last executing test programs:

8.238270112s ago: executing program 0 (id=656):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x7}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc010}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008840)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

8.03724715s ago: executing program 0 (id=658):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a0b0400000000000000000200000034000480200001800e000100636f6e6e6c696d69740000000c000280080001400000000010000180090001006c617374000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x88}}, 0x0)
close(r0)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x1, 0x8, 0x101, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6001}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x92dac3a34ea821a6}]}, 0x38}, 0x1, 0x0, 0x0, 0x400d800}, 0x4000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0d030004000000000000130000000c0009800800020000000000"], 0x20}}, 0x0)
sendmsg$TIPC_NL_KEY_FLUSH(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, r3, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xf}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000)

8.018797184s ago: executing program 4 (id=659):
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f0000000340)={'ip6tnl0\x00', 0x0, 0x4, 0x9a, 0x6, 0x38c, 0x2f, @empty, @private0, 0x8, 0x7, 0x3, 0x5}})
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip6gretap0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb1000000080086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000380)={0x0, 0x0, '\x00', @raw_data=[0x5, 0x7, 0x7ff, 0x5, 0xffffff01, 0x7, 0x1, 0x401, 0xff, 0xffff, 0x6, 0x7f, 0xfffffff6, 0x245a, 0x1, 0x15, 0x9, 0x1, 0xf, 0x9, 0x4, 0x5, 0x3, 0xfff, 0x4, 0x6245, 0x1, 0x351, 0x9, 0x4, 0xfff, 0x7]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000070000006b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002200b70400000200000085000000820000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = io_uring_setup(0x28fe, &(0x7f0000000080)={0x0, 0x0, 0x2})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r3, 0x11, 0x0, 0x2)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$binfmt_misc(0xffffffffffffffff, &(0x7f00000001c0), 0xed)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, 0xffffffffffffffff, 0x0)
write$sndseq(r4, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

7.762522711s ago: executing program 0 (id=661):
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$HIDIOCGRAWNAME(0xffffffffffffffff, 0x80404804, &(0x7f0000001000))
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0x158, 0x10, 0x713, 0x70bd28, 0x0, {{@in=@local, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2, 0x1, 0x0, 0x0, 0xa, 0x0, 0x0, 0x84, 0x0, 0xffffffffffffffff}, {@in6=@mcast1, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x4, 0x100000000, 0x8, 0x100000001, 0x6}, {0x0, 0x0, 0x2, 0x7}, {0xc}, 0x70bd29, 0x0, 0xa}, [@algo_aead={0x68, 0x12, {{'rfc4543(gcm(aes))\x00'}, 0xe0, 0x80, "302bfb77f11f8f3a600361cdd3d1df1c1f67bda3ddad7397ba934a95"}}]}, 0x158}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
getsockopt$bt_hci(r3, 0x84, 0x82, &(0x7f0000000000)=""/4087, &(0x7f0000001080)=0xff7)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00'})
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x800)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x6, 0x7, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x78, &(0x7f00000002c0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000300), &(0x7f0000000340), 0x8, 0x76, 0x8, 0x8, &(0x7f0000000380)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0xdb, 0xb2e, 0xffff, 0x8, 0xffffffffffffffff, 0x29c, '\x00', r5, 0xffffffffffffffff, 0x0, 0x5, 0x3, 0xe, @void, @value, @void, @value}, 0x50)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0xffff, 0x9)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x3, 0x2c8, @private0, 0x7}, 0x1c)
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="042ffd02000000000000060615fded070005ae"], 0x200)

7.521629766s ago: executing program 4 (id=665):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0ff1100001f79a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000001a000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffffffff55bb2007ee51050512da90b5b42128aa090a79507df719af36349f298129da4871307b534bf901115e17392ac66ad022186a8929d1c000006146001e04aeacea799a22a2fa030000c412f6cae80043eb27d53319d0ad229e5752548300000000dbc2777df1509516f06f1330cf8c3a8b1ff72e6127b0dd488318b5790bee7ebd4745b7cdd77b85b941092314fd085f028f4e09d63781987af2abd55a87ac0394b2f92ffab7d153d62058d0a413b217369ca8b6712f000000001b1df65b3e1b9bf115646914ce53d13d0ccacda1ef16fdcceaede3faedc51d29a47fc813ce3d32cfc7a504c271d6d6f4ea6bf97f2f1be2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804d4a69bf9bc5fa77ee293fbd165a5a68488e40b030166565a097b1b44b451de7940b0000db8db03d4b7745fef1d04ec633dee254a6d491b8496da787e814c4fdf0b4a387b4c8149d18c1020029a18986252a70f8f92eb6f0e8c7db000068fbaa2e2a27efd9104297f2c58159f02d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa909ac06b57479321a0574fb304bc2a1681989328c8ddc20ea011bf5742e0ef94234db1f00000000000000c20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b35f421c3552772ca7f3e2c25a65f75ca13fb7c8bbd6ff43cb78b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41aad8bda74d66f47cc17d8ba3eec0fd80f82c5f573c6d294d366505000000da0fde0745db06753a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da323947004cacadcaff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4a389485ee7af1f0387c93559653f50a471c69608241730459f012b060e7d23fd39206000000000000eb55d00162325ba141bd587cc9dad46de56ef907b059b99a79ae5498f6589880ed6eea7b9c670012f80cd6a1397953ba5870786554df26236ebced9390cb6941b8365d936a7d2120eca291963eb2d537d87cbb54e588ee5d6944ee4de5c183c960119451c31539b22809e1d7f0c7a06a9fa87d64cb77872a0aa9a104e16b3b8c6e64836ac3f32f53c9a2bae513464ca03aff14b9aa4bd9539f5096412b92012e095b84c202060098df3314f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c363000000000223201780200c6ed7966130b547dbf8b497af0a77f52f2cd39000000200000e81c23cf14156951210001c800000000001500000000000928ee53595a779d243a48cea769470424d28804c026ab7f4a5c81921e0128dfd70b438af60b060000000000000056642b49b745f3bf2c01808b6d7d748308eea09f0161b4735efbf3411738d6ee7aebf9ef40662d7836d252c566e1ee938a9a6804ed3a1079b0282a12043408cd60b9e53978c81839be0000000000456f7d2a42cb13da2022f23eaec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea394cd8ffd3d628293e591dc6f71c2710a7ea8a4fdc214e1cc275b26adfa892e6de9200000000e50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab50fe82d5a96b09c68c73de2f04f15d005387577f480000ea65559eb00e014df20fa209bcbb5c252b11a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cdfba05e3633c26d3927ae1beb065f5ac33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2b2bdc0af7c4c61241750d50515a59a3ad09e8802e8f4f535447dc0fc9d5f99a145dfcedad69da9cd4b75c624600e78f4458542b14f29611f95d4a318384eb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d583f436137a3c5dc714c9402c21d181aae59efb28d4f91652f6750b9195599d60c534ee8e8ff0755b09004c25edb85bcff24c757aa80900000000b6638c420eb4304f66e3a37aaf000000c42a570f0e9d76fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284df80e4636c25b96174326d82761c26e329555f9290af40000000000000100000fd3763655500344bae34347f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419a5c16e2055b8505809ed2ee9647c5d3b0000bc00edf5e9020c09ab004321610b857e8717974b633b21cb32f0e03280e09758bd445ab91d201782d656ab09f508bbbaca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92b32af00f191b66b6a6f732a91f0a2e9120be61e58c79d497247d278888901d44bf77e8246605a644e9e3d769db497c3960df05caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f3101985602688888ccb85c87b4f8ffffff7f000000002c331fca28541b7ca211115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000000102000000000000000000000027c9585c0cead5d619d18475ccde2857279a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77a23b0000e49666c464d35ca9b50f3ed3b3da8c17a23692759ccf5a205311b7d122532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769da52b3d42c68a3102fa1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e8918a0d6e2949affcacb5ba0a56aa063b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76b0d395832f1e2aad3e519f1634e8fbd8d31330d89069f9448a2ff93060ff073b3a113e47edf76f7d1b8b90bc0df4cfb0b9c8c80158b44ecae9420654f7016b0aac117087406d343e27b372d6027ab2aec8f2bcad7fe6bb932bc5751d2974e95455a277fa3b472bc7bbdd2ac5a1ea608e8137ace03361607cc1a84be659355629ab13ad49008c3fcfa2423439a3607961d5b59da48a0155e8e42cc13c702cc40c99cf86c2021d72f9f4ab1b00de555a5a39593c93871ff7eb5ecadb64837a2d88723ef65aa5152e3d55e5c66585e2112f5ec64b639a9864e57581b61f2b0960600000000000000265f091e7bce17d20604c5ab751773a5cf8a719a7ada06ed03832bf274707c7c970edc20f4a1eaa3b61045a20097208d03f7a146a6901913618738679d4e0af53eae997eecfa0dc3dcec19d3d9205450765d659200c92701ee75c8710470d9eb6f62c5c721883f1544ba66271c8dab05a933746c16b6e93294b561c6715a32a394ed1e6c01670c931bfa76c58c6f34d64e758a7a7f7d33c49336d4cba2cbb170ad7539a45774dfcc55257215c8ae719dc1c232fc6699ef01005887d04a543030b4328ab48744ac23ff56fd2da52eb9fb2eefcdd2d92d73ac1b111ea895e1fec36a3579879acfe366d393f1fa9cbe08d9ba57a443643e9cd251dc88e91a5e458e66ea1e822d55d4dd919a95eb4c25a08cb6e1070000003a0fd07a4ad9df240e00006aaa2db0dfe416146840d88bd08365e547c970e2983200703864a3b9c4682cb479dad6d34d211b05267eb1355520e9ec0c5014b0832f7fb35782fdbfcb"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001340)=ANY=[@ANYBLOB="240000001a000100000000000000000081000000000000000000000008000f00"], 0x24}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r2=>r0, {0x8000000000000001}}, './file0/file0\x00'})
r3 = openat(r2, &(0x7f0000000140)='./file0/../file0/file0\x00', 0x10000, 0x1c4)
read$FUSE(r0, &(0x7f00000041c0)={0x2020}, 0x2020)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f000021c000/0x4000)=nil, 0x4000)
munlockall()
mremap(&(0x7f00007fd000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f000021c000/0x2000)=nil)
r4 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x1a, 0x1313f, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000200)=[{0x4, 0x5, 0x3, 0x6}], 0x10, 0x1, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180200000200000000000000000000009500000000000000aa990ec5d76135970423351edc36b2d18a86f4f1"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = syz_usb_connect(0x5, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="120110010928fc10ac059102254301020301090212000100004000090484000003e102"], 0x0)
syz_open_dev$evdev(&(0x7f0000000600), 0x6828, 0x0)
syz_usb_disconnect(r6)
syz_usb_connect$cdc_ecm(0x0, 0x67, &(0x7f0000001d80)=ANY=[], 0x0)
sendmsg$SOCK_DESTROY(r4, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000040)={&(0x7f0000002540)=ANY=[@ANYBLOB="701400001500200025bd7000fcdbdf2506006400010010b7a216ac4dc79113ea40e4e9614d35df0896cd843d52e49f442831a3a5839539bc6359ba4cd64e3b2a60bdf9d317dd9c6ca133ee7b89aedd40e49b9b6533fc98284102d606ae880ecfda66aa231d5aba0eef818d27c9443d145028b25b9bfe0410010047d2e45d09d7d0d0c02e978e9c06c1727e688bd730bce9bc8fb2350d5ba7c2cdaa048ecbd325fb99467c18a415882b9082b8d4f8112d894f4eb073865c58a52f7e8ccd9e2b17aebed34c447c5e8564ed3672b4415e5471c2ce4d568b2196145ae762bacd7dc7c2320664f0dd4a6a02d443f47debf75b74ae91abc4a0231a7cf56c5b69a82e1657feff8f4055638b4ec6283681a312ada75229a4fd11e965798343c54d76c1d8fd2e7df169a5e623e41ecdedb0494077a01251612aa5e3a9fc9ac3f15007f4eb29b3ae4f112ab72509b538b2dcb5ba9d48d0ec447590898656ba8661c51f8e43144019e8a5e20e72b377b0314abe5502e371aeafee54f0103cbc6b42ebbaf89bcaed827350ef6ba154aac7d815d19f2b558cd018aa398c7744ff2bd1cf79ceb9617f60fc0eefdcc5842af337833b8378b85b0ec930e9addca0d88f0a0ccc4977f1e9865e86ecf0cad1084c394300235c048109be50aeebae6e64e5850cecc293c98708b762cb311416443de887d51c0fd50ef0a77282fbf6e551260b5c90fec6e5c5f491cd8b39e8fef8ef253f09662c4be6a27d505a09c258560ee5b0b9af5bfe459d5c2a9b503fac7b4d573df7782f05cec7850a171a8ef7ba15fcc449d52200dd034102be509cd9cc7ab7248092249894a83bd5c95162c5a1c56b076806bee45c74d5eecd933ff01372a3952315871843a12a9f47f8bbc07b09c31c8aa23e6331a68db78521754e8fa00b8613eb9c404d82bc2fb34826ee2bf90202768f98fe6c696c854b6c7af3cdad0811b4156a1f957bf9244ff1b3cc32b302075da12e9bd5b6c8d7206a3b036a1dcc1f5df5fcd38de767f42238561019da31974cd7f32cc5b0a04cecb4ad20eccd715d3da8ac4f58393dc5be72f4e2c049ccb45bfb18a81c8b084c870a26866709fb036dbe8816337668182ae3de187d84bdc46a2115ea1f33e6faaee06db08ec9c3270f0d201ecc92f4e74c31649994dd0724bbbe3a620c33b76255811d633aae93e7bca449d19188c7e126d9cc914627e3605297e9229823e8913954a028edd7470f1a15ad110e0171e7d7330dc234d9c01957fc12b595350acf866addd98d68ba0d5c024351b592d1329b2e1e101181f1127bfe154fee9d93e6e7d952db27ded5b8bc13d769ebb0dffd0ed2c335792f73289ff72aab397d21db33c2a52a7c64fdc05c6084a04985a41cc730a6f86fac088717f9c0e9550038575fc38d01d7f1ef0336782d80fddd5adad964f8ac4cbe9dea2bf70a2bb055482da184f71ed5f8cc0737d3b374b7e5bcf1fa64aaff157216c84de5af719d91fd5409f4b4e765b6c8bee8c72596f4de8395e55c4ed29514d6b0eaa2d7a82684f5bf186048a9d77d65dd41ca944952b3a53a5e4b676f89460a23e682890fc62356521b0fd7c4816b67ecc77fe2d0c51673439afcadf737d28801bf7514f2af6a2c0d3716e088108b16b7918601e17c1a4022ea146297ef892c03e27f022155f79590833707ea8ac9a571a59f97a9f72a725d38499ef3a193e53ebe7bf834dec09fad904dc2d7a81dc4963d26106e4c631c68d4ee822034408088639bc4b646d63c293e3d7e36987a321c72b3390e6c1130eca085b1b8fadaf36692cf7799e96962a6465358c65a55cf52ff9616a0a7a979971e555029d2d7ff29a9656f892a80bddc5b3568141ce29174bd4ab83d5904851f8d6005cec1974d1596dcf4eb46952a7049937d3ba00671145896f130e26449b4320c4209f2a331c0d95973b0d45a002d4485d1ce79854978e16e99bd862e3c8036f92755493e30d10ddc690203ac10222308ac3bc0fbfa970fdf94e085a351783f9caf746618b0d175cce80d14347d95a408789c468271e9a72c5094aa1cd9bb694fc84d126d29f8088ec230cde0bbabb2d8728bcae8a200546b8c06354fa776e09e10f7b069361c9350dca6a35733a2d3b2c80f89ee4ddd8aa7ec79481809d8575c4d90b78a8dad1b870328abfff817c5f261d996d092b0796a38624ac96671780a89d2f5cd7d6f4a2a414f1dc884ac5ac480cd8ecf985c892e06b80ece9d850c022dd7c12569a96d7e340d3d915ce5e31a62dcbfb19a848dc35cf1c8a16f03d4423fc9f93ef19d0b63c1a2852a91eb38292b1801beaa69948dcd2b96904bfa91ef84e7418f4d975d91df364f84834575ebe08d0b11fc189833735ee08641f67e72db424f97abe43ae688ba657a636ad8884587f2cbf5f29c09153bc1b96fdce00b7702e350a6586c313c16b8006ff4ca41144af9ff59f077eb5f8746402456a85fd0aa5e52e96176685d3b71625ddf8cc0262083c620c8a3953159c0e37a1eb73549b799b6f12f5c8dc84170dea88c105f47d7595dfc324db331fb521d5c306164e5036c7c0e502c729f1623e976f7be3be132efba64bb955a988eb33a30599bdce5b40d0e58fcf74de44d8f4bf8dbc28b38c652f441db5da78ca01f6e7dfc6b95d35cb7b3172d53055c455a2b47b6572c08991ec890f1332103694bfec2b0418953fdef01e854cf0316f8ab536ca62ffa04a1c9d2040be115ce393bd5a411a67ab9a225592792f48c1eb9f30bf68b89fcad7c49c106000000000000002e95771b91382a238ccf4b0fbae995c2e6b461b2daf0872cc987c705eec245f480a6eef2965d88e94b67cde1ed62345762485f559a90a558eaf9410a49e2dfc2da9d7c3c358c38339896948ba2458e3e791e2630d290390a9f995bad22735e499911dcd8ad5a44835505c10fe3fedc0dc90e09d4f0b0ec0e7d62bcb878d566cb5f5795ce32919b25d6f70b72003ce5e6dd030b63ec6ea25bece2a3e4c72d65992350380f1cef50dfa25c6360cf379f178643efcd6e6a2c4a6491978b68a60fc19cc0c0e1fefd679c37da1b74712131d0ab1c75c156e1cd885d7282d5bc25c648d979a95dd1c5c7327c728915230cca98ba872c08577854bfddb555507de75b620ecbcdc9c6a6ba3b5eb6673cce9b95b09a66bfa33392f6d58c215c193a517ae1bc78a3e6991b80d5c42619a73c3e47c93af591cf7fa26f8501e49a403fcee8754ee1ba3a98ea28503d25dfc9c5ae5d422db225c1c327582e2535a0a9c664fffd1b5a299e32b5e0df630bca98c4da73ce3e6352f02366d49e74ccf020972a3f0063716ed97e4f03d670f4cb1af4e937c4aaeb18bcefb558bced798c3dcbc11f5f049539551a8524948a49706b26380b0d2533af80e7764c4c11ef0f945b2155fc48e8a8d5d0dae73b9b900336a28b8f85b95bfca113edb7cc57cd34b302245b622946f95a7564f0258454c066224b70bf249b05e12324b9080ed91915b5437b4895261c00650e2c6bec30bab296d812a31966f7d563e46e4a2c91d86aa5199a5860dcf012a12393df295b247311e6a4e788ec72a88763ee85e0a53ce7e07713ebdae1704a71a4fb9618f571b8fa33d9df00d7de67b6e1abd355b751f534e45d8bd8a4cdb6faee4be4fe71445b935c27e6b17c0c038fb9e2a9672a11b95a09cff4742c55e84dab4f200541adde82cb81a248c2c7096a24a7edcfb1ff14fdd3ac116126284d4928e9f05381052f835900997d2bc50be55490c42de6f692df8582a41e010c5cdb2cf9a251d3fff393372e1e0b52bc9885bce9659e57497c0b0857efdd4e292e32af138ec3623f35efe80b396634a9e5c918bfdc082739879387e4940f5dab22d174035b657239e84d555b018c84f38b6b915890fd84bc2258a59aaf64d948f6d2ca80a62448064a8bd7e94674d59d47f36eabf151ab30e198d82f7e613149446d4f956af76abb60f4aa10ce7306e9c7c3c664d84c6e46ef9f5596e8aacda1a40d701d0a8abcf41f91ca95f8f297480049f1c3d8055a8b7fac0d3de35e5562a61f108fa6d080d14df7a2d20aea06fbd58abd315005a081edad6b41cf8303fd5ff39275e512ae7bc4c35a16d9c387e8eb75a1570f25f32bcc9482571bf3a7caf7c0c634f3cff87eba6c5253c00870f12fc2b0ca6d6e42f3961dd2389290792c3be78892595969713d6642cd01daf50b19e48a6b000750a00bf60f4810cf9f89c46bedad4a2578935fbf9f940ac8bede93981ec0154b75079509a252a3ea3459c36652cdf42000bb5eaee82b530a607a5ce38a96d87359fc096fe73a128c6e3013abe39430461112532c0997531a67126d682758a444108071a36ff3a5f490074ed6f03151090620dcc7b2f9af4ea2a304897cbc4a9b63279a392c22f6d4e2a9e924dcd0ed342ace9c6651f4c5d0d0fdea0a0e95704c0c68b1c50b8dadeb5a506d7a8654494676587c20864b41a7626ab3419f66ca9c64a4b0a920e5ee7e913de3d9c18655806a4fbe28bb68089700ab59b1a3709c1de0b1d9c43c47c8ec5d593fdb12d1d0af1b2176629f7481545783975f8f76610b587d6e1112542e2802435441cd7bbe820c802364f6a9c63b94aa6e19fcb1db311c0a72e54143b20cd51bb9bf92c012e94a699acd38c15ef6a7ccdf804fb86b4b6a7dc76705d708a2348fad0bf7185a3bb38eecf17a21a0473654f92b6bbf9c587f99a5da119da7b1c589e4e16c83be167df9cdc7fe717f29e81b72e02f802fd6c529798261625d88979875cf0a22df92a2adb372237297cc722a9d58cfce2299650c677595cf56f61a156a3aa0798dda086c5c5bd5d900b4d5221433de5ea0b88d66f8d2b66ef50f490677245eaaf1879184357a3e19d885c69287d49d9a8bb00beafbcc659fc75dfaa7cb6a414a401def2ea97b964631cee832e4fd0d63d6703109cee1a36ef88451b77629d5748910861d40c928ec17b611eeb9f698dca1b2add814a5bc129c6d058c6b344eef81d3b0d677c539024b23fe05de6a8a002e54dce1866c05ca52d723e2b36813a912d4bda8e30a3407b2fead4d733877f820abdbbe84fc398bf03fd0fbbfe7d9b6e515ebdf58446e1c66668f592202a282ce331d13027019a25bb383ac81c5ad23a12f9124d762aeb56cbd02f37c0066e295388fab1c9bac35ff06fc85d580ecff1433abb839700de8e9bd09887d929244bd9e5a7a10cc4e7ace90bb24f804653068a7d86a2dabcb65bd98b24d8ff3dfa84554ae2bbd629d34eebb2fb0b663a48bceb67ea8504cc12b70985ae5b1d9ffb1964d86a0f3b40943328c1f56ad6a5257a94dc9ad29542de5165aee05f816909f11eeb437c661af166ba9f3f4c87b7cee5d0c016c01d00ec4aa9d195f3e0ea4eb0d62858a9ab30d01efa97d3ee0f03b5baf4a75524325e1871eaa5aba4243df74b56a512cb9f65e632fb541028f41b4357a2c2bfe237ba5ffc784ea3f15bc98b4e7011f5ec49a8821293b814918b4c3b46b199db7e03a317798027f632cd17d196f0bad588bdc3ab757a14db0fe7318c11d48c77b9c97bc4c7c365af5b14140895793cc51924a0eb499af46ed69ea15505b3b9728410e3dcea4b6ac2d05278594062dd052ec8f0d29ed5430281d9a15bf3be701619ee0d5350060e5cc088632c72433c2e51ee61c17228aadc51f51528d8b9fbae3fcc98e09f807ae34898bc9f20f36b3c280dfc323f45f61662a56c08126a272eab2047b879b323c7ac86515089e69f7fd386770d522a444e4c97f58e508fc902f0631f93ed0d7dc613bee5312cce0534434e694d90b7061d1e418b769853b8792f5e2e2761941a4fbf8281e55e8280540a4df8d416dcd11567364ab1a8898d89724fe9dd445274060b3a3b4f20947fa2324e604844fbbe533cc3f7b8fed2cb39062bfe3edb504efc1e8756c386cf8074c78d622ad8c4d311add8af7260500010067000000f40001000b6ce484784e9a985ab0998128622df2b34b26c49851a7b49b447ae7f048ad29847cabf7ca931efd4a16d43bfde5bb4df58646facfebfb562bce05d42c132b58b196102be619caaf4b445c9ab32ca738efbc3199e7a0e16e4c4481bba7adf15909ff06d5d5ce2d4d4f396942cbf992e06e7d8af6bdc930ef338e9d84e30f752bcaf02d89cb8d45fd60968e7d9862ccaa34fa7659e874b7c85739734ef4a4f84d1f0d366c7674167c62ea950710b2a437df862c4f65184fb97c0e22734a31ff8c7dc2662150effe643c7f9a3e49066d232eaa762876abb430fa3f586d86c02313a3f7077e03fa0001002ac71dd5e932778c47d6753fdf27bea238c01e2390af9c72201db3bfd7fe21302fd5c9d2489c018b8eff70ccba3271f1dd84ef529c1b34a14620424599f4bf462fb5b997930a95f296fc8d7eded9c7217e4664e068b41b1a7c156e02f14bc30e5ad9ed19e81246e131cebd83c25f6a3a8d717b7532d6ebd0ca8b6fc83aeed7376c10228439c92897ea78103415178102302e6510b56b1b43a9471057bc8eee71994d71196d337924b7149580543314580e5c5c85c10a9660a0afa9f6de6bc92425536f2b947f5b88ffd28b7db5e55ae7cd6e8088c6dc236af6cfbefe57b60c3d28a44470d0645924a10fa402ca4590c3cf25dee07994000018000100396c82d14e4f69363c5547f2ffa721f2940f6bd8ba00010043ce00ab828fc7770055c6365df368b8f0fc26c4d2a5c91ff9445515da4d2204813557ce7affb9e7e602539d67dc08a00af589bc8c7ab292fb0bbf05d86624e03cb0cf21f4b41d224dedb780aed8fb92bd840a888152866a995da6b589869a117574d3e41ae4485bb011ee28b6f65c231e98f94e071bc00581f534b726f6bf36afe3e4dfff572fe5027d585cfd6be5e17e469b5bde2083a3a8b821e492cdb4215f205da6d1c61a3cd4f5c65aa1dd4068b787baaaafb00000780001008cd86e5f624e666cc36f3bd2f7a231c60160f643661928bf00ad32e6539020381a703bc192e2f02f54a16360d30d5c31f18814730ae964cff8f66c73dfd0c5f248b656498bb36974be9e557ea472e84dad8d3ec9e3933319fa3b0bd59a73a0f836ea702b1e114d16c237e248ba378e5b83fd7cccae000100faf840538814c07b7fffa789f8266873e04a8925d3dddbc2989c6d83864560d3dcdbc485aed6a33e889805dda1be485851a79ac8337088d2229c9d037344b1d416ba4c8e95de7b521191c465b93b94a10f804cb1abee4eba01552946e0725edd31f70681c4bd3c662000fbfa5c095dcf6c46b102910efd7be0fa0291ef1b2a93258476626742d0d4328f5548be918b9b2e0979b0b32c3981122a73e99fa3eba60993f9c6a297f64dc777a1d886bdd528d197d7b6cc1200000000f075937cee4f8167bb4ef550719cf5ada4e3d0842ff54c9080eba8a2465b7a5b1ceeb96e7b28bf0b71ddb57be85c6f9d872844e1fde550d184f2f63a381489e24264ab465932817a4b610b3a76514e7df854983e63fb5045b4eb7939839ba57f748aba9791bc305ee89346ed0f08c18c3fc7a80257c4039295a5b01ed0fdbb26c4cb36ad8bd4ced7c840edb6342959e21a27de172d3a642c4305704abebc377e6f65bb55b43bd2450eacea8b0e26985b4d8ba4ffc9c30bffebc03522bd9345b52cca0ec6e011e76a87ceec4000ac94c45e1b5c714f5b0cd4c30de04a2354cb44b9c8315d347741389c7276b02432e5c7b09821ea96b020dc6a903188c54dbbf758ad2ba4c5a01f69f3a831ec1f720088fb45478ebc69ba32b9c7fa70c59fc8df5418e500"], 0x1470}, 0x1, 0x0, 0x0, 0x2000000}, 0x4000)
close(r5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)

5.633492929s ago: executing program 2 (id=674):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100000000004032150e0100000000000109022400010000c00009040000010300020009210000000122050009058103"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$printer(r2, &(0x7f00000000c0)={0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="2007f1ff000006040000a966"], 0x0}, 0x0)
setsockopt$SO_TIMESTAMP(r1, 0x29, 0x6, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x64, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}]}, 0x64}}, 0x0)
utimensat(0xffffffffffffff9c, 0x0, 0x0, 0x13)

5.370108382s ago: executing program 3 (id=677):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x800, 0x0, 0x8001, 0x8000000, 0xfffffffffffffffe, 0x0, 0x4}, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, 0x0)
r3 = syz_open_dev$media(&(0x7f0000000000), 0x2ec4, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f00000000c0))
write$dsp(r2, &(0x7f0000000000)="81", 0x1)
close(r2)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, 0x0, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x2, 0x0, 0x40, 0x0, 0x0, 0x6, 0x44a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x180d, 0x80000000, 0x9, 0x0, 0x0, 0xffff82ee, 0x2, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x80, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x7, 0x0, 0x3, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5]}, 0x45c)
ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0)
readv(r5, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"})
r7 = syz_open_pts(r6, 0x141601)
write(r7, &(0x7f0000000000), 0x0)
r8 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r8, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r8, 0x0, 0x0, 0xfffffeffffff7f7e, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendmsg$inet(r8, &(0x7f00000001c0)={0x0, 0x62, &(0x7f0000000680)=[{&(0x7f00000006c0)="c72e5e81d243ce4577fc96744f9952ebf6b1a2568391a429da5d76852a69457b832ab4e06adb1475c56671942a738e3763abd5086a6951f0fd52d26655a69328af65084e57b5cf0af353b8965a1fd4cfe8680d88d8d6c01aa70ac252bb4f1ac8fc99222b01e4117b810eb20d751c8b4863f74ca525d74f4351fe", 0x7a}, {&(0x7f00000005c0)="69d08a31962be11fafbb02ada76fafbd64afce32c81d45b5ca979e0ee3ad203934db54b8d64845ae59f1efd915c82a92a6f1063def6f895eaae9113e843d58b6a6b7dcc2fd5133ad9f90ca1dd24d75a4178ad0c67f6cb4ab8af08b3e5b907d5b7688cff5af0490c2b709e2e3ddc839cb4507a054e029d03726", 0x79}], 0x2}, 0x8080)

5.323929622s ago: executing program 1 (id=678):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x800, 0x0, 0x8001, 0x8000000, 0xfffffffffffffffe, 0x0, 0x4}, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, 0x0)
r3 = syz_open_dev$media(&(0x7f0000000000), 0x2ec4, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f00000000c0))
write$dsp(r2, &(0x7f0000000000)="81", 0x1)
close(r2)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x2, 0x0, 0x40, 0x0, 0x0, 0x6, 0x44a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x180d, 0x80000000, 0x9, 0x0, 0x0, 0xffff82ee, 0x2, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x80, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x7, 0x0, 0x3, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5]}, 0x45c)
ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0)
readv(r5, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"})
r7 = syz_open_pts(r6, 0x141601)
write(r7, &(0x7f0000000000), 0x0)
r8 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r8, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r8, 0x0, 0x0, 0xfffffeffffff7f7e, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendmsg$inet(r8, &(0x7f00000001c0)={0x0, 0x62, &(0x7f0000000680)=[{&(0x7f00000006c0)="c72e5e81d243ce4577fc96744f9952ebf6b1a2568391a429da5d76852a69457b832ab4e06adb1475c56671942a738e3763abd5086a6951f0fd52d26655a69328af65084e57b5cf0af353b8965a1fd4cfe8680d88d8d6c01aa70ac252bb4f1ac8fc99222b01e4117b810eb20d751c8b4863f74ca525d74f4351fe", 0x7a}, {&(0x7f00000005c0)="69d08a31962be11fafbb02ada76fafbd64afce32c81d45b5ca979e0ee3ad203934db54b8d64845ae59f1efd915c82a92a6f1063def6f895eaae9113e843d58b6a6b7dcc2fd5133ad9f90ca1dd24d75a4178ad0c67f6cb4ab8af08b3e5b907d5b7688cff5af0490c2b709e2e3ddc839cb4507a054e029d03726", 0x79}], 0x2}, 0x8080)

4.621430985s ago: executing program 2 (id=679):
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f0000000340)={'ip6tnl0\x00', 0x0, 0x4, 0x9a, 0x6, 0x38c, 0x2f, @empty, @private0, 0x8, 0x7, 0x3, 0x5}})
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip6gretap0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb1000000080086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000380)={0x0, 0x0, '\x00', @raw_data=[0x5, 0x7, 0x7ff, 0x5, 0xffffff01, 0x7, 0x1, 0x401, 0xff, 0xffff, 0x6, 0x7f, 0xfffffff6, 0x245a, 0x1, 0x15, 0x9, 0x1, 0xf, 0x9, 0x4, 0x5, 0x3, 0xfff, 0x4, 0x6245, 0x1, 0x351, 0x9, 0x4, 0xfff, 0x7]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000070000006b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002200b70400000200000085000000820000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = io_uring_setup(0x28fe, &(0x7f0000000080)={0x0, 0x0, 0x2})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r3, 0x11, 0x0, 0x2)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r5, 0x0)
write$sndseq(r4, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

4.556737647s ago: executing program 0 (id=680):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB="0500"], 0x48}}, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
lstat(0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = gettid()
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'veth0_to_batadv\x00', <r6=>0x0})
setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f00000006c0)={r6, 0x3, 0x6, @local}, 0x10)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r6], 0x20}}, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f0000000dc0)="388ba770da93fd1a3ee15ea38a0697d02259057b8d2dac7e26b78fa9a3916297f8313f09bcd7061d32fd51e6261e2512ea759f45755ec05df8a5dfb62ec2f15bd719c17da4628b1b2f2dee7cb2e089f9ebb19bfa282765eb4f06a5be3d4cbcee3dd7e50ef31f4bd7cb7c8c9797c3810e7d6f2af380622795817d0938d68025979d0267fdb5ce13c5b52f4a2ccdbd815d6c3f32d383e2326835d7bbba1fceebbc33c4527f007732ec2bbf0947452ec138dac5c4862da1487114118613d41b8fc103eed5bc4dd9055ba74cba38", &(0x7f0000000ec0)="7a1b44af124c37685c7a780930efb403eb940d9074b2d1aff4356dcf89d0885654"}}, &(0x7f00000002c0))
fstat(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
statx(0xffffffffffffffff, 0x0, 0x400, 0x80, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140)={r3, r7, r8}, 0xc)
syz_pidfd_open(0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000340))
setrlimit(0xf, &(0x7f0000000000)={0x1, 0x3})
prlimit64(0x0, 0x7, 0x0, 0x0)
gettid()
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[0x0], 0x0, 0x0, 0x0, 0x1})

4.468842874s ago: executing program 3 (id=681):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0)
write$binfmt_elf64(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c461c02f9b7ff7f000000000000020003"], 0x78)
ioctl$SNDCTL_SEQ_SYNC(r3, 0x5101)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000)
link(0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x4004)
bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x218, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)

4.45653949s ago: executing program 2 (id=682):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000005fc0), &(0x7f0000006000)=0xc)
r1 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x4004004)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, &(0x7f0000000000)="0000000000000004ff6943b800000008fed2f4f6174e98d5c850dc00000028f2000000008607000000ebcd1f", 0x2c, r3)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0x8, "9e3ce079"}]}}, 0x0}, 0x0)
r4 = syz_usb_connect$printer(0x6, 0x36, &(0x7f0000001040)=ANY=[@ANYBLOB="12010002000000102505a8a44000010203010902240001090cd81409040010020701010709050102500006aef8090582022000079f03fe703e97551c18ede6ac733e0bd5329e5e6e6f1b52fff6952d3b3c87794bfa"], &(0x7f0000000300)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x7f, 0x9, 0x9, 0x40, 0x22}, 0x38, &(0x7f0000000100)={0x5, 0xf, 0x38, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x0, 0xcd, 0x8000}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "5a1f716338792a2935fe98b789e5055e"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x24, 0x49, 0x13, 0x7, 0x5}, @ptm_cap={0x3}, @generic={0x7, 0x10, 0x3, "9014ccbe"}]}, 0x3, [{0x9f, &(0x7f0000000140)=@string={0x9f, 0x3, "0e52c41d50da92b4c6643df37003c7e4569b06762183c5eece73b5c07220f59a064faa55b50d2aa5d130dcc3db8f8be57ea850c04f1e54a0f02860d3aa7838f49f74166293a674a0cc5a50e47003e0c38f26947cd05e1ffe3f485b97ff75b02e1f20bbc4b0b6450b5191af9705f2e9050f80b154dfaaca43c33993a3a48aeb725d5ac8f56fab5c623479e79bc5382e7f659c98806cbe041cc2dc76ae58"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x83e}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x820}}]})
syz_usb_control_io$printer(r4, &(0x7f0000000440)={0xc, &(0x7f0000000340)={0x40, 0x23, 0x9c, {0x9c, 0xe, "c779b5917a65c6736d93a969d36a935139e716d67b51c0208d0de9c595b2de747c3c301905c292f6abb638187e4e6e9c624063f8ab02575e46eb35028be462657b1ee84ae12b5849924846700ed75d68a40b7a75bf4e2c0cad248b4100deeadad95bd8bbee9ab266f14b91c4d96c60c98b128328d2d765040cca4ec097aaf68355871316c5e24ca45254b7f03124095984e659fe44bf41380d43"}}, &(0x7f0000000400)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44d}}}, &(0x7f0000000700)={0x1c, 0x0, &(0x7f0000000480)={0x0, 0xa, 0x1, 0x4}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000500)={0x20, 0x0, 0x10, {0xe, "7a5e14de1e76a2fec138d517e263"}}, &(0x7f0000000680)={0x20, 0x1, 0x1, 0x8}, &(0x7f00000006c0)={0x20, 0x0, 0x1}})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0086426, &(0x7f00000010c0)={0x0, &(0x7f0000000f00)})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0500000400000000000015000000080003", @ANYRES32=r7], 0x24}}, 0x0)
syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000e40)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xde, 0x60, 0x0, [{{0x9, 0x4, 0x0, 0xd6, 0x1, 0x7, 0x1, 0x1, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x0, 0x3, 0x2}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0x80, 0xf, 0xf7}}]}}}]}}]}}, &(0x7f0000000f80)={0xa, &(0x7f0000000e80)={0xa, 0x6, 0x201, 0x4, 0x0, 0x3, 0x20, 0x40}, 0x1a, &(0x7f0000000ec0)={0x5, 0xf, 0x1a, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x10, 0x4, 0x5, 0x7}, @wireless={0xb, 0x10, 0x1, 0x4, 0x95, 0x4, 0xe2, 0x9, 0x7}]}, 0x2, [{0x40, &(0x7f0000000fc0)=ANY=[@ANYBLOB="4003606e68883e58d1185d616c177ad811f0f28a20e682d86530587f1b9aba112fe332b3d682e0"]}, {0x39, &(0x7f0000000f40)=@string={0x39, 0x3, "39f3486f1a704d9fc37d40bf2c418c441f3eee5650c2b41149444a0395adcd486ec480ee88de27e21abed1eebc6f92112815cbd29164b8"}}]})
r8 = dup(0xffffffffffffffff)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000580001c0"])
ioctl$TCSETS(r8, 0x5402, &(0x7f0000001540)={0xd5, 0x80000000, 0x2750, 0x9, 0x6, "1badf6b449701fa92086c4bb3fc3d8b8554a58"})
r9 = syz_usb_connect(0x1, 0x24, &(0x7f0000002280)={{0x12, 0x1, 0x200, 0x5, 0x92, 0x2, 0x8, 0x681, 0x5, 0x56c0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x7, 0x3, 0x40, 0xf2, [{{0x9, 0x4, 0xfc, 0x8, 0x0, 0xa, 0xf4, 0x77, 0x5}}]}}]}}, &(0x7f0000003600)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000220edf104c05c10687c20102030109022400010000000009040000024f6996000905c6d60000000000090502"], 0x0)
r10 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
r11 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fc00101}]})
socket(0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r11, 0xc0182101, &(0x7f0000000300))
r12 = syz_usb_connect(0x4, 0x101, &(0x7f0000000740)={{0x12, 0x1, 0x201, 0xe2, 0x10, 0x95, 0x20, 0x2019, 0x3220, 0xb9d2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xef, 0x1, 0xa6, 0x9, 0x10, 0x37, [{{0x9, 0x4, 0xa8, 0x0, 0x3, 0x3a, 0xf9, 0x81, 0x8, [@hid_hid={0x9, 0x21, 0xd7, 0x3, 0x1, {0x22, 0xbf6}}, @generic={0x95, 0x11, "d2798a83067255923125ac3df4cf6ac9b1cfa1be01b4ced2ae09f9248d208e8358daf1da01fb58ed12f41e712caf26fa96f7d0e9025437d61daed892e285af60e901461937791626a7de13d97cbfa80c99b6a0d1da9af72f6f5805642b7152f4a95a6084e07aa5bd2df9c6d6f479c1b12c8aa05075ff3989857468759d4a303d5f812e9b08a86075adc4f15d258e84795b2adc"}], [{{0x9, 0x5, 0xb, 0x0, 0x20, 0x3, 0x0, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x1, 0x7}]}}, {{0x9, 0x5, 0xd, 0x2, 0x3ff, 0x6, 0x80, 0xd, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x8, 0x1}]}}, {{0x9, 0x5, 0x1, 0x10, 0x200, 0x1, 0x2c, 0x0, [@generic={0x16, 0x23, "877d3de3359d3d0f19a3d43c952fb160d458ba6a"}]}}]}}]}}]}}, &(0x7f0000000dc0)={0x0, 0x0, 0x21, &(0x7f0000000d40)={0x5, 0xf, 0x21, 0x4, [@wireless={0xb, 0x10, 0x1, 0x2, 0x21, 0x9, 0x80, 0x2, 0x7}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x0, 0x7, 0xfa9d}, @ext_cap={0x7, 0x10, 0x2, 0x18, 0x0, 0x1, 0x8001}, @ptm_cap={0x3}]}, 0x1, [{0x4, &(0x7f0000000d80)=@lang_id={0x4, 0x3, 0x1401}}]})
syz_usb_ep_read(r12, 0x4, 0x21, &(0x7f0000000e00)=""/33)
ioctl$HIDIOCGCOLLECTIONINDEX(r10, 0x40184810, &(0x7f0000000040)={0x3, 0x200, 0x3, 0x3, 0x27, 0x7fff})
syz_usb_control_io$uac1(r9, &(0x7f0000001280)={0xc, &(0x7f0000001140)={0x20, 0xb, 0x40, {0x40, 0xd, "3b2b0af579ad44a72076dcfab9608d8fd2847d4e93f050f1c1a1d87af854134bf203725dee5f02c26797e6fa7b83c84c918afc9c1ac017ecda7637e51b19"}}, &(0x7f00000011c0)={0x0, 0x3, 0x98, @string={0x98, 0x3, "6d172616266c0956f3e9a64b2f5780f9e31e928f7431989952186cf7c4b53ec41f50d030308903e444e3ef9d6aedfc4384e72b4d1893a41a6506b9463fa4123940737e4b910a7c4cb9d20dde38998592b4023375abac227a95fd2200d22dad6f95e544af4011084eab421c28871211b7a6d8fb7d1080b32f35cd39ef0784a47829bf35fc91b364247919a04cd8b92bce3d8b18dd6565"}}}, &(0x7f0000001500)={0x24, &(0x7f0000000580)={0x0, 0x14, 0x76, "e6c65f596e284b28f5645462137049ec7fbf1570c066b5112856fd7ca67c1b86459e6e958938af7b77db43747b953cb40e5e38b2fec315aaa3c5049b52804cf45eb97900f9a99356b57f636ddb844ee1ea23a8e96f4c2ad303e3fe3013eafab487af9b7960cceaaa4f85814875b30e0481aae53001ec"}, &(0x7f0000001340)={0x0, 0xa, 0x1, 0x10}, &(0x7f0000001380)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000000600)={0x20, 0x81, 0x3, '\x00A\x00'}, &(0x7f0000001400)={0x20, 0x82, 0x2, "844c"}, &(0x7f0000001440)={0x20, 0x83, 0x2, "f13b"}, &(0x7f0000001480)={0x20, 0x84, 0x3, "b43246"}, &(0x7f00000014c0)={0x20, 0x85, 0x3, "958758"}})

4.257260905s ago: executing program 4 (id=683):
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0205710, &(0x7f0000000080)={0x1, 0x0, 0x0, 0x0, 0xb7})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xc)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x1c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, 0x0, 0x0)
listen(r3, 0x0)
syz_emit_ethernet(0x8a, &(0x7f0000000300)=ANY=[@ANYRES8=r1, @ANYRES32=r3, @ANYBLOB="503db27be49ce21181f7a4aea05199f3b35ec36f02217d6423c4509afcff404261ac8fcdded664dc3eab35497879095b0853cab334b5dfb91990526570836c5fedf50de844916d4cdd5a4a995a38b8ea3c4ac0f1fbe401cb1eb50d1d856234b9067de9e16988e1831f8e802947a19a09c64f3033dbd59d", @ANYRES32=r3, @ANYRES32=r0, @ANYRES16=r2, @ANYRESHEX], 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r5 = getpgrp(0x0)
fcntl$lock(r4, 0x25, &(0x7f00000001c0)={0x1, 0x4, 0x2, 0x20, r5})
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r6, 0x84, 0x7, &(0x7f0000000080)={0x5}, 0x4)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r7 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r7, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4)
setsockopt$packet_tx_ring(r7, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
r8 = socket$netlink(0x10, 0x3, 0x4)
write(r8, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)
r9 = io_uring_setup(0x191a, &(0x7f0000000000)={0x0, 0x761, 0x10, 0x1, 0x11cb})
io_uring_register$IORING_REGISTER_BUFFERS(r9, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
r10 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
fcntl$lock(r4, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x7})
fcntl$lock(r4, 0x25, &(0x7f00000000c0)={0x1, 0x2, 0x7ff})
syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f00000000c0)={0xd, @vbi={0x8313, 0x9, 0x7, 0x3225205d, [0xfffbffff, 0x3], [0x4, 0x3], 0x1}})

4.053916589s ago: executing program 4 (id=684):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x7}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc010}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

3.859018228s ago: executing program 4 (id=685):
unshare(0x6a040000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
renameat2(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file0/file3\x00', 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000180), 0x10141, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x6c, &(0x7f0000000080)={@broadcast, @random="9d6f61fa0500", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x2, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @broadcast}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, [0x0, 0x0, 0x0]}}}}}}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000106d049cc20000000000010902240001"], 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
unshare(0x6020400)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a40)=@newqdisc={0x14c, 0x24, 0xbad689febb22c699, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_STAB={0x104, 0x2, "1b0d9e59b96aa56231d6b2733a884915292b46f1e0738572cac4714168804b555b57fabe9def50e59cd40fcb3bb5d8897e32fa2bef29cf699de9f218957ada1e5010f7c7fbeba418dbdce7fd0cdcfa2af5d0cfae8f523d47449a0f7994d2697f3547856336ec2e1dd70e7af4cd9ffd0c0214d0feed7b1f64d6c1a7cce402b4e305618c6b38e4476320e587a44c04aed0d6d000244c9cd2ac33d0c66725a421dd664508d9027aca0ba871e154650550212b7d3a92d5e8b65c2308ae3f889b95325718c12375d2525ac3b4f6d06cc08380c43aea9df0a1e9e619cf220639576c6516df4d054452efd0ff9d38f54935c48b1994da4840bdd4ecb2207e9f85bbc726"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x10000, 0x8, 0x9, 0x7, 0x15, 0x15}}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000003c0)={r6, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r8, 0x40047451, &(0x7f0000000040)=0x7f)
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x10000000, 0x10000, {0xffffffff, 0x0, 0x0, 0x800, 0x0, 0x0, 0x3, 0x0, 0xa152, 0x0, 0x40, 0x3c, 0x0, 0x0, "b4bc323ef77d1f0000568400"}})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0, 0x0], 0x2})

3.290783894s ago: executing program 3 (id=686):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000040)=0xe, 0x4)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$kcm(0x2d, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000040)={r4})
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000080)={r5})
close(r3)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r3, @ANYRES8=r0, @ANYRESHEX, @ANYRES16=r0, @ANYBLOB="3f9c8da2e53d0d13526fb74dbb8214dce71f85f58fa4c539a24cae119c75444dcc", @ANYRES16=r1], 0x18)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r10 = dup(r9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r10, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
sendto$inet6(r0, 0x0, 0x44, 0x0, &(0x7f0000000000)={0xa, 0xd9, 0xfffffffc, @loopback={0xfc}, 0x100000}, 0x1c)

3.094053827s ago: executing program 1 (id=687):
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x3, 0xb, 0x81, 0xfffffffb, 0xfffffffd})
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, 0x0, &(0x7f00000032c0))

2.921662032s ago: executing program 1 (id=688):
r0 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001580)=[{&(0x7f0000000200)="a9050000000474640000000000003552bde5c064c6", 0x15}, {&(0x7f0000002780)="b2f78a200e3fa26800cc5733b8ffa6", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f0000001280)=[{&(0x7f0000000240)="5825be57aff9352b35d100000000000000e6caa7", 0x14}], 0x1}}], 0x2, 0x4)

2.917154651s ago: executing program 3 (id=689):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$vimc1(0xffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$VIDIOC_DECODER_CMD(r1, 0xc0485660, &(0x7f0000000740)={0x1, 0x0, @stop_pts=0x7})
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x7}]}], {0x14, 0x10}}, 0x78}}, 0x0)

2.868125149s ago: executing program 1 (id=690):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4)
pwritev(r0, &(0x7f0000000040), 0x0, 0x6, 0x3)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x9, @loopback, 0x6}, 0x1c)
r1 = syz_open_dev$loop(&(0x7f00000000c0), 0x69, 0x20100)
r2 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0)
ioctl$LOOP_SET_FD(r1, 0x4c00, r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff})
write$cgroup_subtree(r2, &(0x7f0000000180)={[{0x2d, 'net'}, {0x2d, 'net_cls'}, {0x2b, 'io'}, {0x2d, 'rdma'}]}, 0x18)
pipe2$watch_queue(&(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
ioctl$MON_IOCT_RING_SIZE(r4, 0x9204, 0xb69a8)
r5 = socket$inet(0x2, 0x6, 0x80)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_io_uring_setup(0x1231, &(0x7f0000000200)={0x0, 0xf56c, 0x4101, 0x3, 0x19e}, &(0x7f0000000280)=<r6=>0x0, &(0x7f00000002c0))
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r6, r7, &(0x7f0000000300)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index, 0x2, {0x0, r5}, 0x9, 0x2, 0x1, {0x0, 0x0, r5}})
ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x4e21, @empty}, {0x2, 0x4e22, @multicast1}, {0x2, 0x4e20, @local}, 0x206, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000340)='batadv0\x00', 0x7, 0x8000000000000001, 0x4})
r8 = geteuid()
getresgid(&(0x7f0000000480)=<r9=>0x0, &(0x7f00000004c0), &(0x7f0000000500))
mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x31804, &(0x7f0000000540)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{}, {@max_read={'max_read', 0x3d, 0x8}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1200}}], [{@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@dont_appraise}, {@dont_appraise}, {@obj_role={'obj_role', 0x3d, 'net_cls'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@context={'context', 0x3d, 'root'}}, {@measure}]}})
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_NODELAY(r10, 0x84, 0x3, &(0x7f0000000680)=0x9, 0x4)
r11 = openat$procfs(0xffffff9c, &(0x7f00000006c0)='/proc/sysvipc/sem\x00', 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000700)={'batadv0\x00', <r12=>0x0})
ioctl$sock_inet6_SIOCDIFADDR(r11, 0x8936, &(0x7f0000000740)={@dev={0xfe, 0x80, '\x00', 0x22}, 0x15, r12})
r13 = syz_open_dev$midi(&(0x7f0000000780), 0x6, 0x20000)
ioctl$BTRFS_IOC_SNAP_DESTROY(r13, 0x5000940f, &(0x7f00000007c0)={{r11}, "7cc5be714b9afaeadca715667c9ca81b14a5110586e7c0f1c8bf9014c7c50e103c8d384dfea9c60da2d2dcbfbe2347711a9a64e768e40b2bb73c9c06636a5d8b5ca3ee6110221035966c6ee0c7f940c7ed59c0b405c10d373fabf475145b3759e6433fba59ad6361075c13ae941a2792135a60ce47cbc8168cfd48e153f37213cf47bbf3cd163d7430717c0f288386e0822784bb1f106fc5bd01723ac14a50037e43c7d3bc5545692c894669dc1783422200a351d806f844c77b707a65727331cd8fcb73ec4088654095acd2c09607bccd322dc9cb014c1a8131f2f215c87fd5c5e3bdb7b3db70c1f4f6bd0e8abaab9ea1ac1f249566cfc054d895957cd8ec16d4fa65ca2ce7ddd60d7755e7fd4cc8b76b6f3c18c27d636fc50eed70d48041669ae3e85beda4e51410bdb20290c21f1fd30d0b50cd150d567eb91c6c35c028c6cea00d2ff4fdfeb13e9cc11ad5504779ed3aec429aeafe6b7b5f82bca0896277cd724a9f6f61270c54a4b537e1a44bf4f99453dbd34e828f0effe2450d47c2a1b1dde68a867dffa3b318a1d4ab080b480369314198777c5625aa2275cb67d2892c55c13615c77bdda0d0d2e8c3830ca2a8f8ab4537638f37bb739ef1abea5a124cb20844c966fe4971524d822a3e1f3b54b5f1e618cf032c77d85f54079f3df63f57f1bfb0699ac2659a5996b9676033d9df1515980a9be48a663c2d34965c76956a12e3253c4c888041da670d408c73341a7089e23141e5db96198bbb51d174c156913098f27ad568d8b8ba492ad804a323a2e0c8563917715d9d6f04899070041f79a046497b820c768af48412bafa178c83a52be306dae122114c5f17b0c43fabab38dd95d5db1390c6fe5948a4761dde78d0873052f0cbe5b87dfdf0b4878231e251849a5b2562ebbfa06954b9dc3c16c44f6f92a9b7df501f043f099467ecf1ca4263a8ad13c3938be96f0c2ec0e3ed09c7f823ffbb889446e743fbdcf3e5e8b204f29bc49694ce21320cd37c6d6cac805010927d8b46ba33a0759d51ef820fa8befd5544349df4e788d88d7fbf1dc31310d0202f57c3d8d51be1096ade76a0b2d16add74c86dd1cf1945b8d87f7738bceae91e801403f0bc3fd981715902008e5cca6a96827a8869d922c30d9ea6ee1f5c31e40cfc075acbcd83c9ff9de861db55bb39172d0e2e6b2729b027311c24440f07160ad05aa20c06cd71298ef57d57b08c08b9145136090e9927ce1c337bc46eb641049ae901019b7e9baf3f5a053a66746c4463ad7ee8483f1c1088958d81af6792f0dadf7f57f461911b887d4945b84c6d43e754a16bf455868281a2d934652c6214287345502b72d183fc332d8d7928202f545f3ecc288b8fefd68739c38652752bd39676142e7acf752e4a523707ce103531a3e78fdfa981e55559b45141367aac69dec069b3f0aa17ac14dffa28d84bfdd02895c0999eedab13d621e5ea34f915303c0cc27b039fca2431807d8551e867f2665072e67ef9bcc60ef3e7a62cce960d5bdadc707960b94cf698aed0c6cca7729661f18434e3fcd87cfd767460571da2944a5c9fbe8626bd9b2e07694b549e8a123509194659e45ea9660739e1ceed95aa6bc2c5606b9b9073c5ac5c6030166c73a1bb4ac557a05262fce602bcad84b5c04beeecd2cf8d15a80f2dc8f8e314fd516973dc071b8c331400ee719c5348250a66eeca0b064ac22d4e1112fb023d28b93944aa741748a1dbacfd14aa7b11fb3918bbca1840177107698b4820ae9a8dbe55167d8334acb1440fa1a69977c71581c2eccee93de8d24724f6b5e9e48d6ffc69a9d8bf1e6bfa991ea6f34bd80685646f7c03947be091fb8926d885f990a9fe5d3fcf4f800c36d1b2d18d17ce73aead9af1e883d0e93fd6b7b2e5fb710234014263b5fef81fd7100aa97ef0f6246a4a6c7cd28e9fc172792fcfe151d4208b736464a15796059ef55719f187cb68a17ace75e39ab8b2e65e38c3d1a37850681d1445e4886e0a427e9222de416d2c1ec73e6f3f13c5f488b43d52a23cd4db92e42c72179cf900a939ec1e34de03b46e9f5d6f404d31aa82b06bb07b7956679a5b137587f2da237e3ef2bdc853ff9d2729bad4c3452356a2a615127281eedebf7a2261fbe628c8acfe8918f2db1089790c1649780f9fbc29fb8ac8ee13dd5f1bb6ecb742556cbf8bab7b892318fe0d00b54d941ba9431b9f272798cf147b2c66c331970892845168cabf0f794eb0cc261f138cb99ec4af578908b9a09e4cff17953c799a69682542f427f8e95fa8dae0f46bf6535f16a534b60b3281caedc64c000a061bbf3ab298945f1a04da67045c9736df674022bb371f73dd6ad9efbecef2ecb4f3dc577ec0da45def0a03986ab42f985be4441ba01da2c63e8aae8e0c380b8c3a3220f9d71862bb1b2fa59766fdd40cc309dc3b69cd8415669887d8dc6a4a977b699328f54e8b7a5924a67eb12051dd9d5f38d6a9643ea4e1ef86a6c10c9e5059a1ae576b89e8d18cf2005a49e0a680e33cb733d70bc2c5211d6ef0edae380f251939cd3d129e9fc64425c026981a4b7c249a02eedd9bd8e84265527c63af9f70933f1e4f64b253c424a2577667e7ffbb048aaf659d156082f27e93e8b7b369010ed4a76f4672bae5317656281da820b63d8523a6c66ebdde2cdec18d7499d43b571cb113f535dff7e59d1732bbb7d0e9a97a0ccad21ba38a0fd6a1103bad6052fe84d588ce9f101f4394d9d6b69e3d537c3c59654788c2ada61a26d88eea5ae83b76419cb0b83ab53dfce532b30fd8a5142e48217a1560c03871ae5ead341e124c7a362acf4f233dd35f11e0894198c116f4c18ed8cab89480b9acf08264a016143fdd0e92965c8908c2588334f3824185f0f6e2bf6f12f54a4fb9789cb7c80ab2dcc1d775dda6031148a5eae3853c140823d1e833dda6575baa9f65d7df62ca99d6c1e6cdf9685e184c37d50810fbc3c2c89948b0c5e98bd3129e4f188df7be2d91156f5e3ea48e340b1634ba1c5afa0afaa73717e2f19c2307681186d91c461cf98dde6e8f00ef5e1daeccd24deb9edf98d6a3966ec2c13f98638375d5285a11fe908976c30348650ca9131164690a4f497a5e195a2919f41396533a8e27e3ea0e9088a7c707689833b8362f3e5f80e9a5c99d0d63e057641a61a543636184a8cf57d1676bb5ae76b8c767c20b3a9224682da821fd25c0dcdf3bf11f5490c6868ed0cf3336a9c298291461102ab0846a3fefeaa168c4e72796ce908eb12dc4727fd80f556a8a329ae1a6b75c997ad1e6fe368f6b9b344e9aea2510257af095b721191073be26dafdca5bbfb7b56cc1f37070362562eb47e4bf1d3463686a9d722a2423218242db8c3d6c8ef5a971246561682132135fc1fd34e8c46cc9416423c827b9d5b7b935c1e32e003bc24540e01fd85b7a37675344b08a127c71ce7ecdedd83b55fa32e773970ecb6b75803ce4b1543daed755f5b6f8f560d68a7577eee6a8b0c0c43f6a804a3ba3fb5b4465691db566f75595343769b13ccff369a6adaab9bed2dd5bc5f48b5d2d6d144d1b0ea58a29ed1ae5b57527c90305326e291709e0fc37321c6955a6a5e28f4ca80d02eff4285805e44fdccef1935b7b02fbfaabcc90a2ec1e02e41cd97190576641e2ba915214b63ac2b4493053fb6abbb75c1d1905de8ec9179dacdaae51ce3c178a78bff1db3c52a784aabade2467db70f1d07f02cc81fbf40a3d425227e5b9e09e691cd39234879d1b45b5f936cda423f12738edfed826711a932fcc4998dd499805b06b878c0f04e0515905dfae9cef17a206a654d2958faf8c85822368358137672698f13f7605fa01e627595323bdcdfa20b26c53558a00dd2daf8d21748072862db0a3b2606261f86bc28d17a1615ef6ec13f5f844f341e636838abb92393f744e401d959e9b6e580ec2f2957e6f099f3ef0fcf0535ac22e3ada677e4cad629157fa46604c008cfc09d070b730821b9378abff5f6e8c8394f520d1ab0bfc91c448ca048333821d55c21cd4f1ec0f013a8c08bdda54a18b7ba0f26f360cd01f89c53b02f45f95e6c9adea02f284c2a66b47e33884feeac0991bdb08d4ec35b0e1cb106b9179138ad8cdc11345aa2c606678624e2c77227ec20d0282a1af9b1237b6a4793326c15b3fb355473a2e846ab1162429ae570cdf4c1100bb4c60805f97e83c19402a7a3ebcb0f8fa9e05b7bb6b9a581b441b02435680dbc0ca87991f262b52c5cc1552cee9919a68ce959848aa3ff3685cf8225590089794d25881812752565b6d5b99a3cbf8a2f5492a602717bfa43a407d02227d236a4882c263206dccddc842f61a53b78f0154ece62b941b4228ce85cadc5ac89ff52bb51c999fc0fa6001948395e634d1c5144b51a9a75b731ba76049380d6a732f31221cfaa49b647913a38fd9c9447eb634cd6f23d9f075fc6d1f6da54c8cbc3d26aaff97b29a939fe91cd4dba9c23c67561bc0e6e17d826e0c89945d30644a5e2879979ce6f1c89d2878ff3b6baf25f87d3e58fba83b4d9523424ac46e25ee05137341b90d1aa2f1507c45dbb79a2a356896bd6260ce9ab4ce054434a7711ee8eea48e9410c84f2c9ca2d13647f95fb79974fe88c048142a3afc3d3ff5eeb5db2346183dae0915b77f7761e883ae95d83621b1703387dda738e0ecfb16395e2c1b3aca61c75da0b0e3b056771418947ccd7c30806d511039312ddcf6e781670c32c96d68a1b1cbf5db2ee83cd4b68b2d1ccd167b808be4e0684687c58c2cc85c70b684912de59b90a1360bb7801c3d75b4bf812699d39c516966fe41f8041ee624717ac1b531fabc6cb92ffaa1465d2cf4573d1b2b2b3682ff47995860aee31e02520862ab2a4786f1301bb1a2f2712f501478a8d762fa76678d2a7ab71ca1853e8a1e68756d66509972d8219e1c1fe107a845e824450ddb864f671674c375231a54cc7e442bef06463728cf1d6542223e98c0ef0a993a8d4913c54ff8550bd259391010b086ec9d5d61bd986fa943fd1551da72eec42d3f65d684312494bf5114a6b201081bc3e6f7635b2bb7d73248ca10e285dd51b5cbf50eb2a9dd94e4654755055fb688b3e5f546809bd0891bdfdad861b602e1b53452d3514dccdd5e1fff754e97a2d2e2305db3e03b8184dfbd95ab16bba8dd99d5e11e483e24b38676088712b18456b164a45f814209871573d31a9d0eed075ab93237857ac3314b88e210f0dcdc258b481772ed8f8d4264075953fbafbe2e45eef73a78292c2611b2416d0f2d344bec1e29f756f3bf35c2d6529dadf858fb69d36ff72824ae4a59469bf73ff882c7e4e6f85b1b10d8a12acb3eeb4bbdfbd699eb9fea94593367c37a9bc635a7e0c3366306384f30ff1e5d8910a234c84c0e2c1fdf98262bce5dbe5770671ad79d81b57dababa23bdb4eda17e7d21912dfa2c081ec3ba8029cc6b010fd48a5035e1c8e526ec6350aa32d4c8dea35ddd5a7caa2fed23276768a86543f15e3060fbf18a924bbb4bbd4ec52b59441b0e5822f708a2b213aaf0674efa0eaf8600cee09598e7d9637955c46b93043e249077002a49fe292714678d36093484d40734eb0a90d35d82a646a314e5e5856088c8158c115e38eaf4869bc459ed4bdddf5299559bee724f2f20835699bd671d28398f0c0ad458518395ef7de2bf757cd5f532a43b7d69c9ff1c96b0b774dadc9126b23c94ad43e91a38bbfcbcf3d1d374df6e8335d8b2bbb9c474bb487238f146f1d1aeb49ade020a3065d90a38c0"})
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r11, 0x84, 0x1b, &(0x7f00000017c0)={<r14=>0x0, 0x61, "fce837980e065e4c3ec480efb4ff5d0799bb3ca3af3b1fd9df357819e7c5666dda7286afbeae5ea3fbf15737c48e162f13b2e7798f798be08b69a8539130d26f1ef307e10af06863065ed5009296821378f6e5dcda4902f644af163a77edad9ee8"}, &(0x7f0000001840)=0x69)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000001880)={r14, 0x3, 0x2}, 0x8)
sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f00000019c0)={&(0x7f00000018c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001980)={&(0x7f0000001940)={0x14, 0x0, 0x8, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4008025}, 0x8000)

2.761330006s ago: executing program 3 (id=691):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x800, 0x0, 0x8001, 0x8000000, 0xfffffffffffffffe, 0x0, 0x4}, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, 0x0)
r3 = syz_open_dev$media(&(0x7f0000000000), 0x2ec4, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f00000000c0))
write$dsp(r2, &(0x7f0000000000)="81", 0x1)
close(r2)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, 0x0, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x2, 0x0, 0x40, 0x0, 0x0, 0x6, 0x44a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x180d, 0x80000000, 0x9, 0x0, 0x0, 0xffff82ee, 0x2, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x80, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x7, 0x0, 0x3, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5]}, 0x45c)
ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0)
readv(r5, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"})
r7 = syz_open_pts(r6, 0x141601)
write(r7, &(0x7f0000000000), 0x0)
r8 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r8, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r8, 0x0, 0x0, 0xfffffeffffff7f7e, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendmsg$inet(r8, &(0x7f00000001c0)={0x0, 0x62, &(0x7f0000000680)=[{&(0x7f00000006c0)="c72e5e81d243ce4577fc96744f9952ebf6b1a2568391a429da5d76852a69457b832ab4e06adb1475c56671942a738e3763abd5086a6951f0fd52d26655a69328af65084e57b5cf0af353b8965a1fd4cfe8680d88d8d6c01aa70ac252bb4f1ac8fc99222b01e4117b810eb20d751c8b4863f74ca525d74f4351fe", 0x7a}, {&(0x7f00000005c0)="69d08a31962be11fafbb02ada76fafbd64afce32c81d45b5ca979e0ee3ad203934db54b8d64845ae59f1efd915c82a92a6f1063def6f895eaae9113e843d58b6a6b7dcc2fd5133ad9f90ca1dd24d75a4178ad0c67f6cb4ab8af08b3e5b907d5b7688cff5af0490c2b709e2e3ddc839cb4507a054e029d03726", 0x79}], 0x2}, 0x8080)

1.877472848s ago: executing program 1 (id=692):
socket$kcm(0x10, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x2040400)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x400000}, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)

1.685165494s ago: executing program 3 (id=693):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e2793b10d10501200006010203010902120008000000000904"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
request_key(&(0x7f0000000240)='encrypted\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='\x00\xa8\xd8~3[q\x1f\x80\xc8\xcd\xd0\xa6\xd2G\xbb}\x1b\xd40\xb7\x1c^T\xb9\xeb\xda1\a]2F\x02\x8f\x0f\xb9K\x06S\xae\xac\x8d\xa89\xf9A\xe85\x93\xd8\xa0L8\x87\x16\xc8\xd7:\xeb\x19\xb1\xb7\xf4\x8c\xa0\xf6\xee\xdf\xf0\x11Y\x81p\xa3b\x8dvHf\xea\xe9\xe5\xce\xcb\x05\xef\x82\x8cYXo\x0e\xa2\b\x1c\xeb;J\x81c\x91[\x8a\x81O\x93g\xd9\xaf\x97\x99\t\xe6?#\x85', r2)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, r2)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e640000"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x70bd26, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f00000007c0)={0x34, &(0x7f0000000540)=ANY=[@ANYBLOB="400705"], 0x0, 0x0, 0x0, 0x0, 0x0})

1.47683677s ago: executing program 0 (id=694):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x51)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x400caed0, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000000800), 0x0, 0x0)
connect$netlink(0xffffffffffffffff, &(0x7f00000000c0)=@proc={0x10, 0x0, 0x25dfdbfb, 0x10000}, 0xc)
read(r4, &(0x7f0000000140)=""/109, 0x6d)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000540)="d887de91a21a7b5eb6b2f5fab6baa69e3cdf5be9dac423cef889fd14426847c98151c379bda8eca14fb4e0440d14396ee38ad4578923119983e76f8c48ad9f7ac8acacf65dc8ad46", 0x48, 0x8004800, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xe)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, "5debca561a5fbf61048955f6f876b2ff"})
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r5, r5, r5}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'poly1305-simd\x00'}})
shutdown(0xffffffffffffffff, 0x1)
recvmmsg(0xffffffffffffffff, &(0x7f0000000840), 0x0, 0x10406, 0x0)
socket$kcm(0x10, 0x2, 0x0)
io_uring_setup(0xfc2, &(0x7f0000000c40)={0x0, 0x0, 0x2000})
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f00000001c0)={0x2, 0x4, 0x4, 0xffff7ffd})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)

1.185079763s ago: executing program 2 (id=695):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0xfffffffd, 0xfffffffe, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newtfilter={0x64, 0x28, 0xd27, 0x1004001, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0xd, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x34, 0x2, [@TCA_CGROUP_ACT={0x30, 0x1, [@m_ife={0x2c, 0x1a, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x6, 0x2}}}}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x810}, 0x48c0)

1.060559835s ago: executing program 2 (id=696):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0)
write$binfmt_elf64(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c461c02f9b7ff7f000000000000020003"], 0x78)
ioctl$SNDCTL_SEQ_SYNC(r3, 0x5101)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000)
link(0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x4004)
bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x218, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)

624.416846ms ago: executing program 1 (id=697):
r0 = socket(0x2b, 0x80801, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYBLOB='\b\x00\n'], 0x54}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x200000000000000)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x10000}, 0x1c)
listen(r0, 0x7)

141.217508ms ago: executing program 4 (id=698):
r0 = socket$inet6(0xa, 0x6, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a20020000000000", 0x8)
fcntl$setstatus(r2, 0x4, 0xcfb45b99770bb43a)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x1000}, 0x20)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000840)={'dummy0\x00'})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r7, 0x6, 0x23, &(0x7f0000000000)=""/48, &(0x7f0000000040)=0x30)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@deltaction={0x4c, 0x31, 0x8, 0x70bd29, 0x25dfdbfc, {}, [@TCA_ACT_TAB={0x34, 0x1, [{0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2d}}, {0x14, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}]}, @TCA_ACT_TAB={0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x101)
r8 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r8, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r8, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x447f, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x4}}, 0x0, 0x0, 0x0, 0x0, "ddfd3b7ed7c6a1c172a987ae5ce3cafd64c9a736831a5912d606798fb75c9981c4b3ac0e06891ff18bc5543ed57215a3c45f9154dfa319e52a15a2b9acf80c07fb1a854dad742eef6187f2304844c296"}, 0xd8)
r10 = accept4(r0, 0x0, 0x0, 0x0)
r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r10)
sendmsg$TIPC_NL_NODE_GET(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x40000)
sendmsg$TIPC_NL_MEDIA_SET(r10, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)={0x268, r11, 0x0, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0xb4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3d, 0x4, {'gcm(aes)\x00', 0x15, "0f1b6a44d9de84fac8c01a8ae8a0f5464480794ef2"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x401}, @TIPC_NLA_NODE_KEY={0x4b, 0x4, {'gcm(aes)\x00', 0x23, "a28787824480db3abba732b9ee6f1424a3cd206c56907b21f029e3fc91b39a0325be8c"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x1}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xd3d}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xe17}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xc}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}]}, @TIPC_NLA_BEARER={0x11c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x7, @mcast1}}, {0x14, 0x2, @in={0x2, 0x4e24, @remote}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @loopback}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x2, @mcast1, 0x9}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x3ff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x268}, 0x1, 0x0, 0x0, 0x24004049}, 0x4000)

58.531105ms ago: executing program 2 (id=699):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="120101000d0067204f17316a3f26010203010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
userfaultfd(0x80001)
syz_usb_connect(0x0, 0x48, &(0x7f0000000000)=ANY=[@ANYBLOB="120100004e4aa92082051600578e01020301090236"], 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="680000001c00", @ANYRES32=r3, @ANYBLOB="4000ba000a000200aa"], 0x68}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xa}, 0x20)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
r9 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r9, 0x0, 0xd1, &(0x7f0000000000)=0x3, 0x4)
connect$inet6(r8, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote}, 0x1c)
connect$pppl2tp(r7, &(0x7f0000000100)=@pppol2tpin6={0x18, 0x1, {0x0, r8, 0x9, 0x0, 0x0, 0xfffe, {0xa, 0x0, 0x5, @rand_addr=' \x01\x00'}}}, 0x32)
writev(r7, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$sock_SIOCGIFCONF(r1, 0x8912, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

0s ago: executing program 0 (id=700):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x30, &(0x7f0000005fc0), &(0x7f0000006000)=0xc)
r1 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x4004004)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, &(0x7f0000000000)="0000000000000004ff6943b800000008fed2f4f6174e98d5c850dc00000028f2000000008607000000ebcd1f", 0x2c, r3)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0x8, "9e3ce079"}]}}, 0x0}, 0x0)
r4 = syz_usb_connect$printer(0x6, 0x36, &(0x7f0000001040)=ANY=[@ANYBLOB="12010002000000102505a8a44000010203010902240001090cd81409040010020701010709050102500006aef8090582022000079f03fe703e97551c18ede6ac733e0bd5329e5e6e6f1b52fff6952d3b3c87794bfa"], &(0x7f0000000300)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x7f, 0x9, 0x9, 0x40, 0x22}, 0x38, &(0x7f0000000100)={0x5, 0xf, 0x38, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x0, 0xcd, 0x8000}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "5a1f716338792a2935fe98b789e5055e"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x24, 0x49, 0x13, 0x7, 0x5}, @ptm_cap={0x3}, @generic={0x7, 0x10, 0x3, "9014ccbe"}]}, 0x3, [{0x9f, &(0x7f0000000140)=@string={0x9f, 0x3, "0e52c41d50da92b4c6643df37003c7e4569b06762183c5eece73b5c07220f59a064faa55b50d2aa5d130dcc3db8f8be57ea850c04f1e54a0f02860d3aa7838f49f74166293a674a0cc5a50e47003e0c38f26947cd05e1ffe3f485b97ff75b02e1f20bbc4b0b6450b5191af9705f2e9050f80b154dfaaca43c33993a3a48aeb725d5ac8f56fab5c623479e79bc5382e7f659c98806cbe041cc2dc76ae58"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x83e}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x820}}]})
syz_usb_control_io$printer(r4, &(0x7f0000000440)={0xc, &(0x7f0000000340)={0x40, 0x23, 0x9c, {0x9c, 0xe, "c779b5917a65c6736d93a969d36a935139e716d67b51c0208d0de9c595b2de747c3c301905c292f6abb638187e4e6e9c624063f8ab02575e46eb35028be462657b1ee84ae12b5849924846700ed75d68a40b7a75bf4e2c0cad248b4100deeadad95bd8bbee9ab266f14b91c4d96c60c98b128328d2d765040cca4ec097aaf68355871316c5e24ca45254b7f03124095984e659fe44bf41380d43"}}, &(0x7f0000000400)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44d}}}, &(0x7f0000000700)={0x1c, 0x0, &(0x7f0000000480)={0x0, 0xa, 0x1, 0x4}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000500)={0x20, 0x0, 0x10, {0xe, "7a5e14de1e76a2fec138d517e263"}}, &(0x7f0000000680)={0x20, 0x1, 0x1, 0x8}, &(0x7f00000006c0)={0x20, 0x0, 0x1}})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0086426, &(0x7f00000010c0)={0x0, &(0x7f0000000f00)})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0500000400000000000015000000080003", @ANYRES32=r7], 0x24}}, 0x0)
syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000e40)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xde, 0x60, 0x0, [{{0x9, 0x4, 0x0, 0xd6, 0x1, 0x7, 0x1, 0x1, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x0, 0x3, 0x2}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0x80, 0xf, 0xf7}}]}}}]}}]}}, &(0x7f0000000f80)={0xa, &(0x7f0000000e80)={0xa, 0x6, 0x201, 0x4, 0x0, 0x3, 0x20, 0x40}, 0x1a, &(0x7f0000000ec0)={0x5, 0xf, 0x1a, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x10, 0x4, 0x5, 0x7}, @wireless={0xb, 0x10, 0x1, 0x4, 0x95, 0x4, 0xe2, 0x9, 0x7}]}, 0x2, [{0x40, &(0x7f0000000fc0)=ANY=[@ANYBLOB="4003606e68883e58d1185d616c177ad811f0f28a20e682d86530587f1b9aba112fe332b3d682e0"]}, {0x39, &(0x7f0000000f40)=@string={0x39, 0x3, "39f3486f1a704d9fc37d40bf2c418c441f3eee5650c2b41149444a0395adcd486ec480ee88de27e21abed1eebc6f92112815cbd29164b8"}}]})
r8 = dup(0xffffffffffffffff)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000580001c0"])
ioctl$TCSETS(r8, 0x5402, &(0x7f0000001540)={0xd5, 0x80000000, 0x2750, 0x9, 0x6, "1badf6b449701fa92086c4bb3fc3d8b8554a58"})
r9 = syz_usb_connect(0x1, 0x24, &(0x7f0000002280)={{0x12, 0x1, 0x200, 0x5, 0x92, 0x2, 0x8, 0x681, 0x5, 0x56c0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x7, 0x3, 0x40, 0xf2, [{{0x9, 0x4, 0xfc, 0x8, 0x0, 0xa, 0xf4, 0x77, 0x5}}]}}]}}, &(0x7f0000003600)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r10 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
r11 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fc00101}]})
socket(0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r11, 0xc0182101, &(0x7f0000000300))
r12 = syz_usb_connect(0x4, 0x101, &(0x7f0000000740)={{0x12, 0x1, 0x201, 0xe2, 0x10, 0x95, 0x20, 0x2019, 0x3220, 0xb9d2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xef, 0x1, 0xa6, 0x9, 0x10, 0x37, [{{0x9, 0x4, 0xa8, 0x0, 0x3, 0x3a, 0xf9, 0x81, 0x8, [@hid_hid={0x9, 0x21, 0xd7, 0x3, 0x1, {0x22, 0xbf6}}, @generic={0x95, 0x11, "d2798a83067255923125ac3df4cf6ac9b1cfa1be01b4ced2ae09f9248d208e8358daf1da01fb58ed12f41e712caf26fa96f7d0e9025437d61daed892e285af60e901461937791626a7de13d97cbfa80c99b6a0d1da9af72f6f5805642b7152f4a95a6084e07aa5bd2df9c6d6f479c1b12c8aa05075ff3989857468759d4a303d5f812e9b08a86075adc4f15d258e84795b2adc"}], [{{0x9, 0x5, 0xb, 0x0, 0x20, 0x3, 0x0, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x1, 0x7}]}}, {{0x9, 0x5, 0xd, 0x2, 0x3ff, 0x6, 0x80, 0xd, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x8, 0x1}]}}, {{0x9, 0x5, 0x1, 0x10, 0x200, 0x1, 0x2c, 0x0, [@generic={0x16, 0x23, "877d3de3359d3d0f19a3d43c952fb160d458ba6a"}]}}]}}]}}]}}, &(0x7f0000000dc0)={0x0, 0x0, 0x21, &(0x7f0000000d40)={0x5, 0xf, 0x21, 0x4, [@wireless={0xb, 0x10, 0x1, 0x2, 0x21, 0x9, 0x80, 0x2, 0x7}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x0, 0x7, 0xfa9d}, @ext_cap={0x7, 0x10, 0x2, 0x18, 0x0, 0x1, 0x8001}, @ptm_cap={0x3}]}, 0x1, [{0x4, &(0x7f0000000d80)=@lang_id={0x4, 0x3, 0x1401}}]})
syz_usb_ep_read(r12, 0x4, 0x21, &(0x7f0000000e00)=""/33)
ioctl$HIDIOCGCOLLECTIONINDEX(r10, 0x40184810, &(0x7f0000000040)={0x3, 0x200, 0x3, 0x3, 0x27, 0x7fff})
syz_usb_control_io$uac1(r9, &(0x7f0000001280)={0xc, &(0x7f0000001140)={0x20, 0xb, 0x40, {0x40, 0xd, "3b2b0af579ad44a72076dcfab9608d8fd2847d4e93f050f1c1a1d87af854134bf203725dee5f02c26797e6fa7b83c84c918afc9c1ac017ecda7637e51b19"}}, &(0x7f00000011c0)={0x0, 0x3, 0x98, @string={0x98, 0x3, "6d172616266c0956f3e9a64b2f5780f9e31e928f7431989952186cf7c4b53ec41f50d030308903e444e3ef9d6aedfc4384e72b4d1893a41a6506b9463fa4123940737e4b910a7c4cb9d20dde38998592b4023375abac227a95fd2200d22dad6f95e544af4011084eab421c28871211b7a6d8fb7d1080b32f35cd39ef0784a47829bf35fc91b364247919a04cd8b92bce3d8b18dd6565"}}}, &(0x7f0000001500)={0x24, &(0x7f00000012c0)={0x0, 0x14, 0x76, "e6c65f596e284b28f5645462137049ec7fbf1570c066b5112856fd7ca67c1b86459e6e958938af7b77db43747b953cb40e5e38b2fec315aaa3c5049b52804cf45eb97900f9a99356b57f636ddb844ee1ea23a8e96f4c2ad303e3fe3013eafab487af9b7960cceaaa4f85814875b30e0481aae53001ec"}, &(0x7f0000001340)={0x0, 0xa, 0x1, 0x10}, &(0x7f0000001380)={0x0, 0x8, 0x1, 0xd}, &(0x7f00000013c0)={0x20, 0x81, 0x1, "b9"}, &(0x7f0000001400)={0x20, 0x82, 0x2, "844c"}, &(0x7f0000001440)={0x20, 0x83, 0x2, "f13b"}, &(0x7f0000001480)={0x20, 0x84, 0x3, "b43246"}, &(0x7f00000014c0)={0x20, 0x85, 0x3, "958758"}})

kernel console output (not intermixed with test programs):

msg+0x10/0x10
[  129.306067][ T6482]  __sock_sendmsg+0x221/0x270
[  129.306091][ T6482]  ____sys_sendmsg+0x523/0x860
[  129.306117][ T6482]  ? __pfx_____sys_sendmsg+0x10/0x10
[  129.306155][ T6482]  __sys_sendmsg+0x271/0x360
[  129.306177][ T6482]  ? __pfx___sys_sendmsg+0x10/0x10
[  129.306239][ T6482]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  129.306257][ T6482]  ? lockdep_hardirqs_on+0x9d/0x150
[  129.306276][ T6482]  __do_fast_syscall_32+0xb4/0x110
[  129.306300][ T6482]  ? exc_page_fault+0x5f8/0x920
[  129.306333][ T6482]  do_fast_syscall_32+0x34/0x80
[  129.306352][ T6482]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  129.306373][ T6482] RIP: 0023:0xf747d579
[  129.306396][ T6482] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  129.306410][ T6482] RSP: 002b:00000000f510655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  129.306442][ T6482] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001200
[  129.306454][ T6482] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  129.306464][ T6482] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  129.306474][ T6482] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  129.306484][ T6482] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  129.306509][ T6482]  </TASK>
[  130.356728][ T6497] input: syz1 as /devices/virtual/input/input16
[  130.378536][ T6497] netlink: 24 bytes leftover after parsing attributes in process `syz.4.158'.
[  130.682660][ T6502] FAULT_INJECTION: forcing a failure.
[  130.682660][ T6502] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  130.805091][ T1216] usbhid 5-1:0.0: can't add hid device: -32
[  130.842824][ T6502] CPU: 0 UID: 0 PID: 6502 Comm: syz.2.161 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  130.842850][ T6502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  130.842860][ T6502] Call Trace:
[  130.842867][ T6502]  <TASK>
[  130.842873][ T6502]  dump_stack_lvl+0x241/0x360
[  130.842905][ T6502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  130.842929][ T6502]  ? __pfx__printk+0x10/0x10
[  130.842963][ T6502]  should_fail_ex+0x424/0x570
[  130.842995][ T6502]  _copy_from_iter+0x211/0x1c70
[  130.843021][ T6502]  ? __build_skb_around+0x247/0x3d0
[  130.843049][ T6502]  ? __alloc_skb+0x298/0x480
[  130.843072][ T6502]  ? __pfx__copy_from_iter+0x10/0x10
[  130.843095][ T6502]  ? __pfx___alloc_skb+0x10/0x10
[  130.843122][ T6502]  ? skb_put+0x114/0x1f0
[  130.843149][ T6502]  netlink_sendmsg+0x73c/0xcd0
[  130.843182][ T6502]  ? __pfx_netlink_sendmsg+0x10/0x10
[  130.843206][ T6502]  ? __import_iovec+0x585/0x830
[  130.843228][ T6502]  ? aa_sock_msg_perm+0x91/0x160
[  130.843256][ T6502]  ? __pfx_netlink_sendmsg+0x10/0x10
[  130.843276][ T6502]  __sock_sendmsg+0x221/0x270
[  130.843310][ T6502]  ____sys_sendmsg+0x523/0x860
[  130.843334][ T6502]  ? __pfx_____sys_sendmsg+0x10/0x10
[  130.843369][ T6502]  __sys_sendmsg+0x271/0x360
[  130.843390][ T6502]  ? __pfx___sys_sendmsg+0x10/0x10
[  130.843450][ T6502]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  130.843468][ T6502]  ? lockdep_hardirqs_on+0x9d/0x150
[  130.843488][ T6502]  __do_fast_syscall_32+0xb4/0x110
[  130.843506][ T6502]  ? exc_page_fault+0x5f8/0x920
[  130.843537][ T6502]  do_fast_syscall_32+0x34/0x80
[  130.843555][ T6502]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  130.843575][ T6502] RIP: 0023:0xf742d579
[  130.843590][ T6502] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  130.843604][ T6502] RSP: 002b:00000000f50b655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  130.843623][ T6502] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000800007c0
[  130.843634][ T6502] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  130.843644][ T6502] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  130.843654][ T6502] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  130.843664][ T6502] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  130.843688][ T6502]  </TASK>
[  130.854233][ T1216] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[  131.184244][ T6507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.232826][ T6507] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.592886][ T6510] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.683763][ T6510] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  132.304258][ T6519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  132.348486][ T6519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  132.649716][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  132.656425][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  132.703932][ T6526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  132.731582][ T6526] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  132.762077][   T30] kauditd_printk_skb: 40 callbacks suppressed
[  132.762092][   T30] audit: type=1326 audit(1743664781.012:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6525 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  132.859476][   T30] audit: type=1326 audit(1743664781.052:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6525 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000
[  132.881258][    C0] vkms_vblank_simulate: vblank timer overrun
[  132.933327][   T30] audit: type=1326 audit(1743664781.052:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6525 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  133.032953][   T30] audit: type=1326 audit(1743664781.052:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6525 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  133.201840][   T30] audit: type=1326 audit(1743664781.052:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6525 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000
[  133.293879][   T30] audit: type=1326 audit(1743664781.052:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6525 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  133.315599][    C0] vkms_vblank_simulate: vblank timer overrun
[  133.436676][   T30] audit: type=1326 audit(1743664781.052:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6525 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000
[  133.532841][   T30] audit: type=1326 audit(1743664781.052:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6525 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  133.620611][   T30] audit: type=1326 audit(1743664781.052:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6525 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  133.747213][   T30] audit: type=1326 audit(1743664781.052:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6525 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc7598 code=0x7ffc0000
[  134.118270][ T6542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  134.127657][ T6542] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  134.139008][ T6542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  134.148220][ T6542] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  134.243012][ T6544] netlink: 24 bytes leftover after parsing attributes in process `syz.2.171'.
[  134.792925][ T6552] netlink: 4 bytes leftover after parsing attributes in process `syz.3.172'.
[  134.874013][ T5838] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260
[  135.289959][ T6554] netlink: 8 bytes leftover after parsing attributes in process `syz.0.173'.
[  135.516558][ T6557] netlink: 28 bytes leftover after parsing attributes in process `syz.2.174'.
[  135.974952][ T6566] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  136.020375][ T6566] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  137.886775][ T6575] netlink: 4 bytes leftover after parsing attributes in process `syz.0.178'.
[  137.906548][ T5838] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260
[  138.981595][ T6587] netlink: 4 bytes leftover after parsing attributes in process `syz.3.182'.
[  139.009697][ T6587] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  139.018965][ T6587] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  139.028090][ T6587] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  139.037011][ T6587] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  139.130824][ T6587] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  139.140181][ T6587] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  139.149204][ T6587] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  139.158527][ T6587] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  139.760400][ T6600] netlink: 20 bytes leftover after parsing attributes in process `syz.4.186'.
[  140.180200][ T6604] netlink: 24 bytes leftover after parsing attributes in process `syz.1.187'.
[  140.359448][ T6604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  140.368984][ T6604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  140.445053][ T6605] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  140.467753][ T6605] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  140.844061][ T6612] netlink: 28 bytes leftover after parsing attributes in process `syz.0.189'.
[  140.853153][ T6612] netlink: 44 bytes leftover after parsing attributes in process `syz.0.189'.
[  141.338902][ T6622] netlink: 112 bytes leftover after parsing attributes in process `syz.0.192'.
[  141.377481][ T6620] bridge1: entered promiscuous mode
[  141.623675][ T5893] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  141.774681][ T5893] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 29282, setting to 1024
[  141.787313][ T5893] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  141.820265][ T5893] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  141.844238][ T5893] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a9, bcdDevice= 0.40
[  141.854549][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.863246][ T5893] usb 4-1: Product: syz
[  141.867607][ T5893] usb 4-1: Manufacturer: syz
[  141.889529][ T5893] usb 4-1: SerialNumber: syz
[  141.921667][ T6623] raw-gadget.6 gadget.3: fail, usb_ep_enable returned -22
[  141.960356][ T6639] input: syz0 as /devices/virtual/input/input17
[  142.077173][ T6641] input: syz0 as /devices/virtual/input/input18
[  142.158032][ T5893] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A9
[  142.273388][ T6642] netlink: 20 bytes leftover after parsing attributes in process `syz.4.198'.
[  142.297969][ T6642] 8021q: VLANs not supported on vcan0
[  143.390935][ T6656] netlink: 4 bytes leftover after parsing attributes in process `syz.0.200'.
[  143.411915][ T5838] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260
[  143.626106][ T6662] netlink: 28 bytes leftover after parsing attributes in process `syz.2.203'.
[  143.642385][ T6662] netlink: 44 bytes leftover after parsing attributes in process `syz.2.203'.
[  143.754942][ T6664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.770214][ T6664] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.808433][ T6659] netlink: 24 bytes leftover after parsing attributes in process `syz.1.202'.
[  144.389868][ T5894] usb 4-1: USB disconnect, device number 13
[  144.443505][ T5894] usblp0: removed
[  144.617168][ T6698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.632637][ T6698] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.425115][ T5894] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  145.602870][ T5894] usb 4-1: Using ep0 maxpacket: 8
[  145.610116][ T5894] usb 4-1: config index 0 descriptor too short (expected 5924, got 36)
[  145.618673][ T5894] usb 4-1: config 250 has an invalid interface number: 228 but max is -1
[  145.637218][ T5894] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0
[  145.671963][ T5894] usb 4-1: config 250 has no interface number 0
[  145.687524][ T5894] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  145.730495][ T5894] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  145.766849][ T5894] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 65535, setting to 1024
[  145.823232][ T5894] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 1024
[  145.902204][ T5894] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  146.303027][ T6712] mmap: syz.2.211 (6712) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  146.314124][ T5894] usb 4-1: config 250 interface 228 has no altsetting 0
[  146.338727][ T5894] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  146.355623][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  146.425697][ T5894] usb 4-1: Product: syz
[  146.522775][ T5894] usb 4-1: SerialNumber: syz
[  146.566119][ T5894] hub 4-1:250.228: bad descriptor, ignoring hub
[  146.572423][ T5894] hub 4-1:250.228: probe with driver hub failed with error -5
[  146.637161][ T6725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  146.814663][ T5894] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 14 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  147.038167][ T6727] input: syz0 as /devices/virtual/input/input19
[  147.126238][ T6725] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  147.852488][ T6739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  147.861636][ T6739] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  147.872955][ T6739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  147.882108][ T6739] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  148.256173][ T6744] misc userio: Invalid payload size
[  148.263260][ T5894] usb 4-1: USB disconnect, device number 14
[  148.275916][ T5894] usblp0: removed
[  148.301766][ T6744] misc userio: No port type given on /dev/userio
[  148.830938][ T6748] kAFS: unparsable volume name
[  149.247367][ T6751] netlink: 4 bytes leftover after parsing attributes in process `syz.3.223'.
[  149.299211][ T6751] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  149.308071][ T6751] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  149.316873][ T6751] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  149.325681][ T6751] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  149.425933][ T6751] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  149.436176][ T6751] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  149.445998][ T6751] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  149.455051][ T6751] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  149.718196][ T6759] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  149.886746][ T1162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.896138][ T1162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.093391][ T6764] netlink: 8 bytes leftover after parsing attributes in process `syz.3.226'.
[  151.242122][ T6779] netlink: 4 bytes leftover after parsing attributes in process `syz.2.228'.
[  151.325163][ T5838] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  152.571456][ T6794] misc userio: Invalid payload size
[  152.584949][ T6794] misc userio: No port type given on /dev/userio
[  152.686104][ T6796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  152.699299][ T6796] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.202816][ T5894] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  153.616554][ T5894] usb 4-1: config 0 has no interfaces?
[  153.642822][ T5894] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  153.704759][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.705771][ T6812] Cannot find set identified by id 0 to match
[  153.801366][ T5894] usb 4-1: Product: syz
[  153.832439][ T5894] usb 4-1: Manufacturer: syz
[  153.868931][ T5894] usb 4-1: SerialNumber: syz
[  153.893672][ T5894] usb 4-1: config 0 descriptor??
[  154.006039][ T6816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.015132][ T6816] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.027832][ T6816] veth0_to_batadv: entered promiscuous mode
[  154.034965][ T6816] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  154.196663][ T6816] batman_adv: batadv0: Removing interface: batadv_slave_0
[  154.404513][ T6823] input: syz0 as /devices/virtual/input/input20
[  154.919485][ T6829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.987474][ T6829] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  155.070177][ T6829] netlink: 'syz.0.242': attribute type 3 has an invalid length.
[  155.233514][ T6829] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.242'.
[  155.734950][ T6839] netlink: 4 bytes leftover after parsing attributes in process `syz.2.244'.
[  155.747842][ T5838] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  156.048486][   T47] usb 4-1: USB disconnect, device number 15
[  156.111774][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  156.146763][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  157.141603][ T6853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  157.169736][ T6853] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  158.092094][ T6867] FAULT_INJECTION: forcing a failure.
[  158.092094][ T6867] name failslab, interval 1, probability 0, space 0, times 0
[  158.110067][ T6867] CPU: 1 UID: 0 PID: 6867 Comm: syz.1.254 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  158.110093][ T6867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  158.110104][ T6867] Call Trace:
[  158.110110][ T6867]  <TASK>
[  158.110117][ T6867]  dump_stack_lvl+0x241/0x360
[  158.110151][ T6867]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.110175][ T6867]  ? __pfx__printk+0x10/0x10
[  158.110204][ T6867]  ? __pfx___might_resched+0x10/0x10
[  158.110241][ T6867]  should_fail_ex+0x424/0x570
[  158.110277][ T6867]  should_failslab+0xac/0x100
[  158.110302][ T6867]  __kvmalloc_node_noprof+0x170/0x5a0
[  158.110326][ T6867]  ? nf_hook_entries_grow+0x290/0x740
[  158.110352][ T6867]  nf_hook_entries_grow+0x290/0x740
[  158.110383][ T6867]  __nf_register_net_hook+0x278/0x8e0
[  158.110414][ T6867]  nf_register_net_hook+0xb0/0x190
[  158.110434][ T6867]  nf_register_net_hooks+0x41/0x1a0
[  158.110457][ T6867]  nf_ct_netns_do_get+0x3d0/0x680
[  158.110481][ T6867]  ? __pfx_nf_ct_netns_do_get+0x10/0x10
[  158.110503][ T6867]  ? nft_validate_register_store+0x188/0x1d0
[  158.110527][ T6867]  ? nft_parse_register_store+0x215/0x290
[  158.110552][ T6867]  nft_ct_get_init+0x63f/0x8b0
[  158.110582][ T6867]  nf_tables_newrule+0x1861/0x2980
[  158.110620][ T6867]  ? __pfx_nf_tables_newrule+0x10/0x10
[  158.110658][ T6867]  ? __nla_parse+0x40/0x60
[  158.110683][ T6867]  nfnetlink_rcv+0x12eb/0x28f0
[  158.110743][ T6867]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  158.110818][ T6867]  ? skb_clone+0x240/0x390
[  158.110847][ T6867]  ? netlink_deliver_tap+0x2e/0x1b0
[  158.110872][ T6867]  ? netlink_deliver_tap+0x2e/0x1b0
[  158.110895][ T6867]  netlink_unicast+0x7f8/0x9a0
[  158.110923][ T6867]  ? __pfx_netlink_unicast+0x10/0x10
[  158.110946][ T6867]  ? skb_put+0x114/0x1f0
[  158.110975][ T6867]  netlink_sendmsg+0x8c3/0xcd0
[  158.111009][ T6867]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.111035][ T6867]  ? __import_iovec+0x585/0x830
[  158.111058][ T6867]  ? aa_sock_msg_perm+0x91/0x160
[  158.111087][ T6867]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.111108][ T6867]  __sock_sendmsg+0x221/0x270
[  158.111133][ T6867]  ____sys_sendmsg+0x523/0x860
[  158.111159][ T6867]  ? __pfx_____sys_sendmsg+0x10/0x10
[  158.111192][ T6867]  __sys_sendmsg+0x271/0x360
[  158.111214][ T6867]  ? __pfx___sys_sendmsg+0x10/0x10
[  158.111286][ T6867]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  158.111304][ T6867]  ? lockdep_hardirqs_on+0x9d/0x150
[  158.111324][ T6867]  __do_fast_syscall_32+0xb4/0x110
[  158.111342][ T6867]  ? exc_page_fault+0x5f8/0x920
[  158.111374][ T6867]  do_fast_syscall_32+0x34/0x80
[  158.111393][ T6867]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  158.111414][ T6867] RIP: 0023:0xf7fb5579
[  158.111429][ T6867] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  158.111443][ T6867] RSP: 002b:00000000f50d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  158.111462][ T6867] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  158.111474][ T6867] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  158.111483][ T6867] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  158.111493][ T6867] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  158.111503][ T6867] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  158.111529][ T6867]  </TASK>
[  158.518342][ T6861] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.525907][ T6861] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.875500][ T6861] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  158.955588][   T30] kauditd_printk_skb: 395 callbacks suppressed
[  158.955606][   T30] audit: type=1326 audit(1743664807.212:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.1.258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  159.008302][ T6876] netlink: 40 bytes leftover after parsing attributes in process `syz.1.258'.
[  159.031428][   T30] audit: type=1326 audit(1743664807.262:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.1.258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=312 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  159.072872][   T30] audit: type=1326 audit(1743664807.262:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.1.258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  159.139287][   T30] audit: type=1326 audit(1743664807.262:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.1.258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  159.182837][   T30] audit: type=1326 audit(1743664807.262:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.1.258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  159.206005][   T30] audit: type=1326 audit(1743664807.262:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.1.258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  159.231987][   T30] audit: type=1326 audit(1743664807.262:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.1.258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  159.254629][   T30] audit: type=1326 audit(1743664807.262:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.1.258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  159.281687][   T30] audit: type=1326 audit(1743664807.322:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.1.258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  159.312804][   T30] audit: type=1326 audit(1743664807.322:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.1.258" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  159.388601][ T6861] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  159.404334][ T6861] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  159.413786][ T6861] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  159.443828][ T6861] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  159.527573][ T6861] bridge1: left promiscuous mode
[  159.539618][ T6880] IPv6: Can't replace route, no match found
[  159.733236][   T10] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  159.893132][   T10] usb 4-1: device descriptor read/64, error -71
[  160.172777][   T10] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  160.323053][   T10] usb 4-1: device descriptor read/64, error -71
[  160.481685][ T6909] QAT: Device 250 not found
[  160.487847][   T10] usb usb4-port1: attempt power cycle
[  161.070401][ T6916] input: syz0 as /devices/virtual/input/input21
[  161.112733][ T6914] netlink: 12 bytes leftover after parsing attributes in process `syz.4.269'.
[  161.627379][ T6922] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  162.142464][ T6926] netlink: 'syz.1.272': attribute type 21 has an invalid length.
[  162.258590][ T6927] warning: `syz.1.272' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  162.396945][ T6932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.431425][ T6932] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.693878][ T6931] netlink: 8 bytes leftover after parsing attributes in process `syz.0.274'.
[  162.706496][ T6943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.715563][ T6943] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.753697][ T6931] netlink: 8 bytes leftover after parsing attributes in process `syz.0.274'.
[  162.942998][ T5894] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  163.172831][ T5894] usb 4-1: device descriptor read/64, error -71
[  163.523481][ T5894] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[  163.673466][ T5894] usb 4-1: device descriptor read/64, error -71
[  163.783141][ T5894] usb usb4-port1: attempt power cycle
[  164.135678][ T6958] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  164.152932][ T5894] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  164.186670][ T5894] usb 4-1: device descriptor read/8, error -71
[  164.418481][ T6962] fuse: Bad value for 'user_id'
[  164.430100][ T6962] fuse: Bad value for 'user_id'
[  164.444224][ T5894] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  164.475050][ T5894] usb 4-1: device descriptor read/8, error -71
[  164.529347][ T6967] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  164.594388][ T5894] usb usb4-port1: unable to enumerate USB device
[  164.746121][ T6974] netlink: 112 bytes leftover after parsing attributes in process `syz.2.289'.
[  164.826791][ T6977] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  164.836970][ T6977] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  166.160854][ T6997] QAT: Device 250 not found
[  166.431555][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.439723][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.710421][ T7009] netlink: 112 bytes leftover after parsing attributes in process `syz.0.300'.
[  166.866104][ T7011] syz_tun: refused to change device tx_queue_len
[  166.886541][ T7011] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  168.160172][ T7039] netlink: 4 bytes leftover after parsing attributes in process `syz.4.311'.
[  168.739444][ T7053] netlink: 68 bytes leftover after parsing attributes in process `syz.4.316'.
[  168.972380][ T7058] input: syz0 as /devices/virtual/input/input26
[  169.036291][ T7061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.094155][ T7061] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.402344][ T7069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.490073][ T7069] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  171.522871][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout
[  171.528224][ T7071] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  172.348764][ T7071] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  172.359307][ T7071] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  172.371596][ T7071] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  172.378868][ T7071] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  172.388971][ T7071] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  172.396899][ T7071] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  172.405676][ T7071] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  172.418016][ T7071] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  172.428375][ T7071] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  172.434703][ T7071] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  172.442396][ T7071] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  172.451848][ T7071] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  172.458289][ T7071] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  172.466741][ T7071] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  172.963908][ T5895] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  173.139253][ T5895] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  173.163706][   T30] audit: type=1326 audit(1743664821.412:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7115 comm="syz.4.336" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000
[  173.205040][ T5895] usb 4-1: config 0 has no interfaces?
[  173.232215][ T5895] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  173.248645][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.252756][   T30] audit: type=1326 audit(1743664821.412:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7115 comm="syz.4.336" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000
[  173.278445][    C1] vkms_vblank_simulate: vblank timer overrun
[  173.298463][ T5895] usb 4-1: Product: syz
[  173.305064][ T5895] usb 4-1: Manufacturer: syz
[  173.310983][ T5895] usb 4-1: SerialNumber: syz
[  173.381124][ T5895] usb 4-1: config 0 descriptor??
[  173.473120][ T7129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  173.481834][ T7129] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  173.626527][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout
[  173.656968][   T30] audit: type=1326 audit(1743664821.412:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7115 comm="syz.4.336" exe="/root/syz-executor" sig=0 arch=40000003 syscall=135 compat=1 ip=0xf747d579 code=0x7ffc0000
[  173.678812][    C1] vkms_vblank_simulate: vblank timer overrun
[  173.692896][   T30] audit: type=1326 audit(1743664821.412:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7115 comm="syz.4.336" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000
[  173.714701][    C1] vkms_vblank_simulate: vblank timer overrun
[  173.789010][   T30] audit: type=1326 audit(1743664821.412:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7115 comm="syz.4.336" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000
[  173.810856][    C1] vkms_vblank_simulate: vblank timer overrun
[  173.937019][ T5895] usb 4-1: USB disconnect, device number 23
[  173.969635][ T7131] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  174.021330][   T30] audit: type=1326 audit(1743664821.412:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7115 comm="syz.4.336" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf747d579 code=0x7ffc0000
[  174.059639][   T30] audit: type=1326 audit(1743664821.412:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7115 comm="syz.4.336" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000
[  174.081516][    C1] vkms_vblank_simulate: vblank timer overrun
[  174.095979][   T30] audit: type=1326 audit(1743664821.412:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7115 comm="syz.4.336" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000
[  174.188602][   T30] audit: type=1326 audit(1743664821.442:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7115 comm="syz.4.336" exe="/root/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf747d579 code=0x7ffc0000
[  174.415017][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout
[  174.421294][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout
[  174.485290][ T5844] Bluetooth: hci4: command 0x0c1a tx timeout
[  174.485299][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout
[  174.823304][ T7143] FAULT_INJECTION: forcing a failure.
[  174.823304][ T7143] name failslab, interval 1, probability 0, space 0, times 0
[  174.838592][ T7143] CPU: 0 UID: 0 PID: 7143 Comm: syz.3.341 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  174.838621][ T7143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  174.838634][ T7143] Call Trace:
[  174.838642][ T7143]  <TASK>
[  174.838651][ T7143]  dump_stack_lvl+0x241/0x360
[  174.838689][ T7143]  ? __pfx_dump_stack_lvl+0x10/0x10
[  174.838718][ T7143]  ? __pfx__printk+0x10/0x10
[  174.838751][ T7143]  ? __pfx___might_resched+0x10/0x10
[  174.838781][ T7143]  should_fail_ex+0x424/0x570
[  174.838825][ T7143]  should_failslab+0xac/0x100
[  174.838855][ T7143]  kmem_cache_alloc_lru_noprof+0x7d/0x390
[  174.838883][ T7143]  ? sock_alloc_inode+0x28/0xc0
[  174.838912][ T7143]  sock_alloc_inode+0x28/0xc0
[  174.838933][ T7143]  ? __pfx_sock_alloc_inode+0x10/0x10
[  174.838954][ T7143]  alloc_inode+0x69/0x1b0
[  174.838985][ T7143]  __sock_create+0x127/0xa30
[  174.839020][ T7143]  mptcp_subflow_create_socket+0x12d/0xd10
[  174.839064][ T7143]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  174.839091][ T7143]  ? aa_label_sk_perm+0x4f4/0x6d0
[  174.839117][ T7143]  __mptcp_nmpc_sk+0x18c/0x830
[  174.839165][ T7143]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  174.839202][ T7143]  mptcp_connect+0x71/0xc30
[  174.839219][ T7143]  ? register_lock_class+0x54/0x330
[  174.839244][ T7143]  __inet_stream_connect+0x2a7/0xfb0
[  174.839289][ T7143]  ? __local_bh_enable_ip+0x168/0x200
[  174.839307][ T7143]  ? lockdep_hardirqs_on+0x9d/0x150
[  174.839328][ T7143]  ? __pfx___inet_stream_connect+0x10/0x10
[  174.839358][ T7143]  ? __local_bh_enable_ip+0x168/0x200
[  174.839378][ T7143]  ? inet_stream_connect+0x50/0xa0
[  174.839407][ T7143]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  174.839440][ T7143]  inet_stream_connect+0x65/0xa0
[  174.839474][ T7143]  __sys_connect+0x28c/0x2d0
[  174.839501][ T7143]  ? __fget_files+0x2a/0x420
[  174.839519][ T7143]  ? __pfx___sys_connect+0x10/0x10
[  174.839570][ T7143]  __ia32_sys_connect+0x7a/0x90
[  174.839599][ T7143]  __do_fast_syscall_32+0xb4/0x110
[  174.839620][ T7143]  ? exc_page_fault+0x5f8/0x920
[  174.839657][ T7143]  do_fast_syscall_32+0x34/0x80
[  174.839679][ T7143]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  174.839703][ T7143] RIP: 0023:0xf748d579
[  174.839730][ T7143] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  174.839745][ T7143] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 000000000000016a
[  174.839764][ T7143] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  174.839777][ T7143] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000
[  174.839788][ T7143] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  174.839798][ T7143] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  174.839817][ T7143] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  174.839845][ T7143]  </TASK>
[  174.839888][ T7143] socket: no more sockets
[  175.146573][ T7144] QAT: Device 250 not found
[  175.698181][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout
[  176.212912][   T10] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  176.393178][   T10] usb 4-1: Using ep0 maxpacket: 32
[  176.420283][   T10] usb 4-1: config 0 has an invalid interface number: 109 but max is 0
[  176.441255][   T10] usb 4-1: config 0 has no interface number 0
[  176.456475][   T10] usb 4-1: config 0 has an invalid interface number: 109 but max is 0
[  176.465985][   T10] usb 4-1: config 0 has no interface number 0
[  176.479523][ T7168] bridge_slave_0: left allmulticast mode
[  176.490101][ T5844] Bluetooth: hci1: command 0x0c1a tx timeout
[  176.490142][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout
[  176.514632][ T7168] bridge_slave_0: left promiscuous mode
[  176.520468][ T7168] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.521882][   T10] usb 4-1: config 0 has an invalid interface number: 109 but max is 0
[  176.584138][   T10] usb 4-1: config 0 has no interface number 0
[  176.606550][ T5838] Bluetooth: hci4: command 0x0c1a tx timeout
[  176.612618][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout
[  176.673466][ T7171] netlink: 4 bytes leftover after parsing attributes in process `syz.2.348'.
[  176.684604][ T7168] bridge_slave_1: left allmulticast mode
[  176.690247][ T7168] bridge_slave_1: left promiscuous mode
[  176.696317][ T7168] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.720508][ T7168] bond0: (slave bond_slave_0): Releasing backup interface
[  176.727433][   T10] usb 4-1: config 0 has an invalid interface number: 109 but max is 0
[  176.767144][   T10] usb 4-1: config 0 has no interface number 0
[  176.767704][ T7168] bond0: (slave bond_slave_1): Releasing backup interface
[  176.841203][   T10] usb 4-1: config 0 has an invalid interface number: 109 but max is 0
[  176.875273][ T7168] team0: Port device team_slave_0 removed
[  176.895601][ T7168] team0: Port device team_slave_1 removed
[  176.899488][   T10] usb 4-1: config 0 has no interface number 0
[  176.916856][   T10] usb 4-1: config 0 has an invalid interface number: 109 but max is 0
[  176.926460][ T7176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  176.934991][   T10] usb 4-1: config 0 has no interface number 0
[  176.937363][ T7168] batman_adv: batadv0: Removing interface: batadv_slave_1
[  176.949183][   T10] usb 4-1: New USB device found, idVendor=055f, idProduct=a800, bcdDevice=72.1d
[  176.964129][ T7172] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  176.983168][ T7176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  176.984160][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.030282][ T7170] vlan0: entered promiscuous mode
[  177.042630][   T10] usb 4-1: Product: syz
[  177.072996][   T10] usb 4-1: Manufacturer: syz
[  177.080248][   T10] usb 4-1: SerialNumber: syz
[  177.107457][   T10] usb 4-1: config 0 descriptor??
[  177.132321][ T7180] can: request_module (can-proto-3) failed.
[  177.292091][ T7183] input: syz1 as /devices/virtual/input/input28
[  177.828820][ T7192] netlink: 112 bytes leftover after parsing attributes in process `syz.4.356'.
[  178.159062][ T7203] bridge1: entered promiscuous mode
[  178.175405][ T7203] bridge1: entered allmulticast mode
[  178.475038][ T7207] netlink: 28 bytes leftover after parsing attributes in process `syz.2.360'.
[  178.500887][ T7213] syzkaller0: entered promiscuous mode
[  178.506469][ T7213] syzkaller0: entered allmulticast mode
[  178.543151][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.360'.
[  178.563858][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout
[  178.573279][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout
[  178.644852][ T5838] Bluetooth: hci4: command 0x0c1a tx timeout
[  178.645052][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout
[  178.884221][   T10] mdc800 4-1:0.109: probe fails -> wrong Number of Configuration
[  178.927026][   T10] usb 4-1: USB disconnect, device number 24
[  179.042386][ T7225] netlink: 112 bytes leftover after parsing attributes in process `syz.3.367'.
[  179.088682][ T7224] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  179.199507][ T7230] netlink: 4 bytes leftover after parsing attributes in process `syz.0.368'.
[  179.245120][ T5844] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260
[  179.660492][ T7240] netlink: 4 bytes leftover after parsing attributes in process `syz.2.371'.
[  180.431132][ T7263] FAULT_INJECTION: forcing a failure.
[  180.431132][ T7263] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  180.488222][ T7258] netlink: 28 bytes leftover after parsing attributes in process `syz.4.375'.
[  180.545884][ T7263] CPU: 0 UID: 0 PID: 7263 Comm: syz.3.376 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  180.545912][ T7263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  180.545924][ T7263] Call Trace:
[  180.545932][ T7263]  <TASK>
[  180.545941][ T7263]  dump_stack_lvl+0x241/0x360
[  180.545977][ T7263]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.546003][ T7263]  ? __pfx__printk+0x10/0x10
[  180.546043][ T7263]  should_fail_ex+0x424/0x570
[  180.546090][ T7263]  _copy_from_user+0x2d/0xb0
[  180.546118][ T7263]  video_usercopy+0x3bf/0x1330
[  180.546158][ T7263]  ? __pfx_subdev_do_ioctl_lock+0x10/0x10
[  180.546185][ T7263]  ? __pfx_video_usercopy+0x10/0x10
[  180.546230][ T7263]  ? __fget_files+0x2a/0x420
[  180.546253][ T7263]  v4l2_ioctl+0x189/0x1e0
[  180.546284][ T7263]  v4l2_compat_ioctl32+0x1d7/0x260
[  180.546315][ T7263]  __se_compat_sys_ioctl+0x50e/0xc30
[  180.546343][ T7263]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[  180.546368][ T7263]  ? __fget_files+0x2a/0x420
[  180.546392][ T7263]  ? fput+0x9b/0xd0
[  180.546409][ T7263]  ? ksys_write+0x275/0x2d0
[  180.546440][ T7263]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  180.546459][ T7263]  ? lockdep_hardirqs_on+0x9d/0x150
[  180.546481][ T7263]  __do_fast_syscall_32+0xb4/0x110
[  180.546499][ T7263]  ? exc_page_fault+0x5f8/0x920
[  180.546533][ T7263]  do_fast_syscall_32+0x34/0x80
[  180.546553][ T7263]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  180.546577][ T7263] RIP: 0023:0xf748d579
[  180.546593][ T7263] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  180.546608][ T7263] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  180.546628][ T7263] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004020565a
[  180.546641][ T7263] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  180.546652][ T7263] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  180.546662][ T7263] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  180.546673][ T7263] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  180.546700][ T7263]  </TASK>
[  180.556307][ T7258] netlink: 4 bytes leftover after parsing attributes in process `syz.4.375'.
[  181.573441][ T5894] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  181.838406][ T7271] netlink: 112 bytes leftover after parsing attributes in process `syz.4.379'.
[  181.859526][ T5894] usb 4-1: Using ep0 maxpacket: 32
[  181.900017][ T5894] usb 4-1: config 0 has an invalid interface number: 109 but max is 0
[  181.938193][ T5894] usb 4-1: config 0 has no interface number 0
[  181.967978][ T5894] usb 4-1: config 0 has an invalid interface number: 109 but max is 0
[  182.005283][ T5894] usb 4-1: config 0 has no interface number 0
[  182.030855][ T5894] usb 4-1: config 0 has an invalid interface number: 109 but max is 0
[  182.070320][ T5894] usb 4-1: config 0 has no interface number 0
[  182.111927][ T7278] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  182.126418][ T5894] usb 4-1: config 0 has an invalid interface number: 109 but max is 0
[  182.160143][ T5894] usb 4-1: config 0 has no interface number 0
[  182.223339][ T5894] usb 4-1: config 0 has an invalid interface number: 109 but max is 0
[  182.233341][ T5894] usb 4-1: config 0 has no interface number 0
[  182.263462][ T5894] usb 4-1: config 0 has an invalid interface number: 109 but max is 0
[  182.271678][ T5894] usb 4-1: config 0 has no interface number 0
[  182.309277][ T5894] usb 4-1: New USB device found, idVendor=055f, idProduct=a800, bcdDevice=72.1d
[  182.328662][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.350929][ T5894] usb 4-1: Product: syz
[  182.366510][ T5894] usb 4-1: Manufacturer: syz
[  182.378356][ T5894] usb 4-1: SerialNumber: syz
[  182.389473][ T5894] usb 4-1: config 0 descriptor??
[  183.172508][ T7293] FAULT_INJECTION: forcing a failure.
[  183.172508][ T7293] name failslab, interval 1, probability 0, space 0, times 0
[  183.185844][ T7293] CPU: 1 UID: 0 PID: 7293 Comm: syz.2.383 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  183.185882][ T7293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  183.185893][ T7293] Call Trace:
[  183.185900][ T7293]  <TASK>
[  183.185908][ T7293]  dump_stack_lvl+0x241/0x360
[  183.185940][ T7293]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.185967][ T7293]  ? __pfx__printk+0x10/0x10
[  183.185995][ T7293]  ? __pfx___might_resched+0x10/0x10
[  183.186023][ T7293]  should_fail_ex+0x424/0x570
[  183.186056][ T7293]  should_failslab+0xac/0x100
[  183.186082][ T7293]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  183.186108][ T7293]  ? dup_task_struct+0x57/0x870
[  183.186132][ T7293]  dup_task_struct+0x57/0x870
[  183.186149][ T7293]  ? _raw_spin_unlock_irq+0x23/0x50
[  183.186173][ T7293]  ? lockdep_hardirqs_on+0x9d/0x150
[  183.186194][ T7293]  copy_process+0x5dc/0x3d10
[  183.186219][ T7293]  ? stack_depot_save_flags+0x44/0x940
[  183.186245][ T7293]  ? kasan_save_track+0x51/0x80
[  183.186263][ T7293]  ? kasan_save_track+0x3f/0x80
[  183.186283][ T7293]  ? create_io_worker+0xae/0x5e0
[  183.186301][ T7293]  ? io_wq_enqueue+0x7b7/0xa10
[  183.186316][ T7293]  ? io_queue_iowq+0x433/0x670
[  183.186341][ T7293]  ? io_queue_async+0x3f9/0x4e0
[  183.186358][ T7293]  ? io_submit_sqes+0xdfc/0x1ce0
[  183.186372][ T7293]  ? __se_sys_io_uring_enter+0x2cd/0x3560
[  183.186391][ T7293]  ? __pfx_copy_process+0x10/0x10
[  183.186420][ T7293]  ? __pfx_io_wq_worker+0x10/0x10
[  183.186439][ T7293]  ? __pfx_io_wq_worker+0x10/0x10
[  183.186459][ T7293]  create_io_thread+0x16c/0x1e0
[  183.186482][ T7293]  ? __pfx_create_io_thread+0x10/0x10
[  183.186510][ T7293]  ? __pfx_io_wq_worker+0x10/0x10
[  183.186535][ T7293]  ? __raw_spin_lock_init+0x45/0x100
[  183.186562][ T7293]  ? __init_swait_queue_head+0xae/0x150
[  183.186592][ T7293]  ? create_io_worker+0x27/0x5e0
[  183.186609][ T7293]  create_io_worker+0x186/0x5e0
[  183.186633][ T7293]  io_wq_enqueue+0x7b7/0xa10
[  183.186656][ T7293]  ? __pfx_io_wq_enqueue+0x10/0x10
[  183.186672][ T7293]  ? __pfx_io_wq_work_match_item+0x10/0x10
[  183.186703][ T7293]  io_queue_iowq+0x433/0x670
[  183.186735][ T7293]  io_queue_async+0x3f9/0x4e0
[  183.186763][ T7293]  io_submit_sqes+0xdfc/0x1ce0
[  183.186827][ T7293]  __se_sys_io_uring_enter+0x2cd/0x3560
[  183.186865][ T7293]  ? rcu_read_lock_any_held+0xbb/0x160
[  183.186911][ T7293]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  183.186943][ T7293]  ? vfs_write+0xb29/0xd10
[  183.186978][ T7293]  ? ksys_write+0x24e/0x2d0
[  183.187009][ T7293]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  183.187038][ T7293]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  183.187059][ T7293]  ? __fget_files+0x2a/0x420
[  183.187082][ T7293]  ? __fget_files+0x2a/0x420
[  183.187108][ T7293]  ? fput+0x9b/0xd0
[  183.187126][ T7293]  ? ksys_write+0x275/0x2d0
[  183.187160][ T7293]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  183.187180][ T7293]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[  183.187206][ T7293]  __do_fast_syscall_32+0xb4/0x110
[  183.187228][ T7293]  ? exc_page_fault+0x5f8/0x920
[  183.187265][ T7293]  do_fast_syscall_32+0x34/0x80
[  183.187288][ T7293]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  183.187313][ T7293] RIP: 0023:0xf742d579
[  183.187330][ T7293] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  183.187348][ T7293] RSP: 002b:00000000f507455c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[  183.187370][ T7293] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000000047f6
[  183.187385][ T7293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  183.187397][ T7293] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  183.187409][ T7293] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  183.187422][ T7293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  183.187452][ T7293]  </TASK>
[  183.567807][    C1] vkms_vblank_simulate: vblank timer overrun
[  184.041303][ T5894] mdc800 4-1:0.109: probe fails -> wrong Number of Configuration
[  184.069985][ T5894] usb 4-1: USB disconnect, device number 25
[  184.080249][ T7307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  184.089075][ T7307] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  184.099733][ T7307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  184.108568][ T7307] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  184.389970][ T7310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  184.401160][ T7310] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.914952][ T7317] netlink: 28 bytes leftover after parsing attributes in process `syz.3.391'.
[  185.926950][ T7317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.391'.
[  186.363741][ T7325] netlink: 68 bytes leftover after parsing attributes in process `syz.2.393'.
[  187.234314][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.394'.
[  187.249384][ T5844] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  187.335101][ T7335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  187.351452][ T7335] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  187.361957][ T7335] veth0_to_batadv: entered promiscuous mode
[  187.368548][ T7335] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  187.463248][ T7338] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2
[  187.646446][ T7335] batman_adv: batadv0: Removing interface: batadv_slave_0
[  187.692526][ T7340] input: syz0 as /devices/virtual/input/input29
[  187.780454][ T7343] netlink: 4 bytes leftover after parsing attributes in process `syz.4.398'.
[  188.196811][ T7350] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  188.206783][ T7350] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.359019][ T7353] netlink: 4 bytes leftover after parsing attributes in process `syz.4.401'.
[  188.380745][ T5844] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  189.089936][ T7357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.140272][ T7357] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.474639][ T7362] netlink: 68 bytes leftover after parsing attributes in process `syz.0.404'.
[  189.713508][ T7371] netlink: 8 bytes leftover after parsing attributes in process `syz.0.407'.
[  189.724662][ T7371] netlink: 24 bytes leftover after parsing attributes in process `syz.0.407'.
[  190.036285][ T7379] FAULT_INJECTION: forcing a failure.
[  190.036285][ T7379] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  190.079332][ T7379] CPU: 0 UID: 0 PID: 7379 Comm: syz.0.410 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  190.079357][ T7379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  190.079366][ T7379] Call Trace:
[  190.079372][ T7379]  <TASK>
[  190.079378][ T7379]  dump_stack_lvl+0x241/0x360
[  190.079402][ T7379]  ? __pfx_dump_stack_lvl+0x10/0x10
[  190.079422][ T7379]  ? __pfx__printk+0x10/0x10
[  190.079448][ T7379]  should_fail_ex+0x424/0x570
[  190.079472][ T7379]  _copy_from_user+0x2d/0xb0
[  190.079491][ T7379]  mfill_atomic_copy+0xcee/0x1b80
[  190.079523][ T7379]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  190.079558][ T7379]  userfaultfd_ioctl+0x2b87/0x6a80
[  190.079587][ T7379]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  190.079604][ T7379]  ? stack_trace_save+0x11a/0x1d0
[  190.079625][ T7379]  ? __pfx_stack_trace_save+0x10/0x10
[  190.079644][ T7379]  ? stack_depot_save_flags+0x44/0x940
[  190.079662][ T7379]  ? kasan_save_track+0x51/0x80
[  190.079677][ T7379]  ? kasan_save_track+0x3f/0x80
[  190.079690][ T7379]  ? kasan_save_free_info+0x40/0x50
[  190.079700][ T7379]  ? __kasan_slab_free+0x59/0x70
[  190.079714][ T7379]  ? kfree+0x198/0x430
[  190.079729][ T7379]  ? tomoyo_path_number_perm+0x5fd/0x790
[  190.079743][ T7379]  ? security_file_ioctl_compat+0xc6/0x2a0
[  190.079757][ T7379]  ? __se_compat_sys_ioctl+0xd8/0xc30
[  190.079773][ T7379]  ? do_vfs_ioctl+0xef8/0x2750
[  190.079791][ T7379]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  190.079824][ T7379]  ? kasan_quarantine_put+0xdc/0x230
[  190.079837][ T7379]  ? lockdep_hardirqs_on+0x9d/0x150
[  190.079859][ T7379]  ? tomoyo_path_number_perm+0x684/0x790
[  190.079874][ T7379]  ? __lock_acquire+0xad5/0xd80
[  190.079888][ T7379]  ? tomoyo_path_number_perm+0x215/0x790
[  190.079905][ T7379]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  190.079943][ T7379]  ? __fget_files+0x2a/0x420
[  190.079954][ T7379]  ? __fget_files+0x2a/0x420
[  190.079967][ T7379]  ? __fget_files+0x2a/0x420
[  190.079983][ T7379]  __se_compat_sys_ioctl+0x50e/0xc30
[  190.080001][ T7379]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[  190.080017][ T7379]  ? __fget_files+0x2a/0x420
[  190.080032][ T7379]  ? fput+0x9b/0xd0
[  190.080043][ T7379]  ? ksys_write+0x275/0x2d0
[  190.080062][ T7379]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  190.080074][ T7379]  ? lockdep_hardirqs_on+0x9d/0x150
[  190.080088][ T7379]  __do_fast_syscall_32+0xb4/0x110
[  190.080101][ T7379]  ? exc_page_fault+0x5f8/0x920
[  190.080123][ T7379]  do_fast_syscall_32+0x34/0x80
[  190.080137][ T7379]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  190.080153][ T7379] RIP: 0023:0xf7fc7579
[  190.080163][ T7379] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  190.080174][ T7379] RSP: 002b:00000000f50e655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  190.080188][ T7379] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c028aa03
[  190.080196][ T7379] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  190.080204][ T7379] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  190.080211][ T7379] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  190.080218][ T7379] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  190.080235][ T7379]  </TASK>
[  191.332780][ T5895] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  191.482873][ T5895] usb 4-1: device descriptor read/64, error -71
[  191.742740][ T5895] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  191.902944][ T5895] usb 4-1: device descriptor read/64, error -71
[  192.022934][ T5895] usb usb4-port1: attempt power cycle
[  192.384626][ T5895] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  192.423375][ T5895] usb 4-1: device descriptor read/8, error -71
[  192.602837][ T5844] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  192.711297][ T7427] netlink: 68 bytes leftover after parsing attributes in process `syz.0.417'.
[  192.744555][ T5895] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  193.022755][ T5895] usb 4-1: device descriptor read/8, error -71
[  193.177676][ T7438] input: syz0 as /devices/virtual/input/input30
[  193.200969][ T5895] usb usb4-port1: unable to enumerate USB device
[  193.329865][ T7441] input: syz0 as /devices/virtual/input/input31
[  194.131735][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  194.140520][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  195.153652][ T7466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.162450][ T7466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  196.357417][ T7497] netlink: 68 bytes leftover after parsing attributes in process `syz.2.430'.
[  196.605616][ T5894] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  197.017522][ T5894] usb 4-1: config 0 has an invalid interface number: 4 but max is 0
[  197.055063][ T5894] usb 4-1: config 0 has no interface number 0
[  197.077243][ T5894] usb 4-1: config 0 interface 4 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  197.117709][ T5894] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=9e.6e
[  197.139793][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.226673][ T5894] usb 4-1: Product: syz
[  197.231620][ T7515] fuse: Unknown parameter ''
[  197.251362][ T5894] usb 4-1: Manufacturer: syz
[  197.260297][ T5894] usb 4-1: SerialNumber: syz
[  197.326984][ T5894] usb 4-1: config 0 descriptor??
[  197.688099][ T7523] input: syz0 as /devices/virtual/input/input32
[  197.798410][ T7498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.824910][ T7498] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.970991][ T7550] FAULT_INJECTION: forcing a failure.
[  198.970991][ T7550] name failslab, interval 1, probability 0, space 0, times 0
[  198.994085][ T7550] CPU: 0 UID: 0 PID: 7550 Comm: syz.0.439 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  198.994113][ T7550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  198.994125][ T7550] Call Trace:
[  198.994133][ T7550]  <TASK>
[  198.994141][ T7550]  dump_stack_lvl+0x241/0x360
[  198.994176][ T7550]  ? __pfx_dump_stack_lvl+0x10/0x10
[  198.994204][ T7550]  ? __pfx__printk+0x10/0x10
[  198.994235][ T7550]  ? __pfx___might_resched+0x10/0x10
[  198.994264][ T7550]  should_fail_ex+0x424/0x570
[  198.994299][ T7550]  should_failslab+0xac/0x100
[  198.994328][ T7550]  __kvmalloc_node_noprof+0x170/0x5a0
[  198.994354][ T7550]  ? nf_hook_entries_grow+0x290/0x740
[  198.994383][ T7550]  nf_hook_entries_grow+0x290/0x740
[  198.994416][ T7550]  __nf_register_net_hook+0x278/0x8e0
[  198.994452][ T7550]  nf_register_net_hook+0xb0/0x190
[  198.994476][ T7550]  nf_register_net_hooks+0x41/0x1a0
[  198.994502][ T7550]  nf_ct_netns_do_get+0x37d/0x680
[  198.994529][ T7550]  ? __pfx_nf_ct_netns_do_get+0x10/0x10
[  198.994560][ T7550]  ? __raw_spin_lock_init+0x45/0x100
[  198.994591][ T7550]  nf_ct_netns_get+0x45/0xb0
[  198.994613][ T7550]  nft_connlimit_do_init+0x1ca/0x2c0
[  198.994640][ T7550]  nft_set_elem_expr_alloc+0x20c/0x610
[  198.994664][ T7550]  ? __pfx_nft_set_elem_expr_alloc+0x10/0x10
[  198.994699][ T7550]  ? nft_rhash_init+0x30a/0x430
[  198.994724][ T7550]  ? __pfx_nft_rhash_init+0x10/0x10
[  198.994743][ T7550]  ? lockdep_hardirqs_on+0x9d/0x150
[  198.994781][ T7550]  ? __pfx_nft_rhash_key+0x10/0x10
[  198.994800][ T7550]  ? __pfx_nft_rhash_obj+0x10/0x10
[  198.994819][ T7550]  ? __pfx_nft_rhash_cmp+0x10/0x10
[  198.994843][ T7550]  nft_set_expr_alloc+0x385/0x770
[  198.994869][ T7550]  nf_tables_newset+0x245f/0x30e0
[  198.994914][ T7550]  ? __pfx_nf_tables_newset+0x10/0x10
[  198.994962][ T7550]  ? __nla_parse+0x40/0x60
[  198.994987][ T7550]  nfnetlink_rcv+0x12eb/0x28f0
[  198.995048][ T7550]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  198.995128][ T7550]  ? skb_clone+0x240/0x390
[  198.995158][ T7550]  ? netlink_deliver_tap+0x2e/0x1b0
[  198.995183][ T7550]  ? netlink_deliver_tap+0x2e/0x1b0
[  198.995207][ T7550]  netlink_unicast+0x7f8/0x9a0
[  198.995236][ T7550]  ? __pfx_netlink_unicast+0x10/0x10
[  198.995258][ T7550]  ? skb_put+0x114/0x1f0
[  198.995288][ T7550]  netlink_sendmsg+0x8c3/0xcd0
[  198.995324][ T7550]  ? __pfx_netlink_sendmsg+0x10/0x10
[  198.995350][ T7550]  ? __import_iovec+0x585/0x830
[  198.995372][ T7550]  ? aa_sock_msg_perm+0x91/0x160
[  198.995403][ T7550]  ? __pfx_netlink_sendmsg+0x10/0x10
[  198.995423][ T7550]  __sock_sendmsg+0x221/0x270
[  198.995448][ T7550]  ____sys_sendmsg+0x523/0x860
[  198.995474][ T7550]  ? __pfx_____sys_sendmsg+0x10/0x10
[  198.995507][ T7550]  __sys_sendmsg+0x271/0x360
[  198.995530][ T7550]  ? __pfx___sys_sendmsg+0x10/0x10
[  198.995596][ T7550]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  198.995614][ T7550]  ? lockdep_hardirqs_on+0x9d/0x150
[  198.995634][ T7550]  __do_fast_syscall_32+0xb4/0x110
[  198.995653][ T7550]  ? exc_page_fault+0x5f8/0x920
[  198.995684][ T7550]  do_fast_syscall_32+0x34/0x80
[  198.995703][ T7550]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  198.995724][ T7550] RIP: 0023:0xf7fc7579
[  198.995740][ T7550] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  198.995761][ T7550] RSP: 002b:00000000f50e655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  198.995780][ T7550] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  198.995793][ T7550] RDX: 0000000020050800 RSI: 0000000000000000 RDI: 0000000000000000
[  198.995803][ T7550] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  198.995813][ T7550] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  198.995822][ T7550] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  198.995848][ T7550]  </TASK>
[  199.443249][ T5895] usb 4-1: USB disconnect, device number 30
[  199.584828][ T7556] netlink: 68 bytes leftover after parsing attributes in process `syz.0.441'.
[  199.697431][ T7558] bridge0: entered promiscuous mode
[  199.703069][ T7558] macvlan2: entered promiscuous mode
[  199.722058][ T7558] macvlan3: entered promiscuous mode
[  200.213081][ T7579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  200.222170][ T7579] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  201.069463][ T7589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.262798][ T7593] input: syz0 as /devices/virtual/input/input33
[  201.329533][ T7589] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  202.751748][ T7615] netlink: 68 bytes leftover after parsing attributes in process `syz.1.454'.
[  202.768329][ T7612] QAT: Device 250 not found
[  203.354781][   T30] audit: type=1800 audit(1743664851.602:477): pid=7623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.455" name=20019C1437B3CFFCC3A25729B50F dev="mqueue" ino=19686 res=0 errno=0
[  203.658427][ T7630] netlink: 28 bytes leftover after parsing attributes in process `syz.3.457'.
[  203.732207][ T7635] netlink: 12 bytes leftover after parsing attributes in process `syz.2.459'.
[  203.787377][ T7630] netlink: 4 bytes leftover after parsing attributes in process `syz.3.457'.
[  204.111681][ T7644] QAT: Device 250 not found
[  204.129895][ T7646] FAULT_INJECTION: forcing a failure.
[  204.129895][ T7646] name failslab, interval 1, probability 0, space 0, times 0
[  204.266672][ T7646] CPU: 1 UID: 0 PID: 7646 Comm: syz.3.462 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  204.266699][ T7646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  204.266710][ T7646] Call Trace:
[  204.266718][ T7646]  <TASK>
[  204.266726][ T7646]  dump_stack_lvl+0x241/0x360
[  204.266760][ T7646]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.266791][ T7646]  ? __pfx__printk+0x10/0x10
[  204.266839][ T7646]  ? __pfx___might_resched+0x10/0x10
[  204.266871][ T7646]  should_fail_ex+0x424/0x570
[  204.266910][ T7646]  should_failslab+0xac/0x100
[  204.266943][ T7646]  __kmalloc_cache_noprof+0x73/0x370
[  204.266972][ T7646]  ? device_add+0xc1/0xbf0
[  204.266999][ T7646]  device_add+0xc1/0xbf0
[  204.267022][ T7646]  ? device_initialize+0x266/0x460
[  204.267048][ T7646]  netdev_register_kobject+0x157/0x2f0
[  204.267098][ T7646]  register_netdevice+0x12b0/0x1b80
[  204.267137][ T7646]  ? __pfx_register_netdevice+0x10/0x10
[  204.267158][ T7646]  ? dev_addr_mod+0xf4/0x430
[  204.267191][ T7646]  ? __asan_memset+0x23/0x50
[  204.267223][ T7646]  ip6gre_newlink_common+0x4b8/0x6d0
[  204.267258][ T7646]  ? __pfx_ip6gre_newlink_common+0x10/0x10
[  204.267285][ T7646]  ? lockdep_rtnl_is_held+0x26/0x40
[  204.267304][ T7646]  ? ip6gre_tunnel_find+0x55c/0x600
[  204.267343][ T7646]  ip6gre_newlink+0x251/0x380
[  204.267366][ T7646]  ? __pfx_ip6gre_newlink+0x10/0x10
[  204.267392][ T7646]  rtnl_newlink_create+0x39b/0xcb0
[  204.267426][ T7646]  ? __mutex_lock+0x380/0x10c0
[  204.267452][ T7646]  ? __pfx_aa_get_newest_label+0x10/0x10
[  204.267485][ T7646]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  204.267519][ T7646]  ? __pfx___mutex_lock+0x10/0x10
[  204.267552][ T7646]  ? ns_capable+0x8a/0xf0
[  204.267578][ T7646]  rtnl_newlink+0x18b0/0x1fe0
[  204.267626][ T7646]  ? __pfx_rtnl_newlink+0x10/0x10
[  204.267661][ T7646]  ? __lock_acquire+0xad5/0xd80
[  204.267691][ T7646]  ? __lock_acquire+0xad5/0xd80
[  204.267716][ T7646]  ? __lock_acquire+0xad5/0xd80
[  204.267758][ T7646]  ? is_bpf_text_address+0x26/0x2a0
[  204.267788][ T7646]  ? is_bpf_text_address+0x288/0x2a0
[  204.267810][ T7646]  ? is_bpf_text_address+0x26/0x2a0
[  204.267835][ T7646]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  204.267867][ T7646]  ? kernel_text_address+0xa7/0xe0
[  204.267888][ T7646]  ? __kernel_text_address+0xd/0x40
[  204.267913][ T7646]  ? aa_get_newest_label+0x101/0x6f0
[  204.267949][ T7646]  ? __lock_acquire+0xad5/0xd80
[  204.267994][ T7646]  ? __pfx_rtnl_newlink+0x10/0x10
[  204.268033][ T7646]  rtnetlink_rcv_msg+0x80f/0xd70
[  204.268061][ T7646]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  204.268088][ T7646]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  204.268109][ T7646]  ? __lock_acquire+0xad5/0xd80
[  204.268142][ T7646]  netlink_rcv_skb+0x208/0x480
[  204.268167][ T7646]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  204.268191][ T7646]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  204.268231][ T7646]  ? netlink_deliver_tap+0x2e/0x1b0
[  204.268256][ T7646]  ? netlink_deliver_tap+0x2e/0x1b0
[  204.268280][ T7646]  netlink_unicast+0x7f8/0x9a0
[  204.268308][ T7646]  ? __pfx_netlink_unicast+0x10/0x10
[  204.268330][ T7646]  ? skb_put+0x114/0x1f0
[  204.268361][ T7646]  netlink_sendmsg+0x8c3/0xcd0
[  204.268396][ T7646]  ? __pfx_netlink_sendmsg+0x10/0x10
[  204.268422][ T7646]  ? __import_iovec+0x585/0x830
[  204.268445][ T7646]  ? aa_sock_msg_perm+0x91/0x160
[  204.268474][ T7646]  ? __pfx_netlink_sendmsg+0x10/0x10
[  204.268494][ T7646]  __sock_sendmsg+0x221/0x270
[  204.268518][ T7646]  ____sys_sendmsg+0x523/0x860
[  204.268544][ T7646]  ? __pfx_____sys_sendmsg+0x10/0x10
[  204.268576][ T7646]  __sys_sendmsg+0x271/0x360
[  204.268599][ T7646]  ? __pfx___sys_sendmsg+0x10/0x10
[  204.268664][ T7646]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  204.268682][ T7646]  ? lockdep_hardirqs_on+0x9d/0x150
[  204.268701][ T7646]  __do_fast_syscall_32+0xb4/0x110
[  204.268719][ T7646]  ? exc_page_fault+0x5f8/0x920
[  204.268752][ T7646]  do_fast_syscall_32+0x34/0x80
[  204.268770][ T7646]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  204.268791][ T7646] RIP: 0023:0xf748d579
[  204.268807][ T7646] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  204.268821][ T7646] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  204.268840][ T7646] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  204.268852][ T7646] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  204.268862][ T7646] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  204.268873][ T7646] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  204.268883][ T7646] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  204.268909][ T7646]  </TASK>
[  204.847706][ T7650] netlink: 4 bytes leftover after parsing attributes in process `syz.1.464'.
[  204.940108][ T7650] geneve2: entered promiscuous mode
[  204.942347][ T7654] netlink: 68 bytes leftover after parsing attributes in process `syz.0.465'.
[  205.518929][ T7661] netlink: 32 bytes leftover after parsing attributes in process `syz.0.467'.
[  205.706598][ T7668] QAT: Device 250 not found
[  205.769387][   T47] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  205.965933][   T47] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  206.352460][ T7671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.402201][ T7674] netlink: 8 bytes leftover after parsing attributes in process `syz.4.471'.
[  206.412468][ T7671] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  206.425348][ T7671] netlink: 'syz.0.470': attribute type 1 has an invalid length.
[  206.483639][ T7674] netlink: 24 bytes leftover after parsing attributes in process `syz.4.471'.
[  206.637903][ T7671] bond1: entered promiscuous mode
[  206.652772][ T7671] bond1: entered allmulticast mode
[  206.701751][ T7672] bond1: (slave geneve2): making interface the new active one
[  206.733103][ T7682] ALSA: mixer_oss: invalid OSS volume ''
[  206.759213][ T7672] geneve2: entered promiscuous mode
[  206.823750][   T30] audit: type=1326 audit(1743664855.072:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7680 comm="syz.4.474" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x0
[  206.835039][ T7672] geneve2: entered allmulticast mode
[  206.856690][ T7672] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  206.907681][ T7690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.476'.
[  206.947611][ T7683] netlink: 28 bytes leftover after parsing attributes in process `syz.2.473'.
[  206.957476][ T7683] netlink: 4 bytes leftover after parsing attributes in process `syz.2.473'.
[  206.985352][ T7682] netlink: 8 bytes leftover after parsing attributes in process `syz.4.474'.
[  207.119537][ T7699] FAULT_INJECTION: forcing a failure.
[  207.119537][ T7699] name failslab, interval 1, probability 0, space 0, times 0
[  207.142398][ T7699] CPU: 1 UID: 0 PID: 7699 Comm: syz.3.477 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  207.142424][ T7699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  207.142436][ T7699] Call Trace:
[  207.142443][ T7699]  <TASK>
[  207.142451][ T7699]  dump_stack_lvl+0x241/0x360
[  207.142483][ T7699]  ? __pfx_dump_stack_lvl+0x10/0x10
[  207.142510][ T7699]  ? __pfx__printk+0x10/0x10
[  207.142546][ T7699]  should_fail_ex+0x424/0x570
[  207.142578][ T7699]  should_failslab+0xac/0x100
[  207.142604][ T7699]  __kmalloc_cache_noprof+0x73/0x370
[  207.142629][ T7699]  ? sctp_add_bind_addr+0x89/0x3a0
[  207.142657][ T7699]  sctp_add_bind_addr+0x89/0x3a0
[  207.142681][ T7699]  sctp_copy_local_addr_list+0x313/0x500
[  207.142702][ T7699]  ? sctp_copy_local_addr_list+0xad/0x500
[  207.142722][ T7699]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  207.142744][ T7699]  ? sctp_v6_is_any+0x60/0x70
[  207.142767][ T7699]  ? sctp_copy_one_addr+0x94/0x360
[  207.142790][ T7699]  sctp_bind_addr_copy+0xad/0x3b0
[  207.142819][ T7699]  ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190
[  207.142851][ T7699]  sctp_connect_new_asoc+0x337/0x700
[  207.142878][ T7699]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  207.142907][ T7699]  ? sctp_get_af_specific+0x2a/0x80
[  207.142925][ T7699]  ? sctp_endpoint_lookup_assoc+0xc9/0x250
[  207.142953][ T7699]  __sctp_connect+0x6ab/0xe60
[  207.142988][ T7699]  ? __pfx___sctp_connect+0x10/0x10
[  207.143017][ T7699]  ? _copy_from_user+0x95/0xb0
[  207.143035][ T7699]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  207.143055][ T7699]  sctp_getsockopt_connectx3+0x46e/0x730
[  207.143071][ T7699]  ? __local_bh_enable_ip+0x168/0x200
[  207.143087][ T7699]  ? __pfx_sctp_getsockopt_connectx3+0x10/0x10
[  207.143102][ T7699]  ? __local_bh_enable_ip+0x168/0x200
[  207.143117][ T7699]  ? sctp_getsockopt+0x13a/0xbb0
[  207.143145][ T7699]  sctp_getsockopt+0x8de/0xbb0
[  207.143162][ T7699]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  207.143183][ T7699]  do_sock_getsockopt+0x391/0x740
[  207.143209][ T7699]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  207.143229][ T7699]  ? __fget_files+0x2a/0x420
[  207.143244][ T7699]  ? __fget_files+0x39d/0x420
[  207.143256][ T7699]  ? __fget_files+0x2a/0x420
[  207.143274][ T7699]  __ia32_sys_getsockopt+0x2a1/0x370
[  207.143302][ T7699]  ? __pfx___ia32_sys_getsockopt+0x10/0x10
[  207.143326][ T7699]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  207.143341][ T7699]  ? lockdep_hardirqs_on+0x9d/0x150
[  207.143357][ T7699]  __do_fast_syscall_32+0xb4/0x110
[  207.143371][ T7699]  ? exc_page_fault+0x5f8/0x920
[  207.143397][ T7699]  do_fast_syscall_32+0x34/0x80
[  207.143412][ T7699]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  207.143429][ T7699] RIP: 0023:0xf748d579
[  207.143441][ T7699] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  207.143454][ T7699] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 000000000000016d
[  207.143469][ T7699] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084
[  207.143479][ T7699] RDX: 000000000000006f RSI: 00000000800002c0 RDI: 0000000080000300
[  207.143488][ T7699] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  207.143497][ T7699] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  207.143505][ T7699] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  207.143525][ T7699]  </TASK>
[  207.859270][ T7717] netlink: 8 bytes leftover after parsing attributes in process `syz.1.482'.
[  208.307151][ T5844] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  208.337167][ T7730] QAT: Device 250 not found
[  208.385446][ T7704] ALSA: mixer_oss: invalid OSS volume 'u'
[  208.477508][ T7726] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  209.517158][ T7747] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  209.537458][ T7747] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  209.953217][ T1216] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  210.126420][ T7755] __nla_validate_parse: 5 callbacks suppressed
[  210.126440][ T7755] netlink: 28 bytes leftover after parsing attributes in process `syz.4.493'.
[  210.137168][ T1216] usb 4-1: Using ep0 maxpacket: 16
[  210.145457][ T7755] netlink: 4 bytes leftover after parsing attributes in process `syz.4.493'.
[  210.172998][ T1216] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  210.196065][ T1216] usb 4-1: config 0 has no interface number 0
[  210.212351][ T1216] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  210.231067][ T7759] netlink: 8 bytes leftover after parsing attributes in process `syz.2.494'.
[  210.240441][ T1216] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  210.253721][ T7759] netlink: 24 bytes leftover after parsing attributes in process `syz.2.494'.
[  210.265323][ T1216] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  210.414704][ T1216] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.461496][ T1216] usb 4-1: config 0 descriptor??
[  210.554808][ T7761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  210.565372][ T7761] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  210.689582][ T7764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  210.703588][ T7764] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  210.737841][ T1216] usbhid 4-1:0.1: can't add hid device: -71
[  210.751046][ T1216] usbhid 4-1:0.1: probe with driver usbhid failed with error -71
[  210.790409][ T1216] usb 4-1: USB disconnect, device number 31
[  210.918392][ T7767] netlink: 'syz.3.497': attribute type 4 has an invalid length.
[  210.931561][ T7767] netlink: 152 bytes leftover after parsing attributes in process `syz.3.497'.
[  210.945202][ T7767] : renamed from bond0
[  211.198225][ T7773] QAT: Device 250 not found
[  211.416850][ T7778] FAULT_INJECTION: forcing a failure.
[  211.416850][ T7778] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  211.445347][ T7778] CPU: 1 UID: 0 PID: 7778 Comm: syz.0.501 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  211.445373][ T7778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  211.445385][ T7778] Call Trace:
[  211.445393][ T7778]  <TASK>
[  211.445400][ T7778]  dump_stack_lvl+0x241/0x360
[  211.445434][ T7778]  ? __pfx_dump_stack_lvl+0x10/0x10
[  211.445461][ T7778]  ? __pfx__printk+0x10/0x10
[  211.445495][ T7778]  should_fail_ex+0x424/0x570
[  211.445530][ T7778]  _copy_to_user+0x31/0xb0
[  211.445556][ T7778]  simple_read_from_buffer+0xc4/0x170
[  211.445586][ T7778]  proc_fail_nth_read+0x1ef/0x260
[  211.445608][ T7778]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  211.445630][ T7778]  ? rw_verify_area+0x246/0x630
[  211.445650][ T7778]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  211.445670][ T7778]  vfs_read+0x21f/0xb90
[  211.445701][ T7778]  ? __pfx___mutex_lock+0x10/0x10
[  211.445721][ T7778]  ? __pfx_vfs_read+0x10/0x10
[  211.445744][ T7778]  ? __fget_files+0x2a/0x420
[  211.445762][ T7778]  ? __fget_files+0x39d/0x420
[  211.445777][ T7778]  ? __fget_files+0x2a/0x420
[  211.445802][ T7778]  ksys_read+0x19d/0x2d0
[  211.445824][ T7778]  ? __pfx_ksys_read+0x10/0x10
[  211.445847][ T7778]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  211.445865][ T7778]  ? lockdep_hardirqs_on+0x9d/0x150
[  211.445884][ T7778]  __do_fast_syscall_32+0xb4/0x110
[  211.445903][ T7778]  ? exc_page_fault+0x5f8/0x920
[  211.445936][ T7778]  do_fast_syscall_32+0x34/0x80
[  211.445955][ T7778]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  211.445977][ T7778] RIP: 0023:0xf7fc7579
[  211.445992][ T7778] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  211.446008][ T7778] RSP: 002b:00000000f50e6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  211.446026][ T7778] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50e6620
[  211.446039][ T7778] RDX: 000000000000000f RSI: 00000000f744cff4 RDI: 0000000000000000
[  211.446050][ T7778] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  211.446060][ T7778] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  211.446071][ T7778] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  211.446097][ T7778]  </TASK>
[  211.695877][ T7780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  211.704999][ T7780] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  211.714554][ T7780] fuse: Bad value for 'fd'
[  211.947225][   T53] tipc: Subscription rejected, illegal request
[  212.068102][ T7784] netlink: 28 bytes leftover after parsing attributes in process `syz.0.503'.
[  212.088426][ T7784] netlink: 4 bytes leftover after parsing attributes in process `syz.0.503'.
[  212.138713][ T7775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  212.155814][ T7775] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  212.231492][ T7790] netlink: 8 bytes leftover after parsing attributes in process `syz.0.505'.
[  212.240771][ T7790] netlink: 24 bytes leftover after parsing attributes in process `syz.0.505'.
[  212.380482][ T7795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  212.391814][ T7795] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  213.369937][ T7812] input: syz0 as /devices/virtual/input/input35
[  213.720266][ T7824] QAT: Device 250 not found
[  213.884972][ T7822] netlink: 28 bytes leftover after parsing attributes in process `syz.1.516'.
[  214.262785][ T1216] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  214.346650][ T7832] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.410880][ T7832] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  214.483785][ T7832] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.552870][ T1216] usb 4-1: Using ep0 maxpacket: 8
[  214.567242][ T7832] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  214.579670][ T1216] usb 4-1: config 1 interface 0 has no altsetting 0
[  214.588982][ T1216] usb 4-1: New USB device found, idVendor=056a, idProduct=0012, bcdDevice= 0.40
[  214.600368][ T1216] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.641351][ T1216] usb 4-1: Product: syz
[  214.652978][ T1216] usb 4-1: Manufacturer: 컠
[  214.657695][ T1216] usb 4-1: SerialNumber: syz
[  214.899593][ T1216] usbhid 4-1:1.0: can't add hid device: -71
[  214.908928][ T1216] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  214.931146][ T1216] usb 4-1: USB disconnect, device number 32
[  215.369285][   T30] audit: type=1326 audit(1743664863.622:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7852 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  215.429123][ T7853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  215.446695][ T7853] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  215.468383][   T30] audit: type=1326 audit(1743664863.642:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7852 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  215.533838][ T7853] FAULT_INJECTION: forcing a failure.
[  215.533838][ T7853] name failslab, interval 1, probability 0, space 0, times 0
[  215.566702][   T30] audit: type=1326 audit(1743664863.642:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7852 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  215.576670][ T7853] CPU: 0 UID: 0 PID: 7853 Comm: syz.1.525 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  215.576698][ T7853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  215.576710][ T7853] Call Trace:
[  215.576717][ T7853]  <TASK>
[  215.576726][ T7853]  dump_stack_lvl+0x241/0x360
[  215.576762][ T7853]  ? __pfx_dump_stack_lvl+0x10/0x10
[  215.576794][ T7853]  ? __pfx__printk+0x10/0x10
[  215.576842][ T7853]  ? __pfx___might_resched+0x10/0x10
[  215.576875][ T7853]  should_fail_ex+0x424/0x570
[  215.576918][ T7853]  should_failslab+0xac/0x100
[  215.576952][ T7853]  kmem_cache_alloc_noprof+0x78/0x390
[  215.576987][ T7853]  ? audit_log_start+0x41f/0xa20
[  215.577021][ T7853]  audit_log_start+0x41f/0xa20
[  215.577061][ T7853]  ? __pfx_audit_log_start+0x10/0x10
[  215.577097][ T7853]  ? migrate_enable+0x397/0x520
[  215.577133][ T7853]  ? __pfx_migrate_enable+0x10/0x10
[  215.577163][ T7853]  ? __pfx___cant_migrate+0x10/0x10
[  215.577197][ T7853]  audit_seccomp+0x63/0x1f0
[  215.577230][ T7853]  __seccomp_filter+0xaea/0x1f20
[  215.577257][ T7853]  ? vfs_write+0xb29/0xd10
[  215.577294][ T7853]  ? ksys_write+0x24e/0x2d0
[  215.577322][ T7853]  ? __pfx___seccomp_filter+0x10/0x10
[  215.577347][ T7853]  ? __mutex_unlock_slowpath+0x229/0x800
[  215.577382][ T7853]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  215.577404][ T7853]  ? __fget_files+0x2a/0x420
[  215.577428][ T7853]  ? __fget_files+0x2a/0x420
[  215.577458][ T7853]  ? ksys_write+0x275/0x2d0
[  215.577487][ T7853]  ? __secure_computing+0xef/0x2f0
[  215.577520][ T7853]  syscall_trace_enter+0xa6/0x150
[  215.577548][ T7853]  __do_fast_syscall_32+0x9b/0x110
[  215.577574][ T7853]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  215.577597][ T7853]  ? lockdep_hardirqs_on+0x9d/0x150
[  215.577622][ T7853]  do_fast_syscall_32+0x34/0x80
[  215.577646][ T7853]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  215.577672][ T7853] RIP: 0023:0xf7fb5579
[  215.577692][ T7853] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  215.577710][ T7853] RSP: 002b:00000000f50d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000092
[  215.577734][ T7853] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 0000000080000200
[  215.577751][ T7853] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  215.577763][ T7853] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  215.577776][ T7853] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  215.577790][ T7853] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  215.577821][ T7853]  </TASK>
[  215.579101][ T7853] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  215.792776][   T30] audit: type=1326 audit(1743664863.642:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7852 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  215.852852][ T7853] audit: out of memory in audit_log_start
[  215.873527][   T47] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  215.890604][   T30] audit: type=1326 audit(1743664863.642:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7852 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  215.984516][   T30] audit: type=1326 audit(1743664863.642:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7852 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=40000003 syscall=328 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  216.006814][   T30] audit: type=1326 audit(1743664863.642:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7852 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  216.029126][   T30] audit: type=1326 audit(1743664863.652:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7852 comm="syz.1.525" exe="/root/syz-executor" sig=0 arch=40000003 syscall=248 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  216.061372][   T47] usb 4-1: Using ep0 maxpacket: 8
[  216.075677][   T47] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  216.098815][ T7859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  216.099939][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.112579][ T7859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  216.128231][   T47] usb 4-1: Product: syz
[  216.132563][   T47] usb 4-1: Manufacturer: syz
[  216.141870][   T47] usb 4-1: SerialNumber: syz
[  216.150768][   T47] usb 4-1: config 0 descriptor??
[  216.195788][ T7864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  216.207050][ T7864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  216.226564][ T7864] xt_TCPMSS: Only works on TCP SYN packets
[  216.360507][   T47] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  216.413768][   T47] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  216.433949][   T47] usb 4-1: USB disconnect, device number 33
[  216.521575][ T7873] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  216.590969][ T7876] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  216.615571][ T7876] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  217.064284][ T7884] QAT: Device 250 not found
[  218.016254][ T7890] capability: warning: `syz.1.536' uses deprecated v2 capabilities in a way that may be insecure
[  218.607784][ T7896] dccp_invalid_packet: P.Data Offset(0) too small
[  218.822201][ T7903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  218.843068][ T7903] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  218.868338][ T7903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  218.889066][ T7903] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  219.006033][ T7909] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  219.017601][ T7909] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  219.300983][ T7911] netlink: 'syz.0.542': attribute type 15 has an invalid length.
[  219.308988][ T7911] __nla_validate_parse: 5 callbacks suppressed
[  219.308998][ T7911] netlink: 24 bytes leftover after parsing attributes in process `syz.0.542'.
[  219.468926][ T7913] netlink: 830 bytes leftover after parsing attributes in process `syz.1.544'.
[  219.478505][ T7913] bond_slave_0: entered promiscuous mode
[  219.484415][ T7913] bond_slave_1: entered promiscuous mode
[  219.552450][ T7916] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  219.694519][ T7921] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  219.703722][ T7921] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  219.721875][ T7922] FAULT_INJECTION: forcing a failure.
[  219.721875][ T7922] name failslab, interval 1, probability 0, space 0, times 0
[  219.737946][ T7922] CPU: 1 UID: 0 PID: 7922 Comm: syz.2.546 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  219.737967][ T7922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  219.737978][ T7922] Call Trace:
[  219.737984][ T7922]  <TASK>
[  219.737991][ T7922]  dump_stack_lvl+0x241/0x360
[  219.738046][ T7922]  ? __pfx_dump_stack_lvl+0x10/0x10
[  219.738073][ T7922]  ? __pfx__printk+0x10/0x10
[  219.738103][ T7922]  ? __pfx___might_resched+0x10/0x10
[  219.738131][ T7922]  should_fail_ex+0x424/0x570
[  219.738156][ T7922]  should_failslab+0xac/0x100
[  219.738175][ T7922]  kmem_cache_alloc_noprof+0x78/0x390
[  219.738192][ T7922]  ? radix_tree_node_alloc+0x8b/0x3c0
[  219.738216][ T7922]  radix_tree_node_alloc+0x8b/0x3c0
[  219.738240][ T7922]  idr_get_free+0x296/0xac0
[  219.738267][ T7922]  idr_alloc_u32+0x197/0x330
[  219.738291][ T7922]  ? __pfx_idr_alloc_u32+0x10/0x10
[  219.738314][ T7922]  ? tcf_idr_check_alloc+0xce/0x930
[  219.738330][ T7922]  tcf_idr_check_alloc+0x6f3/0x930
[  219.738342][ T7922]  ? tcf_idr_check_alloc+0xce/0x930
[  219.738356][ T7922]  ? __pfx_tcf_idr_check_alloc+0x10/0x10
[  219.738370][ T7922]  ? __nla_parse+0x40/0x60
[  219.738386][ T7922]  tcf_vlan_init+0x226/0x1030
[  219.738409][ T7922]  ? __pfx_tcf_vlan_init+0x10/0x10
[  219.738429][ T7922]  ? nla_memcpy+0x5a/0xb0
[  219.738447][ T7922]  ? __pfx_tcf_vlan_init+0x10/0x10
[  219.738460][ T7922]  tcf_action_init_1+0x5d9/0x900
[  219.738480][ T7922]  ? __pfx_tcf_action_init_1+0x10/0x10
[  219.738492][ T7922]  ? _raw_read_unlock+0x28/0x50
[  219.738510][ T7922]  ? tc_action_load_ops+0x247/0x530
[  219.738536][ T7922]  ? __nla_parse+0x40/0x60
[  219.738552][ T7922]  tcf_action_init+0x2e9/0xae0
[  219.738573][ T7922]  ? __pfx_tcf_action_init+0x10/0x10
[  219.738623][ T7922]  ? stack_depot_save_flags+0x43f/0x940
[  219.738644][ T7922]  tcf_exts_validate_ex+0x245/0x530
[  219.738661][ T7922]  ? __sock_sendmsg+0x221/0x270
[  219.738675][ T7922]  ? ____sys_sendmsg+0x523/0x860
[  219.738689][ T7922]  ? __pfx_tcf_exts_validate_ex+0x10/0x10
[  219.738723][ T7922]  tcf_exts_validate+0x42/0x60
[  219.738741][ T7922]  fw_set_parms+0x181/0x8d0
[  219.738761][ T7922]  ? __pfx_fw_set_parms+0x10/0x10
[  219.738782][ T7922]  fw_change+0x72f/0xd50
[  219.738802][ T7922]  ? __pfx_fw_change+0x10/0x10
[  219.738823][ T7922]  ? __pfx_fw_change+0x10/0x10
[  219.738837][ T7922]  tc_new_tfilter+0x112f/0x1a90
[  219.738872][ T7922]  ? __pfx_tc_new_tfilter+0x10/0x10
[  219.738899][ T7922]  ? __lock_acquire+0xad5/0xd80
[  219.738925][ T7922]  ? __pfx_tc_new_tfilter+0x10/0x10
[  219.738944][ T7922]  rtnetlink_rcv_msg+0x80f/0xd70
[  219.738960][ T7922]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  219.738979][ T7922]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  219.738993][ T7922]  ? __lock_acquire+0xad5/0xd80
[  219.739021][ T7922]  netlink_rcv_skb+0x208/0x480
[  219.739038][ T7922]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  219.739055][ T7922]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  219.739082][ T7922]  ? netlink_deliver_tap+0x2e/0x1b0
[  219.739100][ T7922]  ? netlink_deliver_tap+0x2e/0x1b0
[  219.739117][ T7922]  netlink_unicast+0x7f8/0x9a0
[  219.739143][ T7922]  ? __pfx_netlink_unicast+0x10/0x10
[  219.739165][ T7922]  ? skb_put+0x114/0x1f0
[  219.739196][ T7922]  netlink_sendmsg+0x8c3/0xcd0
[  219.739231][ T7922]  ? __pfx_netlink_sendmsg+0x10/0x10
[  219.739255][ T7922]  ? __import_iovec+0x585/0x830
[  219.739271][ T7922]  ? aa_sock_msg_perm+0x91/0x160
[  219.739292][ T7922]  ? __pfx_netlink_sendmsg+0x10/0x10
[  219.739306][ T7922]  __sock_sendmsg+0x221/0x270
[  219.739324][ T7922]  ____sys_sendmsg+0x523/0x860
[  219.739341][ T7922]  ? __pfx_____sys_sendmsg+0x10/0x10
[  219.739364][ T7922]  __sys_sendmsg+0x271/0x360
[  219.739379][ T7922]  ? __pfx___sys_sendmsg+0x10/0x10
[  219.739423][ T7922]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  219.739436][ T7922]  ? lockdep_hardirqs_on+0x9d/0x150
[  219.739450][ T7922]  __do_fast_syscall_32+0xb4/0x110
[  219.739463][ T7922]  ? exc_page_fault+0x5f8/0x920
[  219.739487][ T7922]  do_fast_syscall_32+0x34/0x80
[  219.739500][ T7922]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  219.739515][ T7922] RIP: 0023:0xf742d579
[  219.739526][ T7922] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  219.739537][ T7922] RSP: 002b:00000000f50b655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  219.739551][ T7922] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0
[  219.739560][ T7922] RDX: 0000000020000800 RSI: 0000000000000000 RDI: 0000000000000000
[  219.739567][ T7922] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  219.739575][ T7922] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  219.739582][ T7922] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  219.739600][ T7922]  </TASK>
[  220.635417][ T7933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.549'.
[  220.665402][ T5844] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  220.691359][ T7938] netlink: 8 bytes leftover after parsing attributes in process `syz.3.552'.
[  220.735859][ T7939] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  220.757948][ T7938] netlink: 24 bytes leftover after parsing attributes in process `syz.3.552'.
[  221.269276][ T7955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  221.281336][ T7955] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  221.701781][ T7961] input: syz0 as /devices/virtual/input/input36
[  222.000857][ T7964] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  222.016253][ T7964] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  222.248232][ T7964] team0: Port device team_slave_1 removed
[  222.537327][ T7969] netlink: 52 bytes leftover after parsing attributes in process `syz.4.560'.
[  223.042841][ T5893] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  223.203024][ T5893] usb 4-1: Using ep0 maxpacket: 32
[  223.210664][ T5893] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  223.221171][ T5893] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  223.253767][ T5893] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  223.291885][ T5893] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  223.325064][ T5893] usb 4-1: config 1 interface 1 has no altsetting 0
[  223.345625][ T5893] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  223.354967][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.369415][ T5893] usb 4-1: Product: syz
[  223.374107][ T5893] usb 4-1: Manufacturer: syz
[  223.375465][ T7982] netlink: 8 bytes leftover after parsing attributes in process `syz.1.566'.
[  223.383128][ T5893] usb 4-1: SerialNumber: syz
[  223.413507][ T7980] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  223.442166][ T7982] netlink: 12 bytes leftover after parsing attributes in process `syz.1.566'.
[  223.451912][ T7980] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  223.490398][ T7982] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  223.499283][ T7982] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  223.508071][ T7982] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  223.516894][ T7982] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  223.554235][ T7969] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  223.603171][ T7969] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  223.648038][ T5893] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor
[  223.677767][ T5893] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor
[  223.834907][ T5893] usb 4-1: USB disconnect, device number 34
[  224.126125][ T7992] netlink: 28 bytes leftover after parsing attributes in process `syz.1.570'.
[  224.137533][ T7992] netlink: 4 bytes leftover after parsing attributes in process `syz.1.570'.
[  224.150888][ T5891] udevd[5891]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  224.285108][ T7999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.308414][ T7999] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  224.322103][ T7999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.336949][ T7999] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  224.544765][ T8006] input: syz0 as /devices/virtual/input/input37
[  225.188221][ T8018] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  225.209388][ T8018] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  225.318405][ T8020] netlink: 16 bytes leftover after parsing attributes in process `syz.4.579'.
[  225.360433][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.0.580'.
[  225.648983][ T8001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  225.763208][ T8027] netlink: 4 bytes leftover after parsing attributes in process `syz.4.581'.
[  225.778448][ T8001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  225.779000][ T5844] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  226.032263][ T8033] FAULT_INJECTION: forcing a failure.
[  226.032263][ T8033] name failslab, interval 1, probability 0, space 0, times 0
[  226.139190][ T8033] CPU: 0 UID: 0 PID: 8033 Comm: syz.0.582 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  226.139217][ T8033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  226.139228][ T8033] Call Trace:
[  226.139235][ T8033]  <TASK>
[  226.139244][ T8033]  dump_stack_lvl+0x241/0x360
[  226.139275][ T8033]  ? __pfx_dump_stack_lvl+0x10/0x10
[  226.139300][ T8033]  ? __pfx__printk+0x10/0x10
[  226.139352][ T8033]  should_fail_ex+0x424/0x570
[  226.139384][ T8033]  should_failslab+0xac/0x100
[  226.139411][ T8033]  kmem_cache_alloc_noprof+0x78/0x390
[  226.139435][ T8033]  ? skb_clone+0x20c/0x390
[  226.139463][ T8033]  skb_clone+0x20c/0x390
[  226.139485][ T8033]  __netlink_deliver_tap+0x3c4/0x7f0
[  226.139519][ T8033]  ? netlink_deliver_tap+0x2e/0x1b0
[  226.139539][ T8033]  netlink_deliver_tap+0x19d/0x1b0
[  226.139563][ T8033]  netlink_dump+0x8e6/0xeb0
[  226.139595][ T8033]  ? __pfx_netlink_dump+0x10/0x10
[  226.139614][ T8033]  ? __netlink_lookup+0x894/0x980
[  226.139653][ T8033]  ? netlink_lookup+0x31/0x200
[  226.139682][ T8033]  __netlink_dump_start+0x5a2/0x790
[  226.139713][ T8033]  rtnetlink_rcv_msg+0xbba/0xd70
[  226.139743][ T8033]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  226.139765][ T8033]  ? __pfx_neigh_dump_info+0x10/0x10
[  226.139796][ T8033]  ? ref_tracker_free+0x63e/0x7e0
[  226.139822][ T8033]  netlink_rcv_skb+0x208/0x480
[  226.139845][ T8033]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  226.139870][ T8033]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  226.139909][ T8033]  ? netlink_deliver_tap+0x2e/0x1b0
[  226.139934][ T8033]  ? netlink_deliver_tap+0x2e/0x1b0
[  226.139960][ T8033]  netlink_unicast+0x7f8/0x9a0
[  226.139989][ T8033]  ? __pfx_netlink_unicast+0x10/0x10
[  226.140012][ T8033]  ? skb_put+0x114/0x1f0
[  226.140044][ T8033]  netlink_sendmsg+0x8c3/0xcd0
[  226.140079][ T8033]  ? __pfx_netlink_sendmsg+0x10/0x10
[  226.140106][ T8033]  ? __import_iovec+0x585/0x830
[  226.140128][ T8033]  ? aa_sock_msg_perm+0x91/0x160
[  226.140159][ T8033]  ? __pfx_netlink_sendmsg+0x10/0x10
[  226.140181][ T8033]  __sock_sendmsg+0x221/0x270
[  226.140206][ T8033]  ____sys_sendmsg+0x523/0x860
[  226.140232][ T8033]  ? __pfx_____sys_sendmsg+0x10/0x10
[  226.140266][ T8033]  __sys_sendmsg+0x271/0x360
[  226.140289][ T8033]  ? __pfx___sys_sendmsg+0x10/0x10
[  226.140354][ T8033]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  226.140374][ T8033]  ? lockdep_hardirqs_on+0x9d/0x150
[  226.140394][ T8033]  __do_fast_syscall_32+0xb4/0x110
[  226.140412][ T8033]  ? exc_page_fault+0x5f8/0x920
[  226.140445][ T8033]  do_fast_syscall_32+0x34/0x80
[  226.140472][ T8033]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  226.140494][ T8033] RIP: 0023:0xf7fc7579
[  226.140510][ T8033] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  226.140525][ T8033] RSP: 002b:00000000f50e655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  226.140545][ T8033] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  226.140558][ T8033] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  226.140569][ T8033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  226.140579][ T8033] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  226.140590][ T8033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  226.140616][ T8033]  </TASK>
[  226.494698][ T8033] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  226.832732][ T5893] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  227.013599][ T5893] usb 4-1: too many configurations: 201, using maximum allowed: 8
[  227.041977][ T5893] usb 4-1: config index 0 descriptor too short (expected 64945, got 72)
[  227.060193][ T5893] usb 4-1: config index 1 descriptor too short (expected 64945, got 72)
[  227.070671][ T5893] usb 4-1: config index 2 descriptor too short (expected 64945, got 72)
[  227.095120][ T5893] usb 4-1: config index 3 descriptor too short (expected 64945, got 72)
[  227.107708][ T5893] usb 4-1: config index 4 descriptor too short (expected 64945, got 72)
[  227.129614][ T5893] usb 4-1: config index 5 descriptor too short (expected 64945, got 72)
[  227.148486][ T5893] usb 4-1: config index 6 descriptor too short (expected 64945, got 72)
[  227.163147][ T5893] usb 4-1: config index 7 descriptor too short (expected 64945, got 72)
[  227.180512][ T5893] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  227.190107][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.198606][ T5893] usb 4-1: Product: syz
[  227.210513][ T5893] usb 4-1: Manufacturer: syz
[  227.225631][ T5893] usb 4-1: SerialNumber: syz
[  227.256204][ T5893] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  227.281717][   T10] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  227.353747][ T8046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  227.365930][ T8046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  227.478104][ T8049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  227.498570][ T8049] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  227.815465][ T5894] usb 4-1: USB disconnect, device number 35
[  228.082430][ T8057] QAT: Device 250 not found
[  228.301889][ T8061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  228.324071][   T10] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  228.337232][   T10] ath9k_htc: Failed to initialize the device
[  228.357254][ T5894] usb 4-1: ath9k_htc: USB layer deinitialized
[  228.386925][ T8061] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  228.599718][ T8061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  228.617236][ T8061] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  228.848010][ T5894] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  229.043855][ T5894] usb 4-1: Using ep0 maxpacket: 16
[  229.088594][ T8063] FAULT_INJECTION: forcing a failure.
[  229.088594][ T8063] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  229.101983][ T8063] CPU: 0 UID: 0 PID: 8063 Comm: syz.3.593 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  229.102006][ T8063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  229.102015][ T8063] Call Trace:
[  229.102020][ T8063]  <TASK>
[  229.102025][ T8063]  dump_stack_lvl+0x241/0x360
[  229.102050][ T8063]  ? __pfx_dump_stack_lvl+0x10/0x10
[  229.102073][ T8063]  ? __pfx__printk+0x10/0x10
[  229.102107][ T8063]  should_fail_ex+0x424/0x570
[  229.102138][ T8063]  _copy_to_user+0x31/0xb0
[  229.102161][ T8063]  simple_read_from_buffer+0xc4/0x170
[  229.102187][ T8063]  proc_fail_nth_read+0x1ef/0x260
[  229.102203][ T8063]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  229.102223][ T8063]  ? rw_verify_area+0x246/0x630
[  229.102243][ T8063]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  229.102262][ T8063]  vfs_read+0x21f/0xb90
[  229.102287][ T8063]  ? __pfx_vfs_read+0x10/0x10
[  229.102302][ T8063]  ? do_sys_openat2+0x165/0x1d0
[  229.102334][ T8063]  ksys_read+0x19d/0x2d0
[  229.102349][ T8063]  ? __pfx_ksys_read+0x10/0x10
[  229.102371][ T8063]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  229.102389][ T8063]  ? lockdep_hardirqs_on+0x9d/0x150
[  229.102409][ T8063]  __do_fast_syscall_32+0xb4/0x110
[  229.102426][ T8063]  ? exc_page_fault+0x5f8/0x920
[  229.102452][ T8063]  do_fast_syscall_32+0x34/0x80
[  229.102465][ T8063]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  229.102481][ T8063] RIP: 0023:0xf748d579
[  229.102492][ T8063] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  229.102503][ T8063] RSP: 002b:00000000f5116590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  229.102523][ T8063] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 00000000f5116620
[  229.102535][ T8063] RDX: 000000000000000f RSI: 00000000f747cff4 RDI: 0000000000000000
[  229.102545][ T8063] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  229.102555][ T8063] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  229.102565][ T8063] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  229.102588][ T8063]  </TASK>
[  229.388228][ T5894] usb 4-1: unable to get BOS descriptor or descriptor too short
[  229.415343][ T8070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  229.462171][ T8070] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  229.463038][ T5894] usb 4-1: unable to read config index 0 descriptor/start: -71
[  229.506912][ T5894] usb 4-1: can't read configurations, error -71
[  229.583474][ T8075] netlink: 8 bytes leftover after parsing attributes in process `syz.3.596'.
[  229.592376][ T8074] vlan2: entered promiscuous mode
[  229.628394][ T8074] vlan2: entered allmulticast mode
[  229.630150][ T8070] netlink: 'syz.1.595': attribute type 21 has an invalid length.
[  229.645824][ T8074] hsr_slave_1: entered allmulticast mode
[  229.661740][ T8074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  229.770242][ T8070] netlink: 128 bytes leftover after parsing attributes in process `syz.1.595'.
[  229.779669][ T8070] netlink: 'syz.1.595': attribute type 5 has an invalid length.
[  229.794922][ T8074] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  229.803101][ T8070] netlink: 'syz.1.595': attribute type 6 has an invalid length.
[  229.815626][ T8070] netlink: 3 bytes leftover after parsing attributes in process `syz.1.595'.
[  230.824668][ T8090] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  231.033707][ T8097] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  231.055708][ T8097] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  231.079310][ T8097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.604'.
[  231.159577][ T8100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.605'.
[  231.168697][ T8100] netlink: 12 bytes leftover after parsing attributes in process `syz.2.605'.
[  231.183953][ T8100] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  231.192840][ T8100] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  231.201538][ T8100] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  231.210290][ T8100] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  231.384633][ T8108] netlink: 8 bytes leftover after parsing attributes in process `syz.2.609'.
[  231.405210][ T8098] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(16)
[  231.411965][ T8098] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  231.493310][ T8111] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(19)
[  231.495314][ T8098] vhci_hcd vhci_hcd.0: Device attached
[  231.499929][ T8111] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  231.500731][ T8111] vhci_hcd vhci_hcd.0: Device attached
[  231.598402][ T8098] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  231.612844][ T5895] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  231.618217][ T8117] netlink: 'syz.4.610': attribute type 10 has an invalid length.
[  231.628927][ T8117] netlink: 40 bytes leftover after parsing attributes in process `syz.4.610'.
[  231.648191][ T8117] team0: Port device geneve0 added
[  231.662933][   T10] vhci_hcd: vhci_device speed not set
[  231.722772][   T10] usb 35-1: new full-speed USB device number 2 using vhci_hcd
[  231.776522][ T5895] usb 4-1: Using ep0 maxpacket: 16
[  231.784502][ T5895] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  231.847614][ T8122] input: syz0 as /devices/virtual/input/input38
[  231.871265][ T8123] input: syz0 as /devices/virtual/input/input39
[  231.877697][ T5895] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  231.880818][ T8125] netlink: 48 bytes leftover after parsing attributes in process `syz.4.613'.
[  231.894734][ T5895] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  231.909295][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.919308][ T5895] usb 4-1: Product: syz
[  231.925915][ T5895] usb 4-1: Manufacturer: syz
[  231.931846][ T5895] usb 4-1: SerialNumber: syz
[  231.980480][ T8125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  231.997350][ T5895] usb 4-1: config 0 descriptor??
[  232.031084][ T5895] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  232.044712][ T5895] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  232.059223][ T8125] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  232.287764][ T5895] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  232.296288][ T5895] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  232.306930][ T5895] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  232.319962][ T5895] em28xx 4-1:0.0: No AC97 audio processor
[  232.344792][ T5895] usb 4-1: USB disconnect, device number 38
[  232.351712][ T5895] em28xx 4-1:0.0: Disconnecting em28xx
[  232.367798][ T5895] em28xx 4-1:0.0: Freeing device
[  232.765559][ T8136] netlink: 28 bytes leftover after parsing attributes in process `syz.3.614'.
[  232.867338][ T8134] netlink: 4 bytes leftover after parsing attributes in process `syz.3.614'.
[  233.225098][ T8141] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  233.270513][ T8149] netlink: 8 bytes leftover after parsing attributes in process `syz.4.620'.
[  233.286600][ T8149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  233.296651][ T8149] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.722738][ T5893] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  233.872839][ T5893] usb 4-1: Using ep0 maxpacket: 16
[  233.890153][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7
[  233.916883][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  233.958795][ T5893] usb 4-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82
[  233.984165][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.005367][ T5893] usb 4-1: Product: syz
[  234.010556][ T5893] usb 4-1: Manufacturer: syz
[  234.021546][ T5893] usb 4-1: SerialNumber: syz
[  234.055589][ T5893] usb 4-1: config 0 descriptor??
[  234.075568][ T5893] kobil_sct 4-1:0.0: KOBIL USB smart card terminal converter detected
[  234.085012][ T8112] vhci_hcd: connection closed
[  234.087289][   T53] vhci_hcd: stop threads
[  234.092886][ T8109] vhci_hcd: connection reset by peer
[  234.132200][ T5893] usb 4-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  234.153290][   T53] vhci_hcd: release socket
[  234.154236][ T8164] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  234.158723][   T53] vhci_hcd: disconnect device
[  234.196549][   T53] vhci_hcd: stop threads
[  234.200533][ T8164] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  234.222692][   T53] vhci_hcd: release socket
[  234.251778][   T53] vhci_hcd: disconnect device
[  234.285269][ T8171] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  234.333562][ T8171] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  234.382241][ T8166] netlink: 28 bytes leftover after parsing attributes in process `syz.4.627'.
[  234.417625][ T5893] usb 4-1: USB disconnect, device number 39
[  234.428781][ T5893] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  234.441666][ T5893] kobil_sct 4-1:0.0: device disconnected
[  234.555268][ T8176] QAT: Device 250 not found
[  235.690285][ T8195] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  235.724115][ T8195] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  236.044128][ T8202] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  236.058765][ T8202] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  236.086220][ T8202] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  236.108346][ T8202] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  236.146361][ T8202] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  236.176202][ T8202] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  236.353734][ T8213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  236.363959][ T8210] __nla_validate_parse: 3 callbacks suppressed
[  236.364002][ T8210] netlink: 28 bytes leftover after parsing attributes in process `syz.2.641'.
[  236.441951][ T8210] netlink: 4 bytes leftover after parsing attributes in process `syz.2.641'.
[  236.564490][ T8218] bond0: entered promiscuous mode
[  236.571237][ T8218] batadv0: entered promiscuous mode
[  236.582750][ T5893] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  236.583968][ T8218] 8021q: adding VLAN 0 to HW filter on device hsr1
[  236.593361][ T8213] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  236.674648][ T8220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  236.709042][ T8213] netlink: 12 bytes leftover after parsing attributes in process `syz.0.642'.
[  236.736580][ T8220] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  236.794189][ T5893] usb 4-1: config 0 has no interfaces?
[  236.809342][ T5893] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  236.829399][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.866229][ T5893] usb 4-1: Product: syz
[  236.870431][ T5893] usb 4-1: Manufacturer: syz
[  236.895737][   T10] vhci_hcd: vhci_device speed not set
[  236.909168][ T5893] usb 4-1: SerialNumber: syz
[  236.933314][ T5893] usb 4-1: config 0 descriptor??
[  237.547278][ T8233] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  237.584834][ T8239] netlink: 4 bytes leftover after parsing attributes in process `syz.1.651'.
[  237.622096][ T8233] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  238.878371][ T8269] netlink: 4 bytes leftover after parsing attributes in process `syz.0.661'.
[  238.897442][ T5844] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260
[  238.993837][ T8267] netlink: 24 bytes leftover after parsing attributes in process `syz.1.663'.
[  239.109600][ T8267] netlink: 4 bytes leftover after parsing attributes in process `syz.1.663'.
[  239.120395][ T8279] openvswitch: netlink: Key type 128 is out of range max 32
[  239.140910][ T8276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  239.163072][ T8276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  239.396681][ T8283] netlink: 28 bytes leftover after parsing attributes in process `syz.1.667'.
[  239.417596][ T8283] netlink: 28 bytes leftover after parsing attributes in process `syz.1.667'.
[  239.429746][ T8276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  239.440235][ T8276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  239.538155][ T8283] erspan0: entered promiscuous mode
[  239.643774][ T8283] batadv_slave_1: entered promiscuous mode
[  239.660220][ T5915] usb 4-1: USB disconnect, device number 40
[  239.972579][ T8295] QAT: Device 250 not found
[  240.192507][ T8300] FAULT_INJECTION: forcing a failure.
[  240.192507][ T8300] name failslab, interval 1, probability 0, space 0, times 0
[  240.211741][ T8300] CPU: 1 UID: 0 PID: 8300 Comm: syz.3.670 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  240.211766][ T8300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  240.211778][ T8300] Call Trace:
[  240.211785][ T8300]  <TASK>
[  240.211792][ T8300]  dump_stack_lvl+0x241/0x360
[  240.211823][ T8300]  ? __pfx_dump_stack_lvl+0x10/0x10
[  240.211849][ T8300]  ? __pfx__printk+0x10/0x10
[  240.211876][ T8300]  ? __pfx___might_resched+0x10/0x10
[  240.211903][ T8300]  should_fail_ex+0x424/0x570
[  240.211934][ T8300]  should_failslab+0xac/0x100
[  240.211960][ T8300]  __kmalloc_cache_noprof+0x73/0x370
[  240.211982][ T8300]  ? fuse_lookup_name+0x176/0xa40
[  240.212006][ T8300]  fuse_lookup_name+0x176/0xa40
[  240.212027][ T8300]  ? check_noncircular+0xee/0x160
[  240.212051][ T8300]  ? __pfx_fuse_lookup_name+0x10/0x10
[  240.212068][ T8300]  ? lockdep_unlock+0x8d/0x120
[  240.212104][ T8300]  fuse_lookup+0x186/0x5e0
[  240.212125][ T8300]  ? __pfx_fuse_lookup+0x10/0x10
[  240.212139][ T8300]  ? do_raw_spin_lock+0x151/0x370
[  240.212177][ T8300]  ? _raw_spin_unlock+0x28/0x50
[  240.212201][ T8300]  ? d_alloc+0x142/0x190
[  240.212222][ T8300]  lookup_one_qstr_excl+0x136/0x3a0
[  240.212245][ T8300]  do_renameat2+0x675/0x1290
[  240.212302][ T8300]  ? __pfx_do_renameat2+0x10/0x10
[  240.212346][ T8300]  ? strncpy_from_user+0x143/0x280
[  240.212376][ T8300]  ? getname_flags+0x1e2/0x530
[  240.212405][ T8300]  __ia32_sys_rename+0x81/0x90
[  240.212428][ T8300]  __do_fast_syscall_32+0xb4/0x110
[  240.212446][ T8300]  ? exc_page_fault+0x5f8/0x920
[  240.212476][ T8300]  do_fast_syscall_32+0x34/0x80
[  240.212494][ T8300]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  240.212516][ T8300] RIP: 0023:0xf748d579
[  240.212530][ T8300] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  240.212545][ T8300] RSP: 002b:00000000f50f555c EFLAGS: 00000206 ORIG_RAX: 0000000000000026
[  240.212564][ T8300] RAX: ffffffffffffffda RBX: 0000000080000100 RCX: 00000000800000c0
[  240.212576][ T8300] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  240.212586][ T8300] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  240.212597][ T8300] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  240.212607][ T8300] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  240.212635][ T8300]  </TASK>
[  240.708689][ T8302] netlink: 28 bytes leftover after parsing attributes in process `syz.2.673'.
[  240.875343][ T8307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  240.889954][ T8307] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  241.503462][ T8321] input: syz0 as /devices/virtual/input/input40
[  241.615966][ T8323] input: syz0 as /devices/virtual/input/input41
[  242.304604][ T8340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.318594][ T8339] netlink: 8 bytes leftover after parsing attributes in process `syz.2.682'.
[  242.322073][ T8340] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.341746][ T8339] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.420555][ T8339] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.432676][ T8339] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.442501][ T8339] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.456267][ T8339] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.468351][ T8339] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.534156][ T8340] veth0_to_batadv: entered promiscuous mode
[  242.625179][ T8349] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  243.217955][ T8349] batman_adv: batadv0: Removing interface: batadv_slave_0
[  243.419841][ T8353] syz.3.686 (8353) used greatest stack depth: 19224 bytes left
[  243.839560][ T8371] input: syz0 as /devices/virtual/input/input42
[  244.053649][ T8367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  244.062879][ T8367] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  245.043098][ T5893] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  245.137293][   T30] kauditd_printk_skb: 138 callbacks suppressed
[  245.137313][   T30] audit: type=1326 audit(1743664893.392:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8336 comm="syz.2.682" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742d579 code=0x7fc00000
[  245.227422][ T5893] usb 4-1: Using ep0 maxpacket: 16
[  245.250002][ T5893] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8
[  245.258130][ T8389] netlink: 8 bytes leftover after parsing attributes in process `syz.2.695'.
[  245.270522][ T5893] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  245.289577][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  245.318494][ T5893] usb 4-1: Product: syz
[  245.335164][ T5893] usb 4-1: Manufacturer: syz
[  245.340183][ T5893] usb 4-1: SerialNumber: syz
[  245.371671][ T5893] usb 4-1: config 0 descriptor??
[  245.417952][ T5893] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  245.445591][ T5893] usb 4-1: Detected FT232R
[  245.621586][ T5893] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  245.913615][ T8382] netlink: 12 bytes leftover after parsing attributes in process `syz.3.693'.
[  246.058266][ T8398] netlink: 8 bytes leftover after parsing attributes in process `syz.1.697'.
[  246.137705][ T8382] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.202141][ T8399] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.228851][ T8399] bond0: (slave vcan1): The slave device specified does not support setting the MAC address
[  246.274179][ T5893] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  246.336663][ T8399] bond0: (slave vcan1): Error -95 calling set_mac_address
[  246.489513][ T5894] usb 4-1: USB disconnect, device number 41
[  246.498336][ T8405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  246.538461][ T8407] 
[  246.540833][ T8407] ======================================================
[  246.547857][ T8407] WARNING: possible circular locking dependency detected
[  246.554871][ T8407] 6.14.0-syzkaller-12508-g92b71befc349 #0 Not tainted
[  246.561617][ T8407] ------------------------------------------------------
[  246.568633][ T8407] syz.0.700/8407 is trying to acquire lock:
[  246.574535][ T8407] ffffffff900fc2c8 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_getsockopt+0x11ae/0x2ba0
[  246.578599][ T8405] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  246.583605][ T8407] 
[  246.583605][ T8407] but task is already holding lock:
[  246.598717][ T8407] ffff888035c466a0 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_getsockopt+0x131/0x400
[  246.608850][ T8407] 
[  246.608850][ T8407] which lock already depends on the new lock.
[  246.608850][ T8407] 
[  246.619266][ T8407] 
[  246.619266][ T8407] the existing dependency chain (in reverse order) is:
[  246.628295][ T8407] 
[  246.628295][ T8407] -> #2 (&smc->clcsock_release_lock){+.+.}-{4:4}:
[  246.636956][ T8407]        lock_acquire+0x116/0x2f0
[  246.641996][ T8407]        __mutex_lock+0x1a5/0x10c0
[  246.647115][ T8407]        smc_switch_to_fallback+0x35/0xda0
[  246.652931][ T8407]        smc_sendmsg+0x11f/0x530
[  246.657872][ T8407]        __sock_sendmsg+0x221/0x270
[  246.663073][ T8407]        __sys_sendto+0x365/0x4c0
[  246.668101][ T8407]        __ia32_sys_sendto+0xdd/0x100
[  246.673508][ T8407]        __do_fast_syscall_32+0xb4/0x110
[  246.679146][ T8407]        do_fast_syscall_32+0x34/0x80
[  246.684520][ T8407]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  246.691375][ T8407] 
[  246.691375][ T8407] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}:
[  246.699027][ T8407]        lock_acquire+0x116/0x2f0
[  246.704069][ T8407]        lock_sock_nested+0x48/0x100
[  246.709410][ T8407]        do_ip_setsockopt+0x17e9/0x39c0
[  246.714975][ T8407]        ip_setsockopt+0x63/0x100
[  246.720002][ T8407]        do_sock_setsockopt+0x3b1/0x710
[  246.725554][ T8407]        __ia32_sys_setsockopt+0x1f2/0x280
[  246.731365][ T8407]        __do_fast_syscall_32+0xb4/0x110
[  246.737006][ T8407]        do_fast_syscall_32+0x34/0x80
[  246.742387][ T8407]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  246.749232][ T8407] 
[  246.749232][ T8407] -> #0 (rtnl_mutex){+.+.}-{4:4}:
[  246.756445][ T8407]        validate_chain+0xa69/0x24e0
[  246.761729][ T8407]        __lock_acquire+0xad5/0xd80
[  246.766962][ T8407]        lock_acquire+0x116/0x2f0
[  246.771987][ T8407]        __mutex_lock+0x1a5/0x10c0
[  246.777183][ T8407]        do_ip_getsockopt+0x11ae/0x2ba0
[  246.782734][ T8407]        ip_getsockopt+0xef/0x2e0
[  246.787765][ T8407]        tcp_getsockopt+0x16f/0x1d0
[  246.792967][ T8407]        smc_getsockopt+0x1c6/0x400
[  246.798155][ T8407]        do_sock_getsockopt+0x391/0x740
[  246.803702][ T8407]        __ia32_sys_getsockopt+0x2a1/0x370
[  246.809507][ T8407]        __do_fast_syscall_32+0xb4/0x110
[  246.815130][ T8407]        do_fast_syscall_32+0x34/0x80
[  246.820494][ T8407]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  246.827342][ T8407] 
[  246.827342][ T8407] other info that might help us debug this:
[  246.827342][ T8407] 
[  246.837576][ T8407] Chain exists of:
[  246.837576][ T8407]   rtnl_mutex --> sk_lock-AF_INET --> &smc->clcsock_release_lock
[  246.837576][ T8407] 
[  246.851147][ T8407]  Possible unsafe locking scenario:
[  246.851147][ T8407] 
[  246.858591][ T8407]        CPU0                    CPU1
[  246.863946][ T8407]        ----                    ----
[  246.869300][ T8407]   lock(&smc->clcsock_release_lock);
[  246.874673][ T8407]                                lock(sk_lock-AF_INET);
[  246.881616][ T8407]                                lock(&smc->clcsock_release_lock);
[  246.889522][ T8407]   lock(rtnl_mutex);
[  246.893506][ T8407] 
[  246.893506][ T8407]  *** DEADLOCK ***
[  246.893506][ T8407] 
[  246.901638][ T8407] 1 lock held by syz.0.700/8407:
[  246.906561][ T8407]  #0: ffff888035c466a0 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_getsockopt+0x131/0x400
[  246.917094][ T8407] 
[  246.917094][ T8407] stack backtrace:
[  246.922980][ T8407] CPU: 0 UID: 0 PID: 8407 Comm: syz.0.700 Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(full) 
[  246.923000][ T8407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  246.923021][ T8407] Call Trace:
[  246.923029][ T8407]  <TASK>
[  246.923036][ T8407]  dump_stack_lvl+0x241/0x360
[  246.923061][ T8407]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.923084][ T8407]  ? __pfx__printk+0x10/0x10
[  246.923105][ T8407]  ? print_lock+0x171/0x1a0
[  246.923125][ T8407]  print_circular_bug+0x2e1/0x300
[  246.923146][ T8407]  check_noncircular+0x142/0x160
[  246.923169][ T8407]  validate_chain+0xa69/0x24e0
[  246.923197][ T8407]  __lock_acquire+0xad5/0xd80
[  246.923215][ T8407]  lock_acquire+0x116/0x2f0
[  246.923230][ T8407]  ? do_ip_getsockopt+0x11ae/0x2ba0
[  246.923251][ T8407]  __mutex_lock+0x1a5/0x10c0
[  246.923266][ T8407]  ? do_ip_getsockopt+0x11ae/0x2ba0
[  246.923283][ T8407]  ? __lock_acquire+0xad5/0xd80
[  246.923300][ T8407]  ? do_ip_getsockopt+0x11ae/0x2ba0
[  246.923316][ T8407]  ? __pfx___mutex_lock+0x10/0x10
[  246.923338][ T8407]  do_ip_getsockopt+0x11ae/0x2ba0
[  246.923357][ T8407]  ? __pfx_do_ip_getsockopt+0x10/0x10
[  246.923379][ T8407]  ? look_up_lock_class+0x7b/0x170
[  246.923394][ T8407]  ? register_lock_class+0x54/0x330
[  246.923411][ T8407]  ? __lock_acquire+0xad5/0xd80
[  246.923438][ T8407]  ? __mutex_trylock_common+0x184/0x2e0
[  246.923460][ T8407]  ? __pfx___mutex_trylock_common+0x10/0x10
[  246.923483][ T8407]  ip_getsockopt+0xef/0x2e0
[  246.923501][ T8407]  ? __pfx_ip_getsockopt+0x10/0x10
[  246.923519][ T8407]  ? smc_getsockopt+0x131/0x400
[  246.923535][ T8407]  tcp_getsockopt+0x16f/0x1d0
[  246.923555][ T8407]  ? __pfx_tcp_getsockopt+0x10/0x10
[  246.923574][ T8407]  ? aa_sk_perm+0x96f/0xac0
[  246.923593][ T8407]  ? sock_common_getsockopt+0x2e/0xb0
[  246.923615][ T8407]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  246.923634][ T8407]  smc_getsockopt+0x1c6/0x400
[  246.923649][ T8407]  ? __pfx_smc_getsockopt+0x10/0x10
[  246.923663][ T8407]  ? aa_sock_opt_perm+0x79/0x120
[  246.923686][ T8407]  ? __pfx_smc_getsockopt+0x10/0x10
[  246.923700][ T8407]  do_sock_getsockopt+0x391/0x740
[  246.923727][ T8407]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  246.923749][ T8407]  ? __fget_files+0x2a/0x420
[  246.923764][ T8407]  ? __fget_files+0x39d/0x420
[  246.923776][ T8407]  ? __fget_files+0x2a/0x420
[  246.923791][ T8407]  __ia32_sys_getsockopt+0x2a1/0x370
[  246.923818][ T8407]  ? __pfx___ia32_sys_getsockopt+0x10/0x10
[  246.923843][ T8407]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  246.923858][ T8407]  ? lockdep_hardirqs_on+0x9d/0x150
[  246.923874][ T8407]  __do_fast_syscall_32+0xb4/0x110
[  246.923890][ T8407]  ? exc_page_fault+0x5f8/0x920
[  246.923915][ T8407]  do_fast_syscall_32+0x34/0x80
[  246.923931][ T8407]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  246.923950][ T8407] RIP: 0023:0xf7fc7579
[  246.923967][ T8407] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  246.923982][ T8407] RSP: 002b:00000000f50e655c EFLAGS: 00000206 ORIG_RAX: 000000000000016d
[  246.923997][ T8407] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  246.924008][ T8407] RDX: 0000000000000030 RSI: 0000000080005fc0 RDI: 0000000080006000
[  246.924018][ T8407] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  246.924028][ T8407] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  246.924037][ T8407] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  246.924051][ T8407]  </TASK>
[  247.274528][ T8405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.279363][ T8414] netlink: 8 bytes leftover after parsing attributes in process `syz.0.700'.
[  247.311664][ T8409] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.320360][ T8405] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.338798][ T5894] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  247.342971][ T8409] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.348620][ T5894] ftdi_sio 4-1:0.0: device disconnected
[  247.371287][ T8405] netlink: 76 bytes leftover after parsing attributes in process `syz.2.699'.
[  247.374162][ T8407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.392459][ T8407] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.424153][ T8407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.443193][ T8407] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.525797][ T8402] dccp_close: ABORT with 704 bytes unread
[  249.507113][   T30] audit: type=1326 audit(1743664897.762:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8406 comm="syz.0.700" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7fc00000
[  255.535492][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  255.541889][ T1301] ieee802154 phy1 wpan1: encryption failed: -22