last executing test programs:

20m56.906721369s ago: executing program 3 (id=157):
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
socket$kcm(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
mount(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='adfs\x00', 0x8000, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0xffffffffffffffff)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
socket$packet(0x11, 0x2, 0x300)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x48)
socket$caif_seqpacket(0x25, 0x5, 0x3)
socket$igmp(0x2, 0x3, 0x2)
socket$netlink(0x10, 0x3, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x80001, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

20m55.793855058s ago: executing program 3 (id=159):
pipe(&(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[], 0x398}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

20m54.747718717s ago: executing program 3 (id=161):
mkdir(&(0x7f0000000180)='./bus\x00', 0x121)
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8000003d)
rename(&(0x7f0000000040)='./bus\x00', &(0x7f0000000600)='./file0\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1, 0x4, 0x523, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x8, [@typedef={0x6, 0x0, 0x0, 0x8, 0x2}, @func={0x5, 0x0, 0x0, 0x12}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x6f, 0x61]}}, 0x0, 0x38}, 0x20)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r3, &(0x7f0000000000), 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct={0x1, 0x0, 0x0, 0x13, 0x0, 0x8001}]}}, 0x0, 0x26}, 0x28)
listen(r3, 0x1)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f00000a0000)=nil, 0x0, 0x1, 0x11, r6, 0x0)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r7, &(0x7f0000000000), 0x8)
listen(r7, 0x1)
futex(&(0x7f00000004c0), 0x5, 0x0, 0x0, &(0x7f0000000080)=0x1, 0x9bfffffe)

20m50.883333503s ago: executing program 3 (id=172):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x49}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001140)=ANY=[@ANYBLOB="300000000114e73f"], 0x30}, 0x1, 0x0, 0x0, 0xbe9b70533f0d9e1}, 0x20004014)
recvfrom(r0, 0x0, 0x0, 0xc0000040, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet_udp_int(r2, 0x88, 0x65, 0x0, &(0x7f00000000c0))
r3 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r3, &(0x7f0000000300)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x1}}, 0x10)
sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000100)={0x144, 0x0, 0x402, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x2, 0x19}}}}, [@NL80211_ATTR_QOS_MAP={0x1c, 0xc7, {[{0x3, 0x2}, {0x5, 0x7}, {0x22, 0x2}, {0x4, 0x1}, {0x8, 0x1}, {0x1c, 0x1}, {0x10, 0x1}, {0x5, 0x3}], "f25e298486376fcd"}}, @NL80211_ATTR_QOS_MAP={0x22, 0xc7, {[{0x9, 0x4}, {0x61, 0x4}, {0x99, 0x1}, {0x4, 0x2}, {0x1, 0x1}, {0x1, 0x3}, {0xa, 0x4}, {0x0, 0x3}, {0xf1, 0x1}, {0x6, 0x4}, {0x0, 0x6}], "01be96ccbdab2144"}}, @NL80211_ATTR_QOS_MAP={0x34, 0xc7, {[{0xb, 0x6}, {0x8a, 0x4}, {0xd, 0x6}, {0x80, 0x7}, {0x7, 0x1}, {0x4, 0x7}, {0x0, 0x5}, {0x6, 0x3}, {0x9, 0x5}, {0x10}, {0x6, 0x3}, {0xf8, 0x2}, {0xe, 0x3}, {0x48, 0x4}, {0x80, 0x4}, {0x9, 0x7}, {0x6, 0x5}, {0x8, 0x2}, {0x81}, {0xfd, 0x6}], "703a37ef5754428f"}}, @NL80211_ATTR_QOS_MAP={0x2e, 0xc7, {[{0x1, 0x2}, {0x9, 0x1}, {0x5, 0x5}, {0x3, 0x5}, {0xca, 0x5}, {0x0, 0x2}, {0x9, 0x1}, {0x4, 0x2}, {0x3, 0x2}, {0x0, 0x2}, {0xef, 0x4}, {0xff, 0x2}, {0x1, 0x5}, {0x8}, {0xfe, 0x5}, {0x0, 0x5}, {0x41}], "c1c5b26f6c36e40d"}}, @NL80211_ATTR_QOS_MAP={0x2a, 0xc7, {[{0x1, 0x6}, {0x2, 0x7}, {0x7, 0x6}, {0x3f, 0x7}, {0x4}, {0x8}, {0x0, 0x2}, {0x4a, 0x2}, {0xa, 0x5}, {0x8, 0x5}, {0x9, 0x1}, {0x1, 0x4}, {0xfd, 0x1}, {0x6, 0x3}, {0x2}], "48cb100f79f276c9"}}, @NL80211_ATTR_QOS_MAP={0xe, 0xc7, {[{0xf7, 0x2}], "efed847651a5933b"}}, @NL80211_ATTR_QOS_MAP={0x32, 0xc7, {[{0x8, 0x4}, {0x6, 0x4}, {0xb, 0x1}, {0x25, 0x4}, {0xf7, 0x4}, {0x40, 0x6}, {0x7, 0x7}, {0x3, 0x4}, {0x8, 0x3}, {}, {0x20, 0x4}, {0x6, 0x3}, {0x3, 0x7}, {0xf, 0x2}, {0x9, 0x4}, {0x1, 0x5}, {0x6, 0x6}, {0x48, 0x6}, {0x81, 0x7}], "baab99a8e92feb10"}}, @NL80211_ATTR_QOS_MAP={0x10, 0xc7, {[{0xb6, 0x3}, {0x6, 0x1}], "03e0be38df95ca44"}}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000090}, 0x408c0)

20m48.785912952s ago: executing program 3 (id=177):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0x3)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000280)=0x4)
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000200)=0x3)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r0, &(0x7f0000000180)=[{&(0x7f0000000040)="00215f17a707001d0000030640710a069d317ebbaaa6", 0x16}], 0x1, 0x807, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
unshare(0x24020400)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
r5 = socket(0x10, 0x3, 0x6)
r6 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000040)={'team0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x68, 0x24, 0xf0b, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x38, 0x2, {{0x7fff, 0xcb, 0x7, 0xffff, 0xdb2c, 0x9}, [@TCA_NETEM_JITTER64={0xc, 0xb, 0xfffffffffffffffc}, @TCA_NETEM_LOSS={0x4}, @TCA_NETEM_CORRUPT={0xc, 0x4, {0x1a, 0x80000001}}]}}}]}, 0x68}}, 0x20000000)
setsockopt$inet_mreqn(r4, 0x0, 0x24, &(0x7f00000000c0)={@rand_addr=0x64010100, @private=0xa010100, r7}, 0xc)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)

20m43.58724942s ago: executing program 3 (id=186):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
syz_usb_connect(0x2, 0x4f, &(0x7f0000000080)={{0x12, 0x1, 0x351, 0x29, 0xfb, 0xf0, 0x40, 0x738, 0x4540, 0xc6ce, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3d, 0x2, 0x2, 0x6, 0x10, 0x78, [{{0x9, 0x4, 0xd4, 0x9, 0x1, 0x78, 0x6d, 0x3d, 0x40, [], [{{0x9, 0x5, 0x1, 0x0, 0x200, 0x9, 0x4, 0x2}}]}}, {{0x9, 0x4, 0xe2, 0x0, 0x2, 0xb2, 0x26, 0x18, 0xbb, [], [{{0x9, 0x5, 0x1, 0x0, 0x200, 0x7c, 0x9e, 0x9, [@generic={0x7, 0x5, "85e371932d"}]}}, {{0x9, 0x5, 0x7, 0xb, 0x0, 0x9, 0x73, 0x3}}]}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x896343b57e79e890, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'veth1_to_team\x00', 0x2})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'\x00', 0x10})

20m28.4782672s ago: executing program 32 (id=186):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
syz_usb_connect(0x2, 0x4f, &(0x7f0000000080)={{0x12, 0x1, 0x351, 0x29, 0xfb, 0xf0, 0x40, 0x738, 0x4540, 0xc6ce, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3d, 0x2, 0x2, 0x6, 0x10, 0x78, [{{0x9, 0x4, 0xd4, 0x9, 0x1, 0x78, 0x6d, 0x3d, 0x40, [], [{{0x9, 0x5, 0x1, 0x0, 0x200, 0x9, 0x4, 0x2}}]}}, {{0x9, 0x4, 0xe2, 0x0, 0x2, 0xb2, 0x26, 0x18, 0xbb, [], [{{0x9, 0x5, 0x1, 0x0, 0x200, 0x7c, 0x9e, 0x9, [@generic={0x7, 0x5, "85e371932d"}]}}, {{0x9, 0x5, 0x7, 0xb, 0x0, 0x9, 0x73, 0x3}}]}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x896343b57e79e890, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'veth1_to_team\x00', 0x2})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'\x00', 0x10})

15m30.356512798s ago: executing program 0 (id=1039):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x38, 0x1411, 0x20, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x26}, @RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x35}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x40)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$IMCLEAR_L2(0xffffffffffffffff, 0x80044946, &(0x7f0000000300)=0x3ff)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000001c0))
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0xfffffffffffffdec)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r4)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r4, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, &(0x7f0000000300))
r5 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0xffffffff, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r5, r5, &(0x7f0000000080)=0x10000000000000, 0x7f03)
syz_open_pts(0xffffffffffffffff, 0x0)

15m26.637720415s ago: executing program 0 (id=1054):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002e00)=ANY=[@ANYRESDEC=r0], 0x108}, 0x1, 0x0, 0x0, 0x4000010}, 0x0)

15m25.48521969s ago: executing program 0 (id=1057):
socket$netlink(0x10, 0x3, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
fcntl$F_SET_RW_HINT(r1, 0x40c, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000380)='cgroup.procs\x00', 0x2, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@ipv4_newrule={0x30, 0x1e, 0x1, 0x70bd2b, 0x0, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7}, [@FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x1ff}, @FRA_DST={0x8, 0x1, @multicast2}]}, 0x30}}, 0x4000000)
r7 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r8 = openat$cgroup_ro(r7, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r8, &(0x7f0000000200)=0x1, 0x12)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000480)=@broute={'broute\x00', 0x5e04, 0x0, 0x90, [0x0, 0x0, 0x200000000140], 0x2, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000000000000000000002000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000004fd00000000000fcffffff00000000"]}, 0x108)
r9 = socket(0x10, 0x803, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd26, 0x8000006, {0x0, 0x0, 0x0, r11, {0x0, 0x6}, {}, {0x1, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xf, 0x8}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24008004}, 0x0)

15m24.164574111s ago: executing program 0 (id=1059):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000c40)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000c80)={0x28, r0, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x28}, 0x1, 0x0, 0x0, 0x8044}, 0x88d4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES32=r1], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x18)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100ffffffff0000000001000200040007800c000200ff7f000000000000"], 0x24}}, 0x20000000)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_ABSBIT(r6, 0x40045567, 0xfffffffffffffffc)
ioctl$UI_ABS_SETUP(r6, 0x401c5504, &(0x7f00000002c0)={0x3f})
ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x3)
write$uinput_user_dev(r6, &(0x7f0000001740)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7fffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r8, &(0x7f0000000040)={0x1f, @any, 0x2}, 0xa)
shutdown(r8, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x20000, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
futimesat(0xffffffffffffffff, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001ff, 0x101381)
sendmsg$DEVLINK_CMD_PORT_GET(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)={0x3c, r9, 0x1, 0x0, 0x0, {0x49}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73}}}]}, 0x3c}}, 0x0)
setxattr$security_smack_transmute(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), &(0x7f00000002c0), 0x4, 0x3)

15m21.179334225s ago: executing program 0 (id=1064):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x38, 0x1411, 0x20, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x26}, @RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x35}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x40)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$IMCLEAR_L2(0xffffffffffffffff, 0x80044946, &(0x7f0000000300)=0x3ff)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000001c0))
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0xfffffffffffffdec)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r4)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r4, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, &(0x7f0000000300))
r5 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0xffffffff, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r5, r5, &(0x7f0000000080)=0x10000000000000, 0x7f03)
syz_open_pts(0xffffffffffffffff, 0x0)

15m20.116221081s ago: executing program 0 (id=1070):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
ftruncate(r1, 0xc17a)
syz_80211_inject_frame(0x0, &(0x7f0000004580)=@data_frame={@msdu=@type11={{0x0, 0x2, 0x7, 0x1, 0x1, 0x0, 0x1, 0x1}, {0x8}, @broadcast, @device_a, @device_a, {0x0, 0x1}}, @a_msdu}, 0x1e)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r2}, 0x10)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0x101201, 0x0)
write$tcp_mem(r3, &(0x7f00000001c0)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000300)={r1, 0x1, 0xfeff6000, 0xfffffffff0000000})
lseek(r1, 0x6, 0x4)
r4 = syz_open_dev$media(&(0x7f0000000000), 0x1000000000001, 0x0)
ioctl$MEDIA_IOC_ENUM_ENTITIES(r4, 0xc1007c01, &(0x7f0000000040))
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="03400a000000000000008feddeb2c6c89dc4158788939fa682c30a5cb157d357bc6f25cebf96b6ad4a7f1b58766c82cfda6d7a2e76d9d0e20fac3736a7198c6b883f699d18beb5b3dc7430d2fb5f2f83ce31ddb0612eeb8eb8329a2ec81aef36eb5509461ad2f821678c435caed19c9b8b7b24e4f02e00030019df338ad789a2bb0000000000000000", @ANYRES32=0x1, @ANYBLOB="ff0f00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04000000010000000100"/28], 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={&(0x7f0000000500)="3e1fdb17f8ac6f1dbe1ab6797b8ef6584b638751e4d8cd25693e4afc6d17c004179c0e3bee818cf9e3feb46511bbb2dae9a403f6825e36e01b37aff300369e796f93889b62f996293acfd82585daafa577f68c9aa9cb18d71fa75c087e96dfc03d3623954582b6e5b7395ddfce386f8a57227286ccf9fd6163a83598d2abc560764e830f4ee357cb5ea5e92f0241390482f3dc5986f1d3d76f02becf05b59b0c69f5968b2b1da6d3e9029faa2f17361b50ef5a55ac0ed094482a67b9d9db12bb37c6", &(0x7f0000000140)=""/182, &(0x7f0000000240)="4ccfdac752155d0da5a31c3ca9585a51679b45c32a6d245bfc5a9298d761eb2d712d77ebb546d1f40bd0e688e74f820e511c8d60faffb7892dbaeeefaf87f009c042cc6374cd0bbe85bb218b464e152bbc01d44381b3d7a55a13ca7b03260df612a3c6a88b93c0149562fc2cd7dca39c834f1ca8975b", &(0x7f00000006c0)="77a42a654f0940eda809603dee2fd7c02d4c66f9d6b13a41f5fe23844d2cd9236eab5cd05c96b83c14fe578d047851d077d84711ca3288d32d8eebcfe920b7ad6151f8868f0a970fa2b576ac06acc5eed120d543433f5f9db34a075f07bf3f1a7ee29f6f684991da94992864c1271636657031268e79989d80604a5ee06360e31dd283337b4cb9f852bc0d6d39b77997e0e707fd3de775e8c81f26523fdabaf4431599a74c74ee70ee046459b20d56d085a4e595ae6e4d1faaea87b9548d69b153c4596643d44ace987d7192bcd36e8b268ad1c6114b393e346f40631cc3fcd6e0ff56f6087453f8a906ee0f88dc34663234", 0x2, r5}, 0x38)

15m18.517493801s ago: executing program 33 (id=1070):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
ftruncate(r1, 0xc17a)
syz_80211_inject_frame(0x0, &(0x7f0000004580)=@data_frame={@msdu=@type11={{0x0, 0x2, 0x7, 0x1, 0x1, 0x0, 0x1, 0x1}, {0x8}, @broadcast, @device_a, @device_a, {0x0, 0x1}}, @a_msdu}, 0x1e)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r2}, 0x10)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0x101201, 0x0)
write$tcp_mem(r3, &(0x7f00000001c0)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000300)={r1, 0x1, 0xfeff6000, 0xfffffffff0000000})
lseek(r1, 0x6, 0x4)
r4 = syz_open_dev$media(&(0x7f0000000000), 0x1000000000001, 0x0)
ioctl$MEDIA_IOC_ENUM_ENTITIES(r4, 0xc1007c01, &(0x7f0000000040))
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="03400a000000000000008feddeb2c6c89dc4158788939fa682c30a5cb157d357bc6f25cebf96b6ad4a7f1b58766c82cfda6d7a2e76d9d0e20fac3736a7198c6b883f699d18beb5b3dc7430d2fb5f2f83ce31ddb0612eeb8eb8329a2ec81aef36eb5509461ad2f821678c435caed19c9b8b7b24e4f02e00030019df338ad789a2bb0000000000000000", @ANYRES32=0x1, @ANYBLOB="ff0f00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04000000010000000100"/28], 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={&(0x7f0000000500)="3e1fdb17f8ac6f1dbe1ab6797b8ef6584b638751e4d8cd25693e4afc6d17c004179c0e3bee818cf9e3feb46511bbb2dae9a403f6825e36e01b37aff300369e796f93889b62f996293acfd82585daafa577f68c9aa9cb18d71fa75c087e96dfc03d3623954582b6e5b7395ddfce386f8a57227286ccf9fd6163a83598d2abc560764e830f4ee357cb5ea5e92f0241390482f3dc5986f1d3d76f02becf05b59b0c69f5968b2b1da6d3e9029faa2f17361b50ef5a55ac0ed094482a67b9d9db12bb37c6", &(0x7f0000000140)=""/182, &(0x7f0000000240)="4ccfdac752155d0da5a31c3ca9585a51679b45c32a6d245bfc5a9298d761eb2d712d77ebb546d1f40bd0e688e74f820e511c8d60faffb7892dbaeeefaf87f009c042cc6374cd0bbe85bb218b464e152bbc01d44381b3d7a55a13ca7b03260df612a3c6a88b93c0149562fc2cd7dca39c834f1ca8975b", &(0x7f00000006c0)="77a42a654f0940eda809603dee2fd7c02d4c66f9d6b13a41f5fe23844d2cd9236eab5cd05c96b83c14fe578d047851d077d84711ca3288d32d8eebcfe920b7ad6151f8868f0a970fa2b576ac06acc5eed120d543433f5f9db34a075f07bf3f1a7ee29f6f684991da94992864c1271636657031268e79989d80604a5ee06360e31dd283337b4cb9f852bc0d6d39b77997e0e707fd3de775e8c81f26523fdabaf4431599a74c74ee70ee046459b20d56d085a4e595ae6e4d1faaea87b9548d69b153c4596643d44ace987d7192bcd36e8b268ad1c6114b393e346f40631cc3fcd6e0ff56f6087453f8a906ee0f88dc34663234", 0x2, r5}, 0x38)

13.999389173s ago: executing program 5 (id=3560):
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='mountinfo\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000340)={0xa, 0x3, 0x0, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000300), 0x4)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x4004881)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000040))
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x3011c26, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
unshare(0x6a040000)
socket$alg(0x26, 0x5, 0x0)
r3 = syz_io_uring_setup(0x22e, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x1a})
io_uring_enter(r3, 0x7a98, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @multicast})
write$tun(r6, &(0x7f0000000240)=ANY=[@ANYBLOB="000386dd0a00100014004000000060ec970200140400fb8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe)
socket$netlink(0x10, 0x3, 0x0)

11.972186435s ago: executing program 1 (id=3566):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000010001000000000000002"], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x3, 0x101142)
ioctl$FS_IOC_RESVSP(r1, 0x40044591, 0x0)
r2 = dup2(r1, r1)
write$sndseq(r2, 0x0, 0x0)

11.590929727s ago: executing program 5 (id=3567):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
getsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000140)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x10)
bind$can_raw(r1, &(0x7f00000000c0), 0x10)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000100)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x8)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x24, @short={0x2, 0xffff, 0xffff}}, 0x14, &(0x7f0000000080)={0x0}}, 0x0)
setsockopt$WPAN_WANTLQI(r2, 0x0, 0x3, &(0x7f0000001780)=0x1, 0x4)
recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x40010001, 0x0)
connect$unix(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r3 = socket$rxrpc(0x21, 0x2, 0x8)
r4 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0})
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff3000/0xa000)=nil, 0xa000, 0x2000000, 0x2010, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x3a0a, &(0x7f0000000100)={0x0, 0xabd0, 0x1, 0x0, 0xa1}, &(0x7f0000000180), &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0)
syz_usb_control_io$printer(r4, 0x0, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r3, 0x1, 0x53, 0x0, &(0x7f0000000080))
ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x4)

11.588995619s ago: executing program 1 (id=3568):
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x7})
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000004c0)={'ip_vti0\x00', &(0x7f0000000440)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @private, @private}}}})
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d1d1eb1361854e3035ea114dbc920bb6f06b0952ec9e9798b533f3bcb30898a99ca227877d932e9cdc9806ce274671d1761f37b2844e3f1a5613a08dd11a28ecc129eaa1a17902e52e0a21912e9a40ebd0790df6c93b0cfe522725c2819be96f46d16617a21c83c386cd199890c489e5f7f251529d70e45e197afac4395b8d2b941ea574cc5b4f809dc04d0cee25495aa4a6c6de9d523d2fca7c698bee1291969eaae8938c3eff9462155a47998fb3f5d9d84a4bd9cc557c956252eaef23a78d897861470e358d21af380dc7088ae4abbaa12bc978d0aa6e0bf32534d06a9aaa93d419b7", @ANYRESOCT=r1, @ANYRES32, @ANYRES64=r1, @ANYRES32=r1], 0x18}, 0x1, 0x0, 0x0, 0x40d0}, 0x4044080)
recvmmsg(0xffffffffffffffff, &(0x7f0000005f40)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f000000b340)=""/4100, 0x1004}, {&(0x7f0000000340)=""/191, 0xbf}, {&(0x7f00000002c0)=""/20, 0x14}, {&(0x7f0000000600)=""/153, 0x99}], 0x4}, 0x6}, {{&(0x7f00000006c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000480)=""/34, 0x22}, {&(0x7f0000000740)=""/193, 0xc1}, {&(0x7f0000000840)=""/71, 0x47}], 0x3, &(0x7f00000041c0)=""/4096, 0x1000}, 0x4a7}, {{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001940)=""/153, 0x99}, {&(0x7f0000001a00)=""/196, 0xc4}, {&(0x7f0000001b00)=""/46, 0x2e}, {&(0x7f0000008340)=""/4096, 0x1000}], 0x4, &(0x7f0000001b80)=""/118, 0x76}, 0x100}, {{&(0x7f0000001c00)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f00000052c0)=[{&(0x7f0000001c80)=""/133, 0x85}, {&(0x7f0000006100)=""/97, 0x61}, {&(0x7f0000001dc0)=""/253, 0xfd}, {&(0x7f0000001ec0)=""/149, 0x95}, {&(0x7f0000001f80)=""/141, 0x8d}, {&(0x7f0000002040)=""/46, 0x2e}, {&(0x7f00000051c0)=""/216, 0xd8}], 0x7}, 0x100}, {{0x0, 0x0, &(0x7f0000005680)=[{&(0x7f0000009340)=""/4096, 0x1000}, {&(0x7f0000002080)=""/22, 0x16}, {&(0x7f0000005340)=""/137, 0x89}, {&(0x7f0000005400)=""/56, 0x38}, {&(0x7f0000005440)=""/42, 0x2a}, {&(0x7f0000005480)=""/170, 0xaa}, {&(0x7f0000005540)=""/102, 0x66}, {&(0x7f00000055c0)=""/178, 0xb2}], 0x8, &(0x7f0000005700)=""/125, 0x7d}}, {{&(0x7f0000005780)=@nl=@proc, 0x80, &(0x7f0000005a40)=[{&(0x7f0000005800)=""/56, 0x38}, {&(0x7f0000005840)=""/12, 0xc}, {&(0x7f0000005880)=""/110, 0x6e}, {&(0x7f0000005900)=""/99, 0x63}, {&(0x7f0000005980)=""/156, 0x9c}], 0x5}, 0x7fff}, {{&(0x7f0000005ac0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x80, &(0x7f0000005e40)=[{&(0x7f0000005b40)=""/120, 0x78}, {&(0x7f0000005bc0)=""/48, 0x30}, {&(0x7f000000a340)=""/4096, 0x1000}, {&(0x7f0000005c00)=""/189, 0xbd}, {0x0}], 0x5, &(0x7f0000005ec0)=""/81, 0x51}, 0x1}], 0x7, 0x100, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000080)={0x0})
ioctl$MON_IOCH_MFLUSH(r2, 0x9208, 0x6)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
mknod$loop(0x0, 0xfff, 0x1)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect(0x6, 0x24, &(0x7f0000000740)=ANY=[], 0x0)
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000280)={0x0, 0x0, 0x1})
read$FUSE(0xffffffffffffffff, &(0x7f0000006300)={0x2020}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$usbfs(&(0x7f0000000180), 0x0, 0x40900)
write$tcp_congestion(0xffffffffffffffff, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x2})
r4 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r4, 0x11b, 0x1, &(0x7f00000000c0), &(0x7f0000000140)=0x7d)
syz_open_dev$usbfs(&(0x7f0000000000), 0x205, 0x44680)

11.57896811s ago: executing program 4 (id=3569):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$inet6(0xa, 0x2, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="79129800000000006113280000000000bf2020000000000004000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002000000760300000ee60060bf050000000000002c650000000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e80100008000000000887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae899a56715a0a62a26a0f6a5480a55c22fe394ae0000000000000000000000000000437d57defb79ea000500000000000000000000f014a4a318ba48d35ae9f438000000000000db894b62a614cb1fdd46619c5d2200000000000700000000000000000000006dcd2f421400f69947e4f26e099c9e8369080663c909b7e7c87e3b5e8e5a6df77c8f7338cd5a85f211a41b5d529d4243e47d7ab0d5991756b59d363ba30b18fc2ff189a4e8db38ab97c6a125e2785619e84c6a2b50f0e3ff83ef5149aff43dc899fdebdc2c496e6bdd4dd4d21f06fe133f4444272c5f0839ad663100452a6c6b6421f7e89a33b339401eee2cd466ab2a93a1ee7fb8a9e455ba1c6e17b02a1cd7bf35d36cf5b2a0f063469ae0d0b9fc042b48e98626eb0f9754d8cbbefa3079fe63063047baff09e9aaf7600000fba9a88db9ebef86f7cb522a784bb6d37e5f802757a15c6735138b493db9df53440a63fc565a0b190a710ae1e6807cbeb415ac841e94b706974160a60a14e571274f333d23186143b95514c79b50994cb39cda343bda8f01cf8ec7cdfdace0289e83ce50a57d69bfecfaf69fe7ff5b0375a47d3eb57b41d8a0589b82a1cf1149ba3f21ea2b65433321eb1a6f04ecc713c2b26d27baa49e54c2babec86335b9f418b5a5eb997bc9dd65197124b9aa80fc4aa8defb986bf05c41b919886bb81ecd3d24cf9ecc7004000000000000002c70d32f5d55ef2a2cf7560cb2884f46a92b3c25550f73e407fc5d514b2b7a6b690e290e676266addb7d96e723dec9c418eec8c48dffb6f432b4d5fef16e4f0051ba7efc690022c3f62b37cb5682d8bfdfc637ad3bf089ef0117bcd395322fcfb8e8e0a6e2babceb5f289b1d991770681192bcd0b584c3497e455f30ab918a690514a87a7d8e1d5f169a4e680e9c390071d26f2e0e26fc062f2785f14c0404fe01fb4000000000000000577dcb1698a9021a36d73ed03651c1937b2c84046023a1a0a87b208e33ad2d7c2892b176877264e1d699b7401eb917b289f6f67060fda0fa44b54bd87517a2bf09dba7209e41db4288b61bda5960952c45e5c55f2cd68bf9c6ff33e46109584bf42e8696ef1876564fef6f24cbbed0db8ab7fda1ffcc8c9fd4ab2cbe8f8df8e5535b12a942a948eacdaf308d48932064cfc3329da74f6f3e4409d6764a29680e312bf1a0143180e6493c9201ea916e6c9b2566c558ad88d9f7c0aebf82f5807eecefa97ada9bbd9e478e5d7748ee188bc719ca7a73dce5b6758a767c4c6b7572ab25eb2d73986379d5685cb438fe7091d097cc8f33fc0f83dee76603d6580f1c8fc4c37efd305ccc5a25678180425718bb9344e60dda8dae2677bb602d29aa0810616a2fdbca7020d72291b592b84223e2522ee01f5bdaa0fc4eb8d71d948a2baccf3ea2aa79d4d9069d8c0000000000000000000000321cd67859b4567badee56f158406f08683bdc5ffe2dedc916000c71f922fa2dfead7535999436a4aeb908781893479319b8b55e00d90ae6f09f06be2a0fc0bc17bef53331208112a0132350c0c5dd4607547079acc9471300dea6ae01742dccdae69f932cef80bca1bfcb57b9c852cf8358a580044772a80f20de36f707385380155be8907029d039a1d1447fc06b7020221e0d439f3f47edcf12f913dc8b6389a540340ae37804728ea65352e630c2e90424d58d72fdc1b28403e1dc7aad238b81df3b2d4166d656c6a9c73554bdf4f7312a4c0271e0eb45b4a596b7fa928ac3683f09fdaca46226c1df2c6c866cb4412d17d3d52c38cf0f7bd3b0eea2d4e06d061bb1b7c8c52f37f4036932d00028abd4527f5649bd60df638596fd639d7b16860033754ab13419429e5e39f290751ab6bd9392aef5519cd8c16e1f1cb1f225cc84a1a62497c1e436142fe28048a2b4d133905814a1808bc5b3e45eaa9eaebd946bee806968aeeb5a9eed87eba3d25d0b412a1b4cf2d419a58b09fc275c4395a0bd332eb538321465043e5967dd22459d0f52190a37f93ab823431a81fa6f54de61637fd473e19a6f567fead100e7d8cac149b66ebe9973af846146c62065a64854ed21e8b6f6fbe78474b753915a42efcb7da8ad18bacff8d69e0af1ca1f8174530a21820738412b100b54ee9b4a0dc22d5fe1cadecaea73fbfad087b19ce53177488d230539c5174f572a539d9d7c42698aa82bccf030ad393f25c10baa17e919f647d0e31877b7a6c1d8d86583f884a0c1da07b9b6dced06cdeb0094aa635a82f233b5993926b8970a0840ba116a7d20a40efb3bd03c4bdf380a2510a0a1ea69811ded68943c71218b42783b38959753978f222e1396b9b36dee2ce205122a000577cab29f48bff4f88c417e6bf5fb430d925596f29aca8677ca5a113aeaa5e0252ca17244d6c76e78ff1bbd81a71c4dfc72431d7f1126f8bdbf4056ee0f58a1bf83d53b1de07489541182dc4ee0f573c25b6c15dad930bc7a770b5a4f407d7a879db7185f15f80100000000000000739cc97db66ec6b925955d9a591808947fdd8d484ad27353230a449fdf87fc46c73b852fec931cfb6718acf3315bf5e577d00beb77c5514bc05d576a81345a03ad7aae74c5d2b77d45718348aed4fcbcd1441ff31b8f038824a989a9446a4a69367b228b3d174230b7320fc4d3c03368db573816dd0c04e65d6f8ce48283e76abdddbb965e0b2568e93c9cc5494a55421793f562c50c53f876cbde93c5cc7a3099c99d9775af010ba093f8a13b771782a3cfb24fbde6ef763e20c613164ab014d1906c4e098f1431b6b2886a155c4bac2911d7ee6a646f5913205ebd175e68975b93c330e4f9131788026b3b7cd5b6452c9e17452ac70000000000000000000000c71185f72436640fd4294fc3da230f9065095be47d7a848df12316c3c8b184fe110b061987fd79cf7d83443e69d08e2e839ae4fbe26ef7764f4870ef3bd0ec12eb45f60ca10dbfe329271f0bc93b28798e982e0dd32fc14bd4313c63b2dbb568f33fb45acad2dc7f438ea162c0709c0bbe1ea13e1e47399286e8143f400d7adf5f69e455706626814ee49274667f47769293451fd49885a152b8d2cf18febc7993f4a93893c6c7b7e46a230359ef2443e6bb9f50bb0faa5eaafd3ed6d551600c46b58a29fd7ccbbb0616f0be27302b683eccd742791d97f4a1daa0447f004426fd09b67d926f51525da63987bc73af35b28277879089b89fff6edab2fa1caf660a46a1a9f09e2d095b1c4be95c7c33dc81857f580e36c0a78d94dd879ee18de4a6475858d2ded2e3427ae007cc6f8e5e99aa146667f71ad83f3ddcf5db2dc396d7da499b65cd98125f20c284fc84d6a70be1de44b49c82022225292199c75cc26beab98dce4c331ed722f01d0d6314a72416814a565f4d90a5f8a255810f23541082f4b06f451e4724cd882f4d589600000000005854ca490d7df9cc293547c9a51aecc7a92f417f6a4d327737f1b198252358832dbe43507844a0cc112af4ce457c173fa64174ffd5ab9501eeb85508ebb60e169c0736c5960f2fe08735d6a7aa7c1f4a6433e77d3e547bbe6cf5b5d93a491ab4bba1ea7a1e6f37618b1d74cff3630d85a210092211be1ec12a30891eef590b19cdde055d626818c64e1c56b8918f33441a64b54946571b7bc70fb065d3bb1647f6f989ab8159e6d1cfa6c0ec7329d7d2263ca22144bf17d8692f03b592bd0f610096094da096233984e95b9a8216a6e60a104ae0bb5f77ac70b4390ea2cb6f6c40c928fae489f447240a25fd0a5bd9d5b6cd2a98f8804862922c11229c4e45c765e4d3348af3d3aadd5cc24b39437f1ea2df0000000000000000000000000022b90d93a267f3af"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)

11.3246068s ago: executing program 6 (id=3570):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'netdevsim0\x00', <r2=>0x0})
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)

11.263313265s ago: executing program 4 (id=3571):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01082ebd7000000000000b00000008000300", @ANYRES32=r3, @ANYBLOB="0c00500f0400060004000500"], 0x28}, 0x1, 0x0, 0x0, 0xba83542b86c80fd7}, 0x4)
r4 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000008000905810300020000000904010000020d00000904010102020d0000090582020002000000090503"], 0x0)
add_key(&(0x7f0000000140)='rxrpc\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r8, 0xfff}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4000}, {{0x18, 0x1, 0x1, 0x0, r9}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r8}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
timer_create(0x2, &(0x7f0000000100)={0x0, 0x8, 0x0, @thr={&(0x7f0000000000)="e901f921440da8acb20c6276044a14e4863ee3ba13c3d5fb53eeca2dde95f77447dea0be9952a537ba2e6ccaa0e45caa60056471acb1b815699542500ab143ef6d96b13aa63fa01fb88ed00ab339b6298edf23071ece9893cc9eafff57e217336fa31a6e21cfdf83268b47a1b2f97c7079", &(0x7f0000000080)="5b48b5ff16c30e26a3120aa6d471e737abb2d98009c36433f268a293570f10011b988b65f18f67b5c365b376d4b94b50954ea3d4dde893bc50bcda47528611ca0ee449b2ffa2ae9ce753804b735dfe2508cc99a8742c9c8535146e8f8e"}}, &(0x7f0000000140))
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f00000007c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x0, 0xb, 0x0, 0x1, 0x4, 0x7, 0x40, 0x2, 0xe, 0x0, 0x1000}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
fchmod(0xffffffffffffffff, 0x108)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0xa000, @ipv4={'\x00', '\xff\xff', @local}}], 0x1c)

11.197204117s ago: executing program 6 (id=3573):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000640)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80, 0x80, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x80000, 0x7fff, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1000}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@flushpolicy={0x10, 0x1d, 0x1}, 0x10}}, 0x0)

11.131211137s ago: executing program 6 (id=3574):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000001fc0)='fd\x00')
fchdir(r2)
getdents64(0xffffffffffffffff, &(0x7f0000000f80)=""/4096, 0x1000)
ftruncate(r0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x4000, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x400000f3, 0x0, 0xffffffffffffffff}]})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000000)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_bpf={0x2c, 0x2, 0x0, 0x0, {{0x8}, {0xfffffffffffffd5c}, {0x4}, {0xc}, {0xc}}}, @m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PRIORITY={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0)
syz_open_procfs(0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x30, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x3b}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x60, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2d, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x3, 0xf, 0x8}}, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_PBSS={0x4}]}, 0x60}}, 0x0)
unshare(0x22020600)
connect$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x7, @empty, 0xb}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@loopback, @in6=@empty, 0x4e25, 0x0, 0x0, 0x0, 0xa, 0x80, 0x0, 0xc, 0x0, 0xffffffffffffffff}, {0x2, 0x9, 0x3, 0x6, 0x9, 0xbffffffffffffffd, 0x5, 0x2000000000000000}, {0x800000fa, 0x1000000000008, 0x2, 0xfffffffffffffba6}, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2}, {{@in=@local, 0x4cf, 0x6c}, 0xa, @in6=@dev={0xfe, 0x80, '\x00', 0x19}, 0x3506, 0x1, 0x0, 0x0, 0x4, 0x80000001}}, 0xe8)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000c80)=ANY=[@ANYBLOB="040200000001010200000000000000000300000728000d8008000100ac1414aa08000200ffffffff14000400fc0200000000000000000000000000017c0001800c000280f624073fe6bd4105000100010000000c00028005000100060000000c000280050001001100000006000340000400002c00018014000300fc0000e1c493926648bbec76ced8a20000000000000000000000000014000400000000000000000000050000000000010c000280050001008400000006000340000000000c0002800500009c00000100e000000114000500fe8000000000000000000000000000bb140005000000000000000000000000000000000008000200ac14142b35b7335b0e140004edfed2a7bdb01326b5950000000000000108000200ac1e018f1783e9f8eb6eca1d34000380060002004e230000060002004e230000060002004e200000060001004e210000060002004e210000060001004e200000140017000000000500000080000022d3000001009c0006800800020064010100080001424800000144000380060001004e200000060002004e200300000001004e230000060001004e220000060001004e210000060001004e240000060002004e210000060002fe8000000000000000000000000000bb14000500fe800000000000000000000000000013080002006401010214000400ff01000000000000000000000000000100"/533], 0x204}}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="290228bd700000f99ad0da5e3546a67157a551717fac176b429f85985a40de00004008000300", @ANYRES32=r9, @ANYBLOB="0a001800030303030303000004002400"], 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x4000)

9.925460032s ago: executing program 5 (id=3576):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10)
sendmmsg(r3, &(0x7f0000001c00), 0x400000000000159, 0x40840) (fail_nth: 8)

9.518280204s ago: executing program 6 (id=3577):
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='mountinfo\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000340)={0xa, 0x3, 0x0, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000300), 0x4)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x4004881)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000040))
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x3011c26, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
unshare(0x6a040000)
socket$alg(0x26, 0x5, 0x0)
r3 = syz_io_uring_setup(0x22e, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x1a})
io_uring_enter(r3, 0x7a98, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @multicast})
write$tun(r6, &(0x7f0000000240)=ANY=[@ANYBLOB="000386dd0a00100014004000000060ec970200140400fb8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe)
socket$netlink(0x10, 0x3, 0x0)

8.487330036s ago: executing program 5 (id=3579):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000e00))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000540)={0x1fe, 0x0, 0x5000, 0x1000, &(0x7f0000090000/0x1000)=nil})
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x40)
connect$unix(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x0, &(0x7f0000000240), &(0x7f0000000000)='GPL\x00', 0x1, 0x91, &(0x7f0000000300)=""/145, 0x41000, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040)={0x5, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0x1, 0xffffffffffffffff], &(0x7f0000000400)=[{0x2, 0x2, 0x7, 0xc}], 0x10, 0xbee6}, 0x94)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00')
pread64(r4, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000500)={r3, r4, 0x1f, 0x0, @void}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
read(r5, &(0x7f0000000080)=""/186, 0xba)

6.892063416s ago: executing program 1 (id=3581):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$inet6(0xa, 0x2, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="79129800000000006113280000000000bf2020000000000004000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002000000760300000ee60060bf050000000000002c650000000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e80100008000000000887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae899a56715a0a62a26a0f6a5480a55c22fe394ae0000000000000000000000000000437d57defb79ea000500000000000000000000f014a4a318ba48d35ae9f438000000000000db894b62a614cb1fdd46619c5d2200000000000700000000000000000000006dcd2f421400f69947e4f26e099c9e8369080663c909b7e7c87e3b5e8e5a6df77c8f7338cd5a85f211a41b5d529d4243e47d7ab0d5991756b59d363ba30b18fc2ff189a4e8db38ab97c6a125e2785619e84c6a2b50f0e3ff83ef5149aff43dc899fdebdc2c496e6bdd4dd4d21f06fe133f4444272c5f0839ad663100452a6c6b6421f7e89a33b339401eee2cd466ab2a93a1ee7fb8a9e455ba1c6e17b02a1cd7bf35d36cf5b2a0f063469ae0d0b9fc042b48e98626eb0f9754d8cbbefa3079fe63063047baff09e9aaf7600000fba9a88db9ebef86f7cb522a784bb6d37e5f802757a15c6735138b493db9df53440a63fc565a0b190a710ae1e6807cbeb415ac841e94b706974160a60a14e571274f333d23186143b95514c79b50994cb39cda343bda8f01cf8ec7cdfdace0289e83ce50a57d69bfecfaf69fe7ff5b0375a47d3eb57b41d8a0589b82a1cf1149ba3f21ea2b65433321eb1a6f04ecc713c2b26d27baa49e54c2babec86335b9f418b5a5eb997bc9dd65197124b9aa80fc4aa8defb986bf05c41b919886bb81ecd3d24cf9ecc7004000000000000002c70d32f5d55ef2a2cf7560cb2884f46a92b3c25550f73e407fc5d514b2b7a6b690e290e676266addb7d96e723dec9c418eec8c48dffb6f432b4d5fef16e4f0051ba7efc690022c3f62b37cb5682d8bfdfc637ad3bf089ef0117bcd395322fcfb8e8e0a6e2babceb5f289b1d991770681192bcd0b584c3497e455f30ab918a690514a87a7d8e1d5f169a4e680e9c390071d26f2e0e26fc062f2785f14c0404fe01fb4000000000000000577dcb1698a9021a36d73ed03651c1937b2c84046023a1a0a87b208e33ad2d7c2892b176877264e1d699b7401eb917b289f6f67060fda0fa44b54bd87517a2bf09dba7209e41db4288b61bda5960952c45e5c55f2cd68bf9c6ff33e46109584bf42e8696ef1876564fef6f24cbbed0db8ab7fda1ffcc8c9fd4ab2cbe8f8df8e5535b12a942a948eacdaf308d48932064cfc3329da74f6f3e4409d6764a29680e312bf1a0143180e6493c9201ea916e6c9b2566c558ad88d9f7c0aebf82f5807eecefa97ada9bbd9e478e5d7748ee188bc719ca7a73dce5b6758a767c4c6b7572ab25eb2d73986379d5685cb438fe7091d097cc8f33fc0f83dee76603d6580f1c8fc4c37efd305ccc5a25678180425718bb9344e60dda8dae2677bb602d29aa0810616a2fdbca7020d72291b592b84223e2522ee01f5bdaa0fc4eb8d71d948a2baccf3ea2aa79d4d9069d8c0000000000000000000000321cd67859b4567badee56f158406f08683bdc5ffe2dedc916000c71f922fa2dfead7535999436a4aeb908781893479319b8b55e00d90ae6f09f06be2a0fc0bc17bef53331208112a0132350c0c5dd4607547079acc9471300dea6ae01742dccdae69f932cef80bca1bfcb57b9c852cf8358a580044772a80f20de36f707385380155be8907029d039a1d1447fc06b7020221e0d439f3f47edcf12f913dc8b6389a540340ae37804728ea65352e630c2e90424d58d72fdc1b28403e1dc7aad238b81df3b2d4166d656c6a9c73554bdf4f7312a4c0271e0eb45b4a596b7fa928ac3683f09fdaca46226c1df2c6c866cb4412d17d3d52c38cf0f7bd3b0eea2d4e06d061bb1b7c8c52f37f4036932d00028abd4527f5649bd60df638596fd639d7b16860033754ab13419429e5e39f290751ab6bd9392aef5519cd8c16e1f1cb1f225cc84a1a62497c1e436142fe28048a2b4d133905814a1808bc5b3e45eaa9eaebd946bee806968aeeb5a9eed87eba3d25d0b412a1b4cf2d419a58b09fc275c4395a0bd332eb538321465043e5967dd22459d0f52190a37f93ab823431a81fa6f54de61637fd473e19a6f567fead100e7d8cac149b66ebe9973af846146c62065a64854ed21e8b6f6fbe78474b753915a42efcb7da8ad18bacff8d69e0af1ca1f8174530a21820738412b100b54ee9b4a0dc22d5fe1cadecaea73fbfad087b19ce53177488d230539c5174f572a539d9d7c42698aa82bccf030ad393f25c10baa17e919f647d0e31877b7a6c1d8d86583f884a0c1da07b9b6dced06cdeb0094aa635a82f233b5993926b8970a0840ba116a7d20a40efb3bd03c4bdf380a2510a0a1ea69811ded68943c71218b42783b38959753978f222e1396b9b36dee2ce205122a000577cab29f48bff4f88c417e6bf5fb430d925596f29aca8677ca5a113aeaa5e0252ca17244d6c76e78ff1bbd81a71c4dfc72431d7f1126f8bdbf4056ee0f58a1bf83d53b1de07489541182dc4ee0f573c25b6c15dad930bc7a770b5a4f407d7a879db7185f15f80100000000000000739cc97db66ec6b925955d9a591808947fdd8d484ad27353230a449fdf87fc46c73b852fec931cfb6718acf3315bf5e577d00beb77c5514bc05d576a81345a03ad7aae74c5d2b77d45718348aed4fcbcd1441ff31b8f038824a989a9446a4a69367b228b3d174230b7320fc4d3c03368db573816dd0c04e65d6f8ce48283e76abdddbb965e0b2568e93c9cc5494a55421793f562c50c53f876cbde93c5cc7a3099c99d9775af010ba093f8a13b771782a3cfb24fbde6ef763e20c613164ab014d1906c4e098f1431b6b2886a155c4bac2911d7ee6a646f5913205ebd175e68975b93c330e4f9131788026b3b7cd5b6452c9e17452ac70000000000000000000000c71185f72436640fd4294fc3da230f9065095be47d7a848df12316c3c8b184fe110b061987fd79cf7d83443e69d08e2e839ae4fbe26ef7764f4870ef3bd0ec12eb45f60ca10dbfe329271f0bc93b28798e982e0dd32fc14bd4313c63b2dbb568f33fb45acad2dc7f438ea162c0709c0bbe1ea13e1e47399286e8143f400d7adf5f69e455706626814ee49274667f47769293451fd49885a152b8d2cf18febc7993f4a93893c6c7b7e46a230359ef2443e6bb9f50bb0faa5eaafd3ed6d551600c46b58a29fd7ccbbb0616f0be27302b683eccd742791d97f4a1daa0447f004426fd09b67d926f51525da63987bc73af35b28277879089b89fff6edab2fa1caf660a46a1a9f09e2d095b1c4be95c7c33dc81857f580e36c0a78d94dd879ee18de4a6475858d2ded2e3427ae007cc6f8e5e99aa146667f71ad83f3ddcf5db2dc396d7da499b65cd98125f20c284fc84d6a70be1de44b49c82022225292199c75cc26beab98dce4c331ed722f01d0d6314a72416814a565f4d90a5f8a255810f23541082f4b06f451e4724cd882f4d589600000000005854ca490d7df9cc293547c9a51aecc7a92f417f6a4d327737f1b198252358832dbe43507844a0cc112af4ce457c173fa64174ffd5ab9501eeb85508ebb60e169c0736c5960f2fe08735d6a7aa7c1f4a6433e77d3e547bbe6cf5b5d93a491ab4bba1ea7a1e6f37618b1d74cff3630d85a210092211be1ec12a30891eef590b19cdde055d626818c64e1c56b8918f33441a64b54946571b7bc70fb065d3bb1647f6f989ab8159e6d1cfa6c0ec7329d7d2263ca22144bf17d8692f03b592bd0f610096094da096233984e95b9a8216a6e60a104ae0bb5f77ac70b4390ea2cb6f6c40c928fae489f447240a25fd0a5bd9d5b6cd2a98f8804862922c11229c4e45c765e4d3348af3d3aadd5cc24b39437f1ea2df0000000000000000000000000022b90d93a267f3af"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)

4.11225323s ago: executing program 4 (id=3582):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x0) (async)
syz_clone(0xc800411, 0x0, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f0000b0a000/0x3000)=nil, 0x3000, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
mbind(&(0x7f0000673000/0x1000)=nil, 0x1000, 0x3, &(0x7f00000009c0)=0x7, 0x3, 0x0) (async)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) (async)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cpuinfo\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000001b80)={0x2020}, 0x2020)

4.078542625s ago: executing program 1 (id=3583):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'netdevsim0\x00', <r2=>0x0})
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)

3.896529955s ago: executing program 2 (id=3585):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = socket(0x1d, 0x2, 0x6)
recvmsg(r2, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000b00)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="840000000002010400000000000000000a00000004000180300003802c00018014000300fc00000000000000000000100000000014004400fe800000001f610000000000000000bb3c0002800c00028005000100000000002c00018014000300fc02000000000000000000000000000014"], 0x84}, 0x1, 0x0, 0x0, 0x40000040}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="05"], 0x1c}}, 0x0)
r6 = socket(0x10, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x1, 0x0)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0xfe80, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0xf401, @loopback}}, 0x100, 0x0, 0xfffffffe, 0x0, 0x54}, 0x9c)

3.875059809s ago: executing program 6 (id=3586):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
getsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000140)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x10)
bind$can_raw(r1, &(0x7f00000000c0), 0x10)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000100)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x8)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x24, @short={0x2, 0xffff, 0xffff}}, 0x14, &(0x7f0000000080)={0x0}}, 0x0)
setsockopt$WPAN_WANTLQI(r2, 0x0, 0x3, &(0x7f0000001780)=0x1, 0x4)
recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x40010001, 0x0)
connect$unix(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r3 = socket$rxrpc(0x21, 0x2, 0x8)
r4 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0})
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff3000/0xa000)=nil, 0xa000, 0x2000000, 0x2010, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x3a0a, &(0x7f0000000100)={0x0, 0xabd0, 0x1, 0x0, 0xa1}, &(0x7f0000000180), &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0)
syz_usb_control_io$printer(r4, 0x0, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r3, 0x1, 0x53, 0x0, &(0x7f0000000080))
ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x4)

3.663346455s ago: executing program 1 (id=3587):
socket$inet6_udp(0xa, 0x2, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(0x0, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r6 = fanotify_init(0x8, 0x80000)
fanotify_mark(r6, 0x105, 0x4800003a, r5, 0x0)
r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f0000000340)={{0xfffffff7, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0, 0x8})
r8 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r8, 0xc1105517, &(0x7f0000000340)={{0xfffffff7, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0, 0x8})
mkdir(0x0, 0x13b)
r9 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r9, &(0x7f0000000340)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLI'], 0x86)
r10 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r10, r9, 0x0)

2.65567888s ago: executing program 2 (id=3588):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
syz_open_dev$vcsu(0x0, 0x7ff, 0x624200)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/netlink\x00')
read$FUSE(r1, &(0x7f0000000bc0)={0x2020}, 0x2020)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000)={0x2000000a})
mmap$binder(&(0x7f00000a0000)=nil, 0x0, 0x1, 0x11, r3, 0x104)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d4", 0x5)
r5 = accept4(r2, 0x0, 0x0, 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
write$6lowpan_control(r6, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@delqdisc={0x34, 0x25, 0x10, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xa, 0x7}, {0x1, 0xf}, {0x7, 0x7}}, [@q_dsmark={{0xb}, {0x4}}]}, 0x34}}, 0x0)
r7 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x8882, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0x7041, 0x0)
write$sndseq(r7, &(0x7f0000000080)=[{0xab, 0x1, 0x20, 0x7f, @tick=0x6, {0xbc, 0x6}, {0xf0, 0x2}, @queue={0x4, {0x4, 0x2}}}], 0x1c)
ioctl$PIO_SCRNMAP(r7, 0x4b41, &(0x7f0000000180)="4bfc9a47051bb4f3e9ee905aaf20")
recvmmsg(r5, 0x0, 0x0, 0x2, 0x0)

2.513929127s ago: executing program 1 (id=3589):
r0 = socket$alg(0x26, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$comedi(0xffffffffffffff9c, 0x0, 0x10000, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000d05500000000000000000000000000009bd5142547"], 0x50)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r4, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[], 0x88}, 0x1, 0x0, 0x0, 0x24002011}, 0x440a1)
recvmsg$can_raw(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)=""/15, 0xf}, {&(0x7f0000002f00)=""/4108, 0x100c}], 0x2}, 0x40002000)
r5 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r5)

1.887335339s ago: executing program 5 (id=3590):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
msgctl$MSG_STAT(0x0, 0xb, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
keyctl$unlink(0x9, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x0)
unshare(0x2040400)
r5 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x1f0, 0x0)
mq_timedsend(r5, 0x0, 0x2000, 0x6, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x488c0}, 0x4c044)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f00007be000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, &(0x7f0000000040)="0f4f8771c032030fc72adf8d00900f52df3e0f070f08267806f0f759880f01d1", 0x20}], 0x1, 0x2c, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r6, r7, &(0x7f00007c6000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x25, 0x0, 0x0)
r8 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0))

1.717036955s ago: executing program 6 (id=3591):
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x7})
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000004c0)={'ip_vti0\x00', &(0x7f0000000440)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @private, @private}}}})
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d1d1eb1361854e3035ea114dbc920bb6f06b0952ec9e9798b533f3bcb30898a99ca227877d932e9cdc9806ce274671d1761f37b2844e3f1a5613a08dd11a28ecc129eaa1a17902e52e0a21912e9a40ebd0790df6c93b0cfe522725c2819be96f46d16617a21c83c386cd199890c489e5f7f251529d70e45e197afac4395b8d2b941ea574cc5b4f809dc04d0cee25495aa4a6c6de9d523d2fca7c698bee1291969eaae8938c3eff9462155a47998fb3f5d9d84a4bd9cc557c956252eaef23a78d897861470e358d21af380dc7088ae4abbaa12bc978d0aa6e0bf32534d06a9aaa93d419b7", @ANYRESOCT=r1, @ANYRES32, @ANYRES64=r1, @ANYRES32=r1], 0x18}, 0x1, 0x0, 0x0, 0x40d0}, 0x4044080)
recvmmsg(0xffffffffffffffff, &(0x7f0000005f40)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f000000b340)=""/4100, 0x1004}, {&(0x7f0000000340)=""/191, 0xbf}, {&(0x7f00000002c0)=""/20, 0x14}, {&(0x7f0000000600)=""/153, 0x99}], 0x4}, 0x6}, {{&(0x7f00000006c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000480)=""/34, 0x22}, {&(0x7f0000000740)=""/193, 0xc1}, {&(0x7f0000000840)=""/71, 0x47}], 0x3, &(0x7f00000041c0)=""/4096, 0x1000}, 0x4a7}, {{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001940)=""/153, 0x99}, {&(0x7f0000001a00)=""/196, 0xc4}, {&(0x7f0000001b00)=""/46, 0x2e}, {&(0x7f0000008340)=""/4096, 0x1000}], 0x4, &(0x7f0000001b80)=""/118, 0x76}, 0x100}, {{&(0x7f0000001c00)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f00000052c0)=[{&(0x7f0000001c80)=""/133, 0x85}, {&(0x7f0000006100)=""/97, 0x61}, {&(0x7f0000001dc0)=""/253, 0xfd}, {&(0x7f0000001ec0)=""/149, 0x95}, {&(0x7f0000001f80)=""/141, 0x8d}, {&(0x7f0000002040)=""/46, 0x2e}, {&(0x7f00000051c0)=""/216, 0xd8}], 0x7}, 0x100}, {{0x0, 0x0, &(0x7f0000005680)=[{&(0x7f0000009340)=""/4096, 0x1000}, {&(0x7f0000002080)=""/22, 0x16}, {&(0x7f0000005340)=""/137, 0x89}, {&(0x7f0000005400)=""/56, 0x38}, {&(0x7f0000005440)=""/42, 0x2a}, {&(0x7f0000005480)=""/170, 0xaa}, {&(0x7f0000005540)=""/102, 0x66}, {&(0x7f00000055c0)=""/178, 0xb2}], 0x8, &(0x7f0000005700)=""/125, 0x7d}}, {{&(0x7f0000005780)=@nl=@proc, 0x80, &(0x7f0000005a40)=[{&(0x7f0000005800)=""/56, 0x38}, {&(0x7f0000005840)=""/12, 0xc}, {&(0x7f0000005880)=""/110, 0x6e}, {&(0x7f0000005900)=""/99, 0x63}, {&(0x7f0000005980)=""/156, 0x9c}], 0x5}, 0x7fff}, {{&(0x7f0000005ac0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x80, &(0x7f0000005e40)=[{&(0x7f0000005b40)=""/120, 0x78}, {&(0x7f0000005bc0)=""/48, 0x30}, {&(0x7f000000a340)=""/4096, 0x1000}, {&(0x7f0000005c00)=""/189, 0xbd}, {0x0}], 0x5, &(0x7f0000005ec0)=""/81, 0x51}, 0x1}], 0x7, 0x100, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000080)={0x0})
ioctl$MON_IOCH_MFLUSH(r2, 0x9208, 0x6)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
mknod$loop(0x0, 0xfff, 0x1)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect(0x6, 0x24, &(0x7f0000000740)=ANY=[], 0x0)
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000280)={0x0, 0x0, 0x1})
read$FUSE(0xffffffffffffffff, &(0x7f0000006300)={0x2020}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$usbfs(&(0x7f0000000180), 0x0, 0x40900)
write$tcp_congestion(0xffffffffffffffff, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x2})
r4 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r4, 0x11b, 0x1, &(0x7f00000000c0), &(0x7f0000000140)=0x7d)
syz_open_dev$usbfs(&(0x7f0000000000), 0x205, 0x44680)

807.364197ms ago: executing program 2 (id=3592):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRESOCT=0x0, @ANYBLOB], 0x50) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) (async)
r1 = socket$netlink(0x10, 0x3, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r5 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x121040, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r5, 0x80044d08, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="200a021692e1225d5ae85f6910d4c8b9a54ea59fa78d3814bbc24004da8c94e455b27ede5b4dc199130a960c5538e2b42d3f72ca998f7b55e9292820a1ba18422b0ef6d75fa4f83727251f1ef52c6b4bd4ccd02edc107f6c42811f4ec2a2564ec5b1bad2ca0e0219b8617616140bf9c6ed6864508460a00ea1ec2bead468be68a96527e689f0689854ce3cf98ff8cb5e2348c2070e8188bab5db18825e2deb12a25800"/173], 0x14}}, 0x845) (async)
recvmmsg(r1, &(0x7f0000003700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x140, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x1000, r0}, 0x38)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10) (async)
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f00000004c0)={0x0, "d913a3ef9b310e1f98d7b8087124cd70"})
ioctl$BTRFS_IOC_SCRUB(r6, 0xc400941b, 0x0) (async)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000180)={&(0x7f0000000180)=ANY=[], 0xac}}, 0x24010) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000040)={0x0, 0x3c, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRESDEC=r5], 0x94}}, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000001200)='attr\x00')
getdents64(0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0) (async)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0x10008)

747.496165ms ago: executing program 4 (id=3593):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$inet6(0xa, 0x2, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="79129800000000006113280000000000bf2020000000000004000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002000000760300000ee60060bf050000000000002c650000000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e80100008000000000887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae899a56715a0a62a26a0f6a5480a55c22fe394ae0000000000000000000000000000437d57defb79ea000500000000000000000000f014a4a318ba48d35ae9f438000000000000db894b62a614cb1fdd46619c5d2200000000000700000000000000000000006dcd2f421400f69947e4f26e099c9e8369080663c909b7e7c87e3b5e8e5a6df77c8f7338cd5a85f211a41b5d529d4243e47d7ab0d5991756b59d363ba30b18fc2ff189a4e8db38ab97c6a125e2785619e84c6a2b50f0e3ff83ef5149aff43dc899fdebdc2c496e6bdd4dd4d21f06fe133f4444272c5f0839ad663100452a6c6b6421f7e89a33b339401eee2cd466ab2a93a1ee7fb8a9e455ba1c6e17b02a1cd7bf35d36cf5b2a0f063469ae0d0b9fc042b48e98626eb0f9754d8cbbefa3079fe63063047baff09e9aaf7600000fba9a88db9ebef86f7cb522a784bb6d37e5f802757a15c6735138b493db9df53440a63fc565a0b190a710ae1e6807cbeb415ac841e94b706974160a60a14e571274f333d23186143b95514c79b50994cb39cda343bda8f01cf8ec7cdfdace0289e83ce50a57d69bfecfaf69fe7ff5b0375a47d3eb57b41d8a0589b82a1cf1149ba3f21ea2b65433321eb1a6f04ecc713c2b26d27baa49e54c2babec86335b9f418b5a5eb997bc9dd65197124b9aa80fc4aa8defb986bf05c41b919886bb81ecd3d24cf9ecc7004000000000000002c70d32f5d55ef2a2cf7560cb2884f46a92b3c25550f73e407fc5d514b2b7a6b690e290e676266addb7d96e723dec9c418eec8c48dffb6f432b4d5fef16e4f0051ba7efc690022c3f62b37cb5682d8bfdfc637ad3bf089ef0117bcd395322fcfb8e8e0a6e2babceb5f289b1d991770681192bcd0b584c3497e455f30ab918a690514a87a7d8e1d5f169a4e680e9c390071d26f2e0e26fc062f2785f14c0404fe01fb4000000000000000577dcb1698a9021a36d73ed03651c1937b2c84046023a1a0a87b208e33ad2d7c2892b176877264e1d699b7401eb917b289f6f67060fda0fa44b54bd87517a2bf09dba7209e41db4288b61bda5960952c45e5c55f2cd68bf9c6ff33e46109584bf42e8696ef1876564fef6f24cbbed0db8ab7fda1ffcc8c9fd4ab2cbe8f8df8e5535b12a942a948eacdaf308d48932064cfc3329da74f6f3e4409d6764a29680e312bf1a0143180e6493c9201ea916e6c9b2566c558ad88d9f7c0aebf82f5807eecefa97ada9bbd9e478e5d7748ee188bc719ca7a73dce5b6758a767c4c6b7572ab25eb2d73986379d5685cb438fe7091d097cc8f33fc0f83dee76603d6580f1c8fc4c37efd305ccc5a25678180425718bb9344e60dda8dae2677bb602d29aa0810616a2fdbca7020d72291b592b84223e2522ee01f5bdaa0fc4eb8d71d948a2baccf3ea2aa79d4d9069d8c0000000000000000000000321cd67859b4567badee56f158406f08683bdc5ffe2dedc916000c71f922fa2dfead7535999436a4aeb908781893479319b8b55e00d90ae6f09f06be2a0fc0bc17bef53331208112a0132350c0c5dd4607547079acc9471300dea6ae01742dccdae69f932cef80bca1bfcb57b9c852cf8358a580044772a80f20de36f707385380155be8907029d039a1d1447fc06b7020221e0d439f3f47edcf12f913dc8b6389a540340ae37804728ea65352e630c2e90424d58d72fdc1b28403e1dc7aad238b81df3b2d4166d656c6a9c73554bdf4f7312a4c0271e0eb45b4a596b7fa928ac3683f09fdaca46226c1df2c6c866cb4412d17d3d52c38cf0f7bd3b0eea2d4e06d061bb1b7c8c52f37f4036932d00028abd4527f5649bd60df638596fd639d7b16860033754ab13419429e5e39f290751ab6bd9392aef5519cd8c16e1f1cb1f225cc84a1a62497c1e436142fe28048a2b4d133905814a1808bc5b3e45eaa9eaebd946bee806968aeeb5a9eed87eba3d25d0b412a1b4cf2d419a58b09fc275c4395a0bd332eb538321465043e5967dd22459d0f52190a37f93ab823431a81fa6f54de61637fd473e19a6f567fead100e7d8cac149b66ebe9973af846146c62065a64854ed21e8b6f6fbe78474b753915a42efcb7da8ad18bacff8d69e0af1ca1f8174530a21820738412b100b54ee9b4a0dc22d5fe1cadecaea73fbfad087b19ce53177488d230539c5174f572a539d9d7c42698aa82bccf030ad393f25c10baa17e919f647d0e31877b7a6c1d8d86583f884a0c1da07b9b6dced06cdeb0094aa635a82f233b5993926b8970a0840ba116a7d20a40efb3bd03c4bdf380a2510a0a1ea69811ded68943c71218b42783b38959753978f222e1396b9b36dee2ce205122a000577cab29f48bff4f88c417e6bf5fb430d925596f29aca8677ca5a113aeaa5e0252ca17244d6c76e78ff1bbd81a71c4dfc72431d7f1126f8bdbf4056ee0f58a1bf83d53b1de07489541182dc4ee0f573c25b6c15dad930bc7a770b5a4f407d7a879db7185f15f80100000000000000739cc97db66ec6b925955d9a591808947fdd8d484ad27353230a449fdf87fc46c73b852fec931cfb6718acf3315bf5e577d00beb77c5514bc05d576a81345a03ad7aae74c5d2b77d45718348aed4fcbcd1441ff31b8f038824a989a9446a4a69367b228b3d174230b7320fc4d3c03368db573816dd0c04e65d6f8ce48283e76abdddbb965e0b2568e93c9cc5494a55421793f562c50c53f876cbde93c5cc7a3099c99d9775af010ba093f8a13b771782a3cfb24fbde6ef763e20c613164ab014d1906c4e098f1431b6b2886a155c4bac2911d7ee6a646f5913205ebd175e68975b93c330e4f9131788026b3b7cd5b6452c9e17452ac70000000000000000000000c71185f72436640fd4294fc3da230f9065095be47d7a848df12316c3c8b184fe110b061987fd79cf7d83443e69d08e2e839ae4fbe26ef7764f4870ef3bd0ec12eb45f60ca10dbfe329271f0bc93b28798e982e0dd32fc14bd4313c63b2dbb568f33fb45acad2dc7f438ea162c0709c0bbe1ea13e1e47399286e8143f400d7adf5f69e455706626814ee49274667f47769293451fd49885a152b8d2cf18febc7993f4a93893c6c7b7e46a230359ef2443e6bb9f50bb0faa5eaafd3ed6d551600c46b58a29fd7ccbbb0616f0be27302b683eccd742791d97f4a1daa0447f004426fd09b67d926f51525da63987bc73af35b28277879089b89fff6edab2fa1caf660a46a1a9f09e2d095b1c4be95c7c33dc81857f580e36c0a78d94dd879ee18de4a6475858d2ded2e3427ae007cc6f8e5e99aa146667f71ad83f3ddcf5db2dc396d7da499b65cd98125f20c284fc84d6a70be1de44b49c82022225292199c75cc26beab98dce4c331ed722f01d0d6314a72416814a565f4d90a5f8a255810f23541082f4b06f451e4724cd882f4d589600000000005854ca490d7df9cc293547c9a51aecc7a92f417f6a4d327737f1b198252358832dbe43507844a0cc112af4ce457c173fa64174ffd5ab9501eeb85508ebb60e169c0736c5960f2fe08735d6a7aa7c1f4a6433e77d3e547bbe6cf5b5d93a491ab4bba1ea7a1e6f37618b1d74cff3630d85a210092211be1ec12a30891eef590b19cdde055d626818c64e1c56b8918f33441a64b54946571b7bc70fb065d3bb1647f6f989ab8159e6d1cfa6c0ec7329d7d2263ca22144bf17d8692f03b592bd0f610096094da096233984e95b9a8216a6e60a104ae0bb5f77ac70b4390ea2cb6f6c40c928fae489f447240a25fd0a5bd9d5b6cd2a98f8804862922c11229c4e45c765e4d3348af3d3aadd5cc24b39437f1ea2df0000000000000000000000000022b90d93a267f3af"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)

747.024324ms ago: executing program 5 (id=3594):
mknod(0x0, 0x8001420, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$vbi(0x0, 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0x1, &(0x7f0000000140)={0x26da8e97, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}]}]}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xcc}}, 0x0)

643.620321ms ago: executing program 4 (id=3595):
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x8b}, 0x0)
r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000100)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1b}, 0x3}, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="0100008000"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000200"/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0xb}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x4}, {0x7, 0x0, 0xa}, {0x4, 0x0, 0x7, 0x2, 0x0, 0x0, 0x1d}, {0x18, 0x9, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xc, 0x9, 0x4}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
close(r5)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
socket$inet6(0xa, 0x2, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0x800, 0x2)
writev(r6, &(0x7f0000000100)=[{&(0x7f00000000c0)="ef", 0x1}], 0x1)
r7 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000040))
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0xf0f046})
r9 = getpid()
sched_setscheduler(r9, 0x2, &(0x7f0000000200)=0x7)
prlimit64(r9, 0x2, &(0x7f0000000280)={0x1000, 0x9}, &(0x7f0000000380))
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
r10 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x20042)
preadv(r10, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000500)=""/94, 0x5e}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r10, 0xc018643a, &(0x7f0000000080)={0x4000000, 0x0, 0x3})
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)

603.534449ms ago: executing program 2 (id=3596):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'netdevsim0\x00', <r2=>0x0})
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)

207.64718ms ago: executing program 2 (id=3597):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
bind$xdp(r1, &(0x7f0000000100), 0x10)

129.786135ms ago: executing program 4 (id=3598):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x12c, 0x2b, 0xb, 0x0, 0x0, {0x6}, [@typed={0x14, 0x3, 0x0, 0x0, @ipv6=@remote}, @nested={0x101, 0x79, 0x0, 0x1, [@generic="03d1a10e3b6f6ec1c6d55abd51b7371f6499bc2ad671bd1645f61c945dcf33c7f36338fbfb9ccd01efd381af91614c8c69abfd295ed584e9d6cbdb6fb6ddc8011be5b02fcb40569864cf713e5a2e64f5c4c56520de0b0f9c8b3500d327233bb2f5f8016239590a704ea06226bc97a6b3602195489d3651dcb5360dfbfade5a34767617110c3cdc1402e9cfe29c9f254b2f0a86d9b49294412f245f6b6d8197e0f821eb39ee2d7fbed70232ef7c0c749c6c0fca2d0b111bad63599ddeab86cf46aa5a1db4125b6ef35739390fc1ec87e87699338f4139145fa9661173a016ac4ae2a02568110df78b51ee8cec098cbd2011ab4297a2230270d4f51e33a5"]}]}, 0x12c}}, 0xc00)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = creat(&(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x14b)
io_setup(0x202, &(0x7f0000000200)=<r3=>0x0)
openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x3ff, 0x0, 0x4b, 0x0, &(0x7f0000000180)="539ff763e3e2a3434c627e76bc577f357a4a981a81412d20cb9bd41537eacf70788a60b716efd2860424f31453b6f43066df271edeeabfbc13e96d45a8eb52c95d51cd3961ea000707c9a4", &(0x7f0000000200), 0x0, 0x0, 0x100}, 0x50)
unshare(0x22020600)
timerfd_create(0x1, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_emit_ethernet(0x4e, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa1486dd605f815d0018000000040000000000000009000000141400fc02000000000000000000006b0000002f0200000000000007080000000308000000c20400000000b984426e33526979513a89"], 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_SCRNMAP(r5, 0x4b52, &(0x7f0000000180))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000006c0)={0x1, &(0x7f0000000500)=[{0x6, 0x43, 0x0, 0x7fff0000}]})
socket$inet_udp(0x2, 0x2, 0x0)
r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000080)={'pcl818\x00', [0x2f00, 0x7, 0x5, 0xa, 0x12, 0x400000, 0x1, 0x9, 0x1000, 0x1, 0xa, 0xfffffffa, 0x6, 0x4, 0x3, 0x8000, 0xfffffffd, 0x9, 0x200, 0x1, 0x3ff, 0x10000, 0x800, 0xe2df, 0x3, 0x5, 0x4, 0x4, 0x7, 0x100, 0x4]})
io_submit(r3, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x4000, 0xa00}])
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f00000000c0)={0x81, {0x1052, 0x101, 0x8, 0x5, 0x8, 0x4}})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="440075c1", @ANYRES32=0x0, @ANYBLOB="0048010020000000240012800b00010067656e65766500001400028005000900010000000500040002000000"], 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x6008000)

0s ago: executing program 2 (id=3599):
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x44}}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_open_dev$sndpcmp(&(0x7f0000000100), 0x8001, 0x109000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r4 = mmap$IORING_OFF_CQ_RING(&(0x7f00002e2000/0x4000)=nil, 0x4000, 0xd, 0x80010, 0xffffffffffffffff, 0x8000000)
r5 = socket$caif_seqpacket(0x25, 0x5, 0x2)
syz_io_uring_submit(r4, 0x0, &(0x7f00000000c0)=@IORING_OP_FILES_UPDATE={0x14, 0x12, 0x0, 0x0, 0x800, &(0x7f0000000080)=[0xffffffffffffffff, r2, 0xffffffffffffffff, r2, r5], 0x5, 0x0, 0x710a89d0c9b734a9})
r6 = fsmount(0xffffffffffffffff, 0x1, 0x9d)
symlinkat(&(0x7f00000001c0)='./file0\x00', r6, &(0x7f0000000140)='./file0\x00')
openat2(r6, &(0x7f00000003c0)='./file0/../file0\x00', &(0x7f0000000040)={0x0, 0x148, 0x8}, 0x18)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x98, &(0x7f0000000140)={0x0, 0x1000, 0x1}})
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="200300000000000000"], 0x0})
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000280)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="20010e", @ANYRES16=r1], 0x0})
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
readv(0xffffffffffffffff, &(0x7f00000002c0), 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r7 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r7, 0x0)
prctl$PR_SCHED_CORE(0x4d, 0x1, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

b: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 1112.825162][T11014] (NULL device *): no alternate interface
[ 1113.203273][T11014] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 1113.347365][T11014] usb 2-1: USB disconnect, device number 52
[ 1115.666299][T11014] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1116.326259][T11014] usb 5-1: Using ep0 maxpacket: 8
[ 1116.435463][T16130] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2814'.
[ 1117.112376][T11014] usb 5-1: New USB device found, idVendor=0cf3, idProduct=e004, bcdDevice=b5.2e
[ 1117.123247][T11014] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1117.131553][T11014] usb 5-1: Product: syz
[ 1117.135773][T11014] usb 5-1: Manufacturer: syz
[ 1117.140630][T11014] usb 5-1: SerialNumber: syz
[ 1117.158737][T11014] usb 5-1: config 0 descriptor??
[ 1117.208190][T16133] netlink: 'syz.6.2815': attribute type 1 has an invalid length.
[ 1117.264140][T16133] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link
[ 1117.301305][T16133] lo speed is unknown, defaulting to 1000
[ 1117.309642][T16133] virt_wifi0 speed is unknown, defaulting to 1000
[ 1117.532736][T15793] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[ 1117.551361][T16137] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1117.710689][  T891] usb 5-1: USB disconnect, device number 36
[ 1117.738681][   T59] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[ 1117.795520][T16141] veth3: entered promiscuous mode
[ 1117.807558][T16141] bond2: (slave veth3): Enslaving as a backup interface with a down link
[ 1121.303287][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1121.309895][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1121.356230][T11014] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[ 1121.632209][T11014] usb 7-1: Using ep0 maxpacket: 16
[ 1121.642595][T11009] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 1121.678844][T16183] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2827'.
[ 1121.814294][T11014] usb 7-1: config 1 has an invalid interface number: 27 but max is 0
[ 1121.880943][T16186] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2828'.
[ 1122.106307][T11014] usb 7-1: config 1 has no interface number 0
[ 1122.141495][T11014] usb 7-1: New USB device found, idVendor=06e1, idProduct=a190, bcdDevice= 3.d5
[ 1122.176029][T11014] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=246
[ 1122.210580][T11014] usb 7-1: Product: syz
[ 1122.222741][T11014] usb 7-1: Manufacturer: syz
[ 1122.232188][T11014] usb 7-1: SerialNumber: syz
[ 1122.311791][T11009] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1122.458566][T11009] usb 2-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[ 1122.476465][T11009] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1122.487866][T11009] usb 2-1: config 0 descriptor??
[ 1122.569128][T11009] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 1122.780911][T16194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1122.790768][T16194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1123.307476][T11014] gspca_main: spca506-2.14.0 probing 06e1:a190
[ 1123.399417][   T30] kauditd_printk_skb: 59 callbacks suppressed
[ 1123.399437][   T30] audit: type=1800 audit(2000001262.948:1911): pid=16205 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.2831" name="bus" dev="overlay" ino=176 res=0 errno=0
[ 1123.563639][T11014] usb 7-1: USB disconnect, device number 38
[ 1123.582504][T16174] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1123.597894][T16174] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1125.015381][T16218] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1125.028881][T11012] usb 2-1: USB disconnect, device number 53
[ 1125.703636][T16218] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1126.819249][T16233] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2840'.
[ 1126.832930][T16233] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2840'.
[ 1127.684598][T16235] syzkaller0: entered promiscuous mode
[ 1127.692934][T16235] syzkaller0: entered allmulticast mode
[ 1134.941358][T16274] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2852'.
[ 1135.450197][T16292] trusted_key: encrypted_key: insufficient parameters specified
[ 1136.165731][T16301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1136.529765][T11014] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 1136.586112][T16301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1136.651872][T16299] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1136.716907][T11014] usb 2-1: Using ep0 maxpacket: 16
[ 1136.724918][T11014] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1137.413458][T11014] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1137.894029][T11014] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 1137.928667][T11014] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1137.951342][T11014] usb 2-1: config 0 descriptor??
[ 1138.179796][T11014] usbhid 2-1:0.0: can't add hid device: -71
[ 1138.194530][T11014] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1138.223574][T11014] usb 2-1: USB disconnect, device number 54
[ 1139.653058][T16329] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2865'.
[ 1139.666669][T16329] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2865'.
[ 1140.462967][T16335] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1140.947759][T16346] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2873'.
[ 1140.988591][T16346] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2873'.
[ 1143.656183][T11012] usb 7-1: new full-speed USB device number 39 using dummy_hcd
[ 1143.679508][T16348] bridge0: port 3(syz_tun) entered blocking state
[ 1143.774202][T16350] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1144.374193][T11012] usb 7-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0xB2, changing to 0x82
[ 1144.457715][T11012] usb 7-1: config 36 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1144.485514][T11012] usb 7-1: config 36 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1144.504500][T11012] usb 7-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice= 0.06
[ 1144.514729][T11012] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=16
[ 1144.527010][T16348] bridge0: port 3(syz_tun) entered disabled state
[ 1144.552390][T16348] syz_tun: entered allmulticast mode
[ 1144.560346][T11012] usb 7-1: SerialNumber: syz
[ 1144.604724][T16348] syz_tun: entered promiscuous mode
[ 1144.646829][T16348] bridge0: port 3(syz_tun) entered blocking state
[ 1144.655515][T16348] bridge0: port 3(syz_tun) entered forwarding state
[ 1144.750152][T16378] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2880'.
[ 1144.813408][T11012] yealink 7-1:36.0: invalid payload size 0, expected 16
[ 1144.839522][T11012] input: Yealink usb-p1k as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:36.0/input/input46
[ 1144.878976][    C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71
[ 1144.888007][    C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71
[ 1144.901861][    C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71
[ 1144.911545][    C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71
[ 1144.926199][    C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71
[ 1144.935064][    C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71
[ 1144.942677][T11012] usb 7-1: USB disconnect, device number 39
[ 1144.949130][    C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71
[ 1144.949166][    C0] yealink 7-1:36.0: urb_ctl_callback - usb_submit_urb failed -19
[ 1145.212454][T16394] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2884'.
[ 1145.536815][T16402] netlink: 'syz.5.2886': attribute type 8 has an invalid length.
[ 1145.588148][T16402] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2886'.
[ 1147.835676][T16394] team_slave_0: left promiscuous mode
[ 1147.885243][T16394] team0 (unregistering): Port device team_slave_0 removed
[ 1147.899999][T16394] team_slave_1: left promiscuous mode
[ 1147.914478][T16394] team0 (unregistering): Port device team_slave_1 removed
[ 1147.936704][T16394] net veth1_virt_wifi virt_wifi0: left promiscuous mode
[ 1147.962338][T16394] team0 (unregistering): Port device virt_wifi0 removed
[ 1147.966420][T10997] usb 7-1: new full-speed USB device number 40 using dummy_hcd
[ 1148.015146][T16402] bridge0: entered allmulticast mode
[ 1148.032977][T16419] ip6gretap1: entered allmulticast mode
[ 1148.167261][T10997] usb 7-1: too many configurations: 227, using maximum allowed: 8
[ 1148.480719][T16434] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2893'.
[ 1148.496148][T10997] usb 7-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44
[ 1148.515405][T16437] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2893'.
[ 1148.579372][T10997] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1148.805779][T10997] usb 7-1: config 0 descriptor??
[ 1148.845145][T10997] pwc: Samsung MPC-C10 USB webcam detected.
[ 1148.873072][T10997] pwc: Warning: more than 1 configuration available.
[ 1148.920753][T16438] loop6: detected capacity change from 0 to 63
[ 1148.936821][T16438] buffer_io_error: 634 callbacks suppressed
[ 1148.936848][T16438] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1148.954165][T16438] Buffer I/O error on dev loop6, logical block 1, async page read
[ 1148.962789][T16438] Buffer I/O error on dev loop6, logical block 2, async page read
[ 1148.972244][T16438] Buffer I/O error on dev loop6, logical block 3, async page read
[ 1148.981420][T16438] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1148.991376][T16438] Buffer I/O error on dev loop6, logical block 1, async page read
[ 1149.003373][T16438] Buffer I/O error on dev loop6, logical block 2, async page read
[ 1149.012865][T16438] Buffer I/O error on dev loop6, logical block 3, async page read
[ 1149.022500][T16438] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1149.031483][T16438] Buffer I/O error on dev loop6, logical block 1, async page read
[ 1149.500619][T10997] pwc: send_video_command error -71
[ 1149.633963][T10997] pwc: Failed to set video mode VGA@30 fps; return code = -71
[ 1149.645179][T10997] Philips webcam 7-1:0.0: probe with driver Philips webcam failed with error -71
[ 1149.660162][T10997] usb 7-1: USB disconnect, device number 40
[ 1150.724293][T11009] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1151.152710][T11009] usb 3-1: config 0 has an invalid interface number: 216 but max is 0
[ 1151.855293][T11009] usb 3-1: config 0 has no interface number 0
[ 1151.865766][T11009] usb 3-1: config 0 interface 216 altsetting 4 bulk endpoint 0x8F has invalid maxpacket 64
[ 1151.990090][T11009] usb 3-1: config 0 interface 216 altsetting 4 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1152.049968][T11009] usb 3-1: config 0 interface 216 has no altsetting 0
[ 1152.095122][T11009] usb 3-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.2e
[ 1152.298103][T11009] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1152.338798][T11009] usb 3-1: config 0 descriptor??
[ 1152.346651][T16452] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1152.372932][T11009] usb 3-1: NFC: intf ffff8880577c1000 id ffffffff8eb411e0
[ 1152.627360][T11009] usb 3-1: USB disconnect, device number 57
[ 1153.128937][T16471] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2904'.
[ 1156.290597][T16505] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1156.460617][T16505] mac80211_hwsim hwsim15 wlan0: entered promiscuous mode
[ 1156.509863][T16505] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[ 1156.696657][T10996] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[ 1156.886484][T10996] usb 7-1: Using ep0 maxpacket: 16
[ 1156.900180][T10996] usb 7-1: config 7 has an invalid interface number: 247 but max is 0
[ 1156.923055][T10996] usb 7-1: config 7 has no interface number 0
[ 1156.943124][T10996] usb 7-1: config 7 interface 247 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[ 1156.971048][T10996] usb 7-1: config 7 interface 247 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1156.993583][T10996] usb 7-1: config 7 interface 247 altsetting 0 bulk endpoint 0x9 has invalid maxpacket 0
[ 1157.021260][T10996] usb 7-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=6c.22
[ 1157.051780][T10996] usb 7-1: New USB device strings: Mfr=1, Product=74, SerialNumber=147
[ 1157.166421][T10996] usb 7-1: Product: syz
[ 1157.218904][T10996] usb 7-1: Manufacturer: syz
[ 1157.223696][T10996] usb 7-1: SerialNumber: syz
[ 1157.294414][T10996] ni6501 7-1:7.247: driver 'ni6501' failed to auto-configure device.
[ 1157.588345][T10996] usb 7-1: USB disconnect, device number 41
[ 1160.304923][T16537] binder: BINDER_SET_CONTEXT_MGR bad uid 60929 != 0
[ 1160.341310][T16537] binder: 16535:16537 ioctl 4018620d 200000000040 returned -1
[ 1161.919156][T16559] syz.2.2927: attempt to access beyond end of device
[ 1161.919156][T16559] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1161.944502][T16559] syz.2.2927: attempt to access beyond end of device
[ 1161.944502][T16559] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0
[ 1161.961596][T16559] Mount JFS Failure: -5
[ 1162.076206][T16558] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2927'.
[ 1167.621979][T16626] PKCS7: Unknown OID: [4] 0.38.35.0.951690.11253
[ 1167.631155][T16626] PKCS7: Only support pkcs7_signedData type
[ 1168.426209][T11014] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1168.604788][T11014] usb 3-1: config 16 interface 0 altsetting 75 endpoint 0x6 has an invalid bInterval 0, changing to 7
[ 1168.676257][T11014] usb 3-1: config 16 interface 0 altsetting 75 endpoint 0x6 has invalid wMaxPacketSize 0
[ 1168.777058][T11014] usb 3-1: config 16 interface 0 altsetting 75 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1168.887913][T11014] usb 3-1: config 16 interface 0 has no altsetting 0
[ 1168.947662][T11014] usb 3-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a
[ 1169.022908][T11014] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1169.528380][ T5839] Bluetooth: hci1: command 0x0406 tx timeout
[ 1171.296385][T11014] usb 3-1: string descriptor 0 read error: -71
[ 1171.499417][T11014] imon:imon_find_endpoints: no valid input (IR) endpoint found
[ 1171.509885][T11014] imon 3-1:16.0: unable to initialize intf0, err -19
[ 1171.517701][T11014] imon:imon_probe: failed to initialize context!
[ 1171.536250][T11014] imon 3-1:16.0: unable to register, err -19
[ 1171.547884][T11014] usb 3-1: USB disconnect, device number 58
[ 1173.125349][T10996] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1173.412029][T10996] usb 3-1: Using ep0 maxpacket: 16
[ 1173.429937][T16661] lo speed is unknown, defaulting to 1000
[ 1173.464808][T10996] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1173.498919][T16661] virt_wifi0 speed is unknown, defaulting to 1000
[ 1173.514356][T10996] usb 3-1: New USB device found, idVendor=0c88, idProduct=0021, bcdDevice=19.47
[ 1173.560072][T10996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1173.589368][T10996] usb 3-1: Product: syz
[ 1173.605040][T10996] usb 3-1: Manufacturer: syz
[ 1173.641999][T10996] usb 3-1: SerialNumber: syz
[ 1175.167036][T10996] usb 3-1: palm_os_4_probe - error -71 getting connection info
[ 1175.330305][T10996] visor 3-1:1.0: Handspring Visor / Palm OS converter detected
[ 1175.472149][T10996] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[ 1175.503720][T16686] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1175.549096][T10996] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[ 1175.570909][T10996] usb 3-1: USB disconnect, device number 59
[ 1175.597441][T10996] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[ 1175.628653][T10996] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[ 1175.666615][T10996] visor 3-1:1.0: device disconnected
[ 1176.262959][T10996] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1177.326567][T10996] usb 3-1: Using ep0 maxpacket: 32
[ 1177.351993][T10996] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1177.398591][T10996] usb 3-1: config 0 has no interfaces?
[ 1177.419930][T10996] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1177.437508][T10996] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1177.838859][T10996] usb 3-1: config 0 descriptor??
[ 1178.457742][T16686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1178.546545][T16686] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1179.106364][T11014] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[ 1179.126459][T10998] usb 3-1: USB disconnect, device number 60
[ 1181.145647][T16712] /dev/loop4: Can't open blockdev
[ 1181.256097][T11014] usb 7-1: Using ep0 maxpacket: 16
[ 1181.450451][T11014] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 1181.477430][T11014] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1181.512351][T11014] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1181.539701][T11014] usb 7-1: Product: syz
[ 1181.565475][T11014] usb 7-1: Manufacturer: syz
[ 1181.584404][T11014] usb 7-1: SerialNumber: syz
[ 1181.631596][T11014] usb 7-1: config 0 descriptor??
[ 1181.752175][T11014] usb 7-1: USB disconnect, device number 42
[ 1182.076304][T11013] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[ 1182.246202][T11013] usb 6-1: Using ep0 maxpacket: 32
[ 1182.256110][T11014] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1182.269683][T11013] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1182.287676][T11013] usb 6-1: config 128 has an invalid interface number: 127 but max is 3
[ 1182.297460][T11013] usb 6-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[ 1182.308312][T11013] usb 6-1: config 128 has 1 interface, different from the descriptor's value: 4
[ 1182.318491][T11013] usb 6-1: config 128 has no interface number 0
[ 1182.333780][T11013] usb 6-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 1828, setting to 1024
[ 1182.368284][T11013] usb 6-1: config 128 interface 127 has no altsetting 0
[ 1182.379938][T11013] usb 6-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[ 1182.390335][T11013] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1182.399250][T11013] usb 6-1: Product: syz
[ 1182.403831][T11013] usb 6-1: Manufacturer: syz
[ 1182.409777][T11013] usb 6-1: SerialNumber: syz
[ 1182.422833][T16721] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1182.440132][T11014] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1182.455221][T11014] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1182.472371][T11014] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1182.489343][T11014] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1182.509959][T16728] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1182.532146][T11014] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1182.671473][T16715] netlink: 'syz.5.2970': attribute type 21 has an invalid length.
[ 1182.684200][T16715] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2970'.
[ 1182.722923][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1182.731051][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1182.754504][T16715] netlink: 'syz.5.2970': attribute type 1 has an invalid length.
[ 1182.788363][T11014] usb 3-1: USB disconnect, device number 61
[ 1185.412907][T11013] usb 6-1: USB disconnect, device number 42
[ 1185.954919][T16759] netlink: 'syz.5.2982': attribute type 12 has an invalid length.
[ 1189.846725][T16774] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2986'.
[ 1189.860011][T16775] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2986'.
[ 1190.391428][T16771] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2985'.
[ 1193.826404][T10996] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[ 1193.899198][T16812] trusted_key: encrypted_key: master key parameter '00N0' is invalid
[ 1194.986942][T10996] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1195.084798][T10996] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1195.136782][T10996] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1195.172542][T10996] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1195.210634][T10996] usb 7-1: config 0 descriptor??
[ 1195.458950][T10996] usbhid 7-1:0.0: can't add hid device: -71
[ 1195.485636][T10996] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1195.513551][T10996] usb 7-1: USB disconnect, device number 43
[ 1195.836132][T11009] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[ 1196.076831][T11009] usb 6-1: Using ep0 maxpacket: 16
[ 1196.254347][T11009] usb 6-1: config 0 descriptor has 1 excess byte, ignoring
[ 1196.420948][T11009] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 65516, setting to 1024
[ 1196.486304][T11009] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024
[ 1196.547262][T11009] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 223
[ 1196.631877][T11009] usb 6-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[ 1196.710672][T11009] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1196.722513][T11009] usb 6-1: Product: syz
[ 1196.734487][T11009] usb 6-1: Manufacturer: syz
[ 1196.741181][T11009] usb 6-1: SerialNumber: syz
[ 1196.792111][T11009] usb 6-1: config 0 descriptor??
[ 1196.812197][T16826] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1196.834653][T16826] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1196.892256][T16834] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3005'.
[ 1197.080179][    C0] mcba_usb 6-1:0.0 can0: Tx URB aborted (-71)
[ 1197.088384][T11009] mcba_usb 6-1:0.0: Microchip CAN BUS Analyzer connected
[ 1197.096076][    C0] mcba_usb 6-1:0.0 can0: Tx URB aborted (-71)
[ 1197.789335][T16840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1197.836760][T16840] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1197.904488][T10998] usb 6-1: USB disconnect, device number 43
[ 1197.914896][T10998] mcba_usb 6-1:0.0 can0: device disconnected
[ 1198.381660][T16848] FAULT_INJECTION: forcing a failure.
[ 1198.381660][T16848] name failslab, interval 1, probability 0, space 0, times 0
[ 1198.496315][T16848] CPU: 1 UID: 0 PID: 16848 Comm: syz.6.3004 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[ 1198.496351][T16848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1198.496367][T16848] Call Trace:
[ 1198.496377][T16848]  <TASK>
[ 1198.496387][T16848]  dump_stack_lvl+0x189/0x250
[ 1198.496422][T16848]  ? __pfx____ratelimit+0x10/0x10
[ 1198.496457][T16848]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1198.496483][T16848]  ? __pfx__printk+0x10/0x10
[ 1198.496519][T16848]  ? __pfx___might_resched+0x10/0x10
[ 1198.496542][T16848]  ? fs_reclaim_acquire+0x7d/0x100
[ 1198.496571][T16848]  should_fail_ex+0x414/0x560
[ 1198.496610][T16848]  should_failslab+0xa8/0x100
[ 1198.496646][T16848]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1198.496678][T16848]  ? alloc_empty_file+0x55/0x1d0
[ 1198.496700][T16848]  ? __pfx_path_from_stashed+0x10/0x10
[ 1198.496726][T16848]  alloc_empty_file+0x55/0x1d0
[ 1198.496750][T16848]  dentry_open+0x44/0xa0
[ 1198.496776][T16848]  pidfs_alloc_file+0x1c9/0x300
[ 1198.496808][T16848]  ? __pfx_pidfs_alloc_file+0x10/0x10
[ 1198.496850][T16848]  pidfd_prepare+0xfd/0x170
[ 1198.496880][T16848]  __x64_sys_pidfd_open+0x101/0x180
[ 1198.496914][T16848]  ? __pfx___x64_sys_pidfd_open+0x10/0x10
[ 1198.496945][T16848]  ? rcu_is_watching+0x15/0xb0
[ 1198.496987][T16848]  ? do_syscall_64+0xbe/0x3b0
[ 1198.497015][T16848]  do_syscall_64+0xfa/0x3b0
[ 1198.497036][T16848]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1198.497071][T16848]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1198.497095][T16848]  ? clear_bhb_loop+0x60/0xb0
[ 1198.497124][T16848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1198.497146][T16848] RIP: 0033:0x7f2f43d8e929
[ 1198.497168][T16848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1198.497188][T16848] RSP: 002b:00007f2f44c4c028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2
[ 1198.497214][T16848] RAX: ffffffffffffffda RBX: 00007f2f43fb6160 RCX: 00007f2f43d8e929
[ 1198.497231][T16848] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000004de
[ 1198.497245][T16848] RBP: 00007f2f44c4c090 R08: 0000000000000000 R09: 0000000000000000
[ 1198.497259][T16848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1198.497273][T16848] R13: 0000000000000001 R14: 00007f2f43fb6160 R15: 00007ffec9c5f9e8
[ 1198.497310][T16848]  </TASK>
[ 1201.897518][T10996] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1202.096203][T10996] usb 5-1: Using ep0 maxpacket: 32
[ 1202.120911][T10996] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1202.778315][T10996] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1202.791248][T10996] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1202.811074][T10996] usb 5-1: config 1 has no interface number 0
[ 1202.818982][T10996] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1202.833376][T10996] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1202.850388][T10996] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1202.863146][T10996] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1202.892364][T10996] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[ 1202.903823][T16883] xt_bpf: check failed: parse error
[ 1203.737043][T10996] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[ 1205.324532][T11013] usb 5-1: USB disconnect, device number 37
[ 1205.347733][T11013] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[ 1206.007412][T16918] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3028'.
[ 1206.311803][T10996] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[ 1206.437143][T16927] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3030'.
[ 1206.446684][T16927] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3030'.
[ 1206.596694][T16927] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1206.606865][T16927] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1206.615781][T16927] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1206.625395][T16927] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1206.635195][T16927] geneve2: entered promiscuous mode
[ 1206.641884][T16927] geneve2: entered allmulticast mode
[ 1206.658436][T10996] usb 7-1: config 0 has an invalid interface number: 176 but max is 0
[ 1206.678521][T10996] usb 7-1: config 0 has no interface number 0
[ 1206.702098][T10996] usb 7-1: config 0 interface 176 altsetting 0 endpoint 0x81 has an invalid bInterval 91, changing to 10
[ 1206.729868][T10996] usb 7-1: config 0 interface 176 altsetting 0 endpoint 0x81 has invalid maxpacket 50187, setting to 1024
[ 1206.743704][T10996] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1206.779193][T10996] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1206.812821][T10996] usb 7-1: config 0 descriptor??
[ 1206.828171][T16911] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1207.285011][T10996] uclogic 0003:256C:006D.0011: interface is invalid, ignoring
[ 1207.488796][T16911] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3027'.
[ 1208.756289][T11013] usb 2-1: new full-speed USB device number 55 using dummy_hcd
[ 1209.036036][T16950] openvswitch: netlink: Message has 16 unknown bytes.
[ 1209.574891][T11013] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1209.598526][T11013] usb 2-1: not running at top speed; connect to a high speed hub
[ 1209.633573][T11013] usb 2-1: config 219 has 1 interface, different from the descriptor's value: 2
[ 1209.674590][T11013] usb 2-1: config 219 interface 0 has no altsetting 0
[ 1210.279216][T11013] usb 2-1: config 219 interface 0 has no altsetting 1
[ 1210.292096][T11013] usb 2-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e
[ 1210.324616][T11013] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1210.343101][T11013] usb 2-1: Product: syz
[ 1210.375717][T11013] usb 2-1: Manufacturer: syz
[ 1210.384311][T11013] usb 2-1: SerialNumber: syz
[ 1210.577874][T16911] team0 (unregistering): Port device team_slave_0 removed
[ 1210.597029][T11013] usb 2-1: selecting invalid altsetting 0
[ 1210.623107][T11013] usb 2-1: selecting invalid altsetting 0
[ 1210.653823][T16911] team0 (unregistering): Port device team_slave_1 removed
[ 1210.815440][T16911] team0 (unregistering): Port device bond0 removed
[ 1210.926797][T11013] usb 2-1: USB disconnect, device number 55
[ 1211.133849][T11012] usb 7-1: USB disconnect, device number 44
[ 1211.824971][T16978] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3044'.
[ 1212.600127][T16977] netlink: 'syz.6.3047': attribute type 1 has an invalid length.
[ 1212.620966][T16977] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3047'.
[ 1212.911188][T16983] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3047'.
[ 1212.924166][T16983] netlink: 204 bytes leftover after parsing attributes in process `syz.6.3047'.
[ 1212.936066][T16983] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3047'.
[ 1217.834190][T17000] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3052'.
[ 1217.861118][T17000] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3052'.
[ 1218.241342][T13447] bridge0: port 3(syz_tun) entered disabled state
[ 1218.300828][T13447] syz_tun (unregistering): left allmulticast mode
[ 1218.308013][T13447] syz_tun (unregistering): left promiscuous mode
[ 1218.314929][T13447] bridge0: port 3(syz_tun) entered disabled state
[ 1219.295269][T15788] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1219.751391][T15788] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1220.152382][T17020] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3059'.
[ 1220.778817][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1220.816668][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1220.828094][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1220.837344][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1220.850759][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1220.891935][T15788] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1220.985042][T17022] lo speed is unknown, defaulting to 1000
[ 1220.994804][T17022] virt_wifi0 speed is unknown, defaulting to 1000
[ 1221.145638][T15788] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1222.936269][ T5839] Bluetooth: hci2: command tx timeout
[ 1223.356352][T15788] bridge_slave_1: left allmulticast mode
[ 1223.372470][T15788] bridge_slave_1: left promiscuous mode
[ 1223.389220][T15788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1223.433225][T15788] bridge_slave_0: left allmulticast mode
[ 1223.463560][T15788] bridge_slave_0: left promiscuous mode
[ 1223.478689][T15788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1224.982169][ T5839] Bluetooth: hci2: command tx timeout
[ 1225.120418][T17078] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3072'.
[ 1227.110471][ T5839] Bluetooth: hci2: command tx timeout
[ 1227.524706][T15788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1227.544718][T15788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1227.567626][T15788] bond0 (unregistering): Released all slaves
[ 1228.082768][T15788] bond1 (unregistering): Released all slaves
[ 1228.388128][T15788] bond2 (unregistering): Released all slaves
[ 1228.406899][T15788] bond3 (unregistering): Released all slaves
[ 1228.439532][T17022] chnl_net:caif_netlink_parms(): no params data found
[ 1228.729585][T15788] tipc: Left network mode
[ 1229.228664][ T5839] Bluetooth: hci2: command tx timeout
[ 1230.284287][T17022] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1230.735852][T17022] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1230.752641][T17022] bridge_slave_0: entered allmulticast mode
[ 1230.773006][T17022] bridge_slave_0: entered promiscuous mode
[ 1231.293803][T17022] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1231.322012][T17022] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1231.358669][T17022] bridge_slave_1: entered allmulticast mode
[ 1231.387422][T17022] bridge_slave_1: entered promiscuous mode
[ 1231.495672][T17022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1231.596268][T15788] hsr_slave_0: left promiscuous mode
[ 1231.605561][T15788] hsr_slave_1: left promiscuous mode
[ 1231.619604][T15788] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1231.656830][T15788] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1231.717144][T15788] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1231.744079][T15788] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1231.859082][T15788] veth1_macvtap: left promiscuous mode
[ 1231.939957][T17141] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3088'.
[ 1232.534848][T15788] veth0_macvtap: left promiscuous mode
[ 1232.546210][T15788] veth1_vlan: left promiscuous mode
[ 1232.551819][T15788] veth0_vlan: left promiscuous mode
[ 1235.887827][  T891] libceph: connect (1)[c::]:6789 error -101
[ 1236.085694][  T891] libceph: mon0 (1)[c::]:6789 connect error
[ 1236.150404][  T891] libceph: connect (1)[c::]:6789 error -101
[ 1236.206328][  T891] libceph: mon0 (1)[c::]:6789 connect error
[ 1236.282093][T17163] ceph: No mds server is up or the cluster is laggy
[ 1239.077072][T17022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1240.450428][T17022] team0: Port device team_slave_0 added
[ 1240.547770][T17022] team0: Port device team_slave_1 added
[ 1240.646229][T11014] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[ 1241.364673][T11014] usb 7-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[ 1241.380702][T17022] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1241.388794][T11014] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1241.396194][T17022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1241.429468][T11014] usb 7-1: Product: syz
[ 1241.460017][T11014] usb 7-1: Manufacturer: syz
[ 1241.477233][T17022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1241.527445][T11014] usb 7-1: SerialNumber: syz
[ 1241.546854][T11014] usb 7-1: config 0 descriptor??
[ 1241.550794][T17022] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1241.573443][T11014] gspca_main: sunplus-2.14.0 probing 055f:c230
[ 1241.580883][T17022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1241.645834][T17022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1241.760726][T15788] IPVS: stop unused estimator thread 0...
[ 1241.968603][T17022] hsr_slave_0: entered promiscuous mode
[ 1241.996146][T17022] hsr_slave_1: entered promiscuous mode
[ 1242.507049][T11014] gspca_sunplus: reg_r err -110
[ 1242.539135][T11014] sunplus 7-1:0.0: probe with driver sunplus failed with error -110
[ 1242.706716][T17196] block nbd1: server does not support multiple connections per device.
[ 1242.721093][T17196] block nbd1: shutting down sockets
[ 1242.747221][  T891] usb 7-1: USB disconnect, device number 45
[ 1243.062214][   T30] audit: type=1326 audit(2000001382.608:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17209 comm="syz.5.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f363858e929 code=0x7ffc0000
[ 1243.123662][   T30] audit: type=1326 audit(2000001382.628:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17209 comm="syz.5.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f363858e929 code=0x7ffc0000
[ 1243.208846][   T30] audit: type=1326 audit(2000001382.638:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17209 comm="syz.5.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f363858e929 code=0x7ffc0000
[ 1243.239990][   T30] audit: type=1326 audit(2000001382.638:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17209 comm="syz.5.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f363858e929 code=0x7ffc0000
[ 1243.240629][T17210] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[ 1243.265326][   T30] audit: type=1326 audit(2000001382.638:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17209 comm="syz.5.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f363858e929 code=0x7ffc0000
[ 1243.265379][   T30] audit: type=1326 audit(2000001382.648:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17209 comm="syz.5.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f363858e929 code=0x7ffc0000
[ 1243.843694][   T30] audit: type=1326 audit(2000001382.648:1918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17209 comm="syz.5.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f363858e929 code=0x7ffc0000
[ 1243.946434][   T30] audit: type=1326 audit(2000001382.648:1919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17209 comm="syz.5.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f363858e929 code=0x7ffc0000
[ 1243.985086][   T30] audit: type=1326 audit(2000001382.648:1920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17209 comm="syz.5.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f363858e929 code=0x7ffc0000
[ 1244.024114][T17220] vivid-003: disconnect
[ 1244.053619][   T30] audit: type=1326 audit(2000001382.658:1921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17209 comm="syz.5.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f363858e929 code=0x7ffc0000
[ 1244.164324][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1244.171075][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1244.188553][T17022] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1244.216284][  T891] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[ 1244.229851][T17022] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1244.248675][T17022] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1245.049516][T17022] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1245.087359][T17214] vivid-003: reconnect
[ 1245.136106][  T891] usb 6-1: Using ep0 maxpacket: 16
[ 1245.156103][  T891] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1245.219706][  T891] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1245.522387][  T891] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1245.534168][  T891] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1245.546745][  T891] usb 6-1: Product: syz
[ 1245.554145][  T891] usb 6-1: Manufacturer: syz
[ 1245.565181][  T891] usb 6-1: SerialNumber: syz
[ 1245.583224][  T891] usb 6-1: config 0 descriptor??
[ 1245.676849][  T891] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1245.816447][  T891] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[ 1246.277827][  T891] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[ 1246.302480][  T891] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[ 1246.980846][  T891] em28xx 6-1:0.0: AC97 chip type couldn't be determined
[ 1247.015045][  T891] em28xx 6-1:0.0: No AC97 audio processor
[ 1247.091633][T17022] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1247.135399][T17022] 8021q: adding VLAN 0 to HW filter on device team0
[ 1247.193973][T15799] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1247.204510][T15799] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1247.224116][T15799] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1247.232641][T15799] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1248.502935][T10997] usb 6-1: USB disconnect, device number 44
[ 1248.513166][T10997] em28xx 6-1:0.0: Disconnecting em28xx
[ 1248.535887][T10997] em28xx 6-1:0.0: Freeing device
[ 1249.451612][T17022] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1249.608315][T17022] veth0_vlan: entered promiscuous mode
[ 1249.643135][T17022] veth1_vlan: entered promiscuous mode
[ 1249.723175][T17022] veth0_macvtap: entered promiscuous mode
[ 1249.742355][T17022] veth1_macvtap: entered promiscuous mode
[ 1249.791675][T17022] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1249.808725][T17022] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1249.841611][T17022] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1249.841653][T17022] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1249.841682][T17022] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1249.841711][T17022] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1250.006581][T10118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1250.025364][T10118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1250.095624][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1250.130766][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1250.750931][   T30] kauditd_printk_skb: 17 callbacks suppressed
[ 1250.751074][   T30] audit: type=1800 audit(2000001390.268:1939): pid=17282 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3127" name="/" dev="fuse" ino=0 res=0 errno=0
[ 1252.954115][T17307] FAULT_INJECTION: forcing a failure.
[ 1252.954115][T17307] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1252.968309][T17307] CPU: 1 UID: 0 PID: 17307 Comm: syz.6.3133 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[ 1252.968339][T17307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1252.968353][T17307] Call Trace:
[ 1252.968362][T17307]  <TASK>
[ 1252.968370][T17307]  dump_stack_lvl+0x189/0x250
[ 1252.968400][T17307]  ? __pfx____ratelimit+0x10/0x10
[ 1252.968433][T17307]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1252.968456][T17307]  ? __pfx__printk+0x10/0x10
[ 1252.968483][T17307]  ? __might_fault+0xb0/0x130
[ 1252.968526][T17307]  should_fail_ex+0x414/0x560
[ 1252.968562][T17307]  _copy_from_user+0x2d/0xb0
[ 1252.968587][T17307]  __sys_bind+0x199/0x3e0
[ 1252.968611][T17307]  ? __pfx___sys_bind+0x10/0x10
[ 1252.968658][T17307]  __x64_sys_bind+0x7a/0x90
[ 1252.968680][T17307]  do_syscall_64+0xfa/0x3b0
[ 1252.968702][T17307]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1252.968721][T17307]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1252.968740][T17307]  ? clear_bhb_loop+0x60/0xb0
[ 1252.968766][T17307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1252.968794][T17307] RIP: 0033:0x7f2f43d8e929
[ 1252.968813][T17307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1252.968831][T17307] RSP: 002b:00007f2f44c4c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 1252.968854][T17307] RAX: ffffffffffffffda RBX: 00007f2f43fb6160 RCX: 00007f2f43d8e929
[ 1252.968869][T17307] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000005
[ 1252.968881][T17307] RBP: 00007f2f44c4c090 R08: 0000000000000000 R09: 0000000000000000
[ 1252.968894][T17307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1252.968906][T17307] R13: 0000000000000000 R14: 00007f2f43fb6160 R15: 00007ffec9c5f9e8
[ 1252.968939][T17307]  </TASK>
[ 1253.190748][T17307] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1254.975779][T17331] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3138'.
[ 1259.099552][T15793] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1259.770776][T17365] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3146'.
[ 1260.344903][T14616] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1260.521246][T14616] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1260.534078][T14616] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1260.543222][T14616] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1260.551690][T14616] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1260.620828][T17352] lo speed is unknown, defaulting to 1000
[ 1260.630025][T17352] virt_wifi0 speed is unknown, defaulting to 1000
[ 1262.608430][T15793] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1262.656462][ T5839] Bluetooth: hci3: command tx timeout
[ 1263.614319][T17352] chnl_net:caif_netlink_parms(): no params data found
[ 1263.817126][T17401] loop6: detected capacity change from 0 to 63
[ 1263.854543][T17401] buffer_io_error: 3686 callbacks suppressed
[ 1263.854568][T17401] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1263.875281][T17401] Buffer I/O error on dev loop6, logical block 1, async page read
[ 1263.886070][T17401] Buffer I/O error on dev loop6, logical block 2, async page read
[ 1263.896070][T17401] Buffer I/O error on dev loop6, logical block 3, async page read
[ 1263.918449][T17401] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1263.956575][T17401] Buffer I/O error on dev loop6, logical block 1, async page read
[ 1263.996431][T17401] Buffer I/O error on dev loop6, logical block 2, async page read
[ 1264.081425][T17401] Buffer I/O error on dev loop6, logical block 3, async page read
[ 1264.613638][T17407] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3157'.
[ 1264.717810][ T5839] Bluetooth: hci3: command tx timeout
[ 1265.053961][T15793] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1266.796236][ T5839] Bluetooth: hci3: command tx timeout
[ 1267.005356][T17422] netlink: 'syz.5.3161': attribute type 11 has an invalid length.
[ 1267.054195][T17422] netlink: 'syz.5.3161': attribute type 11 has an invalid length.
[ 1267.074720][T17422] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3161'.
[ 1267.127555][T15793] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1267.297263][T17421] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1267.943171][T17352] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1267.956206][T17352] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1267.986520][T17352] bridge_slave_0: entered allmulticast mode
[ 1267.994841][T17352] bridge_slave_0: entered promiscuous mode
[ 1268.040245][T17352] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1268.070334][T17352] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1268.090385][T17352] bridge_slave_1: entered allmulticast mode
[ 1268.268065][T17352] bridge_slave_1: entered promiscuous mode
[ 1268.876357][ T5839] Bluetooth: hci3: command tx timeout
[ 1270.741379][T17352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1270.766414][T17449] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1270.817909][T17352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1270.999434][T17352] team0: Port device team_slave_0 added
[ 1271.024745][T17352] team0: Port device team_slave_1 added
[ 1271.044020][T17463] netlink: 'syz.2.3173': attribute type 11 has an invalid length.
[ 1271.053459][T17463] netlink: 'syz.2.3173': attribute type 11 has an invalid length.
[ 1271.061847][T17463] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3173'.
[ 1271.073874][T17462] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1271.109155][T15793] bridge_slave_0: left allmulticast mode
[ 1271.115284][T15793] bridge_slave_0: left promiscuous mode
[ 1271.122005][T15793] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1271.670519][T11013] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 1272.076602][T11013] usb 3-1: Using ep0 maxpacket: 8
[ 1272.090969][T11013] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1272.128809][T11013] usb 3-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice= 0.40
[ 1272.145963][T11013] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1272.185119][T11013] usb 3-1: Product: syz
[ 1272.202732][T11013] usb 3-1: Manufacturer: syz
[ 1272.216594][T11013] usb 3-1: SerialNumber: syz
[ 1274.339919][T15793] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1274.413131][T15793] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1274.578224][T15793] bond0 (unregistering): Released all slaves
[ 1274.631692][T15793] bond1 (unregistering): Released all slaves
[ 1275.498247][T15793] bond2 (unregistering): Released all slaves
[ 1275.517525][T17352] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1275.524911][T17352] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1275.553846][T17352] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1275.643106][T11013] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input47
[ 1275.666514][ T5192] bcm5974 3-1:1.0: could not read from device
[ 1275.668858][T11013] usb 3-1: USB disconnect, device number 62
[ 1275.710988][T17485] netlink: 'syz.4.3179': attribute type 12 has an invalid length.
[ 1275.777239][T17352] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1275.784721][T17352] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1275.836895][T15793] IPVS: stopping backup sync thread 13894 ...
[ 1275.851135][T17352] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1276.020043][T17502] netlink: 'syz.5.3183': attribute type 11 has an invalid length.
[ 1276.028728][T17502] netlink: 'syz.5.3183': attribute type 11 has an invalid length.
[ 1276.038912][T17502] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3183'.
[ 1276.069370][T17501] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1276.155734][T17505] netlink: 'syz.2.3184': attribute type 29 has an invalid length.
[ 1276.196733][T17505] netlink: 500 bytes leftover after parsing attributes in process `syz.2.3184'.
[ 1276.298313][T17352] hsr_slave_0: entered promiscuous mode
[ 1276.526316][T17352] hsr_slave_1: entered promiscuous mode
[ 1276.534713][T17352] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1276.545523][T17352] Cannot create hsr debugfs directory
[ 1276.585719][T17506] netlink: 'syz.2.3184': attribute type 29 has an invalid length.
[ 1277.487207][T17500] lo speed is unknown, defaulting to 1000
[ 1277.635692][T17500] virt_wifi0 speed is unknown, defaulting to 1000
[ 1277.928743][T15793] hsr_slave_0: left promiscuous mode
[ 1277.935655][T15793] hsr_slave_1: left promiscuous mode
[ 1278.195435][T15793] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1278.288520][T15793] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1278.507039][T15793] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1278.524893][T15793] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1278.582343][T15793] veth1_macvtap: left promiscuous mode
[ 1278.588235][T15793] veth0_macvtap: left promiscuous mode
[ 1279.337402][T17535] loop6: detected capacity change from 0 to 63
[ 1279.497038][T17535] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1279.506115][T17535] Buffer I/O error on dev loop6, logical block 1, async page read
[ 1279.525701][T17535] Buffer I/O error on dev loop6, logical block 2, async page read
[ 1279.553549][T17535] Buffer I/O error on dev loop6, logical block 3, async page read
[ 1279.567272][T17535] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1279.594441][T17535] Buffer I/O error on dev loop6, logical block 1, async page read
[ 1279.606002][T17535] Buffer I/O error on dev loop6, logical block 2, async page read
[ 1279.616457][T17535] Buffer I/O error on dev loop6, logical block 3, async page read
[ 1279.645958][T17535] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1279.656725][T17535] Buffer I/O error on dev loop6, logical block 1, async page read
[ 1280.021038][T15793] team_slave_0 (unregistering): left promiscuous mode
[ 1280.046853][T15793] team0 (unregistering): Port device team_slave_0 removed
[ 1281.658533][T17529] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3189'.
[ 1281.688875][T17530] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3189'.
[ 1281.711599][T10997] lo speed is unknown, defaulting to 1000
[ 1281.718187][T17539] gretap1: entered promiscuous mode
[ 1281.745228][T10997] infiniband syz0: ib_query_port failed (-19)
[ 1284.424020][T17352] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1284.477215][T17352] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1284.514161][T17352] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1284.896997][T17576] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3203'.
[ 1284.926057][T17352] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1285.122066][T17575] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3203'.
[ 1285.363642][T17352] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1285.413181][T17352] 8021q: adding VLAN 0 to HW filter on device team0
[ 1285.459019][T15797] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1285.466399][T15797] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1285.515796][T17593] FAULT_INJECTION: forcing a failure.
[ 1285.515796][T17593] name failslab, interval 1, probability 0, space 0, times 0
[ 1285.529257][T17593] CPU: 1 UID: 0 PID: 17593 Comm: syz.4.3208 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[ 1285.529288][T17593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1285.529304][T17593] Call Trace:
[ 1285.529313][T17593]  <TASK>
[ 1285.529324][T17593]  dump_stack_lvl+0x189/0x250
[ 1285.529355][T17593]  ? __pfx____ratelimit+0x10/0x10
[ 1285.529387][T17593]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1285.529412][T17593]  ? __pfx__printk+0x10/0x10
[ 1285.529446][T17593]  ? __pfx___might_resched+0x10/0x10
[ 1285.529475][T17593]  should_fail_ex+0x414/0x560
[ 1285.529511][T17593]  should_failslab+0xa8/0x100
[ 1285.529553][T17593]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1285.529585][T17593]  ? __alloc_skb+0x112/0x2d0
[ 1285.529615][T17593]  __alloc_skb+0x112/0x2d0
[ 1285.529643][T17593]  netlink_sendmsg+0x5c6/0xb30
[ 1285.529680][T17593]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1285.529715][T17593]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1285.529745][T17593]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1285.529771][T17593]  __sock_sendmsg+0x219/0x270
[ 1285.529808][T17593]  ____sys_sendmsg+0x505/0x830
[ 1285.529841][T17593]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1285.529879][T17593]  ? import_iovec+0x74/0xa0
[ 1285.529907][T17593]  ___sys_sendmsg+0x21f/0x2a0
[ 1285.529937][T17593]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1285.530004][T17593]  ? __fget_files+0x2a/0x420
[ 1285.530028][T17593]  ? __fget_files+0x3a0/0x420
[ 1285.530060][T17593]  __x64_sys_sendmsg+0x19b/0x260
[ 1285.530090][T17593]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1285.530129][T17593]  ? __pfx_ksys_write+0x10/0x10
[ 1285.530156][T17593]  ? rcu_is_watching+0x15/0xb0
[ 1285.530186][T17593]  ? do_syscall_64+0xbe/0x3b0
[ 1285.530211][T17593]  do_syscall_64+0xfa/0x3b0
[ 1285.530230][T17593]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1285.530262][T17593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1285.530283][T17593]  ? clear_bhb_loop+0x60/0xb0
[ 1285.530309][T17593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1285.530330][T17593] RIP: 0033:0x7f303858e929
[ 1285.530350][T17593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1285.530368][T17593] RSP: 002b:00007f303935f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1285.530391][T17593] RAX: ffffffffffffffda RBX: 00007f30387b5fa0 RCX: 00007f303858e929
[ 1285.530407][T17593] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[ 1285.530421][T17593] RBP: 00007f303935f090 R08: 0000000000000000 R09: 0000000000000000
[ 1285.530434][T17593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1285.530446][T17593] R13: 0000000000000000 R14: 00007f30387b5fa0 R15: 00007ffe50f2f228
[ 1285.530480][T17593]  </TASK>
[ 1285.823033][T15804] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1285.830368][T15804] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1286.543008][T17601] netlink: 'syz.5.3210': attribute type 275 has an invalid length.
[ 1286.993805][T17608] overlayfs: missing 'lowerdir'
[ 1289.408907][T17633] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3216'.
[ 1289.425797][T17628] libceph: resolve '.
[ 1289.425797][T17628] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[ 1289.425797][T17628] ' (ret=-3): failed
[ 1289.459139][T17633] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3216'.
[ 1289.953812][T17632] sp0: Synchronizing with TNC
[ 1289.972310][T17352] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1290.420071][T17352] veth0_vlan: entered promiscuous mode
[ 1290.435751][T17352] veth1_vlan: entered promiscuous mode
[ 1290.616238][T17644] ubi31: attaching mtd0
[ 1290.672341][T17644] ubi31: scanning is finished
[ 1290.677302][T17644] ubi31: empty MTD device detected
[ 1291.167037][T17352] veth0_macvtap: entered promiscuous mode
[ 1291.222179][T17352] veth1_macvtap: entered promiscuous mode
[ 1291.222420][T17640] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3219'.
[ 1291.288395][T17644] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 1291.299186][T17644] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[ 1291.306957][T17644] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 1291.314352][T17644] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[ 1291.322187][T17644] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 1291.329675][T17644] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[ 1291.337967][T17644] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2916684793
[ 1291.348197][T17644] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 1291.360465][T17649] ubi31: background thread "ubi_bgt31d" started, PID 17649
[ 1291.424791][T17352] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1291.481792][T17352] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1291.506752][T17352] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.527460][T17352] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.536544][T17352] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.549932][T17352] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.750352][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1291.778061][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1291.868660][T13782] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1291.883773][T13782] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1292.258107][T17657] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1292.509338][T17666] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3225'.
[ 1292.518581][T17666] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3225'.
[ 1294.240236][T11015] usb 3-1: new full-speed USB device number 63 using dummy_hcd
[ 1294.686939][T11015] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1295.368248][T11015] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1295.420068][T11015] usb 3-1: string descriptor 0 read error: -71
[ 1295.444748][T11015] usb 3-1: New USB device found, idVendor=0b57, idProduct=852a, bcdDevice=6d.39
[ 1295.562366][T11015] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1295.616073][T11014] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[ 1295.756116][T17682] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3228'.
[ 1295.765604][T17682] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3228'.
[ 1296.605533][T11015] usb 3-1: config 0 descriptor??
[ 1296.831457][T11015] usb 3-1: can't set config #0, error -71
[ 1296.883082][T11014] usb 6-1: Using ep0 maxpacket: 8
[ 1297.039282][T11015] usb 3-1: USB disconnect, device number 63
[ 1297.048796][T11014] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1297.079400][T11014] usb 6-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1297.101932][T11014] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1297.174317][T11014] usb 6-1: config 0 descriptor??
[ 1297.214100][T11014] gspca_main: vc032x-2.14.0 probing 046d:0892
[ 1297.823397][T17699] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3229'.
[ 1298.281613][T11014] gspca_vc032x: reg_r err -110
[ 1298.287505][T11014] vc032x 6-1:0.0: probe with driver vc032x failed with error -110
[ 1298.470887][T11014] usb 6-1: USB disconnect, device number 45
[ 1299.058643][T17715] FAULT_INJECTION: forcing a failure.
[ 1299.058643][T17715] name failslab, interval 1, probability 0, space 0, times 0
[ 1299.074634][T17715] CPU: 0 UID: 0 PID: 17715 Comm: syz.2.3236 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[ 1299.074665][T17715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1299.074679][T17715] Call Trace:
[ 1299.074688][T17715]  <TASK>
[ 1299.074698][T17715]  dump_stack_lvl+0x189/0x250
[ 1299.074729][T17715]  ? __pfx____ratelimit+0x10/0x10
[ 1299.074761][T17715]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1299.074785][T17715]  ? __pfx__printk+0x10/0x10
[ 1299.074810][T17715]  ? ref_tracker_alloc+0x7a/0x460
[ 1299.074851][T17715]  ? ref_tracker_alloc+0x318/0x460
[ 1299.074885][T17715]  should_fail_ex+0x414/0x560
[ 1299.074924][T17715]  should_failslab+0xa8/0x100
[ 1299.074960][T17715]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1299.074989][T17715]  ? skb_clone+0x212/0x3a0
[ 1299.075017][T17715]  skb_clone+0x212/0x3a0
[ 1299.075042][T17715]  __netlink_deliver_tap+0x404/0x850
[ 1299.075082][T17715]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1299.075103][T17715]  netlink_deliver_tap+0x19c/0x1b0
[ 1299.075124][T17715]  netlink_unicast+0x730/0x8e0
[ 1299.075151][T17715]  netlink_sendmsg+0x805/0xb30
[ 1299.075179][T17715]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1299.075207][T17715]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1299.075233][T17715]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1299.075254][T17715]  __sock_sendmsg+0x219/0x270
[ 1299.075283][T17715]  ____sys_sendmsg+0x505/0x830
[ 1299.075309][T17715]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1299.075339][T17715]  ? import_iovec+0x74/0xa0
[ 1299.075363][T17715]  ___sys_sendmsg+0x21f/0x2a0
[ 1299.075387][T17715]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1299.075440][T17715]  ? __fget_files+0x2a/0x420
[ 1299.075454][T17715]  ? __fget_files+0x3a0/0x420
[ 1299.075484][T17715]  __x64_sys_sendmsg+0x19b/0x260
[ 1299.075509][T17715]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1299.075539][T17715]  ? __pfx_ksys_write+0x10/0x10
[ 1299.075567][T17715]  ? do_syscall_64+0xbe/0x3b0
[ 1299.075588][T17715]  do_syscall_64+0xfa/0x3b0
[ 1299.075605][T17715]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1299.075621][T17715]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1299.075637][T17715]  ? clear_bhb_loop+0x60/0xb0
[ 1299.075658][T17715]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1299.075674][T17715] RIP: 0033:0x7f5623f8e929
[ 1299.075690][T17715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1299.075705][T17715] RSP: 002b:00007f5624e3d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1299.075725][T17715] RAX: ffffffffffffffda RBX: 00007f56241b6160 RCX: 00007f5623f8e929
[ 1299.075738][T17715] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000007
[ 1299.075749][T17715] RBP: 00007f5624e3d090 R08: 0000000000000000 R09: 0000000000000000
[ 1299.075760][T17715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1299.075769][T17715] R13: 0000000000000000 R14: 00007f56241b6160 R15: 00007fff6d9c9088
[ 1299.075796][T17715]  </TASK>
[ 1299.359949][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1299.856028][T11012] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[ 1299.913384][T17717] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1300.191488][T11012] usb 7-1: Using ep0 maxpacket: 16
[ 1300.636853][T17730] netlink: 'syz.5.3239': attribute type 12 has an invalid length.
[ 1300.649141][T11012] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1300.666555][T11012] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1300.676925][T11012] usb 7-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[ 1300.690938][T11012] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1300.698307][T17727] bridge_slave_1: left allmulticast mode
[ 1300.698340][T17727] bridge_slave_1: left promiscuous mode
[ 1300.698634][T17727] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1300.751438][T11012] usb 7-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 1300.764037][T11012] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1300.812703][T11012] usb 7-1: config 0 descriptor??
[ 1301.282636][T11012] hid (null): global environment stack underflow
[ 1301.421115][T11012] hid (null): unknown global tag 0x46
[ 1301.502521][T17750] loop6: detected capacity change from 0 to 524287999
[ 1301.796756][T11001] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1302.085047][T11012] hid (null): global environment stack underflow
[ 1302.091719][T11012] hid (null): global environment stack underflow
[ 1302.159052][T11012] usb 7-1: USB disconnect, device number 46
[ 1302.295979][T11001] usb 5-1: Using ep0 maxpacket: 8
[ 1302.308020][T11001] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1302.329095][T11001] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1302.353069][T11001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1302.383008][T11001] usb 5-1: config 0 descriptor??
[ 1302.403651][T11001] gspca_main: vc032x-2.14.0 probing 046d:0892
[ 1302.650686][T17764] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f���_ٮ,��
�<�_e�F��"
[ 1302.663368][T17764] CUSE: unknown device info "3�ܟ�,��̘�"
[ 1302.669669][T17764] CUSE: unknown device info "J���2SZ�� !e/��������J�+-n��a4����D�|G$��5O~�q	��
[ 1302.669669][T17764] f����z��X�SA�x��j��T�ǔ��w���xR�ɐQ��(hҏj	p�VdY0��|M?2J��I�v�^
R�@��"
[ 1302.689543][T17764] CUSE: unknown device info "!To�}ݝ&|L+U��o��ϲ���"��FstV�:׌E�gJ�����<@c�����4�T�M�M|�����"
[ 1302.701328][T17764] CUSE: DEVNAME unspecified
[ 1302.756177][   T30] audit: type=1326 audit(2000001442.268:1940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17756 comm="syz.5.3248" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f363858e929 code=0x0
[ 1303.280110][T11012] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[ 1303.818876][T17777] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3250'.
[ 1303.828027][T17777] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3250'.
[ 1303.928761][T11001] gspca_vc032x: reg_r err -110
[ 1303.935571][T11001] vc032x 5-1:0.0: probe with driver vc032x failed with error -110
[ 1304.546018][T11012] usb 6-1: Using ep0 maxpacket: 16
[ 1304.549178][T11001] usb 5-1: USB disconnect, device number 38
[ 1304.964851][T11012] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 11
[ 1305.015319][T11012] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[ 1305.032715][T11012] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[ 1305.043042][T11012] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1305.060336][T11012] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[ 1305.074599][T11012] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1305.091003][T11012] usb 6-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[ 1305.102009][T11012] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1305.122382][T11012] ums-sddr09 6-1:1.0: USB Mass Storage device detected
[ 1305.380219][T17792] netlink: 'syz.2.3254': attribute type 12 has an invalid length.
[ 1305.937170][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1305.943658][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1306.440774][T17802] tipc: Started in network mode
[ 1306.460440][T17802] tipc: Node identity e27f8cbdbea, cluster identity 5
[ 1306.470397][T17802] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1307.669883][  T891] tipc: Node number set to 1558154429
[ 1307.756727][T17802] fuse: Bad value for 'user_id'
[ 1307.775443][T17802] fuse: Bad value for 'user_id'
[ 1307.816117][T11012] ums-sddr09 6-1:1.0: probe with driver ums-sddr09 failed with error -22
[ 1307.829475][T11012] usb 6-1: USB disconnect, device number 46
[ 1308.073334][T17800] tipc: Disabling bearer <eth:syzkaller0>
[ 1308.600464][T17818] libceph: resolve '4' (ret=-3): failed
[ 1309.049469][  T891] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1309.210576][  T891] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[ 1309.226551][T11012] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[ 1309.233510][  T891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1309.311164][  T891] usb 5-1: Product: syz
[ 1309.394742][  T891] usb 5-1: Manufacturer: syz
[ 1309.440369][  T891] usb 5-1: SerialNumber: syz
[ 1309.586361][T11012] usb 7-1: Using ep0 maxpacket: 8
[ 1309.587080][  T891] usb 5-1: config 0 descriptor??
[ 1309.597186][T11012] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1309.608650][T11012] usb 7-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1309.629427][T11012] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1309.651432][  T891] gspca_main: sunplus-2.14.0 probing 055f:c230
[ 1309.658116][T11012] usb 7-1: config 0 descriptor??
[ 1309.675781][T11012] gspca_main: vc032x-2.14.0 probing 046d:0892
[ 1310.132356][T17836] loop6: detected capacity change from 0 to 524287999
[ 1310.304299][T11012] gspca_vc032x: reg_r err -71
[ 1310.311945][T11012] vc032x 7-1:0.0: probe with driver vc032x failed with error -71
[ 1310.330905][T11012] usb 7-1: USB disconnect, device number 47
[ 1310.587074][  T891] gspca_sunplus: reg_r err -110
[ 1310.592672][  T891] sunplus 5-1:0.0: probe with driver sunplus failed with error -110
[ 1310.646836][T17822] block nbd1: server does not support multiple connections per device.
[ 1310.655646][T17822] block nbd1: shutting down sockets
[ 1310.670423][T11012] usb 5-1: USB disconnect, device number 39
[ 1310.686081][T11013] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[ 1310.759110][T17848] syz.1.3276 (17848): drop_caches: 2
[ 1310.853259][T11013] usb 6-1: too many endpoints for config 4 interface 0 altsetting 0: 79, using maximum allowed: 30
[ 1310.867016][T17850] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3277'.
[ 1310.881207][T11013] usb 6-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x32, changing to 0x2
[ 1310.895702][T11013] usb 6-1: config 4 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 91
[ 1310.910599][T11013] usb 6-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 79
[ 1310.925135][T11013] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1310.941682][T11013] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1310.954234][T17840] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1311.378493][T11013] ath6kl: Failed to submit usb control message: -71
[ 1311.387764][T11013] ath6kl: unable to send the bmi data to the device: -71
[ 1311.402164][T11013] ath6kl: Unable to send get target info: -71
[ 1311.422573][T11013] ath6kl: Failed to init ath6kl core: -71
[ 1311.505524][T11013] ath6kl_usb 6-1:4.0: probe with driver ath6kl_usb failed with error -71
[ 1311.740281][T11013] usb 6-1: USB disconnect, device number 47
[ 1316.222186][T11012] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1317.016980][T17906] loop6: detected capacity change from 0 to 63
[ 1317.109071][T17906] buffer_io_error: 438 callbacks suppressed
[ 1317.109111][T17906] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1317.126107][T17906] Buffer I/O error on dev loop6, logical block 1, async page read
[ 1317.270435][T11012] usb 3-1: Using ep0 maxpacket: 8
[ 1317.391489][T11012] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1317.397455][T17906] Buffer I/O error on dev loop6, logical block 2, async page read
[ 1317.455390][T11012] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1317.566365][T11012] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1317.586192][T17906] Buffer I/O error on dev loop6, logical block 3, async page read
[ 1317.594358][T17906] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1317.616913][T11012] usb 3-1: config 0 descriptor??
[ 1317.643796][T17906] Buffer I/O error on dev loop6, logical block 1, async page read
[ 1317.648834][T11012] gspca_main: vc032x-2.14.0 probing 046d:0892
[ 1317.680562][T17906] Buffer I/O error on dev loop6, logical block 2, async page read
[ 1318.393542][T17906] Buffer I/O error on dev loop6, logical block 3, async page read
[ 1318.404575][T17906] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1318.413074][T17906] Buffer I/O error on dev loop6, logical block 1, async page read
[ 1318.606386][T11012] gspca_vc032x: reg_r err -71
[ 1318.611311][T11012] vc032x 3-1:0.0: probe with driver vc032x failed with error -71
[ 1318.683075][T11012] usb 3-1: USB disconnect, device number 64
[ 1325.313119][T11013] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[ 1325.406360][T11013] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1325.540588][T15804] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1325.896377][T10997] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1326.087911][T10997] usb 3-1: Using ep0 maxpacket: 8
[ 1326.219005][T15804] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1326.252973][T10997] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1326.295369][T14616] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1326.317877][T14616] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1326.326062][T11015] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[ 1326.341191][T10997] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1326.350816][T14616] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1326.364087][T10997] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1326.374040][T14616] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1326.394327][T14616] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1326.480236][T10997] usb 3-1: Product: syz
[ 1326.484630][T10997] usb 3-1: Manufacturer: syz
[ 1326.486027][T11015] usb 2-1: Using ep0 maxpacket: 8
[ 1326.508457][T11015] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1326.520264][T11015] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1326.547004][T10997] usb 3-1: SerialNumber: syz
[ 1326.582869][T11015] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1326.583964][T10997] usb 3-1: config 0 descriptor??
[ 1326.637774][T11015] usb 2-1: config 0 descriptor??
[ 1326.661360][T10997] streamzap 3-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[ 1326.693005][T11015] gspca_main: vc032x-2.14.0 probing 046d:0892
[ 1326.769571][T15804] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1327.065440][T17978] trusted_key: encrypted_key: insufficient parameters specified
[ 1327.619924][T15804] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1327.698752][T17980] netlink: 'syz.6.3311': attribute type 11 has an invalid length.
[ 1327.720542][T17980] netlink: 'syz.6.3311': attribute type 11 has an invalid length.
[ 1327.742993][T11015] gspca_vc032x: reg_r err -71
[ 1327.749316][T17980] netlink: 224 bytes leftover after parsing attributes in process `syz.6.3311'.
[ 1327.758768][T11015] vc032x 2-1:0.0: probe with driver vc032x failed with error -71
[ 1327.774220][T11015] usb 2-1: USB disconnect, device number 56
[ 1327.834856][T17976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1327.931736][T17967] virt_wifi0 speed is unknown, defaulting to 1000
[ 1327.939657][T17967] virt_wifi0 speed is unknown, defaulting to 1000
[ 1327.947159][T17967] virt_wifi0 speed is unknown, defaulting to 1000
[ 1327.968606][T17967] infiniband @: RDMA CMA: cma_listen_on_dev, error -98
[ 1328.047073][T17967] virt_wifi0 speed is unknown, defaulting to 1000
[ 1328.055657][T17967] virt_wifi0 speed is unknown, defaulting to 1000
[ 1328.064321][T17967] virt_wifi0 speed is unknown, defaulting to 1000
[ 1328.072907][T17967] virt_wifi0 speed is unknown, defaulting to 1000
[ 1328.081501][T17967] virt_wifi0 speed is unknown, defaulting to 1000
[ 1328.090008][T17967] virt_wifi0 speed is unknown, defaulting to 1000
[ 1328.098753][T17967] virt_wifi0 speed is unknown, defaulting to 1000
[ 1329.103734][ T5839] Bluetooth: hci4: command tx timeout
[ 1329.756429][T10997] usb 3-1: USB disconnect, device number 65
[ 1331.016185][T11014] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[ 1331.123229][ T5839] Bluetooth: hci4: command tx timeout
[ 1331.189517][T11014] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1331.226007][   T30] audit: type=1326 audit(2000001470.758:1941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18012 comm="syz.4.3320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1331.257361][   T30] audit: type=1326 audit(2000001470.758:1942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18012 comm="syz.4.3320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1331.257493][T11014] usb 7-1: config 1 has an invalid interface number: 88 but max is 1
[ 1331.294623][   T30] audit: type=1326 audit(2000001470.768:1943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18012 comm="syz.4.3320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1331.329099][T11014] usb 7-1: config 1 has no interface number 1
[ 1331.335605][T11014] usb 7-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1331.366013][   T30] audit: type=1326 audit(2000001470.768:1944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18012 comm="syz.4.3320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1331.401423][T11014] usb 7-1: config 1 interface 0 has no altsetting 0
[ 1331.423646][T11014] usb 7-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[ 1331.433240][   T30] audit: type=1326 audit(2000001470.768:1945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18012 comm="syz.4.3320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1331.465316][T11014] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1331.478296][T11014] usb 7-1: Product: syz
[ 1331.482827][T11014] usb 7-1: Manufacturer: syz
[ 1331.491252][T11014] usb 7-1: SerialNumber: syz
[ 1331.634970][   T30] audit: type=1326 audit(2000001470.798:1946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18012 comm="syz.4.3320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1331.674229][   T30] audit: type=1326 audit(2000001470.808:1947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18012 comm="syz.4.3320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1331.907705][   T30] audit: type=1326 audit(2000001470.808:1948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18012 comm="syz.4.3320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1331.934616][   T30] audit: type=1326 audit(2000001470.828:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18012 comm="syz.4.3320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1332.526830][   T30] audit: type=1326 audit(2000001470.828:1950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18012 comm="syz.4.3320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1333.214602][ T5839] Bluetooth: hci4: command tx timeout
[ 1333.335848][T15804] bond0 (unregistering): Released all slaves
[ 1333.980059][T11014] smsusb:smsusb_probe: board id=8, interface number 0
[ 1333.990303][T11014] smsusb:smsusb_probe: board id=8, interface number 88
[ 1334.031232][T11014] usb 7-1: USB disconnect, device number 48
[ 1334.032483][T17969] chnl_net:caif_netlink_parms(): no params data found
[ 1334.058206][T18038] netlink: 'syz.4.3325': attribute type 11 has an invalid length.
[ 1334.073659][T18038] netlink: 'syz.4.3325': attribute type 11 has an invalid length.
[ 1334.167425][T18038] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3325'.
[ 1334.271184][T18037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1334.598518][T17969] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1334.623267][T17969] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1334.641859][T17969] bridge_slave_0: entered allmulticast mode
[ 1334.653376][T17969] bridge_slave_0: entered promiscuous mode
[ 1334.664197][T17969] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1334.672955][T17969] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1334.682420][T17969] bridge_slave_1: entered allmulticast mode
[ 1334.692153][T17969] bridge_slave_1: entered promiscuous mode
[ 1334.729503][T15804] hsr_slave_0: left promiscuous mode
[ 1334.740710][T15804] hsr_slave_1: left promiscuous mode
[ 1335.276015][ T5839] Bluetooth: hci4: command tx timeout
[ 1338.283818][T17969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1338.362683][T17969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1338.717085][T17969] team0: Port device team_slave_0 added
[ 1339.315736][T17969] team0: Port device team_slave_1 added
[ 1339.551343][T17969] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1339.567475][T17969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1339.644153][T17969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1339.739492][T15804] IPVS: stop unused estimator thread 0...
[ 1339.742322][T17969] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1339.861970][T17969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1339.993333][T17969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1340.173498][T18092] virt_wifi0 speed is unknown, defaulting to 1000
[ 1340.359017][T17969] hsr_slave_0: entered promiscuous mode
[ 1340.385987][T17969] hsr_slave_1: entered promiscuous mode
[ 1340.402024][T17969] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1340.425592][T17969] Cannot create hsr debugfs directory
[ 1340.971522][T18108] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1340.995847][T18108] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1341.020757][T18108] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1341.028137][T18108] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1341.058708][T18108] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1341.073680][T18108] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1341.083303][T18108] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1341.108040][T18108] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1341.143433][T18108] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1341.162128][T18108] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1341.180166][T18108] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1341.448037][T11014] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[ 1342.060630][T11014] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1342.081194][T11014] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1342.113998][T11014] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1342.212277][T11014] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1342.242407][T11014] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1342.264044][T11014] usb 3-1: config 0 descriptor??
[ 1342.347324][T18126] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3349'.
[ 1342.418023][T17969] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1342.440914][T17969] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1342.474059][T17969] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1342.517750][T17969] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1343.126027][ T5839] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1343.134565][ T5839] Bluetooth: hci1: command 0x0406 tx timeout
[ 1343.143201][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1343.218812][T14616] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1343.625592][T17969] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1343.684941][T17969] 8021q: adding VLAN 0 to HW filter on device team0
[ 1343.715449][T15799] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1343.722754][T15799] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1343.754389][T15799] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1343.761726][T15799] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1343.866686][T11014] usbhid 3-1:0.0: can't add hid device: -71
[ 1343.983576][T11014] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1344.205576][T11014] usb 3-1: USB disconnect, device number 66
[ 1345.161073][T17969] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1345.201853][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1345.208328][ T5157] Bluetooth: hci1: command 0x0406 tx timeout
[ 1345.306216][ T5839] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1345.312773][ T5839] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1346.330915][T18178] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[ 1346.523626][T18176] IPVS: set_ctl: invalid protocol: 43 10.1.1.1:20004
[ 1347.007041][T18187] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1347.015313][T18187] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1347.028117][T18187] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1347.041971][T18187] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1347.124161][T17969] veth0_vlan: entered promiscuous mode
[ 1347.204375][T18173] FAULT_INJECTION: forcing a failure.
[ 1347.204375][T18173] name failslab, interval 1, probability 0, space 0, times 0
[ 1347.246184][T18173] CPU: 1 UID: 0 PID: 18173 Comm: syz.4.3359 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[ 1347.246218][T18173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1347.246238][T18173] Call Trace:
[ 1347.246247][T18173]  <TASK>
[ 1347.246257][T18173]  dump_stack_lvl+0x189/0x250
[ 1347.246287][T18173]  ? __pfx____ratelimit+0x10/0x10
[ 1347.246321][T18173]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1347.246345][T18173]  ? __pfx__printk+0x10/0x10
[ 1347.246374][T18173]  ? __pfx___might_resched+0x10/0x10
[ 1347.246397][T18173]  ? fs_reclaim_acquire+0x7d/0x100
[ 1347.246424][T18173]  should_fail_ex+0x414/0x560
[ 1347.246460][T18173]  should_failslab+0xa8/0x100
[ 1347.246501][T18173]  __kmalloc_noprof+0xcb/0x4f0
[ 1347.246530][T18173]  ? tomoyo_encode+0x28b/0x550
[ 1347.246557][T18173]  tomoyo_encode+0x28b/0x550
[ 1347.246586][T18173]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1347.246621][T18173]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1347.246653][T18173]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1347.246687][T18173]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1347.246736][T18173]  ? __lock_acquire+0xab9/0xd20
[ 1347.246779][T18173]  ? __fget_files+0x2a/0x420
[ 1347.246802][T18173]  ? __fget_files+0x2a/0x420
[ 1347.246820][T18173]  ? __fget_files+0x3a0/0x420
[ 1347.246838][T18173]  ? __fget_files+0x2a/0x420
[ 1347.246862][T18173]  security_file_ioctl+0xcb/0x2d0
[ 1347.246897][T18173]  __se_sys_ioctl+0x47/0x170
[ 1347.246928][T18173]  do_syscall_64+0xfa/0x3b0
[ 1347.246952][T18173]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1347.246973][T18173]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1347.246993][T18173]  ? clear_bhb_loop+0x60/0xb0
[ 1347.247019][T18173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1347.247040][T18173] RIP: 0033:0x7f303858e929
[ 1347.247060][T18173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1347.247078][T18173] RSP: 002b:00007f303933e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1347.247101][T18173] RAX: ffffffffffffffda RBX: 00007f30387b6080 RCX: 00007f303858e929
[ 1347.247117][T18173] RDX: 0000000000000000 RSI: 00000000c0046d00 RDI: 0000000000000006
[ 1347.247130][T18173] RBP: 00007f303933e090 R08: 0000000000000000 R09: 0000000000000000
[ 1347.247143][T18173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1347.247157][T18173] R13: 0000000000000000 R14: 00007f30387b6080 R15: 00007ffe50f2f228
[ 1347.247190][T18173]  </TASK>
[ 1347.252286][T18173] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1347.285490][T17969] veth1_vlan: entered promiscuous mode
[ 1347.781818][T17969] veth0_macvtap: entered promiscuous mode
[ 1347.812298][T17969] veth1_macvtap: entered promiscuous mode
[ 1347.893333][T17969] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1348.673528][T17969] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1348.711765][T17969] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1348.746798][T17969] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1348.762709][T17969] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1349.000600][T17969] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1349.037141][ T5157] Bluetooth: hci1: command 0x0406 tx timeout
[ 1349.043277][ T5157] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1349.412705][ T5839] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1350.598133][ T5157] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1350.898588][T15797] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1350.935547][T15797] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1351.084292][T15799] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1351.101288][T15799] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1351.306227][T10996] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[ 1351.496822][T10996] usb 5-1: Using ep0 maxpacket: 8
[ 1351.505832][T10996] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1351.524046][T10996] usb 5-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1351.533733][T10996] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1351.542078][T10996] usb 5-1: Product: syz
[ 1351.546806][T10996] usb 5-1: Manufacturer: syz
[ 1351.551610][T10996] usb 5-1: SerialNumber: syz
[ 1351.621200][T10996] usb 5-1: config 0 descriptor??
[ 1351.648618][T10996] streamzap 5-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[ 1351.764724][T18222] ALSA: mixer_oss: invalid OSS volume 'LI'
[ 1352.852948][T18215] siw: device registration error -23
[ 1352.872240][T10996] usb 5-1: USB disconnect, device number 41
[ 1358.516162][  T891] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[ 1358.676063][T11013] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1358.696164][  T891] usb 2-1: Using ep0 maxpacket: 8
[ 1358.707128][  T891] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1358.732622][  T891] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1358.742304][  T891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1358.750801][  T891] usb 2-1: Product: syz
[ 1358.755157][  T891] usb 2-1: Manufacturer: syz
[ 1358.761025][  T891] usb 2-1: SerialNumber: syz
[ 1358.792342][  T891] usb 2-1: config 0 descriptor??
[ 1358.814538][  T891] streamzap 2-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[ 1358.855989][T11013] usb 5-1: Using ep0 maxpacket: 8
[ 1358.865042][T11013] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1358.882704][T11013] usb 5-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1358.892283][T11013] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1358.900658][T11013] usb 5-1: Product: syz
[ 1358.905992][T11013] usb 5-1: Manufacturer: syz
[ 1358.910865][T11013] usb 5-1: SerialNumber: syz
[ 1358.923811][T11013] usb 5-1: config 0 descriptor??
[ 1358.934034][T11013] streamzap 5-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[ 1359.106947][T18275] trusted_key: encrypted_key: insufficient parameters specified
[ 1359.592696][  T891] usb 6-1: new full-speed USB device number 48 using dummy_hcd
[ 1360.467458][T18277] siw: device registration error -23
[ 1361.328890][  T891] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1361.344424][  T891] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1361.363625][  T891] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1361.388311][  T891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1361.559490][T11015] usb 5-1: USB disconnect, device number 42
[ 1361.571384][  T891] usb 6-1: config 0 descriptor??
[ 1361.585838][  T891] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1361.766501][  T891] dvb-usb: bulk message failed: -22 (3/0)
[ 1361.777216][  T891] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1361.786604][T11014] usb 2-1: USB disconnect, device number 57
[ 1361.795553][T18274] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes
[ 1361.810262][  T891] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1361.836079][  T891] usb 6-1: media controller created
[ 1361.879214][  T891] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1361.938677][  T891] dvb-usb: bulk message failed: -22 (6/0)
[ 1361.965014][  T891] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1361.975540][T18282] nfs: Deprecated parameter 'nointr'
[ 1362.749834][  T891] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input48
[ 1363.276513][  T891] dvb-usb: schedule remote query interval to 150 msecs.
[ 1363.324358][  T891] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1363.478680][T18263] dvb-usb: bulk message failed: -22 (1/0)
[ 1363.484742][T18263] dvb-usb: error while querying for an remote control event.
[ 1363.611408][T18302] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3388'.
[ 1363.624697][T18302] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3388'.
[ 1363.635282][T18302] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3388'.
[ 1364.208223][  T891] usb 6-1: USB disconnect, device number 48
[ 1366.863314][  T891] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1367.047185][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1367.053734][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1369.122459][T18340] netlink: 'syz.4.3399': attribute type 12 has an invalid length.
[ 1373.312654][T18263] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[ 1374.088283][T18263] usb 6-1: Using ep0 maxpacket: 32
[ 1374.112868][T18263] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1374.144665][T18263] usb 6-1: config 0 interface 0 altsetting 16 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1374.171655][T18263] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1374.208364][T18263] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1374.232888][T18263] usb 6-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1374.280199][T18263] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1374.296244][T18263] usb 6-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[ 1374.315835][T18263] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1374.335147][T18263] usb 6-1: config 0 descriptor??
[ 1374.886165][T10998] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[ 1375.056719][T10998] usb 2-1: Using ep0 maxpacket: 8
[ 1375.645316][T10998] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1375.706851][T10998] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1375.744924][T10998] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1375.765271][T10998] usb 2-1: Product: syz
[ 1375.774880][T10998] usb 2-1: Manufacturer: syz
[ 1375.780439][T10998] usb 2-1: SerialNumber: syz
[ 1375.789207][T10998] usb 2-1: config 0 descriptor??
[ 1375.809480][T10998] streamzap 2-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[ 1376.125960][T17281] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[ 1376.606526][T18396] trusted_key: encrypted_key: insufficient parameters specified
[ 1376.730475][T17281] usb 3-1: device descriptor read/64, error -71
[ 1376.783689][T18263] usbhid 6-1:0.0: can't add hid device: -71
[ 1377.205043][T18399] netlink: 'syz.5.3414': attribute type 11 has an invalid length.
[ 1377.209893][T18263] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1377.221310][T18399] netlink: 'syz.5.3414': attribute type 11 has an invalid length.
[ 1377.229994][T18399] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3414'.
[ 1377.262685][T18386] siw: device registration error -23
[ 1377.295594][T11013] usb 2-1: USB disconnect, device number 58
[ 1377.315118][T18398] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1377.318906][T18263] usb 6-1: USB disconnect, device number 49
[ 1377.574892][T17281] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[ 1377.706365][T17281] usb 3-1: device descriptor read/64, error -71
[ 1378.673740][T17281] usb usb3-port1: attempt power cycle
[ 1378.733247][T18408] virt_wifi0 speed is unknown, defaulting to 1000
[ 1379.842820][T17281] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1380.334412][T17281] usb 3-1: device not accepting address 69, error -71
[ 1382.586501][T18442] netlink: 'syz.5.3426': attribute type 11 has an invalid length.
[ 1382.613874][T18442] netlink: 'syz.5.3426': attribute type 11 has an invalid length.
[ 1382.623834][T18442] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3426'.
[ 1382.647707][T18440] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1382.736012][T10996] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[ 1383.673212][T10996] usb 2-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[ 1383.698032][T10996] usb 2-1: New USB device strings: Mfr=0, Product=16, SerialNumber=0
[ 1383.718605][T10996] usb 2-1: Product: syz
[ 1383.736442][T10996] usb 2-1: config 0 descriptor??
[ 1383.755394][T10996] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[ 1383.775497][T10996] ftdi_sio ttyUSB0: unknown device type: 0xc698
[ 1384.064191][T11013] usb 2-1: USB disconnect, device number 59
[ 1384.082847][T11013] ftdi_sio 2-1:0.0: device disconnected
[ 1385.412251][T18470] FAULT_INJECTION: forcing a failure.
[ 1385.412251][T18470] name failslab, interval 1, probability 0, space 0, times 0
[ 1385.438407][T18470] CPU: 0 UID: 0 PID: 18470 Comm: syz.2.3435 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[ 1385.438439][T18470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1385.438452][T18470] Call Trace:
[ 1385.438463][T18470]  <TASK>
[ 1385.438474][T18470]  dump_stack_lvl+0x189/0x250
[ 1385.438505][T18470]  ? __pfx____ratelimit+0x10/0x10
[ 1385.438539][T18470]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1385.438564][T18470]  ? __pfx__printk+0x10/0x10
[ 1385.438598][T18470]  ? __pfx___might_resched+0x10/0x10
[ 1385.438622][T18470]  ? fs_reclaim_acquire+0x7d/0x100
[ 1385.438649][T18470]  should_fail_ex+0x414/0x560
[ 1385.438686][T18470]  should_failslab+0xa8/0x100
[ 1385.438720][T18470]  __kmalloc_noprof+0xcb/0x4f0
[ 1385.438748][T18470]  ? kfree+0x4d/0x440
[ 1385.438781][T18470]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1385.438810][T18470]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1385.438836][T18470]  ? tomoyo_domain+0xda/0x130
[ 1385.438866][T18470]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1385.438898][T18470]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1385.438932][T18470]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1385.438983][T18470]  ? __lock_acquire+0xab9/0xd20
[ 1385.439028][T18470]  ? __fget_files+0x2a/0x420
[ 1385.439051][T18470]  ? __fget_files+0x2a/0x420
[ 1385.439069][T18470]  ? __fget_files+0x3a0/0x420
[ 1385.439087][T18470]  ? __fget_files+0x2a/0x420
[ 1385.439111][T18470]  security_file_ioctl+0xcb/0x2d0
[ 1385.439147][T18470]  __se_sys_ioctl+0x47/0x170
[ 1385.439178][T18470]  do_syscall_64+0xfa/0x3b0
[ 1385.439198][T18470]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1385.439229][T18470]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1385.439250][T18470]  ? clear_bhb_loop+0x60/0xb0
[ 1385.439277][T18470]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1385.439298][T18470] RIP: 0033:0x7f5623f8e929
[ 1385.439317][T18470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1385.439335][T18470] RSP: 002b:00007f5624e7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1385.439358][T18470] RAX: ffffffffffffffda RBX: 00007f56241b5fa0 RCX: 00007f5623f8e929
[ 1385.439374][T18470] RDX: 0000200000000100 RSI: 0000000080486402 RDI: 0000000000000003
[ 1385.439388][T18470] RBP: 00007f5624e7f090 R08: 0000000000000000 R09: 0000000000000000
[ 1385.439402][T18470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1385.439415][T18470] R13: 0000000000000000 R14: 00007f56241b5fa0 R15: 00007fff6d9c9088
[ 1385.439454][T18470]  </TASK>
[ 1385.441716][T18470] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1386.180925][T18482] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present
[ 1386.912124][T18487] netlink: 'syz.5.3441': attribute type 11 has an invalid length.
[ 1387.045141][T18487] netlink: 'syz.5.3441': attribute type 11 has an invalid length.
[ 1387.053223][T18487] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3441'.
[ 1387.068336][T18486] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1389.496489][T18505] nvme_fabrics: missing parameter 'transport=%s'
[ 1389.517853][T18505] nvme_fabrics: missing parameter 'nqn=%s'
[ 1390.154458][T11015] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[ 1390.399840][T18525] netlink: 'syz.2.3449': attribute type 12 has an invalid length.
[ 1391.216006][T17281] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 1391.250943][T11015] usb 6-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[ 1391.262996][T11015] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1391.305829][T11015] usb 6-1: Product: syz
[ 1391.310147][T11015] usb 6-1: Manufacturer: syz
[ 1391.314880][T11015] usb 6-1: SerialNumber: syz
[ 1391.348014][T11015] usb 6-1: config 0 descriptor??
[ 1391.361487][T11015] gspca_main: sunplus-2.14.0 probing 055f:c230
[ 1391.379172][T17281] usb 2-1: Using ep0 maxpacket: 8
[ 1391.389073][T17281] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1391.474636][T17281] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1391.635949][T17281] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1391.644048][T17281] usb 2-1: Product: syz
[ 1391.655968][T17281] usb 2-1: Manufacturer: syz
[ 1391.660904][T17281] usb 2-1: SerialNumber: syz
[ 1391.697416][T17281] usb 2-1: config 0 descriptor??
[ 1391.718860][T17281] streamzap 2-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[ 1391.814721][T18537] tap0: tun_chr_ioctl cmd 1074025677
[ 1391.850156][T18537] tap0: linktype set to 0
[ 1392.641918][T11015] gspca_sunplus: reg_r err -110
[ 1392.647119][T11015] sunplus 6-1:0.0: probe with driver sunplus failed with error -110
[ 1392.786504][T18541] trusted_key: encrypted_key: insufficient parameters specified
[ 1393.306113][T18517] block nbd1: server does not support multiple connections per device.
[ 1393.314780][T18517] block nbd1: shutting down sockets
[ 1393.329663][T11015] usb 6-1: USB disconnect, device number 50
[ 1393.518594][T18519] siw: device registration error -23
[ 1393.585826][T11013] usb 2-1: USB disconnect, device number 60
[ 1395.007006][T18556] netlink: 'syz.2.3460': attribute type 39 has an invalid length.
[ 1395.257499][T18561] IPVS: length: 92 != 24
[ 1395.477734][T18562] netlink: 792 bytes leftover after parsing attributes in process `syz.1.3462'.
[ 1397.023716][T18580] netlink: 'syz.6.3466': attribute type 12 has an invalid length.
[ 1398.780373][T18599] futex_wake_op: syz.6.3474 tries to shift op by -1; fix this program
[ 1399.990882][T18614] syz.6.3478 (18614) used obsolete PPPIOCDETACH ioctl
[ 1400.014462][T18611] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3478'.
[ 1400.024561][T18611] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3478'.
[ 1402.165614][T18633] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present
[ 1402.754548][T11015] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[ 1402.957998][T11015] usb 3-1: config 0 has an invalid interface number: 95 but max is 0
[ 1403.002247][T11015] usb 3-1: config 0 has no interface number 0
[ 1403.020096][T11015] usb 3-1: config 0 interface 95 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 8
[ 1403.035178][T11015] usb 3-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46
[ 1403.047833][T11015] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1403.057941][T11015] usb 3-1: Product: syz
[ 1403.074841][T11015] usb 3-1: Manufacturer: syz
[ 1403.080930][T11015] usb 3-1: SerialNumber: syz
[ 1403.107901][T11015] usb 3-1: config 0 descriptor??
[ 1403.118183][T18641] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1403.353087][T11015] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1403.370874][T11015] usb 3-1: MIDIStreaming interface descriptor not found
[ 1403.552961][T11015] usb 3-1: USB disconnect, device number 71
[ 1403.891219][T18263] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 1404.050920][T18263] usb 5-1: Using ep0 maxpacket: 8
[ 1404.079635][T18263] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1404.108755][T18263] usb 5-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1404.140418][T18263] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1404.179413][T18669] netlink: 'syz.1.3496': attribute type 12 has an invalid length.
[ 1404.244064][T18263] usb 5-1: Product: syz
[ 1404.283503][T18263] usb 5-1: Manufacturer: syz
[ 1404.340608][T18263] usb 5-1: SerialNumber: syz
[ 1404.563169][T18263] usb 5-1: config 0 descriptor??
[ 1404.752290][T18263] streamzap 5-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[ 1406.233638][T18659] trusted_key: encrypted_key: insufficient parameters specified
[ 1406.308290][T11013] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[ 1406.775239][T11013] usb 6-1: too many configurations: 53, using maximum allowed: 8
[ 1406.823439][T18659] siw: device registration error -23
[ 1406.842475][T11013] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 204
[ 1407.865900][T11013] usb 6-1: can't read configurations, error -22
[ 1407.882612][T11014] usb 5-1: USB disconnect, device number 43
[ 1408.211784][T18697] netlink: 'syz.4.3506': attribute type 9 has an invalid length.
[ 1408.220871][T10996] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[ 1408.239033][T18697] netlink: 211988 bytes leftover after parsing attributes in process `syz.4.3506'.
[ 1408.398509][T10996] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1409.281287][T10996] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1409.294599][T10996] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[ 1409.304380][T10996] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1409.312530][T10996] usb 2-1: Product: syz
[ 1409.320572][T10996] usb 2-1: Manufacturer: syz
[ 1409.326032][T10996] usb 2-1: SerialNumber: syz
[ 1409.334259][T10996] usb 2-1: config 0 descriptor??
[ 1409.343223][T10996] usb 2-1: Found UVC 0.00 device syz (18ec:3288)
[ 1409.363107][T10996] usb 2-1: No valid video chain found.
[ 1409.545783][T10996] usb 2-1: USB disconnect, device number 61
[ 1411.476159][T10997] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[ 1411.485986][T10996] usb 7-1: new low-speed USB device number 49 using dummy_hcd
[ 1411.758559][T10996] usb 7-1: Invalid ep0 maxpacket: 32
[ 1411.778616][T10997] usb 6-1: Using ep0 maxpacket: 8
[ 1411.877891][T10997] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1412.016695][T10996] usb 7-1: new low-speed USB device number 50 using dummy_hcd
[ 1412.110788][T10997] usb 6-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1412.136213][T10997] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1412.144305][T10997] usb 6-1: Product: syz
[ 1412.277187][T10997] usb 6-1: Manufacturer: syz
[ 1412.281882][T10997] usb 6-1: SerialNumber: syz
[ 1412.289561][T10997] usb 6-1: config 0 descriptor??
[ 1412.318326][T10997] streamzap 6-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[ 1412.355994][T10996] usb 7-1: Invalid ep0 maxpacket: 32
[ 1412.376145][T10996] usb usb7-port1: attempt power cycle
[ 1412.529099][T18731] trusted_key: encrypted_key: insufficient parameters specified
[ 1412.776452][T10996] usb 7-1: new low-speed USB device number 51 using dummy_hcd
[ 1412.862286][T10996] usb 7-1: Invalid ep0 maxpacket: 32
[ 1413.037803][T10996] usb 7-1: new low-speed USB device number 52 using dummy_hcd
[ 1413.101915][T10996] usb 7-1: Invalid ep0 maxpacket: 32
[ 1413.125562][T10996] usb usb7-port1: unable to enumerate USB device
[ 1413.866491][T18731] siw: device registration error -23
[ 1414.462498][T11013] usb 6-1: USB disconnect, device number 53
[ 1415.021817][T18762] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3528'.
[ 1415.096064][T10997] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[ 1415.279701][T10997] usb 2-1: Using ep0 maxpacket: 8
[ 1415.326933][T10997] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1415.370389][T10997] usb 2-1: unable to read config index 0 descriptor/start: -71
[ 1415.421548][T10997] usb 2-1: can't read configurations, error -71
[ 1415.588102][T18766] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1416.146783][T18766] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1416.312235][T18766] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1416.454325][T18766] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1416.506038][T10997] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[ 1416.667287][T10997] usb 2-1: Using ep0 maxpacket: 32
[ 1416.685457][T10997] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1416.737963][T10997] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 1416.753808][T18766] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1416.783405][T10997] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[ 1416.814173][T18766] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1416.823924][T10997] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[ 1416.835765][T10997] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[ 1416.881899][T10997] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1416.891710][T10997] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1416.914994][T18766] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1416.924686][T10997] usb 2-1: Product: syz
[ 1416.931467][T10997] usb 2-1: Manufacturer: syz
[ 1416.955567][T18766] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.011092][T10997] usb 2-1: SerialNumber: syz
[ 1417.026799][T11013] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[ 1417.047610][T10997] usb 2-1: config 0 descriptor??
[ 1417.127088][T18781] netlink: 'syz.2.3533': attribute type 11 has an invalid length.
[ 1417.150133][T18781] netlink: 'syz.2.3533': attribute type 11 has an invalid length.
[ 1417.160251][T18781] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3533'.
[ 1417.181027][T18780] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1417.226113][T11013] usb 6-1: Using ep0 maxpacket: 16
[ 1417.237062][T11013] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1417.270126][T11013] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1417.284137][T11013] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1417.301904][T11013] usb 6-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[ 1417.325914][T11013] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1417.355800][T11013] usb 6-1: config 0 descriptor??
[ 1417.458356][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1417.465604][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1417.474418][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1417.839922][T11013] hid-multitouch 0003:0457:07DA.0014: unknown main item tag 0x0
[ 1417.941835][T11013] hid-multitouch 0003:0457:07DA.0014: unknown main item tag 0x0
[ 1417.968147][T11013] hid-multitouch 0003:0457:07DA.0014: unknown main item tag 0x0
[ 1418.007379][T11013] hid-multitouch 0003:0457:07DA.0014: unknown main item tag 0x0
[ 1418.011897][T18779] 9pnet_fd: Insufficient options for proto=fd
[ 1418.041544][T18793] netlink: 104 bytes leftover after parsing attributes in process `syz.6.3537'.
[ 1418.062560][T11013] hid-multitouch 0003:0457:07DA.0014: unknown main item tag 0x0
[ 1418.110343][T11013] hid-multitouch 0003:0457:07DA.0014: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.5-1/input0
[ 1418.184913][T11013] usb 6-1: USB disconnect, device number 54
[ 1418.556548][T10997] iforce 2-1:0.0: usb_submit_urb failed: -110
[ 1418.577265][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1418.584000][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1418.602154][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1418.632301][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1418.670785][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1418.701718][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1418.736002][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1418.782005][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1418.811892][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1418.852603][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1418.941583][T18806] syz.5.3541 (18806): drop_caches: 2
[ 1418.943107][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1418.969381][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1419.001040][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1419.023292][T10997] iforce 2-1:0.0: usb_submit_urb failed: -32
[ 1419.038894][T10997] input input49: Timeout waiting for response from device.
[ 1419.461004][T10997] usb 2-1: USB disconnect, device number 63
[ 1419.517305][T18814] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3543'.
[ 1419.572829][T18814] bond0: invalid ARP target 0.0.0.0 specified for addition
[ 1419.595601][T18814] bond0: option arp_ip_target: invalid value (0)
[ 1419.604941][T18820] netlink: 'syz.1.3546': attribute type 11 has an invalid length.
[ 1419.627762][T18820] netlink: 'syz.1.3546': attribute type 11 has an invalid length.
[ 1419.664266][T18820] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3546'.
[ 1419.711267][T18818] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1420.846054][  T891] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[ 1420.908413][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 1420.908431][   T30] audit: type=1326 audit(2000001560.458:1952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18834 comm="syz.5.3551" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f91bd78e929 code=0x0
[ 1421.015956][  T891] usb 2-1: Using ep0 maxpacket: 16
[ 1421.023577][  T891] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1421.786425][  T891] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1421.796216][  T891] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1421.823375][  T891] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1421.845140][  T891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1421.854117][  T891] usb 2-1: Product: syz
[ 1421.861680][  T891] usb 2-1: Manufacturer: syz
[ 1421.866502][  T891] usb 2-1: SerialNumber: syz
[ 1422.150381][T18829] netlink: 100 bytes leftover after parsing attributes in process `syz.1.3548'.
[ 1422.282623][  T891] usb 2-1: 0:2 : does not exist
[ 1422.879498][  T891] usb 2-1: USB disconnect, device number 64
[ 1423.983711][T18870] virt_wifi0 speed is unknown, defaulting to 1000
[ 1425.520332][T18870] syzkaller1: entered promiscuous mode
[ 1425.534976][T18870] syzkaller1: entered allmulticast mode
[ 1426.874442][T18916] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3574'.
[ 1426.888601][T18916] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3574'.
[ 1426.914785][T10997] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1427.205395][T10997] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1427.281631][T10997] usb 5-1: config 1 has no interface number 0
[ 1427.349460][T10997] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1427.779484][T10997] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[ 1427.817731][T10997] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1427.925520][T10997] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1428.291198][T10997] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1428.311251][T10997] usb 5-1: Product: syz
[ 1428.315728][T10997] usb 5-1: Manufacturer: syz
[ 1428.345266][T10997] usb 5-1: SerialNumber: syz
[ 1428.483446][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1428.489916][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1428.629783][T18927] FAULT_INJECTION: forcing a failure.
[ 1428.629783][T18927] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1428.643850][T18927] CPU: 0 UID: 0 PID: 18927 Comm: syz.5.3576 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[ 1428.643881][T18927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1428.643895][T18927] Call Trace:
[ 1428.643904][T18927]  <TASK>
[ 1428.643914][T18927]  dump_stack_lvl+0x189/0x250
[ 1428.643996][T18927]  ? __pfx____ratelimit+0x10/0x10
[ 1428.644029][T18927]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1428.644089][T18927]  ? __pfx__printk+0x10/0x10
[ 1428.644117][T18927]  ? __might_fault+0xb0/0x130
[ 1428.644160][T18927]  should_fail_ex+0x414/0x560
[ 1428.644196][T18927]  _copy_from_user+0x2d/0xb0
[ 1428.644221][T18927]  ___sys_sendmsg+0x158/0x2a0
[ 1428.644253][T18927]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1428.644337][T18927]  ? __might_fault+0xb0/0x130
[ 1428.644371][T18927]  __sys_sendmmsg+0x227/0x430
[ 1428.644404][T18927]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1428.644443][T18927]  ? preempt_schedule_irq+0xde/0x150
[ 1428.644506][T18927]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1428.644537][T18927]  do_syscall_64+0xfa/0x3b0
[ 1428.644556][T18927]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1428.644587][T18927]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1428.644609][T18927]  ? clear_bhb_loop+0x60/0xb0
[ 1428.644636][T18927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1428.644656][T18927] RIP: 0033:0x7f91bd78e929
[ 1428.644677][T18927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1428.644695][T18927] RSP: 002b:00007f91be5e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1428.644720][T18927] RAX: ffffffffffffffda RBX: 00007f91bd9b6160 RCX: 00007f91bd78e929
[ 1428.644736][T18927] RDX: 0400000000000159 RSI: 0000200000001c00 RDI: 0000000000000005
[ 1428.644751][T18927] RBP: 00007f91be5e1090 R08: 0000000000000000 R09: 0000000000000000
[ 1428.644764][T18927] R10: 0000000000040840 R11: 0000000000000246 R12: 0000000000000001
[ 1428.644777][T18927] R13: 0000000000000000 R14: 00007f91bd9b6160 R15: 00007ffec532da48
[ 1428.644810][T18927]  </TASK>
[ 1428.909464][T18925] virt_wifi0 speed is unknown, defaulting to 1000
[ 1429.481801][T18925] syzkaller1: entered promiscuous mode
[ 1430.480770][T18925] syzkaller1: entered allmulticast mode
[ 1430.649336][T10997] cdc_ncm 5-1:1.1: bind() failure
[ 1433.763282][T10997] usb 5-1: USB disconnect, device number 44
[ 1434.938694][T18968] ALSA: mixer_oss: invalid OSS volume 'LI'
[ 1438.128102][T19017] comedi comedi3: pcl818: I/O port conflict (0x2f00,16)
[ 1438.139967][T19017] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI
[ 1438.151914][T19017] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[ 1438.160343][T19017] CPU: 0 UID: 0 PID: 19017 Comm: syz.4.3598 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[ 1438.170694][T19017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1438.180768][T19017] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[ 1438.186332][T19017] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 f9 ba 47 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 d8 ba 47 f9 4d 8b 24 24 48 83 c3
[ 1438.206043][T19017] RSP: 0018:ffffc9000b5779f0 EFLAGS: 00010206
[ 1438.212134][T19017] RAX: 0000000000000005 RBX: ffff888077c31080 RCX: 0000000000080000
[ 1438.220125][T19017] RDX: ffffc9001e08c000 RSI: 00000000000025b9 RDI: 00000000000025ba
[ 1438.228218][T19017] RBP: 0000000000000001 R08: ffff88814b9fa12f R09: 1ffff1102973f425
[ 1438.236208][T19017] R10: dffffc0000000000 R11: ffffffff88d9a720 R12: 0000000000000028
[ 1438.244198][T19017] R13: dffffc0000000000 R14: ffff88814b9fa000 R15: dffffc0000000000
[ 1438.252201][T19017] FS:  00007f30393146c0(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000
[ 1438.261186][T19017] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1438.267792][T19017] CR2: 0000001b2d50dff8 CR3: 00000000311e8000 CR4: 00000000003526f0
[ 1438.275800][T19017] Call Trace:
[ 1438.279110][T19017]  <TASK>
[ 1438.282060][T19017]  pcl818_detach+0x66/0xd0
[ 1438.286522][T19017]  comedi_device_detach+0x134/0x720
[ 1438.291743][T19017]  ? __pfx_pcl818_attach+0x10/0x10
[ 1438.296880][T19017]  comedi_device_attach+0x568/0x670
[ 1438.302129][T19017]  comedi_unlocked_ioctl+0x686/0xf40
[ 1438.307436][T19017]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1438.313271][T19017]  ? rcu_is_watching+0x15/0xb0
[ 1438.318058][T19017]  ? trace_irq_disable+0x37/0x110
[ 1438.323112][T19017]  ? preempt_schedule_irq+0xde/0x150
[ 1438.328430][T19017]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1438.334269][T19017]  ? smack_file_ioctl+0x24a/0x340
[ 1438.339320][T19017]  ? irqentry_exit+0x74/0x90
[ 1438.343931][T19017]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1438.349250][T19017]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1438.355270][T19017]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1438.361104][T19017]  ? __se_sys_ioctl+0xea/0x170
[ 1438.365918][T19017]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1438.371751][T19017]  __se_sys_ioctl+0xfc/0x170
[ 1438.376364][T19017]  do_syscall_64+0xfa/0x3b0
[ 1438.380890][T19017]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1438.386973][T19017]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1438.393159][T19017]  ? clear_bhb_loop+0x60/0xb0
[ 1438.397942][T19017]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1438.403854][T19017] RIP: 0033:0x7f303858e929
[ 1438.408374][T19017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1438.428088][T19017] RSP: 002b:00007f3039314038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1438.436530][T19017] RAX: ffffffffffffffda RBX: 00007f30387b6160 RCX: 00007f303858e929
[ 1438.444524][T19017] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 000000000000000a
[ 1438.452524][T19017] RBP: 00007f3038610b39 R08: 0000000000000000 R09: 0000000000000000
[ 1438.460523][T19017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1438.468532][T19017] R13: 0000000000000000 R14: 00007f30387b6160 R15: 00007ffe50f2f228
[ 1438.476530][T19017]  </TASK>
[ 1438.479663][T19017] Modules linked in:
[ 1438.485270][T19017] ---[ end trace 0000000000000000 ]---
[ 1438.524286][T19017] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[ 1438.530395][T19017] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 f9 ba 47 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 d8 ba 47 f9 4d 8b 24 24 48 83 c3
[ 1438.550449][T19017] RSP: 0018:ffffc9000b5779f0 EFLAGS: 00010206
[ 1438.556747][T19017] RAX: 0000000000000005 RBX: ffff888077c31080 RCX: 0000000000080000
[ 1438.564901][T19017] RDX: ffffc9001e08c000 RSI: 00000000000025b9 RDI: 00000000000025ba
[ 1438.573048][T19017] RBP: 0000000000000001 R08: ffff88814b9fa12f R09: 1ffff1102973f425
[ 1438.690491][   T30] audit: type=1326 audit(2000001578.238:1953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19014 comm="syz.4.3598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1438.694224][T19017] R10: dffffc0000000000 R11: ffffffff88d9a720 R12: 0000000000000028
[ 1438.721322][T19017] R13: dffffc0000000000 R14: ffff88814b9fa000 R15: dffffc0000000000
[ 1438.728864][   T30] audit: type=1326 audit(2000001578.238:1954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19014 comm="syz.4.3598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1438.871403][   T30] audit: type=1326 audit(2000001578.238:1955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19014 comm="syz.4.3598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1438.893122][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1439.413233][   T30] audit: type=1326 audit(2000001578.238:1956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19014 comm="syz.4.3598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1439.436253][   T30] audit: type=1326 audit(2000001578.238:1957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19014 comm="syz.4.3598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303858e929 code=0x7ffc0000
[ 1439.454440][T19017] FS:  00007f30393146c0(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000
[ 1439.458031][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1439.477907][T19017] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1439.484918][T19017] CR2: 0000001b2d501ff8 CR3: 00000000311e8000 CR4: 00000000003526f0
[ 1439.493292][T19017] Kernel panic - not syncing: Fatal exception
[ 1439.499700][T19017] Kernel Offset: disabled
[ 1439.504070][T19017] Rebooting in 86400 seconds..