last executing test programs:

2m22.096503723s ago: executing program 0 (id=287):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000b80)=ANY=[@ANYBLOB="e8000000100001002dbd7000fddbdf257874732874776f6669736829"], 0xe8}, 0x1, 0x0, 0x0, 0x44}, 0x80)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000000)=0x2)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000560001000000", @ANYRES32, @ANYBLOB=' '], 0x38}}, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(r1, 0x8934, &(0x7f0000000040)={'erspan0\x00', 0x10})
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000000000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc00000000000000000000000000000003000000000000000100000000000000020000000000000000000000000000000000001000000000010000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a0002fe340000000000000014"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x70bd2a, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1b}, @in=@multicast1, 0x3, 0x0, 0x4e22, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x5a, 0xb400, 0x2, 0xfeffff7f00000001, 0x0, 0x60000}, {0x0, 0x1ffffc, 0x7, 0xfffffffffffffffd}, {0x40000, 0x0, 0xdd18}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000100)=0x10001)

2m19.926200583s ago: executing program 0 (id=295):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000f2303920422c021240850102030109022400010000100009040c0202c17f0c00090502020002020000090582020002"], 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000600)={0x34, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x40, 0xa0, 0x4, 0x5}, 0x0})

2m16.431102321s ago: executing program 0 (id=308):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x2, 0x0, 0xfffffffffffffffb, 0x4})

2m16.310710274s ago: executing program 0 (id=311):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x2c, &(0x7f0000000700)=ANY=[], 0x0, 0x0, 0x0, 0x0})
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000300)='cdg', 0x3)
sendmmsg$inet(r0, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000880)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d7e918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac708818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540e5", 0x6e}], 0x1}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)="e6", 0x1}], 0x1}}], 0x2, 0x2090)
sendto$inet(r0, &(0x7f00000000c0)="f43945ca864918caf5375823337eb7c72fc5b6b5161a2c0ca175ff29e6e88a7cc3f70000000000", 0xffffffffffffff73, 0x340080d1, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000000240)={0x14, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
getrlimit(0xc, 0x0)
shutdown(0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x48)
write$cgroup_subtree(r1, &(0x7f0000000280)={[{0x2d, 'perf_event'}, {0x2b, 'pids'}, {0x2b, 'perf_event'}]}, 0x1e)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
clock_nanosleep(0x2, 0x1, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61123000000000006113340000000000bf1000000000000015000200091bf3ff3d030100000000008701000000000000bc26000000000000bf67000000000000560300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c785fb77dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25f40c87bf25b750bbaa"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
setsockopt$inet_group_source_req(r2, 0x0, 0x2e, &(0x7f0000000100)={0x4, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108)
fanotify_init(0x50, 0x80000)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0x0, 0x7fff8000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

2m14.210670943s ago: executing program 0 (id=315):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000480)}], 0x1}}], 0x1, 0x20000044)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc)

2m12.87013639s ago: executing program 0 (id=323):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x0, &(0x7f0000000180)=[0x6bd1a311, 0xec66, 0xff, 0x8, 0x98bd, 0x80000000000000c, 0x400009, 0x4, 0x401, 0x466c, 0x89004, 0x2, 0x4e, 0x400009, 0x2, 0x49, 0x100000000003, 0x5, 0x400000000002, 0x7fffffff, 0x8, 0x7, 0xc1, 0x8, 0xfffffffffffff000, 0xffffffffffffffff, 0x6, 0x7f, 0x96, 0xffffffff, 0xff, 0xfffffffffffffffc, 0x4, 0x4, 0x2, 0x3, 0x4000009, 0x8892, 0x1, 0x43dd1007, 0x46, 0x2001, 0xfffffffffffffff8, 0xa3de, 0x2cc0000000000000, 0x8, 0x5, 0x400, 0x6, 0xffffffffffffffb7, 0xfffffffffffffffa, 0x2, 0xe, 0xfffffffffffff068, 0x4, 0xe7, 0x6, 0x2, 0xd, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0x9, 0xd, 0x3, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x18, 0xcdc, 0x100004000000007, 0x2, 0x3, 0x2, 0x10000, 0x9, 0x6, 0x4, 0x1, 0x81, 0x100, 0x4, 0x0, 0xffffffffffffff81, 0xb, 0xff, 0x6, 0x28000000, 0x80000005, 0x8061d, 0x8, 0x7, 0xf6, 0x4, 0x5, 0x204, 0x7, 0xe53e, 0x4, 0x8, 0x2293332d, 0x6, 0x5, 0x7, 0xd, 0x2, 0x4, 0xfffffffffffffffb, 0x80000001, 0x7, 0xdfd4, 0xfff9, 0x20000000000013, 0x2, 0x8, 0x1, 0x6, 0x200eb4, 0x3, 0x1, 0xb68e, 0x1, 0x8, 0x1000003]})

1m57.589178565s ago: executing program 32 (id=323):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x0, &(0x7f0000000180)=[0x6bd1a311, 0xec66, 0xff, 0x8, 0x98bd, 0x80000000000000c, 0x400009, 0x4, 0x401, 0x466c, 0x89004, 0x2, 0x4e, 0x400009, 0x2, 0x49, 0x100000000003, 0x5, 0x400000000002, 0x7fffffff, 0x8, 0x7, 0xc1, 0x8, 0xfffffffffffff000, 0xffffffffffffffff, 0x6, 0x7f, 0x96, 0xffffffff, 0xff, 0xfffffffffffffffc, 0x4, 0x4, 0x2, 0x3, 0x4000009, 0x8892, 0x1, 0x43dd1007, 0x46, 0x2001, 0xfffffffffffffff8, 0xa3de, 0x2cc0000000000000, 0x8, 0x5, 0x400, 0x6, 0xffffffffffffffb7, 0xfffffffffffffffa, 0x2, 0xe, 0xfffffffffffff068, 0x4, 0xe7, 0x6, 0x2, 0xd, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0x9, 0xd, 0x3, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x18, 0xcdc, 0x100004000000007, 0x2, 0x3, 0x2, 0x10000, 0x9, 0x6, 0x4, 0x1, 0x81, 0x100, 0x4, 0x0, 0xffffffffffffff81, 0xb, 0xff, 0x6, 0x28000000, 0x80000005, 0x8061d, 0x8, 0x7, 0xf6, 0x4, 0x5, 0x204, 0x7, 0xe53e, 0x4, 0x8, 0x2293332d, 0x6, 0x5, 0x7, 0xd, 0x2, 0x4, 0xfffffffffffffffb, 0x80000001, 0x7, 0xdfd4, 0xfff9, 0x20000000000013, 0x2, 0x8, 0x1, 0x6, 0x200eb4, 0x3, 0x1, 0xb68e, 0x1, 0x8, 0x1000003]})

14.52677528s ago: executing program 1 (id=689):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x2042, 0x19d)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r6 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r6, 0x105, 0x10000839, r5, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
listen(0xffffffffffffffff, 0x6)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
close(r1)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
write$6lowpan_enable(r0, &(0x7f0000000f40)='0', 0x1)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)

13.104234969s ago: executing program 1 (id=693):
landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a"], 0x130}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="08001efbb07d58", 0x7}, {0x0}], 0x2, 0x0, 0x0, 0x60000000}, 0x4)
r5 = syz_create_resource$binfmt(&(0x7f00000001c0)='./file0\x00')
r6 = openat$binfmt(0xffffffffffffff9c, r5, 0x42, 0x1ff)
close(r6)
execveat$binfmt(0xffffffffffffff9c, r5, 0x0, 0x0, 0x0)
r7 = openat$binfmt(0xffffffffffffff9c, r5, 0x2, 0x0)
close(r7)
execveat$binfmt(0xffffffffffffff9c, r5, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, r5, 0x0, &(0x7f0000000680)={[&(0x7f0000000580)='errors=continue']}, 0x0)

11.655276839s ago: executing program 2 (id=704):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000f2303920422c021240850102030109022400010000100009040c0202c17f0c00090502020002020000090582020002"], 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000280)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="2013040000002c"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000340)={0x0, 0x30, 0x1, 'D'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac3(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000600)={0x34, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x40, 0xa0, 0x4, 0x5}, 0x0})

8.962503593s ago: executing program 1 (id=710):
syz_usb_connect(0x2, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000b3838108480b0310547b01020301090212000100000000090401"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f00000001c0), 0x78b5, 0x80)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f0000000000)=[{0xfffb, 0x1811, 0x19, 0x0}], 0x1})

7.833181064s ago: executing program 3 (id=713):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=""/79, 0x9000})
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000380)="82f294054d05973abfac6a", 0xb}, {&(0x7f0000000480)}], 0x2}}], 0x1, 0x20000044)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
kexec_load(0x0, 0x1, &(0x7f0000000b80)=[{&(0x7f00000004c0)=')', 0x1, 0x0, 0x1000}], 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffc4, &(0x7f0000000180)={&(0x7f0000000380)={0x38, 0x40, 0x1, 0x7fffc, 0x4, {0x1}, [@nested={0x8, 0xcb, 0x0, 0x1, [@nested={0x4, 0x8}]}, @nested={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x10, 0x0, 0x1, [@nested={0x4, 0xf}, @nested={0x4, 0xaa}]}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64}]}, 0x38}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan1\x00'})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffedc, &(0x7f0000000080)=[{&(0x7f00000000c0)="c018030040000b12d25a80648c2594f90224fc60100c074002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc)

6.982743158s ago: executing program 2 (id=715):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, &(0x7f0000000100)={0xfffffffffffffff7, 0xffffffffffffffff, 0x2, 0x9, 0x4, 0x7fff, "16b0bc450cfc47961ed5d8167d4f7865", 0x8, 0x53, 0x1, 0x49, 0x9, 0x9, 0xd})
msgsnd(0x0, 0x0, 0x8, 0x800)
msgrcv(0x0, 0x0, 0x1d, 0x2, 0x1800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@empty, 0x0, 0x32}, 0x0, @in=@local, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e, 0xffffffff}}, 0xe8)
r4 = dup3(r1, r0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x5f, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)

6.944750479s ago: executing program 4 (id=716):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, &(0x7f0000000100)={0xfffffffffffffff7, 0xffffffffffffffff, 0x2, 0x9, 0x4, 0x7fff, "16b0bc450cfc47961ed5d8167d4f7865", 0x8, 0x53, 0x1, 0x49, 0x9, 0x9, 0xd})
msgsnd(0x0, 0x0, 0x8, 0x800)
msgrcv(0x0, 0x0, 0x1d, 0x2, 0x1800)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@empty, 0x0, 0x32}, 0x0, @in=@local, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e, 0xffffffff}}, 0xe8)
r4 = dup3(r1, r0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x5f, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)

6.865363031s ago: executing program 5 (id=717):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r2, &(0x7f00000007c0)}, 0x20)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x20, 0x17, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$XFS_IOC_FSCOUNTS(r4, 0x80205871, &(0x7f0000000080))
sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv4_newrule={0x30, 0x20, 0xf4db158ec847dc81, 0x70bd2a, 0x3, {0x2, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4, 0x1b}, [@FRA_GENERIC_POLICY=@FRA_OIFNAME={0x14, 0x11, 'veth0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0x44004)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x20, 0x39, 0x1, 0x7fffa, 0x4, {0x1}, [@typed={0xc, 0xec, 0x0, 0x0, @u64=0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x400c801}, 0x40280d4)
syz_emit_ethernet(0x4e, &(0x7f00000007c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @private=0xa010100, {[@timestamp_addr={0x44, 0x14, 0x5, 0x3, 0x0, [{@broadcast}, {@remote}]}, @lsrr={0x83, 0x3}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="340000001c000100040000000000000007000000", @ANYRES32, @ANYBLOB="8000f2040a000200aaaaaaaaaa36000004000e8008000f0002"], 0x34}, 0x1, 0x1000000, 0x0, 0x2c048040}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000540)={'syztnl1\x00', &(0x7f0000000440)={'syztnl1\x00', <r7=>0x0, 0x80, 0x700, 0x5, 0x2, {{0x30, 0x4, 0x3, 0x5, 0xc0, 0x68, 0x0, 0x6, 0x2f, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0xe}, {[@timestamp_addr={0x44, 0x44, 0x64, 0x1, 0x3, [{@local, 0x5}, {@private=0xa010100, 0x101}, {@dev={0xac, 0x14, 0x14, 0x22}, 0x9}, {@remote, 0x6}, {@rand_addr=0x64010101, 0x2}, {@rand_addr=0x64010102, 0xfffffffc}, {@multicast2, 0x3}, {@multicast1, 0x9}]}, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x2c, 0x4f, 0x3, 0x2, [{@private=0xa010100, 0xff}, {@multicast1, 0x5}, {@multicast1, 0x2}, {@local, 0xfffffffc}, {@rand_addr=0x64010102, 0xc}]}, @lsrr={0x83, 0x17, 0x10, [@remote, @private=0xa010101, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @private=0xa010101]}, @timestamp={0x44, 0x18, 0xa8, 0x0, 0x6, [0x4, 0x9, 0x2, 0x2, 0x8]}, @lsrr={0x83, 0x7, 0xba, [@empty]}]}}}}})
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@bridge_dellink={0x54, 0x11, 0x8, 0x70bd2b, 0x25dfdbff, {0x7, 0x0, 0x0, r7, 0x800}, [@IFLA_WEIGHT={0x8, 0xf, 0x1}, @IFLA_WEIGHT={0x8, 0xf, 0x10001}, @IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x2, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0xff3a, 0x1, 0x1}, @IFLA_XFRM_LINK={0x8}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x40008c0)

6.762853314s ago: executing program 3 (id=718):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="200000005f0001"], 0x20}], 0x1}, 0x80c0)

5.120099629s ago: executing program 5 (id=719):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000200)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fedbdf25030000005800018044000400200001000a000000000000040000000000000000000000000000000104800000200002000a0000000000000000000000000000000000000000000000010000000d0001007564703a73"], 0x6c}}, 0x0)

5.09527815s ago: executing program 3 (id=720):
landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a"], 0x130}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="08001efbb07d58", 0x7}, {0x0}], 0x2, 0x0, 0x0, 0x60000000}, 0x4)
r5 = syz_create_resource$binfmt(&(0x7f00000001c0)='./file0\x00')
r6 = openat$binfmt(0xffffffffffffff9c, r5, 0x42, 0x1ff)
close(r6)
execveat$binfmt(0xffffffffffffff9c, r5, 0x0, 0x0, 0x0)
r7 = openat$binfmt(0xffffffffffffff9c, r5, 0x2, 0x0)
close(r7)
execveat$binfmt(0xffffffffffffff9c, r5, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, r5, 0x0, &(0x7f0000000680)={[&(0x7f0000000580)='errors=continue']}, 0x0)

4.694674971s ago: executing program 1 (id=721):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)

4.086782518s ago: executing program 1 (id=722):
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB="010000000500000001"], 0x50)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, 0x0, 0x0, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

3.889533483s ago: executing program 2 (id=723):
shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f00000001c0), 0x3, 0x40483)
ioctl$VIDIOC_DQEVENT(r1, 0x80885659, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)

3.841028234s ago: executing program 4 (id=724):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000080)=0x6d)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r4, 0x1, 0x70bd28, 0x25dfdbfb, {{}, {}, {0xc, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0xc090}, 0x84)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x4814)

3.812765735s ago: executing program 5 (id=725):
r0 = socket$igmp(0x2, 0x3, 0x2)
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000002080)={0x8, 0xc, 0x3, 0x5, @vifc_lcl_addr=@multicast1, @private=0xa010101}, 0x10)

3.134782874s ago: executing program 5 (id=726):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r0 = userfaultfd(0x1)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x91c6b000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
syz_open_procfs(0x0, &(0x7f0000001040)='net/nf_conntrack_expect\x00')
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)

3.009863837s ago: executing program 1 (id=727):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x6, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket(0x15, 0x5, 0x0)
getsockopt(r4, 0x200000000114, 0x2710, 0x0, 0x0)
mount$cgroup(0x0, 0x0, 0x0, 0x2010042, 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000440)={0x6, 0x20000006, 0x0, 0x0, 0xd})
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4)

2.789665143s ago: executing program 5 (id=728):
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x8, 0x32, 0xffffffffffffffff, 0xf8f6b000)
dup(0xffffffffffffffff)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f00000002c0)=0x803, 0x4)
syz_emit_ethernet(0x8a, &(0x7f0000000200)={@link_local, @random="20750800fd04", @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@noop]}}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x3, 0x0, "fff522a45d565fd1bef2bde4487648f5ba27bb06638c1000e5b10dd8e92bda7c", "146a317637af5c94b1e2cab23b8908c4", {"1440048630554f6e84da74a7f80e383e", "2585ff3e812ec53f2f0d7d41bea87c5c"}}}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0)

2.578708859s ago: executing program 2 (id=729):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r1, &(0x7f00000007c0)}, 0x20)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x20, 0x17, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$XFS_IOC_FSCOUNTS(r3, 0x80205871, &(0x7f0000000080))
sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv4_newrule={0x30, 0x20, 0xf4db158ec847dc81, 0x70bd2a, 0x3, {0x2, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4, 0x1b}, [@FRA_GENERIC_POLICY=@FRA_OIFNAME={0x14, 0x11, 'veth0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0x44004)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x20, 0x39, 0x1, 0x7fffa, 0x4, {0x1}, [@typed={0xc, 0xec, 0x0, 0x0, @u64=0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x400c801}, 0x40280d4)
syz_emit_ethernet(0x4e, &(0x7f00000007c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @private=0xa010100, {[@timestamp_addr={0x44, 0x14, 0x5, 0x3, 0x0, [{@broadcast}, {@remote}]}, @lsrr={0x83, 0x3}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="340000001c000100040000000000000007000000", @ANYRES32, @ANYBLOB="8000f2040a000200aaaaaaaaaa36000004000e8008000f0002"], 0x34}, 0x1, 0x1000000, 0x0, 0x2c048040}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000540)={'syztnl1\x00', &(0x7f0000000440)={'syztnl1\x00', <r6=>0x0, 0x80, 0x700, 0x5, 0x2, {{0x30, 0x4, 0x3, 0x5, 0xc0, 0x68, 0x0, 0x6, 0x2f, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0xe}, {[@timestamp_addr={0x44, 0x44, 0x64, 0x1, 0x3, [{@local, 0x5}, {@private=0xa010100, 0x101}, {@dev={0xac, 0x14, 0x14, 0x22}, 0x9}, {@remote, 0x6}, {@rand_addr=0x64010101, 0x2}, {@rand_addr=0x64010102, 0xfffffffc}, {@multicast2, 0x3}, {@multicast1, 0x9}]}, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x2c, 0x4f, 0x3, 0x2, [{@private=0xa010100, 0xff}, {@multicast1, 0x5}, {@multicast1, 0x2}, {@local, 0xfffffffc}, {@rand_addr=0x64010102, 0xc}]}, @lsrr={0x83, 0x17, 0x10, [@remote, @private=0xa010101, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @private=0xa010101]}, @timestamp={0x44, 0x18, 0xa8, 0x0, 0x6, [0x4, 0x9, 0x2, 0x2, 0x8]}, @lsrr={0x83, 0x7, 0xba, [@empty]}]}}}}})
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@bridge_dellink={0x54, 0x11, 0x8, 0x70bd2b, 0x25dfdbff, {0x7, 0x0, 0x0, r6, 0x800}, [@IFLA_WEIGHT={0x8, 0xf, 0x1}, @IFLA_WEIGHT={0x8, 0xf, 0x10001}, @IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x2, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0xff3a, 0x1, 0x1}, @IFLA_XFRM_LINK={0x8}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x40008c0)

2.578478749s ago: executing program 5 (id=730):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000080), 0x8000, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x7, &(0x7f00000004c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1", 0x83}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b29", 0xce}, {0x0}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b210a0325f7c289d1a2552d7a3f2176a47e95bc46471fae9167768d58f22ff10ba3cc2050b1ee838ce9e4ac5a1544fec3e291272cfaaa4817539972fb8bb2ede331312f556ecea24236", 0x9a}, {&(0x7f00000000c0)}], 0x5}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, 0x0}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x0, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

2.462975752s ago: executing program 2 (id=731):
syz_open_dev$I2C(&(0x7f0000003400), 0xfffffffffffffffa, 0x4000)

2.357271645s ago: executing program 2 (id=732):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)

2.342815086s ago: executing program 3 (id=733):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, &(0x7f0000000100)={0xfffffffffffffff7, 0xffffffffffffffff, 0x2, 0x9, 0x4, 0x7fff, "16b0bc450cfc47961ed5d8167d4f7865", 0x8, 0x53, 0x1, 0x49, 0x9, 0x9, 0xd})
msgsnd(0x0, 0x0, 0x8, 0x800)
msgrcv(0x0, 0x0, 0x1d, 0x2, 0x1800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@empty, 0x0, 0x32}, 0x0, @in=@local, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e, 0xffffffff}}, 0xe8)
r4 = dup3(r1, r0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x5f, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)

2.310765597s ago: executing program 4 (id=734):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, &(0x7f0000000100)={0xfffffffffffffff7, 0xffffffffffffffff, 0x2, 0x9, 0x4, 0x7fff, "16b0bc450cfc47961ed5d8167d4f7865", 0x8, 0x53, 0x1, 0x49, 0x9, 0x9, 0xd})
msgsnd(0x0, 0x0, 0x8, 0x800)
msgrcv(0x0, 0x0, 0x1d, 0x2, 0x1800)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@empty, 0x0, 0x32}, 0x0, @in=@local, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e, 0xffffffff}}, 0xe8)
r4 = dup3(r1, r0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x5f, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)

343.054431ms ago: executing program 3 (id=735):
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x2)
fchdir(r2)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
memfd_create(0x0, 0x1)
getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x36, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4)

268.214953ms ago: executing program 4 (id=736):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000050000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

218.446084ms ago: executing program 3 (id=737):
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB="010000000500000001"], 0x50)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, 0x0, 0x0, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

86.851108ms ago: executing program 4 (id=738):
r0 = socket$unix(0x1, 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x4808, 0x4)

0s ago: executing program 4 (id=739):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)=0x15)
write$binfmt_misc(r0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

: veth1_virt_wifi: link becomes ready
[   70.445603][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   70.460334][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   70.470622][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   70.479331][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.513725][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   70.522911][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   70.535090][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   70.543477][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   70.551599][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   70.561962][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.581556][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   70.591801][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   70.602034][ T4190] device veth0_vlan entered promiscuous mode
[   70.619215][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   70.628435][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   70.636763][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   70.646839][ T4204] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.659064][ T4192] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.668540][ T4196] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.679097][ T4190] device veth1_vlan entered promiscuous mode
[   70.700977][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   70.715203][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   70.750903][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   70.770080][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   70.790703][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   70.836472][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   70.852913][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   70.871277][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   70.890249][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   70.910364][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.926121][ T4191] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.968196][ T4190] device veth0_macvtap entered promiscuous mode
[   70.990442][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   71.002662][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   71.012254][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   71.022114][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   71.041987][ T4192] device veth0_vlan entered promiscuous mode
[   71.053587][ T4190] device veth1_macvtap entered promiscuous mode
[   71.064081][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   71.074974][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   71.085430][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   71.095283][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   71.105585][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   71.114098][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   71.127439][ T4204] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.139349][ T4192] device veth1_vlan entered promiscuous mode
[   71.163012][ T4196] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.174040][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   71.186440][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   71.196367][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   71.274594][ T4190] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.287595][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[   71.294828][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[   71.314371][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   71.325235][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   71.339367][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   71.350855][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   71.365625][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   71.377969][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   71.387349][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   71.414989][ T4190] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.432877][ T4192] device veth0_macvtap entered promiscuous mode
[   71.446219][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   71.455898][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   71.464997][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   71.473807][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   71.483011][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   71.495716][ T4204] device veth0_vlan entered promiscuous mode
[   71.512038][ T4190] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.524683][ T4190] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.536188][ T4190] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.545967][ T4190] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.560446][ T4192] device veth1_macvtap entered promiscuous mode
[   71.567944][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   71.577260][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   71.585821][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   71.596115][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   71.605224][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   71.621053][ T4191] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.675935][ T4204] device veth1_vlan entered promiscuous mode
[   71.714472][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   71.732924][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.756944][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.787225][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   71.798375][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.810667][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.845839][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   71.855070][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   71.865571][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   71.879242][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   71.888997][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   71.898622][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   71.920450][ T4192] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.929213][ T4192] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.943652][ T4192] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.953359][ T4192] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.983143][ T4191] device veth0_vlan entered promiscuous mode
[   71.997243][ T4204] device veth0_macvtap entered promiscuous mode
[   72.020578][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   72.029096][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   72.037909][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   72.047071][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   72.056278][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   72.066512][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   72.075619][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   72.086823][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   72.095486][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   72.125761][ T4191] device veth1_vlan entered promiscuous mode
[   72.128110][  T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.144358][  T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.178161][ T4204] device veth1_macvtap entered promiscuous mode
[   72.188616][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   72.197648][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   72.206898][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   72.242678][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.264173][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.277859][ T4196] device veth0_vlan entered promiscuous mode
[   72.295711][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   72.306433][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   72.314620][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   72.323257][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   72.330713][ T4274] Bluetooth: hci3: command 0x040f tx timeout
[   72.337498][ T4274] Bluetooth: hci0: command 0x040f tx timeout
[   72.339573][ T4204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.357336][ T4274] Bluetooth: hci2: command 0x040f tx timeout
[   72.363973][ T4274] Bluetooth: hci1: command 0x040f tx timeout
[   72.369993][ T4204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.370009][ T4204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.370026][ T4204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.381597][ T4204] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.413668][ T4179] Bluetooth: hci4: command 0x040f tx timeout
[   72.423791][ T4204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.434905][ T4204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.445065][ T4204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.456771][ T4204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.468786][ T4204] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.493017][ T4196] device veth1_vlan entered promiscuous mode
[   72.501934][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   72.510011][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   72.518982][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   72.528416][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   72.538432][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   72.548138][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   72.558050][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   72.574034][ T4204] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.583043][ T4204] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.592769][ T4204] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.601826][ T4204] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.645348][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   72.700262][  T158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.708146][  T158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.722703][ T4191] device veth0_macvtap entered promiscuous mode
[   72.742103][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   72.756177][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   72.769297][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   72.784648][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   72.945126][  T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.953863][  T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.968456][ T4196] device veth0_macvtap entered promiscuous mode
[   72.978751][ T4191] device veth1_macvtap entered promiscuous mode
[   73.485049][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.512398][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   73.627153][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   73.634717][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.643572][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   73.656303][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   73.667183][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   73.677767][  T158] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   73.701768][ T4196] device veth1_macvtap entered promiscuous mode
[   73.727902][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.738621][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.754867][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.767936][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.784561][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.799972][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.811421][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.861358][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.879082][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.896388][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.907603][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.923331][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.936689][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.951345][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.966423][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.981791][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.004320][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   74.034069][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   74.062187][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   74.076565][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   74.111952][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   74.122635][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.132817][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   74.143452][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.153558][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   74.164515][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.225322][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.412483][ T3522] Bluetooth: hci2: command 0x0419 tx timeout
[   74.478144][ T3522] Bluetooth: hci0: command 0x0419 tx timeout
[   74.548880][ T1279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.571863][ T3522] Bluetooth: hci3: command 0x0419 tx timeout
[   74.601008][ T1279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.728278][ T3522] Bluetooth: hci4: command 0x0419 tx timeout
[   74.758780][ T3522] Bluetooth: hci1: command 0x0419 tx timeout
[   74.894620][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   74.930296][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   74.939625][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   74.987095][ T4196] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.998325][ T4196] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.014183][ T4196] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.024729][ T4196] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.068550][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   75.085744][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.115428][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   75.143064][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.153043][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   75.163973][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.174843][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   75.185379][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.197164][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.217586][ T4191] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.244937][ T4191] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.261331][ T4191] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.275835][ T4191] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.290103][ T4285] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   75.304463][ T4285] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   75.501266][ T4285] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.529534][ T4285] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.573609][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   75.591756][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.610139][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.641319][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   75.660691][ T1253] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.677532][ T1253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.697337][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   75.713532][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.790840][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.820948][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   77.191193][ T4322] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11'.
[   77.211528][ T4325] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11'.
[   78.440893][ T4339] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17'.
[   78.578582][ T4343] Zero length message leads to an empty skb
[   78.701559][ T4344] netlink: 56 bytes leftover after parsing attributes in process `syz.2.17'.
[   78.703107][    T7] hid-generic 0005:16C0:5505.0001: hidraw0: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa
[   79.476979][ T4347] fido_id[4347]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[   80.275145][ T4322] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.283912][ T4322] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.480161][ T4279] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   82.624542][ T4322] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.678087][ T4322] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.729939][ T4279] usb 1-1: Using ep0 maxpacket: 16
[   82.890060][ T4279] usb 1-1: config 1 has an invalid interface number: 105 but max is 0
[   82.899154][ T4279] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   82.910546][ T4279] usb 1-1: config 1 has no interface number 0
[   82.916689][ T4279] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[   82.926990][ T4279] usb 1-1: config 1 interface 105 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   82.940507][ T4279] usb 1-1: config 1 interface 105 has no altsetting 0
[   83.110228][ T4279] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[   83.119343][ T4279] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[   83.128704][ T4279] usb 1-1: Product: syz
[   83.133191][ T4279] usb 1-1: Manufacturer: syz
[   83.138001][ T4279] usb 1-1: SerialNumber: syz
[   83.180768][ T4373] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   83.282759][ T4322] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   83.291829][ T4322] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   83.301592][ T4322] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   83.311334][ T4322] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   83.431411][ T4279] aqc111: probe of 1-1:1.105 failed with error -22
[   83.487351][ T4322] syz.3.11 (4322) used greatest stack depth: 21104 bytes left
[   83.638128][ T4245] usb 1-1: USB disconnect, device number 2
[   84.399760][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   84.419746][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   84.429742][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   84.439740][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   84.449744][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   84.459749][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   84.469742][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   84.479743][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   84.489745][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   85.020305][ T4397] netlink: 8 bytes leftover after parsing attributes in process `syz.2.31'.
[   85.149736][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #102!!!
[   85.487654][ T4375] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   85.821776][ T4413] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   85.963270][ T4415] netlink: 4 bytes leftover after parsing attributes in process `syz.0.38'.
[   86.107767][ T4415] netlink: 56 bytes leftover after parsing attributes in process `syz.0.38'.
[   86.124752][ T4238] hid-generic 0005:16C0:5505.0002: hidraw0: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa
[   86.303326][ T4423] fido_id[4423]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[   86.384156][ T4430] netlink: 4 bytes leftover after parsing attributes in process `syz.0.39'.
[   86.399915][ T4430] netlink: 12 bytes leftover after parsing attributes in process `syz.0.39'.
[   86.655338][   T23] cfg80211: failed to load regulatory.db
[   90.404936][ T4465] netlink: 4 bytes leftover after parsing attributes in process `syz.2.49'.
[   90.593318][ T4472] netlink: 56 bytes leftover after parsing attributes in process `syz.2.49'.
[   90.757188][ T4430] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.764623][ T4430] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.439906][ T4478] netlink: 20 bytes leftover after parsing attributes in process `syz.3.52'.
[   93.100421][ T4455] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   95.869952][ T4430] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   96.012305][ T4430] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   98.069447][ T4430] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   98.078558][ T4430] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   98.088081][ T4430] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   98.097045][ T4430] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   98.371122][ T4430] syz.0.39 (4430) used greatest stack depth: 20984 bytes left
[  100.568409][ T4577] netlink: 4 bytes leftover after parsing attributes in process `syz.3.82'.
[  100.636579][ T4583] x_tables: duplicate underflow at hook 1
[  100.844556][ T4534] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  100.946463][ T4577] netlink: 56 bytes leftover after parsing attributes in process `syz.3.82'.
[  100.974600][   T23] hid-generic 0005:16C0:5505.0003: hidraw0: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa
[  101.152549][ T4590] fido_id[4590]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  101.740052][   T23] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[  102.190458][   T23] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[  102.235619][   T23] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  102.410488][   T23] usb 4-1: config 0 has no interface number 0
[  102.417932][   T23] usb 4-1: config 0 interface 41 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  102.472065][   T23] usb 4-1: config 0 interface 41 has no altsetting 0
[  102.876950][   T23] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  102.894290][   T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.903526][   T23] usb 4-1: Product: syz
[  102.907769][   T23] usb 4-1: Manufacturer: syz
[  102.912746][   T23] usb 4-1: SerialNumber: syz
[  102.921094][   T23] usb 4-1: config 0 descriptor??
[  102.971163][   T23] CoreChips: probe of 4-1:0.41 failed with error -22
[  103.481763][   T23] usb 4-1: USB disconnect, device number 2
[  103.638676][ T4618] netlink: 4 bytes leftover after parsing attributes in process `syz.1.91'.
[  104.389511][ T4647] x_tables: duplicate underflow at hook 1
[  104.760152][ T4235] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  105.340518][ T4235] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  105.399019][ T4235] usb 1-1: config 0 has no interface number 0
[  105.865874][ T4657] netlink: 8 bytes leftover after parsing attributes in process `syz.3.100'.
[  105.938809][ T4657] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  105.948258][ T4657] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  105.957763][ T4657] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  105.966658][ T4657] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  106.039785][ T4235] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  106.049199][ T4235] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.068916][ T4235] usb 1-1: config 0 descriptor??
[  106.112098][ T4235] usb 1-1: selecting invalid altsetting 1
[  106.118878][ T4235] dvb_ttusb_budget: ttusb_init_controller: error
[  106.156390][ T4235] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  106.244481][ T4235] DVB: Unable to find symbol cx22700_attach()
[  106.309846][ T4235] DVB: Unable to find symbol tda10046_attach()
[  106.334656][ T4235] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  106.422228][ T4639] block device autoloading is deprecated and will be removed.
[  106.436716][   T23] usb 1-1: USB disconnect, device number 3
[  106.794464][ T4626] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  107.219245][ T4690] x_tables: duplicate underflow at hook 1
[  107.279872][ T3522] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  108.169876][ T3522] usb 4-1: config 218 has too many interfaces: 244, using maximum allowed: 32
[  108.688379][ T4704] netlink: 8 bytes leftover after parsing attributes in process `syz.4.113'.
[  108.728863][ T3522] usb 4-1: config 218 has an invalid descriptor of length 0, skipping remainder of the config
[  108.739972][ T3522] usb 4-1: config 218 has 1 interface, different from the descriptor's value: 244
[  108.749398][ T3522] usb 4-1: config 218 has no interface number 0
[  108.756751][ T3522] usb 4-1: config 218 interface 95 altsetting 64 has an invalid endpoint with address 0xFF, skipping
[  108.768023][ T3522] usb 4-1: config 218 interface 95 altsetting 64 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  108.788413][ T4706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.115'.
[  108.799767][ T3522] usb 4-1: config 218 interface 95 has no altsetting 0
[  108.832502][ T4706] netlink: 'syz.2.115': attribute type 5 has an invalid length.
[  108.863742][ T4706] netlink: 12 bytes leftover after parsing attributes in process `syz.2.115'.
[  108.915853][ T4706] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  108.924761][ T4706] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  108.933657][ T4706] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  108.942530][ T4706] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  109.020218][ T3522] usb 4-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  109.029434][ T3522] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.049910][ T3522] usb 4-1: Product: syz
[  109.054148][ T3522] usb 4-1: Manufacturer: syz
[  109.058777][ T3522] usb 4-1: SerialNumber: syz
[  109.414949][ T4235] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  109.440706][ T3522] usb 4-1: USB disconnect, device number 3
[  109.790016][ T4235] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  109.798279][ T4235] usb 2-1: config 0 has no interface number 0
[  109.808508][ T4235] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  109.817701][ T4235] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.832675][ T4235] usb 2-1: config 0 descriptor??
[  109.880152][ T4235] usb 2-1: selecting invalid altsetting 1
[  109.886089][ T4235] dvb_ttusb_budget: ttusb_init_controller: error
[  109.899153][ T4235] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  109.949417][ T4235] DVB: Unable to find symbol cx22700_attach()
[  109.979073][ T4235] DVB: Unable to find symbol tda10046_attach()
[  109.991184][ T4235] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  110.042239][ T4736] x_tables: duplicate underflow at hook 1
[  110.226427][ T4235] usb 2-1: USB disconnect, device number 2
[  111.929924][ T4711] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  113.160352][ T4765] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  113.809206][ T4773] netlink: 4 bytes leftover after parsing attributes in process `syz.0.137'.
[  113.835322][ T4773] netlink: 28 bytes leftover after parsing attributes in process `syz.0.137'.
[  114.953785][ T4786] loop2: detected capacity change from 0 to 7
[  114.970870][ T4787] x_tables: duplicate underflow at hook 1
[  115.031171][ T4786] Dev loop2: unable to read RDB block 7
[  115.057526][ T4786]  loop2: AHDI p1 p2 p3
[  115.074771][ T4786] loop2: partition table partially beyond EOD, truncated
[  115.169891][ T4235] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  115.195545][ T4786] loop2: p1 start 1601398130 is beyond EOD, truncated
[  115.272616][ T4786] loop2: p2 start 1702059890 is beyond EOD, truncated
[  115.768157][ T4235] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  115.794378][ T4235] usb 1-1: config 0 has no interface number 0
[  115.821053][ T4235] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  115.861549][ T4235] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.897826][ T4235] usb 1-1: config 0 descriptor??
[  115.950561][ T3562] Dev loop2: unable to read RDB block 7
[  115.960042][ T3562]  loop2: AHDI p1 p2 p3
[  115.964268][ T3562] loop2: partition table partially beyond EOD, truncated
[  115.973943][ T4235] usb 1-1: selecting invalid altsetting 1
[  115.989908][ T4235] dvb_ttusb_budget: ttusb_init_controller: error
[  115.999132][ T4235] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  116.019615][ T3562] loop2: p1 start 1601398130 is beyond EOD, truncated
[  116.037105][ T3562] loop2: p2 start 1702059890 is beyond EOD, truncated
[  116.180408][ T4235] DVB: Unable to find symbol cx22700_attach()
[  116.245320][ T4235] DVB: Unable to find symbol tda10046_attach()
[  116.261959][ T4235] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  116.295624][ T4235] usb 1-1: USB disconnect, device number 4
[  118.798211][ T4835] netlink: 4 bytes leftover after parsing attributes in process `syz.2.157'.
[  118.811908][ T4835] netlink: 12 bytes leftover after parsing attributes in process `syz.2.157'.
[  119.104622][ T4791] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  119.719942][ T4297] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  120.094929][ T4862] binder: BINDER_SET_CONTEXT_MGR already set
[  120.101898][ T4862] binder: 4860:4862 ioctl 4018620d 200000004a80 returned -16
[  120.111811][ T4862] binder: 4860:4862 ioctl c0306201 2000000004c0 returned -14
[  120.140010][ T4297] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  120.148226][ T4297] usb 5-1: config 0 has no interface number 0
[  123.028037][ T4297] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  123.037351][ T4297] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.047899][ T4297] usb 5-1: config 0 descriptor??
[  123.080071][ T4297] usb 5-1: can't set config #0, error -71
[  123.088316][ T4297] usb 5-1: USB disconnect, device number 2
[  123.211771][ T4835] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.219907][ T4835] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.389873][ T1109] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  125.535626][ T4835] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  125.588906][ T4835] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.790023][ T1109] usb 5-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0xCE, skipping
[  125.960255][ T1109] usb 5-1: New USB device found, idVendor=2a39, idProduct=3fd4, bcdDevice= 0.40
[  125.975083][ T1109] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.983745][ T1109] usb 5-1: Product: syz
[  125.987967][ T1109] usb 5-1: Manufacturer: syz
[  125.998629][ T1109] usb 5-1: SerialNumber: syz
[  126.094527][ T4835] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  126.103529][ T4835] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  126.113567][ T4835] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  126.122627][ T4835] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  126.253643][ T4835] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  126.262759][ T4835] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  126.271893][ T4835] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  126.281023][ T4835] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  126.729780][ T4274] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  127.100374][ T4274] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  127.127514][ T4274] usb 3-1: config 0 has no interface number 0
[  127.192606][ T4274] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  127.349313][ T4274] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.645941][ T1109] usb 5-1: MIDIStreaming interface descriptor not found
[  127.703107][ T4274] usb 3-1: config 0 descriptor??
[  127.735349][ T1109] usb 5-1: USB disconnect, device number 3
[  127.742960][ T4274] usb 3-1: selecting invalid altsetting 1
[  127.749185][ T4274] dvb_ttusb_budget: ttusb_init_controller: error
[  127.759014][ T4274] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  127.800007][ T4274] DVB: Unable to find symbol cx22700_attach()
[  127.856753][ T4274] DVB: Unable to find symbol tda10046_attach()
[  127.863719][ T4274] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  127.966542][ T4274] usb 3-1: USB disconnect, device number 2
[  127.988214][ T4882] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  128.163568][ T4927] x_tables: duplicate underflow at hook 1
[  128.367899][ T4182] udevd[4182]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  131.170006][ T4239] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  131.550197][ T4239] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  131.571225][ T4239] usb 4-1: config 0 has no interface number 0
[  131.612259][ T4239] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  131.672311][ T4239] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.871881][ T4239] usb 4-1: config 0 descriptor??
[  131.911993][ T4239] usb 4-1: selecting invalid altsetting 1
[  131.917892][ T4239] dvb_ttusb_budget: ttusb_init_controller: error
[  132.082070][ T4239] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  132.735942][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  132.744392][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  134.219100][ T4239] DVB: Unable to find symbol cx22700_attach()
[  134.425684][ T4239] DVB: Unable to find symbol tda10046_attach()
[  134.439247][ T4239] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  134.465129][   T26] audit: type=1326 audit(1777630749.746:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5029 comm="syz.4.216" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5d1c82bdd9 code=0x0
[  134.520845][ T4239] usb 4-1: USB disconnect, device number 4
[  137.259791][   T23] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  138.629783][   T23] usb 5-1: Using ep0 maxpacket: 32
[  138.729713][    C0] sched: RT throttling activated
[  138.870990][   T23] usb 5-1: device descriptor read/all, error -71
[  139.729865][   T23] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  140.348954][ T5091] capability: warning: `syz.1.235' uses 32-bit capabilities (legacy support in use)
[  140.370184][   T23] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  140.378252][   T23] usb 5-1: config 0 has no interface number 0
[  140.405131][   T23] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  140.429287][ T5091] program syz.1.235 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  140.435103][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.479179][   T23] usb 5-1: config 0 descriptor??
[  140.531811][   T23] usb 5-1: selecting invalid altsetting 1
[  140.537706][   T23] dvb_ttusb_budget: ttusb_init_controller: error
[  140.561207][   T23] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  141.488197][   T23] DVB: Unable to find symbol cx22700_attach()
[  141.596022][   T23] DVB: Unable to find symbol tda10046_attach()
[  141.610339][   T23] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  141.620362][   T23] usb 5-1: USB disconnect, device number 5
[  143.329435][ T1109] usb 1-1: new low-speed USB device number 5 using dummy_hcd
[  144.339913][ T1109] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  144.349495][ T1109] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  144.438464][ T1109] usb 1-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  144.450127][ T1109] usb 1-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping
[  144.461808][ T1109] usb 1-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  144.475970][ T1109] usb 1-1: config 168 interface 0 has no altsetting 0
[  144.569872][ T1109] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  144.575959][ T5115] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  144.577339][ T1109] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  144.577397][ T1109] usb 1-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  144.609580][ T1109] usb 1-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping
[  144.620893][ T1109] usb 1-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  144.634789][ T1109] usb 1-1: config 168 interface 0 has no altsetting 0
[  144.879957][ T1109] usb 1-1: unable to read config index 2 descriptor/all
[  144.972678][ T1109] usb 1-1: can't read configurations, error -71
[  145.647286][ T5167] syz.0.255 uses obsolete (PF_INET,SOCK_PACKET)
[  146.604375][    T7] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  146.612124][ T4297] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  147.010554][    T7] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  147.010879][ T4297] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  147.027740][    T7] usb 4-1: config 0 has no interface number 0
[  147.038730][    T7] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  147.101232][    T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.114242][ T4297] usb 3-1: config 0 has no interface number 0
[  147.155085][ T4297] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  147.190765][    T7] usb 4-1: config 0 descriptor??
[  147.229646][ T4297] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.353039][    T7] usb 4-1: selecting invalid altsetting 1
[  147.387004][    T7] dvb_ttusb_budget: ttusb_init_controller: error
[  147.398344][ T4297] usb 3-1: config 0 descriptor??
[  147.454835][    T7] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  147.500901][ T4297] usb 3-1: selecting invalid altsetting 1
[  147.517432][ T4297] dvb_ttusb_budget: ttusb_init_controller: error
[  147.530927][ T4297] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  147.605547][    T7] DVB: Unable to find symbol cx22700_attach()
[  147.667278][    T7] DVB: Unable to find symbol tda10046_attach()
[  147.676910][    T7] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  147.689556][ T4297] DVB: Unable to find symbol cx22700_attach()
[  147.743398][    T7] usb 4-1: USB disconnect, device number 5
[  147.860662][ T4297] DVB: Unable to find symbol tda10046_attach()
[  147.881217][ T4297] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  147.892426][ T4297] usb 3-1: USB disconnect, device number 3
[  150.490665][ T5196] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  151.420190][ T1109] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  152.359886][ T1109] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  152.368360][ T1109] usb 5-1: config 0 has no interface number 0
[  153.795215][    T7] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  153.804359][ T1109] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  153.813964][ T1109] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.830794][ T1109] usb 5-1: config 0 descriptor??
[  153.859920][ T1109] usb 5-1: can't set config #0, error -71
[  153.867292][ T1109] usb 5-1: USB disconnect, device number 6
[  153.931597][ T5263] sg_write: data in/out 424924/122 bytes for SCSI command 0x0-- guessing data in;
[  153.931597][ T5263]    program syz.2.283 not setting count and/or reply_len properly
[  154.210833][    T7] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  154.255841][    T7] usb 4-1: config 0 has no interface number 0
[  154.292686][    T7] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  154.311973][    T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.463356][    T7] usb 4-1: config 0 descriptor??
[  154.830102][    T7] usb 4-1: can't set config #0, error -71
[  154.857198][    T7] usb 4-1: USB disconnect, device number 6
[  154.970708][ T5277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.287'.
[  155.031539][ T5281] netlink: 4 bytes leftover after parsing attributes in process `syz.1.290'.
[  155.095001][ T5281] device veth0_macvtap left promiscuous mode
[  156.314261][ T5292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.291'.
[  156.538844][ T5304] netlink: 128 bytes leftover after parsing attributes in process `syz.3.296'.
[  156.548619][ T5304] netlink: 12 bytes leftover after parsing attributes in process `syz.3.296'.
[  156.669834][ T3522] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[  156.684354][ T4239] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  156.710000][ T4238] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  157.453311][ T4239] usb 1-1: Using ep0 maxpacket: 32
[  158.516610][ T4239] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  158.524948][ T3522] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  158.543437][ T3522] usb 3-1: config 0 has no interface number 0
[  158.549620][ T3522] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  158.560011][ T4238] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  158.568067][ T4238] usb 5-1: config 0 has no interface number 0
[  158.584789][ T4239] usb 1-1: config 0 has no interface number 0
[  158.615361][ T4239] usb 1-1: config 0 interface 12 has no altsetting 0
[  158.625539][ T4238] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  158.643706][ T3522] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.654549][ T4238] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.679135][ T3522] usb 3-1: config 0 descriptor??
[  158.697664][ T4238] usb 5-1: config 0 descriptor??
[  158.742246][ T3522] usb 3-1: selecting invalid altsetting 1
[  158.748158][ T3522] dvb_ttusb_budget: ttusb_init_controller: error
[  158.757222][ T4238] usb 5-1: selecting invalid altsetting 1
[  158.780799][ T4238] dvb_ttusb_budget: ttusb_init_controller: error
[  158.802245][ T4238] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  158.814705][ T3522] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  158.840135][ T4239] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  158.865314][ T4239] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.338930][ T5346] netlink: 4 bytes leftover after parsing attributes in process `syz.1.307'.
[  159.349502][ T5346] netlink: 12 bytes leftover after parsing attributes in process `syz.1.307'.
[  159.710123][ T4239] usb 1-1: Product: syz
[  159.714366][ T4239] usb 1-1: Manufacturer: syz
[  159.719006][ T4239] usb 1-1: SerialNumber: syz
[  159.725638][ T4239] usb 1-1: config 0 descriptor??
[  159.749934][ T4239] usb 1-1: can't set config #0, error -71
[  159.760456][ T4239] usb 1-1: USB disconnect, device number 7
[  159.772679][ T3522] DVB: Unable to find symbol cx22700_attach()
[  159.850231][ T3522] DVB: Unable to find symbol tda10046_attach()
[  159.856809][ T3522] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  159.920512][ T3522] usb 3-1: USB disconnect, device number 4
[  159.923550][ T5360] netlink: 12 bytes leftover after parsing attributes in process `syz.2.310'.
[  159.983458][ T4238] DVB: Unable to find symbol cx22700_attach()
[  160.057472][ T4238] DVB: Unable to find symbol tda10046_attach()
[  160.067497][ T4238] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  160.349984][ T4238] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  160.372518][ T5367] process 'syz.2.310' launched './file0' with NULL argv: empty string added
[  160.505281][ T5346] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.512713][ T5346] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.709913][ T4238] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.722358][ T4238] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.732354][ T4238] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80
[  160.741513][ T4238] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.758359][ T4238] usb 4-1: config 0 descriptor??
[  161.131400][ T5346] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  161.184295][ T5346] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  161.312385][ T4238] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  161.319633][ T4238] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  161.327729][ T4238] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  161.334850][ T4238] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  161.342655][ T4238] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  161.349964][ T4238] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  161.356965][ T4238] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  161.368313][ T4238] cp2112 0003:10C4:EA90.0004: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0
[  161.530091][ T4238] cp2112 0003:10C4:EA90.0004: Part Number: 0x00 Device Version: 0x00
[  161.707395][ T5346] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  161.716605][ T5346] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  161.725665][ T5346] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  161.734755][ T5346] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  161.743934][ T4238] cp2112 0003:10C4:EA90.0004: error requesting SMBus config
[  161.755523][ T4238] cp2112: probe of 0003:10C4:EA90.0004 failed with error -71
[  161.767541][ T4238] usb 4-1: USB disconnect, device number 7
[  161.839458][ T5374] fido_id[5374]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  161.961333][ T5346] syz.1.307 (5346) used greatest stack depth: 19792 bytes left
[  161.997957][ T5372] netlink: 24 bytes leftover after parsing attributes in process `syz.2.312'.
[  162.028026][ T5373] netlink: 24 bytes leftover after parsing attributes in process `syz.2.312'.
[  162.041110][ T4274] usb 5-1: USB disconnect, device number 7
[  162.094440][ T5376] tipc: Failed to remove unknown binding: 66,0,0/0:4076626297/4076626298
[  162.185999][ T5381] tipc: Failed to remove unknown binding: 66,0,0/0:4076626297/4076626298
[  163.465790][ T5390] kvm [5387]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x10000c0c7
[  163.492542][ T5390] kvm [5387]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc2 data 0x0
[  163.513697][ T5390] kvm [5387]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0xc90c
[  163.559778][ T4297] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  163.659758][ T5406] trusted_key: encrypted_key: key user:syz not found
[  164.256105][ T4297] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  164.279769][ T4297] usb 5-1: config 0 has no interface number 0
[  164.285931][ T4297] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  164.295520][ T4297] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.314051][ T4297] usb 5-1: config 0 descriptor??
[  164.441147][ T5410] netlink: 4 bytes leftover after parsing attributes in process `syz.2.324'.
[  164.459097][ T5410] netlink: 12 bytes leftover after parsing attributes in process `syz.2.324'.
[  165.318843][ T4297] usb 5-1: selecting invalid altsetting 1
[  165.325747][ T4297] dvb_ttusb_budget: ttusb_init_controller: error
[  165.333179][ T4297] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  165.446441][ T4297] DVB: Unable to find symbol cx22700_attach()
[  165.486513][ T5420] tmpfs: Unknown parameter 'grpquota'
[  165.574931][ T4297] DVB: Unable to find symbol tda10046_attach()
[  165.585783][ T4297] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  165.639537][ T4297] usb 5-1: USB disconnect, device number 8
[  166.822461][ T5448] netlink: 4 bytes leftover after parsing attributes in process `syz.4.338'.
[  166.833187][ T5448] netlink: 12 bytes leftover after parsing attributes in process `syz.4.338'.
[  166.977964][ T5450] trusted_key: encrypted_key: key user:syz not found
[  168.589842][ T4274] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  168.656955][ T5448] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.664892][ T5448] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.849753][ T4274] usb 2-1: Using ep0 maxpacket: 8
[  168.969987][ T4274] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  168.978271][ T4274] usb 2-1: config 0 has no interface number 0
[  168.994972][ T4274] usb 2-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping
[  169.019789][ T4274] usb 2-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping
[  169.049968][ T4274] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  169.084037][ T4274] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  169.103680][ T4274] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.130926][ T4274] usb 2-1: config 0 descriptor??
[  169.187070][ T4274] ldusb 2-1:0.55: Interrupt in endpoint not found
[  169.390992][ T4274] usb 2-1: USB disconnect, device number 3
[  169.562406][ T5448] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  169.623820][ T5448] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  171.125305][ T5448] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  171.134331][ T5448] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  171.143381][ T5448] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  171.152810][ T5448] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  171.489419][ T5460] netlink: 'syz.2.342': attribute type 16 has an invalid length.
[  171.529838][ T5460] netlink: 8 bytes leftover after parsing attributes in process `syz.2.342'.
[  171.555366][ T5460] 8021q: adding VLAN 0 to HW filter on device bond0
[  171.574778][ T5488] netlink: 28 bytes leftover after parsing attributes in process `syz.4.350'.
[  173.252512][ T5522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.361'.
[  173.283012][ T5522] netlink: 12 bytes leftover after parsing attributes in process `syz.2.361'.
[  174.175369][ T4245] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  174.790021][ T4245] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  174.807370][ T4245] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.827539][ T4245] usb 4-1: Product: syz
[  174.837235][ T4245] usb 4-1: Manufacturer: syz
[  174.847626][ T4245] usb 4-1: SerialNumber: syz
[  174.876383][ T4245] usb 4-1: config 0 descriptor??
[  175.159924][ T4245] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  177.919882][ T4245] dvb_usb_rtl28xxu: probe of 4-1:0.0 failed with error -71
[  177.948725][ T4245] usb 4-1: USB disconnect, device number 8
[  180.319293][ T5579] chnl_net:caif_netlink_parms(): no params data found
[  180.584583][ T5596] netlink: 8 bytes leftover after parsing attributes in process `syz.3.387'.
[  180.725435][ T5579] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.818824][ T5579] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.879933][ T5579] device bridge_slave_0 entered promiscuous mode
[  180.966697][ T5579] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.977363][ T5579] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.074451][ T5579] device bridge_slave_1 entered promiscuous mode
[  181.199925][ T4239] Bluetooth: hci5: command 0x0409 tx timeout
[  181.663488][ T5579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  182.040657][ T5579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  182.679532][ T5579] team0: Port device team_slave_0 added
[  182.693778][ T5579] team0: Port device team_slave_1 added
[  182.941472][ T5579] batman_adv: batadv0: Adding interface: batadv_slave_0
[  182.959633][ T5579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  182.997887][ T5579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  183.010868][ T5579] batman_adv: batadv0: Adding interface: batadv_slave_1
[  183.018012][ T5579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  183.044565][ T5579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  183.773332][ T4274] Bluetooth: hci5: command 0x041b tx timeout
[  183.862258][ T5579] device hsr_slave_0 entered promiscuous mode
[  183.900566][ T5579] device hsr_slave_1 entered promiscuous mode
[  183.913713][ T5579] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  183.942417][ T5579] Cannot create hsr debugfs directory
[  184.010264][ T5630] netlink: 8 bytes leftover after parsing attributes in process `syz.3.397'.
[  184.659967][ T4237] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  184.983498][ T5579] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  185.020942][ T5579] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  185.069772][ T4237] usb 4-1: Using ep0 maxpacket: 32
[  185.312162][ T5579] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  185.588540][ T5579] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  185.820003][ T4237] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  185.832049][ T4237] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  185.840474][ T3522] Bluetooth: hci5: command 0x040f tx timeout
[  185.843141][ T4237] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  185.856035][ T4237] usb 4-1: config 1 has no interface number 0
[  185.862673][ T4237] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  185.872988][ T4237] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  185.886054][ T4237] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  185.895189][ T4237] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.909091][ T5665] IPVS: set_ctl: invalid protocol: 22 224.0.0.2:20000
[  185.963304][ T4237] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  186.090385][ T5579] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.139362][ T4312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  186.155509][ T4312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  186.194483][ T5579] 8021q: adding VLAN 0 to HW filter on device team0
[  186.203738][ T4237] snd_usb_pod 4-1:1.1: invalid control EP
[  186.209531][ T4237] snd_usb_pod 4-1:1.1: cannot start listening: -22
[  186.216871][ T4237] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  186.225173][ T4237] snd_usb_pod: probe of 4-1:1.1 failed with error -22
[  187.243619][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  187.285650][ T4274] usb 4-1: USB disconnect, device number 9
[  187.292447][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  187.349828][ T4311] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.357002][ T4311] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.466796][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  187.510628][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  187.575461][ T4311] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.582795][ T4311] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.591211][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  187.600598][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  187.637411][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  187.675988][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  187.697236][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  187.874276][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  187.883615][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  187.893945][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  187.920025][ T4279] Bluetooth: hci5: command 0x0419 tx timeout
[  187.934410][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  188.037438][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  188.359153][ T5579] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  188.570846][ T5579] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  188.653533][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  188.673243][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  190.648832][ T5721] netlink: 8 bytes leftover after parsing attributes in process `syz.4.417'.
[  190.721188][ T4349] device hsr_slave_0 left promiscuous mode
[  190.808090][ T4349] device hsr_slave_1 left promiscuous mode
[  190.850264][    T7] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  190.865000][ T4349] batman_adv: batadv0: Removing interface: batadv_slave_0
[  190.909594][ T4349] batman_adv: batadv0: Removing interface: batadv_slave_1
[  190.955627][ T4349] device bridge_slave_1 left promiscuous mode
[  190.978354][ T4349] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.129982][ T4237] Bluetooth: hci3: command 0x0406 tx timeout
[  191.143811][ T4237] Bluetooth: hci2: command 0x0406 tx timeout
[  191.188771][ T4349] device bridge_slave_0 left promiscuous mode
[  191.195996][ T4349] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.515647][ T4237] Bluetooth: hci0: command 0x0406 tx timeout
[  191.630080][    T7] usb 2-1: config 8 has an invalid interface number: 80 but max is 0
[  191.638273][    T7] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  191.648675][    T7] usb 2-1: config 8 has no interface number 0
[  191.655507][    T7] usb 2-1: config 8 interface 80 altsetting 0 has an invalid endpoint with address 0xE7, skipping
[  191.686846][    T7] usb 2-1: config 8 interface 80 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 14
[  191.700443][    T7] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.6f
[  191.710049][    T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.725089][   T26] audit: type=1326 audit(1777630807.006:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5733 comm="syz.3.421" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  191.773503][    T7] usb 2-1: NFC: intf ffff88806128c000 id ffffffff8cb52700
[  191.801964][   T26] audit: type=1326 audit(1777630807.006:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5733 comm="syz.3.421" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  191.903007][   T26] audit: type=1326 audit(1777630807.006:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5733 comm="syz.3.421" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  191.957862][   T26] audit: type=1326 audit(1777630807.006:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5733 comm="syz.3.421" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  191.989441][    T7] usb 2-1: USB disconnect, device number 4
[  192.042388][   T26] audit: type=1326 audit(1777630807.006:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5733 comm="syz.3.421" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  192.093189][   T26] audit: type=1326 audit(1777630807.006:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5733 comm="syz.3.421" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  192.118687][   T26] audit: type=1326 audit(1777630807.006:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5733 comm="syz.3.421" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  192.135033][ T4349] team0 (unregistering): Port device team_slave_1 removed
[  192.162336][   T26] audit: type=1326 audit(1777630807.006:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5733 comm="syz.3.421" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  192.187456][ T4349] team0 (unregistering): Port device team_slave_0 removed
[  192.215773][   T26] audit: type=1326 audit(1777630807.006:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5733 comm="syz.3.421" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  192.241870][ T4349] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  192.250626][   T26] audit: type=1326 audit(1777630807.006:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5733 comm="syz.3.421" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  192.284833][ T4349] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  192.485983][ T4349] bond0 (unregistering): Released all slaves
[  193.339176][ T5579] 8021q: adding VLAN 0 to HW filter on device batadv0
[  193.570011][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  193.578151][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  194.490890][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  194.497335][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  196.203209][ T5793] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  196.659359][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  196.682207][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  197.500948][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  197.512635][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  197.730211][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  197.738272][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  198.568513][ T5579] device veth0_vlan entered promiscuous mode
[  198.696265][ T5579] device veth1_vlan entered promiscuous mode
[  198.836580][   T26] kauditd_printk_skb: 4 callbacks suppressed
[  198.836595][   T26] audit: type=1326 audit(1777630814.116:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5818 comm="syz.2.438" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe63af2e159 code=0x7ffc0000
[  198.889278][   T26] audit: type=1326 audit(1777630814.156:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5818 comm="syz.2.438" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe63af8cdd9 code=0x7ffc0000
[  198.913809][   T26] audit: type=1326 audit(1777630814.156:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5818 comm="syz.2.438" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe63af2e159 code=0x7ffc0000
[  199.188705][   T26] audit: type=1326 audit(1777630814.156:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5818 comm="syz.2.438" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe63af2e159 code=0x7ffc0000
[  199.801765][   T26] audit: type=1326 audit(1777630814.156:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5818 comm="syz.2.438" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe63af2e159 code=0x7ffc0000
[  199.827933][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  199.881818][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  199.930693][ T5579] device veth0_macvtap entered promiscuous mode
[  199.931268][   T26] audit: type=1326 audit(1777630814.156:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5818 comm="syz.2.438" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe63af8cdd9 code=0x7ffc0000
[  199.961002][    C1] vkms_vblank_simulate: vblank timer overrun
[  199.987626][ T5579] device veth1_macvtap entered promiscuous mode
[  200.056380][ T5579] batman_adv: batadv0: Interface activated: batadv_slave_0
[  200.094139][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  200.131346][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  200.140787][   T26] audit: type=1326 audit(1777630814.156:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5818 comm="syz.2.438" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe63af2e159 code=0x7ffc0000
[  200.181137][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  200.235320][ T5579] batman_adv: batadv0: Interface activated: batadv_slave_1
[  200.272740][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  200.302097][   T26] audit: type=1326 audit(1777630814.156:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5818 comm="syz.2.438" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe63af8cdd9 code=0x7ffc0000
[  200.322560][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  200.326113][    C1] vkms_vblank_simulate: vblank timer overrun
[  200.362948][ T5579] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  200.386640][ T5579] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  200.426910][ T5579] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  200.467331][ T5579] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  200.492483][   T26] audit: type=1326 audit(1777630815.076:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5818 comm="syz.2.438" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe63af2e159 code=0x7ffc0000
[  200.649758][   T26] audit: type=1326 audit(1777630815.076:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5818 comm="syz.2.438" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe63af2e159 code=0x7ffc0000
[  200.673734][    C1] vkms_vblank_simulate: vblank timer overrun
[  200.889810][ T4312] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.932635][ T4312] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.965787][ T5853] netlink: 8 bytes leftover after parsing attributes in process `syz.4.446'.
[  201.074758][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  201.088554][ T4312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  201.176179][ T4312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  201.507989][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  203.718323][ T5892] syz.5.378: vmalloc error: size 70368744185856, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz5,mems_allowed=0-1
[  203.734376][ T5892] CPU: 0 PID: 5892 Comm: syz.5.378 Not tainted syzkaller #0
[  203.741721][ T5892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  203.751842][ T5892] Call Trace:
[  203.755153][ T5892]  <TASK>
[  203.758109][ T5892]  dump_stack_lvl+0x188/0x250
[  203.762837][ T5892]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  203.768616][ T5892]  ? show_regs_print_info+0x20/0x20
[  203.773850][ T5892]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  203.779542][ T5892]  warn_alloc+0x243/0x320
[  203.783916][ T5892]  ? zone_watermark_ok_safe+0x240/0x240
[  203.789508][ T5892]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  203.795538][ T5892]  __vmalloc_node_range+0x2b1/0x8b0
[  203.800781][ T5892]  ? lockdep_hardirqs_on+0x94/0x140
[  203.806026][ T5892]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  203.811974][ T5892]  vmalloc+0x75/0x80
[  203.815917][ T5892]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  203.821763][ T5892]  dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  203.827483][ T5892]  dvb_demux_do_ioctl+0x450/0x530
[  203.832556][ T5892]  dvb_usercopy+0x191/0x2b0
[  203.837097][ T5892]  ? dvb_dmxdev_buffer_read+0x4c0/0x4c0
[  203.842681][ T5892]  ? dvb_generic_ioctl+0xb0/0xb0
[  203.847691][ T5892]  ? dvb_demux_poll+0x210/0x210
[  203.852678][ T5892]  dvb_demux_ioctl+0x25/0x30
[  203.857303][ T5892]  __se_sys_ioctl+0xfa/0x170
[  203.861944][ T5892]  do_syscall_64+0x4c/0xa0
[  203.866404][ T5892]  ? clear_bhb_loop+0x30/0x80
[  203.871105][ T5892]  ? clear_bhb_loop+0x30/0x80
[  203.875817][ T5892]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  203.881752][ T5892] RIP: 0033:0x7f2d9fc1add9
[  203.886198][ T5892] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  203.905833][ T5892] RSP: 002b:00007f2d9de32028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  203.914283][ T5892] RAX: ffffffffffffffda RBX: 00007f2d9fe94180 RCX: 00007f2d9fc1add9
[  203.922424][ T5892] RDX: 0000400000002000 RSI: 0000000000006f2d RDI: 0000000000000003
[  203.930438][ T5892] RBP: 00007f2d9fcb0d69 R08: 0000000000000000 R09: 0000000000000000
[  203.938445][ T5892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  203.946468][ T5892] R13: 00007f2d9fe94218 R14: 00007f2d9fe94180 R15: 00007ffc32000f78
[  203.954505][ T5892]  </TASK>
[  203.958407][ T5892] Mem-Info:
[  203.962020][ T5892] active_anon:291 inactive_anon:8960 isolated_anon:0
[  203.962020][ T5892]  active_file:4843 inactive_file:36412 isolated_file:0
[  203.962020][ T5892]  unevictable:768 dirty:108 writeback:0
[  203.962020][ T5892]  slab_reclaimable:20626 slab_unreclaimable:93124
[  203.962020][ T5892]  mapped:32670 shmem:4499 pagetables:707 bounce:0
[  203.962020][ T5892]  kernel_misc_reclaimable:0
[  203.962020][ T5892]  free:1384711 free_pcp:10899 free_cma:0
[  204.003779][ T5892] Node 0 active_anon:1132kB inactive_anon:35332kB active_file:19168kB inactive_file:145648kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130680kB dirty:432kB writeback:0kB shmem:15920kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:10744kB pagetables:2828kB all_unreclaimable? no
[  204.035216][ T5892] Node 1 active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:2076kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB all_unreclaimable? no
[  204.064501][ T5892] Node 0 DMA free:15360kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  204.090919][ T5892] lowmem_reserve[]: 0 2539 2540 2540 2540
[  204.096934][ T5892] Node 0 DMA32 free:1615364kB min:34784kB low:43480kB high:52176kB reserved_highatomic:0KB active_anon:1132kB inactive_anon:35332kB active_file:19168kB inactive_file:145648kB unevictable:1536kB writepending:432kB present:3129332kB managed:2606544kB mlocked:0kB bounce:0kB free_pcp:30448kB local_pcp:11748kB free_cma:0kB
[  204.127288][ T5892] lowmem_reserve[]: 0 0 0 0 0
[  204.132272][ T5892] Node 0 Normal free:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:660kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  204.158013][ T5892] lowmem_reserve[]: 0 0 0 0 0
[  204.163037][ T5892] Node 1 Normal free:3908120kB min:55108kB low:68884kB high:82660kB reserved_highatomic:0KB active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4119672kB mlocked:0kB bounce:0kB free_pcp:13148kB local_pcp:5228kB free_cma:0kB
[  204.191990][ T5892] lowmem_reserve[]: 0 0 0 0 0
[  204.196951][ T5892] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  204.210264][ T5892] Node 0 DMA32: 3*4kB (UME) 3*8kB (UME) 342*16kB (UME) 1084*32kB (UME) 684*64kB (UME) 366*128kB (UM) 197*256kB (UM) 129*512kB (UM) 74*1024kB (UME) 33*2048kB (UME) 299*4096kB (UM) = 1615364kB
[  204.230131][ T5892] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  204.242179][ T5892] Node 1 Normal: 66*4kB (UME) 12*8kB (U) 19*16kB (UME) 56*32kB (UE) 28*64kB (UME) 13*128kB (UME) 9*256kB (UME) 1*512kB (E) 0*1024kB 2*2048kB (ME) 951*4096kB (UM) = 3908120kB
[  204.260421][ T5892] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  204.270085][ T5892] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  204.279463][ T5892] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  204.289120][ T5892] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  204.298518][ T5892] 45754 total pagecache pages
[  204.303324][ T5892] 0 pages in swap cache
[  204.307548][ T5892] Swap cache stats: add 63, delete 63, find 0/2
[  204.313887][ T5892] Free swap  = 124728kB
[  204.318128][ T5892] Total swap = 124996kB
[  204.322387][ T5892] 2097051 pages RAM
[  204.326267][ T5892] 0 pages HighMem/MovableOnly
[  204.331036][ T5892] 411492 pages reserved
[  204.335274][ T5892] 0 pages cma reserved
[  204.711371][ T5894] netlink: 64 bytes leftover after parsing attributes in process `syz.1.457'.
[  210.709849][ T4245] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  211.110231][ T4245] usb 2-1: config 0 has an invalid descriptor of length 53, skipping remainder of the config
[  211.142309][ T4245] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF9, skipping
[  211.424751][ T4245] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 15957, setting to 64
[  212.140239][ T4245] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  212.551458][ T5997] netlink: 52 bytes leftover after parsing attributes in process `syz.2.480'.
[  212.560625][ T4245] usb 2-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  212.572268][ T4245] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.585367][ T4245] usb 2-1: Product: syz
[  212.594540][ T4245] usb 2-1: Manufacturer: syz
[  212.609423][ T4245] usb 2-1: SerialNumber: syz
[  212.671014][ T4245] usb 2-1: config 0 descriptor??
[  212.700198][ T5964] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  212.717862][ T5964] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  212.791733][ T4245] ati_remote_probe: Unexpected desc.bNumEndpoints
[  213.102408][ T4279] usb 2-1: USB disconnect, device number 5
[  216.685850][ T6047] netlink: 8 bytes leftover after parsing attributes in process `syz.5.490'.
[  216.803104][ T6039] can: request_module (can-proto-4) failed.
[  217.630914][ T6060] warn_alloc: 1 callbacks suppressed
[  217.630935][ T6060] syz.1.492: vmalloc error: size 70368744185856, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[  217.650801][ T6060] CPU: 0 PID: 6060 Comm: syz.1.492 Not tainted syzkaller #0
[  217.658130][ T6060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  217.668218][ T6060] Call Trace:
[  217.671527][ T6060]  <TASK>
[  217.674499][ T6060]  dump_stack_lvl+0x188/0x250
[  217.679236][ T6060]  ? rcu_lock_release+0x5/0x20
[  217.684036][ T6060]  ? show_regs_print_info+0x20/0x20
[  217.689276][ T6060]  ? load_image+0x400/0x400
[  217.693824][ T6060]  warn_alloc+0x243/0x320
[  217.698276][ T6060]  ? rcu_lock_release+0x20/0x20
[  217.703170][ T6060]  ? zone_watermark_ok_safe+0x240/0x240
[  217.708760][ T6060]  ? dvb_demux_do_ioctl+0x313/0x530
[  217.714000][ T6060]  ? kfree+0xef/0x2a0
[  217.718030][ T6060]  __vmalloc_node_range+0x2b1/0x8b0
[  217.723704][ T6060]  ? mutex_lock_io_nested+0x60/0x60
[  217.728952][ T6060]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  217.734818][ T6060]  vmalloc+0x75/0x80
[  217.738749][ T6060]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  217.744587][ T6060]  dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  217.750267][ T6060]  dvb_demux_do_ioctl+0x450/0x530
[  217.755334][ T6060]  dvb_usercopy+0x191/0x2b0
[  217.759872][ T6060]  ? dvb_dmxdev_buffer_read+0x4c0/0x4c0
[  217.765455][ T6060]  ? dvb_generic_ioctl+0xb0/0xb0
[  217.770463][ T6060]  ? dvb_demux_poll+0x210/0x210
[  217.775467][ T6060]  dvb_demux_ioctl+0x25/0x30
[  217.780109][ T6060]  __se_sys_ioctl+0xfa/0x170
[  217.784745][ T6060]  do_syscall_64+0x4c/0xa0
[  217.789203][ T6060]  ? clear_bhb_loop+0x30/0x80
[  217.793922][ T6060]  ? clear_bhb_loop+0x30/0x80
[  217.798644][ T6060]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  217.804578][ T6060] RIP: 0033:0x7fee98d19dd9
[  217.809023][ T6060] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  217.828923][ T6060] RSP: 002b:00007fee96f31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  217.837395][ T6060] RAX: ffffffffffffffda RBX: 00007fee98f93180 RCX: 00007fee98d19dd9
[  217.845411][ T6060] RDX: 0000400000002000 RSI: 0000000000006f2d RDI: 0000000000000003
[  217.853432][ T6060] RBP: 00007fee98dafd69 R08: 0000000000000000 R09: 0000000000000000
[  217.861437][ T6060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  217.869447][ T6060] R13: 00007fee98f93218 R14: 00007fee98f93180 R15: 00007fff2a25c6c8
[  217.877477][ T6060]  </TASK>
[  217.881225][ T6060] Mem-Info:
[  217.884401][ T6060] active_anon:285 inactive_anon:17787 isolated_anon:0
[  217.884401][ T6060]  active_file:4853 inactive_file:36458 isolated_file:0
[  217.884401][ T6060]  unevictable:768 dirty:165 writeback:0
[  217.884401][ T6060]  slab_reclaimable:20637 slab_unreclaimable:94040
[  217.884401][ T6060]  mapped:40654 shmem:12397 pagetables:773 bounce:0
[  217.884401][ T6060]  kernel_misc_reclaimable:0
[  217.884401][ T6060]  free:1380572 free_pcp:5167 free_cma:0
[  217.926259][ T6060] Node 0 active_anon:1108kB inactive_anon:70640kB active_file:19208kB inactive_file:145832kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:162616kB dirty:660kB writeback:0kB shmem:47512kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:10992kB pagetables:3092kB all_unreclaimable? no
[  217.957660][ T6060] Node 1 active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:2076kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB all_unreclaimable? no
[  217.987075][ T6060] Node 0 DMA free:15360kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  218.013588][ T6060] lowmem_reserve[]: 0 2539 2540 2540 2540
[  218.019452][ T6060] Node 0 DMA32 free:1598808kB min:34784kB low:43480kB high:52176kB reserved_highatomic:0KB active_anon:1108kB inactive_anon:70640kB active_file:19208kB inactive_file:145832kB unevictable:1536kB writepending:660kB present:3129332kB managed:2606544kB mlocked:0kB bounce:0kB free_pcp:7520kB local_pcp:1000kB free_cma:0kB
[  218.049532][ T6060] lowmem_reserve[]: 0 0 0 0 0
[  218.054355][ T6060] Node 0 Normal free:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:660kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  218.080450][ T6060] lowmem_reserve[]: 0 0 0 0 0
[  218.085285][ T6060] Node 1 Normal free:3908120kB min:55108kB low:68884kB high:82660kB reserved_highatomic:0KB active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4119672kB mlocked:0kB bounce:0kB free_pcp:13148kB local_pcp:5228kB free_cma:0kB
[  218.122808][ T6060] lowmem_reserve[]: 0 0 0 0 0
[  218.127837][ T6060] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  218.140979][ T6060] Node 0 DMA32: 80*4kB (UM) 5*8kB (UM) 395*16kB (U) 722*32kB (UE) 520*64kB (UM) 374*128kB (UM) 198*256kB (UM) 131*512kB (UM) 74*1024kB (UME) 32*2048kB (UME) 300*4096kB (UM) = 1598808kB
[  218.159906][ T6060] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  218.172072][ T6060] Node 1 Normal: 66*4kB (UME) 12*8kB (U) 19*16kB (UME) 56*32kB (UE) 28*64kB (UME) 13*128kB (UME) 9*256kB (UME) 1*512kB (E) 0*1024kB 2*2048kB (ME) 951*4096kB (UM) = 3908120kB
[  218.190038][ T6060] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  218.199847][ T6060] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  218.209260][ T6060] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  218.219179][ T6060] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  218.228652][ T6060] 53708 total pagecache pages
[  218.233483][ T6060] 0 pages in swap cache
[  218.237730][ T6060] Swap cache stats: add 63, delete 63, find 0/2
[  218.244228][ T6060] Free swap  = 124728kB
[  218.248443][ T6060] Total swap = 124996kB
[  218.279695][ T6060] 2097051 pages RAM
[  218.283593][ T6060] 0 pages HighMem/MovableOnly
[  218.288323][ T6060] 411492 pages reserved
[  218.292556][ T6060] 0 pages cma reserved
[  220.265973][ T6082] netlink: 52 bytes leftover after parsing attributes in process `syz.2.499'.
[  221.715853][ T6104] netlink: 48 bytes leftover after parsing attributes in process `syz.4.506'.
[  226.938449][ T6186] binder: 6185:6186 ioctl 4018620d 0 returned -22
[  228.062782][ T6200] binder: 6185:6200 ioctl c0306201 2000000004c0 returned -14
[  228.096675][ T6198] warn_alloc: 1 callbacks suppressed
[  228.096687][ T6198] syz.5.525: vmalloc error: size 70368744185856, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz5,mems_allowed=0-1
[  228.116604][ T6198] CPU: 0 PID: 6198 Comm: syz.5.525 Not tainted syzkaller #0
[  228.123905][ T6198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  228.133964][ T6198] Call Trace:
[  228.137249][ T6198]  <TASK>
[  228.140176][ T6198]  dump_stack_lvl+0x188/0x250
[  228.144854][ T6198]  ? rcu_lock_release+0x5/0x20
[  228.149615][ T6198]  ? show_regs_print_info+0x20/0x20
[  228.154850][ T6198]  ? load_image+0x400/0x400
[  228.159364][ T6198]  warn_alloc+0x243/0x320
[  228.163695][ T6198]  ? rcu_lock_release+0x20/0x20
[  228.168551][ T6198]  ? zone_watermark_ok_safe+0x240/0x240
[  228.174113][ T6198]  ? dvb_demux_do_ioctl+0x313/0x530
[  228.179405][ T6198]  ? kfree+0xef/0x2a0
[  228.183559][ T6198]  __vmalloc_node_range+0x2b1/0x8b0
[  228.188761][ T6198]  ? mutex_lock_io_nested+0x60/0x60
[  228.193985][ T6198]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  228.199817][ T6198]  vmalloc+0x75/0x80
[  228.203714][ T6198]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  228.209623][ T6198]  dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  228.215302][ T6198]  dvb_demux_do_ioctl+0x450/0x530
[  228.220347][ T6198]  dvb_usercopy+0x191/0x2b0
[  228.224853][ T6198]  ? dvb_dmxdev_buffer_read+0x4c0/0x4c0
[  228.230399][ T6198]  ? dvb_generic_ioctl+0xb0/0xb0
[  228.235365][ T6198]  ? dvb_demux_poll+0x210/0x210
[  228.240214][ T6198]  dvb_demux_ioctl+0x25/0x30
[  228.244807][ T6198]  __se_sys_ioctl+0xfa/0x170
[  228.249417][ T6198]  do_syscall_64+0x4c/0xa0
[  228.253834][ T6198]  ? clear_bhb_loop+0x30/0x80
[  228.258514][ T6198]  ? clear_bhb_loop+0x30/0x80
[  228.263204][ T6198]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  228.269116][ T6198] RIP: 0033:0x7f2d9fc1add9
[  228.273532][ T6198] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  228.293142][ T6198] RSP: 002b:00007f2d9de53028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  228.301670][ T6198] RAX: ffffffffffffffda RBX: 00007f2d9fe94090 RCX: 00007f2d9fc1add9
[  228.309662][ T6198] RDX: 0000400000002000 RSI: 0000000000006f2d RDI: 0000000000000003
[  228.317742][ T6198] RBP: 00007f2d9fcb0d69 R08: 0000000000000000 R09: 0000000000000000
[  228.325732][ T6198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  228.333704][ T6198] R13: 00007f2d9fe94128 R14: 00007f2d9fe94090 R15: 00007ffc32000f78
[  228.341790][ T6198]  </TASK>
[  228.347136][ T6198] Mem-Info:
[  228.350312][ T6198] active_anon:306 inactive_anon:9806 isolated_anon:0
[  228.350312][ T6198]  active_file:4859 inactive_file:36455 isolated_file:0
[  228.350312][ T6198]  unevictable:768 dirty:79 writeback:0
[  228.350312][ T6198]  slab_reclaimable:20679 slab_unreclaimable:94651
[  228.350312][ T6198]  mapped:32764 shmem:4512 pagetables:747 bounce:0
[  228.350312][ T6198]  kernel_misc_reclaimable:0
[  228.350312][ T6198]  free:1381307 free_pcp:10532 free_cma:0
[  228.392217][ T6198] Node 0 active_anon:1192kB inactive_anon:38716kB active_file:19232kB inactive_file:145820kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131056kB dirty:316kB writeback:0kB shmem:15972kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:11116kB pagetables:2988kB all_unreclaimable? no
[  228.424077][ T6198] Node 1 active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:2076kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB all_unreclaimable? no
[  228.453409][ T6198] Node 0 DMA free:15360kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  228.479905][ T6198] lowmem_reserve[]: 0 2539 2540 2540 2540
[  228.485738][ T6198] Node 0 DMA32 free:1601748kB min:34784kB low:43480kB high:52176kB reserved_highatomic:0KB active_anon:1192kB inactive_anon:38716kB active_file:19232kB inactive_file:145820kB unevictable:1536kB writepending:316kB present:3129332kB managed:2606544kB mlocked:0kB bounce:0kB free_pcp:28980kB local_pcp:19192kB free_cma:0kB
[  228.516110][ T6198] lowmem_reserve[]: 0 0 0 0 0
[  228.520920][ T6198] Node 0 Normal free:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:660kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  228.546753][ T6198] lowmem_reserve[]: 0 0 0 0 0
[  228.551529][ T6198] Node 1 Normal free:3908120kB min:55108kB low:68884kB high:82660kB reserved_highatomic:0KB active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4119672kB mlocked:0kB bounce:0kB free_pcp:13148kB local_pcp:5228kB free_cma:0kB
[  228.580621][ T6198] lowmem_reserve[]: 0 0 0 0 0
[  228.585386][ T6198] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  228.598143][ T6198] Node 0 DMA32: 155*4kB (UM) 217*8kB (UME) 574*16kB (UME) 780*32kB (UME) 447*64kB (UME) 371*128kB (UME) 201*256kB (UME) 132*512kB (UME) 74*1024kB (UM) 32*2048kB (UME) 300*4096kB (UM) = 1601748kB
[  228.617657][ T6198] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  228.629242][ T6198] Node 1 Normal: 66*4kB (UME) 12*8kB (U) 19*16kB (UME) 56*32kB (UE) 28*64kB (UME) 13*128kB (UME) 9*256kB (UME) 1*512kB (E) 0*1024kB 2*2048kB (ME) 951*4096kB (UM) = 3908120kB
[  228.646770][ T6198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  228.656433][ T6198] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  228.665827][ T6198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  228.675533][ T6198] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  228.684952][ T6198] 45827 total pagecache pages
[  228.689734][ T6198] 0 pages in swap cache
[  228.693931][ T6198] Swap cache stats: add 63, delete 63, find 0/2
[  228.700243][ T6198] Free swap  = 124728kB
[  228.704433][ T6198] Total swap = 124996kB
[  228.708651][ T6198] 2097051 pages RAM
[  228.712532][ T6198] 0 pages HighMem/MovableOnly
[  228.717369][ T6198] 411492 pages reserved
[  228.734422][ T6198] 0 pages cma reserved
[  228.819626][    T7] Bluetooth: hci4: command 0x0406 tx timeout
[  228.978646][ T6188] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  229.002592][ T6205] netlink: 52 bytes leftover after parsing attributes in process `syz.1.526'.
[  229.081904][ T6209] syz.5.527 sent an empty control message without MSG_MORE.
[  230.699829][ T4239] usb 6-1: new low-speed USB device number 2 using dummy_hcd
[  231.160386][ T4239] usb 6-1: config 173 has an invalid interface number: 57 but max is 0
[  231.224783][ T4239] usb 6-1: config 173 has no interface number 0
[  231.449755][ T4239] usb 6-1: config 173 interface 57 has no altsetting 0
[  232.628293][ T4239] usb 6-1: string descriptor 0 read error: -22
[  232.645101][ T4239] usb 6-1: New USB device found, idVendor=04eb, idProduct=e004, bcdDevice=7b.dd
[  232.656754][ T4239] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.573385][ T4239] usb 6-1: USB disconnect, device number 2
[  234.832746][ T6281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.544'.
[  235.281059][ T4239] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  235.870425][ T4239] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  235.919426][ T4239] usb 5-1: config 0 has no interface number 0
[  236.053606][ T4239] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  236.130132][ T4239] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.198884][ T4239] usb 5-1: config 0 descriptor??
[  236.263406][ T4239] usb 5-1: selecting invalid altsetting 1
[  236.280710][ T4239] dvb_ttusb_budget: ttusb_init_controller: error
[  236.373351][ T4239] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  236.649886][ T4239] DVB: Unable to find symbol cx22700_attach()
[  237.616905][ T4239] DVB: Unable to find symbol tda10046_attach()
[  237.623568][ T4239] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  237.639033][ T4239] usb 5-1: USB disconnect, device number 9
[  239.710101][ T6336] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  239.999527][ T6391] binder: BINDER_SET_CONTEXT_MGR already set
[  240.005937][ T6391] binder: 6384:6391 ioctl 4018620d 200000004a80 returned -16
[  240.210051][ T4245] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  240.660304][ T4245] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  240.701721][ T4245] usb 5-1: config 0 has no interface number 0
[  240.800810][ T4245] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  240.979512][ T4245] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.292183][ T4245] usb 5-1: config 0 descriptor??
[  241.376967][ T6401] warn_alloc: 2 callbacks suppressed
[  241.377004][ T6401] syz.1.566: vmalloc error: size 70368744185856, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[  241.396939][ T6401] CPU: 0 PID: 6401 Comm: syz.1.566 Not tainted syzkaller #0
[  241.404355][ T6401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  241.414448][ T6401] Call Trace:
[  241.417759][ T6401]  <TASK>
[  241.420725][ T6401]  dump_stack_lvl+0x188/0x250
[  241.425449][ T6401]  ? rcu_lock_release+0x5/0x20
[  241.430401][ T6401]  ? show_regs_print_info+0x20/0x20
[  241.435650][ T6401]  ? load_image+0x400/0x400
[  241.440211][ T6401]  ? __rcu_read_unlock+0x78/0xd0
[  241.445255][ T6401]  warn_alloc+0x243/0x320
[  241.449640][ T6401]  ? rcu_lock_release+0x20/0x20
[  241.454526][ T6401]  ? zone_watermark_ok_safe+0x240/0x240
[  241.460111][ T6401]  ? dvb_demux_do_ioctl+0x313/0x530
[  241.465364][ T6401]  ? kfree+0xef/0x2a0
[  241.469401][ T6401]  __vmalloc_node_range+0x2b1/0x8b0
[  241.474647][ T6401]  ? mutex_lock_io_nested+0x60/0x60
[  241.479894][ T6401]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  241.485740][ T6401]  vmalloc+0x75/0x80
[  241.489669][ T6401]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  241.495519][ T6401]  dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  241.501212][ T6401]  dvb_demux_do_ioctl+0x450/0x530
[  241.506290][ T6401]  dvb_usercopy+0x191/0x2b0
[  241.510832][ T6401]  ? dvb_dmxdev_buffer_read+0x4c0/0x4c0
[  241.516424][ T6401]  ? dvb_generic_ioctl+0xb0/0xb0
[  241.521434][ T6401]  ? dvb_demux_poll+0x210/0x210
[  241.526321][ T6401]  dvb_demux_ioctl+0x25/0x30
[  241.530948][ T6401]  __se_sys_ioctl+0xfa/0x170
[  241.535588][ T6401]  do_syscall_64+0x4c/0xa0
[  241.540040][ T6401]  ? clear_bhb_loop+0x30/0x80
[  241.544751][ T6401]  ? clear_bhb_loop+0x30/0x80
[  241.549469][ T6401]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  241.555391][ T6401] RIP: 0033:0x7fee98d19dd9
[  241.559839][ T6401] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  241.579567][ T6401] RSP: 002b:00007fee96f31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  241.588024][ T6401] RAX: ffffffffffffffda RBX: 00007fee98f93180 RCX: 00007fee98d19dd9
[  241.596039][ T6401] RDX: 0000400000002000 RSI: 0000000000006f2d RDI: 0000000000000003
[  241.604042][ T6401] RBP: 00007fee98dafd69 R08: 0000000000000000 R09: 0000000000000000
[  241.612044][ T6401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  241.620044][ T6401] R13: 00007fee98f93218 R14: 00007fee98f93180 R15: 00007fff2a25c6c8
[  241.628067][ T6401]  </TASK>
[  241.631785][ T6401] Mem-Info:
[  241.634980][ T6401] active_anon:288 inactive_anon:9366 isolated_anon:0
[  241.634980][ T6401]  active_file:4864 inactive_file:36455 isolated_file:0
[  241.634980][ T6401]  unevictable:768 dirty:83 writeback:0
[  241.634980][ T6401]  slab_reclaimable:20643 slab_unreclaimable:95126
[  241.634980][ T6401]  mapped:32820 shmem:4513 pagetables:806 bounce:0
[  241.634980][ T6401]  kernel_misc_reclaimable:0
[  241.634980][ T6401]  free:1381342 free_pcp:10234 free_cma:0
[  241.676999][ T6401] Node 0 active_anon:1120kB inactive_anon:36956kB active_file:19252kB inactive_file:145820kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131280kB dirty:332kB writeback:0kB shmem:15976kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:11032kB pagetables:3224kB all_unreclaimable? no
[  241.708348][ T6401] Node 1 active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:2076kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB all_unreclaimable? no
[  241.737535][ T6401] Node 0 DMA free:15360kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  241.763893][ T6401] lowmem_reserve[]: 0 2539 2540 2540 2540
[  241.769968][ T6401] Node 0 DMA32 free:1601888kB min:34784kB low:43480kB high:52176kB reserved_highatomic:0KB active_anon:1120kB inactive_anon:36956kB active_file:19252kB inactive_file:145820kB unevictable:1536kB writepending:332kB present:3129332kB managed:2606544kB mlocked:0kB bounce:0kB free_pcp:27788kB local_pcp:6192kB free_cma:0kB
[  241.920105][ T6401] lowmem_reserve[]: 0 0 0 0 0
[  241.924909][ T6401] Node 0 Normal free:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:660kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  241.950531][ T6401] lowmem_reserve[]: 0 0 0 0 0
[  241.955293][ T6401] Node 1 Normal free:3908120kB min:55108kB low:68884kB high:82660kB reserved_highatomic:0KB active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4119672kB mlocked:0kB bounce:0kB free_pcp:13148kB local_pcp:5228kB free_cma:0kB
[  241.984161][ T6401] lowmem_reserve[]: 0 0 0 0 0
[  241.988931][ T6401] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  242.001654][ T6401] Node 0 DMA32: 1*4kB (U) 83*8kB (ME) 245*16kB (ME) 672*32kB (UME) 582*64kB (UME) 366*128kB (UME) 202*256kB (UME) 131*512kB (UME) 74*1024kB (UM) 31*2048kB (UME) 301*4096kB (UM) = 1601132kB
[  242.020561][ T6401] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  242.032249][ T6401] Node 1 Normal: 66*4kB (UME) 12*8kB (U) 19*16kB (UME) 56*32kB (UE) 28*64kB (UME) 13*128kB (UME) 9*256kB (UME) 1*512kB (E) 0*1024kB 2*2048kB (ME) 951*4096kB (UM) = 3908120kB
[  242.049740][ T6401] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  242.059316][ T6401] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  242.068761][ T6401] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  242.078354][ T6401] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  242.087725][ T6401] 45832 total pagecache pages
[  242.093249][ T6401] 0 pages in swap cache
[  242.097446][ T6401] Swap cache stats: add 63, delete 63, find 0/2
[  242.103747][ T6401] Free swap  = 124728kB
[  242.107918][ T6401] Total swap = 124996kB
[  242.112115][ T6401] 2097051 pages RAM
[  242.115939][ T6401] 0 pages HighMem/MovableOnly
[  242.120654][ T6401] 411492 pages reserved
[  242.124833][ T6401] 0 pages cma reserved
[  242.334331][ T4245] usb 5-1: selecting invalid altsetting 1
[  242.364926][ T4245] dvb_ttusb_budget: ttusb_init_controller: error
[  242.415504][ T4245] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  242.594156][ T4245] DVB: Unable to find symbol cx22700_attach()
[  242.661066][ T4245] DVB: Unable to find symbol tda10046_attach()
[  242.667979][ T4245] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  243.396513][ T6433] netlink: 8 bytes leftover after parsing attributes in process `syz.1.571'.
[  243.513779][ T4297] usb 5-1: USB disconnect, device number 10
[  246.227973][ T6465] binder: BINDER_SET_CONTEXT_MGR already set
[  246.234375][ T6465] binder: 6460:6465 ioctl 4018620d 200000004a80 returned -16
[  247.768477][ T6472] input: syz1 as /devices/virtual/input/input5
[  247.799276][ T6480] netlink: 8 bytes leftover after parsing attributes in process `syz.1.583'.
[  248.373891][ T4239] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  249.109900][ T4239] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  249.119495][ T4239] usb 5-1: config 0 has no interface number 0
[  249.229944][ T4239] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  249.239215][ T4239] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.279092][ T4239] usb 5-1: config 0 descriptor??
[  249.359260][ T4239] usb 5-1: selecting invalid altsetting 1
[  249.365375][ T4239] dvb_ttusb_budget: ttusb_init_controller: error
[  249.372508][ T4239] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  249.546693][ T4239] DVB: Unable to find symbol cx22700_attach()
[  249.627122][ T4239] DVB: Unable to find symbol tda10046_attach()
[  249.634882][ T4239] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  249.654050][ T4239] usb 5-1: USB disconnect, device number 11
[  251.023959][ T6488] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  252.006624][ T6567] binder: BINDER_SET_CONTEXT_MGR already set
[  252.012750][ T6567] binder: 6566:6567 ioctl 4018620d 200000004a80 returned -16
[  252.390612][ T6592] netlink: 8 bytes leftover after parsing attributes in process `syz.1.599'.
[  252.789964][ T4279] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  253.260376][ T4279] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  253.393194][ T4279] usb 4-1: config 0 has no interface number 0
[  253.399569][ T4279] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  253.429392][ T4279] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.440545][ T4279] usb 4-1: config 0 descriptor??
[  253.646465][ T4279] usb 4-1: selecting invalid altsetting 1
[  253.652680][ T4279] dvb_ttusb_budget: ttusb_init_controller: error
[  253.659051][ T4279] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  255.520113][ T6610] warn_alloc: 2 callbacks suppressed
[  255.520154][ T6610] syz.4.603: vmalloc error: size 70368744185856, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz4,mems_allowed=0-1
[  255.540299][ T6610] CPU: 1 PID: 6610 Comm: syz.4.603 Not tainted syzkaller #0
[  255.547621][ T6610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  255.557729][ T6610] Call Trace:
[  255.561047][ T6610]  <TASK>
[  255.564051][ T6610]  dump_stack_lvl+0x188/0x250
[  255.568793][ T6610]  ? rcu_lock_release+0x5/0x20
[  255.573592][ T6610]  ? show_regs_print_info+0x20/0x20
[  255.578829][ T6610]  ? load_image+0x400/0x400
[  255.583365][ T6610]  ? __rcu_read_unlock+0x78/0xd0
[  255.588348][ T6610]  warn_alloc+0x243/0x320
[  255.592716][ T6610]  ? rcu_lock_release+0x20/0x20
[  255.597648][ T6610]  ? zone_watermark_ok_safe+0x240/0x240
[  255.603244][ T6610]  ? kfree+0xef/0x2a0
[  255.608058][ T6610]  __vmalloc_node_range+0x2b1/0x8b0
[  255.613291][ T6610]  ? mutex_lock_io_nested+0x60/0x60
[  255.618556][ T6610]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  255.624397][ T6610]  vmalloc+0x75/0x80
[  255.628321][ T6610]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  255.634173][ T6610]  dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  255.639858][ T6610]  dvb_demux_do_ioctl+0x450/0x530
[  255.644916][ T6610]  dvb_usercopy+0x191/0x2b0
[  255.649456][ T6610]  ? dvb_dmxdev_buffer_read+0x4c0/0x4c0
[  255.655038][ T6610]  ? dvb_generic_ioctl+0xb0/0xb0
[  255.660016][ T6610]  ? tomoyo_file_ioctl+0xd/0x30
[  255.664905][ T6610]  ? dvb_demux_poll+0x210/0x210
[  255.669793][ T6610]  dvb_demux_ioctl+0x25/0x30
[  255.674422][ T6610]  __se_sys_ioctl+0xfa/0x170
[  255.679049][ T6610]  do_syscall_64+0x4c/0xa0
[  255.683495][ T6610]  ? clear_bhb_loop+0x30/0x80
[  255.688315][ T6610]  ? clear_bhb_loop+0x30/0x80
[  255.693027][ T6610]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  255.698960][ T6610] RIP: 0033:0x7f5d1c82bdd9
[  255.703402][ T6610] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  255.723049][ T6610] RSP: 002b:00007f5d1aa64028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  255.731501][ T6610] RAX: ffffffffffffffda RBX: 00007f5d1caa5090 RCX: 00007f5d1c82bdd9
[  255.739515][ T6610] RDX: 0000400000002000 RSI: 0000000000006f2d RDI: 0000000000000003
[  255.747520][ T6610] RBP: 00007f5d1c8c1d69 R08: 0000000000000000 R09: 0000000000000000
[  255.755678][ T6610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  255.763693][ T6610] R13: 00007f5d1caa5128 R14: 00007f5d1caa5090 R15: 00007fff50daa5d8
[  255.771752][ T6610]  </TASK>
[  255.774937][ T6610] Mem-Info:
[  255.778111][ T6610] active_anon:287 inactive_anon:12381 isolated_anon:0
[  255.778111][ T6610]  active_file:4884 inactive_file:36439 isolated_file:0
[  255.778111][ T6610]  unevictable:768 dirty:101 writeback:0
[  255.778111][ T6610]  slab_reclaimable:20647 slab_unreclaimable:95023
[  255.778111][ T6610]  mapped:35761 shmem:7392 pagetables:799 bounce:0
[  255.778111][ T6610]  kernel_misc_reclaimable:0
[  255.778111][ T6610]  free:1379932 free_pcp:7716 free_cma:0
[  255.819909][ T6610] Node 0 active_anon:1116kB inactive_anon:49016kB active_file:19332kB inactive_file:145756kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:143044kB dirty:404kB writeback:0kB shmem:27492kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:11124kB pagetables:3196kB all_unreclaimable? no
[  255.851278][ T6610] Node 1 active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:2076kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB all_unreclaimable? no
[  255.880461][ T6610] Node 0 DMA free:15360kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  255.906830][ T6610] lowmem_reserve[]: 0 2539 2540 2540 2540
[  255.912985][ T6610] Node 0 DMA32 free:1596248kB min:34784kB low:43480kB high:52176kB reserved_highatomic:0KB active_anon:1116kB inactive_anon:49016kB active_file:19332kB inactive_file:145756kB unevictable:1536kB writepending:404kB present:3129332kB managed:2606544kB mlocked:0kB bounce:0kB free_pcp:17712kB local_pcp:5316kB free_cma:0kB
[  255.943010][ T6610] lowmem_reserve[]: 0 0 0 0 0
[  255.948080][ T6610] Node 0 Normal free:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:660kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  255.973819][ T6610] lowmem_reserve[]: 0 0 0 0 0
[  255.978852][ T6610] Node 1 Normal free:3908120kB min:55108kB low:68884kB high:82660kB reserved_highatomic:0KB active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4119672kB mlocked:0kB bounce:0kB free_pcp:13152kB local_pcp:7924kB free_cma:0kB
[  256.007883][ T6610] lowmem_reserve[]: 0 0 0 0 0
[  256.102867][ T6610] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  256.115663][ T6610] Node 0 DMA32: 2*4kB (UM) 2*8kB (UM) 220*16kB (UE) 558*32kB (UME) 595*64kB (UME) 370*128kB (UME) 202*256kB (UME) 132*512kB (UME) 74*1024kB (UM) 30*2048kB (UME) 301*4096kB (UM) = 1596248kB
[  256.134494][ T6610] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  256.146089][ T6610] Node 1 Normal: 66*4kB (UME) 12*8kB (U) 19*16kB (UME) 56*32kB (UE) 28*64kB (UME) 13*128kB (UME) 9*256kB (UME) 1*512kB (E) 0*1024kB 2*2048kB (ME) 951*4096kB (UM) = 3908120kB
[  256.163595][ T6610] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  256.173203][ T6610] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  256.182537][ T6610] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  256.192140][ T6610] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  256.201482][ T6610] 48715 total pagecache pages
[  256.206197][ T6610] 0 pages in swap cache
[  256.210391][ T6610] Swap cache stats: add 63, delete 63, find 0/2
[  256.216820][ T6610] Free swap  = 124728kB
[  256.221043][ T6610] Total swap = 124996kB
[  256.225268][ T6610] 2097051 pages RAM
[  256.229113][ T6610] 0 pages HighMem/MovableOnly
[  256.233840][ T6610] 411492 pages reserved
[  256.238017][ T6610] 0 pages cma reserved
[  256.256792][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  256.263270][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  256.605505][ T6621] binder: 6619:6621 ioctl c0306201 0 returned -14
[  256.685701][ T4279] DVB: Unable to find symbol cx22700_attach()
[  258.270651][ T4279] DVB: Unable to find symbol tda10046_attach()
[  258.276860][ T4279] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  258.286975][ T4279] usb 4-1: USB disconnect, device number 10
[  258.494270][ T6621] binder: BINDER_SET_CONTEXT_MGR already set
[  258.539824][ T6621] binder: 6619:6621 ioctl 4018620d 200000004a80 returned -16
[  259.269828][ T6630] binder: 6619:6630 ioctl c0306201 2000000004c0 returned -14
[  263.001585][ T6698] netlink: 8 bytes leftover after parsing attributes in process `syz.4.623'.
[  265.931645][ T6746] netlink: 8 bytes leftover after parsing attributes in process `syz.1.637'.
[  267.032776][   T26] kauditd_printk_skb: 61 callbacks suppressed
[  267.032794][   T26] audit: type=1326 audit(1777630882.316:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.3.642" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  267.200346][   T26] audit: type=1326 audit(1777630882.366:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.3.642" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  267.377859][   T26] audit: type=1326 audit(1777630882.366:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.3.642" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  267.406722][   T26] audit: type=1326 audit(1777630882.396:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.3.642" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  267.513784][   T26] audit: type=1326 audit(1777630882.396:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.3.642" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  267.659755][   T26] audit: type=1326 audit(1777630882.396:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.3.642" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  267.929880][ T4279] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  268.008805][   T26] audit: type=1326 audit(1777630882.396:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.3.642" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  268.088070][  T144] Bluetooth: hci1: Frame reassembly failed (-84)
[  268.159749][  T144] Bluetooth: hci1: received HCILL_GO_TO_SLEEP_ACK in state 0
[  268.209688][   T26] audit: type=1326 audit(1777630882.396:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.3.642" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  268.230136][ T4279] usb 2-1: Using ep0 maxpacket: 32
[  268.287672][   T26] audit: type=1326 audit(1777630882.406:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.3.642" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  268.349909][   T26] audit: type=1326 audit(1777630882.406:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6763 comm="syz.3.642" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f927eddd9 code=0x7ffc0000
[  268.350325][ T4279] usb 2-1: config 0 has no interfaces?
[  268.489726][ T4279] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  268.498925][ T4279] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.587667][ T4279] usb 2-1: config 0 descriptor??
[  268.835406][    T7] usb 2-1: USB disconnect, device number 6
[  270.053710][ T6801] netlink: 12 bytes leftover after parsing attributes in process `syz.5.649'.
[  270.104095][ T6801] netlink: 24 bytes leftover after parsing attributes in process `syz.5.649'.
[  270.145271][ T6799] netlink: 8 bytes leftover after parsing attributes in process `syz.4.650'.
[  270.889088][ T1109] Bluetooth: hci1: command 0x1003 tx timeout
[  270.903591][ T4202] Bluetooth: hci1: sending frame failed (-49)
[  273.515524][    T7] Bluetooth: hci1: command 0x1001 tx timeout
[  273.771131][ T4202] Bluetooth: hci1: sending frame failed (-49)
[  273.938502][ T6838] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  274.565212][ T6848] netlink: 264 bytes leftover after parsing attributes in process `syz.4.664'.
[  274.610382][ T6848] netlink: 8 bytes leftover after parsing attributes in process `syz.4.664'.
[  274.679919][ T6850] netlink: 8 bytes leftover after parsing attributes in process `syz.5.662'.
[  275.924776][ T4279] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  276.138304][ T1109] Bluetooth: hci1: command 0x1009 tx timeout
[  277.109741][ T4279] usb 6-1: device descriptor read/64, error -71
[  278.171611][ T6879] binder: 6876:6879 ioctl c0306201 2000000004c0 returned -14
[  278.230177][ T4239] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  278.979862][ T4239] usb 5-1: Using ep0 maxpacket: 8
[  279.100051][ T4239] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  279.140403][ T4239] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  279.360521][ T6892] netlink: 8 bytes leftover after parsing attributes in process `syz.3.677'.
[  279.379775][ T4239] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  280.099735][ T4239] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  280.129748][ T4239] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  280.138894][ T4239] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.409924][ T4239] usb 5-1: usb_control_msg returned -71
[  280.415572][ T4239] usbtmc 5-1:16.0: can't read capabilities
[  281.183089][ T4239] usb 5-1: USB disconnect, device number 12
[  281.549778][ T1109] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  281.574723][ T6926] binder: BINDER_SET_CONTEXT_MGR already set
[  281.580989][ T6926] binder: 6917:6926 ioctl 4018620d 200000004a80 returned -16
[  281.590557][ T6926] binder: 6917:6926 ioctl c0306201 2000000004c0 returned -14
[  281.840271][ T1109] usb 3-1: Using ep0 maxpacket: 32
[  281.960091][ T1109] usb 3-1: config 0 has an invalid interface number: 83 but max is 0
[  282.034163][ T1109] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  282.200724][ T1109] usb 3-1: config 0 has no interface number 0
[  282.530054][ T1109] usb 3-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=d8.11
[  282.551065][ T1109] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.608902][ T1109] usb 3-1: Product: syz
[  282.624887][ T1109] usb 3-1: Manufacturer: syz
[  282.642768][ T1109] usb 3-1: SerialNumber: syz
[  282.693060][ T1109] usb 3-1: config 0 descriptor??
[  282.749956][ T1109] redrat3 3-1:0.83: Couldn't find all endpoints
[  282.954723][ T1109] usb 3-1: USB disconnect, device number 5
[  283.064293][ T6940] netlink: 8 bytes leftover after parsing attributes in process `syz.4.692'.
[  283.172339][ T6943] netlink: 52 bytes leftover after parsing attributes in process `syz.1.693'.
[  284.559103][ T6964] binder: 6961:6964 ioctl c0306201 2000000004c0 returned -14
[  286.158616][ T6971] netlink: 8 bytes leftover after parsing attributes in process `syz.3.705'.
[  287.213034][    T7] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  288.469982][    T7] usb 3-1: Using ep0 maxpacket: 32
[  288.611346][    T7] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  288.611376][    T7] usb 3-1: config 0 has no interface number 0
[  288.611415][    T7] usb 3-1: config 0 interface 12 has no altsetting 0
[  288.770722][    T7] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  288.770830][    T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.770954][    T7] usb 3-1: Product: syz
[  288.771071][    T7] usb 3-1: Manufacturer: syz
[  288.771160][    T7] usb 3-1: SerialNumber: syz
[  288.786908][    T7] usb 3-1: config 0 descriptor??
[  289.409994][    T7] f81534 3-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -71
[  289.452705][ T7004] netlink: 8 bytes leftover after parsing attributes in process `syz.5.717'.
[  289.461996][ T4239] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  289.494715][ T7005] binder: 6998:7005 ioctl c0306201 2000000004c0 returned -14
[  289.889848][ T4239] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  289.897917][ T4239] usb 2-1: config 0 has no interface number 0
[  291.473440][    T7] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71
[  291.504422][ T7013] netlink: 52 bytes leftover after parsing attributes in process `syz.3.720'.
[  291.556911][ T7016] tipc: Started in network mode
[  291.600155][ T7016] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  291.610108][ T4239] usb 2-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54
[  291.636796][ T4239] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.893058][ T7016] tipc: New replicast peer: 0000:0000:0000:0000:0000:0000:0000:0000
[  292.068899][ T4239] usb 2-1: Product: syz
[  292.081564][ T7016] tipc: Enabled bearer <udp:s>, priority 10
[  292.100976][ T4239] usb 2-1: config 0 descriptor??
[  292.257936][    T7] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  292.265905][    T7] f81534: probe of 3-1:0.12 failed with error -71
[  292.272478][ T4239] usb 2-1: can't set config #0, error -71
[  292.286344][ T4239] usb 2-1: USB disconnect, device number 7
[  292.292442][    T7] usb 3-1: USB disconnect, device number 6
[  293.102306][ T4239] tipc: Node number set to 1
[  293.521231][ T7043] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  293.717807][ T7045] netlink: 8 bytes leftover after parsing attributes in process `syz.2.729'.
[  294.225034][ T7056] binder: BINDER_SET_CONTEXT_MGR already set
[  294.231291][ T7056] binder: 7055:7056 ioctl 4018620d 200000004a80 returned -16
[  294.242893][ T7056] binder: 7055:7056 ioctl c0306201 2000000004c0 returned -14
[  295.901802][ T7069] autofs4:pid:7069:autofs_fill_super: called with bogus options
[  296.340484][ T7080] INFO: trying to register non-static key.
[  296.346362][ T7080] The code is fine but needs lockdep annotation, or maybe
[  296.353581][ T7080] you didn't initialize this object before use?
[  296.359843][ T7080] turning off the locking correctness validator.
[  296.366194][ T7080] CPU: 1 PID: 7080 Comm: syz.4.739 Not tainted syzkaller #0
[  296.373509][ T7080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  296.383596][ T7080] Call Trace:
[  296.386946][ T7080]  <TASK>
[  296.389907][ T7080]  dump_stack_lvl+0x188/0x250
[  296.394739][ T7080]  ? show_regs_print_info+0x20/0x20
[  296.400104][ T7080]  ? load_image+0x400/0x400
[  296.404690][ T7080]  ? cpumask_next+0xb3/0xd0
[  296.409239][ T7080]  ? __is_module_percpu_address+0x2a7/0x410
[  296.415177][ T7080]  ? is_kernel_percpu_address+0x143/0x160
[  296.420946][ T7080]  assign_lock_key+0x1ec/0x200
[  296.425753][ T7080]  ? SOFTIRQ_verbose+0x10/0x10
[  296.430576][ T7080]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  296.436608][ T7080]  register_lock_class+0x21d/0x890
[  296.441858][ T7080]  ? __lock_acquire+0x13bc/0x7d10
[  296.447013][ T7080]  ? is_dynamic_key+0x1f0/0x1f0
[  296.451917][ T7080]  __lock_acquire+0x16f/0x7d10
[  296.456724][ T7080]  ? is_dynamic_key+0x1f0/0x1f0
[  296.461613][ T7080]  ? mark_lock+0x94/0x320
[  296.465970][ T7080]  ? verify_lock_unused+0x140/0x140
[  296.471201][ T7080]  ? mark_lock+0x94/0x320
[  296.475653][ T7080]  ? __lock_acquire+0x12e8/0x7d10
[  296.480738][ T7080]  ? verify_lock_unused+0x140/0x140
[  296.485979][ T7080]  ? __might_sleep+0xf0/0xf0
[  296.490603][ T7080]  lock_acquire+0x19e/0x400
[  296.495149][ T7080]  ? gsmld_write+0x57/0x120
[  296.499685][ T7080]  ? read_lock_is_recursive+0x10/0x10
[  296.505123][ T7080]  ? _copy_from_iter+0x6db/0x1170
[  296.510210][ T7080]  ? _raw_spin_lock_irqsave+0x8b/0x100
[  296.515708][ T7080]  ? lockdep_hardirqs_off+0x70/0x100
[  296.521076][ T7080]  _raw_spin_lock_irqsave+0xb0/0x100
[  296.526416][ T7080]  ? gsmld_write+0x57/0x120
[  296.530953][ T7080]  ? _raw_spin_lock+0x40/0x40
[  296.535659][ T7080]  ? rcu_lock_release+0x20/0x20
[  296.540551][ T7080]  gsmld_write+0x57/0x120
[  296.544916][ T7080]  file_tty_write+0x557/0x910
[  296.549623][ T7080]  ? gsmld_read+0x10/0x10
[  296.553990][ T7080]  vfs_write+0x745/0xd60
[  296.558269][ T7080]  ? file_end_write+0x250/0x250
[  296.563151][ T7080]  ? __fget_files+0x40f/0x480
[  296.567865][ T7080]  ? __fdget_pos+0x1e2/0x370
[  296.572588][ T7080]  ? ksys_write+0x71/0x260
[  296.577043][ T7080]  ksys_write+0x152/0x260
[  296.581561][ T7080]  ? __ia32_sys_read+0x80/0x80
[  296.586365][ T7080]  ? lockdep_hardirqs_on+0x94/0x140
[  296.591602][ T7080]  do_syscall_64+0x4c/0xa0
[  296.596051][ T7080]  ? clear_bhb_loop+0x30/0x80
[  296.600760][ T7080]  ? clear_bhb_loop+0x30/0x80
[  296.605570][ T7080]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  296.611558][ T7080] RIP: 0033:0x7f5d1c82bdd9
[  296.616101][ T7080] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  296.635763][ T7080] RSP: 002b:00007f5d1aa85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  296.644218][ T7080] RAX: ffffffffffffffda RBX: 00007f5d1caa4fa0 RCX: 00007f5d1c82bdd9
[  296.652237][ T7080] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  296.660248][ T7080] RBP: 00007f5d1c8c1d69 R08: 0000000000000000 R09: 0000000000000000
[  296.668278][ T7080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  296.676301][ T7080] R13: 00007f5d1caa5038 R14: 00007f5d1caa4fa0 R15: 00007fff50daa5d8
[  296.684324][ T7080]  </TASK>
[  303.759809][    T7] Bluetooth: hci5: command 0x0406 tx timeout