last executing test programs:

1m6.15347428s ago: executing program 1 (id=527):
mkdir(0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000"], 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close(r0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, 0x0, 0x30004081)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg(r1, 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
socket(0x1, 0x80000, 0x2)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, 0x0, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, 0x0, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="14419e5465f0006fc8afa8e408", 0xd, 0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg(r4, &(0x7f00000057c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000004c0)='k', 0x1}], 0x1}}], 0x1, 0x0) (fail_nth: 3)

1m4.877749327s ago: executing program 1 (id=528):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
open(&(0x7f0000000000)='./file0\x00', 0x2100, 0x14)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280))
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1adc51, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r5 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r6 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, &(0x7f0000000040)=[{}], 0xaaaaaaaaaaaac20, 0x1, 0x0, 0x2, 0x0, 0x2})
sendfile(r5, r4, 0x0, 0x80000000)
r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r7, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x10)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
r8 = socket$igmp(0x2, 0x3, 0x2)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mount$9p_fd(0x0, &(0x7f0000000540)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r8, @ANYBLOB=',wfdno=', @ANYRESDEC=r9])
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@bridge_dellink={0x2c, 0x11, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x4, 0x0, 0x1, {0x4, 0x3}}]}]}, 0x2c}}, 0x0)

1m3.750800221s ago: executing program 1 (id=532):
openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10d040, 0x4)
io_setup(0x800, &(0x7f0000000500))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
socket$inet_dccp(0x2, 0x6, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={0x0, 0x0, 0x1a, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
socket$kcm(0x2, 0x1, 0x0)
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205649, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001080)={0x980912, 0x0, '\x00', @string=0x0}})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = syz_open_procfs(0x0, &(0x7f0000000240)='oom_adj\x00')
pread64(r4, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x100010001)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)

1m3.225837441s ago: executing program 1 (id=534):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x303, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xf, 0xc0, 0x40, [{{0x9, 0x4, 0x0, 0x1c, 0x1, 0x7, 0x1, 0x3, 0x81, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x6, 0x5, 0x4}}}}}]}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x201, 0x3, 0x6, 0x8, 0xff, 0x3}, 0x31, &(0x7f0000000140)={0x5, 0xf, 0x31, 0x6, [@ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x1e, 0x3, 0xf, 0x7fff}, @wireless={0xb, 0x10, 0x1, 0x8, 0x20, 0xf, 0x0, 0x7a, 0x1}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x8, 0x1, 0xfff}, @wireless={0xb, 0x10, 0x1, 0x8, 0x80, 0x2, 0x76, 0x7, 0x6}, @generic={0x5, 0x10, 0xb, '}g'}]}, 0x9, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x2009}}, {0x32, &(0x7f00000001c0)=@string={0x32, 0x3, "58688a8a9966f205c115136068b5101e83ff867f45d3b2642ada78edd3bc866ab3ccbc83aff9498ae7d6fed8ef4f29e3"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x1001}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x412}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x1801}}, {0x4a, &(0x7f00000002c0)=@string={0x4a, 0x3, "4cf8dcc05f6d30c7f0fdfcc445d718e870172ff921242a70b74fce7521c2444922eac2bb6e022f397740908f1e5c4e11858cdc7875264a1b7be0ca03799955f8afe6b9620bd26cc1"}}, {0x31, &(0x7f0000000340)=@string={0x31, 0x3, "eb5d248d740a3604a2d7f0da00507f54c3c46810d7585df11ccb67fa9b0fbbe76c0f60f39eff4991e152c923968213"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x43e}}]}) (async)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x5, {[@local=@item_012={0x1, 0x2, 0x0, 'N'}, @global=@item_012={0x2, 0x1, 0x3, "0200"}]}}, 0x0}, 0x0)

39.278996574s ago: executing program 3 (id=570):
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x18, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'bridge_slave_0\x00', &(0x7f00000000c0)=@ethtool_sset_info={0x37, 0x1, 0x1005}})
r0 = syz_io_uring_setup(0x24f9, &(0x7f0000000180)={0x0, 0x0, 0x10100, 0x0, 0x1000000}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000000c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x5000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

39.119316191s ago: executing program 3 (id=571):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008c}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f0000000440), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$clear(0x11, 0xfffffffffffffffd)
io_destroy(0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
socket$packet(0x11, 0x0, 0x300)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r1, &(0x7f0000000340)='\x00', 0x1, 0x4801, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000100)=""/15, 0x45, 0x0, 0x0, 0x0)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x0, &(0x7f0000000180)}, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
sched_setscheduler(0xffffffffffffffff, 0x2, &(0x7f0000000340)=0x200)
r2 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200fd0000040000000800000001000000804400", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x14, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000000300008500000086000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r5}, 0xc)
sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, 0x0, 0x0)

37.406115453s ago: executing program 3 (id=574):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
write$smackfs_netlabel(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90524fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0)
r2 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
getpeername$unix(r2, &(0x7f00000000c0)=@abs, &(0x7f0000000140)=0x6e)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000580)={0x0, r3, 0x40, 0x5, 0xbec4, 0x2})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r7, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff0802110000010569ea7fa08e8df3d0edd086922799ded6be01d09a95b66d3d"], 0x398}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00'}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

35.822267384s ago: executing program 1 (id=535):
r0 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb)
add_key$keyring(&(0x7f0000000080), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socketpair(0x0, 0x0, 0x20, 0x0)
unshare(0x22020400)
r1 = socket(0x23, 0x6, 0x6)
bind$llc(r1, &(0x7f0000000000)={0x1a, 0x324, 0x80, 0xff, 0x5, 0x31, @local}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x5)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000180))
r3 = request_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000240)='\x81\xa2\xc3s\x9e4\xa9=\xaa\xb8.\xdd9\xe2\x9a\xf8\n?\x91G/\xbc\xe4\xdd9\x0ee\xd9l\x03\xc5\xa1\x01f\x1fq\xfb\xb5\x84\xf2%\xbcV\xbd\xd0\xf5\"\x11\xde\x98\xb6`\x87GC\xd1\xbc\xde\xc0}\xd6\xc4\xbd\xc8)y\xe8NN\xd2\x19\xcdV\x9f\x81\xd2\xdd%\xce\xd2\xca \x94\xbcA\x03\xdbu\xcfb\x15\xc9|e\x01!\xdf\xfe\xfb,5Pv\x00\xc5\x17\xd2\x95\xb7\xe2\xfb-\xacF\xd4\xc1\xe7\xcfe\xf1N\xb6%\xbc', 0xfffffffffffffff8)
keyctl$unlink(0x9, 0x0, r3)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x3, [@fwd={0x1}, @int={0x0, 0x0, 0x0, 0x1, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}]}, {0x0, [0x61]}}, 0x0, 0x4f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0xd3, &(0x7f00000005c0)=""/211, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

35.499427376s ago: executing program 1 (id=577):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
write$smackfs_netlabel(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90524fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0)
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff0802110000010569ea7fa08e8df3d0edd086922799ded6be01d09a95b66d3d"], 0x398}}, 0x0)

30.602529514s ago: executing program 3 (id=589):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90524fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0)
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000580)={0x0, r2, 0x40, 0x5, 0xbec4, 0x2})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff0802110000010569ea7fa08e8df3d0edd086922799ded6be01d09a95b66d3d"], 0x398}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)

29.26936772s ago: executing program 3 (id=591):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x10, 0x7f, 0x0, 0x80000001}]})
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x1abf00, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x1e, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r4, 0x3b88, &(0x7f00000002c0)={0xc, r5})
ioctl$IOMMU_VFIO_IOAS$GET(r4, 0x3b88, &(0x7f0000000100)={0xc, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r6, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r4, 0x3b8c, &(0x7f0000000040)={0x30, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000001c0))
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)="e0"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000380)={0xc, 0x0, &(0x7f0000000b80)=[@free_buffer={0x40086303, r3}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000440), 0x2d, 0x0, &(0x7f0000000500)="49771bc922a0f192e5df7c6c0e282700dbd8991b333001aeb6b3e61e97ab5104fa58751da639fea32729942ce5"})
setpgid(0x0, 0x0)

24.759303957s ago: executing program 3 (id=598):
r0 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb)
add_key$keyring(&(0x7f0000000080), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socketpair(0x0, 0x0, 0x20, 0x0)
unshare(0x22020400)
r1 = socket(0x23, 0x6, 0x6)
bind$llc(r1, &(0x7f0000000000)={0x1a, 0x324, 0x80, 0xff, 0x5, 0x31, @local}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000180))
r3 = request_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000240)='\x81\xa2\xc3s\x9e4\xa9=\xaa\xb8.\xdd9\xe2\x9a\xf8\n?\x91G/\xbc\xe4\xdd9\x0ee\xd9l\x03\xc5\xa1\x01f\x1fq\xfb\xb5\x84\xf2%\xbcV\xbd\xd0\xf5\"\x11\xde\x98\xb6`\x87GC\xd1\xbc\xde\xc0}\xd6\xc4\xbd\xc8)y\xe8NN\xd2\x19\xcdV\x9f\x81\xd2\xdd%\xce\xd2\xca \x94\xbcA\x03\xdbu\xcfb\x15\xc9|e\x01!\xdf\xfe\xfb,5Pv\x00\xc5\x17\xd2\x95\xb7\xe2\xfb-\xacF\xd4\xc1\xe7\xcfe\xf1N\xb6%\xbc', 0xfffffffffffffff8)
keyctl$unlink(0x9, 0x0, r3)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x3, [@fwd={0x1}, @int={0x0, 0x0, 0x0, 0x1, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}]}, {0x0, [0x61]}}, 0x0, 0x4f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0xd3, &(0x7f00000005c0)=""/211, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

23.344301913s ago: executing program 2 (id=600):
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x20900, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20, 0x3a, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, {0x81a}}, {{@in6=@ipv4={'\x00', '\xff\xff', @local}, 0x4d3, 0x32}, 0x2, @in=@remote}}, 0xe8)
socket$inet6(0xa, 0x3, 0x2f)
r3 = socket$xdp(0x2c, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000000070000001c000180050002"], 0x30}}, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
socket$inet6_udplite(0xa, 0x2, 0x88)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r7, 0x0)
madvise(&(0x7f0000003000/0x4000)=nil, 0x4000, 0xc)
mremap(&(0x7f0000007000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f000000b000/0x3000)=nil)
mremap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x12000, 0x3, &(0x7f0000fec000/0x12000)=nil)
setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f0000001980), 0x4)
setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, 0x0, 0x0)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000000))

21.834693482s ago: executing program 2 (id=604):
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x0, 0x11, &(0x7f00000012c0)=ANY=[@ANYBLOB="1802000063f9fffe00000000000000008500000041000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket(0x10, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000100)={0x5}, 0x10)
write(r1, &(0x7f0000000280)="1c0000001a009b8a14e5f4070009042400000000ff020000000000", 0x1b)
recvmmsg(r1, &(0x7f00000010c0), 0x1cf13bc0890a0d1, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000ac0)=[@transaction_sg={0x40046302, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{0x400000b0}]})
sendmsg(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000018c0)=ANY=[], 0x2008}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x22}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000580)={0x7, 0xde, 0xfc, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0xe)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000002c0)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000)="da652034b714875d6bdcd55bb54f157cca1e4f03092d3fd1a1fd5726d74da1feb2e05a9054672dd9b8f799acc5f582a6fde20d7a9dd4c5e0cd1d0e6b43333ca7b3b683f927797a7e30854d6362e90b93e8ea4c38f59abaca01e4f7664e1c72faf0bef2345eaa4032a438a7cd1c", 0x6d, r2}, 0x68)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x30, 0x0, @fd=r0, 0x0, &(0x7f0000000480)=""/71, 0x2d})
io_uring_enter(0xffffffffffffffff, 0x184c, 0x0, 0x0, 0x0, 0x0)

20.423005407s ago: executing program 2 (id=607):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x1e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x22, 0x2, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000340)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/diskstats\x00', 0x0, 0x0)
r5 = openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0)
sendfile(r5, r4, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x10)
r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='gid_map\x00')
write$FUSE_POLL(r7, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64=r1, @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x31, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r9, 0x2000000, 0xe, 0x38, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sched_getattr(r1, &(0x7f0000000040)={0x38}, 0x38, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000500)=ANY=[@ANYBLOB="88000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r10, @ANYBLOB="6b00330080000000ffffffffffff080211000000505050505050000000000000f7ffffffffffffff0006"], 0x88}}, 0x0)

19.416773473s ago: executing program 2 (id=609):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r3, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
unshare(0x400)
r5 = fsopen(&(0x7f0000000040)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
fgetxattr(r6, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)

18.44996786s ago: executing program 4 (id=610):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10, @void, @value}, 0x90)
socket$kcm(0x2, 0x200000000000001, 0x106)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000040)="1400000052004f030e789e7e27286d000a4149f3", 0x14)

17.472372882s ago: executing program 2 (id=611):
r0 = dup(0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
r4 = socket$unix(0x1, 0x2, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={<r5=>0x0}, &(0x7f0000cab000)=0xc)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, <r7=>0x0, <r8=>0x0}, &(0x7f0000000280)=0x5)
setuid(r7)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000040))
ioctl$NS_GET_OWNER_UID(r0, 0xb704, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000002340)={{{@in6=@private2, @in6=@mcast2}}, {{@in6=@remote}, 0x0, @in6=@mcast2}}, 0x0)
r9 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, 0x0, &(0x7f0000cab000))
setregid(0xffffffffffffffff, 0x0)
getresgid(&(0x7f0000000140), &(0x7f0000000180), 0x0)
msgctl$IPC_SET(0x0, 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000002540)={{0x3, 0x0, 0x0, 0x0, r8, 0x4, 0x15}, 0x0, 0x0, 0x2, 0x8, 0x80000000, 0x99, 0x9f37, 0x0, 0x5, 0x4, r5, r5})
fsetxattr$system_posix_acl(r3, 0x0, 0x0, 0x0, 0x2)
accept4(r1, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x1900)

17.441363921s ago: executing program 4 (id=612):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
write$smackfs_netlabel(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90524fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0)
r2 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
getpeername$unix(r2, &(0x7f00000000c0)=@abs, &(0x7f0000000140)=0x6e)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000580)={0x0, r3, 0x40, 0x5, 0xbec4, 0x2})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000340)={'wlan1\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00'}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

16.252203103s ago: executing program 4 (id=614):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8)
syz_open_procfs(0x0, &(0x7f0000000340)='fd\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = fsopen(&(0x7f0000000000)='fuse\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x4, 0x0, &(0x7f0000000080), 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b5d090987f70e06d038e7ff7fc6e5539b0d3c0e8b089b3f38306d090890e0879b0a0ac6e70a9b3348959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={0xffffffffffffffff, &(0x7f0000000100)="fdd4d4af46a33c29c6f6214cb8e6f4212c9b62e1d360070000008cfe51eb0e17", 0x0, 0x1}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xfffffffb, 0x0, "81fb08cc2b000000f6c05b7225ffff00ffffff"})
r3 = syz_open_pts(r2, 0x141601)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x400000)
fcntl$setstatus(r3, 0x4, 0x102800)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c)
listen(r4, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r5, &(0x7f00000001c0)={0x2, 0x2, @local}, 0x10)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000002800), 0x4000000000001e7, 0x40010000, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
write(r3, &(0x7f0000000000)="d5", 0xfffffedf)

15.734876482s ago: executing program 4 (id=616):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44e, 0x120b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="0000050000000500ac16d225d5236dad31"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/raw\x00')
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
r3 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x24, &(0x7f0000000100)={@multicast2, @local}, 0xc)
r4 = socket$inet(0x2, 0x3, 0x2)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
fcntl$setsig(r5, 0x3, 0x0)
setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @local}, 0xc)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c)
socket$kcm(0x10, 0x3, 0x10)
r6 = socket(0x10, 0x803, 0x0)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r7, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8)
bind$vsock_stream(r7, &(0x7f0000000440), 0x10)
listen(r7, 0x0)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r8, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r8, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1)
setsockopt$sock_int(r8, 0x28, 0x600, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x408d4)
r9 = socket$inet(0x2, 0x3, 0xe0)
sendmmsg$sock(r9, &(0x7f00000021c0)=[{{&(0x7f0000000080)=@in={0x2, 0x0, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000380)=[@timestamping={{0x14, 0x1, 0x25, 0x9}}], 0x18}}], 0x1, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000440))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

10.791373808s ago: executing program 2 (id=623):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67e}]}, 0x10)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100800001)
sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x2000000000000002)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$bt_hci(r2, 0x84, 0x7f, &(0x7f00000011c0)=""/4072, &(0x7f0000001180)=0xfe8)
syz_emit_vhci(&(0x7f00000006c0)=ANY=[@ANYBLOB="0408f300c856f6c9fcf8e4164bce9df4cc05dd1d04190129e630bdb6e5d4b7a8511fa525d6f7ca40cd3d6d15f78c8e960e359e4465980369e584443a473a09a6a2b994b2bc15e02aaaa9bcddfc63ca459f1181a620c1e726f41ffe53e9c247939ea78cae2429f31f1efa219d147740b33e6d8d8794f13cd1b54538a7bda126ac52683318ea4dcc5a0dc4b20ccae619ab0ba93d096aa50211f8fe3742a56026ea54c1267634dad02c0fb1ab311b9524217e1849e0fdd6d47e2c65216e21e6efab305cb17cea930ec6f0b8dfa25f45c119700429d20bd7fb90535d609cadda"], 0x7)
r3 = syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_REMOVE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)=ANY=[@ANYBLOB="1967097da3f0787cea583e1e99aae5a7f209c4112385f0a8aa743700"/38, @ANYRES64=r3, @ANYRES32=r4, @ANYRES32=r2, @ANYRESHEX=r4, @ANYRESOCT=r1, @ANYRES16], 0x14}, 0x1, 0x0, 0x0, 0x4040083}, 0x0)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="03c800397058abce57033f29eb6dc1f8b128a7537a3409329d374c891ea6f898ba2a0784b3781c59e6bd91a231a605e31d00"/61], 0x3d)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="02c9000a0006000500010842580e2a64adc9b138f92294bdeebc1ecb348ff152b7108cd561ee4d2c89f6f3bfa05c3f441bd20d1c6ba70e9ed467d5a2b8fd8f67e24d29b35829db02ea386f2b2bf9b81a0b4495877a1b5a2625e79bb29899f85cd07263597bb8ec3117c8e59fd935e3df6c7673feca56a9807ad8515d9bdb88cd8cbb8d6d5f8ba8055205a576717197c6c63a7eb9b71ca1ef176ba5aa73f8fa7bda01b1c8a997b9cbb31f7d6a43f2fd45becca37149c7e02c5e01010000f6edc52d9cd3a82bb77a32a3a7e54582bcff1cc806edd494037a79928ea546a9db2c7c67f6a8c456d8"], 0xf)
mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x80, 0x0)
syz_open_dev$usbmon(&(0x7f0000000080), 0xf231, 0x4000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000009000000000000000100001307"], 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
io_uring_setup(0x487a, &(0x7f00000001c0)={0x0, 0xaaf9, 0x10})
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x11, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)

10.688065319s ago: executing program 4 (id=624):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r1, 0x80046402, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
socket$xdp(0x2c, 0x3, 0x0) (async)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = creat(&(0x7f0000001180)='./file0\x00', 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mq_open(&(0x7f0000000080)='m$\x00\xdc\xb7\xb8\xd0>,\xb0\x13\x8b3z>K\x84\x05\x00\x00\x00\x9c\x81\xed\xc2\x00', 0x0, 0x0, 0x0)
socket(0x200000100000011, 0x3, 0x4) (async)
ioctl$SG_BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000240)={'\x00', 0xa236, 0x0, 0x80000001, 0x5, 0x800, r2})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa03e, 0x0, &(0x7f0000006680))
r6 = syz_open_dev$radio(&(0x7f0000000400), 0x2, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r6, 0xc0405665, &(0x7f0000000080)={0x8000, 0x1}) (async)
socket(0x5, 0x3, 0x57) (async)
quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f00000001c0)=@nullb, 0x0, 0x0)
r7 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r7, &(0x7f0000000100)={{0x3, @default}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @default, @null]}, 0x48)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x6, 0x6}, 0x10) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)

9.492058571s ago: executing program 4 (id=627):
r0 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb)
add_key$keyring(&(0x7f0000000080), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socketpair(0x0, 0x0, 0x20, 0x0)
unshare(0x22020400)
r1 = socket(0x23, 0x6, 0x6)
bind$llc(r1, &(0x7f0000000000)={0x1a, 0x324, 0x80, 0xff, 0x5, 0x31, @local}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000180))
r3 = request_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000240)='\x81\xa2\xc3s\x9e4\xa9=\xaa\xb8.\xdd9\xe2\x9a\xf8\n?\x91G/\xbc\xe4\xdd9\x0ee\xd9l\x03\xc5\xa1\x01f\x1fq\xfb\xb5\x84\xf2%\xbcV\xbd\xd0\xf5\"\x11\xde\x98\xb6`\x87GC\xd1\xbc\xde\xc0}\xd6\xc4\xbd\xc8)y\xe8NN\xd2\x19\xcdV\x9f\x81\xd2\xdd%\xce\xd2\xca \x94\xbcA\x03\xdbu\xcfb\x15\xc9|e\x01!\xdf\xfe\xfb,5Pv\x00\xc5\x17\xd2\x95\xb7\xe2\xfb-\xacF\xd4\xc1\xe7\xcfe\xf1N\xb6%\xbc', 0xfffffffffffffff8)
keyctl$unlink(0x9, 0x0, r3)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x3, [@fwd={0x1}, @int={0x0, 0x0, 0x0, 0x1, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}]}, {0x0, [0x61]}}, 0x0, 0x4f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0xd3, &(0x7f00000005c0)=""/211, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

5.613854867s ago: executing program 0 (id=630):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
socket$kcm(0x2, 0x200000000000001, 0x106)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000040)="1400000052004f030e789e7e27286d000a4149f3", 0x14)

4.332316612s ago: executing program 0 (id=631):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000000c0)={0xfffff0b0, 0xfffffffb, {<r0=>0x0}, {0xffffffffffffffff}, 0x4, 0x3})
ptrace$ARCH_SET_CPUID(0x1e, r0, 0x1, 0x1012)
accept$packet(0xffffffffffffffff, 0x0, 0x0)
symlink(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x2, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x8000)
ioctl$NBD_SET_SIZE(r4, 0xab02, 0x6)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f00000009c0)={{}, 'syz0\x00', 0x15})
io_setup(0x4e6, &(0x7f0000004200)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000480)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x2, 0x9, r5, 0x0}])
ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0)
write$binfmt_elf64(r5, &(0x7f00000000c0)=ANY=[], 0x15b0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="02000000050000", @ANYRES32=r6, @ANYBLOB="00eeffffffff0600"/20, @ANYBLOB="5d38c3564aef92e6ed8b43e080ed1d27", @ANYRES32=r0, @ANYBLOB='\x00'/28], 0x48)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x0, 0x13, r7, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0)
r8 = syz_open_procfs(0xffffffffffffffff, 0x0)
read$FUSE(r8, &(0x7f0000000400)={0x2020}, 0x2020)

3.137565773s ago: executing program 0 (id=632):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="00070000000000000000000033d3971d0d60f82b", @ANYBLOB="d6d259b025dbfeeaac7baa28acd586e11bdd5d092632", @ANYRES32, @ANYBLOB="000000000000000000000000000000000000ef000000000000000000"], 0x48)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, &(0x7f0000000040)=0x3, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2284, &(0x7f0000000040))
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xd, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000200000850000000700000018858100f769cb54c257393e934ef817aabd6f8e2a10ac2609299121ab35dc4c0697b37a14b947cb4c1f490d54d5f6aa1f2cffb93a8255265215faafceeffc64d487510746e36bcec5b85f48cde1a7b1100ec1bc96df54b0692e402404c29d58b137526e9b07d63832377e9ed2989d46950f7473791d047d8fe3a2299582c03a3d6a3f4140e67c06891e990dbe4e51e976b3237fdca6ef795e644cade6c2c570c9ed09db61e36e79eb32366f75bdf8f3556b9252b6178d3b218fa55e4876b41d0f98e72acc7ad8340b2c1f6d766eeb2db2f06919578e76251a5ee338225cf6e9", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
listen(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000dfffffffb703000008000000b7040000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000400000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000010000000018120000", @ANYRES16=r2], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94)
r3 = syz_open_procfs(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x0, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x80)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = creat(&(0x7f0000000000)='./file2\x00', 0xa1)
ioctl$FICLONERANGE(r6, 0x4020940d, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)

2.102528934s ago: executing program 0 (id=633):
r0 = socket(0x2a, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000600), 0x6828, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000000))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
socket(0x1d, 0x3, 0x3)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x30, 0x4, 0x0, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x4, 0x0, 0x0, 0x9}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x656}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x3}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote, 0x4}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2, 0x8}]}, @noop, @noop, @noop, @lsrr={0x83, 0xb, 0xda, [@private=0xa010102, @rand_addr=0x64010102]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})

610.465527ms ago: executing program 0 (id=634):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8)
syz_open_procfs(0x0, &(0x7f0000000340)='fd\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = fsopen(&(0x7f0000000000)='fuse\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x4, 0x0, &(0x7f0000000080), 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b5d090987f70e06d038e7ff7fc6e5539b0d3c0e8b089b3f38306d090890e0879b0a0ac6e70a9b3348959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={0xffffffffffffffff, &(0x7f0000000100)="fdd4d4af46a33c29c6f6214cb8e6f4212c9b62e1d360070000008cfe51eb0e17", 0x0, 0x1}, 0x20)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xfffffffb, 0x0, "81fb08cc2b000000f6c05b7225ffff00ffffff"})
r5 = syz_open_pts(r4, 0x141601)
ioctl$TIOCGPTPEER(r4, 0x5441, 0x400000)
fcntl$setstatus(r5, 0x4, 0x102800)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c)
listen(r6, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r7, &(0x7f00000001c0)={0x2, 0x2, @local}, 0x10)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000002800), 0x4000000000001e7, 0x40010000, 0x0)
close_range(r8, 0xffffffffffffffff, 0x0)
write(r5, &(0x7f0000000000)="d5", 0xfffffedf)

0s ago: executing program 0 (id=636):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000300)='auxv\x00')
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
syz_io_uring_setup(0x4076, &(0x7f0000000240)={0x0, 0x200c6fa, 0x10100, 0x2, 0x23a, 0x0, r2}, &(0x7f0000000480), &(0x7f0000000200))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r1}, &(0x7f0000000000), &(0x7f00000000c0)=r2}, 0x20)

kernel console output (not intermixed with test programs):

59][ T5298] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  202.702066][ T5298] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  202.727336][ T5298] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  202.761402][ T5298] usb 5-1: Manufacturer: syz
[  202.949141][ T5298] usb 5-1: config 0 descriptor??
[  202.963057][ T5298] igorplugusb 5-1:0.0: incorrect number of endpoints
[  203.218391][ T6351] netlink: 'syz.2.222': attribute type 9 has an invalid length.
[  203.228539][ T6351] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.222'.
[  203.310307][ T6351] netlink: 4 bytes leftover after parsing attributes in process `syz.2.222'.
[  203.729383][ T6332] can: request_module (can-proto-3) failed.
[  203.881886][ T6356] netlink: 'syz.0.223': attribute type 9 has an invalid length.
[  203.890113][ T6356] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.223'.
[  204.067423][ T6356] netlink: 4 bytes leftover after parsing attributes in process `syz.0.223'.
[  204.255597][ T5214] usb 5-1: USB disconnect, device number 9
[  204.664658][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  205.487875][ T6366] netlink: 'syz.3.225': attribute type 10 has an invalid length.
[  206.103456][ T6366] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  207.227288][ T6404] fuse: Unknown parameter '00000000000000000003'
[  208.380631][ T5214] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  208.568246][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  208.886215][ T5214] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  208.900575][ T5214] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  208.975675][ T5214] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  208.999734][ T5214] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  209.010001][ T5214] usb 4-1: SerialNumber: syz
[  209.082453][ T6420] netlink: 'syz.0.241': attribute type 9 has an invalid length.
[  209.090412][ T6420] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.241'.
[  209.581040][ T5214] usb 4-1: 0:2 : does not exist
[  209.594558][ T5214] usb 4-1: USB disconnect, device number 6
[  210.233516][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  210.652434][ T6431] netlink: 'syz.0.245': attribute type 9 has an invalid length.
[  210.660269][ T6431] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.245'.
[  210.759351][ T6431] netlink: 4 bytes leftover after parsing attributes in process `syz.0.245'.
[  210.760688][ T5306] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  211.551506][ T5306] usb 5-1: Using ep0 maxpacket: 16
[  211.568820][ T5306] usb 5-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=77.71
[  211.762209][ T5306] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.797762][ T5306] usb 5-1: Product: syz
[  211.804959][ T5306] usb 5-1: Manufacturer: syz
[  211.809733][ T5306] usb 5-1: SerialNumber: syz
[  211.854729][ T5306] usb 5-1: config 0 descriptor??
[  211.919691][ T5306] as10x_usb: device has been detected
[  211.930911][ T5306] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  211.955793][ T5306] usb 5-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  211.981128][ T5306] as10x_usb: error during firmware upload part1
[  211.987903][ T5306] Registered device PCTV Systems picoStick (74e)
[  212.253662][ T6430] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  212.308226][ T6449] futex_wake_op: syz.3.249 tries to shift op by 144; fix this program
[  212.351635][ T6430] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  212.393316][ T6430] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  212.527410][ T6430] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  212.645394][   T25] usb 5-1: USB disconnect, device number 10
[  212.748293][   T25] Unregistered device PCTV Systems picoStick (74e)
[  212.775609][   T25] as10x_usb: device has been disconnected
[  213.059404][ T6459] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  213.786557][ T6465] fuse: Unknown parameter '00000000000000000003'
[  215.328748][ T6476] netlink: 'syz.4.254': attribute type 9 has an invalid length.
[  215.337093][ T6476] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.254'.
[  215.417254][ T6476] netlink: 4 bytes leftover after parsing attributes in process `syz.4.254'.
[  216.499244][ T6489] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  216.530668][ T5214] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  216.731233][ T5214] usb 3-1: Using ep0 maxpacket: 16
[  216.978940][ T5214] usb 3-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=77.71
[  216.997580][ T5214] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.016845][ T5214] usb 3-1: Product: syz
[  217.044198][ T5214] usb 3-1: Manufacturer: syz
[  217.049022][ T5214] usb 3-1: SerialNumber: syz
[  217.069772][ T5214] usb 3-1: config 0 descriptor??
[  217.097472][ T5214] as10x_usb: device has been detected
[  217.119043][ T5214] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  217.173036][ T5214] usb 3-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  217.198614][ T5214] as10x_usb: error during firmware upload part1
[  217.209049][ T5214] Registered device PCTV Systems picoStick (74e)
[  217.351715][ T6482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  217.427738][ T6482] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  217.493290][ T6492] netlink: 236 bytes leftover after parsing attributes in process `syz.3.262'.
[  217.505324][ T6482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  217.533949][ T6482] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  217.664688][ T6493] input: syz0 as /devices/virtual/input/input11
[  218.081799][ T5306] usb 3-1: USB disconnect, device number 7
[  218.107616][ T5306] Unregistered device PCTV Systems picoStick (74e)
[  218.116523][ T5306] as10x_usb: device has been disconnected
[  220.438398][ T6516] netlink: 236 bytes leftover after parsing attributes in process `syz.0.267'.
[  220.675639][ T6514] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  222.217953][ T6522] netlink: 'syz.4.269': attribute type 9 has an invalid length.
[  222.225820][ T6522] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.269'.
[  222.241476][ T6522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.269'.
[  222.366326][ T6531] netlink: 'syz.2.270': attribute type 9 has an invalid length.
[  222.374293][ T6531] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.270'.
[  222.396905][ T6531] netlink: 4 bytes leftover after parsing attributes in process `syz.2.270'.
[  222.675168][ T6538] netlink: 'syz.3.272': attribute type 9 has an invalid length.
[  222.683296][ T6538] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.272'.
[  228.960760][ T5298] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  229.130767][ T5298] usb 1-1: Using ep0 maxpacket: 16
[  229.152184][ T5298] usb 1-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=77.71
[  229.167786][ T5298] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.177331][ T5298] usb 1-1: Product: syz
[  229.185016][ T5298] usb 1-1: Manufacturer: syz
[  229.189890][ T5298] usb 1-1: SerialNumber: syz
[  229.218766][ T5298] usb 1-1: config 0 descriptor??
[  229.265231][ T5298] as10x_usb: device has been detected
[  229.271525][ T5298] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  229.315019][ T5298] usb 1-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  229.337930][ T5298] as10x_usb: error during firmware upload part1
[  229.346110][ T5298] Registered device PCTV Systems picoStick (74e)
[  229.520347][ T6561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  229.540301][ T6561] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  229.557200][ T6561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  229.576791][ T6561] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  229.595327][ T5298] usb 1-1: USB disconnect, device number 6
[  229.635539][ T5298] Unregistered device PCTV Systems picoStick (74e)
[  229.654080][ T5298] as10x_usb: device has been disconnected
[  230.435205][ T6575] netlink: 'syz.0.281': attribute type 9 has an invalid length.
[  230.443524][ T6575] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.281'.
[  232.041362][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  232.504398][ T5216] Bluetooth: hci5: command 0x0406 tx timeout
[  232.843014][ T6594] netlink: 'syz.0.285': attribute type 9 has an invalid length.
[  232.852566][ T6594] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.285'.
[  233.740027][ T4608] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  233.756977][ T4608] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  233.767345][ T4608] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  234.577766][ T6588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.285'.
[  234.625241][ T4608] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  234.637949][ T4608] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  234.647413][ T4608] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  234.831474][ T6606] netlink: 'syz.3.286': attribute type 9 has an invalid length.
[  234.839274][ T6606] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.286'.
[  234.915421][ T6602] netlink: 'syz.2.289': attribute type 9 has an invalid length.
[  234.931188][ T6602] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.289'.
[  235.008115][ T6606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.286'.
[  235.160140][   T57] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  235.289005][ T6607] chnl_net:caif_netlink_parms(): no params data found
[  235.396213][   T57] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  235.415239][   T57] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  235.476907][   T57] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  235.486352][   T57] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  235.508374][   T57] usb 2-1: Manufacturer: syz
[  235.515630][ T6607] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.523005][ T6607] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.530398][ T6607] bridge_slave_0: entered allmulticast mode
[  235.537766][ T6607] bridge_slave_0: entered promiscuous mode
[  235.545974][ T6607] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.604946][ T6607] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.612413][ T6607] bridge_slave_1: entered allmulticast mode
[  235.619418][ T6607] bridge_slave_1: entered promiscuous mode
[  235.638883][   T57] usb 2-1: config 0 descriptor??
[  235.700136][ T6607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  235.733690][ T6620] netlink: 'syz.2.292': attribute type 9 has an invalid length.
[  235.756428][ T6607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  235.770767][ T6620] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.292'.
[  235.796736][   T57] rc_core: IR keymap rc-hauppauge not found
[  235.807461][ T6620] netlink: 4 bytes leftover after parsing attributes in process `syz.2.292'.
[  235.833543][   T57] Registered IR keymap rc-empty
[  235.840857][   T57] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  235.870244][   T57] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input13
[  236.033455][ T6607] team0: Port device team_slave_0 added
[  236.039651][ T6612] can: request_module (can-proto-3) failed.
[  236.083547][ T6607] team0: Port device team_slave_1 added
[  236.089448][   T57] usb 2-1: USB disconnect, device number 7
[  236.211317][ T6607] batman_adv: batadv0: Adding interface: batadv_slave_0
[  236.227252][ T6607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.262438][ T6607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  236.278974][ T6607] batman_adv: batadv0: Adding interface: batadv_slave_1
[  236.288838][ T6607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.326849][ T6607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  236.422456][ T6607] hsr_slave_0: entered promiscuous mode
[  236.455786][ T6607] hsr_slave_1: entered promiscuous mode
[  236.471994][ T6607] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  236.479964][ T6607] Cannot create hsr debugfs directory
[  236.830595][ T5219] Bluetooth: hci2: command tx timeout
[  237.785044][ T6639] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  238.724596][ T6607] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.900600][ T5219] Bluetooth: hci2: command tx timeout
[  239.019251][ T6607] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.179702][ T6607] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.501107][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  240.095447][ T6607] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.581365][ T6668] netlink: 'syz.1.300': attribute type 9 has an invalid length.
[  240.601910][ T6668] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.300'.
[  241.011020][ T5219] Bluetooth: hci2: command tx timeout
[  241.206901][ T6607] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  241.252605][ T6607] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  241.310168][ T6607] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  241.573850][ T6607] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  241.588074][ T6666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.300'.
[  241.805179][ T6607] 8021q: adding VLAN 0 to HW filter on device bond0
[  241.828718][ T6607] 8021q: adding VLAN 0 to HW filter on device team0
[  241.842689][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.849893][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  241.941215][ T6607] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  241.951954][ T6607] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  241.969302][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.976578][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  242.258784][ T6607] 8021q: adding VLAN 0 to HW filter on device batadv0
[  242.411339][ T6689] netlink: 236 bytes leftover after parsing attributes in process `syz.3.304'.
[  243.061175][ T5219] Bluetooth: hci2: command tx timeout
[  244.180021][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  244.184139][ T6607] veth0_vlan: entered promiscuous mode
[  244.264294][ T6607] veth1_vlan: entered promiscuous mode
[  244.515915][ T6707] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  244.834668][ T6607] veth0_macvtap: entered promiscuous mode
[  244.866733][ T6607] veth1_macvtap: entered promiscuous mode
[  244.898030][ T6607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  244.909139][ T6607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  244.919348][ T6607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  244.930797][ T6607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  244.941841][ T6607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  244.952684][ T6607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  244.963010][ T6607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  244.973951][ T6607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  244.987559][ T6607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  244.999667][ T6607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.011206][ T6607] batman_adv: batadv0: Interface activated: batadv_slave_0
[  245.050141][ T6712] 9pnet_fd: Insufficient options for proto=fd
[  245.066338][ T6607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.078294][ T6607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.122770][ T6607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.148538][ T6607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.240610][ T5214] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  245.260592][ T6607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.272435][ T6607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.351416][ T6607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.550614][ T6607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.606752][ T6607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.673826][ T6607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.182304][ T6607] batman_adv: batadv0: Interface activated: batadv_slave_1
[  246.192176][ T6607] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  246.200982][ T6607] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  246.209663][ T6607] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  246.218752][ T6607] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  246.480667][ T5214] usb 2-1: Using ep0 maxpacket: 16
[  246.598057][ T5214] usb 2-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=77.71
[  246.607524][ T5214] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.615851][ T5214] usb 2-1: Product: syz
[  246.620068][ T5214] usb 2-1: Manufacturer: syz
[  246.624747][ T5214] usb 2-1: SerialNumber: syz
[  246.628011][ T5767] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  246.645855][ T5214] usb 2-1: config 0 descriptor??
[  246.649549][ T5767] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  246.667380][ T5214] as10x_usb: device has been detected
[  246.673396][ T5214] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  246.697892][ T5214] usb 2-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  246.713483][ T5214] as10x_usb: error during firmware upload part1
[  246.720947][ T5214] Registered device PCTV Systems picoStick (74e)
[  246.746154][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  246.760568][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  246.860885][    T8] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  246.894318][ T6711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  246.948729][ T6711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.162669][    T8] usb 4-1: Using ep0 maxpacket: 16
[  247.168563][ T6711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.182936][    T8] usb 4-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=77.71
[  247.201384][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.209528][    T8] usb 4-1: Product: syz
[  247.226220][    T8] usb 4-1: Manufacturer: syz
[  247.301999][    T8] usb 4-1: SerialNumber: syz
[  247.317310][ T6711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.533616][    T8] usb 4-1: config 0 descriptor??
[  247.678258][ T5293] usb 2-1: USB disconnect, device number 8
[  247.878600][    T8] as10x_usb: device has been detected
[  247.904776][ T5293] Unregistered device PCTV Systems picoStick (74e)
[  247.910389][    T8] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  247.935447][ T6722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.946069][ T5293] as10x_usb: device has been disconnected
[  248.030919][ T6722] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.074177][ T6722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  248.076306][    T8] usb 4-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  248.150156][ T6722] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.184788][    T8] as10x_usb: error during firmware upload part1
[  248.192937][    T8] Registered device PCTV Systems picoStick (74e)
[  248.211130][    T8] usb 4-1: USB disconnect, device number 7
[  248.317020][    T8] Unregistered device PCTV Systems picoStick (74e)
[  248.325132][    T8] as10x_usb: device has been disconnected
[  249.524472][ T6742] netlink: 'syz.4.316': attribute type 9 has an invalid length.
[  249.532987][ T6742] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.316'.
[  250.156147][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  250.977732][ T6752] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  252.698640][ T6768] hub 6-0:1.0: USB hub found
[  252.704147][ T6768] hub 6-0:1.0: 1 port detected
[  252.921092][   T57] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  253.120790][   T57] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  253.132081][   T57] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  253.801263][   T57] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  253.810378][   T57] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  253.899591][   T57] usb 1-1: Manufacturer: syz
[  253.975643][   T57] usb 1-1: config 0 descriptor??
[  255.661236][ T6760] can: request_module (can-proto-3) failed.
[  255.770787][   T57] rc_core: IR keymap rc-hauppauge not found
[  255.777136][   T57] Registered IR keymap rc-empty
[  255.784424][   T57] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  255.837559][   T57] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input14
[  255.935443][ T6800] netlink: 'syz.1.330': attribute type 9 has an invalid length.
[  255.943654][ T6800] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.330'.
[  256.043507][ T6800] netlink: 4 bytes leftover after parsing attributes in process `syz.1.330'.
[  256.082516][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  256.089483][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  256.412399][   T57] usb 1-1: USB disconnect, device number 7
[  256.671332][ T6805] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  258.348188][ T6816] netlink: 'syz.4.333': attribute type 10 has an invalid length.
[  258.494214][ T6822] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  258.778648][ T6816] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  259.132519][ T6825] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  260.223598][    C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  262.115792][ T6837] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  262.884423][ T6846] netlink: 'syz.1.343': attribute type 9 has an invalid length.
[  262.892860][ T6846] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.343'.
[  263.250684][ T6846] netlink: 4 bytes leftover after parsing attributes in process `syz.1.343'.
[  263.995509][ T6854] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  264.900660][    T8] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  265.261391][    C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  266.070664][    T8] usb 4-1: Using ep0 maxpacket: 16
[  266.076663][    T8] usb 4-1: device descriptor read/all, error -71
[  266.395980][ T6871] input: syz0 as /devices/virtual/input/input15
[  266.405472][ T6871] input: failed to attach handler leds to device input15, error: -6
[  267.169465][ T6878] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  268.848022][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  270.868056][ T6916] netlink: 'syz.4.359': attribute type 9 has an invalid length.
[  270.876241][ T6916] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.359'.
[  273.628999][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  274.329382][ T6933] netlink: 'syz.0.365': attribute type 10 has an invalid length.
[  274.429848][ T6933] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  274.871358][ T6947] input: syz0 as /devices/virtual/input/input16
[  275.360857][    T8] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  275.592492][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  275.611689][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  275.623304][    T8] usb 4-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  275.662673][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.990940][    T8] usb 4-1: config 0 descriptor??
[  276.443764][    T8] cougar 0003:060B:700A.0008: hidraw0: USB HID v0.00 Device [HID 060b:700a] on usb-dummy_hcd.3-1/input0
[  276.693173][ T6945] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  276.726814][ T6945] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  276.796877][ T6945] netlink: 12 bytes leftover after parsing attributes in process `syz.3.367'.
[  276.814574][    T8] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  276.856636][ T5269] usb 4-1: USB disconnect, device number 10
[  277.014381][    T8] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  277.039369][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  277.079070][    T8] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  277.099078][    T8] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  277.134582][    T8] usb 5-1: Manufacturer: syz
[  277.172168][    T8] usb 5-1: config 0 descriptor??
[  277.311495][    T8] rc_core: IR keymap rc-hauppauge not found
[  277.320168][    T8] Registered IR keymap rc-empty
[  277.334573][    T8] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  277.356374][    T8] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input17
[  277.507057][ T6963] can: request_module (can-proto-3) failed.
[  277.528810][    T8] usb 5-1: USB disconnect, device number 11
[  279.967473][ T6995] Bluetooth: MGMT ver 1.23
[  279.974058][ T6995] vivid-007: disconnect
[  279.980593][ T6992] vivid-007: reconnect
[  280.232205][ T6994] input: syz0 as /devices/virtual/input/input18
[  281.465250][ T7012] input: syz0 as /devices/virtual/input/input19
[  282.129578][ T7016] netlink: 'syz.4.387': attribute type 9 has an invalid length.
[  282.137979][ T7016] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.387'.
[  282.308191][ T7016] netlink: 4 bytes leftover after parsing attributes in process `syz.4.387'.
[  283.910908][ T4608] Bluetooth: hci0: command 0x0406 tx timeout
[  284.646436][ T5268] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  285.046625][ T7048] netlink: 'syz.3.394': attribute type 9 has an invalid length.
[  285.058048][ T7048] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.394'.
[  285.445883][ T7047] netlink: 'syz.0.393': attribute type 9 has an invalid length.
[  285.454331][ T7047] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.393'.
[  285.455275][ T5268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  285.478031][ T5268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  285.488359][ T5268] usb 5-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  285.497906][ T5268] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.623508][ T5268] usb 5-1: config 0 descriptor??
[  285.737567][ T7045] netlink: 4 bytes leftover after parsing attributes in process `syz.0.393'.
[  286.391785][ T7030] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  286.415745][ T7030] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  286.434645][ T7030] netlink: 12 bytes leftover after parsing attributes in process `syz.4.390'.
[  286.447738][ T5268] cougar 0003:060B:700A.0009: hidraw0: USB HID v0.00 Device [HID 060b:700a] on usb-dummy_hcd.4-1/input0
[  286.585024][ T5268] usb 5-1: USB disconnect, device number 12
[  287.216404][    T8] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  287.390968][    T8] usb 4-1: Using ep0 maxpacket: 16
[  287.400138][    T8] usb 4-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=77.71
[  287.416503][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.431700][    T8] usb 4-1: Product: syz
[  287.436878][    T8] usb 4-1: Manufacturer: syz
[  287.448446][    T8] usb 4-1: SerialNumber: syz
[  287.462925][    T8] usb 4-1: config 0 descriptor??
[  287.478812][    T8] as10x_usb: device has been detected
[  287.494021][    T8] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  287.520200][    T8] usb 4-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  287.541820][    T8] as10x_usb: error during firmware upload part1
[  287.549870][    T8] Registered device PCTV Systems picoStick (74e)
[  287.661321][ T7066] FAULT_INJECTION: forcing a failure.
[  287.661321][ T7066] name failslab, interval 1, probability 0, space 0, times 1
[  287.680613][ T7066] CPU: 1 UID: 0 PID: 7066 Comm: syz.0.399 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0
[  287.690991][ T7066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  287.701088][ T7066] Call Trace:
[  287.704397][ T7066]  <TASK>
[  287.707360][ T7066]  dump_stack_lvl+0x241/0x360
[  287.712100][ T7066]  ? __pfx_dump_stack_lvl+0x10/0x10
[  287.717514][ T7066]  ? __pfx__printk+0x10/0x10
[  287.722235][ T7066]  ? fs_reclaim_acquire+0x93/0x140
[  287.727402][ T7066]  ? __pfx___might_resched+0x10/0x10
[  287.732736][ T7066]  should_fail_ex+0x3b0/0x4e0
[  287.737448][ T7066]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  287.743203][ T7066]  should_failslab+0xac/0x100
[  287.747926][ T7066]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  287.753676][ T7066]  __kmalloc_noprof+0xd8/0x400
[  287.758484][ T7066]  tomoyo_realpath_from_path+0xcf/0x5e0
[  287.764075][ T7066]  tomoyo_path_number_perm+0x23a/0x880
[  287.769584][ T7066]  ? tomoyo_path_number_perm+0x208/0x880
[  287.775267][ T7066]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  287.781340][ T7066]  ? __fget_files+0x29/0x470
[  287.785965][ T7066]  ? __fget_files+0x3f3/0x470
[  287.790690][ T7066]  security_file_ioctl+0xc6/0x2a0
[  287.795766][ T7066]  __se_sys_ioctl+0x47/0x170
[  287.800395][ T7066]  do_syscall_64+0xf3/0x230
[  287.804933][ T7066]  ? clear_bhb_loop+0x35/0x90
[  287.809656][ T7066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.815623][ T7066] RIP: 0033:0x7f21ec77def9
[  287.820077][ T7066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.839850][ T7066] RSP: 002b:00007f21ed4de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  287.848355][ T7066] RAX: ffffffffffffffda RBX: 00007f21ec936130 RCX: 00007f21ec77def9
[  287.856373][ T7066] RDX: 0000000020000100 RSI: 00000000c0405602 RDI: 0000000000000003
[  287.864377][ T7066] RBP: 00007f21ed4de090 R08: 0000000000000000 R09: 0000000000000000
[  287.872382][ T7066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.880385][ T7066] R13: 0000000000000000 R14: 00007f21ec936130 R15: 00007ffde1ef4308
[  287.888413][ T7066]  </TASK>
[  287.892267][ T7066] ERROR: Out of memory at tomoyo_realpath_from_path.
[  288.168773][ T7058] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  288.362692][ T7058] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  288.436749][ T7069] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  288.656647][ T5268] usb 4-1: USB disconnect, device number 11
[  288.923937][   T53] Bluetooth: hci3: command 0x0406 tx timeout
[  288.930114][   T53] Bluetooth: hci6: command 0x0406 tx timeout
[  288.977749][ T5268] Unregistered device PCTV Systems picoStick (74e)
[  288.990383][ T5268] as10x_usb: device has been disconnected
[  289.270946][ T7075] input: syz0 as /devices/virtual/input/input20
[  290.230679][ T5268] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  290.402642][ T5268] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  290.420973][ T5268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  290.456822][ T5268] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  290.504621][ T5268] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  290.548473][ T5268] usb 5-1: Manufacturer: syz
[  290.611946][ T5268] usb 5-1: config 0 descriptor??
[  290.753218][ T5268] rc_core: IR keymap rc-hauppauge not found
[  290.769536][ T5268] Registered IR keymap rc-empty
[  290.794051][ T5268] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  290.844634][ T5268] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input21
[  290.971153][ T4608] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  290.980876][ T4608] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  290.988851][ T4608] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  290.998240][ T4608] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  291.006941][ T4608] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  291.015841][ T4608] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  291.258462][ T7086] can: request_module (can-proto-3) failed.
[  291.474208][  T939] usb 5-1: USB disconnect, device number 13
[  291.750274][ T7117] netlink: 'syz.0.408': attribute type 9 has an invalid length.
[  291.758534][ T7117] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.408'.
[  292.084949][ T7118] netlink: 'syz.1.409': attribute type 9 has an invalid length.
[  292.094290][ T7118] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.409'.
[  292.211106][ T7118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.409'.
[  292.219100][ T7106] chnl_net:caif_netlink_parms(): no params data found
[  292.624774][ T5767] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.062397][ T4608] Bluetooth: hci4: command tx timeout
[  293.491966][ T7128] netlink: 'syz.0.411': attribute type 9 has an invalid length.
[  293.516174][ T5767] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.519375][ T7128] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.411'.
[  295.143131][ T4608] Bluetooth: hci4: command tx timeout
[  295.237301][ T7128] netlink: 4 bytes leftover after parsing attributes in process `syz.0.411'.
[  295.254441][ T5767] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.433359][ T5767] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.587190][ T7106] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.600730][ T5293] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  295.608430][ T7106] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.608778][ T7106] bridge_slave_0: entered allmulticast mode
[  295.652488][ T7106] bridge_slave_0: entered promiscuous mode
[  295.675171][ T7106] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.686957][ T7106] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.696256][ T7106] bridge_slave_1: entered allmulticast mode
[  295.740945][ T7106] bridge_slave_1: entered promiscuous mode
[  295.781229][ T5293] usb 5-1: Using ep0 maxpacket: 16
[  295.801950][ T5293] usb 5-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=77.71
[  295.826429][ T5293] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.840373][ T5293] usb 5-1: Product: syz
[  295.859018][ T5293] usb 5-1: Manufacturer: syz
[  295.888914][ T5293] usb 5-1: SerialNumber: syz
[  295.893949][ T7106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  295.898483][ T7106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  295.935180][ T5293] usb 5-1: config 0 descriptor??
[  295.986217][ T5293] as10x_usb: device has been detected
[  295.995729][ T5293] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  296.010743][ T5767] bridge_slave_1: left allmulticast mode
[  296.037409][ T5767] bridge_slave_1: left promiscuous mode
[  296.049012][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.066944][ T5293] usb 5-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  296.239055][ T5767] bridge_slave_0: left allmulticast mode
[  296.247964][ T5293] as10x_usb: error during firmware upload part1
[  296.254802][ T5767] bridge_slave_0: left promiscuous mode
[  296.284045][ T7155] input: syz0 as /devices/virtual/input/input22
[  296.378175][ T7144] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  296.393864][ T5293] Registered device PCTV Systems picoStick (74e)
[  296.425363][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.445732][ T7144] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  296.697315][ T5269] usb 5-1: USB disconnect, device number 14
[  296.857818][ T5269] Unregistered device PCTV Systems picoStick (74e)
[  296.864443][ T5269] as10x_usb: device has been disconnected
[  297.221495][ T4608] Bluetooth: hci4: command tx timeout
[  297.570200][ T7172] =======================================================
[  297.570200][ T7172] WARNING: The mand mount option has been deprecated and
[  297.570200][ T7172]          and is ignored by this kernel. Remove the mand
[  297.570200][ T7172]          option from the mount to silence this warning.
[  297.570200][ T7172] =======================================================
[  297.697973][ T7172] Mount JFS Failure: -22
[  297.815922][ T5767] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  297.847112][ T5767] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  297.876418][ T5767] bond0 (unregistering): Released all slaves
[  299.275930][ T7106] team0: Port device team_slave_0 added
[  299.320826][ T4608] Bluetooth: hci4: command tx timeout
[  299.722532][ T7106] team0: Port device team_slave_1 added
[  299.960824][ T5767] hsr_slave_0: left promiscuous mode
[  299.974805][ T5767] hsr_slave_1: left promiscuous mode
[  300.000410][ T5767] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  300.040705][ T5767] batman_adv: batadv0: Removing interface: batadv_slave_0
[  300.115642][ T5767] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  300.161762][ T5767] batman_adv: batadv0: Removing interface: batadv_slave_1
[  300.295473][ T5767] veth1_macvtap: left promiscuous mode
[  300.334924][ T5767] veth0_macvtap: left promiscuous mode
[  300.361133][ T5767] veth1_vlan: left promiscuous mode
[  300.376440][ T5767] veth0_vlan: left promiscuous mode
[  302.285631][ T7224] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  302.851860][ T5767] team0 (unregistering): Port device team_slave_1 removed
[  303.082454][ T5767] team0 (unregistering): Port device team_slave_0 removed
[  304.284679][ T7236] 9pnet_fd: Insufficient options for proto=fd
[  304.492009][ T7106] batman_adv: batadv0: Adding interface: batadv_slave_0
[  304.510826][ T7106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  304.586977][ T7106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  304.703886][ T7106] batman_adv: batadv0: Adding interface: batadv_slave_1
[  304.743420][ T7106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  304.830249][ T7106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  305.130413][ T7106] hsr_slave_0: entered promiscuous mode
[  305.158072][ T7106] hsr_slave_1: entered promiscuous mode
[  305.181960][ T7106] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  305.203239][ T7106] Cannot create hsr debugfs directory
[  307.069966][ T7265] netlink: 'syz.3.436': attribute type 9 has an invalid length.
[  307.078322][ T7265] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.436'.
[  307.199641][ T7265] netlink: 4 bytes leftover after parsing attributes in process `syz.3.436'.
[  307.398976][ T7266] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  309.473680][ T7288] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  309.907256][ T7106] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  310.007390][ T7106] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  310.057810][ T7106] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  310.131804][ T7106] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  310.444062][ T7106] 8021q: adding VLAN 0 to HW filter on device bond0
[  310.519467][ T7106] 8021q: adding VLAN 0 to HW filter on device team0
[  310.562588][ T5572] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.569806][ T5572] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.993667][ T5572] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.000919][ T5572] bridge0: port 2(bridge_slave_1) entered forwarding state
[  311.525143][ T7106] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  311.801035][ T7316] netlink: 892 bytes leftover after parsing attributes in process `syz.0.447'.
[  314.609779][ T7106] 8021q: adding VLAN 0 to HW filter on device batadv0
[  314.787072][ T7106] veth0_vlan: entered promiscuous mode
[  314.987224][ T7106] veth1_vlan: entered promiscuous mode
[  315.091244][ T7345] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  315.101752][ T7106] veth0_macvtap: entered promiscuous mode
[  315.135412][ T7106] veth1_macvtap: entered promiscuous mode
[  315.159697][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.170316][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.180307][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.190975][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.203464][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.214044][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.224480][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.235606][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.250755][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.261387][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.273774][ T7106] batman_adv: batadv0: Interface activated: batadv_slave_0
[  315.284475][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.295411][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.305680][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.320759][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.337367][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.348104][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.359346][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.369902][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.380053][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.390674][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.402016][ T7106] batman_adv: batadv0: Interface activated: batadv_slave_1
[  315.412920][ T7106] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  315.421790][ T7106] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  315.431241][ T7106] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  315.431985][ T7354] syz.0.452 uses obsolete (PF_INET,SOCK_PACKET)
[  315.440632][ T7106] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  315.540360][ T7357] netlink: 'syz.4.453': attribute type 9 has an invalid length.
[  315.549072][ T7357] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.453'.
[  315.561748][ T7357] netlink: 4 bytes leftover after parsing attributes in process `syz.4.453'.
[  315.764514][ T7364] xt_NFQUEUE: number of total queues is 0
[  315.907787][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  315.923924][ T6901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  315.971083][ T6901] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  315.985401][ T7362] netlink: 'syz.4.456': attribute type 10 has an invalid length.
[  315.999184][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.007935][ T7359] netlink: 'syz.1.454': attribute type 9 has an invalid length.
[  316.015795][ T7359] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.454'.
[  316.029612][ T7359] netlink: 4 bytes leftover after parsing attributes in process `syz.1.454'.
[  316.048571][ T7362] syz_tun: entered promiscuous mode
[  316.072688][ T7362] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  316.091178][    T8] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  316.136326][ T7372] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.456'.
[  316.385062][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  316.396435][    T8] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  316.405855][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.418321][ T7387] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  316.438393][   T29] audit: type=1326 audit(1727170191.010:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7383 comm="syz.4.462" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb28037def9 code=0x0
[  316.512512][  T936] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  316.572010][    T8] usb 1-1: config 0 descriptor??
[  316.670692][  T936] usb 4-1: Using ep0 maxpacket: 16
[  316.730734][ T7392] netlink: 'syz.1.461': attribute type 9 has an invalid length.
[  316.738478][  T936] usb 4-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=77.71
[  316.749758][ T7392] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.461'.
[  316.763382][  T936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.920628][  T936] usb 4-1: Product: syz
[  316.927910][  T936] usb 4-1: Manufacturer: syz
[  317.143256][  T936] usb 4-1: SerialNumber: syz
[  317.190248][  T936] usb 4-1: config 0 descriptor??
[  317.198074][ T7366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  317.222250][  T936] as10x_usb: device has been detected
[  317.286941][  T936] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  317.291233][ T7366] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  317.338133][ T7378] netlink: 'syz.2.407': attribute type 10 has an invalid length.
[  317.347407][ T4608] Bluetooth: hci0: unknown advertising packet type: 0x76
[  317.347525][ T4608] Bluetooth: hci0: Malformed LE Event: 0x02
[  317.593330][  T936] usb 4-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  317.606959][  T936] as10x_usb: error during firmware upload part1
[  317.614980][  T936] Registered device PCTV Systems picoStick (74e)
[  317.630132][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  317.644515][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  317.689865][ T7377] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  317.790643][ T7402] Illegal XDP return value 4294967274 on prog  (id 138) dev N/A, expect packet loss!
[  318.516762][    T8] ath6kl: Failed to submit usb control message: -110
[  318.523645][    T8] ath6kl: unable to send the bmi data to the device: -110
[  318.530972][    T8] ath6kl: Unable to send get target info: -110
[  318.531338][ T7378] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  318.541997][    T8] ath6kl: Failed to init ath6kl core: -110
[  318.571299][ T7377] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  318.603013][ T7377] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  318.625641][    T8] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110
[  318.742253][ T7377] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  318.773951][    T8] usb 1-1: USB disconnect, device number 8
[  318.833701][  T939] usb 4-1: USB disconnect, device number 12
[  318.859621][  T939] Unregistered device PCTV Systems picoStick (74e)
[  318.895054][  T939] as10x_usb: device has been disconnected
[  319.568346][ T7417] netlink: 4 bytes leftover after parsing attributes in process `syz.4.466'.
[  320.039810][ T7423] Zero length message leads to an empty skb
[  320.151641][ T7427] netlink: 'syz.0.468': attribute type 9 has an invalid length.
[  320.160573][ T7427] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.468'.
[  320.438635][ T7427] netlink: 4 bytes leftover after parsing attributes in process `syz.0.468'.
[  321.441094][ T7436] FAULT_INJECTION: forcing a failure.
[  321.441094][ T7436] name failslab, interval 1, probability 0, space 0, times 0
[  321.454250][ T7436] CPU: 0 UID: 0 PID: 7436 Comm: syz.3.470 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0
[  321.464533][ T7436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  321.474606][ T7436] Call Trace:
[  321.477886][ T7436]  <TASK>
[  321.480832][ T7436]  dump_stack_lvl+0x241/0x360
[  321.485562][ T7436]  ? __pfx_dump_stack_lvl+0x10/0x10
[  321.490811][ T7436]  ? __pfx__printk+0x10/0x10
[  321.495439][ T7436]  ? kmem_cache_alloc_lru_noprof+0x49/0x2b0
[  321.501354][ T7436]  ? __pfx___might_resched+0x10/0x10
[  321.506750][ T7436]  should_fail_ex+0x3b0/0x4e0
[  321.511453][ T7436]  ? __d_alloc+0x31/0x700
[  321.515966][ T7436]  should_failslab+0xac/0x100
[  321.520662][ T7436]  ? __d_alloc+0x31/0x700
[  321.524999][ T7436]  kmem_cache_alloc_lru_noprof+0x71/0x2b0
[  321.530738][ T7436]  __d_alloc+0x31/0x700
[  321.534905][ T7436]  d_alloc_pseudo+0x1f/0xb0
[  321.539420][ T7436]  alloc_file_pseudo+0x123/0x290
[  321.544374][ T7436]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  321.549843][ T7436]  ? shmem_get_inode+0xad5/0xd70
[  321.554799][ T7436]  __shmem_file_setup+0x237/0x2c0
[  321.559842][ T7436]  shmem_zero_setup+0x91/0x140
[  321.564624][ T7436]  mmap_region+0x1c5f/0x2990
[  321.569335][ T7436]  ? __pfx_mmap_region+0x10/0x10
[  321.574390][ T7436]  ? __pfx_lock_acquire+0x10/0x10
[  321.579448][ T7436]  ? mm_get_unmapped_area+0xa8/0xd0
[  321.584675][ T7436]  ? bpf_lsm_mmap_addr+0x9/0x10
[  321.589620][ T7436]  ? security_mmap_addr+0x6f/0x250
[  321.594781][ T7436]  ? __get_unmapped_area+0x2ed/0x350
[  321.600084][ T7436]  do_mmap+0x8f0/0x1000
[  321.604264][ T7436]  ? __pfx_do_mmap+0x10/0x10
[  321.608975][ T7436]  ? __pfx_down_write_killable+0x10/0x10
[  321.614730][ T7436]  ? __fget_files+0x3f3/0x470
[  321.619428][ T7436]  vm_mmap_pgoff+0x1dd/0x3d0
[  321.624037][ T7436]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  321.629280][ T7436]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  321.635659][ T7436]  ? do_syscall_64+0x100/0x230
[  321.640449][ T7436]  ? ksys_mmap_pgoff+0xdf/0x720
[  321.645324][ T7436]  ? __x64_sys_mmap+0x7f/0x140
[  321.650110][ T7436]  do_syscall_64+0xf3/0x230
[  321.654635][ T7436]  ? clear_bhb_loop+0x35/0x90
[  321.659336][ T7436]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.665334][ T7436] RIP: 0033:0x7f2af617def9
[  321.669757][ T7436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  321.689375][ T7436] RSP: 002b:00007f2af6f6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  321.697826][ T7436] RAX: ffffffffffffffda RBX: 00007f2af6335f80 RCX: 00007f2af617def9
[  321.706083][ T7436] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000000020000000
[  321.714065][ T7436] RBP: 00007f2af6f6e090 R08: ffffffffffffffff R09: 0000000000000000
[  321.722040][ T7436] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000001
[  321.730024][ T7436] R13: 0000000000000000 R14: 00007f2af6335f80 R15: 00007ffc72bd63b8
[  321.738020][ T7436]  </TASK>
[  321.883957][ T7442] FAULT_INJECTION: forcing a failure.
[  321.883957][ T7442] name failslab, interval 1, probability 0, space 0, times 0
[  321.966502][ T7442] CPU: 1 UID: 0 PID: 7442 Comm: syz.0.472 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0
[  321.976804][ T7442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  321.986861][ T7442] Call Trace:
[  321.990139][ T7442]  <TASK>
[  321.993086][ T7442]  dump_stack_lvl+0x241/0x360
[  321.997804][ T7442]  ? __pfx_dump_stack_lvl+0x10/0x10
[  322.003013][ T7442]  ? __pfx__printk+0x10/0x10
[  322.007610][ T7442]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  322.013097][ T7442]  ? __pfx___might_resched+0x10/0x10
[  322.018404][ T7442]  should_fail_ex+0x3b0/0x4e0
[  322.023176][ T7442]  should_failslab+0xac/0x100
[  322.027879][ T7442]  ? alloc_pipe_info+0xeb/0x4d0
[  322.032736][ T7442]  __kmalloc_cache_noprof+0x6c/0x2c0
[  322.038025][ T7442]  alloc_pipe_info+0xeb/0x4d0
[  322.042709][ T7442]  splice_direct_to_actor+0xa9e/0xc80
[  322.048097][ T7442]  ? __pfx_direct_splice_actor+0x10/0x10
[  322.053736][ T7442]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  322.059629][ T7442]  ? __fget_files+0x29/0x470
[  322.064229][ T7442]  ? __pfx_lock_release+0x10/0x10
[  322.069264][ T7442]  do_splice_direct+0x289/0x3e0
[  322.074120][ T7442]  ? __pfx_do_splice_direct+0x10/0x10
[  322.079509][ T7442]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  322.085412][ T7442]  ? rw_verify_area+0x1c3/0x6f0
[  322.090266][ T7442]  do_sendfile+0x561/0xe10
[  322.094689][ T7442]  ? __might_fault+0xaa/0x120
[  322.099393][ T7442]  ? __pfx_do_sendfile+0x10/0x10
[  322.104335][ T7442]  ? __might_fault+0xc6/0x120
[  322.109016][ T7442]  __se_sys_sendfile64+0x100/0x1e0
[  322.114137][ T7442]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  322.119795][ T7442]  ? do_syscall_64+0x100/0x230
[  322.124561][ T7442]  ? do_syscall_64+0xb6/0x230
[  322.129253][ T7442]  do_syscall_64+0xf3/0x230
[  322.133757][ T7442]  ? clear_bhb_loop+0x35/0x90
[  322.138451][ T7442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.144345][ T7442] RIP: 0033:0x7f21ec77def9
[  322.148759][ T7442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.168365][ T7442] RSP: 002b:00007f21ed520038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  322.176783][ T7442] RAX: ffffffffffffffda RBX: 00007f21ec935f80 RCX: 00007f21ec77def9
[  322.184779][ T7442] RDX: 0000000020002080 RSI: 0000000000000003 RDI: 0000000000000004
[  322.192752][ T7442] RBP: 00007f21ed520090 R08: 0000000000000000 R09: 0000000000000000
[  322.200750][ T7442] R10: 000000000000023b R11: 0000000000000246 R12: 0000000000000001
[  322.208719][ T7442] R13: 0000000000000000 R14: 00007f21ec935f80 R15: 00007ffde1ef4308
[  322.216703][ T7442]  </TASK>
[  322.268473][ T7448] vivid-007: disconnect
[  322.783204][ T7440] vivid-007: reconnect
[  323.162129][ T7457] netlink: 'syz.0.474': attribute type 9 has an invalid length.
[  323.170371][ T7457] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.474'.
[  323.995334][ T7453] netlink: 4 bytes leftover after parsing attributes in process `syz.0.474'.
[  324.216239][ T7477] netlink: 4 bytes leftover after parsing attributes in process `syz.4.479'.
[  324.859967][ T5298] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  325.210586][ T5298] usb 3-1: Using ep0 maxpacket: 16
[  325.228809][ T5298] usb 3-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=77.71
[  325.245581][ T5298] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.275685][ T5298] usb 3-1: Product: syz
[  325.295919][ T5298] usb 3-1: Manufacturer: syz
[  325.315341][ T5298] usb 3-1: SerialNumber: syz
[  325.328816][ T5298] usb 3-1: config 0 descriptor??
[  325.351614][ T5298] as10x_usb: device has been detected
[  325.368993][ T5298] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  325.502850][ T5298] usb 3-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  325.539164][ T5298] as10x_usb: error during firmware upload part1
[  325.555613][ T5298] Registered device PCTV Systems picoStick (74e)
[  325.564568][ T7482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  325.620963][ T7482] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  325.693329][ T7482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  325.893372][ T7482] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  325.923523][ T5298] usb 3-1: USB disconnect, device number 8
[  325.936323][ T5298] Unregistered device PCTV Systems picoStick (74e)
[  325.942213][ T5298] as10x_usb: device has been disconnected
[  328.801122][ T7515] openvswitch: netlink: Actions may not be safe on all matching packets
[  329.070621][ T5270] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  329.702001][ T5270] usb 2-1: Using ep0 maxpacket: 8
[  329.709512][ T5270] usb 2-1: config 167 has too many interfaces: 202, using maximum allowed: 32
[  329.723901][ T5270] usb 2-1: config 167 has 0 interfaces, different from the descriptor's value: 202
[  329.748388][ T5270] usb 2-1: New USB device found, idVendor=1025, idProduct=005f, bcdDevice=fe.29
[  329.781808][ T5270] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.790343][ T5270] usb 2-1: Product: syz
[  329.815911][ T5270] usb 2-1: Manufacturer: syz
[  329.868138][ T5270] usb 2-1: SerialNumber: syz
[  330.771128][  T939] usb 2-1: USB disconnect, device number 9
[  332.304298][ T7536] netlink: 'syz.4.495': attribute type 9 has an invalid length.
[  332.312309][ T7536] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.495'.
[  332.405211][ T7536] netlink: 4 bytes leftover after parsing attributes in process `syz.4.495'.
[  333.117143][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  334.160773][   T57] IPVS: starting estimator thread 0...
[  334.252812][ T7552] IPVS: using max 23 ests per chain, 55200 per kthread
[  335.185170][ T7560] netlink: 4 bytes leftover after parsing attributes in process `syz.2.502'.
[  335.200779][   T57] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  335.590687][ T7564] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  336.272100][   T57] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  336.284794][   T57] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  336.319969][   T57] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  336.493769][   T57] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  336.532907][ T7568] netlink: 68 bytes leftover after parsing attributes in process `syz.3.505'.
[  336.544077][ T7568] vivid-007: disconnect
[  336.549013][ T7567] vivid-007: reconnect
[  336.599857][   T57] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  336.637505][   T57] usb 2-1: Manufacturer: syz
[  336.702135][   T57] usb 2-1: config 0 descriptor??
[  336.764219][ T5219] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  336.774102][ T5219] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  336.782282][ T5219] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  336.792100][ T5219] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  336.800064][ T5219] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  336.807659][ T5219] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  336.818334][   T57] igorplugusb 2-1:0.0: incorrect number of endpoints
[  337.006998][ T7573] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  337.476971][ T7556] can: request_module (can-proto-3) failed.
[  337.505268][ T5298] usb 2-1: USB disconnect, device number 10
[  337.560235][ T7570] chnl_net:caif_netlink_parms(): no params data found
[  337.831887][ T7570] bridge0: port 1(bridge_slave_0) entered blocking state
[  337.840678][ T7570] bridge0: port 1(bridge_slave_0) entered disabled state
[  337.850802][ T7570] bridge_slave_0: entered allmulticast mode
[  337.862812][ T7570] bridge_slave_0: entered promiscuous mode
[  337.884221][ T7570] bridge0: port 2(bridge_slave_1) entered blocking state
[  337.902070][ T7570] bridge0: port 2(bridge_slave_1) entered disabled state
[  337.910810][ T7570] bridge_slave_1: entered allmulticast mode
[  337.927330][ T7570] bridge_slave_1: entered promiscuous mode
[  338.006744][ T7570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  338.057278][ T7570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  338.167387][ T7570] team0: Port device team_slave_0 added
[  338.240279][ T7570] team0: Port device team_slave_1 added
[  338.290921][ T7570] batman_adv: batadv0: Adding interface: batadv_slave_0
[  338.298823][ T7570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  338.331884][ T7570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  338.369302][ T7570] batman_adv: batadv0: Adding interface: batadv_slave_1
[  338.377755][ T7570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  338.407904][ T7570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  338.667483][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.969394][ T7570] hsr_slave_0: entered promiscuous mode
[  338.982198][ T7570] hsr_slave_1: entered promiscuous mode
[  338.996908][ T7570] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  339.009343][ T7570] Cannot create hsr debugfs directory
[  339.427718][ T5219] Bluetooth: hci3: command tx timeout
[  339.896726][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  340.239389][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  340.296128][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  340.695338][   T12] bond0: (slave netdevsim0): Releasing backup interface
[  340.803895][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  341.310697][   T12] bridge_slave_1: left allmulticast mode
[  341.316439][   T12] bridge_slave_1: left promiscuous mode
[  341.473499][ T5219] Bluetooth: hci3: command tx timeout
[  341.823251][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  341.846645][   T12] bridge_slave_0: left allmulticast mode
[  341.871613][   T12] bridge_slave_0: left promiscuous mode
[  341.877436][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  342.990291][ T4608] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  343.009621][ T4608] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  343.030625][ T4608] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  343.140973][ T4608] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  343.212482][ T4608] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  343.222566][ T4608] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  343.544186][ T4608] Bluetooth: hci3: command tx timeout
[  343.690593][  T939] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  343.862772][  T939] usb 3-1: Using ep0 maxpacket: 16
[  343.872076][  T939] usb 3-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=77.71
[  343.881783][  T939] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.889922][  T939] usb 3-1: Product: syz
[  343.896931][  T939] usb 3-1: Manufacturer: syz
[  343.904649][  T939] usb 3-1: SerialNumber: syz
[  343.941929][  T939] usb 3-1: config 0 descriptor??
[  343.972393][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  343.982099][  T939] as10x_usb: device has been detected
[  343.987820][  T939] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  344.004582][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  344.027992][   T12] bond0 (unregistering): Released all slaves
[  344.037649][  T939] usb 3-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  344.093707][  T939] as10x_usb: error during firmware upload part1
[  344.101172][  T939] Registered device PCTV Systems picoStick (74e)
[  344.246783][ T7536] bond0: (slave syz_tun): Releasing backup interface
[  344.277643][ T7627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  344.389568][ T7627] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  344.453912][ T7624] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  344.490300][ T7624] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  344.683970][  T939] usb 3-1: USB disconnect, device number 9
[  345.420025][ T4608] Bluetooth: hci0: command tx timeout
[  345.450661][  T939] Unregistered device PCTV Systems picoStick (74e)
[  345.452518][  T939] as10x_usb: device has been disconnected
[  345.625140][ T4608] Bluetooth: hci3: command tx timeout
[  345.818610][ T7636] warning: `syz.1.518' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  345.839970][ T7636] FAULT_INJECTION: forcing a failure.
[  345.839970][ T7636] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  345.857544][ T7636] CPU: 0 UID: 0 PID: 7636 Comm: syz.1.518 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0
[  345.867857][ T7636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  345.877939][ T7636] Call Trace:
[  345.881235][ T7636]  <TASK>
[  345.884284][ T7636]  dump_stack_lvl+0x241/0x360
[  345.888985][ T7636]  ? __pfx_dump_stack_lvl+0x10/0x10
[  345.894216][ T7636]  ? __pfx__printk+0x10/0x10
[  345.898941][ T7636]  ? __pfx_lock_release+0x10/0x10
[  345.904003][ T7636]  should_fail_ex+0x3b0/0x4e0
[  345.909086][ T7636]  _copy_to_user+0x2f/0xb0
[  345.913521][ T7636]  ioctl_standard_iw_point+0x8f2/0xcb0
[  345.919008][ T7636]  ? __pfx_cfg80211_wext_giwscan+0x10/0x10
[  345.924828][ T7636]  ? __pfx_ioctl_standard_iw_point+0x10/0x10
[  345.930909][ T7636]  ? _printk+0xd5/0x120
[  345.935086][ T7636]  ? __pfx__printk+0x10/0x10
[  345.939723][ T7636]  ioctl_standard_call+0xc7/0x290
[  345.944770][ T7636]  ? __pfx_cfg80211_wext_giwscan+0x10/0x10
[  345.950586][ T7636]  ? __pfx_cfg80211_wext_giwscan+0x10/0x10
[  345.956426][ T7636]  wext_ioctl_dispatch+0x58e/0x640
[  345.961584][ T7636]  ? __pfx_ioctl_standard_call+0x10/0x10
[  345.967228][ T7636]  ? __pfx_ioctl_private_call+0x10/0x10
[  345.972790][ T7636]  ? __pfx_wext_ioctl_dispatch+0x10/0x10
[  345.978437][ T7636]  ? __might_fault+0xc6/0x120
[  345.983154][ T7636]  wext_handle_ioctl+0x15f/0x270
[  345.988103][ T7636]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  345.993579][ T7636]  ? __asan_memset+0x23/0x50
[  345.998184][ T7636]  ? smack_file_ioctl+0x29e/0x3a0
[  346.003227][ T7636]  sock_ioctl+0x17c/0x8e0
[  346.007658][ T7636]  ? __pfx_sock_ioctl+0x10/0x10
[  346.012533][ T7636]  ? __fget_files+0x3f3/0x470
[  346.017242][ T7636]  ? __pfx_sock_ioctl+0x10/0x10
[  346.022106][ T7636]  __se_sys_ioctl+0xf9/0x170
[  346.026712][ T7636]  do_syscall_64+0xf3/0x230
[  346.031228][ T7636]  ? clear_bhb_loop+0x35/0x90
[  346.035922][ T7636]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.041828][ T7636] RIP: 0033:0x7fa82477def9
[  346.046261][ T7636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  346.065986][ T7636] RSP: 002b:00007fa825650038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  346.074432][ T7636] RAX: ffffffffffffffda RBX: 00007fa824935f80 RCX: 00007fa82477def9
[  346.082418][ T7636] RDX: 0000000020000000 RSI: 0000000000008b19 RDI: 0000000000000003
[  346.090398][ T7636] RBP: 00007fa825650090 R08: 0000000000000000 R09: 0000000000000000
[  346.098380][ T7636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  346.106358][ T7636] R13: 0000000000000000 R14: 00007fa824935f80 R15: 00007ffd3d846b58
[  346.114350][ T7636]  </TASK>
[  346.174169][   T12] hsr_slave_0: left promiscuous mode
[  346.180223][   T12] hsr_slave_1: left promiscuous mode
[  346.243261][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  346.261804][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  346.298136][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  346.316009][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  346.357129][   T12] veth1_macvtap: left promiscuous mode
[  346.363159][   T12] veth0_macvtap: left promiscuous mode
[  346.369754][   T12] veth1_vlan: left promiscuous mode
[  346.375469][   T12] veth0_vlan: left promiscuous mode
[  346.527789][   T57] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  346.698526][   T57] usb 3-1: New USB device found, idVendor=046d, idProduct=08b0, bcdDevice= e.32
[  346.726092][   T57] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.755979][   T57] usb 3-1: Product: syz
[  346.760370][   T57] usb 3-1: Manufacturer: syz
[  346.776199][   T57] usb 3-1: SerialNumber: syz
[  346.784701][   T57] usb 3-1: config 0 descriptor??
[  346.793026][   T57] pwc: Logitech QuickCam Pro 3000 USB webcam detected.
[  347.475079][ T4608] Bluetooth: hci0: command tx timeout
[  347.677891][ T7650] 9pnet: Unknown protocol version 9p20\++}
[  348.491594][ T7653] netlink: 4 bytes leftover after parsing attributes in process `syz.1.524'.
[  349.297067][   T57] pwc: Failed to set LED on/off time (-71)
[  349.303782][   T57] pwc: send_video_command error -71
[  349.309252][   T57] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  349.323574][   T57] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71
[  349.353599][   T57] usb 3-1: USB disconnect, device number 10
[  349.441851][   T12] team0 (unregistering): Port device team_slave_1 removed
[  349.504027][   T12] team0 (unregistering): Port device team_slave_0 removed
[  349.551036][ T4608] Bluetooth: hci0: command tx timeout
[  350.463626][ T7570] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  350.747166][ T7570] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  350.882867][ T7676] FAULT_INJECTION: forcing a failure.
[  350.882867][ T7676] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  350.900116][ T7676] CPU: 0 UID: 0 PID: 7676 Comm: syz.1.527 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0
[  350.910422][ T7676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  350.920518][ T7676] Call Trace:
[  350.923840][ T7676]  <TASK>
[  350.926811][ T7676]  dump_stack_lvl+0x241/0x360
[  350.931550][ T7676]  ? __pfx_dump_stack_lvl+0x10/0x10
[  350.936800][ T7676]  ? __pfx__printk+0x10/0x10
[  350.941442][ T7676]  ? __pfx_lock_release+0x10/0x10
[  350.946526][ T7676]  should_fail_ex+0x3b0/0x4e0
[  350.951256][ T7676]  _copy_from_iter+0x1ed/0x1d60
[  350.956152][ T7676]  ? __virt_addr_valid+0x183/0x530
[  350.961303][ T7676]  ? __pfx_lock_release+0x10/0x10
[  350.966381][ T7676]  ? alloc_pages_mpol_noprof+0x417/0x680
[  350.969589][ T7667] dvmrp8: entered allmulticast mode
[  350.972050][ T7676]  ? __sk_mem_raise_allocated+0xa5f/0x1140
[  350.972116][ T7676]  ? __pfx__copy_from_iter+0x10/0x10
[  350.972154][ T7676]  ? __virt_addr_valid+0x183/0x530
[  350.972178][ T7676]  ? __virt_addr_valid+0x183/0x530
[  350.972200][ T7676]  ? __virt_addr_valid+0x45f/0x530
[  350.972226][ T7676]  ? __check_object_size+0x48e/0x900
[  350.972265][ T7676]  mptcp_sendmsg+0xd31/0x1b10
[  350.972326][ T7676]  ? __pfx_mptcp_sendmsg+0x10/0x10
[  350.972359][ T7676]  ? sock_rps_record_flow+0x1a/0x400
[  350.972396][ T7676]  ? inet_sendmsg+0x330/0x390
[  350.972427][ T7676]  ? inet_sendmsg+0x9/0x390
[  350.972462][ T7676]  __sock_sendmsg+0x1a6/0x270
[  350.972497][ T7676]  ____sys_sendmsg+0x52a/0x7e0
[  350.972533][ T7676]  ? __pfx_____sys_sendmsg+0x10/0x10
[  350.972566][ T7676]  ? kasan_check_range+0x86/0x290
[  350.972608][ T7676]  __sys_sendmmsg+0x3ab/0x730
[  350.972644][ T7676]  ? __pfx___sys_sendmmsg+0x10/0x10
[  350.972683][ T7676]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  350.972733][ T7676]  ? __schedule+0x19fd/0x4ae0
[  351.074431][ T7676]  ? __pfx___schedule+0x10/0x10
[  351.079312][ T7676]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  351.085326][ T7676]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  351.091374][ T7676]  __x64_sys_sendmmsg+0xa0/0xb0
[  351.096241][ T7676]  do_syscall_64+0xf3/0x230
[  351.100756][ T7676]  ? clear_bhb_loop+0x35/0x90
[  351.105451][ T7676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.111388][ T7676] RIP: 0033:0x7fa82477def9
[  351.115812][ T7676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.135442][ T7676] RSP: 002b:00007fa82562f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  351.143898][ T7676] RAX: ffffffffffffffda RBX: 00007fa824936058 RCX: 00007fa82477def9
[  351.151897][ T7676] RDX: 0000000000000001 RSI: 00000000200057c0 RDI: 0000000000000006
[  351.159874][ T7676] RBP: 00007fa82562f090 R08: 0000000000000000 R09: 0000000000000000
[  351.167851][ T7676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.175826][ T7676] R13: 0000000000000000 R14: 00007fa824936058 R15: 00007ffd3d846b58
[  351.183826][ T7676]  </TASK>
[  351.187080][    C0] vkms_vblank_simulate: vblank timer overrun
[  351.560545][ T7570] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  351.620615][ T4608] Bluetooth: hci0: command tx timeout
[  351.689617][ T7678] dvmrp0: entered allmulticast mode
[  351.706389][ T7659] dvmrp8: left allmulticast mode
[  351.795493][ T7570] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  351.819860][ T7611] chnl_net:caif_netlink_parms(): no params data found
[  352.086489][ T7611] bridge0: port 1(bridge_slave_0) entered blocking state
[  352.106284][ T7611] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.117059][ T7611] bridge_slave_0: entered allmulticast mode
[  352.147912][ T7611] bridge_slave_0: entered promiscuous mode
[  352.693524][ T7611] bridge0: port 2(bridge_slave_1) entered blocking state
[  352.741128][ T7611] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.759329][ T7611] bridge_slave_1: entered allmulticast mode
[  352.801869][ T7611] bridge_slave_1: entered promiscuous mode
[  352.910192][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.042972][ T7611] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  353.136167][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.169430][ T7611] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  353.321691][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.425704][ T7611] team0: Port device team_slave_0 added
[  353.454860][ T7611] team0: Port device team_slave_1 added
[  353.570884][   T12] bond0: (slave netdevsim0): Releasing backup interface
[  353.582379][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.669644][ T7611] batman_adv: batadv0: Adding interface: batadv_slave_0
[  353.683527][ T7611] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.717068][ T7611] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  353.741763][ T7611] batman_adv: batadv0: Adding interface: batadv_slave_1
[  353.749371][ T7611] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.896511][ T7611] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  354.348218][ T7570] 8021q: adding VLAN 0 to HW filter on device bond0
[  354.834817][   T12] bridge_slave_1: left allmulticast mode
[  354.890789][   T12] bridge_slave_1: left promiscuous mode
[  355.028412][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.247984][   T12] bridge_slave_0: left allmulticast mode
[  355.344455][ T5219] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  355.811254][   T12] bridge_slave_0: left promiscuous mode
[  355.811341][ T5219] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  355.817033][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.833289][ T5219] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  355.880648][ T5219] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  355.893941][ T5219] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  355.903204][ T5219] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  356.100622][   T57] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  356.264092][   T57] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  356.277637][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  356.282665][   T57] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22
[  356.305380][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  356.310817][   T57] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  356.323210][   T57] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  356.332633][   T57] usb 3-1: SerialNumber: syz
[  356.336748][   T12] bond0 (unregistering): Released all slaves
[  356.376015][ T7611] hsr_slave_0: entered promiscuous mode
[  356.406717][ T7611] hsr_slave_1: entered promiscuous mode
[  356.445681][ T7570] 8021q: adding VLAN 0 to HW filter on device team0
[  356.515008][   T51] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.522370][   T51] bridge0: port 1(bridge_slave_0) entered forwarding state
[  356.552553][   T57] cdc_acm 3-1:1.0: Zero length descriptor references
[  356.566638][   T57] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -22
[  356.607540][   T57] usb 3-1: USB disconnect, device number 11
[  356.704917][   T51] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.712131][   T51] bridge0: port 2(bridge_slave_1) entered forwarding state
[  356.985853][   T12] hsr_slave_0: left promiscuous mode
[  356.999477][   T12] hsr_slave_1: left promiscuous mode
[  357.007275][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  357.019181][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  357.027975][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  357.041407][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  357.066074][   T12] veth1_macvtap: left promiscuous mode
[  357.071866][   T12] veth0_macvtap: left promiscuous mode
[  357.077733][   T12] veth1_vlan: left promiscuous mode
[  357.084614][   T12] veth0_vlan: left promiscuous mode
[  358.060595][ T5219] Bluetooth: hci2: command tx timeout
[  359.069735][ T7746] FAULT_INJECTION: forcing a failure.
[  359.069735][ T7746] name failslab, interval 1, probability 0, space 0, times 0
[  359.082713][ T7746] CPU: 0 UID: 0 PID: 7746 Comm: syz.3.542 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0
[  359.092962][ T7746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  359.103033][ T7746] Call Trace:
[  359.106312][ T7746]  <TASK>
[  359.109264][ T7746]  dump_stack_lvl+0x241/0x360
[  359.113961][ T7746]  ? __pfx_dump_stack_lvl+0x10/0x10
[  359.119167][ T7746]  ? __pfx__printk+0x10/0x10
[  359.123799][ T7746]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  359.129277][ T7746]  ? __pfx___might_resched+0x10/0x10
[  359.134682][ T7746]  should_fail_ex+0x3b0/0x4e0
[  359.139481][ T7746]  should_failslab+0xac/0x100
[  359.144190][ T7746]  ? __se_sys_mount+0x15a/0x3c0
[  359.149093][ T7746]  __kmalloc_cache_noprof+0x6c/0x2c0
[  359.154399][ T7746]  ? memdup_user+0x9f/0xc0
[  359.158841][ T7746]  __se_sys_mount+0x15a/0x3c0
[  359.163544][ T7746]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  359.169570][ T7746]  ? __pfx___se_sys_mount+0x10/0x10
[  359.174791][ T7746]  ? do_syscall_64+0x100/0x230
[  359.179568][ T7746]  ? __x64_sys_mount+0x20/0xc0
[  359.184347][ T7746]  do_syscall_64+0xf3/0x230
[  359.188858][ T7746]  ? clear_bhb_loop+0x35/0x90
[  359.193560][ T7746]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.199486][ T7746] RIP: 0033:0x7f2af617def9
[  359.203913][ T7746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.223567][ T7746] RSP: 002b:00007f2af6f6e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  359.232016][ T7746] RAX: ffffffffffffffda RBX: 00007f2af6335f80 RCX: 00007f2af617def9
[  359.240018][ T7746] RDX: 0000000020000300 RSI: 00000000200002c0 RDI: 0000000020000100
[  359.248002][ T7746] RBP: 00007f2af6f6e090 R08: 0000000020000180 R09: 0000000000000000
[  359.256094][ T7746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  359.264118][ T7746] R13: 0000000000000000 R14: 00007f2af6335f80 R15: 00007ffc72bd63b8
[  359.272134][ T7746]  </TASK>
[  359.288136][ T5269] IPVS: starting estimator thread 0...
[  359.409336][ T7748] IPVS: using max 16 ests per chain, 38400 per kthread
[  359.528179][   T12] team0 (unregistering): Port device team_slave_1 removed
[  359.593498][   T12] team0 (unregistering): Port device team_slave_0 removed
[  360.110635][ T5219] Bluetooth: hci2: command tx timeout
[  360.988219][ T7570] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  361.527256][ T7570] 8021q: adding VLAN 0 to HW filter on device batadv0
[  361.567356][ T7712] chnl_net:caif_netlink_parms(): no params data found
[  361.804742][ T7611] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  362.210788][ T5219] Bluetooth: hci2: command tx timeout
[  362.288951][ T7611] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  362.338754][ T7611] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  362.370724][ T7611] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  362.494809][ T7712] bridge0: port 1(bridge_slave_0) entered blocking state
[  362.521015][ T7712] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.746069][ T7712] bridge_slave_0: entered allmulticast mode
[  362.905460][ T7712] bridge_slave_0: entered promiscuous mode
[  363.249061][ T7712] bridge0: port 2(bridge_slave_1) entered blocking state
[  363.320644][ T7712] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.359076][ T7712] bridge_slave_1: entered allmulticast mode
[  363.372117][ T7712] bridge_slave_1: entered promiscuous mode
[  363.471376][ T7712] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  363.547327][ T7712] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  363.663474][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.775387][ T7570] veth0_vlan: entered promiscuous mode
[  363.835707][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.899109][ T7712] team0: Port device team_slave_0 added
[  364.066836][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.119705][ T7712] team0: Port device team_slave_1 added
[  364.198773][   T12] bond0: (slave netdevsim0): Releasing backup interface
[  364.215521][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.238882][ T7570] veth1_vlan: entered promiscuous mode
[  364.254647][ T7712] batman_adv: batadv0: Adding interface: batadv_slave_0
[  364.262220][ T7712] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  364.270731][ T5219] Bluetooth: hci2: command tx timeout
[  364.299918][ T7712] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  364.380333][ T7712] batman_adv: batadv0: Adding interface: batadv_slave_1
[  364.403792][ T7712] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  364.436729][ T7712] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  364.778565][ T7570] veth0_macvtap: entered promiscuous mode
[  364.809469][ T7712] hsr_slave_0: entered promiscuous mode
[  364.826668][ T7712] hsr_slave_1: entered promiscuous mode
[  364.853909][ T7712] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  365.032478][ T7712] Cannot create hsr debugfs directory
[  365.592180][   T12] bridge_slave_1: left allmulticast mode
[  365.630384][   T12] bridge_slave_1: left promiscuous mode
[  365.678253][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  365.924977][   T12] bridge_slave_0: left allmulticast mode
[  365.931439][   T12] bridge_slave_0: left promiscuous mode
[  365.937358][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  366.015046][ T7814] process 'syz.2.551' launched './file1' with NULL argv: empty string added
[  366.720847][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  366.738886][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  366.759589][   T12] bond0 (unregistering): Released all slaves
[  366.813375][ T7570] veth1_macvtap: entered promiscuous mode
[  366.985487][ T7824] netlink: 'syz.3.554': attribute type 9 has an invalid length.
[  366.994043][ T7824] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.554'.
[  367.097001][ T7824] netlink: 4 bytes leftover after parsing attributes in process `syz.3.554'.
[  367.733858][ T7611] 8021q: adding VLAN 0 to HW filter on device bond0
[  367.846396][ T7570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  367.883207][ T7570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  367.894259][ T7570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  367.905375][ T7570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  367.918112][ T7570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  367.929155][ T7570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  367.958108][ T7570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  367.971019][ T7570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  367.994715][ T7570] batman_adv: batadv0: Interface activated: batadv_slave_0
[  368.043085][ T7828] netlink: 'syz.3.555': attribute type 10 has an invalid length.
[  368.140524][   T12] hsr_slave_0: left promiscuous mode
[  368.178646][   T12] hsr_slave_1: left promiscuous mode
[  368.208258][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  368.216472][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  368.252373][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  368.259953][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  368.322671][   T12] veth1_macvtap: left promiscuous mode
[  368.328263][   T12] veth0_macvtap: left promiscuous mode
[  368.361665][   T12] veth1_vlan: left promiscuous mode
[  368.371601][   T12] veth0_vlan: left promiscuous mode
[  369.904992][   T12] team0 (unregistering): Port device team_slave_1 removed
[  370.170216][   T12] team0 (unregistering): Port device team_slave_0 removed
[  371.246535][ T7570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  371.280501][ T7570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  371.293991][ T7570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  371.305241][ T7570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  371.315168][ T7570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  371.325795][ T7570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  371.351467][ T7570] batman_adv: batadv0: Interface activated: batadv_slave_1
[  371.363377][ T7570] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  371.374530][ T7570] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  371.388635][ T7570] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  371.397815][ T7570] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  371.609948][ T7868] netlink: 'syz.3.560': attribute type 9 has an invalid length.
[  371.618201][ T7868] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.560'.
[  371.779921][ T7868] netlink: 4 bytes leftover after parsing attributes in process `syz.3.560'.
[  372.053615][ T7611] 8021q: adding VLAN 0 to HW filter on device team0
[  372.164722][   T51] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.172025][   T51] bridge0: port 1(bridge_slave_0) entered forwarding state
[  372.259284][ T2465] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.266457][ T2465] bridge0: port 2(bridge_slave_1) entered forwarding state
[  372.328512][ T7876] tmpfs: Unknown parameter 'usrquotah'
[  372.452845][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  372.452872][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.508822][ T6901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  372.508850][ T6901] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.564293][ T7611] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  372.593827][   T12] IPVS: stop unused estimator thread 0...
[  372.730765][ T5298] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  372.783326][ T7712] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  372.802283][ T7712] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  372.805670][ T7712] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  372.808538][ T7712] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  372.881891][ T5298] usb 3-1: Using ep0 maxpacket: 8
[  372.888879][ T5298] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  372.889827][ T5298] usb 3-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  372.889863][ T5298] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  372.889889][ T5298] usb 3-1: SerialNumber: syz
[  372.892720][ T5298] usb 3-1: config 0 descriptor??
[  372.912649][ T5298] usb 3-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[  372.991325][ T5298] usb 3-1: Failed to create links for entity 255
[  372.991356][ T5298] usb 3-1: Failed to register entities (-22).
[  373.523386][ T5306] usb 3-1: USB disconnect, device number 12
[  373.780309][ T7611] 8021q: adding VLAN 0 to HW filter on device batadv0
[  373.883952][ T7712] 8021q: adding VLAN 0 to HW filter on device bond0
[  373.913512][ T7897] netlink: 'syz.0.563': attribute type 10 has an invalid length.
[  373.977104][ T7897] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  374.144812][ T7712] 8021q: adding VLAN 0 to HW filter on device team0
[  374.182900][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state
[  374.190183][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state
[  374.258474][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.265759][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state
[  375.647182][ T7611] veth0_vlan: entered promiscuous mode
[  375.696773][ T7611] veth1_vlan: entered promiscuous mode
[  376.142658][ T7712] 8021q: adding VLAN 0 to HW filter on device batadv0
[  376.213700][ T7611] veth0_macvtap: entered promiscuous mode
[  376.233997][ T7611] veth1_macvtap: entered promiscuous mode
[  376.353241][ T7611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  376.364438][ T7611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.376437][ T7611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  376.388824][ T7611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.399064][ T7611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  376.409935][ T7611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.420189][ T7611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  376.431437][ T7611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.445265][ T7611] batman_adv: batadv0: Interface activated: batadv_slave_0
[  376.457218][ T7712] veth0_vlan: entered promiscuous mode
[  376.532706][ T7611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  376.546658][ T7611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.557009][ T7611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  376.567814][ T7611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.579033][ T7611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  376.591117][ T7611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.601143][ T7611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  376.611871][ T7611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.630325][ T7611] batman_adv: batadv0: Interface activated: batadv_slave_1
[  376.656260][ T7712] veth1_vlan: entered promiscuous mode
[  376.677086][ T7611] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  376.690816][ T7611] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  376.699696][ T7611] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  376.709190][ T7611] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  376.867526][ T7712] veth0_macvtap: entered promiscuous mode
[  376.888852][ T7712] veth1_macvtap: entered promiscuous mode
[  376.954771][ T2927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  376.971790][ T2927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  376.996417][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  377.009336][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.019829][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  377.031035][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.041323][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  377.052432][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.064682][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  377.075425][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.097000][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  377.108402][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.143550][ T7712] batman_adv: batadv0: Interface activated: batadv_slave_0
[  377.211138][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  377.226872][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  377.232210][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  377.280527][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.293019][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  377.304732][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.315439][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  377.326645][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.342435][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  377.353692][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.364280][ T7712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  377.381752][ T7712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.422131][ T7712] batman_adv: batadv0: Interface activated: batadv_slave_1
[  377.928020][ T7712] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  377.953854][ T7712] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  377.962975][ T7712] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  377.972264][ T7712] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  378.910959][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  378.917325][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  379.343687][ T7954] FAULT_INJECTION: forcing a failure.
[  379.343687][ T7954] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  379.357041][ T7954] CPU: 0 UID: 0 PID: 7954 Comm: syz.2.573 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0
[  379.367410][ T7954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  379.377513][ T7954] Call Trace:
[  379.380825][ T7954]  <TASK>
[  379.383788][ T7954]  dump_stack_lvl+0x241/0x360
[  379.388522][ T7954]  ? __pfx_dump_stack_lvl+0x10/0x10
[  379.393770][ T7954]  ? __pfx__printk+0x10/0x10
[  379.398415][ T7954]  ? __pfx_lock_release+0x10/0x10
[  379.403496][ T7954]  should_fail_ex+0x3b0/0x4e0
[  379.408212][ T7954]  _copy_from_user+0x2f/0xe0
[  379.412921][ T7954]  memdup_user+0x64/0xc0
[  379.417199][ T7954]  strndup_user+0x68/0xc0
[  379.421689][ T7954]  __se_sys_mount+0x9f/0x3c0
[  379.426584][ T7954]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  379.432615][ T7954]  ? __pfx___se_sys_mount+0x10/0x10
[  379.437855][ T7954]  ? do_syscall_64+0x100/0x230
[  379.442656][ T7954]  ? __x64_sys_mount+0x20/0xc0
[  379.447464][ T7954]  do_syscall_64+0xf3/0x230
[  379.452000][ T7954]  ? clear_bhb_loop+0x35/0x90
[  379.456719][ T7954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.462655][ T7954] RIP: 0033:0x7f1a1e37def9
[  379.467103][ T7954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  379.486741][ T7954] RSP: 002b:00007f1a1f1cd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  379.495426][ T7954] RAX: ffffffffffffffda RBX: 00007f1a1e536130 RCX: 00007f1a1e37def9
[  379.503430][ T7954] RDX: 00000000200005c0 RSI: 0000000020000040 RDI: 0000000020000540
[  379.511430][ T7954] RBP: 00007f1a1f1cd090 R08: 0000000000000000 R09: 0000000000000000
[  379.519425][ T7954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  379.527420][ T7954] R13: 0000000000000000 R14: 00007f1a1e536130 R15: 00007ffcb2881f58
[  379.535436][ T7954]  </TASK>
[  380.197079][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  380.425012][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  380.468034][ T7955] netlink: 'syz.3.574': attribute type 9 has an invalid length.
[  380.476558][ T7955] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.574'.
[  380.509864][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  380.525366][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  380.610664][ T7955] netlink: 4 bytes leftover after parsing attributes in process `syz.3.574'.
[  380.690692][ T5298] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  380.852476][ T5298] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  380.865024][ T5298] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  380.942542][ T5298] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  380.964227][ T5298] usb 5-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00
[  380.993220][ T5298] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.014845][ T5298] usb 5-1: config 0 descriptor??
[  381.403032][ T7972] netlink: 'syz.1.577': attribute type 9 has an invalid length.
[  381.428959][ T7972] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.577'.
[  381.439987][ T5298] hid-alps 0003:044E:120B.000A: item fetching failed at offset 3/5
[  381.448408][ T5298] hid-alps 0003:044E:120B.000A: parse failed
[  381.468076][ T5298] hid-alps 0003:044E:120B.000A: probe with driver hid-alps failed with error -22
[  381.556858][ T7972] netlink: 4 bytes leftover after parsing attributes in process `syz.1.577'.
[  381.690392][ T5268] kernel write not supported for file /dsp (pid: 5268 comm: kworker/1:6)
[  382.893340][ T7986] netlink: 'syz.4.576': attribute type 11 has an invalid length.
[  383.099764][ T7986] netlink: 210876 bytes leftover after parsing attributes in process `syz.4.576'.
[  383.792408][ T5298] usb 5-1: USB disconnect, device number 15
[  384.956827][ T7998] netlink: 'syz.4.584': attribute type 9 has an invalid length.
[  384.965105][ T7998] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.584'.
[  385.058906][ T7998] netlink: 4 bytes leftover after parsing attributes in process `syz.4.584'.
[  386.228387][ T8016] netlink: 'syz.3.589': attribute type 9 has an invalid length.
[  386.236339][ T8016] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.589'.
[  386.479531][ T8016] netlink: 4 bytes leftover after parsing attributes in process `syz.3.589'.
[  390.280187][ T8027] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  392.905947][ T4608] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  392.915859][ T4608] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  392.924290][ T4608] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  392.934964][ T4608] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  392.955014][ T4608] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  392.973194][ T4608] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  394.045936][ T8055] netlink: 'syz.2.600': attribute type 10 has an invalid length.
[  394.862878][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  394.910623][    T8] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  395.521660][    T8] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  395.530314][ T4608] Bluetooth: hci5: command tx timeout
[  395.536664][    T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  395.550723][    T8] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  395.581738][    T8] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  395.593905][ T8049] chnl_net:caif_netlink_parms(): no params data found
[  395.600922][    T8] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  395.627179][    T8] usb 5-1: Manufacturer: syz
[  395.642065][    T8] usb 5-1: config 0 descriptor??
[  395.659308][    T8] igorplugusb 5-1:0.0: incorrect number of endpoints
[  395.937449][ T8066] can: request_module (can-proto-3) failed.
[  395.945827][  T939] usb 5-1: USB disconnect, device number 16
[  396.005450][ T8049] bridge0: port 1(bridge_slave_0) entered blocking state
[  396.024109][ T8049] bridge0: port 1(bridge_slave_0) entered disabled state
[  396.195727][ T8049] bridge_slave_0: entered allmulticast mode
[  396.210746][ T8049] bridge_slave_0: entered promiscuous mode
[  396.230101][ T8049] bridge0: port 2(bridge_slave_1) entered blocking state
[  396.251347][    T8] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  396.327352][ T8049] bridge0: port 2(bridge_slave_1) entered disabled state
[  396.374358][ T8049] bridge_slave_1: entered allmulticast mode
[  396.424660][    T8] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  396.435033][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  396.492894][ T8049] bridge_slave_1: entered promiscuous mode
[  396.555342][    T8] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  396.657981][    T8] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  396.817581][    T8] usb 1-1: Manufacturer: syz
[  396.942654][    T8] usb 1-1: config 0 descriptor??
[  396.968868][ T5767] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  397.140531][    T8] rc_core: IR keymap rc-hauppauge not found
[  397.153643][    T8] Registered IR keymap rc-empty
[  397.582336][ T4608] Bluetooth: hci5: command tx timeout
[  398.004794][    T8] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  398.029791][    T8] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input24
[  398.134212][ T8084] can: request_module (can-proto-3) failed.
[  398.145122][    T8] usb 1-1: USB disconnect, device number 9
[  398.168654][ T8049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  398.647395][ T5767] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  399.001917][ T8049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  399.376032][ T8114] netlink: 'syz.4.612': attribute type 9 has an invalid length.
[  399.385354][ T8114] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.612'.
[  399.636970][ T4608] Bluetooth: hci5: command tx timeout
[  399.889360][ T5767] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  399.955213][ T8049] team0: Port device team_slave_0 added
[  399.972323][ T8049] team0: Port device team_slave_1 added
[  400.058249][ T5767] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.077404][ T8049] batman_adv: batadv0: Adding interface: batadv_slave_0
[  400.086953][ T8049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  400.134226][ T8049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  400.223276][ T8112] netlink: 'syz.0.613': attribute type 10 has an invalid length.
[  400.249119][ T8049] batman_adv: batadv0: Adding interface: batadv_slave_1
[  400.296036][ T8049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  400.532282][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  400.585780][ T8049] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  400.815167][ T8123] netlink: 'syz.0.615': attribute type 9 has an invalid length.
[  400.823834][ T8123] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.615'.
[  401.003307][ T8049] hsr_slave_0: entered promiscuous mode
[  401.317581][ T8049] hsr_slave_1: entered promiscuous mode
[  401.331040][ T8049] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  401.399877][    T8] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  401.410810][ T8049] Cannot create hsr debugfs directory
[  401.563234][ T5767] bridge_slave_1: left allmulticast mode
[  401.572559][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  401.590522][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  401.603653][ T5767] bridge_slave_1: left promiscuous mode
[  401.609401][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state
[  401.650665][    T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  401.694396][    T8] usb 5-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00
[  401.708393][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  401.718424][ T4608] Bluetooth: hci5: command tx timeout
[  401.734162][    T8] usb 5-1: config 0 descriptor??
[  401.817574][ T5767] bridge_slave_0: left allmulticast mode
[  401.850610][ T5767] bridge_slave_0: left promiscuous mode
[  401.879302][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state
[  401.908235][   T29] audit: type=1400 audit(1727170276.490:3): lsm=SMACK fn=smack_file_send_sigiotask action=denied subject="_" object="I" requested=w pid=8131 comm="syz.0.617" opid=8131 ocomm="syz.0.617"
[  402.159949][    T8] hid-alps 0003:044E:120B.000B: item fetching failed at offset 3/5
[  403.008441][    T8] hid-alps 0003:044E:120B.000B: parse failed
[  403.014889][    T8] hid-alps 0003:044E:120B.000B: probe with driver hid-alps failed with error -22
[  403.091272][   T57] kernel write not supported for file /dsp (pid: 57 comm: kworker/1:1)
[  404.627926][ T5219] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  404.640139][ T5219] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  404.655207][ T5219] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  404.695981][ T5219] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  404.704151][ T5219] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  404.714865][ T5219] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  404.788826][ T5269] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  404.943084][ T5269] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  404.961692][ T5269] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  405.020905][ T5269] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  405.037983][ T5269] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  405.054703][ T5269] usb 1-1: Manufacturer: syz
[  405.082422][ T5269] usb 1-1: config 0 descriptor??
[  405.200781][ T5269] rc_core: IR keymap rc-hauppauge not found
[  405.206790][ T5269] Registered IR keymap rc-empty
[  405.207326][ T5767] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  405.221692][ T5269] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  405.236623][ T5767] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  405.252640][ T5269] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input25
[  405.277832][ T5767] bond0 (unregistering): Released all slaves
[  405.499538][ T8156] can: request_module (can-proto-3) failed.
[  405.619080][   T57] usb 1-1: USB disconnect, device number 10
[  405.740142][    T8] usb 5-1: USB disconnect, device number 17
[  406.030711][   T29] audit: type=1326 audit(1727170280.610:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8170 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7557def9 code=0x7ffc0000
[  406.101649][   T29] audit: type=1326 audit(1727170280.610:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8170 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7557def9 code=0x7ffc0000
[  406.150697][   T29] audit: type=1326 audit(1727170280.610:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8170 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fdf7557def9 code=0x7ffc0000
[  406.258005][   T29] audit: type=1326 audit(1727170280.610:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8170 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7557def9 code=0x7ffc0000
[  406.466130][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  406.571033][ T5270] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  406.631871][   T29] audit: type=1326 audit(1727170280.610:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8170 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7557def9 code=0x7ffc0000
[  406.691519][   T29] audit: type=1326 audit(1727170280.610:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8170 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdf7557def9 code=0x7ffc0000
[  406.740600][ T4608] Bluetooth: hci2: command tx timeout
[  406.940016][   T29] audit: type=1326 audit(1727170280.610:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8170 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7557def9 code=0x7ffc0000
[  407.635735][   T29] audit: type=1326 audit(1727170280.610:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8170 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7557def9 code=0x7ffc0000
[  407.677607][   T29] audit: type=1326 audit(1727170280.610:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8170 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdf7557def9 code=0x7ffc0000
[  407.722873][   T29] audit: type=1326 audit(1727170280.610:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8170 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7557def9 code=0x7ffc0000
[  407.746759][ T5270] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  407.780583][ T5270] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  407.799292][ T5270] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  407.811248][   T29] audit: type=1326 audit(1727170280.610:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8170 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7557def9 code=0x7ffc0000
[  407.835899][ T5270] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.862932][ T8169] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  407.875657][ T5270] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  408.010936][ T5767] hsr_slave_0: left promiscuous mode
[  408.158104][ T5767] hsr_slave_1: left promiscuous mode
[  408.195280][ T5767] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  408.225399][ T5767] batman_adv: batadv0: Removing interface: batadv_slave_0
[  408.274837][ T5767] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  408.306027][ T5767] batman_adv: batadv0: Removing interface: batadv_slave_1
[  408.373589][ T5767] veth1_macvtap: left promiscuous mode
[  408.402179][ T5767] veth0_macvtap: left promiscuous mode
[  408.407804][ T5767] veth1_vlan: left promiscuous mode
[  408.435433][ T5767] veth0_vlan: left promiscuous mode
[  408.792549][ T8199] xt_hashlimit: size too large, truncated to 1048576
[  409.434893][ T4608] Bluetooth: hci2: command tx timeout
[  412.074827][ T4608] Bluetooth: hci2: command tx timeout
[  412.584478][ T5767] team0 (unregistering): Port device team_slave_1 removed
[  412.690240][ T5767] team0 (unregistering): Port device team_slave_0 removed
[  412.780034][ T8218] input: syz0 as /devices/virtual/input/input26
[  414.101130][ T4608] Bluetooth: hci2: command tx timeout
[  414.158619][ T8049] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  414.177981][ T8049] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  414.493431][ T8049] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  414.513570][ T8157] chnl_net:caif_netlink_parms(): no params data found
[  414.529229][ T8049] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  414.634328][ T5767] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.670799][ T5270] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  414.793761][ T5767] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.841973][ T5270] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  414.862145][ T5270] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  414.874307][ T5270] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  414.884928][ T5270] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  414.893390][ T5270] usb 1-1: Manufacturer: syz
[  414.905352][ T5270] usb 1-1: config 0 descriptor??
[  414.946690][ T8157] bridge0: port 1(bridge_slave_0) entered blocking state
[  414.957431][ T8157] bridge0: port 1(bridge_slave_0) entered disabled state
[  414.969471][ T5270] rc_core: IR keymap rc-hauppauge not found
[  414.977738][ T5270] Registered IR keymap rc-empty
[  414.988322][ T8157] bridge_slave_0: entered allmulticast mode
[  414.996084][ T5270] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  415.012984][ T8157] bridge_slave_0: entered promiscuous mode
[  415.039756][ T5270] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input27
[  415.083226][ T5767] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  415.138146][ T8157] bridge0: port 2(bridge_slave_1) entered blocking state
[  415.177417][ T8157] bridge0: port 2(bridge_slave_1) entered disabled state
[  415.213663][ T8157] bridge_slave_1: entered allmulticast mode
[  415.234761][ T8238] can: request_module (can-proto-3) failed.
[  415.247034][ T8157] bridge_slave_1: entered promiscuous mode
[  415.263578][ T5270] usb 1-1: USB disconnect, device number 11
[  415.339344][ T5767] bond0: (slave netdevsim0): Releasing backup interface
[  415.349543][ T5767] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  415.448417][ T8157] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  415.485827][ T8157] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  415.587264][ T8157] team0: Port device team_slave_0 added
[  415.637923][ T8049] 8021q: adding VLAN 0 to HW filter on device bond0
[  415.660175][ T8157] team0: Port device team_slave_1 added
[  415.704629][ T8049] 8021q: adding VLAN 0 to HW filter on device team0
[  415.792824][ T8157] batman_adv: batadv0: Adding interface: batadv_slave_0
[  415.799804][ T8157] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  415.911811][ T8157] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  416.251477][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  416.342193][ T5767] bridge_slave_1: left allmulticast mode
[  416.347903][ T5767] bridge_slave_1: left promiscuous mode
[  416.385765][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state
[  416.436428][ T5767] bridge_slave_0: left allmulticast mode
[  416.470379][ T5767] bridge_slave_0: left promiscuous mode
[  416.476772][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state
[  416.822551][ T5219] Bluetooth: hci4: command 0x0406 tx timeout
[  417.825858][ T5767] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  417.864028][ T5767] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  417.892479][ T5767] bond0 (unregistering): Released all slaves
[  417.928893][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  417.936056][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  418.008576][ T8157] batman_adv: batadv0: Adding interface: batadv_slave_1
[  418.017851][ T8157] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  418.104319][ T8157] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  418.293179][ T6901] bridge0: port 2(bridge_slave_1) entered blocking state
[  418.300343][ T6901] bridge0: port 2(bridge_slave_1) entered forwarding state
[  418.343682][ T8261] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  418.349829][ T8261] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  418.370313][ T8049] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  418.436746][ T8049] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  418.538078][ T8157] hsr_slave_0: entered promiscuous mode
[  418.576714][ T8157] hsr_slave_1: entered promiscuous mode
[  418.596721][ T8157] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  418.626118][ T8157] Cannot create hsr debugfs directory
[  418.673453][ T8261] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  418.679401][ T8261] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  418.858441][ T8261] ------------[ cut here ]------------
[  418.864201][ T8261] WARNING: CPU: 0 PID: 8261 at kernel/kcov.c:872 kcov_remote_start+0x542/0x7d0
[  418.873191][ T8261] Modules linked in:
[  418.877123][ T8261] CPU: 0 UID: 0 PID: 8261 Comm: syz.0.636 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0
[  418.887387][ T8261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  418.897460][ T8261] RIP: 0010:kcov_remote_start+0x542/0x7d0
[  418.903190][ T8261] Code: 4c 89 ff be 03 00 00 00 e8 6b a2 1d 03 e9 04 fb ff ff e8 e1 12 26 0a 41 f7 c6 00 02 00 00 0f 84 f2 fa ff ff e9 7f fc ff ff 90 <0f> 0b 90 e8 16 30 26 0a 89 c0 48 c7 c7 c0 d4 02 00 48 03 3c c5 50
[  418.923260][ T8261] RSP: 0018:ffffc90003be7230 EFLAGS: 00010002
[  418.929359][ T8261] RAX: 0000000080000200 RBX: ffff8880269d3c00 RCX: 0000000000000002
[  418.937352][ T8261] RDX: dffffc0000000000 RSI: ffffffff8c0adbc0 RDI: ffffffff8c601bc0
[  418.945378][ T8261] RBP: 0000000000000000 R08: ffffffff9422a82f R09: 1ffffffff2845505
[  418.953544][ T8261] R10: dffffc0000000000 R11: fffffbfff2845506 R12: ffffffff8194bd67
[  418.961530][ T8261] R13: ffff888023306640 R14: 0000000000000246 R15: ffff8880b862d4c0
[  418.969518][ T8261] FS:  00007f2f46adc6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  418.978457][ T8261] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  418.985039][ T8261] CR2: 00007fa64d3d8fe4 CR3: 0000000065982000 CR4: 00000000003506f0
[  418.993017][ T8261] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  419.001004][ T8261] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  419.008974][ T8261] Call Trace:
[  419.012252][ T8261]  <TASK>
[  419.015185][ T8261]  ? __warn+0x168/0x4e0
[  419.019345][ T8261]  ? kcov_remote_start+0x542/0x7d0
[  419.024484][ T8261]  ? report_bug+0x2b3/0x500
[  419.028991][ T8261]  ? kcov_remote_start+0x542/0x7d0
[  419.034112][ T8261]  ? handle_bug+0x60/0x90
[  419.038441][ T8261]  ? exc_invalid_op+0x1a/0x50
[  419.043138][ T8261]  ? asm_exc_invalid_op+0x1a/0x20
[  419.048172][ T8261]  ? kcov_remote_start+0x97/0x7d0
[  419.053206][ T8261]  ? kcov_remote_start+0x542/0x7d0
[  419.058325][ T8261]  ? mark_lock+0x9a/0x360
[  419.062654][ T8261]  ieee80211_rx_list+0x799/0x3780
[  419.067697][ T8261]  ? __lock_acquire+0x1384/0x2050
[  419.072767][ T8261]  ? __pfx_ieee80211_rx_list+0x10/0x10
[  419.078241][ T8261]  ? __pfx_lock_acquire+0x10/0x10
[  419.083275][ T8261]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  419.089265][ T8261]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  419.095605][ T8261]  ? ieee80211_rx_napi+0xd6/0x3c0
[  419.100633][ T8261]  ieee80211_rx_napi+0x18a/0x3c0
[  419.105574][ T8261]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  419.111906][ T8261]  ? __local_bh_disable_ip+0x179/0x220
[  419.117367][ T8261]  ? __pfx_ieee80211_rx_napi+0x10/0x10
[  419.122832][ T8261]  ? skb_dequeue+0x113/0x150
[  419.127431][ T8261]  ieee80211_handle_queued_frames+0xe7/0x1e0
[  419.133418][ T8261]  ? ieee80211_stop_device+0x2a/0xf0
[  419.138702][ T8261]  ieee80211_stop_device+0x3f/0xf0
[  419.143815][ T8261]  ieee80211_do_stop+0x1cb5/0x2300
[  419.148947][ T8261]  ? __pfx_ieee80211_do_stop+0x10/0x10
[  419.154415][ T8261]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  419.160311][ T8261]  ? lockdep_hardirqs_on+0x99/0x150
[  419.165519][ T8261]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  419.171863][ T8261]  ? wiphy_work_cancel+0x1f0/0x3e0
[  419.176985][ T8261]  ieee80211_stop+0x436/0x4a0
[  419.181675][ T8261]  ? __pfx_ieee80211_stop+0x10/0x10
[  419.186881][ T8261]  __dev_close_many+0x219/0x300
[  419.191739][ T8261]  ? __pfx___dev_close_many+0x10/0x10
[  419.197118][ T8261]  ? __mutex_trylock_common+0x183/0x2e0
[  419.202667][ T8261]  ? __pfx___might_resched+0x10/0x10
[  419.207959][ T8261]  dev_close_many+0x24e/0x4c0
[  419.212647][ T8261]  ? rcu_is_watching+0x15/0xb0
[  419.217415][ T8261]  ? __pfx_dev_close_many+0x10/0x10
[  419.222615][ T8261]  ? trace_contention_end+0x3c/0x120
[  419.227902][ T8261]  ? __mutex_lock+0x2ef/0xd70
[  419.232601][ T8261]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  419.238591][ T8261]  dev_close+0x1c0/0x2c0
[  419.242837][ T8261]  ? cfg80211_rfkill_set_block+0x1e/0x50
[  419.248472][ T8261]  ? __pfx_dev_close+0x10/0x10
[  419.253245][ T8261]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  419.259144][ T8261]  cfg80211_shutdown_all_interfaces+0xbb/0x1d0
[  419.265326][ T8261]  cfg80211_rfkill_set_block+0x2d/0x50
[  419.270788][ T8261]  ? __pfx_cfg80211_rfkill_set_block+0x10/0x10
[  419.276971][ T8261]  rfkill_set_block+0x1f1/0x440
[  419.281842][ T8261]  rfkill_fop_write+0x5b8/0x790
[  419.286699][ T8261]  ? __pfx_rfkill_fop_write+0x10/0x10
[  419.292072][ T8261]  ? bpf_lsm_file_permission+0x9/0x10
[  419.297452][ T8261]  ? security_file_permission+0x74/0x280
[  419.303125][ T8261]  ? rw_verify_area+0x1c3/0x6f0
[  419.307980][ T8261]  ? __pfx_rfkill_fop_write+0x10/0x10
[  419.313354][ T8261]  vfs_write+0x29c/0xc90
[  419.317600][ T8261]  ? kmem_cache_free+0x1a2/0x420
[  419.322546][ T8261]  ? __pfx_vfs_write+0x10/0x10
[  419.327332][ T8261]  ? __fget_files+0x29/0x470
[  419.332036][ T8261]  ? __fget_files+0x3f3/0x470
[  419.336742][ T8261]  ? __fget_files+0x29/0x470
[  419.341375][ T8261]  ? fdget_pos+0x19a/0x320
[  419.345811][ T8261]  ksys_write+0x183/0x2b0
[  419.350156][ T8261]  ? __pfx_ksys_write+0x10/0x10
[  419.355014][ T8261]  ? do_syscall_64+0x100/0x230
[  419.359800][ T8261]  ? do_syscall_64+0xb6/0x230
[  419.364479][ T8261]  do_syscall_64+0xf3/0x230
[  419.368984][ T8261]  ? clear_bhb_loop+0x35/0x90
[  419.373679][ T8261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.379679][ T8261] RIP: 0033:0x7f2f45d7def9
[  419.384110][ T8261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.403720][ T8261] RSP: 002b:00007f2f46adc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  419.412138][ T8261] RAX: ffffffffffffffda RBX: 00007f2f45f35f80 RCX: 00007f2f45d7def9
[  419.420135][ T8261] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003
[  419.428116][ T8261] RBP: 00007f2f45df0b76 R08: 0000000000000000 R09: 0000000000000000
[  419.436090][ T8261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  419.444059][ T8261] R13: 0000000000000000 R14: 00007f2f45f35f80 R15: 00007ffee17d91f8
[  419.452497][ T8261]  </TASK>
[  419.455537][ T8261] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  419.462812][ T8261] CPU: 0 UID: 0 PID: 8261 Comm: syz.0.636 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0
[  419.473134][ T8261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  419.483233][ T8261] Call Trace:
[  419.486536][ T8261]  <TASK>
[  419.489470][ T8261]  dump_stack_lvl+0x241/0x360
[  419.494166][ T8261]  ? __pfx_dump_stack_lvl+0x10/0x10
[  419.499387][ T8261]  ? __pfx__printk+0x10/0x10
[  419.503998][ T8261]  ? _printk+0xd5/0x120
[  419.508165][ T8261]  ? __init_begin+0x41000/0x41000
[  419.513217][ T8261]  ? vscnprintf+0x5d/0x90
[  419.517641][ T8261]  panic+0x349/0x880
[  419.521546][ T8261]  ? __warn+0x177/0x4e0
[  419.525707][ T8261]  ? __pfx_panic+0x10/0x10
[  419.530130][ T8261]  ? show_trace_log_lvl+0x3b2/0x410
[  419.535357][ T8261]  __warn+0x34b/0x4e0
[  419.539353][ T8261]  ? kcov_remote_start+0x542/0x7d0
[  419.544473][ T8261]  report_bug+0x2b3/0x500
[  419.548811][ T8261]  ? kcov_remote_start+0x542/0x7d0
[  419.553956][ T8261]  handle_bug+0x60/0x90
[  419.558132][ T8261]  exc_invalid_op+0x1a/0x50
[  419.562638][ T8261]  asm_exc_invalid_op+0x1a/0x20
[  419.567496][ T8261] RIP: 0010:kcov_remote_start+0x542/0x7d0
[  419.573222][ T8261] Code: 4c 89 ff be 03 00 00 00 e8 6b a2 1d 03 e9 04 fb ff ff e8 e1 12 26 0a 41 f7 c6 00 02 00 00 0f 84 f2 fa ff ff e9 7f fc ff ff 90 <0f> 0b 90 e8 16 30 26 0a 89 c0 48 c7 c7 c0 d4 02 00 48 03 3c c5 50
[  419.592929][ T8261] RSP: 0018:ffffc90003be7230 EFLAGS: 00010002
[  419.599008][ T8261] RAX: 0000000080000200 RBX: ffff8880269d3c00 RCX: 0000000000000002
[  419.607000][ T8261] RDX: dffffc0000000000 RSI: ffffffff8c0adbc0 RDI: ffffffff8c601bc0
[  419.615157][ T8261] RBP: 0000000000000000 R08: ffffffff9422a82f R09: 1ffffffff2845505
[  419.623141][ T8261] R10: dffffc0000000000 R11: fffffbfff2845506 R12: ffffffff8194bd67
[  419.631262][ T8261] R13: ffff888023306640 R14: 0000000000000246 R15: ffff8880b862d4c0
[  419.639244][ T8261]  ? kcov_remote_start+0x97/0x7d0
[  419.644303][ T8261]  ? mark_lock+0x9a/0x360
[  419.648633][ T8261]  ieee80211_rx_list+0x799/0x3780
[  419.653662][ T8261]  ? __lock_acquire+0x1384/0x2050
[  419.658707][ T8261]  ? __pfx_ieee80211_rx_list+0x10/0x10
[  419.664195][ T8261]  ? __pfx_lock_acquire+0x10/0x10
[  419.669261][ T8261]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  419.675251][ T8261]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  419.681590][ T8261]  ? ieee80211_rx_napi+0xd6/0x3c0
[  419.686631][ T8261]  ieee80211_rx_napi+0x18a/0x3c0
[  419.691584][ T8261]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  419.697920][ T8261]  ? __local_bh_disable_ip+0x179/0x220
[  419.703385][ T8261]  ? __pfx_ieee80211_rx_napi+0x10/0x10
[  419.708850][ T8261]  ? skb_dequeue+0x113/0x150
[  419.713450][ T8261]  ieee80211_handle_queued_frames+0xe7/0x1e0
[  419.719442][ T8261]  ? ieee80211_stop_device+0x2a/0xf0
[  419.724739][ T8261]  ieee80211_stop_device+0x3f/0xf0
[  419.729855][ T8261]  ieee80211_do_stop+0x1cb5/0x2300
[  419.735000][ T8261]  ? __pfx_ieee80211_do_stop+0x10/0x10
[  419.740470][ T8261]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  419.746376][ T8261]  ? lockdep_hardirqs_on+0x99/0x150
[  419.751585][ T8261]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  419.757919][ T8261]  ? wiphy_work_cancel+0x1f0/0x3e0
[  419.763041][ T8261]  ieee80211_stop+0x436/0x4a0
[  419.767734][ T8261]  ? __pfx_ieee80211_stop+0x10/0x10
[  419.772942][ T8261]  __dev_close_many+0x219/0x300
[  419.777821][ T8261]  ? __pfx___dev_close_many+0x10/0x10
[  419.783198][ T8261]  ? __mutex_trylock_common+0x183/0x2e0
[  419.788757][ T8261]  ? __pfx___might_resched+0x10/0x10
[  419.794061][ T8261]  dev_close_many+0x24e/0x4c0
[  419.798780][ T8261]  ? rcu_is_watching+0x15/0xb0
[  419.803605][ T8261]  ? __pfx_dev_close_many+0x10/0x10
[  419.808934][ T8261]  ? trace_contention_end+0x3c/0x120
[  419.814264][ T8261]  ? __mutex_lock+0x2ef/0xd70
[  419.818992][ T8261]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  419.824993][ T8261]  dev_close+0x1c0/0x2c0
[  419.829247][ T8261]  ? cfg80211_rfkill_set_block+0x1e/0x50
[  419.835143][ T8261]  ? __pfx_dev_close+0x10/0x10
[  419.839948][ T8261]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  419.845868][ T8261]  cfg80211_shutdown_all_interfaces+0xbb/0x1d0
[  419.852038][ T8261]  cfg80211_rfkill_set_block+0x2d/0x50
[  419.857529][ T8261]  ? __pfx_cfg80211_rfkill_set_block+0x10/0x10
[  419.863721][ T8261]  rfkill_set_block+0x1f1/0x440
[  419.868727][ T8261]  rfkill_fop_write+0x5b8/0x790
[  419.873589][ T8261]  ? __pfx_rfkill_fop_write+0x10/0x10
[  419.878967][ T8261]  ? bpf_lsm_file_permission+0x9/0x10
[  419.884350][ T8261]  ? security_file_permission+0x74/0x280
[  419.890005][ T8261]  ? rw_verify_area+0x1c3/0x6f0
[  419.894898][ T8261]  ? __pfx_rfkill_fop_write+0x10/0x10
[  419.900280][ T8261]  vfs_write+0x29c/0xc90
[  419.904648][ T8261]  ? kmem_cache_free+0x1a2/0x420
[  419.909604][ T8261]  ? __pfx_vfs_write+0x10/0x10
[  419.914376][ T8261]  ? __fget_files+0x29/0x470
[  419.918980][ T8261]  ? __fget_files+0x3f3/0x470
[  419.923673][ T8261]  ? __fget_files+0x29/0x470
[  419.928296][ T8261]  ? fdget_pos+0x19a/0x320
[  419.932724][ T8261]  ksys_write+0x183/0x2b0
[  419.937066][ T8261]  ? __pfx_ksys_write+0x10/0x10
[  419.942012][ T8261]  ? do_syscall_64+0x100/0x230
[  419.946890][ T8261]  ? do_syscall_64+0xb6/0x230
[  419.951601][ T8261]  do_syscall_64+0xf3/0x230
[  419.956153][ T8261]  ? clear_bhb_loop+0x35/0x90
[  419.960844][ T8261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.966744][ T8261] RIP: 0033:0x7f2f45d7def9
[  419.971165][ T8261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.990810][ T8261] RSP: 002b:00007f2f46adc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  419.999415][ T8261] RAX: ffffffffffffffda RBX: 00007f2f45f35f80 RCX: 00007f2f45d7def9
[  420.007503][ T8261] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003
[  420.015570][ T8261] RBP: 00007f2f45df0b76 R08: 0000000000000000 R09: 0000000000000000
[  420.023552][ T8261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  420.031525][ T8261] R13: 0000000000000000 R14: 00007f2f45f35f80 R15: 00007ffee17d91f8
[  420.039510][ T8261]  </TASK>
[  420.042885][ T8261] Kernel Offset: disabled
[  420.047286][ T8261] Rebooting in 86400 seconds..