw80x-2.14.0 probing 055f:d001
[ 1908.224952][T26944] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1908.365658][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1908.427511][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.440369][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1908.452065][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.465472][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1908.476303][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.504119][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1908.543895][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.561910][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1908.579100][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.610388][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1908.642519][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.669553][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1908.698506][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.718836][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1908.748453][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.780645][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1908.815303][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.841591][T26944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1908.881937][T26944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1908.942790][T26944] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1908.951197][T27079] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6625'.
[ 1908.999694][T26944] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1909.009722][T27053] program syz.1.6620 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1909.029136][T26944] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1909.053905][T26944] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1909.067994][T26944] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1909.244186][    C1] sd 0:0:1:0: [sda] tag#6100 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1909.254717][    C1] sd 0:0:1:0: [sda] tag#6100 CDB: Read(6) 08 00 00 00 00 00
[ 1909.274640][ T5143] gspca_nw80x: reg_r err -71
[ 1909.293323][ T5143] nw80x 2-1:0.0: probe with driver nw80x failed with error -71
[ 1909.319703][ T5143] usb 2-1: USB disconnect, device number 30
[ 1909.770899][T14136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1909.791966][T14136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1909.860238][T27086] netlink: 64 bytes leftover after parsing attributes in process `syz.4.6627'.
[ 1909.912126][T27086] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1909.919208][T22684] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1909.954339][T22684] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1910.387274][T27094] ebt_limit: overflow, try lower: 0/0
[ 1912.037126][   T29] audit: type=1326 audit(1721808121.524:7895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27082 comm="syz.4.6627" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdda4775f19 code=0x0
[ 1912.502692][T27121] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[ 1912.934841][T27130] FAULT_INJECTION: forcing a failure.
[ 1912.934841][T27130] name failslab, interval 1, probability 0, space 0, times 0
[ 1912.964119][    T8] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1912.977101][T27130] CPU: 0 UID: 0 PID: 27130 Comm: syz.2.6640 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1912.987557][T27130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1912.997641][T27130] Call Trace:
[ 1913.000942][T27130]  <TASK>
[ 1913.003886][T27130]  dump_stack_lvl+0x241/0x360
[ 1913.008603][T27130]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1913.014349][T27130]  ? __pfx__printk+0x10/0x10
[ 1913.018972][T27130]  ? kmem_cache_alloc_noprof+0x44/0x2a0
[ 1913.024629][T27130]  ? __pfx___might_resched+0x10/0x10
[ 1913.029944][T27130]  should_fail_ex+0x3b0/0x4e0
[ 1913.034651][T27130]  ? getname_flags+0xb7/0x540
[ 1913.039355][T27130]  should_failslab+0xac/0x100
[ 1913.044054][T27130]  ? getname_flags+0xb7/0x540
[ 1913.048750][T27130]  kmem_cache_alloc_noprof+0x6c/0x2a0
[ 1913.054152][T27130]  getname_flags+0xb7/0x540
[ 1913.058700][T27130]  ? __pfx___might_resched+0x10/0x10
[ 1913.064012][T27130]  user_path_at+0x24/0x60
[ 1913.068376][T27130]  bpf_obj_get_user+0xb9/0x4d0
[ 1913.073171][T27130]  ? __pfx_bpf_obj_get_user+0x10/0x10
[ 1913.078589][T27130]  __sys_bpf+0x639/0x810
[ 1913.082858][T27130]  ? __pfx___sys_bpf+0x10/0x10
[ 1913.087657][T27130]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1913.093673][T27130]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1913.100036][T27130]  ? do_syscall_64+0x100/0x230
[ 1913.104842][T27130]  __x64_sys_bpf+0x7c/0x90
[ 1913.109285][T27130]  do_syscall_64+0xf3/0x230
[ 1913.113816][T27130]  ? clear_bhb_loop+0x35/0x90
[ 1913.118514][T27130]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1913.124439][T27130] RIP: 0033:0x7f82bb775f19
[ 1913.128880][T27130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1913.148515][T27130] RSP: 002b:00007f82bc4b9048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1913.156964][T27130] RAX: ffffffffffffffda RBX: 00007f82bb905f60 RCX: 00007f82bb775f19
[ 1913.164969][T27130] RDX: 0000000000000018 RSI: 0000000020000700 RDI: 0000000000000007
[ 1913.172976][T27130] RBP: 00007f82bc4b90a0 R08: 0000000000000000 R09: 0000000000000000
[ 1913.180989][T27130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1913.188996][T27130] R13: 000000000000000b R14: 00007f82bb905f60 R15: 00007ffdad26bf28
[ 1913.197112][T27130]  </TASK>
[ 1913.206160][ T5198] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 1913.407508][ T5198] usb 5-1: config 1 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 30, changing to 8
[ 1913.427773][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1913.433945][ T5198] usb 5-1: config 1 interface 0 altsetting 253 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1913.439316][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1913.482775][ T5198] usb 5-1: config 1 interface 0 has no altsetting 0
[ 1913.502267][ T5198] usb 5-1: New USB device found, idVendor=056a, idProduct=0303, bcdDevice= 0.40
[ 1913.505771][    T8] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1913.513696][ T5198] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1913.545826][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1913.567460][    T8] usb 4-1: config 0 descriptor??
[ 1913.763902][ T5198] usb 5-1: Product: syz
[ 1913.768123][ T5198] usb 5-1: Manufacturer: syz
[ 1913.774100][ T5198] usb 5-1: SerialNumber: syz
[ 1913.885180][T27138] ebt_limit: overflow, try lower: 0/0
[ 1914.458655][ T5198] usbhid 5-1:1.0: can't add hid device: -71
[ 1914.493998][ T5198] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[ 1914.541888][    T8] usb 4-1: string descriptor 0 read error: -22
[ 1914.555698][ T5198] usb 5-1: USB disconnect, device number 46
[ 1914.623251][T27143] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1914.642907][T27143] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1914.929356][ T1241] ieee802154 phy0 wpan0: encryption failed: -22
[ 1914.935914][ T1241] ieee802154 phy1 wpan1: encryption failed: -22
[ 1914.959504][T27146] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6642'.
[ 1916.339079][    T8] uclogic 0003:256C:006D.00C3: failed retrieving string descriptor #100: -71
[ 1916.431109][    T8] uclogic 0003:256C:006D.00C3: failed retrieving pen parameters: -71
[ 1916.514012][    T8] uclogic 0003:256C:006D.00C3: failed probing pen v1 parameters: -71
[ 1916.522176][    T8] uclogic 0003:256C:006D.00C3: failed probing parameters: -71
[ 1916.626635][T27159] FAULT_INJECTION: forcing a failure.
[ 1916.626635][T27159] name failslab, interval 1, probability 0, space 0, times 0
[ 1916.644215][    T8] uclogic 0003:256C:006D.00C3: probe with driver uclogic failed with error -71
[ 1916.748773][    T8] usb 4-1: USB disconnect, device number 25
[ 1916.767701][T27159] CPU: 1 UID: 0 PID: 27159 Comm: syz.0.6646 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1916.778171][T27159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1916.788252][T27159] Call Trace:
[ 1916.791541][T27159]  <TASK>
[ 1916.794480][T27159]  dump_stack_lvl+0x241/0x360
[ 1916.799193][T27159]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1916.804432][T27159]  ? __pfx__printk+0x10/0x10
[ 1916.809056][T27159]  ? fs_reclaim_acquire+0x93/0x140
[ 1916.814204][T27159]  ? __pfx___might_resched+0x10/0x10
[ 1916.819523][T27159]  ? lockdep_init_map_type+0xa1/0x910
[ 1916.824940][T27159]  should_fail_ex+0x3b0/0x4e0
[ 1916.829648][T27159]  ? security_inode_alloc+0x28/0x120
[ 1916.835047][T27159]  should_failslab+0xac/0x100
[ 1916.839752][T27159]  ? security_inode_alloc+0x28/0x120
[ 1916.845064][T27159]  kmem_cache_alloc_noprof+0x6c/0x2a0
[ 1916.850460][T27159]  security_inode_alloc+0x28/0x120
[ 1916.855610][T27159]  inode_init_always+0x966/0xc90
[ 1916.860569][T27159]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1916.865973][T27159]  new_inode_pseudo+0x9e/0x1a0
[ 1916.870772][T27159]  __sock_create+0x123/0x920
[ 1916.875400][T27159]  __sys_socket+0x150/0x3c0
[ 1916.880016][T27159]  ? __pfx___sys_socket+0x10/0x10
[ 1916.885072][T27159]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1916.891433][T27159]  ? do_syscall_64+0x100/0x230
[ 1916.896232][T27159]  __x64_sys_socket+0x7a/0x90
[ 1916.900932][T27159]  do_syscall_64+0xf3/0x230
[ 1916.905466][T27159]  ? clear_bhb_loop+0x35/0x90
[ 1916.910169][T27159]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1916.916092][T27159] RIP: 0033:0x7f6b0b977d37
[ 1916.920515][T27159] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1916.940293][T27159] RSP: 002b:00007f6b0c6ebfb8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
[ 1916.948710][T27159] RAX: ffffffffffffffda RBX: 00007f6b0bb06038 RCX: 00007f6b0b977d37
[ 1916.956681][T27159] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[ 1916.964662][T27159] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[ 1916.972722][T27159] R10: 0000000020000100 R11: 0000000000000286 R12: 0000000000000001
[ 1916.980691][T27159] R13: 000000000000006e R14: 00007f6b0bb06038 R15: 00007ffdd0f47458
[ 1916.988670][T27159]  </TASK>
[ 1916.996349][T27159] socket: no more sockets
[ 1917.068281][T26995] Bluetooth: hci8: command 0x0406 tx timeout
[ 1917.304807][T27167] mkiss: ax0: crc mode is auto.
[ 1917.310747][T27172] netlink: 64 bytes leftover after parsing attributes in process `syz.3.6649'.
[ 1917.968989][T27172] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1918.194067][   T29] audit: type=1326 audit(1721808127.684:7896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27168 comm="syz.3.6649" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa6c1775f19 code=0x0
[ 1918.465457][T27181] FAULT_INJECTION: forcing a failure.
[ 1918.465457][T27181] name failslab, interval 1, probability 0, space 0, times 0
[ 1918.506887][T27181] CPU: 1 UID: 0 PID: 27181 Comm: syz.1.6652 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1918.517461][T27181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1918.527541][T27181] Call Trace:
[ 1918.530848][T27181]  <TASK>
[ 1918.533797][T27181]  dump_stack_lvl+0x241/0x360
[ 1918.538499][T27181]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1918.543732][T27181]  ? __pfx__printk+0x10/0x10
[ 1918.548358][T27181]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[ 1918.554369][T27181]  ? __pfx___might_resched+0x10/0x10
[ 1918.559697][T27181]  should_fail_ex+0x3b0/0x4e0
[ 1918.564410][T27181]  should_failslab+0xac/0x100
[ 1918.569114][T27181]  ? __alloc_skb+0x1c3/0x440
[ 1918.573737][T27181]  kmem_cache_alloc_node_noprof+0x71/0x320
[ 1918.579583][T27181]  __alloc_skb+0x1c3/0x440
[ 1918.584028][T27181]  ? __pfx_validate_chain+0x10/0x10
[ 1918.589347][T27181]  ? __pfx___alloc_skb+0x10/0x10
[ 1918.594318][T27181]  ? __lock_acquire+0x137a/0x2040
[ 1918.599381][T27181]  alloc_skb_with_frags+0xc3/0x770
[ 1918.604535][T27181]  sock_alloc_send_pskb+0x91a/0xa60
[ 1918.609779][T27181]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1918.615533][T27181]  ? dev_get_by_index+0x23/0x2d0
[ 1918.620506][T27181]  packet_sendmsg+0x3e19/0x6710
[ 1918.625517][T27181]  ? smack_socket_sendmsg+0x1b5/0x540
[ 1918.630917][T27181]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[ 1918.636671][T27181]  ? tomoyo_socket_sendmsg_permission+0x288/0x420
[ 1918.643126][T27181]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[ 1918.649935][T27181]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1918.655169][T27181]  ? __fget_files+0x29/0x470
[ 1918.659797][T27181]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1918.665127][T27181]  ? security_socket_sendmsg+0x87/0xb0
[ 1918.670622][T27181]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1918.675852][T27181]  __sock_sendmsg+0x221/0x270
[ 1918.680569][T27181]  __sys_sendto+0x3a4/0x4f0
[ 1918.685109][T27181]  ? __pfx___sys_sendto+0x10/0x10
[ 1918.690282][T27181]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1918.696291][T27181]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1918.702661][T27181]  __x64_sys_sendto+0xde/0x100
[ 1918.707469][T27181]  do_syscall_64+0xf3/0x230
[ 1918.712003][T27181]  ? clear_bhb_loop+0x35/0x90
[ 1918.716708][T27181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1918.722636][T27181] RIP: 0033:0x7fb2ff575f19
[ 1918.727082][T27181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1918.746844][T27181] RSP: 002b:00007fb300351048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1918.755300][T27181] RAX: ffffffffffffffda RBX: 00007fb2ff705f60 RCX: 00007fb2ff575f19
[ 1918.755321][T27181] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000004
[ 1918.755357][T27181] RBP: 00007fb3003510a0 R08: 0000000020000080 R09: 0000000000000014
[ 1918.755369][T27181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1918.755381][T27181] R13: 000000000000000b R14: 00007fb2ff705f60 R15: 00007fffd4e2a278
[ 1918.755413][T27181]  </TASK>
[ 1919.224220][T20872] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[ 1919.414431][T20872] usb 5-1: Using ep0 maxpacket: 8
[ 1919.467700][T20872] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[ 1919.493055][T20872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1919.664076][ T5143] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1920.189045][T27187] ALSA: mixer_oss: invalid OSS volume ''
[ 1920.195813][T20872] usb 5-1: Product: syz
[ 1920.221347][T20872] usb 5-1: Manufacturer: syz
[ 1920.293988][T20872] usb 5-1: SerialNumber: syz
[ 1920.303192][T20872] usb 5-1: config 0 descriptor??
[ 1920.396761][ T5143] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1920.425531][ T5143] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1920.454005][ T5143] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1920.473478][ T5143] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1920.496119][ T5143] usb 4-1: config 0 descriptor??
[ 1920.691543][T20872] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1921.450049][ T5143] usb 4-1: string descriptor 0 read error: -22
[ 1921.515380][T27215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1921.525422][T27215] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1921.817678][T20779] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[ 1921.956883][T27219] netlink: 64 bytes leftover after parsing attributes in process `syz.2.6663'.
[ 1922.014226][T20779] usb 1-1: Using ep0 maxpacket: 32
[ 1922.041736][T20779] usb 1-1: config index 0 descriptor too short (expected 164, got 36)
[ 1922.086344][T20779] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1922.139940][T27219] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1922.153755][T20779] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1922.198962][T20779] usb 1-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1922.246539][T20779] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1922.275502][T27218] program syz.4.6654 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1922.288854][T27218] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1922.300618][T27218] ubi0: attaching mtd0
[ 1922.308982][T27218] ubi0: scanning is finished
[ 1922.311665][T20779] usb 1-1: config 0 descriptor??
[ 1922.313638][T27218] ubi0: empty MTD device detected
[ 1922.384482][T27218] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 1922.392060][T27218] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[ 1922.399481][T27218] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 1922.407309][T27218] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[ 1922.414854][T27218] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 1922.421668][T27218] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[ 1922.429824][T27218] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2795417428
[ 1922.439997][T27218] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 1922.460351][T27223] ubi0: background thread "ubi_bgt0d" started, PID 27223
[ 1922.495686][   T29] audit: type=1326 audit(1721808131.994:7897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27216 comm="syz.2.6663" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f82bb775f19 code=0x0
[ 1922.961073][T20779] usbhid 1-1:0.0: can't add hid device: -71
[ 1922.988730][T20779] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1923.030945][T20779] usb 1-1: USB disconnect, device number 9
[ 1923.059304][ T5143] uclogic 0003:256C:006D.00C4: failed retrieving string descriptor #100: -71
[ 1923.086851][ T5143] uclogic 0003:256C:006D.00C4: failed retrieving pen parameters: -71
[ 1923.114280][ T5143] uclogic 0003:256C:006D.00C4: failed probing pen v1 parameters: -71
[ 1923.132650][ T5143] uclogic 0003:256C:006D.00C4: failed probing parameters: -71
[ 1923.140434][ T5143] uclogic 0003:256C:006D.00C4: probe with driver uclogic failed with error -71
[ 1923.167247][ T5143] usb 4-1: USB disconnect, device number 26
[ 1923.405235][T20872] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 1923.687527][T17802] usb 5-1: USB disconnect, device number 47
[ 1923.812571][T27238] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6668'.
[ 1923.849205][T27239] FAULT_INJECTION: forcing a failure.
[ 1923.849205][T27239] name failslab, interval 1, probability 0, space 0, times 0
[ 1923.874165][ T5198] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[ 1923.904078][T27239] CPU: 1 UID: 0 PID: 27239 Comm: syz.0.6667 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1923.914633][T27239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1923.924880][T27239] Call Trace:
[ 1923.928154][T27239]  <TASK>
[ 1923.931075][T27239]  dump_stack_lvl+0x241/0x360
[ 1923.935749][T27239]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1923.940946][T27239]  ? __pfx__printk+0x10/0x10
[ 1923.945524][T27239]  ? fs_reclaim_acquire+0x93/0x140
[ 1923.950621][T27239]  ? __pfx___might_resched+0x10/0x10
[ 1923.955902][T27239]  should_fail_ex+0x3b0/0x4e0
[ 1923.960656][T27239]  ? tomoyo_encode+0x26f/0x540
[ 1923.965428][T27239]  should_failslab+0xac/0x100
[ 1923.970120][T27239]  ? tomoyo_encode+0x26f/0x540
[ 1923.974891][T27239]  __kmalloc_noprof+0xd8/0x400
[ 1923.979649][T27239]  tomoyo_encode+0x26f/0x540
[ 1923.984232][T27239]  tomoyo_realpath_from_path+0x59e/0x5e0
[ 1923.989858][T27239]  tomoyo_path_number_perm+0x23a/0x880
[ 1923.995308][T27239]  ? tomoyo_path_number_perm+0x208/0x880
[ 1924.000933][T27239]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1924.006921][T27239]  ? __fget_files+0x29/0x470
[ 1924.011501][T27239]  ? __fget_files+0x3f6/0x470
[ 1924.016177][T27239]  ? __fget_files+0x29/0x470
[ 1924.020792][T27239]  security_file_ioctl+0x75/0xb0
[ 1924.025745][T27239]  __se_sys_ioctl+0x47/0x170
[ 1924.030337][T27239]  do_syscall_64+0xf3/0x230
[ 1924.035307][T27239]  ? clear_bhb_loop+0x35/0x90
[ 1924.040003][T27239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1924.045911][T27239] RIP: 0033:0x7f6b0b975f19
[ 1924.050351][T27239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1924.069981][T27239] RSP: 002b:00007f6b0c6ed048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1924.078397][T27239] RAX: ffffffffffffffda RBX: 00007f6b0bb06038 RCX: 00007f6b0b975f19
[ 1924.086361][T27239] RDX: 0000000020000400 RSI: 00000000c06864a2 RDI: 0000000000000004
[ 1924.094325][T27239] RBP: 00007f6b0c6ed0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1924.102290][T27239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1924.110262][T27239] R13: 000000000000006e R14: 00007f6b0bb06038 R15: 00007ffdd0f47458
[ 1924.118245][T27239]  </TASK>
[ 1924.129116][T27239] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1924.334073][ T5198] usb 2-1: Using ep0 maxpacket: 16
[ 1924.357184][ T5198] usb 2-1: config 0 has an invalid interface number: 81 but max is 2
[ 1924.434540][ T5198] usb 2-1: config 0 has an invalid interface number: 230 but max is 2
[ 1924.510078][ T5198] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1924.538156][ T5198] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[ 1924.634962][ T5198] usb 2-1: config 0 has no interface number 0
[ 1924.683957][ T5198] usb 2-1: config 0 has no interface number 1
[ 1924.720648][ T5198] usb 2-1: config 0 interface 230 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1924.816895][ T5198] usb 2-1: config 0 interface 81 has no altsetting 0
[ 1924.858249][ T5198] usb 2-1: config 0 interface 230 has no altsetting 0
[ 1924.896550][ T5198] usb 2-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=ec.06
[ 1924.915430][ T5198] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1924.924324][ T5198] usb 2-1: Product: 鮤豫ꐟ粈ꭍ寛殳ᷴ誈泫᪭祝䤖⬏禍뇟➣驽鴵釤癱蜹Ⱡ级蹌ݒ࿥낵㳶䐦ᛜ戒乼彺깾艏呵ᵀ瀌䚁餄瀊쒫ۀ똢锒ز么ᴥᓖ놓扅伖뽂鱆褤턨鬐᥏㊔䑔⬌缑㑬纡䣼줖ℯ槁唦鼮䰩箨ᆸ磃뎖퍐썛ధ怒嶅㠙犺뽖譣捃밁﹙鲴㳎駉⳴Ǩ燺珱ⱈ껡ᬳ쥵㾧푉
[ 1925.010893][ T5198] usb 2-1: Manufacturer: ᐌ
[ 1925.015830][ T5198] usb 2-1: SerialNumber: 릗鼺歷៩뫥鄈쌌᥏ޔ䗠䏾햻鎪䠟妛ⷆ1记ᩏ냟鬧㶿ꉎ
[ 1925.140250][ T5198] usb 2-1: config 0 descriptor??
[ 1925.281622][T27257] netlink: 64 bytes leftover after parsing attributes in process `syz.3.6674'.
[ 1925.326101][T27257] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1925.463529][ T5198] HFC-S_USB 2-1:0.81: probe with driver HFC-S_USB failed with error -5
[ 1926.193062][T27250] ALSA: mixer_oss: invalid OSS volume ''
[ 1926.210117][ T5198] HFC-S_USB 2-1:0.230: probe with driver HFC-S_USB failed with error -5
[ 1926.234017][   T29] audit: type=1326 audit(1721808135.704:7898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27255 comm="syz.3.6674" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa6c1775f19 code=0x0
[ 1926.266920][ T5198] usb 2-1: USB disconnect, device number 31
[ 1926.655451][T27081] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[ 1926.672998][T27267] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1926.855748][T27081] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1926.879853][T27081] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1926.932653][T27081] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1926.988228][T27081] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1927.032133][T27081] usb 3-1: config 0 descriptor??
[ 1927.240248][T27280] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6681'.
[ 1927.882194][T27262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1928.765830][T27081] usb 3-1: string descriptor 0 read error: -22
[ 1928.988494][T23609] Bluetooth: hci8: ACL packet for unknown connection handle 200
[ 1929.025936][T27262] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1929.644481][T20872] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[ 1929.854059][T20872] usb 5-1: Using ep0 maxpacket: 16
[ 1929.871795][T20872] usb 5-1: config 0 has an invalid interface number: 81 but max is 2
[ 1929.891882][T20872] usb 5-1: config 0 has an invalid interface number: 230 but max is 2
[ 1929.914116][T20872] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1929.925921][T20872] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[ 1929.935403][T20872] usb 5-1: config 0 has no interface number 0
[ 1929.942423][T20872] usb 5-1: config 0 has no interface number 1
[ 1929.958953][T20872] usb 5-1: config 0 interface 230 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1929.979180][T20872] usb 5-1: config 0 interface 81 has no altsetting 0
[ 1929.986460][T20872] usb 5-1: config 0 interface 230 has no altsetting 0
[ 1930.000267][T20872] usb 5-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=ec.06
[ 1930.014312][T20872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1930.022746][T20872] usb 5-1: Product: 鮤豫ꐟ粈ꭍ寛殳ᷴ誈泫᪭祝䤖⬏禍뇟➣驽鴵釤癱蜹Ⱡ级蹌ݒ࿥낵㳶䐦ᛜ戒乼彺깾艏呵ᵀ瀌䚁餄瀊쒫ۀ똢锒ز么ᴥᓖ놓扅伖뽂鱆褤턨鬐᥏㊔䑔⬌缑㑬纡䣼줖ℯ槁唦鼮䰩箨ᆸ磃뎖퍐썛ధ怒嶅㠙犺뽖譣捃밁﹙鲴㳎駉⳴Ǩ燺珱ⱈ껡ᬳ쥵㾧푉
[ 1930.059300][T20872] usb 5-1: Manufacturer: ᐌ
[ 1930.066563][T20872] usb 5-1: SerialNumber: 릗鼺歷៩뫥鄈쌌᥏ޔ䗠䏾햻鎪䠟妛ⷆ1记ᩏ냟鬧㶿ꉎ
[ 1930.090395][T20872] usb 5-1: config 0 descriptor??
[ 1930.319321][T20872] HFC-S_USB 5-1:0.81: probe with driver HFC-S_USB failed with error -5
[ 1930.342448][T20872] HFC-S_USB 5-1:0.230: probe with driver HFC-S_USB failed with error -5
[ 1930.354871][T20872] usb 5-1: USB disconnect, device number 48
[ 1930.471437][T27081] uclogic 0003:256C:006D.00C5: failed retrieving string descriptor #100: -71
[ 1930.563972][ T5143] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[ 1930.612076][T27299] ALSA: mixer_oss: invalid OSS volume ''
[ 1930.643923][T27081] uclogic 0003:256C:006D.00C5: failed retrieving pen parameters: -71
[ 1930.653948][T27081] uclogic 0003:256C:006D.00C5: failed probing pen v1 parameters: -71
[ 1930.667346][T27081] uclogic 0003:256C:006D.00C5: failed probing parameters: -71
[ 1930.680697][T27081] uclogic 0003:256C:006D.00C5: probe with driver uclogic failed with error -71
[ 1931.409377][T27081] usb 3-1: USB disconnect, device number 120
[ 1931.415626][ T5143] usb 1-1: Using ep0 maxpacket: 16
[ 1931.551066][ T5143] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1931.575058][ T5143] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1931.594342][ T5143] usb 1-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[ 1931.602231][T27317] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6694'.
[ 1931.623925][ T5143] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1931.643178][ T5143] usb 1-1: config 0 descriptor??
[ 1931.801440][T27319] wireguard: wireguard0: Could not create IPv6 socket
[ 1931.817776][T27319] wireguard0: entered promiscuous mode
[ 1931.835245][T27330] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1931.838141][T27319] wireguard0: entered allmulticast mode
[ 1931.949194][T27327] sp0: Synchronizing with TNC
[ 1932.085883][ T5143] usbhid 1-1:0.0: can't add hid device: -71
[ 1932.097095][ T5143] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1932.120253][ T5143] usb 1-1: USB disconnect, device number 10
[ 1932.856748][   T42] block nbd0: Possible stuck request ffff888020330000: control (read@0,4096B). Runtime 150 seconds
[ 1932.935522][T20872] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[ 1933.152385][T20872] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1933.304688][T20872] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1933.315508][T20872] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1933.327188][T20872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1933.343149][T20872] usb 3-1: config 0 descriptor??
[ 1934.034104][T27347] ALSA: mixer_oss: invalid OSS volume ''
[ 1934.200119][T27362] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6707'.
[ 1934.302014][T27366] __find_get_block_slow() failed. block=144115188075855872, b_blocknr=0, b_state=0x00106019, b_size=4096, device sda1 blocksize: 4096
[ 1934.340629][T27366] grow_buffers: requested out-of-range block 144115188075855872 for device sda1
[ 1934.374371][T27366] EXT4-fs warning (device sda1): ext4_resize_fs:2018: can't read last block, resize aborted
[ 1934.397577][T27371] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1934.454750][T20872] usb 3-1: string descriptor 0 read error: -22
[ 1934.655711][T27344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1934.690070][T27344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1934.691118][T27377] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1934.956708][T20872] uclogic 0003:256C:006D.00C6: interface is invalid, ignoring
[ 1935.010775][T27381] netlink: 'syz.0.6713': attribute type 11 has an invalid length.
[ 1935.033760][T27381] netlink: 'syz.0.6713': attribute type 11 has an invalid length.
[ 1935.056468][T27381] debugfs: Directory 'netdev:' with parent 'phy155' already present!
[ 1935.346767][T23609] Bluetooth: hci8: ACL packet for unknown connection handle 200
[ 1936.890049][   T30] INFO: task syz.0.6188:25494 blocked for more than 144 seconds.
[ 1937.033736][   T30]       Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1937.045250][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1937.054282][   T30] task:syz.0.6188      state:D stack:20920 pid:25494 tgid:25493 ppid:24440  flags:0x00004006
[ 1937.065187][   T30] Call Trace:
[ 1937.068489][   T30]  <TASK>
[ 1937.071434][   T30]  __schedule+0x17ae/0x4a10
[ 1937.076450][   T30]  ? __pfx___schedule+0x10/0x10
[ 1937.081311][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1937.086843][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1937.092933][   T30]  ? schedule+0x90/0x320
[ 1937.098276][   T30]  schedule+0x14b/0x320
[ 1937.102440][   T30]  io_schedule+0x8d/0x110
[ 1937.111902][   T30]  folio_wait_bit_common+0x882/0x12b0
[ 1937.114175][ T5141] usb 3-1: USB disconnect, device number 121
[ 1937.117792][   T30]  ? __pfx_folio_wait_bit_common+0x10/0x10
[ 1937.137533][   T30]  ? __pfx_wake_page_function+0x10/0x10
[ 1937.155121][   T30]  ? __filemap_get_folio+0x769/0xc10
[ 1937.160482][   T30]  do_read_cache_folio+0xb9/0x820
[ 1937.181581][   T30]  ? __pfx_blkdev_read_folio+0x10/0x10
[ 1937.196109][   T30]  read_part_sector+0xb3/0x330
[ 1937.207471][   T30]  adfspart_check_POWERTEC+0xc8/0x8f0
[ 1937.219926][   T30]  ? __pfx_adfspart_check_ICS+0x10/0x10
[ 1937.238853][   T30]  ? snprintf+0xda/0x120
[ 1937.249777][   T30]  ? __pfx_adfspart_check_POWERTEC+0x10/0x10
[ 1937.267642][   T30]  ? alloc_pages_mpol_noprof+0x417/0x680
[ 1937.290989][   T30]  ? vsnprintf+0x1cc3/0x1da0
[ 1937.306762][   T30]  ? vsnprintf+0x184/0x1da0
[ 1937.317059][   T30]  ? __pfx_snprintf+0x10/0x10
[ 1937.322476][   T30]  ? __kasan_kmalloc+0x98/0xb0
[ 1937.331305][   T30]  bdev_disk_changed+0x72c/0x13d0
[ 1937.343188][   T30]  ? __pfx_bdev_disk_changed+0x10/0x10
[ 1937.349349][   T30]  blkdev_get_whole+0x2d2/0x450
[ 1937.359136][   T30]  bdev_open+0x2d4/0xc60
[ 1937.363703][   T30]  blkdev_open+0x3e8/0x570
[ 1937.370018][   T30]  ? __pfx_blkdev_open+0x10/0x10
[ 1937.370211][T27400] ALSA: mixer_oss: invalid OSS volume ''
[ 1937.382258][   T30]  do_dentry_open+0x970/0x1440
[ 1937.387176][   T30]  vfs_open+0x3e/0x330
[ 1937.391376][   T30]  path_openat+0x2b3e/0x3470
[ 1937.397860][   T30]  ? __pfx_stack_trace_save+0x10/0x10
[ 1937.403361][   T30]  ? __lock_acquire+0x137a/0x2040
[ 1937.423504][   T30]  ? __pfx_path_openat+0x10/0x10
[ 1937.428701][   T30]  do_filp_open+0x235/0x490
[ 1937.433229][   T30]  ? __pfx_do_filp_open+0x10/0x10
[ 1937.440702][   T30]  ? _raw_spin_unlock+0x28/0x50
[ 1937.445737][   T30]  ? alloc_fd+0x5a1/0x640
[ 1937.450091][   T30]  do_sys_openat2+0x13e/0x1d0
[ 1937.454913][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1937.460141][   T30]  ? smack_file_ioctl+0x2a1/0x3a0
[ 1937.465325][   T30]  __x64_sys_openat+0x247/0x2a0
[ 1937.470205][   T30]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1937.476597][   T30]  ? do_syscall_64+0x100/0x230
[ 1937.481398][   T30]  ? do_syscall_64+0xb6/0x230
[ 1937.486248][   T30]  do_syscall_64+0xf3/0x230
[ 1937.490784][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1937.495728][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1937.501662][   T30] RIP: 0033:0x7f5eba174950
[ 1937.507526][   T30] RSP: 002b:00007f5ebaf9eb80 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1937.516432][   T30] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5eba174950
[ 1937.524593][   T30] RDX: 0000000000000000 RSI: 00007f5ebaf9ec20 RDI: 00000000ffffff9c
[ 1937.532719][   T30] RBP: 00007f5ebaf9ec20 R08: 0000000000000000 R09: 002364626e2f7665
[ 1937.542016][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1937.550296][   T30] R13: 000000000000000b R14: 00007f5eba305f60 R15: 00007ffd9f1a0b48
[ 1937.558631][   T30]  </TASK>
[ 1937.561795][   T30] INFO: task syz.0.6188:25495 blocked for more than 144 seconds.
[ 1937.571087][   T30]       Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1937.578533][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1937.588826][   T30] task:syz.0.6188      state:D stack:23800 pid:25495 tgid:25493 ppid:24440  flags:0x00004006
[ 1937.599856][   T30] Call Trace:
[ 1937.603147][   T30]  <TASK>
[ 1937.606199][   T30]  __schedule+0x17ae/0x4a10
[ 1937.611061][   T30]  ? __pfx___schedule+0x10/0x10
[ 1937.616079][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1937.621348][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[ 1937.627017][   T30]  ? schedule+0x90/0x320
[ 1937.631429][   T30]  schedule+0x14b/0x320
[ 1937.635713][   T30]  schedule_preempt_disabled+0x13/0x30
[ 1937.642776][   T30]  __mutex_lock+0x6a4/0xd70
[ 1937.647481][   T30]  ? __mutex_lock+0x527/0xd70
[ 1937.652320][   T30]  ? bdev_release+0x184/0x700
[ 1937.657112][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 1937.662269][   T30]  ? __fsnotify_parent+0x20c/0x5e0
[ 1937.667528][   T30]  bdev_release+0x184/0x700
[ 1937.672097][   T30]  blkdev_release+0x15/0x20
[ 1937.676952][   T30]  ? __pfx_blkdev_release+0x10/0x10
[ 1937.682173][   T30]  __fput+0x24a/0x8a0
[ 1937.686598][   T30]  task_work_run+0x24f/0x310
[ 1937.691237][   T30]  ? __pfx_task_work_run+0x10/0x10
[ 1937.698531][   T30]  get_signal+0x15da/0x1730
[ 1937.703083][   T30]  ? __pfx_get_signal+0x10/0x10
[ 1937.708743][   T30]  arch_do_signal_or_restart+0x96/0x860
[ 1937.714405][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1937.720748][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1937.727055][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 1937.732975][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[ 1937.738717][   T30]  do_syscall_64+0x100/0x230
[ 1937.744983][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1937.749705][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1937.755776][   T30] RIP: 0033:0x7f5eba175f19
[ 1937.760354][   T30] RSP: 002b:00007f5ebaf7e048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1937.768829][   T30] RAX: 0000000000000000 RBX: 00007f5eba306038 RCX: 00007f5eba175f19
[ 1937.777097][   T30] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003
[ 1937.785181][   T30] RBP: 00007f5eba1e4e68 R08: 0000000000000000 R09: 0000000000000000
[ 1937.793312][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1937.801418][   T30] R13: 000000000000006e R14: 00007f5eba306038 R15: 00007ffd9f1a0b48
[ 1937.810694][   T30]  </TASK>
[ 1937.814929][   T30] 
[ 1937.814929][   T30] Showing all locks held in the system:
[ 1937.822707][   T30] 1 lock held by pool_workqueue_/3:
[ 1937.828017][   T30] 1 lock held by khungtaskd/30:
[ 1937.832876][   T30]  #0: ffffffff8e337660 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[ 1937.842955][   T30] 2 locks held by getty/4844:
[ 1937.853887][   T30]  #0: ffff88802adac0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1937.863711][   T30]  #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[ 1937.874259][   T30] 4 locks held by kworker/u8:19/14128:
[ 1937.879734][   T30]  #0: ffff888015edb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1937.897676][   T30]  #1: ffffc9000395fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1937.910868][   T30]  #2: ffffffff8f5e97d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[ 1937.928582][   T30]  #3: ffffffff8e33ca38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[ 1937.939765][   T30] 1 lock held by syz.0.6188/25494:
[ 1937.950065][   T30]  #0: ffff8880202e04c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0xf0/0xc60
[ 1937.963749][   T30] 1 lock held by syz.0.6188/25495:
[ 1937.969932][   T30]  #0: ffff8880202e04c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_release+0x184/0x700
[ 1937.979868][   T30] 1 lock held by syz.3.6301/25908:
[ 1937.985065][   T30]  #0: ffff8880202e04c8 (&disk->open_mutex){+.+.}-{3:3}, at: sync_bdevs+0x1a9/0x320
[ 1937.994632][   T30] 1 lock held by syz.3.6559/26831:
[ 1937.999746][   T30]  #0: ffff8880202e04c8 (&disk->open_mutex){+.+.}-{3:3}, at: sync_bdevs+0x1a9/0x320
[ 1938.009331][   T30] 
[ 1938.011748][   T30] =============================================
[ 1938.011748][   T30] 
[ 1938.033942][   T30] NMI backtrace for cpu 0
[ 1938.038388][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1938.048562][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1938.058622][   T30] Call Trace:
[ 1938.061907][   T30]  <TASK>
[ 1938.064917][   T30]  dump_stack_lvl+0x241/0x360
[ 1938.069592][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1938.074788][   T30]  ? __pfx__printk+0x10/0x10
[ 1938.079374][   T30]  ? vprintk_emit+0x631/0x770
[ 1938.084042][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[ 1938.089059][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[ 1938.093999][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1938.099455][   T30]  ? _printk+0xd5/0x120
[ 1938.103604][   T30]  ? __pfx__printk+0x10/0x10
[ 1938.108191][   T30]  ? __wake_up_klogd+0xcc/0x110
[ 1938.113045][   T30]  ? __pfx__printk+0x10/0x10
[ 1938.117717][   T30]  ? __rcu_read_unlock+0xa1/0x110
[ 1938.122735][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1938.128710][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[ 1938.134703][   T30]  watchdog+0xfee/0x1030
[ 1938.139053][   T30]  ? watchdog+0x1ea/0x1030
[ 1938.143487][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1938.148170][   T30]  kthread+0x2f0/0x390
[ 1938.152253][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1938.156949][   T30]  ? __pfx_kthread+0x10/0x10
[ 1938.161531][   T30]  ret_from_fork+0x4b/0x80
[ 1938.166028][   T30]  ? __pfx_kthread+0x10/0x10
[ 1938.170612][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1938.175383][   T30]  </TASK>
[ 1938.180759][   T30] Sending NMI from CPU 0 to CPUs 1:
[ 1938.187125][    C1] NMI backtrace for cpu 1
[ 1938.187138][    C1] CPU: 1 UID: 0 PID: 14134 Comm: kworker/u8:21 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1938.187157][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1938.187168][    C1] Workqueue: events_unbound cfg80211_wiphy_work
[ 1938.187191][    C1] RIP: 0010:kasan_check_range+0x1b7/0x290
[ 1938.187214][    C1] Code: f5 4d 01 fb 48 8d 5d 07 48 85 ed 48 0f 49 dd 48 83 e3 f8 48 29 dd 74 12 41 80 3b 00 0f 85 a6 00 00 00 49 ff c3 48 ff cd 75 ee <5b> 41 5c 41 5e 41 5f 5d c3 cc cc cc cc 40 84 ed 75 5f f7 c5 00 ff
[ 1938.187228][    C1] RSP: 0018:ffffc90003de7940 EFLAGS: 00000056
[ 1938.187241][    C1] RAX: 0000000000000001 RBX: 1ffffffff25f9b02 RCX: ffffffff816fb684
[ 1938.187254][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff92fcd810
[ 1938.187265][    C1] RBP: 0000000000000000 R08: ffffffff92fcd817 R09: 1ffffffff25f9b02
[ 1938.187277][    C1] R10: dffffc0000000000 R11: fffffbfff25f9b03 R12: ffff88802cf10000
[ 1938.187289][    C1] R13: 00000000000000bd R14: dffffc0000000001 R15: fffffbfff25f9b03
[ 1938.187302][    C1] FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[ 1938.187316][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1938.187327][    C1] CR2: 000000110c3d5a96 CR3: 000000001aeba000 CR4: 00000000003506f0
[ 1938.187345][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1938.187355][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1938.187365][    C1] Call Trace:
[ 1938.187372][    C1]  <NMI>
[ 1938.187379][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 1938.187403][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1938.187427][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1938.187458][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1938.187478][    C1]  ? nmi_handle+0x14f/0x5a0
[ 1938.187493][    C1]  ? nmi_handle+0x2a/0x5a0
[ 1938.187509][    C1]  ? kasan_check_range+0x1b7/0x290
[ 1938.187528][    C1]  ? default_do_nmi+0x63/0x160
[ 1938.187544][    C1]  ? exc_nmi+0x123/0x1f0
[ 1938.187558][    C1]  ? end_repeat_nmi+0xf/0x53
[ 1938.187576][    C1]  ? __lock_acquire+0x4d4/0x2040
[ 1938.187602][    C1]  ? kasan_check_range+0x1b7/0x290
[ 1938.187622][    C1]  ? kasan_check_range+0x1b7/0x290
[ 1938.187642][    C1]  ? kasan_check_range+0x1b7/0x290
[ 1938.187661][    C1]  </NMI>
[ 1938.187667][    C1]  <TASK>
[ 1938.187674][    C1]  __lock_acquire+0x4d4/0x2040
[ 1938.187702][    C1]  lock_acquire+0x1ed/0x550
[ 1938.187722][    C1]  ? process_scheduled_works+0x90a/0x1830
[ 1938.187748][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1938.187769][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1938.187792][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1938.187816][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1938.187840][    C1]  process_scheduled_works+0x91f/0x1830
[ 1938.187860][    C1]  ? process_scheduled_works+0x90a/0x1830
[ 1938.187892][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1938.187917][    C1]  ? assign_work+0x364/0x3d0
[ 1938.187938][    C1]  worker_thread+0x86d/0xd40
[ 1938.187965][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1938.187988][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1938.188008][    C1]  kthread+0x2f0/0x390
[ 1938.188022][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1938.188042][    C1]  ? __pfx_kthread+0x10/0x10
[ 1938.188057][    C1]  ret_from_fork+0x4b/0x80
[ 1938.188078][    C1]  ? __pfx_kthread+0x10/0x10
[ 1938.188092][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1938.188120][    C1]  </TASK>
[ 1938.197221][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[ 1938.197238][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0
[ 1938.197261][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1938.197273][   T30] Call Trace:
[ 1938.197281][   T30]  <TASK>
[ 1938.197290][   T30]  dump_stack_lvl+0x241/0x360
[ 1938.197321][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1938.197342][   T30]  ? __pfx__printk+0x10/0x10
[ 1938.197361][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1938.197391][   T30]  ? vscnprintf+0x5d/0x90
[ 1938.197417][   T30]  panic+0x349/0x860
[ 1938.197438][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1938.197464][   T30]  ? __pfx_panic+0x10/0x10
[ 1938.197482][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[ 1938.197502][   T30]  ? __irq_work_queue_local+0x137/0x410
[ 1938.197526][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[ 1938.197544][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1938.197567][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[ 1938.197598][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[ 1938.197624][   T30]  watchdog+0x102d/0x1030
[ 1938.197648][   T30]  ? watchdog+0x1ea/0x1030
[ 1938.197675][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1938.197697][   T30]  kthread+0x2f0/0x390
[ 1938.197714][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1938.197735][   T30]  ? __pfx_kthread+0x10/0x10
[ 1938.197752][   T30]  ret_from_fork+0x4b/0x80
[ 1938.197774][   T30]  ? __pfx_kthread+0x10/0x10
[ 1938.197790][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1938.197836][   T30]  </TASK>
[ 1938.198623][   T30] Kernel Offset: disabled
[ 1938.674924][   T30] Rebooting in 86400 seconds..