last executing test programs:

7m4.891843807s ago: executing program 0 (id=439):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00"], 0x7c}, 0x1, 0x0, 0x0, 0x8010}, 0x4000090)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaa2d080045e90028006500000206907864010102ac1414bb4e", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="518003c6"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
getrlimit(0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x4000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x19)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
bind$netlink(r3, &(0x7f00000000c0)={0x10, 0x0, 0x25dfdbfe, 0x80000000}, 0xc)

7m3.846093732s ago: executing program 0 (id=444):
r0 = openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$BTRFS_IOC_RM_DEV_V2(r0, 0xaa00, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
r5 = syz_open_dev$audion(&(0x7f0000000d80), 0x1, 0x282000)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r5, 0x28, 0x0, &(0x7f0000000dc0), 0x8)
syz_usb_control_io$hid(r4, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "93bf0280"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0)
r6 = syz_usb_connect$cdc_ncm(0x5, 0x287, &(0x7f0000000580)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x275, 0x2, 0x1, 0x9, 0x0, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, "f2"}, {0x5, 0x24, 0x0, 0xfff}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x2, 0x28a1, 0xff}, {0x6, 0x24, 0x1a, 0x7, 0x10}, [@call_mgmt={0x5, 0x24, 0x1, 0x2, 0x7}, @mdlm_detail={0xff, 0x24, 0x13, 0xff, "2f840af56e70288a477f8b8f4cf2f9dbda7ccfee23b4bba2827bd1d27576c7a7e177bebd199aac46d5ea7ccb5e3a0747c478474f3e255f10004989c904866c8968e138dde914a460067e37793fcfc4e5a88c797dc21456ff5399e5be7b09d66f018a4a77df044751834fa7a1f8f72ed756d8338ac23c8f39f15f84c87a493ac131f9164e46e0f374e723f5862c6b6aabd150f813b410cfa913bb1a253b7022b55b52a251c93ca3d2bf1c199f8899c64ee79598f3eca55ffa98176170621af44bd78485da60d6a77e97aa6ee94854ae25709620751b2a03f5b700131daf2b3a6bcb108b02b34cc815ad04917cf0fb275810458567849b0ce3e7b18e"}, @obex={0x5, 0x24, 0x15, 0x21}, @dmm={0x7, 0x24, 0x14, 0x1, 0x100}, @mdlm_detail={0x101, 0x24, 0x13, 0x1, "7374cfc24194fc0e9e3392985c3ee63797565082a44c1d1ba2e56079926e2bd7c1343de66cf2af0b5ba047881543532939c6d500b374278534328bf05c411d3ec9f16e37f89cc3f7b171e8eab44e822730f7b15fb5f0531870685facad46c83729ef585815ce4f3fbf9003971ff6986dcedea5f68c3ad85b7a1d74ec299ae16d1b812d2ec0c84e45c74ef343dba74c49755b6f6f99d3a706f1785c84b9d7bed74f3bb9180916c4cf376d20e7c827ff26070eb3b036a47d21e29e0df73e1f39c218c3d50cd2f653ed87b169ff00398157e3aa410994c7d2a7f1825a4a49d11a78f61eef8466731b8f88d8c25d0692f44c7994756fd8e53ce94ae8c1c873"}, @dmm={0x7, 0x24, 0x14, 0xbe89, 0x28f}]}, {{0x9, 0x5, 0x81, 0x3, 0x0, 0x1, 0x1, 0x4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x6, 0x8, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x9, 0x0, 0x3}}}}}}}]}}, &(0x7f00000003c0)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x300, 0xa, 0x4, 0xef, 0x10, 0x40}, 0x38, &(0x7f0000000280)={0x5, 0xf, 0x38, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x8, 0xf8, 0x55}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x2, 0x3, 0x4}, @ssp_cap={0x10, 0x10, 0xa, 0x3, 0x1, 0xb4, 0xf, 0x6, [0xc0f0]}, @wireless={0xb, 0x10, 0x1, 0xc, 0x8, 0x7, 0x9, 0x3, 0xc3}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0xa, 0xa, 0xe2d7}]}, 0x3, [{0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x41b}}, {0x28, &(0x7f0000000340)=@string={0x28, 0x3, "4a533af57873676d537130dc8e94360e766813e0a1fe393341e26c08fd0c0c21d6a879ccdfc1"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x44d}}]})
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r7, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@delpolicy={0x50, 0x27, 0x1, 0x0, 0x0, {{@in=@private=0xa010100, @in6=@remote, 0x0, 0x0, 0xfffc}}}, 0x50}}, 0x0)
r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r10 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r10, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10)
setsockopt$inet_mreq(r9, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000180)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r10, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)
syz_usb_control_io(r6, &(0x7f0000000880)={0x2c, &(0x7f0000000400)={0x40, 0x53, 0xd, {0xd, 0x6, "d164c69d14f4a0a17bfb2e"}}, &(0x7f0000000480)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f00000004c0)={0x0, 0xf, 0x12, {0x5, 0xf, 0x12, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x5, 0x7, 0x401}, @ptm_cap={0x3}]}}, &(0x7f0000000500)={0x20, 0x29, 0xf, {0xf, 0x29, 0x2, 0x18, 0xff, 0x7f, "172e434f", "3dba1a7f"}}, &(0x7f0000000840)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x9, 0x18, 0x2, 0x1, 0x80, 0x5, 0x3}}}, &(0x7f0000000cc0)={0x84, &(0x7f00000008c0)={0x20, 0x15, 0x17, "8784284db21b8523005a7d86da0e5e3aec0bdb005fc9df"}, &(0x7f0000000900)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000940)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000980)={0x20, 0x0, 0x4, {0x3, 0x1}}, &(0x7f00000009c0)={0x20, 0x0, 0x4, {0x60, 0x8}}, &(0x7f0000000a00)={0x40, 0x7, 0x2, 0x6}, &(0x7f0000000a40)={0x40, 0x9, 0x1}, &(0x7f0000000a80)={0x40, 0xb, 0x2, "05e9"}, &(0x7f0000000ac0)={0x40, 0xf, 0x2, 0x8}, &(0x7f0000000b00)={0x40, 0x13, 0x6, @random="27f1a20b7fbb"}, &(0x7f0000000b40)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000000b80)={0x40, 0x19, 0x2, "edef"}, &(0x7f0000000bc0)={0x40, 0x1a, 0x2, 0x1}, &(0x7f0000000c00)={0x40, 0x1c, 0x1, 0x8}, &(0x7f0000000c40)={0x40, 0x1e, 0x1, 0x6}, &(0x7f0000000c80)={0x40, 0x21, 0x1, 0x2}})
close(0x3)
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x40)
r11 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r11])
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000018c0)={'team0\x00', <r12=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4000000010003b1500000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="41000000015001001800128008000100677470000c00028008000100", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r12, @ANYBLOB="c0228328ed8c3f5d3ad1c013daf85dc6cf31d70e99f95e2163cfe932e19ed4096d2c574791b8adbeec6bd5313ea4b49708725e113f5c43f2134c9a8d280d460bca4121d95ca321f3e3939739a6b25cb37ead6b96cec301321786f49bac69f9fcef773b36711e395130331281a7131b99d4341a06ed533573b944d9eb70443e61640d0a99d98cf869dfc3652de0b58908"], 0x40}}, 0x2400c080)

6m57.438784108s ago: executing program 0 (id=463):
fsopen(0x0, 0x1)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
get_robust_list(0x0, &(0x7f0000000300)=0x0, &(0x7f0000000340))
syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0xe5, 0x87, 0x6e, 0x40, 0x2040, 0x1605, 0xa94, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x58, 0x83, 0xb2, 0x0, [], [{{0x9, 0x5, 0x85}}, {{0x9, 0x5, 0x7}}]}}]}}]}}, 0x0)

6m53.092500309s ago: executing program 0 (id=471):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002f00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000c00)=ANY=[@ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r3}, &(0x7f00000006c0), &(0x7f0000000700)=r2}, 0x20)
sendmsg$inet(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000900)}, 0x3)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x86)
sendmsg$nl_route_sched(r5, 0x0, 0x10042008)

6m51.259855525s ago: executing program 0 (id=475):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}, @IFLA_GRE_ERSPAN_HWID={0x6}]}}}]}, 0x48}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000200)={'gretap0\x00', <r1=>0x0, 0x1, 0x10, 0x6, 0x8, {{0x27, 0x4, 0x0, 0x3c, 0x9c, 0x67, 0x0, 0x1, 0x4, 0x0, @loopback, @empty, {[@cipso={0x86, 0x27, 0x1, [{0x0, 0x4, "a240"}, {0x1, 0xf, "d53b746e75458b262611d73af5"}, {0x0, 0xe, "d7be4a9e08c04703939e2295"}]}, @timestamp={0x44, 0x2c, 0xf6, 0x0, 0x2, [0x3000000, 0x6, 0xffffe1d9, 0x9, 0x80000000, 0x100, 0x8000000, 0x200, 0x1, 0x9]}, @cipso={0x86, 0x1f, 0x0, [{0x6, 0xb, "bc2686af0c63b97942"}, {0x7, 0xe, "c6296640ed5c81967a837836"}]}, @ra={0x94, 0x4}, @generic={0x1c, 0x10, "e422c592b4dcdfd58a5fc64586da"}]}}}}})
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)=@newtclass={0x90, 0x28, 0x1, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0xe, 0xffee}, {0x14, 0xd}, {0xd, 0xffff}}, [@tclass_kind_options=@c_qfq={{0x8}, {0x1c, 0x2, [@TCA_QFQ_LMAX={0x8, 0x2, 0x5}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0xffffffff}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0x8}]}}, @TCA_RATE={0x6, 0x5, {0x1, 0x8}}, @TCA_RATE={0x6, 0x5, {0x5, 0x4}}, @tclass_kind_options=@c_mq={0x7}, @tclass_kind_options=@c_cake={0x9}, @tclass_kind_options=@c_qfq={{0x8}, {0x14, 0x2, [@TCA_QFQ_LMAX={0x8}, @TCA_QFQ_LMAX={0x8, 0x2, 0x4}]}}, @tclass_kind_options=@c_sfb={0x8}]}, 0x90}, 0x1, 0x0, 0x0, 0x10020044}, 0x20040045)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x146, &(0x7f00000004c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @local, @void, {@ipv6={0x86dd, @icmpv6={0xe, 0x6, "f22ada", 0x110, 0x3a, 0x1, @loopback, @local, {[@fragment={0x2f, 0x0, 0x5, 0x1, 0x0, 0x9, 0x66}], @time_exceed={0x3, 0x0, 0x0, 0x1, '\x00', {0x2, 0x6, "40a619", 0x40, 0x2f, 0x0, @mcast1, @empty, [@hopopts={0x32, 0x3, '\x00', [@hao={0xc9, 0x10, @private1}, @jumbo={0xc2, 0x4, 0xc9f}]}, @srh={0x1d, 0x14, 0x4, 0xa, 0x70, 0x10, 0x8000, [@private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}, @mcast1, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @remote, @ipv4={'\x00', '\xff\xff', @remote}, @remote]}, @fragment={0xc, 0x0, 0x8, 0x1, 0x0, 0x3, 0x64}], "2b2888be6783937f"}}}}}}}, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0xfffffd9d)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x20004800}, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a14000000020aff01000000000000000002"], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x40440c4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
recvmmsg(r5, &(0x7f0000000b80)=[{{0x0, 0xffffffffffffff6c, 0x0, 0x0, 0x0, 0x52}, 0xa}], 0x360, 0x120, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)

6m50.129097367s ago: executing program 0 (id=481):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="120100000977574011070002e72b010203010902120001000000000904"], 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd2(0xe5c, 0x80000)
r3 = eventfd2(0x4001, 0x800)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x7, 0x2, r3})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x10)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
dup(r5)
mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2d, 0xc0, 0x5, 0x7, 0x7f, 0x5, 0xf, 0x9, 0x3, 0x41, 0x7, 0x5c, 0x5, 0x5, 0xb, 0x7f}})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xe, 0x4, 0x4, 0x2, 0x1000, 0xf1, 0x0, 0x7fffffffffffb, 0x5, 0x0, 0x1, 0x0, 0x5, 0x0, 0xbde], 0x1000, 0x3c4210})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

6m34.952514673s ago: executing program 32 (id=481):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="120100000977574011070002e72b010203010902120001000000000904"], 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd2(0xe5c, 0x80000)
r3 = eventfd2(0x4001, 0x800)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x7, 0x2, r3})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x10)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
dup(r5)
mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2d, 0xc0, 0x5, 0x7, 0x7f, 0x5, 0xf, 0x9, 0x3, 0x41, 0x7, 0x5c, 0x5, 0x5, 0xb, 0x7f}})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xe, 0x4, 0x4, 0x2, 0x1000, 0xf1, 0x0, 0x7fffffffffffb, 0x5, 0x0, 0x1, 0x0, 0x5, 0x0, 0xbde], 0x1000, 0x3c4210})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

9.806092449s ago: executing program 2 (id=1801):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, 0x0, 0x0)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_loose}]}})
statfs(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000340)=""/192)

8.973685889s ago: executing program 2 (id=1805):
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
statx(r0, 0x0, 0x2000, 0xf0cb2f4a0c2cfc5d, &(0x7f0000000540))
unshare(0x68040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$IOCTL_STATUS_ACCEL_DEV(r0, 0x40046103, &(0x7f0000000040)={0x6, 0x8000, 0xa05, 0x7, 0x4, 0x0, 0x0, 0xe, 0x1, 0x2, 0xb, "97bf3a33f4c1eb021bfacfaa24b3618ed3c6ed32a94355ea29c001d8d6bbe000"})
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_netdev_private(r1, 0x8943, &(0x7f0000000140)="8d557f5094c38f748ec33512ef3a")
r2 = socket$inet_udp(0x2, 0x2, 0x0)
mknod(&(0x7f0000000000)='./file0\x00', 0x200, 0x735e)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x2f00, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @remote}}}})

8.779809371s ago: executing program 5 (id=1807):
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x8, 0x32, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x12, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x87, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x86}}, {}, [@jmp={0x5, 0x1, 0xb, 0xa, 0x0, 0x6}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000080)='GPL\x00', 0xa, 0x1001, &(0x7f0000001cc0)=""/4097, 0x41100, 0x23}, 0x94)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000111401000000000000000000080001"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x49, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000080))
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth0\x00', <r4=>0x0})
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f00000004c0)={r4, 0x3, 0x6, @broadcast}, 0x10)
setsockopt$packet_drop_memb(r3, 0x107, 0x2, &(0x7f0000000280)={r4, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)

8.420109533s ago: executing program 5 (id=1809):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeda}, 0x94)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/prev\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = creat(&(0x7f0000000340)='./file0\x00', 0x14)
close(r4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xac}, 0x1, 0x0, 0xffffffef, 0x4000850}, 0x40)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvfrom(r6, 0x0, 0x0, 0x2120, 0x0, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
getpid()
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
shutdown(r7, 0x1)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0), 0x1004001, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',7'])

8.143961492s ago: executing program 4 (id=1810):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xf, 0x4, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x8}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20}, {0x3, 0x3, 0x3, 0xa, 0x8, 0xfff8, 0x102}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000300)='syzkaller\x00', 0x4, 0xfee, &(0x7f0000001e00)=""/4078, 0x41100, 0x25, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)

7.403312211s ago: executing program 5 (id=1812):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0xd76}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x2, 0x3}, @const={0x0, 0x0, 0x0, 0xb}, @volatile={0x0, 0xb00, 0x0, 0x9, 0x2}]}}, 0x0, 0x3e}, 0x20)

7.288559162s ago: executing program 4 (id=1813):
syz_open_dev$midi(&(0x7f00000012c0), 0x2, 0x2082)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x280)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @ipv4={'\x00', '\xff\xff', @remote}, 0x4}, 0x1c)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x3}, 0x4)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r1 = socket(0x2000000015, 0x80005, 0x0)
bind$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
getsockname$packet(r1, 0x0, &(0x7f0000000240))
r2 = socket(0xf, 0x3, 0x2)
write(r2, &(0x7f0000a97ff0)="020baf010200000000067bbc8e1d4b48", 0x10)
sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x160, 0x0, 0x1, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x7c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x5}, @TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x4}, @TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "e626d0e8545e9f16041a22c2ea109d7ef4a778b2e2c28fa4b6a7c5e4e5a2d1"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9b}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7fffffff}]}, @TIPC_NLA_BEARER={0x60, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffff}]}, @TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0x160}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004084)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0x20, &(0x7f0000000000)={@in={{0x2, 0x4e20, @private=0xa010100}}, 0x0, 0x0, 0x3a, 0x0, "a30b3b28af4d2f246a016542daa845f387713f4048ff2ece1e75f1fc0100f41e4de6256109383664417165bba0dd5ace522fa788000000000033035551502f07b4001a00"}, 0xd8)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e63, 0x1ff, @loopback, 0x23}, 0x1c)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000180)=0xf)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r6, 0x8b2a, &(0x7f0000000040))
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x20082)

6.993311695s ago: executing program 5 (id=1816):
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x20028094)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x76, 0xa, 0x0, 0x0, 0x9b9, 0x61, 0x11, 0x70}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x90)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x20024840)
socket(0x1, 0x2, 0x0)

6.693439098s ago: executing program 3 (id=1817):
sendmsg$AUDIT_USER(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40854}, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000000)=0x1ff, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000500)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
write$6lowpan_control(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_CONTEXT(r5, 0x84, 0x11, &(0x7f0000000240)={0x0, 0x5}, 0x0)
write$6lowpan_control(r4, &(0x7f00000006c0)='connect aa:aa:aa:aa:aa:10 0', 0x1b)
write$P9_RVERSION(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030302e75"], 0x15)
r6 = dup(r2)
write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYRES32=r6, @ANYRESHEX=r2])
chdir(&(0x7f0000000100)='./file0\x00')
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
llistxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000002240)=""/26, &(0x7f0000000280)=0x1a)

6.639655569s ago: executing program 2 (id=1818):
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5}, 0x4000000) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) (async)
socket$inet_mptcp(0x2, 0x1, 0x106) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) (async, rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) (async, rerun: 64)
r5 = gettid() (rerun: 64)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) (async, rerun: 64)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async, rerun: 64)
name_to_handle_at(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) (async)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10) (async)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async)
mount(&(0x7f0000000480)=@nullb, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='squashfs\x00', 0x8200, 0x0)
r7 = socket(0x1, 0x803, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000f9ffffff0000000000000000850000004100000095000000000000003d789ade838a5adf0c21f97a9d6f55528c474cb385573d9fd2aff88c497a5d0ab93dbb1df77098cacd277206f0902cf2c1d66e1ef4fe6deeaf8739f048bff4c9d61b5c334ef7384130fd875789e46307b8f29c46149360bea59a42011aabc5001093a06d23b6cf4f033c6000c3ab63ee036fe7023574b86c8964c32f955d410083f7567735a2ca01000000000000008644e801f1753258c767236f2b3addb04f55cee250cb376879ae14b9e1ab98703bc7db41925c55b0a4141ae3c08d264831d0f6365469c35621850000f6ff0000000000000000000000000000000000317dc59df6de3bfd0d7f785ff1e9606c84574e4b80937ae83516d820278c4c3fda81599b7c4bf635910dcb747508404034d9478ff88e1cbfe43f46a1a5d9239e393f2bb309160118a787cb0c64b606ffe744f79c1bba0ca081302b0f04e377f1b6a3646cbe934ef6ad95d4f160a9dcc9550f9777ca5d2daa2b239547f27a221d2eefb2c40ffe95c97ce091b7c2a8c0471b9124af726edb5a3b9aba486b93cb5ea7fff68f53401f8e826d5afbb98ed8b015dc328a507d15260a18a79110e68f1d43dad73121b60ec43e98e3f522b61a4f8fc0ba0257e8fd5ac428b986c49c76395b5a51c2c75d8c1453771915705bd0925cf573b0a9c01d8e552fe288d3c0433cbe801747f335448deb0e7164f6df7d3554bc66ff51352f912d76519aa6290fe7e72402000000e85552c5c049dde27c5294dc77c8a4490492a6deb8108c14ac9a261e2d990f65ea36f217783759c06e37c3a2f3b0b3c38937"], &(0x7f0000000240)='syzkaller\x00', 0x4, 0xff0, &(0x7f000062b000)=""/4080, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x3d)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0xa0001f98, 0xfe71, 0x1f00, &(0x7f0000000440)="85f17444c5a569f1e21b08c0f264", 0x0, 0xa70a, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r8, 0xfffff000, 0xe, 0x0, &(0x7f00000001c0)="61df712bc884fe68a02780b605a7", 0x0, 0x77ff, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="440000001000010426b970000000000002000000d0dc7cbb23d5180cc491bcdb5646a3d0f35da6c4d0869b1d36c4c60b9935893881b43fe3211aa9ea4cad6ce65ec1b1bcf97ec414e383552f533b2f65da967a840dd5fd029982c71bafd539a126a9ebd2c6e920b0ff552427e1261e07ccc59e86d1e346000864f027bb437bdf1ed4de704c64b064437224f90a27ba44e0ceff9edf1a8292083e067f38be743abf25127426d4381714da74f0782e0b57fb112cbfa87173a5de686d45112406f598bcffd391f34cc078634a3a1f7c6d47b153a16a5c45dfe03b541ebc454a951ba97fe5ba2546f1e7977888525aeebc738ef7fb561cc696ce8e969515a9f5bd2917f585189fbca1ced86d849306127c5878e49b11bde7171691d2ca437eca2268d91d139104a97fb477e6ed94d0bbbc0f5dad2c1b0169a160694fa150fb86d9b4c2dbf9", @ANYRES32=r9, @ANYBLOB="00000000000000001c001280f6fd01007866726d000000000c00028008000200040000000500270005000000"], 0x44}}, 0x4000000)

5.884366089s ago: executing program 5 (id=1819):
socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = add_key$user(&(0x7f0000000440), &(0x7f0000002340)={'syz', 0x3}, &(0x7f0000000100)="370c099069", 0x5, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000400)={0x0, r2}, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41100, 0x10}, 0x94)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/raw6\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61152800000000036113500000000000bfa000000000000007000000ee0016055e15010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000150600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)
preadv(r3, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/198, 0xc6}], 0x1, 0xa3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000040}, 0x10)
write$tun(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0xfce)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0xa0842, 0x0)
write$dsp(r7, 0x0, 0xffda)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r8, 0x4008ae93, &(0x7f0000000040)=0x4)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_LAPIC(r8, 0x4400ae8f, &(0x7f0000000440)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be9774c95d6c007c91903f78616596487bf50017c56b15385ab264cba5b168c62d971e67e6f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a0f802074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e54e5b2897c3fff38eabf67e1e160c2b5e18be06457844d89c9a606b7d25fbde713f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9bf1fedf54cc2dc6aea6c42c32de40c291e5f422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b09edfd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883ca3648c27772fc5dbaea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe0293954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee744b1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380858965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9b97034f9400"})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

5.883815977s ago: executing program 1 (id=1820):
socket$kcm(0x21, 0x2, 0xa)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0xff46}], 0x2)
syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x400, 0x0, 0x3, 0x8003000000, 0x2, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5.571783741s ago: executing program 4 (id=1821):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$tipc(&(0x7f0000001600), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18)
ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, 0x0)
poll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x1080}], 0x1, 0x7f)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20040091}, 0x800)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, 0x0, 0x0)
setsockopt$inet_msfilter(r4, 0x0, 0x29, 0x0, 0x1c)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair(0xf, 0x3, 0x2, 0x0)

4.769575646s ago: executing program 3 (id=1822):
r0 = socket$alg(0x26, 0x5, 0x0)
accept$alg(r0, 0x0, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x2, 0x8044)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc2604110, &(0x7f0000000040)={0x200, [[0x0, 0x0, 0x8, 0x400, 0x6, 0x6, 0x3, 0x9], [0x8, 0x8, 0x8, 0x3, 0x1, 0x9, 0x4, 0x7], [0x4, 0x7, 0x6a31, 0x10000, 0x5, 0x7, 0x7f, 0x5d2b]], '\x00', [{0xfffffffb, 0x3}, {0x7, 0xf, 0x1, 0x0, 0x0, 0x1}, {0x3, 0x0, 0x1, 0x1}, {0x3, 0x1b5b, 0x1, 0x0, 0x1}, {0x8000, 0x7, 0x1}, {0xffff, 0x3}, {0x8, 0x10001, 0x1, 0x1}, {0x3, 0x5, 0x1, 0x1, 0x1}, {0xfff, 0x800, 0x0, 0x0, 0x1}, {0xaa88c00, 0x5, 0x0, 0x1, 0x1, 0x1}, {0xfffffffc, 0x9, 0x0, 0x1}, {0x0, 0x3, 0x0, 0x0, 0x1, 0x1}], '\x00', 0x622f344d})
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000002c0), 0x440, 0x0)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f0000000300), &(0x7f0000000340)=0xc)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r2, 0xc0984124, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
ioctl$BINDER_GET_EXTENDED_ERROR(r2, 0xc00c6211, &(0x7f0000000440))
recvmmsg(r0, &(0x7f0000000e80)=[{{&(0x7f0000000480)=@l2tp6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000500)=""/70, 0x46}, {&(0x7f0000000580)=""/191, 0xbf}], 0x2, &(0x7f0000000680)=""/44, 0x2c}, 0x5}, {{&(0x7f00000006c0)=@nl, 0x80, &(0x7f0000000880)=[{&(0x7f0000000740)=""/42, 0x2a}, {&(0x7f0000000780)=""/11, 0xb}, {&(0x7f00000007c0)=""/132, 0x84}], 0x3, &(0x7f00000008c0)=""/101, 0x65}, 0x3}, {{&(0x7f0000000940), 0x80, &(0x7f0000000d80)=[{&(0x7f00000009c0)=""/8, 0x8}, {&(0x7f0000000a00)=""/124, 0x7c}, {&(0x7f0000000a80)=""/81, 0x51}, {&(0x7f0000000b00)=""/38, 0x26}, {&(0x7f0000000b40)=""/77, 0x4d}, {&(0x7f0000000bc0)=""/252, 0xfc}, {&(0x7f0000000cc0)=""/181, 0xb5}], 0x7, &(0x7f0000000e00)=""/92, 0x5c}, 0x7}], 0x3, 0x2022, &(0x7f0000000f40))
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r2, 0x3b88, &(0x7f0000000f80)={0xc, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000fc0)={0x28, 0x2, r3, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x101})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000001040)={0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000001000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_CURSOR(r2, 0xc01c64a3, &(0x7f0000001080)={0x2, r4, 0xb92, 0x7, 0x1ff, 0x1})
r5 = syz_open_dev$vcsa(&(0x7f00000010c0), 0xa, 0x2000)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000001140)=@filter={'filter\x00', 0xe, 0x4, 0x12b8, 0xffffffff, 0x0, 0x98, 0x130, 0xffffffff, 0xffffffff, 0x1220, 0x1220, 0x1220, 0xffffffff, 0x4, &(0x7f0000001100), {[{{@ip={@rand_addr=0x64010102, @loopback, 0xff000000, 0xff000000, 'team_slave_0\x00', 'geneve1\x00', {}, {}, 0xff, 0x0, 0x14}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@ip={@multicast1, @multicast1, 0xff000000, 0xffffff00, 'pimreg1\x00', 'veth0_to_bond\x00', {}, {}, 0x5b, 0x4, 0x5}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0x10c8, 0x10f0, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x1, 0x0, 0x0, 0x1, './cgroup/syz1\x00', 0x4, {0x7d}}}, @common=@icmp={{0x28}, {0x11, "f24e"}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x1318)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000002800)={0x60, 0x0, &(0x7f0000002680)=[@reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f00000025c0)={@ptr={0x70742a85, 0x1, &(0x7f0000002480)=""/249, 0xf9, 0x2, 0x3e}, @ptr={0x70742a85, 0x1, &(0x7f0000002580), 0x0, 0x1, 0x26}, @flat=@weak_handle={0x77682a85, 0x1000, 0x2}}, &(0x7f0000002640)={0x0, 0x28, 0x50}}}, @exit_looper, @increfs={0x40046304, 0x2}, @request_death={0x400c630e, 0x3}], 0xfd, 0x0, &(0x7f0000002700)="cc7f9e2d1982acedb991948382ebb0dcff9b1f10e38f2df2338f278ead6203edbaddfbff247b3d31dd2c2087b0828b7f22fba96dd0aeb0db181ac775f4ea785453f64e73e93c779303a6d5c92611c1bb5e7117d7c25629bb4117f0a948814de8f8925f7972692a1edbe68aced2e576406a45c437c7ff0ff1aacf8daffc3769a324c2de590c6b4543d5f6fcd43bed68f00ae521ace9535f5b2e2beaa2551321524ef52d451fac07a9cf806790517086a23fb0e1482fcd1f383e52023a58cb8c120e3b77821774061d1eb7db9ce3d91ed632d894b4ed36c34526840c4ab8bd60dc8ff40ad35cf0d96f14d894bff79962e54240f9057d4cee63dd58ceba2d"})
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000002840), &(0x7f00000028c0)=0x68)
sendfile(r5, r0, &(0x7f0000002900)=0x8, 0x3)
epoll_create(0x4)
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r2, 0x8040942d, &(0x7f0000002940))
ioctl$IOMMU_VFIO_IOAS$CLEAR(r2, 0x3b88, &(0x7f0000002980)={0xc})
setsockopt$inet_int(r5, 0x0, 0xc, &(0x7f00000029c0)=0x5, 0x4)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, &(0x7f0000002c40)={'syztnl1\x00', &(0x7f0000002c00)={'ip_vti0\x00', <r6=>0x0, 0x8000, 0x8, 0x4, 0x7, {{0x6, 0x4, 0x1, 0x13, 0x18, 0x67, 0x0, 0x3, 0x4, 0x0, @private=0xa010100, @loopback, {[@noop]}}}}})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002d40)={0x6, 0x26, &(0x7f0000002a00)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @printk={@lx}], &(0x7f0000002b40)='GPL\x00', 0x5, 0x4c, &(0x7f0000002b80)=""/76, 0x1f00, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000002c80)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000002cc0)={0x4, 0xb, 0x7, 0x5}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000002d00)=[{0x1, 0x2, 0x6, 0x6}, {0x4, 0x4, 0x6, 0xd}, {0x4, 0x5, 0x8, 0x8}], 0x10, 0xfff}, 0x94)
socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_proto_private(r2, 0x89ee, &(0x7f0000002e00)="63295e05501935f29e97d4db1ad81dc5da66dfca58d5d0264e8a20c515cd37a90dec548bff4240b5b25dad9b42d3500e3421aebc55144bb9fe8339eef5350ad4ea60c4d59c06288b16b5773a0c27923dee58eb0781a1f0dde1be13d68238b53366ec8bbd3727db47b094aa0bc942a5f503461b967a4a42caf20a610bdbb75c54e9f4e13b0319c40a5db7e5f86c6beeb6bba8590c69d6d377170496189ed1ab96a2072eb284871a0d191b6aff30877b00a511baa7a6aa3c")
socket(0x2a, 0x1, 0x4)
ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r5, 0x3ba0, &(0x7f0000003ec0)={0x48, 0x4, 0x0, 0x0, 0x1000, &(0x7f0000002ec0)="4815f082a718fc882a46cd84bfd931c149b9446698671e8076e269413cb4641e7f326cfb68107eee816efbb2f65e8abbdfdb5f1f67612a5424663f38086d0cf6d02fb4549aca9c667e7ab320c1bdc4c923a98b45cbf562044ec9c5fd592a7877a2a91e20254ecc6cce50a85284a646940e97034fb2e607b84bab15325534d3f569cd042f14a578467b1370297beeb52911807b4a6a1e4ec70a1e93ceceb008018860033ad93acf9149c0875f72a485d16b2b0e4ba9f86c42f3364910ce7aeef48c231908d61a21eb4a1bfe88c46bb5487ccb97decd944c311916491f3ab107c7f4c989a7e8fe64592c55bbae10dd0fec02e6b6d57b26119369a5bb75984bfe305162492924172d55cc54f946537b5f768b26f16541f5a725707d99d3f70e4099edda5b328f3513cd4da7ba95ab6fdb11a1a4a03eded92a65f79ca85fb6cfc0071937dbfafe970edf39c7c12d7c5726ac33f9a4d680995ade8718d47c3b61051520405677b24ab90a703e56ffa1ae16d2953e8cc3930b5020145ffcd25214bc49e6fb30bab2dc440d0964e008d0ec09ae1042eaca097b84439e50e39678050e7a3fdfb724585673dac64d5f49802b5da3435bb0116ffbe98be75d0b405ef6dd74c6a036e23509bd42dff95ed42784f12901b3b656f62f06296cec0cdc6a827e8bcbb580ca45b920096841f291d0ce5c1391366f7eaa2f1afad4779786a01b3e1bc8b9420bbe70084d97836ac6d34f31f69cbc50ffe4cd7039bfa227715e571278155cd28707492359aaf798a6ed137840c975555cd7a1f0ba74f7e4fadfe33e72bd46e945f0fd1d14eb6b6de7d58e8dc95a7f4cfc002dce8866e56295d732696fc1237b4cef7d228524559d93556d224ecf65a7eedfd0ca30edda8092b405cc9605013af4d311fad28e1011f231dccf9b25451a981bdd306874499de976dde3d9dec4968494a6e102bd5270a5533ccf3224cb25831aba5ac1a48c4ab874f9a3004c617bd5603b68b7dc8fb08fe7a48aec0bcaf0e8c83dc208edf52cb408fa795af606e3cafb6f76813cdc1587ca20ac900c47ffebe894812b28fc0fc041d8cfe473947149b97ac063ba5bd70a2a26eca946d704eb032bb2fb84e0943841c144be19b5c4271a06b8bb55bd2bebdc13a08f43ac3b9f1c547a3d70f317d257f5da6c09531c3e5a3bfb1d1030a6f5d8eed04158741b656b029186b9a7e00633d4bede2ca3a971142e829bdd602cb51137a8f495b288bc4296a29202bd2995a1960610282a973723f29e18d7a76f2b018f166e3aa54019cefe77f16e3670c7c2f1e3e9d3003f192f29bc692f35771a409d8916d3829b171eef84691b92ceac065951f0737a42d7cdd3c5cb00fa8beb668acc383fd8250fe1b15c7c17d86202a3a3ee71e83c84a3c40d4bcc6dcefefda112a9899de1d0ec467fb215d220738d8dd99aec70c36c58415b6f4878874690ec9f7c123f24a6e045a206a8c1c59c3500089ab34a7db93af5c06d92f5e2b4bbbc32eb4672d00bbb56212f25a7619a966e5b9f6c44c47780593c5de37f6385e8a0b4086ba279d2c66d7436cf94a7b64710170999fa9a7fdad5734f290a236db35665ca5a9b7ca38e3f8568413d05d18a0d24b0be50673a900566f04c8a9b6416a81ad6d0857e866fd814ad120fbca24e0f4002d4b424ea3016eb12625ddc1e465650bb3d6920fc4046fdb2234f92cb4f4ca90c4a3a4ecf8a944075a9beb926241929a821551b6821a79704b2a5808d3ff03320d13a7acdf921db83ea8d28ca93df733f14b703d49f81f576bf160ab774da84ec874e346665922782706743c6c7ca5c0cbfb7954686139c1d13d4c23fba8a8fa0c874bbfa061cad5ae238715583da8bf5a67d3b658278b8c95b872197bdb6368de24c559a072acca26b02bde964b61becabb344af6014da6885df8e23c7c070987cff13c28b402ed8f12b6bb2e16dfcc15070ff868306886ed4099e5cae759b23e41060a3be94f740bdff69f1ae9eaeb3f46b8b0756e480a36140a16dbc0b8386e023a1bde1abd331bd43b6b17a3ddf825a48d0895533a871cc093ee2511a142fe7e11291106ec9988f837b48dd87f59ea1fcc20b112136d27867e74ec8ba1f39d14bed528c1345b0db5a15ac8fcf07a15b767a939bf798cdf221fdf08d85c25c1214f61d04c83e5ea6f58d24f811649abf0aea4b845417909d0235efcc201c4d7f3af96c1359d8671d0d5fada64556c8e0a19acadbb7782a71bb9a74f927c8fddee301df2a90c384362a851f38d05fc02ac31d41e087dde2758c754b773e51085c6f1f9df1bc8323e00d261f10673c83d8a0a6f4072e46d69ab6c7a0b3e908af0bcd2a3a7b44741a63b7be5a19e161e295b41b1bfadfc31de81f990060093e1af8b9e20c6093426323c4c58a0e7014ee2859f5682a55e1a3c565f9fec19146797cf5c8ab5fc982d17cf077f239b6e46fca6485a0d095d60ad6955506550137b3ef093753117711835d13cbfef7e290f0bf50d25c2ba1c158c098fc63bbcfd1dc568061aba9860afb2ace3f4346dd4000c532113764027b61ae38c0dc70a11eaed50dd974e0c4cac14f57295909f5c83da39ba21b13ab5d8b0c9d9a9f9ed96627025a6e93ebb63a62b79a852e536c67ddb4e1b8a1601f06829b40e2fafabdbce70f5f2a82d408094d49b8523d16d44a10bff1b5a5b08dd997f7a24de0a99f0705f7939aac10b589290e0c0c4b7b3fdfae2d4733adb2330dcfa1854e7c104f6e432fea4f2346c7822f20a609fdb67bf5e9cd3d6843203bfbc843b2e88d4a7e0890ee3c1c81a8582ed2ce3118db6bbd5297e97c7b4cb1e73757da1a4c2567d4dac97f2a074434c8d69409408603a404b52b1e7a118d37911b73c3ff81870a7a687113600db307fed27e9b764977a19b512c25270ab6de52f8d70468b1915d5b0c28e2d7c422a62d9b0be529809d646540c0ab9719ea961697422936a5f114292f998990ed2f2f595c39e52249296ea67ac29e7ded0a8b84832c84b58b12b315c87af1abfebc6a9e7eac782865da0c5e587bf1f9aaafd7ec99a7507ea81f5d3221ca4bb95dc9ff88f4f6a45750f3250067e7a6925e756488dffae4a9800573443cbd912e265e3d75b844fa27a4864c6f1099074c2c30aa24a9f7bb96f1803b08845259ecdb59ffa45edbd569d1f8f48701e031943024b0ef2fc88995d2cbc4746d5e6413b6f79026019b0e99756607c9b66f7e9b460224f7e5beb4a240e60de21eade4018771217af43e3789898ff81e6891cb09c83809e9a298e495740a09e714ce22eed26980612375c87c5aea4742cad68c687794b87d3772a03a2fd69f9b192fcae2eb2a62a89af456f5359dd4a419eee95cec19d0f0b21cd1e28505f94083d142ff289791967faefbc3f9d2f0f4168ead03e262bee5ff2ce43805d67c2a0d2d89cb6e8a73a1aee8fe79d8b115256fc465edd471755c1401943ff6efcc8b276a411526492c9eeb97956ad7d371da21f09f49cf877d43f85385dc219f4408561ff932ce0038b471f2b00ed30854861943430f928be7d83c567e22497b97fc8df974cb4141d939193dd495e14d0aa4229aa698c1682b9ef5a2205c1585b5760ce55acdbe8dcaa7270665bea0f76202cceceb4d44a8ad1d4237f11f16d40d00af57cee78a719137bc70c9fc70e0c85c7ffd4b9e3a8450b8b8fd8f15a2c2bf220c4a0194acac5d8e1241b2263dd4da54c738a9db7022bc7d1b5df4d77d3f183c162c4ff70ff417a36f4e921b5a27a04b6da8f84cb607e98a6e8417ad54572dfc1cf866712689905af0e55665d6693bbceab9c4a2b604a10be4d71ea46becda44bff954531d03cbd196f923dd696595474ec6e72f1fb1cdb0cb704c207d8ae93a55139c9e063925fcf0707ceab72dfe9c844819a3e1a5edd15bc271582d303a755064fda0d89114dccfe0adce156f7bffe3338bd241a5cab933fde7559b55914761b4c9cdf6fedee4e2f0cac5e362f5c60f143186fe69b1739fe29c573edcffe65425d9c6a7434c0bf817a1c2170b5c0ee1e1ebff0c3a61c00045069cc7355436bae4110196caaa5153c697057ba98b75918ae64896d0a4424dc6e4f20d4ab6f901ac39304c929cb0bc52e77d66755e81cee136182f19ddb93b53e40726630eb41a9096cbb536680cff360072979c9af8d2a860de06de06c7cc901f863b750555ebb49cb0cd18ac3b003acc54423f91f332a955416ceef47ded68dca9e263a6181890c510c7b1484d5fc73445f36d7f00c902167f01c51f2529d5a982c034580bc90d13872e55479bb95a3c49094256aa3ab552d2124eee28de6320a4bde2fba36a2549b11c6e44b650c968be280d30b23701fe99547442d63868cdeb65276b4ce508460087371d23664ff16f5f9262182a98346b518e1c8862773aeb3eaf07e90855ac2d40e6737afed5dbe7e9d2d977d1617cd26ac169a0f47423ac8a301f985beb58a5d66078cb48b28485e96f4d83e6edf97ed8faafdfe8ad71fe5174760dd89cc9c089c0509a2a055054e8efbf8eb2652ed04f05ee210a8f4ba23457bea643d43c0d8a636d18097eb75d5a16c9cc8d958f0cd28995c799f41149935a7ca72082a06535849163cc808437d083ae14c111dc7b17b03bb7d17674889d21699bf92f733c08911f0f0a7f3a7fecfcf042c48eb0c98bd0602b73d8fea835e48616a38f086fd6dd20842202418a0a532a496951556863ea1e0f269deae549124885c6d49f04d37a703247b552841963c3ef94ffac27a5740878e6d7a71ea09908b27c28390dfc656beb690f45505ab9afeb1d9328eed20a9fa778e52a763c7b193b2c9b2e72d149a54c91be3a060f7ff72fad8d72560e88d417aee509c361e856a2a9bfb3a1c22506a8f789708909ae8357eec49bd5fbeb8051df30a1188a3d257a72c367c49bfa5741e8a194c64bc0cd5031291dd3de2ea5badfed71c4a81110cb78c7c6dc9e6f395219807178bef1db4a88569acf7e133ecdb7b087aa9adf37c9a457dc92b180bd3bedd2e80b2537193c44590d791b0e59eba02a0676f5f251dcf7603e7de2380c6066402c41e7c7d7b9bff9d0745dca5b0dedfeab24edb16b43da2e611c1aab377dd65ae3dd53c8121187dd53a0caf29f9908f03713b9716e8cfca886db7cec10c2d32321b161f7444368cefa4b5cea8e494f8ab40333565d19106644445c16c0f071e0a352846c2e513c2a3482e61420deb45eaa9f2d7accdc38f38df98d2bac3a669f546855c401813bdd2b0530deae681f3174ae3810978bad9bf1dcbb6f657e26bb188bea64b4f7dbee96d286049b4bb60b4e1ff76b59283c89cef33356f9ee6d63725a34f695f6b872459fd64d4f22ff8b7ec3ec35ffb3e75217248fcfad68d2070570995a6de92ed2282c98a0a1c8ca39741d63e4dd5d11816797dc8827626a5787618cbfbedf71876d110678ffa6557889c09b646ef83b5f5f06f8ef2e278e71367ca79cc52d54b7aa79cd556209f34ae380febd640b41fa195b31e901aa1942702410a9b4331aac7212acdd18849bd2cb5795e70de8d2703ed0297c6fb04b9014bf565da0c66b65cfa82e7b25e78e5bc6ec65ccf2f425dc2f07fc5747679307e3c302f16960dce51b336e96a492120ebdf5025e777da974eb286b9bca18786582cf68e7fbb41ed58ac3e65b17de645032550604a0e0920a61681b2c502c0af0115d9fee9a06b5aee0dd7b086da7d47726d4438b983eb66c1308c5dcf646ac701488726f8cee788327130f10218d99741f8fadbfd4e0ad9697", 0x2})
ioctl$EXT4_IOC_SETFSUUID(r1, 0x4008662c, &(0x7f0000003f40)={0x0, 0x0, "50db1c30729c8a37a638630c8040ca19"})

4.618424374s ago: executing program 4 (id=1823):
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
sendmmsg$inet(r0, &(0x7f0000000340)=[{{&(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000400)='\b\x00\x00\x00(\x00\x00\x00', 0x8}], 0x1}}, {{&(0x7f0000000480)={0x11, 0x4e21, @multicast2}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000440)="08000000001f009e", 0x8}], 0x1}}], 0x2, 0x4044800)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000280)=@gcm_256={{0x304}, "3f60eb8f2777c39a", "5985e81ad0d9585bc175cbecd3f55eb699e3070cc206f3ba527c85bde06fbf19", "bc5ec28f", "b200"}, 0x38)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x4, &(0x7f0000000100)=@ccm_128={{0x303}, "228481a9465c8fec", "38967a2445914c2e1c6598a7f56a364a", "0100", "bff5b80e1f6fd131"}, 0x28)
socket$inet_icmp(0x2, 0x2, 0x1) (async)
sendmmsg$inet(r0, &(0x7f0000000340)=[{{&(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000400)='\b\x00\x00\x00(\x00\x00\x00', 0x8}], 0x1}}, {{&(0x7f0000000480)={0x11, 0x4e21, @multicast2}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000440)="08000000001f009e", 0x8}], 0x1}}], 0x2, 0x4044800) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) (async)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2) (async)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000280)=@gcm_256={{0x304}, "3f60eb8f2777c39a", "5985e81ad0d9585bc175cbecd3f55eb699e3070cc206f3ba527c85bde06fbf19", "bc5ec28f", "b200"}, 0x38) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) (async)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x4, &(0x7f0000000100)=@ccm_128={{0x303}, "228481a9465c8fec", "38967a2445914c2e1c6598a7f56a364a", "0100", "bff5b80e1f6fd131"}, 0x28) (async)

4.616427281s ago: executing program 1 (id=1824):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
ioctl$IOC_PR_PREEMPT(r0, 0x805c6103, &(0x7f0000000040)={0xd0})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000000)='./file1\x00', 0x4000, &(0x7f0000000e00)=ANY=[], 0x2, 0xc39, &(0x7f0000001040)="$eJzs3U9sHNd9B/DfG+2KK7mtmNhRnDQuNm2Ryorl6l9MxSrcVU2zDSDLQijmFoArkVIXpkiCpBrZSAumlx56CFAUPeREoDUKpGhgNEXQW5nWBZKLD0VOPREtbARFD2wRIKeAxcy+FZc0adESKVHW52NT393Z92bem7eekQW9eQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARPzeKxdOnkoPuxUAwIN0afSrJ0+7/wPAY+WK//8HAAAAAAAAAAAAAID9LkURT0aK2Uurabx639W42Knfuj02PLJ1tUOpqnmgKl/+NE6dPnP2Sy8Mnevlxc70h9TfbZ+N10avXGi+PHNzdm5yfn5yojk23bk2MzG54z1sVb8eO6+/2fHqBDRvvn5r4vr1+ebp589s+Pj24PsDTxwdPD/07IlnemXHhkdGRteLNPrL1+65IV3bzfA4GEWciBTPfe+nqR0RRWxzLj7CuWw82LHf7FDVieNVJ8aGR6qOTHXa0wvlh5d7J6KIaPZVavXO0dZjEbX6A+3D9loRi2XzywYfL7s3Otuea1+dmmxebs8tdBY6M9OXU7e1ZX+aUcS5FLEUESsD5dZ/3rC7ehRRixTfObKarkbEgd55+GI1MXj7dhR73M+7KNvZrEcsFY/AmO1jA1HEq5HiZ+8ci2v5OlNda74Q8WqZP4h4q8yXIlL5xTgb8d7Aw241u6UWRfx5Of7nV9NEdT3oXVcufq35lenrM31le9eVj3h/+MCV4iHdHw5tygdjn1+bGlFEu7rir6Z7/80OAAAAAAAAAAAAAAAAALvtUBTxmUjxyr//UTWvOKp56UfOD/3+4C/3zxl/+i77Kcs+HxGLxc7m5B7MEwMvp8spPeS5xI+zRhTxx3n+37cedmMAAAAAAAAAAAAAAAAAAAAea0X8JFK8+O6xtBT9a4p3pm80r7SvTnVXhe2t/dtbM31tbW2tmbrZyjmeczHnUs7lnCs5o8j1c7ZyjudczLmUcznnSs44kOvnbOUcz7mYcynncs6VnFHL9XO2co7nXMy5lHM550rO2Cdr9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfJwUUcQvIsW3v7GaIkVEK2I8urk88LBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACUBlIR348UzT9o3dlWi4hU/dt1rPzlbLQOlvnJaA2V+VK0LuRsV1lrfeshtJ/7U09F/DhSDDTevjPgefzr3Xd3vgbx1jfX33221s0DvQ8H3x944uiR80Mjv/b0dq/TVg04frEzfet2c2x4ZGS0b3MtH/2TfdsG83GL3ek6ETH/xpuvt6emJufu/UX5FbiP6o/Qi1R7XHrqRfUiavuiGQ+n7zwGyvv/e5Hit9/9j94Nv3v/b8Qvdd/ducPHz/9k/f7/4uYd7fD+X9tcL9//y3v6Vvf/J/u2vZh/N1KvRTQWbs7Wj0Y05t9480TnZvvG5I3J6bMnT355aOjLZ07WD0Y0rnemJvte7crpAgAAAAAAAAAAAAAAAHhwUhG/GynaP15NzYi4Xc3XGjw/9OyJZw7EgWq+1YZ526+NXrnQfHnm5uzc5Pz85ERzbLpzbWZicqeHa1TTvcaGR/akM3d1aI/bf6jx8szsG3OdG3+4sOXnhxsXrs4vzLWvbf1xHIoiotW/5XjV4LHhkarRU532dFX18paT6T+6eiriPyPFtbPN9Pm8Lc//3zzDf8P8/8XNO9qj+f+f6NtWHjOlIn4eKX7rL56Oz1ftPBwfOGe53N9EiuPnPpfLxcGyXK8N3ecKdGcGlmX/N1L8wy82lu3Nh3xyveypHZ/YR0Q5/kcixff/7Lvx63nbxuc/bD3+hzfvaI/G/6m+bYc3PK/gvrtOHv8TkeKlJ9+O38jbPuz5H71nbxzLhe88n2OPxv9TfdsG83F/c3e6DgAAAAAAAAAA8EirpyL+NlL8cKSWXsjbdvL3/yY272iP/v7Xp/u2TezOekV3fXHfJxUAAAAA9ol6KuInkeLGwtt35lBvnP/dN//zd9bnfw6nTZ9Wf873K9VzA3bzz//6Debjjt9/twEAAAAAAAAAAAAAAAAAAGBfSamIF/J66uPVfP6JbddTX44Ur/z3c7lcOlqW660DP1j92rg0M33iwtTUzLX2Qvvq1GRzdLZ9bbKs+1SkWP3rz+W6RbW+em+9+e4a7+trsc9FipG/65XtrsXeW5v8qfWyp8qyn4gU//X3G8v21rH+1HrZ02XZv4oUX/+nrcseXS97piz73Ujxo683e2UPl2V7z0f99HrZ56/NFHswKgAAAAAAAAAAAAAAAAAAADxu6qmIP40U/3Nz6c5c/rz+f73vbeWtb/at97/J7Wqd/8Fq/f/tXt/L+v/VcwUWtzsqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8PKUo4s1IMXtpNS0PlO+7Ghc707dujw2PbF3tUKpqHqjKlz+NU6fPnP3SC0Pnevnh9XfbZ+K10SsXmi/P3Jydm5yfn5xojk13rs1MTO54D/dbf7Pj1Qlo3nz91sT16/PN08+f2fDx7cH3B544Onh+6NkTz/TKjg2PjIz2lanV7/noH5C22X4wivjLSPHc936afjgQUcT9n4u7fHf22qGqE8erTowNj1Qdmeq0pxfKDy/3TkQR0eyr1OqdowcwFvelFbFYNr9s8PGye6Oz7bn21anJ5uX23EJnoTMzfTl1W1v2pxlFnEsRSxGxMvDB3dWjiNcjxXeOrKZ/GYg40DsPX7w0+tWTp7dvR7GHfdyBsp3NesRS8QiM2T42EEX8Y6T42TvH4l8HImrR/YkvRLxa5g8i3orueKfyi3E24r0tvkc8mmpRxP+V439+Nb0zUF4PeteVi19rfmX6+kxf2d515ZG/PzxI+/za1IgiflRd8VfTv/nvGgAAAAAAAAAAAAAAAGAfKeJXI8WL7x5L1fzgO3OKO9M3mlfaV6e60/p6c/96c6bX1tbWmqmbrZzjORdzLuVczrmSM4pcP2erzMba2nh+v5hzKedyzpWccSDXz9nKOZ5zMedSzuWcKzmjluvnbOUcz7mYcynncs6VnLFP5u4BAAAAAAAAAAAAAAAAAAAfL0X1T4pvf2M1rQ1015cej24uWw/0Y+//AwAA//9IAvic")
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x2)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
setgroups(0x0, 0x0)
getgroups(0x1, &(0x7f0000000080)=[<r7=>0xee00])
setresgid(r7, r7, 0xffffffffffffffff)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
openat(r6, &(0x7f00000000c0)='.\x00', 0x515401, 0x408)
sendto$inet6(r5, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x9, 0x5, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, 0xe)
shutdown(r5, 0x1)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4)
recvmmsg(r5, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)

4.524020225s ago: executing program 3 (id=1825):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80002006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x1c000000, 0x0, 0x20008014}, 0x4)

4.523509891s ago: executing program 4 (id=1826):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x68152000)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x161081, 0x0)
recvmsg$can_j1939(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x81)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f80)=@delchain={0x24, 0x65, 0x200, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x4, 0xfff2}, {0x5, 0xa}, {0x4, 0xf}}}, 0x24}}, 0x4080000)
setsockopt$netrom_NETROM_T1(0xffffffffffffffff, 0x103, 0x1, &(0x7f0000000040)=0x101, 0x4)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="f7dec431ffe6e3505682bb9792a4c94b6763399be380ca519dbf1c4309330a0c2cc7ef7e", @ANYRES32=r0], 0x28}}, 0x81)

3.655743621s ago: executing program 3 (id=1827):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev={0xfe, 0x80, '\x00', 0xfe}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x6e6bb9, 0x1}, {{@in=@empty, 0x2, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
preadv(0xffffffffffffffff, &(0x7f00000002c0)=[{0x0}], 0x1, 0x101, 0x870c0)
ioctl$VIDIOC_G_PRIORITY(0xffffffffffffffff, 0x80045643, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000840000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000004440000001e0a05020000000000000000010000000900020073797a32000000001800038014000080100001800400028008000180000000000900010073797a30"], 0xc8}}, 0x0)

3.576296829s ago: executing program 1 (id=1828):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$inet6(0xa, 0x1, 0x0)
syz_io_uring_setup(0xba2, &(0x7f00000000c0)={0x0, 0x951a, 0x3010, 0xfffffffd}, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x7ff}, 0x0, &(0x7f00000003c0)={0x3ff, 0x20000, 0x0, 0x4000000000000000, 0x0, 0x0, 0x4, 0xfffffffffffffff9}, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000300)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r3, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x4, "b4bc323ef77d1f000071849800000000dfff00"}})

2.572112362s ago: executing program 3 (id=1829):
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRESDEC, @ANYRES32], 0x48)

2.521080631s ago: executing program 1 (id=1830):
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x20028094)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x76, 0xa, 0x0, 0x0, 0x9b9, 0x61, 0x11, 0x70}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x90)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x20024840)
socket(0x1, 0x2, 0x0)

2.422440116s ago: executing program 3 (id=1831):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x48004}, 0x20000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x40}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r5, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x2, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x40022)

2.275777211s ago: executing program 5 (id=1832):
r0 = syz_open_dev$swradio(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, 0x0)
r1 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x1, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa13, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00007b0000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f00005a4000/0x1000)=nil)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x141, 0x0, 0x4}, 0x18)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_OPENQRY(r4, 0x4b4c, &(0x7f0000000080))
madvise(&(0x7f00001a4000/0x1000)=nil, 0x1000, 0x0)
openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$MRT6_INIT(r1, 0x29, 0xc8, &(0x7f0000000340), 0x4)
r5 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_RW(r5, 0x118, 0x0, &(0x7f0000000140)=0x40000009, 0x4)
bind$nfc_llcp(r5, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60)
getsockopt$inet_buf(r5, 0x118, 0x0, 0x0, &(0x7f00000003c0)=0x14)
setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000040)={0x1, 0x0, 0x40}, 0xc)
setsockopt$MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, {0xa, 0x0, 0x0, @empty}, 0x0, {[0x7]}}, 0x5c)

1.519544926s ago: executing program 1 (id=1833):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
mkdirat(0xffffffffffffff9c, 0x0, 0x20)
sched_setaffinity(0x0, 0xfffffffffffffd58, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x40440c4, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_lsm={0x18, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="8510000004000000950080000000000018000000000001020000000000000002950000000000000085100000fcffffff95"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x18)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x63}]}, 0x10)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x58}}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r4, 0x0, 0x4)
r5 = socket(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, 0x0)

1.452411003s ago: executing program 2 (id=1834):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=@framed={{}, [@map_val={0x18, 0x0, 0x2, 0x0, r0}, @ldst={0x3, 0x0, 0x6}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x18}, 0x94)

535.83597ms ago: executing program 1 (id=1835):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x76, 0xa, 0x0, 0x0, 0x9b9, 0x61, 0x11, 0x70}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x90)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x10}]}}}]}]}], {0x14}}, 0x74}}, 0x600c0)
sendmsg$IPSET_CMD_TEST(r5, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0x14, 0xb, 0x6, 0x701, 0x0, 0x0, {0xa, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20024840)

368.041341ms ago: executing program 2 (id=1836):
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x9, 0x32, 0xffffffffffffffff, 0x34d4b000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000045c0)={0x18, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000300000000000000403fd03f180100002020782500000000002020207b1af8ff000000006d0afeff000000000701b092f8ffffffb7020000f9000000b70300000f200041a500feff06000000956e03c8c8fd1eb6ad452c77a9f51ecb4adca994292806c66eecbbd2f02becb3165cd07fa9e111f0744b2d9462db2edf67106d9ec274b8bfc56cd668c9b42441786096dd9812369047c4c7c49d44b950b3cea533e214274084f8df4133a305a889791a0ed729528d54d9c092ef50e86933dcc8a8a39169ba120b803306a4a2cd4240477f9588f539a826e3e2600e7902b0d3bb43ef3363d7122fe4b3dd8d6726e5abfb87ce7dd9723d7c253d76f2bd78f92a6fe5cb5f6f06235848f4e6a32104e81a9bd934b69f00"], &(0x7f0000000280)='syzkaller\x00', 0x7, 0x101a, &(0x7f0000000840)=""/4122, 0x1e00, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94)

80.365658ms ago: executing program 2 (id=1837):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r1 = socket(0x400000000010, 0x3, 0x0) (async)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000080), r4) (async)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {}, {0xfff2, 0xffe0}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x80000001}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004000}, 0x2008c014)

0s ago: executing program 4 (id=1838):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"})

kernel console output (not intermixed with test programs):

 ip6gretap2 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  354.008833][ T9101] batman_adv: batadv0: Interface activated: ip6gretap2
[  355.088180][ T9138] ieee802154 phy0 wpan0: encryption failed: -22
[  356.942613][ T9158] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  356.986966][ T9152] syzkaller0: entered promiscuous mode
[  356.996113][ T9152] syzkaller0: entered allmulticast mode
[  357.215830][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  357.215849][   T30] audit: type=1326 audit(1758204213.066:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9156 comm="syz.5.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd67ef8eba9 code=0x7ffc0000
[  357.326406][ T9150] tipc: Resetting bearer <eth:syzkaller0>
[  357.365982][   T30] audit: type=1326 audit(1758204213.066:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9156 comm="syz.5.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd67ef8eba9 code=0x7ffc0000
[  357.412094][ T9150] tipc: Disabling bearer <eth:syzkaller0>
[  357.423749][   T30] audit: type=1326 audit(1758204213.066:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9156 comm="syz.5.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd67ef8eba9 code=0x7ffc0000
[  357.453337][   T30] audit: type=1326 audit(1758204213.066:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9156 comm="syz.5.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd67ef8eba9 code=0x7ffc0000
[  357.483566][   T30] audit: type=1326 audit(1758204213.066:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9156 comm="syz.5.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd67ef8eba9 code=0x7ffc0000
[  357.489222][ T9168] program syz.3.896 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  357.520847][   T30] audit: type=1326 audit(1758204213.066:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9156 comm="syz.5.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fd67ef8eba9 code=0x7ffc0000
[  357.624358][   T30] audit: type=1326 audit(1758204213.066:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9156 comm="syz.5.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd67ef8eba9 code=0x7ffc0000
[  357.660145][   T30] audit: type=1326 audit(1758204213.066:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9156 comm="syz.5.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd67ef8eba9 code=0x7ffc0000
[  357.753063][   T30] audit: type=1326 audit(1758204213.066:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9156 comm="syz.5.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fd67ef8eba9 code=0x7ffc0000
[  357.783629][   T30] audit: type=1326 audit(1758204213.066:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9156 comm="syz.5.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd67ef8eba9 code=0x7ffc0000
[  357.999766][ T9185] netlink: 'syz.5.902': attribute type 10 has an invalid length.
[  358.180813][ T9187] ieee802154 phy0 wpan0: encryption failed: -22
[  359.821207][ T9204] fuse: Bad value for 'fd'
[  359.896574][ T9206] netlink: 56 bytes leftover after parsing attributes in process `syz.2.907'.
[  359.907028][ T9206] netlink: 16 bytes leftover after parsing attributes in process `syz.2.907'.
[  360.412351][ T9209] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  360.770162][ T9214] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  360.793215][ T9214] syzkaller0: entered promiscuous mode
[  360.820600][ T9214] syzkaller0: entered allmulticast mode
[  360.893270][ T9212] tipc: Resetting bearer <eth:syzkaller0>
[  361.862303][ T9212] tipc: Disabling bearer <eth:syzkaller0>
[  361.906548][ T5936] tipc: Node number set to 1663221251
[  362.496283][    T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  362.699635][    T9] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x1 has invalid maxpacket 1023
[  362.721734][    T9] usb 2-1: config 1 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  362.843925][    T9] usb 2-1: config 1 interface 0 has no altsetting 0
[  362.902912][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  362.923381][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.983521][    T9] usb 2-1: Product: syz
[  362.990205][    T9] usb 2-1: Manufacturer: syz
[  363.003201][    T9] usb 2-1: SerialNumber: syz
[  363.031678][ T9235] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  363.288479][ T9228] XFS (loop2): Invalid device [./file0], error=-2
[  363.575172][ T9256] netlink: 56 bytes leftover after parsing attributes in process `syz.5.925'.
[  363.850693][ T9256] netlink: 16 bytes leftover after parsing attributes in process `syz.5.925'.
[  365.067965][ T9274] Bluetooth: cannot allocate memory for HCILL packet
[  365.074871][ T9274] Bluetooth: cannot acknowledge device wake up
[  365.088097][ T8773] Bluetooth: hci7: received HCILL_GO_TO_SLEEP_ACK in state 0
[  365.096535][ T9272] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  365.107889][ T5867] Bluetooth: hci7: sending frame failed (-49)
[  365.115082][   T52] Bluetooth: hci7: Opcode 0x1003 failed: -49
[  365.116254][ T9272] syzkaller0: entered promiscuous mode
[  365.205153][ T9272] syzkaller0: entered allmulticast mode
[  365.349344][ T9272] tipc: Resetting bearer <eth:syzkaller0>
[  365.359342][ T9270] tipc: Resetting bearer <eth:syzkaller0>
[  365.380695][ T9270] tipc: Disabling bearer <eth:syzkaller0>
[  365.396798][ T5867] Bluetooth: hci6: command 0x1003 tx timeout
[  365.406838][ T5185] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  365.465287][    T9] usb 2-1: USB disconnect, device number 13
[  365.748890][ T9299] netlink: 32 bytes leftover after parsing attributes in process `syz.4.937'.
[  365.762132][ T9299] netlink: 'syz.4.937': attribute type 1 has an invalid length.
[  365.770346][ T9299] netlink: 224 bytes leftover after parsing attributes in process `syz.4.937'.
[  366.353710][ T9307] netlink: 56 bytes leftover after parsing attributes in process `syz.4.939'.
[  366.363272][ T9307] netlink: 16 bytes leftover after parsing attributes in process `syz.4.939'.
[  367.158704][ T9313] fuse: Bad value for 'fd'
[  367.298690][ T9313] netlink: 56 bytes leftover after parsing attributes in process `syz.3.941'.
[  367.308310][ T9313] netlink: 16 bytes leftover after parsing attributes in process `syz.3.941'.
[  368.190232][ T9317] netlink: 'syz.4.942': attribute type 10 has an invalid length.
[  368.888541][ T9325] netlink: 'syz.1.945': attribute type 72 has an invalid length.
[  368.896671][ T9325] netlink: 8 bytes leftover after parsing attributes in process `syz.1.945'.
[  368.927091][ T9327] netlink: 'syz.3.946': attribute type 10 has an invalid length.
[  369.006799][ T9327] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.014526][ T9327] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.083790][ T9327] bridge0: port 2(bridge_slave_1) entered blocking state
[  369.091001][ T9327] bridge0: port 2(bridge_slave_1) entered forwarding state
[  369.098620][ T9327] bridge0: port 1(bridge_slave_0) entered blocking state
[  369.105760][ T9327] bridge0: port 1(bridge_slave_0) entered forwarding state
[  369.698789][ T9327] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  369.715674][ T5185] Bluetooth: hci3: unexpected event for opcode 0x0c14
[  369.914057][ T9329] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  369.961156][ T9329] qnx6: wrong signature (magic) in superblock #1.
[  369.968018][ T9329] qnx6: unable to read the first superblock
[  370.084965][ T9332] tipc: Started in network mode
[  370.146777][ T9332] tipc: Node identity f2392a26949, cluster identity 4711
[  370.227732][ T9332] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  370.353984][ T9329] netlink: 12 bytes leftover after parsing attributes in process `syz.3.946'.
[  370.376432][ T9336] syzkaller0: entered promiscuous mode
[  370.382224][ T9336] syzkaller0: entered allmulticast mode
[  371.238260][ T5877] tipc: Node number set to 1722362406
[  371.319094][ T9331] tipc: Resetting bearer <eth:syzkaller0>
[  371.413134][ T9331] tipc: Disabling bearer <eth:syzkaller0>
[  372.288778][ T9348] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap3
[  372.692239][ T9348] batman_adv: batadv0: Adding interface: ip6gretap3
[  372.843803][ T9348] batman_adv: batadv0: The MTU of interface ip6gretap3 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  372.989502][ T9348] batman_adv: batadv0: Interface activated: ip6gretap3
[  373.063384][ T9373] tipc: New replicast peer: 255.255.255.255
[  373.086804][ T9373] tipc: Enabled bearer <udp:syz2>, priority 10
[  373.103255][ T9374] netlink: 12 bytes leftover after parsing attributes in process `syz.4.956'.
[  373.147215][ T9374] tipc: Disabling bearer <udp:syz2>
[  373.197276][ T9380] FAULT_INJECTION: forcing a failure.
[  373.197276][ T9380] name failslab, interval 1, probability 0, space 0, times 0
[  373.210170][ T9380] CPU: 1 UID: 0 PID: 9380 Comm: syz.2.958 Not tainted syzkaller #0 PREEMPT(full) 
[  373.210185][ T9380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  373.210196][ T9380] Call Trace:
[  373.210202][ T9380]  <TASK>
[  373.210207][ T9380]  dump_stack_lvl+0x189/0x250
[  373.210226][ T9380]  ? __pfx____ratelimit+0x10/0x10
[  373.210244][ T9380]  ? __pfx_dump_stack_lvl+0x10/0x10
[  373.210259][ T9380]  ? __pfx__printk+0x10/0x10
[  373.210276][ T9380]  ? __lock_acquire+0xab9/0xd20
[  373.210300][ T9380]  should_fail_ex+0x414/0x560
[  373.210318][ T9380]  should_failslab+0xa8/0x100
[  373.210333][ T9380]  kmem_cache_alloc_noprof+0x74/0x6e0
[  373.210351][ T9380]  ? __send_signal_locked+0x22a/0xeb0
[  373.210364][ T9380]  ? sig_get_ucounts+0x26/0x450
[  373.210379][ T9380]  ? sig_get_ucounts+0x3e4/0x450
[  373.210397][ T9380]  __send_signal_locked+0x22a/0xeb0
[  373.210412][ T9380]  ? send_signal_locked+0x1b5/0x8e0
[  373.210429][ T9380]  force_sig_info_to_task+0x30c/0x590
[  373.210450][ T9380]  force_sig+0xc9/0x120
[  373.210465][ T9380]  ? __pfx_force_sig+0x10/0x10
[  373.210482][ T9380]  ? fixup_vdso_exception+0x2cc/0x300
[  373.210500][ T9380]  ? gp_user_force_sig_segv+0xdd/0x220
[  373.210521][ T9380]  exc_general_protection+0xdb/0x200
[  373.210533][ T9380]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.210552][ T9380]  ? clear_bhb_loop+0x60/0xb0
[  373.210567][ T9380]  asm_exc_general_protection+0x26/0x30
[  373.210581][ T9380] RIP: 0033:0x7fd3275676f9
[  373.210593][ T9380] Code: f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 27 01 00 00 <c5> fd 74 0f c5 fd d7 c1 85 c0 74 5b f3 0f bc c0 e9 30 01 00 00 66
[  373.210603][ T9380] RSP: 002b:00007fd3284ed7c8 EFLAGS: 00010283
[  373.210614][ T9380] RAX: 0000000000000999 RBX: 00007fd3284edd30 RCX: 00007fd327798120
[  373.210623][ T9380] RDX: 9999999999999999 RSI: 00007fd327611b31 RDI: 9999999999999999
[  373.210632][ T9380] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  373.210639][ T9380] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000073
[  373.210647][ T9380] R13: 00007fd3284edeb0 R14: 9999999999999999 R15: 0000000000000000
[  373.210667][ T9380]  </TASK>
[  373.386287][ T5877] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  373.576396][ T5877] usb 4-1: Using ep0 maxpacket: 32
[  373.632905][ T5877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  373.677425][ T5877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  373.703139][ T5877] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  373.712711][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.752201][ T5877] usb 4-1: config 0 descriptor??
[  374.407650][ T9390] 9pnet_fd: Insufficient options for proto=fd
[  374.432761][ T5877] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  375.416459][ T5185] Bluetooth: hci5: command 0x0406 tx timeout
[  375.490869][ T5936] usb 4-1: USB disconnect, device number 20
[  375.929927][ T9405] ntfs3(loop4): try to read out of volume at offset 0x0
[  377.039710][ T9410] netlink: 56 bytes leftover after parsing attributes in process `syz.1.967'.
[  377.072037][ T9410] netlink: 16 bytes leftover after parsing attributes in process `syz.1.967'.
[  378.369819][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  378.376333][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  379.573131][ T9435] netlink: 12 bytes leftover after parsing attributes in process `syz.1.974'.
[  382.550237][ T9463] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 3
[  382.561220][ T9463] SQUASHFS error: Failed to read block 0x0: -5
[  382.596526][ T9463] unable to read squashfs_super_block
[  383.674962][ T9474] EXT4-fs: Ignoring removed orlov option
[  383.681581][ T9474] I/O error, dev loop2, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 3
[  383.696374][ T9474] EXT4-fs (loop2): unable to read superblock
[  384.061379][ T9480] netlink: 12 bytes leftover after parsing attributes in process `syz.3.989'.
[  384.304646][ T9480] vlan3: entered promiscuous mode
[  384.347417][ T9480] team0: entered promiscuous mode
[  384.358889][ T9485] netlink: 12 bytes leftover after parsing attributes in process `syz.1.991'.
[  384.408032][ T9480] team_slave_0: entered promiscuous mode
[  384.420984][ T9480] team_slave_1: entered promiscuous mode
[  384.560902][ T9485] vlan2: entered promiscuous mode
[  385.176458][ T9493] netlink: 'syz.4.993': attribute type 10 has an invalid length.
[  385.184286][ T9493] netlink: 40 bytes leftover after parsing attributes in process `syz.4.993'.
[  385.734585][ T9493] team0: entered allmulticast mode
[  385.740652][ T9493] 8021q: adding VLAN 0 to HW filter on device team0
[  385.747819][ T9493] bridge0: port 1(team0) entered blocking state
[  385.755207][ T9493] bridge0: port 1(team0) entered disabled state
[  388.946647][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  388.953323][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  388.959880][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  388.966450][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  388.972984][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  388.979507][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  388.986029][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  388.992572][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  388.999122][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.005651][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.012177][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.018757][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.025275][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.031863][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.038401][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.044926][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.051463][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.057997][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.064503][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.071033][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.078108][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.084657][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.091200][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.097748][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.104266][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.110861][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.117407][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.123921][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.130461][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.137035][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.143560][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.150094][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.156648][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.163274][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.169816][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.176398][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.182921][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.189447][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.196011][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.202555][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.209127][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.215652][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.222236][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.228791][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.235308][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.241853][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.248384][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.254888][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.261416][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.267945][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.274466][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.281030][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.287631][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.294170][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.300708][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.307236][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.313740][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.320304][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.326926][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.333506][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.340073][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.346645][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.353183][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.359715][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.369100][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.375646][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.382848][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.389394][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.395926][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.402464][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.408992][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.415537][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.422067][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.428595][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.435128][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.441659][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.448197][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.454746][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.461306][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.467846][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.474358][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.481327][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.487882][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.494440][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.501032][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.507594][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.514306][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.520889][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.527436][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.533944][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.540520][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.547094][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.553552][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.560088][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.566597][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.573080][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.580164][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.586712][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.593193][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.599721][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.606271][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.612744][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.619338][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.625868][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.632399][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.638990][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.645515][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.652111][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.658664][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.665147][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.671666][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.678184][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.684655][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.691213][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.697789][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.704273][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.710790][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.717286][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.723762][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.730291][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.736808][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.743306][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.749843][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.756386][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.762904][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.769452][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.775983][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.782624][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.794730][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.801415][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.807929][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.814392][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.820896][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.827405][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.833858][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.840327][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.846848][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.853360][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.859857][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.866353][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.872852][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.879335][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.885852][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.892325][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.898801][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.905252][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.911717][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.918195][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.924659][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.931134][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.937619][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.944072][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.950542][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.957036][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.963485][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.969942][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.976420][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.982874][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.989372][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.995838][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.002316][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.008816][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.015301][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.021787][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.028271][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.034728][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.041195][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.047655][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.054122][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.060588][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.067077][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.073520][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.079994][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.086480][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.092959][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.099433][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.105908][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.112376][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.118844][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.125291][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.131764][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.138230][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.144674][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.151130][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.157601][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.164067][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.170555][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.177033][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.183489][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.189948][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.196427][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  390.202891][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  391.343988][    T9] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  391.468086][    C1] vcan0: j1939_tp_rxtimer: 0xffff888056164800: rx timeout, send abort
[  391.546270][    T9] usb 4-1: Using ep0 maxpacket: 8
[  391.558076][    T9] usb 4-1: config 0 has an invalid interface number: 232 but max is 0
[  391.566936][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  391.577868][ T9546] fuseblk: Unknown parameter 'seclabel'
[  391.594003][    T9] usb 4-1: config 0 has no interface number 0
[  391.601584][ T9546] overlayfs: missing 'workdir'
[  391.616324][    T9] usb 4-1: config 0 interface 232 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  391.636867][    T9] usb 4-1: config 0 interface 232 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  391.708981][    T9] usb 4-1: config 0 interface 232 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  391.772073][    T9] usb 4-1: config 0 interface 232 has no altsetting 0
[  391.806391][    T9] usb 4-1: New USB device found, idVendor=1943, idProduct=2257, bcdDevice= 3.fc
[  391.815779][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.844424][    T9] usb 4-1: Product: syz
[  391.849265][    T9] usb 4-1: Manufacturer: syz
[  391.853935][    T9] usb 4-1: SerialNumber: syz
[  391.877560][    T9] usb 4-1: config 0 descriptor??
[  391.906722][    T9] s2255 4-1:0.232: Could not find bulk-in endpoint
[  391.915221][    T9] Sensoray 2255 driver load failed: 0xfffffff4
[  391.956205][    T9] s2255 4-1:0.232: probe with driver s2255 failed with error -12
[  391.977496][    C1] vcan0: j1939_tp_rxtimer: 0xffff888056164800: abort rx timeout. Force session deactivation
[  392.009702][ T9556] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  392.134504][    T9] usb 4-1: USB disconnect, device number 21
[  394.260031][ T9577] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.313359][ T9577] bridge_slave_1 (unregistering): left allmulticast mode
[  394.320584][ T9577] bridge_slave_1 (unregistering): left promiscuous mode
[  394.327637][ T9577] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.756850][ T9587] fuse: Bad value for 'fd'
[  394.909420][ T9590] ÿ: renamed from bond_slave_0 (while UP)
[  395.133581][ T9595] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  395.145191][ T9595] syzkaller0: entered promiscuous mode
[  395.151112][ T9595] syzkaller0: entered allmulticast mode
[  395.163273][ T9595] tipc: Resetting bearer <eth:syzkaller0>
[  395.176489][ T9593] tipc: Resetting bearer <eth:syzkaller0>
[  395.221149][ T9593] tipc: Disabling bearer <eth:syzkaller0>
[  395.356334][    T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  396.074524][ T9599] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  396.196244][    T9] usb 3-1: Using ep0 maxpacket: 32
[  396.203206][    T9] usb 3-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  396.217627][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  396.225348][ T9611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1030'.
[  396.225363][    T9] usb 3-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  396.273914][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.306812][    T9] usb 3-1: config 0 descriptor??
[  396.640294][ T5185] Bluetooth: hci3: unexpected event for opcode 0x0c14
[  396.756230][ T5185] Bluetooth: hci5: command 0x0406 tx timeout
[  397.589108][    T9] vrc2 0003:07C0:1125.0007: fixing up VRC-2 report descriptor
[  397.598467][ T9624] FAULT_INJECTION: forcing a failure.
[  397.598467][ T9624] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  397.602363][    T9] input: HID 07c0:1125 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:07C0:1125.0007/input/input13
[  397.685276][ T9624] CPU: 1 UID: 0 PID: 9624 Comm: syz.1.1034 Not tainted syzkaller #0 PREEMPT(full) 
[  397.685301][ T9624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  397.685312][ T9624] Call Trace:
[  397.685318][ T9624]  <TASK>
[  397.685327][ T9624]  dump_stack_lvl+0x189/0x250
[  397.685351][ T9624]  ? irqentry_exit+0x74/0x90
[  397.685381][ T9624]  ? __pfx_dump_stack_lvl+0x10/0x10
[  397.685418][ T9624]  should_fail_ex+0x414/0x560
[  397.685450][ T9624]  _copy_to_user+0x31/0xb0
[  397.685470][ T9624]  put_user_ifreq+0x6b/0xd0
[  397.685490][ T9624]  sock_ioctl+0x74b/0x790
[  397.685514][ T9624]  ? __pfx_sock_ioctl+0x10/0x10
[  397.685538][ T9624]  ? __fget_files+0x3a0/0x420
[  397.685554][ T9624]  ? __fget_files+0x2a/0x420
[  397.685573][ T9624]  ? bpf_lsm_file_ioctl+0x9/0x20
[  397.685594][ T9624]  ? __pfx_sock_ioctl+0x10/0x10
[  397.685614][ T9624]  __se_sys_ioctl+0xfc/0x170
[  397.685638][ T9624]  do_syscall_64+0xfa/0xfa0
[  397.685661][ T9624]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.685683][ T9624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.685700][ T9624]  ? clear_bhb_loop+0x60/0xb0
[  397.685721][ T9624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.685738][ T9624] RIP: 0033:0x7feb90d8eba9
[  397.685753][ T9624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.685772][ T9624] RSP: 002b:00007feb91b34038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  397.685791][ T9624] RAX: ffffffffffffffda RBX: 00007feb90fd5fa0 RCX: 00007feb90d8eba9
[  397.685804][ T9624] RDX: 0000200000001440 RSI: 00000000000089ff RDI: 0000000000000003
[  397.685815][ T9624] RBP: 00007feb91b34090 R08: 0000000000000000 R09: 0000000000000000
[  397.685846][ T9624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  397.685858][ T9624] R13: 00007feb90fd6038 R14: 00007feb90fd5fa0 R15: 00007ffdd8052ec8
[  397.685893][ T9624]  </TASK>
[  399.018540][    T9] vrc2 0003:07C0:1125.0007: input,hidraw0: USB HID v0.02 Joystick [HID 07c0:1125] on usb-dummy_hcd.2-1/input0
[  400.295316][ T9649] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  400.523391][ T9649] syzkaller0: entered promiscuous mode
[  401.586239][ T9649] syzkaller0: entered allmulticast mode
[  401.620388][ T9649] tipc: Resetting bearer <eth:syzkaller0>
[  401.682044][ T9646] tipc: Resetting bearer <eth:syzkaller0>
[  401.689614][ T9667] IPVS: set_ctl: invalid protocol: 1 172.20.20.187:20001
[  401.817119][ T9646] tipc: Disabling bearer <eth:syzkaller0>
[  402.077278][    T9] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  402.099775][ T9675] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1045'.
[  402.240886][    T9] usb 4-1: config 0 has an invalid interface number: 120 but max is 0
[  402.260420][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  402.288665][    T9] usb 4-1: config 0 has no interface number 0
[  402.305315][    T9] usb 4-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  402.389911][    T9] usb 4-1: New USB device found, idVendor=04ca, idProduct=300d, bcdDevice=48.44
[  402.399409][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.407601][    T9] usb 4-1: Product: syz
[  402.411915][    T9] usb 4-1: Manufacturer: syz
[  402.419677][    T9] usb 4-1: SerialNumber: syz
[  402.437860][    T9] usb 4-1: config 0 descriptor??
[  402.752385][ T9679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  402.761056][ T9679] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  403.550772][ T5936] usb 3-1: USB disconnect, device number 9
[  404.696252][ T5936] usb 4-1: USB disconnect, device number 22
[  405.574624][ T9714] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1054'.
[  406.172106][ T9719] netlink: 120 bytes leftover after parsing attributes in process `syz.5.1056'.
[  406.202184][ T9711] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1055'.
[  406.255442][ T9711] netlink: 'syz.3.1055': attribute type 1 has an invalid length.
[  406.626263][ T6017] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  406.812597][ T6017] usb 3-1: Using ep0 maxpacket: 32
[  406.884388][ T6017] usb 3-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  407.874192][ T6017] usb 3-1: config 0 interface 0 has no altsetting 0
[  407.885091][ T6017] usb 3-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  407.896671][ T6017] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.116487][ T6017] usb 3-1: config 0 descriptor??
[  409.213898][ T6017] vrc2 0003:07C0:1125.0008: fixing up VRC-2 report descriptor
[  409.280822][ T6017] input: HID 07c0:1125 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:07C0:1125.0008/input/input14
[  409.498127][ T6017] vrc2 0003:07C0:1125.0008: input,hidraw0: USB HID v0.02 Joystick [HID 07c0:1125] on usb-dummy_hcd.2-1/input0
[  409.886301][ T5946] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  410.076396][ T5946] usb 2-1: Using ep0 maxpacket: 16
[  410.103420][ T5946] usb 2-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  410.155032][ T5946] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9
[  410.458891][ T9777] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  410.900263][ T5946] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  410.915358][ T5946] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  410.936317][ T5946] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  411.035002][ T5946] usb 2-1: SerialNumber: syz
[  411.058155][ T5946] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  411.190674][ T9780] netlink: 1 bytes leftover after parsing attributes in process `syz.4.1073'.
[  411.253572][ T9761] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1068'.
[  411.266798][ T9783] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1068'.
[  411.278475][ T5946] usb 2-1: USB disconnect, device number 14
[  412.146262][ T6017] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  412.239885][ T9798] netem: incorrect gi model size
[  412.392163][ T6017] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  412.420295][ T9798] netem: change failed
[  412.443646][ T6017] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.621193][ T6017] usb 4-1: config 0 descriptor??
[  412.649128][ T6017] cp210x 4-1:0.0: cp210x converter detected
[  412.767166][ T5936] usb 3-1: USB disconnect, device number 10
[  413.106313][    T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  413.359442][    T9] usb 2-1: device descriptor read/64, error -71
[  413.953535][ T6017] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -71
[  413.988970][ T6017] cp210x 4-1:0.0: failed to get vendor val 0x370c size 73: -71
[  414.014783][ T6017] cp210x 4-1:0.0: GPIO initialisation failed: -71
[  414.032143][ T6017] usb 4-1: cp210x converter now attached to ttyUSB1
[  414.053088][ T6017] usb 4-1: USB disconnect, device number 23
[  414.076767][    T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  414.296307][    T9] usb 2-1: device descriptor read/64, error -71
[  414.406476][    T9] usb usb2-port1: attempt power cycle
[  414.414686][ T6017] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[  414.433310][ T6017] cp210x 4-1:0.0: device disconnected
[  414.836372][    T9] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  414.883757][    T9] usb 2-1: device descriptor read/8, error -71
[  415.346239][    T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  415.376789][    T9] usb 2-1: device descriptor read/8, error -71
[  415.486610][    T9] usb usb2-port1: unable to enumerate USB device
[  415.660139][ T9836] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1088'.
[  416.530801][ T9839] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1089'.
[  416.621848][ T9848] Can't find a SQUASHFS superblock on nullb0
[  417.165343][   T30] kauditd_printk_skb: 28 callbacks suppressed
[  417.197303][   T30] audit: type=1800 audit(1758204528.449:183): pid=9848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1092" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  417.205480][  T875] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  417.586087][  T875] usb 5-1: Using ep0 maxpacket: 32
[  417.593536][  T875] usb 5-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  417.615282][  T875] usb 5-1: config 0 interface 0 has no altsetting 0
[  417.622089][  T875] usb 5-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  417.631221][  T875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.641800][  T875] usb 5-1: config 0 descriptor??
[  418.067709][  T875] vrc2 0003:07C0:1125.0009: fixing up VRC-2 report descriptor
[  418.702527][  T875] input: HID 07c0:1125 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:07C0:1125.0009/input/input15
[  418.835159][  T875] vrc2 0003:07C0:1125.0009: input,hidraw0: USB HID v0.02 Joystick [HID 07c0:1125] on usb-dummy_hcd.4-1/input0
[  419.398848][ T9888] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2
[  419.455856][ T9888] batman_adv: batadv0: Adding interface: ip6gretap2
[  419.470010][ T9888] batman_adv: batadv0: The MTU of interface ip6gretap2 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  419.925812][ T9888] batman_adv: batadv0: Interface activated: ip6gretap2
[  419.968644][ T9907] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  419.987139][ T9907] syzkaller0: entered promiscuous mode
[  419.996990][ T9907] syzkaller0: entered allmulticast mode
[  420.010224][ T9907] tipc: Resetting bearer <eth:syzkaller0>
[  420.018065][ T9906] tipc: Resetting bearer <eth:syzkaller0>
[  420.119817][ T9906] tipc: Disabling bearer <eth:syzkaller0>
[  420.327805][  T875] usb 5-1: USB disconnect, device number 8
[  420.720429][ T9913] ptrace attach of "./syz-executor exec"[5871] was attempted by "./syz-executor exec"[9913]
[  420.799968][ T9915] netlink: 'syz.2.1111': attribute type 1 has an invalid length.
[  421.303734][ T9929] fuse: Bad value for 'fd'
[  421.362813][ T9933] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1117'.
[  421.619284][ T9936] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  421.625938][ T9936] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  421.733208][ T9942] tipc: New replicast peer: 255.255.255.255
[  421.740737][ T9942] tipc: Enabled bearer <udp:syz2>, priority 10
[  422.226437][ T9936] vhci_hcd vhci_hcd.0: Device attached
[  422.242367][   T30] audit: type=1800 audit(1758204534.082:184): pid=9943 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1112" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  422.668317][ T9938] vhci_hcd: connection closed
[  422.671365][   T12] vhci_hcd: stop threads
[  422.706867][   T12] vhci_hcd: release socket
[  422.735369][ T5936] tipc: Node number set to 1989878269
[  422.754746][   T12] vhci_hcd: disconnect device
[  422.812790][ T6017] usb 38-1: SetAddress Request (2) to port 0
[  422.849677][ T6017] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd
[  423.062602][ T6017] usb 38-1: enqueue for inactive port 0
[  423.662310][ T6017] usb usb38-port1: attempt power cycle
[  424.065606][ T9961] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1126'.
[  426.687988][ T6017] usb usb38-port1: unable to enumerate USB device
[  433.020016][T10016] bridge_slave_0: left allmulticast mode
[  433.036896][T10016] bridge_slave_0: left promiscuous mode
[  433.047758][T10016] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.068397][T10016] bridge_slave_1: left allmulticast mode
[  433.076588][T10016] bridge_slave_1: left promiscuous mode
[  433.082943][T10016] bridge0: port 2(bridge_slave_1) entered disabled state
[  433.128106][T10016] bond0: (slave bond_slave_0): Releasing backup interface
[  433.156770][T10019] netlink: 'syz.3.1142': attribute type 10 has an invalid length.
[  433.196208][T10016] bond0: (slave bond_slave_1): Releasing backup interface
[  433.275985][T10016] team0: Failed to send options change via netlink (err -105)
[  433.296600][T10016] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  433.307901][T10016] team0: Port device team_slave_0 removed
[  433.342375][T10016] team0: Failed to send options change via netlink (err -105)
[  433.393869][T10016] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[  433.420164][T10027] could not open pipe file descriptor
[  433.437113][T10016] team0: Port device team_slave_1 removed
[  433.450661][T10016] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  433.472804][T10016] batman_adv: batadv0: Removing interface: batadv_slave_0
[  433.498701][T10016] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  433.516262][T10016] batman_adv: batadv0: Removing interface: batadv_slave_1
[  433.528875][T10016] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  433.613733][T10019] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  433.831612][ T5929] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  434.008451][ T5929] usb 5-1: Using ep0 maxpacket: 16
[  434.029749][ T5929] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  434.052716][ T5929] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.076690][ T5929] usb 5-1: Product: syz
[  434.086658][ T5929] usb 5-1: Manufacturer: syz
[  434.099353][ T5929] usb 5-1: SerialNumber: syz
[  434.124321][ T5929] usb 5-1: config 0 descriptor??
[  434.145175][ T5929] visor 5-1:0.0: Sony Clie 3.5 converter detected
[  434.159320][T10044] netlink: 'syz.5.1150': attribute type 2 has an invalid length.
[  434.190876][T10044] netlink: 'syz.5.1150': attribute type 1 has an invalid length.
[  434.232746][T10044] netlink: 152 bytes leftover after parsing attributes in process `syz.5.1150'.
[  434.345171][ T5929] usb 5-1: clie_3_5_startup: get config number bad return length: 0
[  434.371594][ T5929] visor 5-1:0.0: probe with driver visor failed with error -5
[  434.487302][ T5867] Bluetooth: hci5: unexpected event for opcode 0x0c1a
[  434.492304][T10055] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1151'.
[  434.547849][T10055] netlink: 'syz.5.1151': attribute type 9 has an invalid length.
[  434.768624][   T30] audit: type=1326 audit(1758204546.608:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10053 comm="syz.1.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  434.843254][   T30] audit: type=1326 audit(1758204546.608:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10053 comm="syz.1.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  434.929904][   T30] audit: type=1326 audit(1758204546.608:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10053 comm="syz.1.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  435.007437][   T30] audit: type=1326 audit(1758204546.608:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10053 comm="syz.1.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  435.071879][   T30] audit: type=1326 audit(1758204546.608:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10053 comm="syz.1.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feb90d8d510 code=0x7ffc0000
[  435.128769][   T30] audit: type=1326 audit(1758204546.608:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10053 comm="syz.1.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  435.207917][   T30] audit: type=1326 audit(1758204546.608:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10053 comm="syz.1.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  435.480136][   T30] audit: type=1326 audit(1758204546.608:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10053 comm="syz.1.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  435.570770][   T30] audit: type=1326 audit(1758204546.608:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10053 comm="syz.1.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  435.576514][ T5929] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  435.644795][   T30] audit: type=1326 audit(1758204546.608:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10053 comm="syz.1.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  436.026626][ T5929] usb 4-1: device descriptor read/64, error -71
[  436.174584][ T6017] usb 5-1: USB disconnect, device number 9
[  436.286220][ T5929] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  436.314598][T10072] EXT4-fs: Ignoring removed nomblk_io_submit option
[  436.324462][T10072] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  436.337382][T10072] EXT4-fs (loop1): unable to read superblock
[  436.490300][ T5929] usb 4-1: device descriptor read/64, error -71
[  436.498969][T10081] overlayfs: failed to resolve './file0': -2
[  437.111715][ T5929] usb usb4-port1: attempt power cycle
[  437.137404][T10075] netdevsim netdevsim5 netdevsim0: entered promiscuous mode
[  437.533300][T10086] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1160'.
[  437.595814][ T5929] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  437.782401][T10086] bridge0: port 1(team0) entered disabled state
[  437.845617][ T5929] usb 4-1: device descriptor read/8, error -71
[  437.865899][  T875] IPVS: starting estimator thread 0...
[  437.955246][T10091] IPVS: using max 44 ests per chain, 105600 per kthread
[  438.121485][ T5929] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  438.165797][ T5929] usb 4-1: device descriptor read/8, error -71
[  438.305816][ T5929] usb usb4-port1: unable to enumerate USB device
[  439.787752][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  439.794251][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  440.685670][T10138] tipc: Started in network mode
[  440.690581][T10138] tipc: Node identity 16c41639d8ba, cluster identity 4711
[  440.722767][T10138] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  440.750132][T10138] syzkaller0: entered promiscuous mode
[  440.755722][T10138] syzkaller0: entered allmulticast mode
[  440.790573][T10138] tipc: Resetting bearer <eth:syzkaller0>
[  441.154323][T10134] tipc: Resetting bearer <eth:syzkaller0>
[  441.230850][T10134] tipc: Disabling bearer <eth:syzkaller0>
[  441.553293][ T5946] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  442.185115][ T5929] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  442.321623][ T5946] usb 2-1: Using ep0 maxpacket: 8
[  442.342930][ T5929] usb 5-1: Using ep0 maxpacket: 32
[  442.353106][ T5946] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  442.364977][ T5946] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  442.376945][ T5946] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  442.389991][ T5929] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  442.399504][ T5946] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  442.430448][ T5946] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  442.497844][ T5929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  442.554453][ T5946] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  442.632459][ T5929] usb 5-1: config 0 descriptor??
[  442.638601][ T5946] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  442.663111][ T5946] usb 2-1: Product: syz
[  442.670470][ T5946] usb 2-1: Manufacturer: syz
[  442.682802][ T5946] usb 2-1: SerialNumber: syz
[  442.703756][ T5946] usb 2-1: config 0 descriptor??
[  442.848766][ T5929] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  442.885552][ T5929] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  442.921538][ T5946] radio-si470x 2-1:0.0: DeviceID=0xd700 ChipID=0x0000
[  442.929174][ T5929] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  442.941147][ T5946] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  442.947093][ T5929] usb 5-1: media controller created
[  443.010578][ T5929] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  443.073780][T10182] 9pnet_fd: Insufficient options for proto=fd
[  443.173060][T10156] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  443.280535][T10156] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  443.492619][ T5946] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -110
[  443.501093][ T5946] radio-si470x 2-1:0.0: si470x_get_scratch: si470x_get_report returned -110
[  445.023078][ T5946] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5
[  445.045992][ T5946] usb 2-1: USB disconnect, device number 19
[  445.096012][ T5929] az6027: usb out operation failed. (-71)
[  445.149494][ T5929] az6027: usb out operation failed. (-71)
[  445.182868][ T5929] stb0899_attach: Driver disabled by Kconfig
[  445.188875][ T5929] az6027: no front-end attached
[  445.188875][ T5929] 
[  445.254899][ T5929] az6027: usb out operation failed. (-71)
[  445.294911][T10192] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1189'.
[  445.304067][T10192] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1189'.
[  445.313917][ T5929] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  445.316936][T10198] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  445.335376][T10198] syzkaller0: entered promiscuous mode
[  445.343068][T10198] syzkaller0: entered allmulticast mode
[  445.359338][ T5929] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input16
[  445.422840][ T5929] dvb-usb: schedule remote query interval to 400 msecs.
[  445.429906][ T5929] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  445.437752][T10198] tipc: Resetting bearer <eth:syzkaller0>
[  445.448241][ T5929] usb 5-1: USB disconnect, device number 10
[  445.482922][T10197] tipc: Resetting bearer <eth:syzkaller0>
[  445.523517][T10197] tipc: Disabling bearer <eth:syzkaller0>
[  445.541582][ T5946] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  445.607644][ T5929] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  445.661475][T10206] syz_tun: entered allmulticast mode
[  445.715452][ T5946] usb 4-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice=be.42
[  445.895133][ T5946] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.924257][ T5946] usb 4-1: config 0 descriptor??
[  446.477729][ T5946] ldusb 4-1:0.0: Interrupt in endpoint not found
[  446.570241][T10218] IPVS: set_ctl: invalid protocol: 1 172.20.20.187:20001
[  446.672921][ T6017] usb 4-1: USB disconnect, device number 28
[  446.820675][ T5929] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  446.973723][ T5929] usb 2-1: config 0 has an invalid interface number: 120 but max is 0
[  447.008547][ T5929] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  447.244439][ T5929] usb 2-1: config 0 has no interface number 0
[  447.250999][ T5929] usb 2-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  447.325851][ T5929] usb 2-1: New USB device found, idVendor=04ca, idProduct=300d, bcdDevice=48.44
[  447.337738][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.346807][ T5929] usb 2-1: Product: syz
[  447.351242][ T5929] usb 2-1: Manufacturer: syz
[  447.355958][ T5929] usb 2-1: SerialNumber: syz
[  447.382696][ T5929] usb 2-1: config 0 descriptor??
[  447.695049][T10238] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  447.701936][T10239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  447.710977][T10239] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  447.715246][T10238] syzkaller0: entered promiscuous mode
[  447.862924][T10238] syzkaller0: entered allmulticast mode
[  448.205006][T10247] IPVS: set_ctl: invalid protocol: 1 172.20.20.187:20001
[  448.227904][T10238] tipc: Resetting bearer <eth:syzkaller0>
[  448.276080][T10237] tipc: Resetting bearer <eth:syzkaller0>
[  448.297646][T10237] tipc: Disabling bearer <eth:syzkaller0>
[  448.386767][T10250] syzkaller1: entered promiscuous mode
[  448.453761][ T5946] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  448.653154][ T5946] usb 4-1: config 0 has an invalid interface number: 120 but max is 0
[  448.669830][ T5946] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  449.099222][ T5946] usb 4-1: config 0 has no interface number 0
[  449.105751][ T5946] usb 4-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  449.563502][ T5946] usb 4-1: New USB device found, idVendor=04ca, idProduct=300d, bcdDevice=48.44
[  449.572614][ T5946] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.580757][ T5946] usb 4-1: Product: syz
[  449.584927][ T5946] usb 4-1: Manufacturer: syz
[  449.589519][ T5946] usb 4-1: SerialNumber: syz
[  449.620594][ T5946] usb 4-1: config 0 descriptor??
[  450.071870][ T5946] usb 2-1: USB disconnect, device number 20
[  450.144900][T10278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  450.153794][T10278] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  452.184929][T10296] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  452.267695][T10298] syzkaller0: entered promiscuous mode
[  452.273461][T10298] syzkaller0: entered allmulticast mode
[  452.672225][T10296] tipc: Resetting bearer <eth:syzkaller0>
[  452.692403][ T5877] usb 4-1: USB disconnect, device number 29
[  452.702176][T10295] tipc: Resetting bearer <eth:syzkaller0>
[  452.811387][T10295] tipc: Disabling bearer <eth:syzkaller0>
[  452.837845][T10306] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1225'.
[  453.412068][T10321] tmpfs: Bad value for 'mpol'
[  454.237469][T10324] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1230'.
[  454.519564][T10307] __vm_enough_memory: pid: 10307, comm: syz.5.1226, bytes: 21200452399104 not enough memory for the allocation
[  454.540345][T10307] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1226'.
[  454.963009][T10328] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap4
[  454.977772][T10328] batman_adv: batadv0: Adding interface: ip6gretap4
[  454.984571][T10328] batman_adv: batadv0: The MTU of interface ip6gretap4 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  455.010367][T10328] batman_adv: batadv0: Interface activated: ip6gretap4
[  456.280740][T10345] IPVS: set_ctl: invalid protocol: 1 172.20.20.187:20001
[  458.660242][ T5877] usb 4-1: new low-speed USB device number 30 using dummy_hcd
[  458.832107][ T5877] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  458.939347][ T5877] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0
[  458.997997][ T5877] usb 4-1: config 0 interface 0 has no altsetting 0
[  459.054708][ T5877] usb 4-1: New USB device found, idVendor=04d9, idProduct=a067, bcdDevice= 0.00
[  459.068658][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.086063][ T5877] usb 4-1: config 0 descriptor??
[  459.302210][T10372] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1243'.
[  460.246350][ T5867] Bluetooth: hci5: unexpected event for opcode 0x0c14
[  460.315115][ T5877] holtek_mouse 0003:04D9:A067.000A: bogus close delimiter
[  460.427979][ T5877] holtek_mouse 0003:04D9:A067.000A: item 0 2 2 10 parsing failed
[  461.364978][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  461.364999][   T30] audit: type=1326 audit(1758204573.145:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10368 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  461.446456][ T5877] holtek_mouse 0003:04D9:A067.000A: hid parse failed: -22
[  461.638015][ T5877] holtek_mouse 0003:04D9:A067.000A: probe with driver holtek_mouse failed with error -22
[  461.668062][ T5877] usb 4-1: USB disconnect, device number 30
[  461.674488][   T30] audit: type=1326 audit(1758204573.145:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10368 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  461.743314][   T30] audit: type=1326 audit(1758204573.155:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10368 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  462.021216][   T30] audit: type=1326 audit(1758204573.155:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10368 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feb90d8d510 code=0x7ffc0000
[  462.481235][   T30] audit: type=1326 audit(1758204573.165:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10368 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  462.594354][   T30] audit: type=1326 audit(1758204573.165:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10368 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  462.617862][   T30] audit: type=1326 audit(1758204573.165:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10368 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  462.695321][   T30] audit: type=1326 audit(1758204573.175:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10368 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  462.906839][T10402] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  462.925455][   T30] audit: type=1326 audit(1758204573.175:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10368 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  463.130330][   T30] audit: type=1326 audit(1758204573.175:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10368 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  463.377843][T10408] binder: 10407:10408 ioctl c0306201 2000000003c0 returned -14
[  463.979614][T10418] binder: 10414:10418 ioctl c018937a 200000000000 returned -22
[  465.125586][T10434] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  465.211834][T10437] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1259'.
[  469.034040][T10477] netlink: 348 bytes leftover after parsing attributes in process `syz.5.1268'.
[  469.187262][T10479] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1271'.
[  469.765972][T10479] vlan2: entered promiscuous mode
[  471.834144][T10503] netlink: 'syz.3.1279': attribute type 6 has an invalid length.
[  472.885078][T10511] random: crng reseeded on system resumption
[  474.368055][T10524] FAULT_INJECTION: forcing a failure.
[  474.368055][T10524] name failslab, interval 1, probability 0, space 0, times 0
[  474.398887][T10524] CPU: 0 UID: 0 PID: 10524 Comm: syz.1.1285 Not tainted syzkaller #0 PREEMPT(full) 
[  474.398905][T10524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  474.398913][T10524] Call Trace:
[  474.398936][T10524]  <TASK>
[  474.398942][T10524]  dump_stack_lvl+0x189/0x250
[  474.398963][T10524]  ? __pfx____ratelimit+0x10/0x10
[  474.398982][T10524]  ? __pfx_dump_stack_lvl+0x10/0x10
[  474.398998][T10524]  ? __pfx__printk+0x10/0x10
[  474.399021][T10524]  ? __pfx___might_resched+0x10/0x10
[  474.399039][T10524]  ? fs_reclaim_acquire+0x7d/0x100
[  474.399055][T10524]  should_fail_ex+0x414/0x560
[  474.399075][T10524]  should_failslab+0xa8/0x100
[  474.399090][T10524]  __kmalloc_noprof+0xcb/0x7f0
[  474.399108][T10524]  ? tomoyo_encode+0x28b/0x550
[  474.399130][T10524]  tomoyo_encode+0x28b/0x550
[  474.399150][T10524]  tomoyo_realpath_from_path+0x58d/0x5d0
[  474.399178][T10524]  tomoyo_path2_perm+0x288/0x680
[  474.399192][T10524]  ? tomoyo_path2_perm+0x235/0x680
[  474.399207][T10524]  ? __pfx_tomoyo_path2_perm+0x10/0x10
[  474.399231][T10524]  ? percpu_ref_get_many+0x19/0x140
[  474.399268][T10524]  tomoyo_path_rename+0x141/0x190
[  474.399289][T10524]  ? __pfx_tomoyo_path_rename+0x10/0x10
[  474.399313][T10524]  ? simple_lookup+0x12c/0x1c0
[  474.399332][T10524]  security_path_rename+0x250/0x490
[  474.399354][T10524]  do_renameat2+0x52b/0xa80
[  474.399386][T10524]  ? __pfx_do_renameat2+0x10/0x10
[  474.399413][T10524]  ? strncpy_from_user+0x150/0x290
[  474.399431][T10524]  ? getname_flags+0x1e5/0x540
[  474.399448][T10524]  __x64_sys_renameat2+0xce/0xe0
[  474.399470][T10524]  do_syscall_64+0xfa/0xfa0
[  474.399488][T10524]  ? lockdep_hardirqs_on+0x9c/0x150
[  474.399506][T10524]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.399519][T10524]  ? clear_bhb_loop+0x60/0xb0
[  474.399535][T10524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.399547][T10524] RIP: 0033:0x7feb90d8eba9
[  474.399560][T10524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  474.399573][T10524] RSP: 002b:00007feb91b34038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  474.399587][T10524] RAX: ffffffffffffffda RBX: 00007feb90fd5fa0 RCX: 00007feb90d8eba9
[  474.399597][T10524] RDX: 0000000000000004 RSI: 00002000000002c0 RDI: 0000000000000004
[  474.399605][T10524] RBP: 00007feb91b34090 R08: 0000000000000000 R09: 0000000000000000
[  474.399613][T10524] R10: 00002000000003c0 R11: 0000000000000246 R12: 0000000000000001
[  474.399621][T10524] R13: 00007feb90fd6038 R14: 00007feb90fd5fa0 R15: 00007ffdd8052ec8
[  474.399645][T10524]  </TASK>
[  474.399660][T10524] ERROR: Out of memory at tomoyo_realpath_from_path.
[  476.030283][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  476.030306][   T30] audit: type=1326 audit(1758204587.845:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10525 comm="syz.5.1284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd67ef8eba9 code=0x7ffc0000
[  476.065806][T10540] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1288'.
[  477.108239][   T30] audit: type=1326 audit(1758204587.845:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10525 comm="syz.5.1284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd67ef8eba9 code=0x7ffc0000
[  478.237694][T10566] CUSE: unknown device info ""
[  478.242702][T10566] CUSE: zero length info key specified
[  478.866872][T10565] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  481.638178][    T9] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  482.452690][   T43] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  482.512907][    T9] usb 4-1: Using ep0 maxpacket: 16
[  482.524812][    T9] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b
[  482.597908][    T9] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  482.682089][    T9] usb 4-1: Product: syz
[  482.686429][    T9] usb 4-1: SerialNumber: syz
[  482.701733][    T9] usb 4-1: config 0 descriptor??
[  482.722545][   T43] usb 3-1: Using ep0 maxpacket: 32
[  483.035820][   T43] usb 3-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  483.121663][    T9] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  483.134727][    T9] dvb_usb_af9015 4-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  483.150577][   T43] usb 3-1: config 0 interface 0 has no altsetting 0
[  483.164479][   T43] usb 3-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  483.195021][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.213400][    T9] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  483.243384][   T43] usb 3-1: config 0 descriptor??
[  483.253841][    T9] dvb_usb_af9035 4-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  483.492329][    T9] usb 4-1: USB disconnect, device number 31
[  483.711441][   T43] vrc2 0003:07C0:1125.000B: fixing up VRC-2 report descriptor
[  483.843108][   T43] input: HID 07c0:1125 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:07C0:1125.000B/input/input17
[  484.035670][   T43] vrc2 0003:07C0:1125.000B: input,hidraw0: USB HID v0.02 Joystick [HID 07c0:1125] on usb-dummy_hcd.2-1/input0
[  484.890231][   T30] audit: type=1326 audit(1758204596.745:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.1.1308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  484.962331][   T30] audit: type=1326 audit(1758204596.745:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.1.1308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  484.985893][   T30] audit: type=1326 audit(1758204596.745:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.1.1308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  485.255210][   T30] audit: type=1326 audit(1758204596.745:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.1.1308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feb90d8d510 code=0x7ffc0000
[  485.854487][   T30] audit: type=1326 audit(1758204596.745:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.1.1308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  485.877679][   T30] audit: type=1326 audit(1758204596.745:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.1.1308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  485.927088][   T30] audit: type=1326 audit(1758204596.745:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.1.1308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  486.014880][   T30] audit: type=1326 audit(1758204596.745:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.1.1308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  486.039833][   T30] audit: type=1326 audit(1758204596.745:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.1.1308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  486.065656][   T30] audit: type=1326 audit(1758204596.755:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.1.1308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  486.155341][T10636] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1312'.
[  487.137583][ T5867] Bluetooth: hci5: unexpected event for opcode 0x0c14
[  488.411087][T10660] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  488.454860][T10660] SQUASHFS error: Failed to read block 0x0: -5
[  488.655200][T10660] unable to read squashfs_super_block
[  490.751396][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  490.930262][    T9] usb 5-1: Using ep0 maxpacket: 8
[  491.044433][    T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  491.051473][ T6004] usb 3-1: USB disconnect, device number 11
[  491.091450][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  491.128860][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  491.250789][    T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  491.270330][    T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  491.270360][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.382101][T10677] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap5
[  491.385343][T10677] batman_adv: batadv0: Adding interface: ip6gretap5
[  491.385360][T10677] batman_adv: batadv0: The MTU of interface ip6gretap5 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  491.385393][T10677] batman_adv: batadv0: Interface activated: ip6gretap5
[  491.500464][    T9] usb 5-1: GET_CAPABILITIES returned 0
[  491.500512][    T9] usbtmc 5-1:16.0: can't read capabilities
[  491.554695][    C1] vkms_vblank_simulate: vblank timer overrun
[  491.731032][T10668] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  491.731431][T10668] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  491.735719][ T6004] usb 5-1: USB disconnect, device number 11
[  492.219081][T10699] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1330'.
[  493.374717][T10713] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1334'.
[  493.964080][T10715] netlink: 'syz.4.1334': attribute type 1 has an invalid length.
[  493.972818][T10715] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1334'.
[  494.387261][T10719] input: syz1 as /devices/virtual/input/input18
[  495.346372][ T5867] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  497.216546][ T6004] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  497.586788][ T6004] usb 5-1: Using ep0 maxpacket: 16
[  498.149623][ T6004] usb 5-1: config 0 has an invalid interface number: 49 but max is 0
[  498.152101][T10758] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1343'.
[  498.158138][ T6004] usb 5-1: config 0 has no interface number 0
[  498.335795][ T6004] usb 5-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 16
[  498.389942][ T6004] usb 5-1: config 0 interface 49 altsetting 0 has an endpoint descriptor with address 0x29, changing to 0x9
[  498.465043][ T6004] usb 5-1: config 0 interface 49 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  498.525934][ T6004] usb 5-1: config 0 interface 49 altsetting 0 bulk endpoint 0x9 has invalid maxpacket 0
[  498.594179][ T6004] usb 5-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7
[  498.630378][ T6004] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.818466][ T6004] usb 5-1: Product: syz
[  498.850207][ T6004] usb 5-1: Manufacturer: syz
[  499.457185][ T6004] usb 5-1: SerialNumber: syz
[  499.500148][ T6004] usb 5-1: config 0 descriptor??
[  499.640388][ T6004] usb 5-1: can't set config #0, error -71
[  499.719891][T10767] ext3: Unknown parameter 'fowner'
[  499.740305][ T6004] usb 5-1: USB disconnect, device number 12
[  499.809143][T10767] squashfs: Unknown parameter 'xœìÝ1h$Uðofw'
[  499.905246][T10772] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1347'.
[  501.277076][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  501.285147][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  501.640230][    T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  501.771231][T10794] FAULT_INJECTION: forcing a failure.
[  501.771231][T10794] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.797074][T10794] CPU: 0 UID: 0 PID: 10794 Comm: syz.1.1354 Not tainted syzkaller #0 PREEMPT(full) 
[  501.797101][T10794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  501.797114][T10794] Call Trace:
[  501.797136][T10794]  <TASK>
[  501.797144][T10794]  dump_stack_lvl+0x189/0x250
[  501.797171][T10794]  ? __pfx____ratelimit+0x10/0x10
[  501.797197][T10794]  ? __pfx_dump_stack_lvl+0x10/0x10
[  501.797236][T10794]  ? __pfx__printk+0x10/0x10
[  501.797277][T10794]  should_fail_ex+0x414/0x560
[  501.797307][T10794]  _copy_to_user+0x31/0xb0
[  501.797329][T10794]  simple_read_from_buffer+0xe1/0x170
[  501.797364][T10794]  proc_fail_nth_read+0x1b3/0x220
[  501.797402][T10794]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  501.797429][T10794]  ? rw_verify_area+0x2a6/0x4d0
[  501.797452][T10794]  ? __lock_acquire+0xab9/0xd20
[  501.797475][T10794]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  501.797499][T10794]  vfs_read+0x200/0xa30
[  501.797523][T10794]  ? fdget_pos+0x247/0x320
[  501.797545][T10794]  ? __pfx___mutex_lock+0x10/0x10
[  501.797572][T10794]  ? __pfx_vfs_read+0x10/0x10
[  501.797598][T10794]  ? __fget_files+0x2a/0x420
[  501.797620][T10794]  ? __fget_files+0x3a0/0x420
[  501.797635][T10794]  ? __fget_files+0x2a/0x420
[  501.797671][T10794]  ksys_read+0x145/0x250
[  501.797699][T10794]  ? __pfx_ksys_read+0x10/0x10
[  501.797728][T10794]  ? do_syscall_64+0xbe/0xfa0
[  501.797756][T10794]  do_syscall_64+0xfa/0xfa0
[  501.797780][T10794]  ? lockdep_hardirqs_on+0x9c/0x150
[  501.797804][T10794]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.797822][T10794]  ? clear_bhb_loop+0x60/0xb0
[  501.797844][T10794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.797862][T10794] RIP: 0033:0x7feb90d8d5bc
[  501.797878][T10794] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  501.797894][T10794] RSP: 002b:00007feb91b34030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  501.797914][T10794] RAX: ffffffffffffffda RBX: 00007feb90fd5fa0 RCX: 00007feb90d8d5bc
[  501.797926][T10794] RDX: 000000000000000f RSI: 00007feb91b340a0 RDI: 0000000000000004
[  501.797938][T10794] RBP: 00007feb91b34090 R08: 0000000000000000 R09: 0000000000000000
[  501.797949][T10794] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[  501.797960][T10794] R13: 00007feb90fd6038 R14: 00007feb90fd5fa0 R15: 00007ffdd8052ec8
[  501.797991][T10794]  </TASK>
[  502.032288][    C0] vkms_vblank_simulate: vblank timer overrun
[  502.874667][    T9] usb 5-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  502.888395][    T9] usb 5-1: config 1 interface 0 has no altsetting 0
[  502.898059][    T9] usb 5-1: New USB device found, idVendor=0b05, idProduct=184a, bcdDevice= 0.40
[  503.031571][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.049870][    T9] usb 5-1: Product: У
[  503.083350][    T9] usb 5-1: Manufacturer: â ‰
[  503.115492][    T9] usb 5-1: SerialNumber: Ñ„
[  503.953069][T10816] IPVS: set_ctl: invalid protocol: 1 172.20.20.187:20001
[  504.005160][T10788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  504.032371][T10788] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  504.081161][T10788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  504.126777][T10788] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  504.145744][T10788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  504.170835][T10788] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  504.354263][T10788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  504.469526][T10788] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  504.852023][ T5946] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  504.860368][    T9] usbhid 5-1:1.0: can't add hid device: -71
[  504.879974][    T9] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  504.950788][    T9] usb 5-1: USB disconnect, device number 13
[  505.179924][T10824] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1366'.
[  505.198292][ T5946] usb 4-1: config 0 has an invalid interface number: 120 but max is 0
[  506.156244][ T5946] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  506.168864][ T5946] usb 4-1: config 0 has no interface number 0
[  506.176240][ T5946] usb 4-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  506.437105][ T5946] usb 4-1: New USB device found, idVendor=04ca, idProduct=300d, bcdDevice=48.44
[  506.476810][ T5946] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.503237][ T5946] usb 4-1: Product: syz
[  506.507460][ T5946] usb 4-1: Manufacturer: syz
[  506.552126][ T5946] usb 4-1: SerialNumber: syz
[  507.111115][ T5946] usb 4-1: config 0 descriptor??
[  507.904383][ T5946] usb 4-1: can't set config #0, error -71
[  507.938314][ T5946] usb 4-1: USB disconnect, device number 32
[  509.888125][T10864] netlink: 'syz.2.1376': attribute type 1 has an invalid length.
[  510.184247][T10870] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1373'.
[  510.890353][T10888] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1380'.
[  511.772556][T10880] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  513.093059][T10896] batadv0: entered promiscuous mode
[  513.098586][T10896] vlan2: entered promiscuous mode
[  515.613424][T10929] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1391'.
[  515.646872][T10919] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1389'.
[  515.694584][T10919] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1389'.
[  516.227115][T10935] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1394'.
[  516.236346][T10935] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1394'.
[  518.246152][T10948] netlink: 120 bytes leftover after parsing attributes in process `syz.5.1398'.
[  518.346113][T10957] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'.
[  518.390689][T10957] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'.
[  518.407141][T10957] 8021q: VLANs not supported on ip_vti0
[  518.642274][T10966] debugfs: '!' already exists in 'ieee80211'
[  522.530293][T11008] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1410'.
[  522.539923][T11008] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1410'.
[  523.207045][T11010] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1411'.
[  523.463478][T11012] netlink: 'syz.1.1412': attribute type 4 has an invalid length.
[  523.513368][T11012] netlink: 'syz.1.1412': attribute type 4 has an invalid length.
[  526.593125][T11055] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1423'.
[  526.780378][ T5922] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  527.283094][ T5922] usb 4-1: Using ep0 maxpacket: 8
[  527.296854][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  527.331604][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  527.445117][ T5922] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  527.474945][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  527.640363][ T5922] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  527.652212][ T5922] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  527.665711][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.677203][ T5922] usb 4-1: config 0 descriptor??
[  527.683767][T11045] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  527.749054][T11070] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1425'.
[  527.758201][T11070] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1425'.
[  528.751133][T11045] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1420'.
[  528.900601][ T5867] Bluetooth: hci6: Opcode 0x0c03 failed: -71
[  528.911380][ T5922] usb 4-1: USB disconnect, device number 33
[  531.077257][T11112] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1435'.
[  533.905924][T11131] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1442'.
[  535.914890][T11172] tmpfs: Bad value for 'mpol'
[  536.429464][T11171] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1449'.
[  539.980193][T11212] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1461'.
[  540.595677][T11212] bridge_slave_1: left allmulticast mode
[  540.601671][T11212] bridge_slave_1: left promiscuous mode
[  540.643401][T11212] bridge0: port 2(bridge_slave_1) entered disabled state
[  541.016818][T11212] bridge_slave_0: left allmulticast mode
[  541.034145][T11212] bridge_slave_0: left promiscuous mode
[  541.039877][T11212] bridge0: port 1(bridge_slave_0) entered disabled state
[  542.144108][T11238] netlink: 'syz.2.1468': attribute type 10 has an invalid length.
[  544.295033][T11260] hfs: Bad value for 'gid'
[  545.645380][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  545.645407][   T30] audit: type=1326 audit(1758204657.465:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11263 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  545.757195][T11267] syz.3.1475 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  545.935790][   T30] audit: type=1326 audit(1758204657.465:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11263 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  546.081976][   T30] audit: type=1326 audit(1758204657.465:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11263 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  546.238925][   T30] audit: type=1326 audit(1758204657.465:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11263 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  546.390156][   T30] audit: type=1326 audit(1758204657.465:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11263 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  546.442782][   T30] audit: type=1326 audit(1758204657.465:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11263 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  546.465366][   T30] audit: type=1326 audit(1758204657.465:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11263 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  546.488145][   T30] audit: type=1326 audit(1758204657.465:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11263 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  546.511196][   T30] audit: type=1326 audit(1758204657.465:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11263 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  546.542666][   T30] audit: type=1326 audit(1758204657.465:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11263 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  546.787826][T11283] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1480'.
[  547.271656][T11291] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1482'.
[  547.289528][T11291] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1482'.
[  550.767234][ T6004] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  550.940714][ T6004] usb 2-1: Using ep0 maxpacket: 8
[  552.496977][T11305] binder: 11304:11305 unknown command 0
[  552.503065][T11305] binder: 11304:11305 ioctl c0306201 200000000040 returned -22
[  552.518210][T11305] binder: 11304:11305 ioctl c0306201 200000000640 returned -22
[  552.610369][T11307] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1486'.
[  557.010858][ T6004] usb 2-1: device descriptor read/all, error -71
[  557.542518][T11329] netlink: 144 bytes leftover after parsing attributes in process `syz.5.1493'.
[  561.236338][T11376] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1503'.
[  562.613172][T11398] netlink: 'syz.1.1508': attribute type 1 has an invalid length.
[  562.664788][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  562.710199][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  563.622074][T11420] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1513'.
[  563.679222][T11420] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  563.686878][T11420] IPv6: NLM_F_CREATE should be set when creating new route
[  563.740560][ T5877] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  563.898411][T11425] batadv0: entered promiscuous mode
[  563.904237][T11425] vlan2: entered promiscuous mode
[  564.212719][ T5877] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  564.223215][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.239227][ T5877] usb 5-1: config 0 descriptor??
[  564.347428][ T5867] Bluetooth: hci1: unexpected event for opcode 0x0c14
[  564.761130][ T5877] gspca_main: cpia1-2.14.0 probing 0813:0001
[  564.835472][T11440] debugfs: '!' already exists in 'ieee80211'
[  565.086153][ T5877] gspca_cpia1: usb_control_msg 03, error -32
[  565.534630][T11450] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  565.560453][T11450] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  565.595487][T11450] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  565.619337][ T5877] gspca_cpia1: usb_control_msg 03, error -71
[  565.657289][ T5877] gspca_cpia1: usb_control_msg 01, error -71
[  565.664624][T11450] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  565.681771][T11450] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  565.689591][ T5877] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0)
[  565.692021][T11450] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  565.721341][ T5877] usb 5-1: USB disconnect, device number 14
[  565.734802][T11450] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  565.830749][T11450] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  565.844863][T11450] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  565.853215][T11450] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  566.121660][T11458] netdevsim netdevsim1 : renamed from netdevsim0 (while UP)
[  566.460730][T11466] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  566.744692][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  566.744708][   T30] audit: type=1326 audit(1758204678.615:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11463 comm="syz.1.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  566.796246][T11480] netlink: 'syz.3.1528': attribute type 12 has an invalid length.
[  566.804328][T11480] netlink: 'syz.3.1528': attribute type 29 has an invalid length.
[  566.813073][T11480] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1528'.
[  566.815402][   T30] audit: type=1326 audit(1758204678.615:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11463 comm="syz.1.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  566.893416][T11482] IPVS: set_ctl: invalid protocol: 1 172.20.20.187:20001
[  566.912195][   T30] audit: type=1326 audit(1758204678.655:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11463 comm="syz.1.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  567.055685][   T30] audit: type=1326 audit(1758204678.655:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11463 comm="syz.1.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  567.898376][   T30] audit: type=1326 audit(1758204678.655:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11463 comm="syz.1.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  567.904387][ T5867] Bluetooth: hci1: command 0x0406 tx timeout
[  567.920761][    C1] vkms_vblank_simulate: vblank timer overrun
[  567.922290][   T30] audit: type=1326 audit(1758204678.715:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11463 comm="syz.1.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feb90d8d510 code=0x7ffc0000
[  567.929652][ T5185] Bluetooth: hci2: command 0x0406 tx timeout
[  567.935534][   T30] audit: type=1326 audit(1758204678.725:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11463 comm="syz.1.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  567.956551][ T5867] Bluetooth: hci3: command 0x0406 tx timeout
[  567.990625][ T5185] Bluetooth: hci4: command 0x0406 tx timeout
[  567.997437][ T5185] Bluetooth: hci5: command 0x0406 tx timeout
[  568.137969][   T30] audit: type=1326 audit(1758204678.725:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11463 comm="syz.1.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  568.160984][   T30] audit: type=1326 audit(1758204678.725:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11463 comm="syz.1.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  568.183252][    C1] vkms_vblank_simulate: vblank timer overrun
[  568.190106][   T30] audit: type=1326 audit(1758204678.725:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11463 comm="syz.1.1523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb90d8eba9 code=0x7ffc0000
[  569.001517][T11497] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 1
[  569.011031][T11497] EXT4-fs (loop3): unable to read superblock
[  569.061963][ T5877] af_packet: tpacket_rcv: packet too big, clamped from 80 to 4294967272. macoff=96
[  569.530164][ T5877] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  569.701778][ T5877] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  569.734492][ T5877] usb 2-1: config 1 has an invalid descriptor of length 92, skipping remainder of the config
[  569.920182][ T5877] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  569.932093][ T5877] usb 2-1: config 1 has no interface number 0
[  569.938637][ T5877] usb 2-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30
[  569.949647][ T5877] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32
[  569.967179][ T5877] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  569.977468][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.985662][ T5877] usb 2-1: Product: syz
[  569.998394][ T5877] usb 2-1: Manufacturer: syz
[  570.014368][ T5877] usb 2-1: SerialNumber: syz
[  570.020863][T11491] Bluetooth: hci3: command 0x0406 tx timeout
[  570.020903][   T52] Bluetooth: hci5: command 0x0406 tx timeout
[  570.028098][ T5867] Bluetooth: hci4: command 0x0406 tx timeout
[  570.033128][   T52] Bluetooth: hci2: command 0x0406 tx timeout
[  570.039351][ T5867] Bluetooth: hci1: command 0x0406 tx timeout
[  570.076562][ T5877] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  570.090502][ T5877] cdc_ncm 2-1:1.1: bind() failure
[  571.055106][   T43] usb 2-1: USB disconnect, device number 23
[  573.187471][T11532] GUP no longer grows the stack in syz.5.1544 (11532): 200000005000-200000008000 (200000004000)
[  573.198231][T11532] CPU: 1 UID: 0 PID: 11532 Comm: syz.5.1544 Not tainted syzkaller #0 PREEMPT(full) 
[  573.198248][T11532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  573.198256][T11532] Call Trace:
[  573.198261][T11532]  <TASK>
[  573.198267][T11532]  dump_stack_lvl+0x189/0x250
[  573.198290][T11532]  ? __pfx_dump_stack_lvl+0x10/0x10
[  573.198306][T11532]  ? __pfx__printk+0x10/0x10
[  573.198323][T11532]  ? find_vma+0xe7/0x160
[  573.198349][T11532]  fixup_user_fault+0x661/0x720
[  573.198377][T11532]  fault_in_user_writeable+0x72/0xe0
[  573.198391][T11532]  futex_lock_pi+0x773/0xa90
[  573.198413][T11532]  ? __pfx_futex_lock_pi+0x10/0x10
[  573.198449][T11532]  ? __pfx_futex_wake_mark+0x10/0x10
[  573.198471][T11532]  ? __seccomp_filter+0x3c6/0x1a30
[  573.198501][T11532]  do_futex+0x292/0x420
[  573.198519][T11532]  ? __pfx_do_futex+0x10/0x10
[  573.198534][T11532]  ? __vm_munmap+0x2c1/0x380
[  573.198553][T11532]  __se_sys_futex+0x36f/0x400
[  573.198572][T11532]  ? __pfx___se_sys_futex+0x10/0x10
[  573.198591][T11532]  ? __x64_sys_futex+0x21/0xf0
[  573.198607][T11532]  do_syscall_64+0xfa/0xfa0
[  573.198624][T11532]  ? lockdep_hardirqs_on+0x9c/0x150
[  573.198641][T11532]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.198654][T11532]  ? clear_bhb_loop+0x60/0xb0
[  573.198669][T11532]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.198681][T11532] RIP: 0033:0x7fd67ef8eba9
[  573.198693][T11532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  573.198704][T11532] RSP: 002b:00007fd67feb7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  573.198717][T11532] RAX: ffffffffffffffda RBX: 00007fd67f1d5fa0 RCX: 00007fd67ef8eba9
[  573.198726][T11532] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000
[  573.198735][T11532] RBP: 00007fd67f011e19 R08: 0000000000000000 R09: 0000000000000000
[  573.198742][T11532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  573.198750][T11532] R13: 00007fd67f1d6038 R14: 00007fd67f1d5fa0 R15: 00007ffe54bbf048
[  573.198771][T11532]  </TASK>
[  573.429248][T11532] Invalid source name
[  573.433293][T11532] UBIFS error (pid: 11532): cannot open "À", error -22
[  573.790265][ T5946] usb 4-1: new full-speed USB device number 34 using dummy_hcd
[  574.408483][T11557] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  574.504515][T11557] EXT4-fs (loop1): unable to read superblock
[  574.643965][T11562] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1553'.
[  575.475141][T11568] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  575.519407][T11568] EXT4-fs (loop3): unable to read superblock
[  575.521900][   T30] kauditd_printk_skb: 20 callbacks suppressed
[  575.521919][   T30] audit: type=1326 audit(1758204687.385:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11539 comm="syz.2.1547" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd32758eba9 code=0x0
[  575.926637][ T5922] kernel write not supported for file /1019/oom_adj (pid: 5922 comm: kworker/0:5)
[  576.210177][T11578] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1558'.
[  576.219184][T11578] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1558'.
[  576.269963][T11579] netlink: 'syz.1.1558': attribute type 1 has an invalid length.
[  576.277950][T11579] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1558'.
[  576.633967][T11586] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  576.871784][T11592] tipc: Enabled bearer <udp:syz1>, priority 10
[  577.045417][   T30] audit: type=1800 audit(1758204688.915:350): pid=11599 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1564" name="nullb0" dev="tmpfs" ino=1180 res=0 errno=0
[  577.615739][T11605] netlink: 'syz.5.1566': attribute type 10 has an invalid length.
[  577.703276][T11605] veth1_macvtap: left promiscuous mode
[  578.110294][T11577] XFS (loop4): Invalid device [./file0], error=-2
[  578.370866][T11621] IPVS: set_ctl: invalid protocol: 1 172.20.20.187:20001
[  581.029346][T11663] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1578'.
[  581.455175][T11670] bond0: (slave bond_slave_0): Releasing backup interface
[  581.525839][T11670] bond0: (slave bond_slave_1): Releasing backup interface
[  581.590752][T11670] team0: Failed to send options change via netlink (err -105)
[  581.603894][T11670] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  581.634381][T11670] team0: Port device team_slave_0 removed
[  581.689160][T11670] team0: Failed to send options change via netlink (err -105)
[  581.717401][T11670] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[  581.749321][T11670] team0: Port device team_slave_1 removed
[  581.764837][T11670] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  581.850361][T11670] batman_adv: batadv0: Removing interface: batadv_slave_0
[  581.929827][T11670] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  581.982602][T11670] batman_adv: batadv0: Removing interface: batadv_slave_1
[  582.079971][T11670] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  582.230358][T11685] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1585'.
[  583.577894][ T6017] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  583.849333][ T6017] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  583.920809][T11705] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  583.948198][   T62] Bluetooth: hci6: Frame reassembly failed (-84)
[  584.121093][T11712] kAFS: No cell specified
[  585.940614][T11491] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  585.945849][ T5867] Bluetooth: hci6: command 0x1003 tx timeout
[  587.334808][T11758] FAULT_INJECTION: forcing a failure.
[  587.334808][T11758] name failslab, interval 1, probability 0, space 0, times 0
[  587.347861][T11758] CPU: 1 UID: 0 PID: 11758 Comm: syz.4.1606 Not tainted syzkaller #0 PREEMPT(full) 
[  587.347884][T11758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  587.347895][T11758] Call Trace:
[  587.347902][T11758]  <TASK>
[  587.347911][T11758]  dump_stack_lvl+0x189/0x250
[  587.347931][T11758]  ? __pfx____ratelimit+0x10/0x10
[  587.347949][T11758]  ? __pfx_dump_stack_lvl+0x10/0x10
[  587.347963][T11758]  ? __pfx__printk+0x10/0x10
[  587.347982][T11758]  ? __pfx___might_resched+0x10/0x10
[  587.348000][T11758]  ? fs_reclaim_acquire+0x7d/0x100
[  587.348015][T11758]  should_fail_ex+0x414/0x560
[  587.348033][T11758]  should_failslab+0xa8/0x100
[  587.348047][T11758]  __kmalloc_cache_noprof+0x6f/0x6f0
[  587.348065][T11758]  ? __request_module+0x2b5/0x5e0
[  587.348086][T11758]  __request_module+0x2b5/0x5e0
[  587.348102][T11758]  ? __pfx___request_module+0x10/0x10
[  587.348121][T11758]  ? __pfx___request_module+0x10/0x10
[  587.348140][T11758]  ? apparmor_capable+0x137/0x1b0
[  587.348165][T11758]  ? dev_load+0x21/0x1f0
[  587.348185][T11758]  dev_ioctl+0x837/0x1150
[  587.348205][T11758]  sock_ioctl+0x719/0x790
[  587.348221][T11758]  ? __pfx_sock_ioctl+0x10/0x10
[  587.348238][T11758]  ? __fget_files+0x3a0/0x420
[  587.348250][T11758]  ? __fget_files+0x2a/0x420
[  587.348263][T11758]  ? bpf_lsm_file_ioctl+0x9/0x20
[  587.348278][T11758]  ? __pfx_sock_ioctl+0x10/0x10
[  587.348293][T11758]  __se_sys_ioctl+0xfc/0x170
[  587.348310][T11758]  do_syscall_64+0xfa/0xfa0
[  587.348333][T11758]  ? lockdep_hardirqs_on+0x9c/0x150
[  587.348349][T11758]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.348362][T11758]  ? clear_bhb_loop+0x60/0xb0
[  587.348377][T11758]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.348388][T11758] RIP: 0033:0x7fc53578eba9
[  587.348399][T11758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  587.348410][T11758] RSP: 002b:00007fc53666a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  587.348424][T11758] RAX: ffffffffffffffda RBX: 00007fc5359d5fa0 RCX: 00007fc53578eba9
[  587.348433][T11758] RDX: 0000200000001440 RSI: 00000000000089ff RDI: 0000000000000006
[  587.348441][T11758] RBP: 00007fc53666a090 R08: 0000000000000000 R09: 0000000000000000
[  587.348448][T11758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  587.348457][T11758] R13: 00007fc5359d6038 R14: 00007fc5359d5fa0 R15: 00007ffea831ce78
[  587.348478][T11758]  </TASK>
[  587.588187][    C1] vkms_vblank_simulate: vblank timer overrun
[  588.297054][T11773] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1609'.
[  589.657009][T11787] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1613'.
[  590.892411][T11801] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  590.903187][T11803] batadv_slave_1: entered allmulticast mode
[  590.911687][T11805] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  590.919939][T11801] SQUASHFS error: Failed to read block 0x0: -5
[  591.099023][T11801] unable to read squashfs_super_block
[  592.960180][ T6004] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  593.190492][ T6004] usb 5-1: Using ep0 maxpacket: 16
[  593.655943][ T6004] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  593.997482][ T6004] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  594.022608][ T6004] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  594.043207][ T6004] usb 5-1: Product: syz
[  594.052520][ T6004] usb 5-1: Manufacturer: syz
[  594.068338][ T6004] usb 5-1: SerialNumber: syz
[  594.091778][ T6004] usb 5-1: config 0 descriptor??
[  594.108562][ T6004] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  594.133916][ T6004] em28xx 5-1:0.0: DVB interface 0 found: bulk
[  594.872884][T11851] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.883655][T11851] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.441225][ T6004] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  595.527505][ T6004] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  595.552776][ T6004] em28xx 5-1:0.0: board has no eeprom
[  595.650211][ T6004] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  595.890108][ T6004] em28xx 5-1:0.0: dvb set to bulk mode.
[  595.943369][   T43] em28xx 5-1:0.0: Binding DVB extension
[  595.968394][ T6004] usb 5-1: USB disconnect, device number 15
[  595.988158][ T6004] em28xx 5-1:0.0: Disconnecting em28xx
[  596.084253][   T43] em28xx 5-1:0.0: Registering input extension
[  596.096177][ T6004] em28xx 5-1:0.0: Closing input extension
[  596.149631][ T6004] em28xx 5-1:0.0: Freeing device
[  596.432358][T11868] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1633'.
[  597.997109][T11902] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1644'.
[  599.161047][T11920] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[  599.183087][T11920] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  599.210156][T11919] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  600.163160][T11929] netlink: 'syz.2.1650': attribute type 10 has an invalid length.
[  600.235171][T11929] bond0: (slave team0): Releasing backup interface
[  600.278228][T11931] IPv4: Oversized IP packet from 127.202.26.0
[  600.302620][T11935] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1653'.
[  600.351348][T11933] netlink: 1 bytes leftover after parsing attributes in process `syz.5.1652'.
[  600.547151][T11941] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1653'.
[  600.647815][T11935] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  600.765697][T11941] 8021q: adding VLAN 0 to HW filter on device bond1
[  600.815338][ T3481] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  600.835245][ T3481] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  600.957885][ T3481] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  600.991785][ T3481] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  601.568847][T11955] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.1658'.
[  601.578189][T11955] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.1658'.
[  601.722704][T11961] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  601.736171][T11961] batman_adv: batadv0: Adding interface: ip6gretap1
[  601.743184][T11961] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  601.800012][T11961] batman_adv: batadv0: Interface activated: ip6gretap1
[  602.700626][T11973] overlayfs: failed to get inode (-116)
[  602.708120][T11973] overlayfs: failed to get inode (-116)
[  602.714879][T11972] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1663'.
[  602.746570][T11972] binder: BINDER_SET_CONTEXT_MGR already set
[  602.756305][T11972] binder: 11970:11972 ioctl 4018620d 200000000100 returned -16
[  602.899063][T11977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1664'.
[  605.776686][T11987] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1665'.
[  606.702277][T11996] netlink: 'syz.1.1668': attribute type 1 has an invalid length.
[  607.746621][T12012] vlan2: entered promiscuous mode
[  608.522826][T12017] netlink: 'syz.2.1676': attribute type 10 has an invalid length.
[  608.535200][T12017] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.595001][T12024] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1676'.
[  608.596712][T12017] bridge0: port 1(bridge_slave_0) entered blocking state
[  608.611179][T12017] bridge0: port 1(bridge_slave_0) entered forwarding state
[  608.668189][T12017] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  611.690283][ T6017] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  611.880209][ T6017] usb 5-1: Using ep0 maxpacket: 16
[  611.896109][ T6017] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  611.927531][ T6017] usb 5-1: config 0 interface 0 has no altsetting 0
[  611.963477][ T6017] usb 5-1: New USB device found, idVendor=04d9, idProduct=a04a, bcdDevice= 0.00
[  611.990270][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.009475][ T6017] usb 5-1: config 0 descriptor??
[  613.318011][ T6017] holtek_mouse 0003:04D9:A04A.000D: unknown main item tag 0x1
[  613.346869][ T6017] holtek_mouse 0003:04D9:A04A.000D: hidraw0: USB HID v80.01 Device [HID 04d9:a04a] on usb-dummy_hcd.4-1/input0
[  613.535547][    T9] usb 5-1: USB disconnect, device number 16
[  613.788547][T12097] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1698'.
[  615.772272][T12117] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  615.785147][T12117] FAT-fs (loop3): unable to read boot sector
[  616.877599][T12127] fuse: Unknown parameter '00000000000000000000'
[  617.651843][T12144] overlayfs: failed to clone upperpath
[  618.024852][T12146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1716'.
[  618.132755][T12140] IPVS: stopping backup sync thread 12148 ...
[  618.139612][T12148] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  622.335529][T12203] netlink: 'syz.5.1733': attribute type 3 has an invalid length.
[  622.370751][T12203] netlink: 'syz.5.1733': attribute type 3 has an invalid length.
[  622.452320][T12206] fuse: Bad value for 'user_id'
[  622.475458][T12211] mac80211_hwsim hwsim9 wlan0: entered promiscuous mode
[  622.479392][T12206] fuse: Bad value for 'user_id'
[  622.479587][T12211] macsec2: entered promiscuous mode
[  622.479857][T12211] macsec2: entered allmulticast mode
[  622.479889][T12211] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode
[  622.484305][T12214] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1736'.
[  622.748604][T12226] netem: incorrect ge model size
[  622.754059][T12226] netem: change failed
[  622.802819][T12222] FAULT_INJECTION: forcing a failure.
[  622.802819][T12222] name failslab, interval 1, probability 0, space 0, times 0
[  622.815769][T12222] CPU: 0 UID: 0 PID: 12222 Comm: syz.1.1739 Not tainted syzkaller #0 PREEMPT(full) 
[  622.815794][T12222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  622.815806][T12222] Call Trace:
[  622.815814][T12222]  <TASK>
[  622.815840][T12222]  dump_stack_lvl+0x189/0x250
[  622.815875][T12222]  ? __pfx____ratelimit+0x10/0x10
[  622.815903][T12222]  ? __pfx_dump_stack_lvl+0x10/0x10
[  622.815945][T12222]  ? __pfx__printk+0x10/0x10
[  622.815979][T12222]  ? __pfx___might_resched+0x10/0x10
[  622.816008][T12222]  ? fs_reclaim_acquire+0x7d/0x100
[  622.816033][T12222]  should_fail_ex+0x414/0x560
[  622.816063][T12222]  should_failslab+0xa8/0x100
[  622.816085][T12222]  __kmalloc_node_track_caller_noprof+0xcd/0x800
[  622.816116][T12222]  ? __request_module+0x2d1/0x5e0
[  622.816144][T12222]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[  622.816177][T12222]  kstrdup+0x42/0x100
[  622.816202][T12222]  __request_module+0x2d1/0x5e0
[  622.816229][T12222]  ? __pfx___request_module+0x10/0x10
[  622.816260][T12222]  ? __pfx___request_module+0x10/0x10
[  622.816292][T12222]  ? apparmor_capable+0x137/0x1b0
[  622.816333][T12222]  ? dev_load+0x21/0x1f0
[  622.816365][T12222]  dev_ioctl+0x837/0x1150
[  622.816399][T12222]  sock_ioctl+0x719/0x790
[  622.816427][T12222]  ? __pfx_sock_ioctl+0x10/0x10
[  622.816456][T12222]  ? __fget_files+0x3a0/0x420
[  622.816475][T12222]  ? __fget_files+0x2a/0x420
[  622.816498][T12222]  ? bpf_lsm_file_ioctl+0x9/0x20
[  622.816522][T12222]  ? __pfx_sock_ioctl+0x10/0x10
[  622.816546][T12222]  __se_sys_ioctl+0xfc/0x170
[  622.816576][T12222]  do_syscall_64+0xfa/0xfa0
[  622.816607][T12222]  ? lockdep_hardirqs_on+0x9c/0x150
[  622.816635][T12222]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  622.816656][T12222]  ? clear_bhb_loop+0x60/0xb0
[  622.816681][T12222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  622.816700][T12222] RIP: 0033:0x7feb90d8eba9
[  622.816719][T12222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  622.816743][T12222] RSP: 002b:00007feb91b34038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  622.816765][T12222] RAX: ffffffffffffffda RBX: 00007feb90fd5fa0 RCX: 00007feb90d8eba9
[  622.816780][T12222] RDX: 0000200000001440 RSI: 00000000000089ff RDI: 0000000000000006
[  622.816793][T12222] RBP: 00007feb91b34090 R08: 0000000000000000 R09: 0000000000000000
[  622.816806][T12222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  622.816818][T12222] R13: 00007feb90fd6038 R14: 00007feb90fd5fa0 R15: 00007ffdd8052ec8
[  622.816853][T12222]  </TASK>
[  623.954845][T12246] netlink: 'syz.2.1747': attribute type 3 has an invalid length.
[  624.019794][T12247] tipc: Enabled bearer <eth:batadv0>, priority 15
[  624.653935][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  624.660380][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  624.720205][    T9] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  624.820366][ T6017] usb 4-1: new full-speed USB device number 35 using dummy_hcd
[  624.844719][T12266] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1752'.
[  624.880202][    T9] usb 2-1: Using ep0 maxpacket: 32
[  624.893475][    T9] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  624.919249][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  624.928093][    T9] usb 2-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  624.941852][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  624.963485][    T9] usb 2-1: config 0 descriptor??
[  624.991995][ T6017] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  625.005156][ T6017] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  625.015880][ T6017] usb 4-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
[  625.027758][ T6017] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  625.041291][ T6017] usb 4-1: config 0 descriptor??
[  625.141405][ T5922] tipc: Node number set to 3029170707
[  626.193038][ T6017] hid (null): report_id 638311343 is invalid
[  626.199913][    T9] vrc2 0003:07C0:1125.000E: fixing up VRC-2 report descriptor
[  626.229949][    T9] input: HID 07c0:1125 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:07C0:1125.000E/input/input20
[  626.244180][ T6017] hid-u2fzero 0003:10C4:8ACF.000F: report_id 638311343 is invalid
[  626.275098][ T6017] hid-u2fzero 0003:10C4:8ACF.000F: item 0 4 1 8 parsing failed
[  626.295635][ T6017] hid-u2fzero 0003:10C4:8ACF.000F: probe with driver hid-u2fzero failed with error -22
[  626.335054][    T9] vrc2 0003:07C0:1125.000E: input,hidraw0: USB HID v0.02 Joystick [HID 07c0:1125] on usb-dummy_hcd.1-1/input0
[  626.453089][T12285] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1757'.
[  626.507015][ T6017] usb 4-1: USB disconnect, device number 35
[  627.560984][T12303] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  629.267415][   T43] usb 2-1: USB disconnect, device number 24
[  629.297983][   T30] audit: type=1326 audit(1758204747.157:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12329 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07bab8eba9 code=0x7ffc0000
[  629.384209][   T30] audit: type=1326 audit(1758204747.167:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12329 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07bab8eba9 code=0x7ffc0000
[  629.473824][   T30] audit: type=1326 audit(1758204747.167:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12329 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f07bab90ac7 code=0x7ffc0000
[  629.686794][   T30] audit: type=1326 audit(1758204747.167:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12329 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f07bab90a3c code=0x7ffc0000
[  630.023021][   T30] audit: type=1326 audit(1758204747.167:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12329 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f07bab90974 code=0x7ffc0000
[  630.330237][   T30] audit: type=1326 audit(1758204747.167:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12329 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f07bab90974 code=0x7ffc0000
[  630.353004][   T30] audit: type=1326 audit(1758204747.167:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12329 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f07bab8d80a code=0x7ffc0000
[  630.376670][   T30] audit: type=1326 audit(1758204747.167:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12329 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07bab8eba9 code=0x7ffc0000
[  630.403346][   T30] audit: type=1326 audit(1758204747.167:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12329 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07bab8eba9 code=0x7ffc0000
[  630.426472][   T30] audit: type=1326 audit(1758204747.167:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12329 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f07bab8d510 code=0x7ffc0000
[  630.565393][T12352] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  630.634799][T11491] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  631.331173][T12352] cramfs: wrong magic
[  631.443109][T12352] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1773'.
[  631.803201][T12367] tmpfs: Bad value for 'mpol'
[  632.676709][T12389] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1785'.
[  633.290810][T12423] tmpfs: Bad value for 'mpol'
[  636.075785][T12496] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1807'.
[  636.206533][T12496] veth0: entered promiscuous mode
[  636.213464][T12498] netlink: 'syz.4.1806': attribute type 10 has an invalid length.
[  636.213958][T12495] veth0: left promiscuous mode
[  636.761274][T12513] 9pnet_fd: Insufficient options for proto=fd
[  637.535637][T12520] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  639.093296][T12544] 9pnet_fd: Insufficient options for proto=fd
[  639.961097][T12556] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  640.357185][T12565] netlink: 'syz.3.1825': attribute type 12 has an invalid length.
[  640.365062][T12565] netlink: 'syz.3.1825': attribute type 29 has an invalid length.
[  640.622125][T12567] I/O error, dev loop1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  640.633696][T12567] I/O error, dev loop1, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  640.643654][T12567] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  640.654674][T12567] I/O error, dev loop1, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  640.664611][T12567] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  640.674255][T12567] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  640.681994][T12567] UDF-fs: Scanning with blocksize 512 failed
[  640.694644][T12567] I/O error, dev loop1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  640.705333][T12567] I/O error, dev loop1, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  640.715285][T12567] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  640.726715][T12567] I/O error, dev loop1, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  640.736751][T12567] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  640.746403][T12567] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  640.754110][T12567] UDF-fs: Scanning with blocksize 1024 failed
[  640.765079][T12567] I/O error, dev loop1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  640.775639][T12567] I/O error, dev loop1, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  640.785548][T12567] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  640.796513][T12567] I/O error, dev loop1, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  640.806578][T12567] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  640.816583][T12567] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  640.824495][T12567] UDF-fs: Scanning with blocksize 2048 failed
[  640.831014][T12567] I/O error, dev loop1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  640.840557][T12567] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  640.846536][T12565] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1825'.
[  640.851275][T12567] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  640.868936][T12567] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  640.876622][T12567] UDF-fs: Scanning with blocksize 4096 failed
[  640.882713][T12567] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1)
[  641.135826][ T5867] Bluetooth: hci5: command 0x0406 tx timeout
[  643.105112][T12593] tipc: New replicast peer: 255.255.255.255
[  643.111729][T12593] tipc: Enabled bearer <udp:syz2>, priority 10
[  644.294611][T12471] tipc: Node number set to 3464369721
[  644.771283][T12613] ------------[ cut here ]------------
[  644.777489][T12613] wlan1: Failed check-sdata-in-driver check, flags: 0x0
[  644.808909][T12613] WARNING: net/mac80211/driver-ops.c:366 at drv_unassign_vif_chanctx+0x50b/0x7e0, CPU#0: syz.4.1838/12613
[  644.820731][T12613] Modules linked in:
[  644.825317][T12613] CPU: 0 UID: 0 PID: 12613 Comm: syz.4.1838 Not tainted syzkaller #0 PREEMPT(full) 
[  644.835058][T12613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  644.845701][T12613] RIP: 0010:drv_unassign_vif_chanctx+0x50b/0x7e0
[  644.852069][T12613] Code: 8d 8d b8 09 00 00 48 85 c0 48 0f 44 f1 43 0f b6 04 3e 84 c0 0f 85 6b 02 00 00 8b 55 00 48 c7 c7 40 66 d0 8c e8 76 68 91 f6 90 <0f> 0b 90 90 e9 ee fc ff ff e8 57 fa cd f6 90 0f 0b 90 42 80 7c 3d
[  644.872240][T12613] RSP: 0018:ffffc9000b1578f0 EFLAGS: 00010246
[  644.878706][T12613] RAX: 981ffb322a72ca00 RBX: 0000000000000000 RCX: 0000000000080000
[  644.887221][T12613] RDX: ffffc9000cc74000 RSI: 0000000000006ec7 RDI: 0000000000006ec8
[  644.895447][T12613] RBP: ffff888054091728 R08: 0000000000000003 R09: 0000000000000004
[  644.903611][T12613] R10: dffffc0000000000 R11: fffffbfff1c3a668 R12: ffff8880540929d8
[  644.911744][T12613] R13: ffff888054090d80 R14: 1ffff1100a8122e5 R15: dffffc0000000000
[  644.919751][T12613] FS:  00007fc53666a6c0(0000) GS:ffff8881259e1000(0000) knlGS:0000000000000000
[  644.928779][T12613] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  644.935400][T12613] CR2: 00007f84dcc0a6b0 CR3: 000000007a0c0000 CR4: 00000000003526f0
[  644.943383][T12613] DR0: 0000000000000005 DR1: 0000000000000000 DR2: 0000000000000000
[  644.951413][T12613] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  644.959404][T12613] Call Trace:
[  644.962696][T12613]  <TASK>
[  644.965690][T12613]  ieee80211_assign_link_chanctx+0x1ec/0xd70
[  644.971711][T12613]  __ieee80211_link_release_channel+0x33b/0x4a0
[  644.978299][T12613]  ieee80211_if_change_type+0x14c/0x990
[  644.983965][T12613]  ieee80211_change_iface+0xd5/0x510
[  644.989293][T12613]  cfg80211_change_iface+0x795/0xef0
[  644.994671][T12613]  cfg80211_wext_siwmode+0x1db/0x2b0
[  644.999989][T12613]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[  645.006114][T12613]  ? full_name_hash+0x92/0xe0
[  645.010831][T12613]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[  645.016914][T12613]  ioctl_standard_call+0xcb/0x1b0
[  645.021984][T12613]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[  645.027946][T12613]  wext_ioctl_dispatch+0xee/0x410
[  645.032990][T12613]  ? __pfx_ioctl_standard_call+0x10/0x10
[  645.038695][T12613]  wext_handle_ioctl+0x100/0x1c0
[  645.043664][T12613]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  645.049221][T12613]  sock_ioctl+0x15f/0x790
[  645.053578][T12613]  ? __pfx_sock_ioctl+0x10/0x10
[  645.058691][T12613]  ? __fget_files+0x3a0/0x420
[  645.063394][T12613]  ? __fget_files+0x2a/0x420
[  645.068089][T12613]  ? bpf_lsm_file_ioctl+0x9/0x20
[  645.073063][T12613]  ? __pfx_sock_ioctl+0x10/0x10
[  645.078027][T12613]  __se_sys_ioctl+0xfc/0x170
[  645.082655][T12613]  do_syscall_64+0xfa/0xfa0
[  645.087250][T12613]  ? lockdep_hardirqs_on+0x9c/0x150
[  645.092486][T12613]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.098600][T12613]  ? clear_bhb_loop+0x60/0xb0
[  645.103302][T12613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.109474][T12613] RIP: 0033:0x7fc53578eba9
[  645.114118][T12613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  645.134370][T12613] RSP: 002b:00007fc53666a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  645.142807][T12613] RAX: ffffffffffffffda RBX: 00007fc5359d5fa0 RCX: 00007fc53578eba9
[  645.150850][T12613] RDX: 0000200000000080 RSI: 0000000000008b06 RDI: 0000000000000003
[  645.158888][T12613] RBP: 00007fc535811e19 R08: 0000000000000000 R09: 0000000000000000
[  645.167275][T12613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  645.175431][T12613] R13: 00007fc5359d6038 R14: 00007fc5359d5fa0 R15: 00007ffea831ce78
[  645.183446][T12613]  </TASK>
[  645.186543][T12613] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  645.193840][T12613] CPU: 0 UID: 0 PID: 12613 Comm: syz.4.1838 Not tainted syzkaller #0 PREEMPT(full) 
[  645.203217][T12613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  645.213283][T12613] Call Trace:
[  645.216575][T12613]  <TASK>
[  645.219520][T12613]  dump_stack_lvl+0x99/0x250
[  645.224110][T12613]  ? __asan_memcpy+0x40/0x70
[  645.228698][T12613]  ? __pfx_dump_stack_lvl+0x10/0x10
[  645.233902][T12613]  ? __pfx__printk+0x10/0x10
[  645.238503][T12613]  vpanic+0x237/0x6d0
[  645.242492][T12613]  ? __pfx_vpanic+0x10/0x10
[  645.246998][T12613]  ? is_bpf_text_address+0x26/0x2b0
[  645.252238][T12613]  panic+0xb9/0xc0
[  645.255971][T12613]  ? __pfx_panic+0x10/0x10
[  645.260415][T12613]  __warn+0x334/0x4c0
[  645.264410][T12613]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[  645.270145][T12613]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[  645.275860][T12613]  report_bug+0x2be/0x4f0
[  645.280282][T12613]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[  645.286041][T12613]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[  645.291767][T12613]  ? drv_unassign_vif_chanctx+0x50d/0x7e0
[  645.297491][T12613]  handle_bug+0x84/0x160
[  645.301741][T12613]  exc_invalid_op+0x1a/0x50
[  645.306247][T12613]  asm_exc_invalid_op+0x1a/0x20
[  645.311108][T12613] RIP: 0010:drv_unassign_vif_chanctx+0x50b/0x7e0
[  645.317444][T12613] Code: 8d 8d b8 09 00 00 48 85 c0 48 0f 44 f1 43 0f b6 04 3e 84 c0 0f 85 6b 02 00 00 8b 55 00 48 c7 c7 40 66 d0 8c e8 76 68 91 f6 90 <0f> 0b 90 90 e9 ee fc ff ff e8 57 fa cd f6 90 0f 0b 90 42 80 7c 3d
[  645.337069][T12613] RSP: 0018:ffffc9000b1578f0 EFLAGS: 00010246
[  645.343147][T12613] RAX: 981ffb322a72ca00 RBX: 0000000000000000 RCX: 0000000000080000
[  645.351120][T12613] RDX: ffffc9000cc74000 RSI: 0000000000006ec7 RDI: 0000000000006ec8
[  645.359088][T12613] RBP: ffff888054091728 R08: 0000000000000003 R09: 0000000000000004
[  645.367056][T12613] R10: dffffc0000000000 R11: fffffbfff1c3a668 R12: ffff8880540929d8
[  645.375029][T12613] R13: ffff888054090d80 R14: 1ffff1100a8122e5 R15: dffffc0000000000
[  645.383017][T12613]  ieee80211_assign_link_chanctx+0x1ec/0xd70
[  645.389009][T12613]  __ieee80211_link_release_channel+0x33b/0x4a0
[  645.395258][T12613]  ieee80211_if_change_type+0x14c/0x990
[  645.400815][T12613]  ieee80211_change_iface+0xd5/0x510
[  645.406109][T12613]  cfg80211_change_iface+0x795/0xef0
[  645.411413][T12613]  cfg80211_wext_siwmode+0x1db/0x2b0
[  645.416708][T12613]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[  645.422529][T12613]  ? full_name_hash+0x92/0xe0
[  645.427224][T12613]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[  645.433045][T12613]  ioctl_standard_call+0xcb/0x1b0
[  645.438096][T12613]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[  645.443918][T12613]  wext_ioctl_dispatch+0xee/0x410
[  645.448942][T12613]  ? __pfx_ioctl_standard_call+0x10/0x10
[  645.454576][T12613]  wext_handle_ioctl+0x100/0x1c0
[  645.459520][T12613]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  645.464997][T12613]  sock_ioctl+0x15f/0x790
[  645.469333][T12613]  ? __pfx_sock_ioctl+0x10/0x10
[  645.474183][T12613]  ? __fget_files+0x3a0/0x420
[  645.478852][T12613]  ? __fget_files+0x2a/0x420
[  645.483442][T12613]  ? bpf_lsm_file_ioctl+0x9/0x20
[  645.488381][T12613]  ? __pfx_sock_ioctl+0x10/0x10
[  645.493233][T12613]  __se_sys_ioctl+0xfc/0x170
[  645.497829][T12613]  do_syscall_64+0xfa/0xfa0
[  645.502341][T12613]  ? lockdep_hardirqs_on+0x9c/0x150
[  645.507556][T12613]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.513623][T12613]  ? clear_bhb_loop+0x60/0xb0
[  645.518300][T12613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.524196][T12613] RIP: 0033:0x7fc53578eba9
[  645.528625][T12613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  645.548243][T12613] RSP: 002b:00007fc53666a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  645.556661][T12613] RAX: ffffffffffffffda RBX: 00007fc5359d5fa0 RCX: 00007fc53578eba9
[  645.564638][T12613] RDX: 0000200000000080 RSI: 0000000000008b06 RDI: 0000000000000003
[  645.572604][T12613] RBP: 00007fc535811e19 R08: 0000000000000000 R09: 0000000000000000
[  645.580571][T12613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  645.588540][T12613] R13: 00007fc5359d6038 R14: 00007fc5359d5fa0 R15: 00007ffea831ce78
[  645.596529][T12613]  </TASK>
[  645.599882][T12613] Kernel Offset: disabled
[  645.604208][T12613] Rebooting in 86400 seconds..