last executing test programs:

3m1.393802935s ago: executing program 3 (id=2091):
prlimit64(0x0, 0xe, 0x0, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_open_dev$video(0x0, 0xa7, 0x0) (async)
gettid() (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
fchdir(r0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'veth0_to_team\x00', <r6=>0x0}) (async)
r7 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
getsockopt$llc_int(r7, 0x10c, 0x9, &(0x7f0000000200), &(0x7f0000000280)=0x4)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000400)={0x20, r5, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000011}, 0x0)

2m59.466134374s ago: executing program 3 (id=2100):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67db3e6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b19abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f0000000000f8e10238d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e}, 0x94)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="20010000", @ANYRES16=r1, @ANYBLOB="05000000000f000000000f00000008000300", @ANYRES32=r3, @ANYBLOB="47000e00800000000802110000000802110000015050505050500000000000000000000064000000000602020202020204060000000000000602000025030034003c040106b80400080026006c09000008000c006400000008000d0000000000a2000f00019c"], 0x120}, 0x1, 0x0, 0x0, 0x90}, 0x0)

2m57.980414985s ago: executing program 3 (id=2102):
r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000000c0)=0x81)
readv(r0, &(0x7f0000000640)=[{&(0x7f0000002480)=""/4082, 0xff2}], 0x1)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000480)={{0xffffffff, 0x0, 0x4, 0xfffffffc, 'syz0\x00', 0x9}, 0x2, 0x400, 0x5, 0x0, 0x0, 0x1ff, 'syz0\x00', 0x0})

2m56.509986593s ago: executing program 3 (id=2106):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180)=0x15)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r3, 0x800448d3, &(0x7f0000000600)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x6, 0xa, 0x1, 0x9b5, 0x0, "b81af436cd0471587fdfb6733a7bd36f2562cbacb1804403be396c70c6d4fd7a3c580cfb59f696fe6595865dbd499d23158dd64f4d5ee4945043a4ce0ff4802d66a7752630daa299e625db14f08cfc11456fca95e920d876a37aeb6453a99f7404723f3bced127dcc4c45a928d3e629ce828afe41df4fcf193ad147131275f5b"})
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x88}, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f00000006c0)={0xa, 0x1, 0xd26f, 0x3, 0x1, 0x2, 0x9}, 0xc)
r5 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x101000)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r5, 0xc4c85513, &(0x7f00000000c0)={{0x7, 0x6, 0x8, 0x1, 'syz0\x00', 0x7}, 0x0, [0x0, 0x3, 0x9, 0xc6, 0x3, 0x1ff, 0x3, 0x1ff, 0x1, 0x3ff, 0x80000001, 0xffffffffffffffff, 0x0, 0x8, 0x8, 0xa7, 0x3ff, 0x5d6b, 0xfffffffffffffff7, 0x0, 0x7f, 0x7, 0x8001, 0x3, 0x6, 0x2, 0x5, 0xf, 0x5, 0x5, 0x4, 0x2, 0x4, 0x80, 0x4, 0xffffffffffff8000, 0x6, 0x6, 0x6, 0x9, 0x480000000100, 0x9, 0x628, 0x8, 0x6, 0x51, 0x8, 0x9, 0x4, 0x200, 0x0, 0x10, 0x10001, 0x7ff, 0x7, 0xe, 0x6, 0x5, 0xfff, 0x6, 0x30e, 0x1, 0x7706, 0x7, 0x2, 0x8, 0x9289, 0x8000, 0x10000, 0x8, 0x1, 0x40, 0x4, 0x8000000000000000, 0x0, 0x7fffffffffffffff, 0x200, 0x9, 0x4, 0x8000000000000001, 0xffff, 0x7, 0xffff, 0x8, 0x4, 0x7, 0x2, 0xfff, 0x7, 0x40, 0x8, 0x0, 0xfffffffffffffff9, 0x5, 0x7, 0x6, 0xa, 0xd7, 0x2, 0x3, 0xffffffffffffeae9, 0x1f6, 0x18, 0x9, 0x4146, 0x3, 0x7, 0x60000000000, 0x7, 0x9, 0xba81, 0xfffffffffffffffa, 0x3, 0x1, 0x80000000, 0x0, 0xc0, 0x6, 0x5, 0x8, 0x5, 0x10001, 0x2, 0x5, 0x8, 0xfffffffffffffc0d, 0x3, 0x3]})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r7 = landlock_create_ruleset(&(0x7f00000000c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r7, 0x0)
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r8, 0x5450, 0x3)
socket$xdp(0x2c, 0x3, 0x0)
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r9, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x3, 0x0, @mcast2, 0x1000000}, {0x2, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x10}, 0x3}}}, 0x48)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0x10001, 0x0, 0x0, 0x0, 0xf6e4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x80000000, 0x0, 0x9, 0x0, 0x0, 0x10001, 0x2}, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000200))
close_range(r2, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000000206050000500000000000000000000005000400000000000900020073797a30000000000c00078008000640000000d2050005000000200005000100060000000d000300686173683a6d61630000"], 0x54}}, 0x0)

2m54.566760497s ago: executing program 3 (id=2113):
syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f0000000040)=<r0=>0xffffffffffffffff, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f"], 0x0) (async)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0) (async)
open$dir(&(0x7f0000000140)='./file0\x00', 0x82c02, 0x40) (async)
r4 = pidfd_getfd(r0, r0, 0x0)
setns(r4, 0x2020000) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1c, 0xc, &(0x7f0000000000)=ANY=[@ANYRESDEC=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r5, 0x0, 0xe, 0x0, &(0x7f0000000400)="75b9a58c68be0208beca252388f7", 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m53.659229473s ago: executing program 3 (id=2115):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
socket$pptp(0x18, 0x1, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$video(&(0x7f0000000400), 0x7f, 0x503000)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
recvmmsg(r3, &(0x7f0000007e00), 0x0, 0x100, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000540), 0x80, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac00", "90be8b38559265406c09306003d8002000", [0x0, 0x2]}})
ioctl$LOOP_SET_CAPACITY(r4, 0x4c07)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="3000000010000004000000000400000000000000af0035cf71ab8011870df39d5e4b31425ca043595eed9af36a737661ead846f187df5484c86ec54cf08d19ef068fa6fed45b95bd1399d2c542b9a5663df4433eb727b1000000000000000000", @ANYRES32=0x0, @ANYBLOB="0040000080a0040008001e000100000008001b0000000000"], 0x30}}, 0x0)
r6 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd2b, 0x1000000, {0x60, 0x0, 0x0, r8, {0x0, 0xd}, {0xffff, 0xffff}, {0xc, 0xfff5}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_PLIMIT={0x8, 0x1, 0x8}, @TCA_FQ_ORPHAN_MASK={0x8, 0xa, 0x9}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x7}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x44051}, 0x4004)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000017c0), 0xffffffffffffffff)

2m38.626011665s ago: executing program 32 (id=2115):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
socket$pptp(0x18, 0x1, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$video(&(0x7f0000000400), 0x7f, 0x503000)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
recvmmsg(r3, &(0x7f0000007e00), 0x0, 0x100, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000540), 0x80, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac00", "90be8b38559265406c09306003d8002000", [0x0, 0x2]}})
ioctl$LOOP_SET_CAPACITY(r4, 0x4c07)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="3000000010000004000000000400000000000000af0035cf71ab8011870df39d5e4b31425ca043595eed9af36a737661ead846f187df5484c86ec54cf08d19ef068fa6fed45b95bd1399d2c542b9a5663df4433eb727b1000000000000000000", @ANYRES32=0x0, @ANYBLOB="0040000080a0040008001e000100000008001b0000000000"], 0x30}}, 0x0)
r6 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd2b, 0x1000000, {0x60, 0x0, 0x0, r8, {0x0, 0xd}, {0xffff, 0xffff}, {0xc, 0xfff5}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_PLIMIT={0x8, 0x1, 0x8}, @TCA_FQ_ORPHAN_MASK={0x8, 0xa, 0x9}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x7}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x44051}, 0x4004)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000017c0), 0xffffffffffffffff)

2m37.808245017s ago: executing program 0 (id=2169):
r0 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
dup3(r0, r1, 0x0)
open(0x0, 0x2a4c0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0xfffffffd, 0x15f}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r5 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_init_net_socket$llc(0x1a, 0x801, 0x0)

2m36.723218568s ago: executing program 0 (id=2174):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
io_setup(0x2, &(0x7f0000000040)=<r1=>0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r2}, 0x10)
r3 = openat2(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', &(0x7f00000001c0)={0x16102, 0x3b, 0x20}, 0xffffffffffffff18)
io_submit(r1, 0x1, &(0x7f0000000240)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x6, 0x7, r2, &(0x7f0000000140)="68ce53d1bd71c721282e7057427d53b51695cc6c324d2fe6ac69616e7ab771c1df1be4af39816c1ba034bdaeb96d3018dbbaef14e96efa14be0ca0815d0b9bdc8548a999ad7d22661e0915d0c3cbf506b35b4a6d3099da88a1b0de00c9255b7ab9576b00abddb76ad2689e7bd66cfe2c5eb2ee63e1fa1f7b96aef7905e3acbd5", 0x80, 0x4, 0x0, 0x3, r3}])
io_setup(0x401, 0x0)
io_pgetevents(r1, 0x2, 0x4, &(0x7f00000003c0)=[{}, {}, {}, {}], &(0x7f0000000340), &(0x7f00000004c0)={&(0x7f0000000440)={[0x134]}, 0x8})
r4 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000380)={0x1d, r5, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmmsg$sock(r4, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="1f", 0x206c}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r7, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

2m35.916189647s ago: executing program 0 (id=2177):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000580)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x5}, 0x94)
syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x1, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}, 0x0, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001900)=ANY=[@ANYBLOB="cc000000210001000000000000000000fc020000000000000000000000000300ac1e000100000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000500011007f0000010000000000000000000000000a0101000000000000000000000000000a010100000000000000000000000000640101000000000000000000000000003c000000000000000a0002002c0013"], 0xcc}}, 0x0)

2m35.573014149s ago: executing program 0 (id=2179):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
io_uring_register$IORING_REGISTER_NAPI(r2, 0x1b, 0x0, 0x1)
socket$isdn(0x22, 0x2, 0x22)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_FALLOCATE={0x11, 0x2c, 0x0, @fd=r5, 0x0, 0x0, 0x37, 0x0, 0x1})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0)

2m32.439249204s ago: executing program 0 (id=2185):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000240)='./file0\x00', 0x4d)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
unlink(&(0x7f0000000180)='./file1\x00')
read$dsp(0xffffffffffffffff, &(0x7f00000001c0), 0x0)
unlinkat(r0, &(0x7f0000000000)='./file1\x00', 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000004c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYRES8=0x0, @ANYRESHEX=r1, @ANYRESDEC=r0], 0x4c}}, 0x0)
open(&(0x7f0000000040)='./bus\x00', 0x64842, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
mkdir(&(0x7f0000000240)='./file0\x00', 0x4d) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) (async)
chdir(&(0x7f0000000140)='./bus\x00') (async)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') (async)
unlink(&(0x7f0000000180)='./file1\x00') (async)
read$dsp(0xffffffffffffffff, &(0x7f00000001c0), 0x0) (async)
unlinkat(r0, &(0x7f0000000000)='./file1\x00', 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000004c0)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYRES8=0x0, @ANYRESHEX=r1, @ANYRESDEC=r0], 0x4c}}, 0x0) (async)
open(&(0x7f0000000040)='./bus\x00', 0x64842, 0x0) (async)

2m31.589124774s ago: executing program 0 (id=2187):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
ioprio_set$pid(0x3, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(r1, 0x400445a0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000047c0)=ANY=[], 0x14}}, 0x0)
recvmmsg(r3, &(0x7f0000003a40), 0x0, 0x40010100, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = fcntl$dupfd(r2, 0x0, r2)
setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0xa0048624}, 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x20008884)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x0)
poll(&(0x7f0000000040)=[{r6}], 0x1, 0x0)
ioctl$TCFLSH(r5, 0x5608, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0xd00000000000000, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

2m16.059649868s ago: executing program 33 (id=2187):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
ioprio_set$pid(0x3, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(r1, 0x400445a0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000047c0)=ANY=[], 0x14}}, 0x0)
recvmmsg(r3, &(0x7f0000003a40), 0x0, 0x40010100, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = fcntl$dupfd(r2, 0x0, r2)
setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0xa0048624}, 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x20008884)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x0)
poll(&(0x7f0000000040)=[{r6}], 0x1, 0x0)
ioctl$TCFLSH(r5, 0x5608, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0xd00000000000000, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

1m39.867902584s ago: executing program 4 (id=2319):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0xd, 0x10, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x20}}, {}, [@ldst={0x1, 0x0, 0x4, 0x0, 0xa, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x6, 0xfa, &(0x7f0000000440)=""/250, 0x40f00, 0x48}, 0x94)

1m38.714976595s ago: executing program 4 (id=2321):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000200)=0x1, 0x4)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x180, 0x4)
r2 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
r3 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
syz_usb_disconnect(r2)
writev(r3, &(0x7f00000001c0)=[{&(0x7f0000000100)='\x00\x00', 0x2}, {0x0}], 0x2)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00'})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000400)={'wg2\x00', <r4=>0x0})
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0xa, r4}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', r4, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffec1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1be}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r6, 0x89e2, &(0x7f0000000040)=@bcast)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x80, 0x0)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x7, 0x2})
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r7, 0x0, 0xd}, 0x18)
eventfd(0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)

1m34.951132175s ago: executing program 4 (id=2331):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/notes', 0x800, 0x0)
io_setup(0x3, &(0x7f0000000400)=<r1=>0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xe11, r0, 0x0, 0x0, 0x6, 0xeffdffffffffffff, 0x0, r0}])

1m34.741646064s ago: executing program 4 (id=2335):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x683c3, 0x0)
ioctl$TCSETS(r0, 0x40045431, 0x0)
mount$tmpfs(0x0, 0x0, 0x0, 0x84, &(0x7f0000000100)=ANY=[@ANYBLOB])
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
r2 = dup3(r1, 0xffffffffffffffff, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r4, &(0x7f0000000300)=""/102392, 0x18ff8)
r5 = socket$netlink(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, 0x0)
r6 = syz_open_pts(r0, 0x141601)
fcntl$setstatus(r6, 0x4, 0x102800)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000e40)=@filter={'filter\x00', 0x42, 0x4, 0x428, 0xffffffff, 0x98, 0x218, 0x98, 0xffffffff, 0xffffffff, 0x390, 0x390, 0x390, 0xffffffff, 0x5, 0x0, {[{{@uncond, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x28}}, {{@ip={@local, @empty, 0x0, 0x0, 'wg1\x00', 'ip6tnl0\x00', {}, {}, 0x32}, 0x287, 0x158, 0x180, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x2, 0x4, 'bm\x00', "17fe85b2e7794dbf95fa4bbcb6a91c1f280c1999b9e9c91aec32acf40242838b14641ee58ffb2807b1455049d59591426d860cbcf1d58ab1ffbb5187b72db33268933cac58623e417fbdbd0b8753f88cb456e7cd9ef85fd6861f486fb7bab7930c4e57def2f1e72aede0b46c35ed67a0549781a3d3fe2b88393de1719bea5584", 0x7e, 0x2, {0xf}}}, @common=@unspec=@connlabel={{0x28}, {0x7fff}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@conntrack3={{0xc8}, {{@ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xff000000, 0xffffff, 0xffffff00], @ipv4=@local, [0x0, 0xffffff00, 0xffffffff, 0xffffffff], @ipv6=@local, [0xff, 0x0, 0xffffffff, 0xff000000], @ipv6=@remote, [0xff000000, 0xffffff00, 0xffffff00], 0x1, 0x10001, 0x3c, 0x4e20, 0x4e24, 0x4e21, 0x4e24, 0x300, 0x40}, 0x100, 0x1000, 0x4e21, 0x4e22, 0x4e23, 0x4e24}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "81d0042c436dbdac8bebde18b54dd11bf035c1d8b6b0e88ef5aee0eccad7"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4eb)

1m34.648500553s ago: executing program 4 (id=2337):
r0 = openat(0xffffffffffffff9c, 0x0, 0x642f43, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000080)={{0x1, 0x1, 0x18}, './bus/file0\x00'})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0)
r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x2})
syz_usb_connect$cdc_ncm(0x5, 0x98, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x86, 0x2, 0x1, 0xa, 0x80, 0x5f, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xfe80}, {0xd, 0x24, 0xf, 0x1, 0x101, 0x0, 0x101}, {0x6, 0x24, 0x1a, 0x2, 0x28}, [@mdlm={0x15, 0x24, 0x12, 0xfffe}, @mdlm={0x15, 0x24, 0x12, 0x7d}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x7, 0x8, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x620, 0x9, 0x5, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x6, 0x3}}}}}}}]}}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0})
io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x30)
close_range(r1, r1, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f00000001c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x13, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
r9 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r9, 0xc05c6104, &(0x7f00000000c0)={"000600", 0x4, 0x5, 0x7, 0x5, 0x4, "1000d07ce70000008000", '\x00\x00\a\x00', "6178e81e", '\x00', ["ff00000000000000001700", "a06396d2716537d09805363c", "0c436d743c97c443084000", "ff010400000000000000dd6c"]})
ioctl$CEC_TRANSMIT(r9, 0xc0386105, &(0x7f0000000040)={0x9, 0x9, 0x7, 0x9, 0xfffffffa, 0xd, "98f8b4a4d5bfb2b8b5ec67a9883d45f4", 0x8, 0x1, 0x5, 0xfd, 0x3, 0x0, 0x6})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r8, 0x4020565a, &(0x7f0000000000)={0x3, 0x9a090a, 0x1})
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r8, 0x4020565b, &(0x7f00000001c0)={0x0, 0x7ff, 0x2})

1m31.363569779s ago: executing program 4 (id=2341):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r0}, 0x10)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0xfffffff5)

1m16.11258098s ago: executing program 34 (id=2341):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r0}, 0x10)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0xfffffff5)

17.749305433s ago: executing program 6 (id=2562):
recvmmsg(0xffffffffffffffff, &(0x7f0000009a80)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x0, &(0x7f0000009cc0)={0x77359400})
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)

10.128205056s ago: executing program 7 (id=2579):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)={0x18, 0x33, 0x107, 0xfffffffc, 0x25dfdbfd, {0x2, 0x7c}, [@nested={0x4, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x488c0}, 0xc050)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x402000bce)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111}}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
socket$nl_rdma(0x10, 0x3, 0x14)
r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x40080, 0x0)
ioctl$TIOCGSID(r3, 0x5429, &(0x7f00000000c0))
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
r4 = socket(0x28, 0x5, 0x0)
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x1a, 0x0, &(0x7f0000000100))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmmsg(r4, 0x0, 0x0, 0x4000890)

8.62327151s ago: executing program 7 (id=2581):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000440)={0xa, 0x2, 0x0, @loopback, 0x401}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000240)="04", 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c)
r1 = socket$phonet(0x23, 0x2, 0x1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x69)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_MGMT(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010023f1a500005e27e1cf5db5673159458658fd943c420654a9bd030981a5b8f268037ee441e1da8485ff158c2f5aacf352", @ANYRES32=r3, @ANYBLOB="0500880000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20004085}, 0x0)
sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40404}, 0x81)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="e80100000001050500000000010000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e000000234000380060002004e230000060002004e240000060001004e200000060002004e200000060002004e230000060001004e200000140004000000000000000000000000000000000008000200ac1414aa140005000000000000000000000000000000000008000100e000000284000e801400018008000100ac141409080002000a0101010600034000000000060003400001"], 0x1e8}}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x15)
ioctl$UI_DEV_SETUP(r7, 0x405c5503, 0x0)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x6}, &(0x7f0000000340)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

7.266098463s ago: executing program 6 (id=2584):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x480, @local}})
ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffe}})
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x4e21, @empty=0x7f000000}})

7.003329549s ago: executing program 7 (id=2586):
mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0x0)
r0 = socket(0x28, 0x2, 0x0)
connect$vsock_stream(r0, &(0x7f0000000880), 0x10)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000440)={0x0, @in={{0x2, 0x4e21, @broadcast}}, 0x0, 0x9, 0xffffffff, 0x7, 0x7ff}, &(0x7f0000000500)=0x98)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
close(0x3)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x20, 0x0, 0x0)
ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5)
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, &(0x7f0000000100), 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000010020000000000000000000000000000bc000a020000000000000000000011b989eecd4494a1810105000001000005000000"], 0x0, 0x4e, 0x0, 0x1}, 0x28)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$kcm(0x2, 0xa, 0x2)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
preadv(r6, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0x33, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x8c, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r0}})

7.002918851s ago: executing program 6 (id=2587):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xae475000)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace$peekuser(0x3, r1, 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0xec, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_AF_SPEC={0xcc, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0x2, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET={0x30, 0x2, 0x0, 0x1, {0x4, 0x1, 0x0, 0x1, [{0x3}, {0x8}, {0x4}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x11}, {0x8}]}}, @AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}]}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_MPLS={0x4}, @AF_INET6={0x0, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x0, 0x7, @private1}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE]}, @AF_MPLS={0x4}]}]}, 0xec}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)

6.963347997s ago: executing program 5 (id=2588):
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x7)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000005c0))
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2d, 0x0, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
close(r2)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000180)=@pppol2tpv3in6={0x18, 0x1, {0x0, r3, 0x2, 0x0, 0x4, 0x1, {0xa, 0x4e21, 0x4, @empty, 0x1f}}}, 0x3a)
ioctl$PPPIOCGL2TPSTATS(r4, 0x40047459, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
fadvise64(r0, 0x8000000000000605, 0x1000000, 0x4)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000440)={r5, 0x2000, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x17, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f00040000cb0000000400000000000000000000d400"}})
preadv2(r6, &(0x7f0000000200)=[{&(0x7f0000000000)=""/17, 0x11}], 0x1, 0xffffffff, 0x7, 0x8)
link(&(0x7f0000000000)='./file0\x00', 0x0)
preadv2(r1, 0x0, 0x0, 0x4, 0x9, 0xb)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

5.241644322s ago: executing program 5 (id=2589):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000200)={'wpan4\x00', <r3=>0x0})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_SEC_KEY(r4, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x48, 0x0, 0x20, 0x70bd28, 0x25ffdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x48}, 0x1, 0x0, 0x0, 0x5}, 0x400c050)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', <r5=>0x0})
r6 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$smackfs_change_rule(r6, &(0x7f0000000240)={'1)\'/)]+#', 0x20, '.*\xb9](', 0x20, 'rxt', 0x20, 'rwxbl'}, 0x19)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r2, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_SECLEVELS={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x7}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x9}]}, 0x34}, 0x1, 0x0, 0x0, 0x40111}, 0x20000004)
r7 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040), 0x234183, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x0, 0x1, 0x3, 0x0, 0x0, {0x2, 0x0, 0x6}, [@CTA_ID={0x8, 0xc, 0x1, 0x0, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4048884)

5.155987102s ago: executing program 7 (id=2590):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$comedi(0xffffffffffffff9c, &(0x7f000000b200)='/dev/comedi1\x00', 0x8040, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x10, &(0x7f0000000200)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x81, 0xaa, &(0x7f0000000400)=""/170, 0x41000, 0xb, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000bfd000/0x400000)=nil, 0x400000, 0x4, 0x100010, r0, 0x8fe1e000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000000740)={@multicast2, @private=0xa010101}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000", 0x36}], 0x1)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f00000000c0)=ANY=[], 0x14)
syz_emit_vhci(&(0x7f0000000200)=ANY=[], 0xd)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
setsockopt$inet_int(r2, 0x0, 0x18, &(0x7f0000000000)=0x1, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x86, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa01090000000008004500007800000000008890780000000000000000000000000090780200000000000000020000003c08000000000000000290fa828d0900000005000000000000007154cc0c406cd27bd50a2942aa283aeb9677e3ef551ee72158200537cf84e777e732213781e0854e6657fe07a72fce98d47eff9de7a9da01006fde327bb9c33ebec4e44086d463c2026b879bbfff3cd9482e9d2c865b44ba852af7901beec5ecefffc02e4c4eb62e1c2effd46518b11550a747bc7b4355ba53d2d483d2135479c05056e1ba3443aef3581849a4ea5d018f8848e24f0b3ffcfdcdfedc806e5000000000d6f3067233859c370a896ea1aee1e6df365b9b08fb75da31684c273d1e5d5208273a2052535efd443ec2f0f887aad277e6def14a2de1c2a4966f769ec319ed31c5033cf7eecd2cd306d075625b9f7da88bf03ed6df00"], 0x0)
r4 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000000080))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r7=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001e0000000c00018008000100", @ANYRES32=r7, @ANYBLOB="050003"], 0x28}}, 0x80)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)

4.286273918s ago: executing program 5 (id=2592):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140), 0x0)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x2)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
r4 = socket$l2tp6(0xa, 0x2, 0x73)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3ff, 0x1, 0xff, 0x2, 0x101, 0x9}, &(0x7f0000000100)=0x20)
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r3, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000280)={0x300, 0x1, &(0x7f0000000040)=[r5], &(0x7f0000000600)=[0x2], &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000580)})
accept4(r1, 0x0, 0x0, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000001540)=ANY=[@ANYBLOB="020400fe0e000000000000000000000005000600000000000a000000fffffffcfe88000000000000000000000000000180ff0000000000000200010000000000000000080000000005000500000000000a00000000000000200100000000000000000000000000010000000000000000e3952169ec33419768ed5595f995ebc324a663e5a5bf7de2db97341f03fde5509fc0c7ffa224b0f853eb830fccf883c192db08eb"], 0x70}, 0x1, 0x7}, 0x0)

3.729498s ago: executing program 7 (id=2594):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d804dd0000000000000109022400010000000009040000010300000009210500000122050009058103a1f83dadd44079d74e1fab63087fd53d530c69315f5bc2c187d9ab0365952a3d9d422183512d5c81bd6eaab839497136c476f2aa59eef661846b302574be0a0572618b36014930768ebc7ffb4ca6fbbe6f55cd254fd4ed3ee2462f194723fe995a562b1e73163d1cffeb16f784475f262dc4369687010a91d3329ee1a5f1e9df4f7de23a2c424a8a6424db7594afa34af062063a0733bb69c36bab10d6c535f058be6697cd5c1391508b3615d7c04f9d76fdd0618da039884eca5e"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = socket(0x22, 0x2, 0x1)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000001600), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x410c}}}, 0x1c}}, 0x0) (async)
sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x410c}}}, 0x1c}}, 0x0)
sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r3, 0x2, 0x70bd2c, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4090}, 0x20000000)
syz_usb_control_io$hid(r0, &(0x7f0000001480)={0x24, 0x0, 0x0, &(0x7f0000001400)={0x0, 0x22, 0x6, {[@local, @local=@item_4={0x3, 0x2, 0x5, "42dd07f6"}]}}, 0x0}, 0x0)

3.679351649s ago: executing program 2 (id=2595):
openat$adsp1(0xffffffffffffff9c, 0x0, 0x1a3840, 0x0)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x60000)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
read$FUSE(0xffffffffffffffff, &(0x7f000001b000)={0x2020}, 0x2020)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, <r2=>0x0], &(0x7f0000000200), 0x4, r1})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000500)={0x601, 0x1, &(0x7f0000000180)=[r3], &(0x7f0000000480)=[0x2], &(0x7f0000000440)=[r2, r2], &(0x7f0000000040), 0x0, 0x8})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r5, 0x40046205, &(0x7f0000000000)=0x1)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r8 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r8, 0x0, 0x20000004)
sendmsg$RDMA_NLDEV_CMD_RES_GET(0xffffffffffffffff, 0x0, 0xc050)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001ac0)="d4"})

3.123151716s ago: executing program 1 (id=2596):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x6a24c6, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), r1)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="21000000000000000000060000090f000700756e636f6e66696e65640000"], 0x24}, 0x2, 0x34005}, 0x0)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x3)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'veth0_macvtap\x00', <r5=>0x0})
writev(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}, {&(0x7f0000000580)="051a00000e80006558f2878f02", 0xd}], 0x2)
sendmsg$can_raw(r3, &(0x7f0000000000)={&(0x7f0000000580)={0x1d, r5}, 0x10, &(0x7f0000000100)={0x0}, 0x2, 0x0, 0x0, 0x4904}, 0x4040005)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$inet6_icmp(0xa, 0x2, 0x3a)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffddd)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r6, 0x0, 0x8}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair(0xa, 0x1, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

3.095507206s ago: executing program 5 (id=2597):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x3f000000}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.001707686s ago: executing program 2 (id=2598):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x700}, {0x85, 0x0, 0x0, 0x86}}, {}, [@jmp={0x5, 0x1, 0xc, 0xa, 0x0, 0x1}, @jmp={0x5, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x9}, @jmp={0x5, 0x1, 0x2, 0x0, 0x9, 0xfffffffffffffff8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000080)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00}, 0x94)

2.915223144s ago: executing program 5 (id=2599):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x80)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040), 0x4)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r6}, 0x10)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
r8 = openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f0000005940)='/sys/fs/smackfs/cipso2\x00', 0x2, 0x0)
write$smackfs_cipso(r8, &(0x7f0000005980)=ANY=[@ANYBLOB="73797a300020303030303030303030303030303030303030313220303030303030b0"], 0x46)
syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r9 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r9, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff18, 0x0, 0x0, 0x7, 0x0, 0x40000004}, 0xa)
r10 = syz_io_uring_setup(0x39, &(0x7f0000000580)={0x0, 0xe7f7, 0x13500}, &(0x7f0000000240), &(0x7f0000001880))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r10, 0x21, &(0x7f0000000440), 0x1)
accept4(r7, &(0x7f0000000280)=@l2, &(0x7f00000001c0)=0xfffffffffffffe88, 0x0)
connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
sendto$inet(r7, &(0x7f0000000000), 0x0, 0xb, 0x0, 0x0)
ioctl$BINDER_GET_EXTENDED_ERROR(r1, 0xc00c6211, 0xffffffffffffffff)

2.892519937s ago: executing program 2 (id=2600):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'})
r1 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000a40)=@newtclass={0x24, 0x28, 0x100, 0x70bd25, 0x8, {0x0, 0x0, 0x0, 0x0, {0x2, 0xb}, {0x7, 0x10}, {0xd, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x8045)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
ppoll(&(0x7f0000000100)=[{r3}], 0x1, 0x0, 0x0, 0x0)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
setns(r5, 0x24020000)
umount2(&(0x7f0000000040)='.\x00', 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_EMATCHES={0x34, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x24, 0x1, 0x0, 0x0, {{0x3, 0x9, 0x80}, [@TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x68}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2.869522429s ago: executing program 6 (id=2601):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000001f007910480000000000710429000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)

2.763456559s ago: executing program 6 (id=2602):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
munlock(&(0x7f0000001000/0x1000)=nil, 0x1000)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1014}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PACKETS_PER_SLAVE={0x8}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)

2.156729353s ago: executing program 1 (id=2603):
getpeername$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, <r0=>0x0}, &(0x7f0000000100)=0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1b, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800070000000000000000000500000085000000a400000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', r0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.151930483s ago: executing program 2 (id=2604):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$comedi(0xffffffffffffff9c, &(0x7f000000b200)='/dev/comedi1\x00', 0x8040, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x10, &(0x7f0000000200)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x81, 0xaa, &(0x7f0000000400)=""/170, 0x41000, 0xb, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000bfd000/0x400000)=nil, 0x400000, 0x4, 0x100010, r0, 0x8fe1e000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000000740)={@multicast2, @private=0xa010101}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000", 0x36}], 0x1)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f00000000c0)=ANY=[], 0x14)
syz_emit_vhci(&(0x7f0000000200)=ANY=[], 0xd)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
setsockopt$inet_int(r2, 0x0, 0x18, &(0x7f0000000000)=0x1, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x86, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa01090000000008004500007800000000008890780000000000000000000000000090780200000000000000020000003c08000000000000000290fa828d0900000005000000000000007154cc0c406cd27bd50a2942aa283aeb9677e3ef551ee72158200537cf84e777e732213781e0854e6657fe07a72fce98d47eff9de7a9da01006fde327bb9c33ebec4e44086d463c2026b879bbfff3cd9482e9d2c865b44ba852af7901beec5ecefffc02e4c4eb62e1c2effd46518b11550a747bc7b4355ba53d2d483d2135479c05056e1ba3443aef3581849a4ea5d018f8848e24f0b3ffcfdcdfedc806e5000000000d6f3067233859c370a896ea1aee1e6df365b9b08fb75da31684c273d1e5d5208273a2052535efd443ec2f0f887aad277e6def14a2de1c2a4966f769ec319ed31c5033cf7eecd2cd306d075625b9f7da88bf03ed6df00"], 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r7=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001e0000000c00018008000100", @ANYRES32=r7, @ANYBLOB="050003"], 0x28}}, 0x80)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)

1.948655216s ago: executing program 6 (id=2605):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newlink={0x54, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x10, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0x400002}, @IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}, @IFLA_IFNAME={0x14, 0x3, 'tunl0\x00'}]}, 0x54}}, 0x1020)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r3, 0x0, 0x5}, 0x18) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r3, 0x0, 0x5}, 0x18)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f00000001c0)=@gcm_128={{0x303}, "284ced328c858100", "8c4484686175b4e001f3063fabcf9b85", "7fa48dca", "5d60a1e7976bbd7a"}, 0x28)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000000000035670000000000020048c40ea80000", @ANYRES32=0x1, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r6 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
unshare(0xc000600) (async)
unshare(0xc000600)
r7 = open(&(0x7f0000000380)='./file1\x00', 0x109042, 0x0)
fallocate(r7, 0x0, 0x7ffffffffffffffe, 0x7000000)
bind$inet(r6, &(0x7f0000001fc0)={0x2, 0x4e22, @multicast2}, 0x10)
add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)="966946ea9e747224e5349d2b0c5c728218b0a45edb5d753e43e8fb2842e7ac20ea553fc0bbec7995730e3321ede552be1dac467a4be95cee83258317162316233c7c181918318297d5a2628ef5342bd22c2586c8ac4fc7d358dfe3aee85ff6cc81f3412ee6d04b97145474647482ad2f79175484df2273f4f56e28483ba87a20d73a0afffd7df9187b08ae2b5ff6d54e8eaf4df3b0773190a7ab2b5109773a89dd22182a365f04ea8100559e49a78be50261e2fdc158c9eb", 0xb8, 0xfffffffffffffffd) (async)
r8 = add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)="966946ea9e747224e5349d2b0c5c728218b0a45edb5d753e43e8fb2842e7ac20ea553fc0bbec7995730e3321ede552be1dac467a4be95cee83258317162316233c7c181918318297d5a2628ef5342bd22c2586c8ac4fc7d358dfe3aee85ff6cc81f3412ee6d04b97145474647482ad2f79175484df2273f4f56e28483ba87a20d73a0afffd7df9187b08ae2b5ff6d54e8eaf4df3b0773190a7ab2b5109773a89dd22182a365f04ea8100559e49a78be50261e2fdc158c9eb", 0xb8, 0xfffffffffffffffd)
syz_emit_ethernet(0xd2, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd602a1c99009c880000000000000000000000000000000000ff02000000000000000000000000000100000000009c90"], 0x0)
keyctl$read(0xb, r8, &(0x7f0000000180)=""/44, 0x2c)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r5, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) (async)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r5, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20)

1.946422999s ago: executing program 5 (id=2606):
syz_io_uring_setup(0x4236, 0x0, 0x0, 0x0)
sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0x9)
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
sendto$x25(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
acct(0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x500000, 0x80100008b}, 0x0)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
r2 = syz_io_uring_setup(0x83f, &(0x7f00000000c0)={0x0, 0xa9ee, 0x400, 0x3, 0x8002ae}, &(0x7f0000000140)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r1, 0x80, &(0x7f0000000680)=@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
poll(0x0, 0x0, 0x7f)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000240), 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
read$midi(0xffffffffffffffff, 0x0, 0x43)
socket(0x2, 0x3, 0xff)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000cab5ad403a0812c59bbb0000000109024d0001000000000904220005173e1ccc98936d00090500000800177f0505250180e88005a3146fba07b2ca02000905010c80020b011e07250181540300f504040808000302030905090040008006063fc2d9dcfa085f13466ecff8b068bcba9103225f6755a388a6bdcf793752c5443a4f2cd919"], 0x0)

1.879767486s ago: executing program 1 (id=2607):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00'})
sendmsg$nl_route(r1, 0x0, 0x8004)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480dfffe005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

1.87865981s ago: executing program 2 (id=2608):
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x88}, 0x0)
syz_open_dev$radio(&(0x7f0000000040), 0x3, 0x2)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r0, &(0x7f0000001400)={0x2020}, 0x2020)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
r2 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_G_MODULATOR(r2, 0xc0445636, &(0x7f0000000040)={0x0, "92a55301a7a10500000052f50000929e9eca24674d9d3d4ef28dafe5360429b6"})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="b7f2288d3aaea2bc0000def1260a00"/32, 0x20)
r4 = accept(r3, 0x0, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f00000013c0), r4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$xdp(0x2c, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0x10001, 0x0, 0x0, 0x0, 0xf6e4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x80000000, 0x0, 0x9, 0x0, 0x0, 0x10001, 0x2}, 0x0, 0x0)

1.52356152s ago: executing program 1 (id=2609):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020300090e00000004000400fedbdf25050006006c000e000a004e2200000ea5fc43ca000000000000000004000000010d000000000000000200010000000005000008000000008005000500000000000a"], 0x70}}, 0x8810)

1.490379249s ago: executing program 1 (id=2610):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
readv(r1, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/246, 0xf6}], 0x1)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000400)=0xfffffffd)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
r2 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7737, 0x1, 0x80000000, 0x34f}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r5 = openat$mice(0xffffffffffffff9c, &(0x7f00000002c0), 0x181001)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fc", 0x39}], 0x1}, 0x0)
r6 = socket(0x10, 0x80002, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r7, 0x107, 0xa, &(0x7f0000002040)=0x6, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010"], 0x48}}, 0x40000)
sendmmsg$alg(r6, &(0x7f00000000c0), 0x492492492492627, 0x0)
write$RDMA_USER_CM_CMD_DISCONNECT(r5, &(0x7f00000064c0)={0xa, 0x4}, 0xc)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x9d42}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)
r8 = openat(0xffffffffffffff9c, 0x0, 0x40000, 0x120)
mkdir(&(0x7f0000000280)='./file0\x00', 0x100)
symlinkat(0x0, r8, 0x0)
r9 = syz_open_dev$I2C(&(0x7f0000000040), 0xb54, 0x1)
ioctl$I2C_RDWR(r9, 0x707, &(0x7f0000000180)={&(0x7f00000018c0)=[{0x6, 0x5000, 0x0, 0x0}, {0x4, 0x4400, 0x23, 0x0}], 0x2})
ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000200)={0x0, 0x1, 0x0, 0x0, 0x0, 0x2})
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
fsetxattr$security_ima(r10, &(0x7f0000000500), &(0x7f0000000540)=@sha1={0x1, "424435b244462b88bf72487631f5633cec1821ba"}, 0x15, 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r10, 0x50805000)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'team_slave_1\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x33}})

955.366275ms ago: executing program 2 (id=2611):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0xee00, 0xee01}}, './file0\x00'})
r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x102)
sendto$inet6(r2, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x40488d0, 0x0, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0xfffb, 0x60082)
ioctl$VIDIOC_QUERY_EXT_CTRL(r5, 0xc0e85667, &(0x7f0000000300)={0xa0000000, 0x4, "6ff6ad4d49bf769c2fe25720ed5009622e709195057af5b6837b0b5f886643fa", 0x1, 0x2, 0x10000001, 0x8, 0x1, 0x87, 0x7fffffff, 0x0, [0xfffffffa, 0x10000, 0x1, 0x8]}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1852dd0e19b7875907f73f0e00000000000000000000008576b4f5c7ec788c00"], &(0x7f0000000080)='syzkaller\x00', 0x4}, 0x94) (async)
openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0) (async)
r6 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000080)={0x84, @multicast2, 0x15, 0x3, 'none\x00', 0x1, 0x4, 0x43}, 0x2c) (async)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @empty, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0x0, 0x12d5c, 0x12d5c}}, 0x44) (async)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000001ac0)={r6, 0x4, {0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x14, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0x3]}}) (async)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38) (async)
r7 = socket$kcm(0x10, 0x2, 0x0) (async)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
syz_open_dev$hiddev(&(0x7f0000000100), 0x4, 0x4101) (async)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r8, &(0x7f0000000100), &(0x7f0000000000), 0x2}, 0x20) (async)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffd83)
syz_usb_connect$cdc_ecm(0x0, 0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a4400001020301090254000101000000090400000002060000052406000005240000000d496d941f9d28f19c00000000042413001524120000a317a88b045e4f01a607c0ffcb7e392a0905820200000000"], 0x0)

711.385543ms ago: executing program 1 (id=2612):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x10, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r2, 0xc01864ba, &(0x7f0000000380)={0x0, 0x0, 0x1f})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_emit_ethernet(0x42, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd60010100000c8800fe8000000040000000000000000000bbfe8000000000000000000000000000aa0000000042c29949"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000002000bf2000000000000015000200000001103d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff070067020000030000001606000000000078bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00'}, 0x48)

0s ago: executing program 7 (id=2613):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil)
sendto$l2tp(0xffffffffffffffff, &(0x7f00000000c0)="40a2c193c185e00623c4f6264453c7797552039165e5c59a90baf3dcac5566ed989d696f7b84923a8c6bac03be58654e2f2383d47017268a0fff10420ffa01e5e920ce0f2f388f3c7cfc743828b1966e4bc525fc", 0x54, 0x20000005, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
syz_kvm_add_vcpu$x86(r1, &(0x7f0000000080)={0x0, 0x0, 0x61})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0xffffffffffffffff)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x4)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r6)
sendmsg$L2TP_CMD_TUNNEL_GET(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c01ee4d9866ef7d525cfd0600001b", @ANYRES16=r7, @ANYBLOB="010026bd7000ffdbdf25040000000800090003000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20008080}, 0x8044)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
setrlimit(0xb, &(0x7f0000000000)={0x8001, 0x6})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
socket$alg(0x26, 0x5, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r8}, 0x18)
read$FUSE(0xffffffffffffffff, &(0x7f0000000740)={0x2020, 0x0, 0x0, <r9=>0x0}, 0x2020)
r10 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_buf(r10, 0x0, 0x4, &(0x7f0000000040)="440910bc996c301c8107070400", 0xd)
setuid(r9)

kernel console output (not intermixed with test programs):

ng descriptor 0 read error: -71
[  591.875746][ T5928] usb 4-1: USB disconnect, device number 23
[  591.945499][  T926] usb 3-1: new full-speed USB device number 29 using dummy_hcd
[  592.096462][   T30] audit: type=1326 audit(1753787471.182:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11153 comm="syz.3.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6caf8e9a9 code=0x7ffc0000
[  592.236091][T11135] batman_adv: batadv0: Adding interface: dummy0
[  592.242484][T11135] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  592.268080][T11135] batman_adv: batadv0: Interface activated: dummy0
[  592.280282][T11135] net_ratelimit: 10 callbacks suppressed
[  592.280300][T11135] batadv0: mtu less than device minimum
[  592.293491][T11135] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  592.305460][T11135] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  592.317568][T11135] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  592.329879][T11135] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  592.342007][T11135] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  592.353924][T11135] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  592.366078][T11135] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  592.378289][T11135] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  592.390201][T11135] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  592.436796][   T30] audit: type=1326 audit(1753787471.182:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11153 comm="syz.3.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6caf8e9a9 code=0x7ffc0000
[  592.437078][ T5902] usbhid 2-1:0.0: can't add hid device: -71
[  592.458324][    C0] vkms_vblank_simulate: vblank timer overrun
[  592.478375][   T30] audit: type=1326 audit(1753787471.192:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11153 comm="syz.3.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fe6caf8e9a9 code=0x7ffc0000
[  592.493045][ T5902] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  592.504721][  T926] usb 3-1: config 0 has an invalid interface number: 20 but max is 0
[  592.556335][  T926] usb 3-1: config 0 has no interface number 0
[  592.573360][  T926] usb 3-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  592.581971][ T5902] usb 2-1: USB disconnect, device number 27
[  592.584736][   T30] audit: type=1326 audit(1753787471.192:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11153 comm="syz.3.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6caf8e9a9 code=0x7ffc0000
[  592.636763][  T926] usb 3-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[  592.654685][  T926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  592.681480][   T30] audit: type=1326 audit(1753787471.192:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11153 comm="syz.3.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6caf8e9a9 code=0x7ffc0000
[  592.707460][  T926] usb 3-1: Product: syz
[  592.716700][  T926] usb 3-1: Manufacturer: syz
[  592.734882][  T926] usb 3-1: SerialNumber: syz
[  592.747169][  T926] usb 3-1: config 0 descriptor??
[  592.758578][T11148] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  592.785998][  T926] usb-storage 3-1:0.20: USB Mass Storage device detected
[  592.810243][  T926] usb-storage 3-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[  592.995255][T11148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  593.028227][T11148] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  593.062187][  T926] scsi host1: usb-storage 3-1:0.20
[  593.254609][  T926] usb 3-1: USB disconnect, device number 29
[  593.374640][T11169] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1551'.
[  594.343873][T11175] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1554'.
[  594.362371][T11175] ip6gre2: entered allmulticast mode
[  594.517346][   T30] audit: type=1326 audit(1753787473.672:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8d18e9a9 code=0x7ffc0000
[  594.593653][   T30] audit: type=1326 audit(1753787473.672:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8d18e9a9 code=0x7ffc0000
[  594.625527][   T30] audit: type=1326 audit(1753787473.702:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0c8d18e9a9 code=0x7ffc0000
[  594.654649][   T30] audit: type=1326 audit(1753787473.702:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8d18e9a9 code=0x7ffc0000
[  594.712415][   T30] audit: type=1326 audit(1753787473.702:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8d18e9a9 code=0x7ffc0000
[  594.995608][T11190] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1561'.
[  596.330817][T11208] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1569'.
[  596.701055][T11218] netlink: 'syz.3.1571': attribute type 1 has an invalid length.
[  599.252964][T11222] 9pnet_fd: Insufficient options for proto=fd
[  599.384137][T11231] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1575'.
[  601.555477][T11256] overlay: ./file0 is not a directory
[  601.663847][T11257] syz.2.1582: attempt to access beyond end of device
[  601.663847][T11257] loop5: rw=0, sector=0, nr_sectors = 1 limit=0
[  601.679760][T11257] FAT-fs (loop5): unable to read boot sector
[  602.347935][T11259] netlink: 'syz.4.1584': attribute type 2 has an invalid length.
[  602.356691][T11259] netlink: 156456 bytes leftover after parsing attributes in process `syz.4.1584'.
[  602.374716][T11259] nbd: must specify a device to reconfigure
[  602.420491][T11258] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1583'.
[  604.044415][T11285] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[11285]
[  604.421422][T11284] overlay: Unknown parameter 'fowner'
[  604.700321][T11294] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1595'.
[  604.732729][T11294] tipc: Started in network mode
[  604.750424][T11294] tipc: Node identity 7, cluster identity 5
[  604.815116][T11294] tipc: Node number set to 7
[  604.914474][T11295] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1595'.
[  605.434099][T11298] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1596'.
[  605.619395][T11302] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1597'.
[  605.629343][T11302] netlink: 116 bytes leftover after parsing attributes in process `syz.2.1597'.
[  606.434978][T11313] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1599'.
[  607.517768][T11321] mkiss: ax0: crc mode is auto.
[  608.358306][T11336] batman_adv: batadv0: Interface deactivated: dummy0
[  608.544210][T11336] batman_adv: batadv0: Removing interface: dummy0
[  608.650584][T11336] bond2: (slave geneve2): Releasing active interface
[  608.723804][T11337] team0: Mode changed to "loadbalance"
[  608.858415][T11339] hfs: unable to load iocharset "io#harset"
[  609.272551][T11347] usb usb8: usbfs: process 11347 (syz.4.1610) did not claim interface 0 before use
[  610.836391][T11359] fuse: Bad value for 'fd'
[  611.224820][ T5902] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  612.118856][T11371] syz.3.1616 (11371) used greatest stack depth: 16496 bytes left
[  612.227286][ T5902] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  612.248595][T11377] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1617'.
[  612.288024][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.324780][ T5902] usb 5-1: Product: syz
[  612.334843][ T5902] usb 5-1: Manufacturer: syz
[  612.351301][ T5902] usb 5-1: SerialNumber: syz
[  612.377012][ T5902] usb 5-1: config 0 descriptor??
[  612.393516][ T5902] ch341 5-1:0.0: ch341-uart converter detected
[  612.440394][T11369] net_ratelimit: 10 callbacks suppressed
[  612.440416][T11369] sctp: failed to load transform for md5: -2
[  612.801770][ T5902] usb 5-1: failed to send control message: -71
[  612.818315][ T5902] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  612.841772][ T5902] usb 5-1: USB disconnect, device number 15
[  612.859378][ T5902] ch341 5-1:0.0: device disconnected
[  612.955639][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  612.955659][   T30] audit: type=1800 audit(1753787492.102:87): pid=11375 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.1618" name="bus" dev="overlay" ino=1610 res=0 errno=0
[  613.030186][T11399] x_tables: duplicate underflow at hook 2
[  613.197003][T11404] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1628'.
[  613.199822][T11405] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1628'.
[  613.206420][T11404] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1628'.
[  613.225139][T11405] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1628'.
[  613.581627][T11414] netlink: 'syz.4.1632': attribute type 4 has an invalid length.
[  613.750664][T11411] loop9: detected capacity change from 0 to 8
[  613.909755][T11411] Dev loop9: unable to read RDB block 8
[  614.073006][T11411]  loop9: unable to read partition table
[  614.424647][T11411] loop9: partition table beyond EOD, truncated
[  614.476830][T11411] loop_reread_partitions: partition scan of loop9 (�被x������ ) failed (rc=-5)
[  618.281580][T11462] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1646'.
[  618.917348][T11467] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  618.924657][T11467] IPv6: NLM_F_CREATE should be set when creating new route
[  618.950751][T11467] lo: entered allmulticast mode
[  618.965866][T11467] tunl0: entered allmulticast mode
[  619.005288][T11467] gre0: entered allmulticast mode
[  619.368062][T11475] binder: 11468:11475 ioctl c00c6211 ffffffffffffffff returned -14
[  619.534195][T11467] gretap0: entered allmulticast mode
[  619.585973][T11467] erspan0: entered allmulticast mode
[  619.656912][T11467] ip_vti0: entered allmulticast mode
[  619.721733][T11467] ip6_vti0: entered allmulticast mode
[  619.949646][T11467] sit0: entered allmulticast mode
[  619.981092][T11467] ip6tnl0: entered allmulticast mode
[  620.096147][T11467] ip6gre0: entered allmulticast mode
[  620.254350][T11467] syz_tun: entered allmulticast mode
[  620.311967][T11467] ip6gretap0: entered allmulticast mode
[  620.344802][ T5953] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  620.358706][T11467] bridge0: port 2(bridge_slave_1) entered disabled state
[  620.366110][T11467] bridge0: port 1(bridge_slave_0) entered disabled state
[  620.410745][T11467] bridge0: entered allmulticast mode
[  620.511204][T11467] vcan0: entered allmulticast mode
[  620.546869][ T5953] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[  620.560843][T11467] bond0: entered allmulticast mode
[  620.566703][T11467] bond_slave_0: entered allmulticast mode
[  620.572483][T11467] bond_slave_1: entered allmulticast mode
[  620.574772][T10753] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  620.623381][ T5953] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  620.647763][T11467] team0: entered allmulticast mode
[  620.657244][ T5953] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  620.664793][T11467] team_slave_0: entered allmulticast mode
[  620.674239][T11467] team_slave_1: entered allmulticast mode
[  620.676854][ T5953] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.703588][ T5953] usb 4-1: config 0 descriptor??
[  620.713481][T11467] dummy0: entered allmulticast mode
[  620.769851][T11467] nlmon0: entered allmulticast mode
[  620.810297][T11467] caif0: entered allmulticast mode
[  620.815654][T10753] usb 2-1: Using ep0 maxpacket: 8
[  620.825171][T10753] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  620.924696][T11467] batadv0: entered allmulticast mode
[  620.940371][ T5953] ath6kl: Failed to submit usb control message: -71
[  620.950458][T10753] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  620.966188][T11467] vxcan0: entered allmulticast mode
[  620.991113][ T5953] ath6kl: unable to send the bmi data to the device: -71
[  620.996413][T11467] vxcan1: entered allmulticast mode
[  620.998409][T10753] usb 2-1: Product: syz
[  621.015490][ T5953] ath6kl: Unable to send get target info: -71
[  621.022287][T10753] usb 2-1: Manufacturer: syz
[  621.027443][T10753] usb 2-1: SerialNumber: syz
[  621.038003][T10753] usb 2-1: config 0 descriptor??
[  621.054330][ T5953] ath6kl: Failed to init ath6kl core: -71
[  621.066283][ T5953] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  621.086679][T10753] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  621.114653][T11467] veth0: entered allmulticast mode
[  621.118067][ T5953] usb 4-1: USB disconnect, device number 24
[  621.166206][T11467] veth1: entered allmulticast mode
[  621.188548][T11467] wg0: entered allmulticast mode
[  621.218344][T11467] wg1: entered allmulticast mode
[  621.244342][T11467] wg2: entered allmulticast mode
[  621.374798][T11467] veth0_to_bridge: entered allmulticast mode
[  621.447656][T11467] veth1_to_bridge: entered allmulticast mode
[  621.503709][T11467] veth0_to_bond: entered allmulticast mode
[  621.529257][T10753] gspca_zc3xx: reg_r err -71
[  621.536563][T10753] gspca_zc3xx 2-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  621.557046][T10753] usb 2-1: USB disconnect, device number 28
[  621.697648][T11467] veth1_to_bond: entered allmulticast mode
[  621.751519][T11467] veth0_to_team: entered allmulticast mode
[  621.952449][T11467] veth1_to_team: entered allmulticast mode
[  622.052855][T11513] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1658'.
[  622.358329][T11467] veth0_to_batadv: entered allmulticast mode
[  622.462397][T11467] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  622.518001][T11467] batadv_slave_0: entered allmulticast mode
[  622.537628][T11467] veth1_to_batadv: entered allmulticast mode
[  622.582347][T11467] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  622.595821][T11467] batadv_slave_1: entered allmulticast mode
[  622.669517][T11467] xfrm0: entered allmulticast mode
[  622.709592][T11467] veth0_to_hsr: entered allmulticast mode
[  622.804646][T11506] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  622.831466][T11467] veth1_to_hsr: entered allmulticast mode
[  623.088327][T11506] usb 5-1: Using ep0 maxpacket: 8
[  623.151709][T11467] veth1_virt_wifi: entered allmulticast mode
[  623.215142][T11506] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  623.268323][T11467] veth0_virt_wifi: entered allmulticast mode
[  623.271801][T11506] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  623.360517][T11467] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  623.411510][T11467] veth1_vlan: entered allmulticast mode
[  623.412921][T11506] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  623.434950][T11506] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  623.446315][T11506] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  623.512102][T11506] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  623.523346][T11506] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  623.537596][T11506] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  623.549649][T11506] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  623.561207][T11506] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  623.575105][T11506] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  623.582847][T11506] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  623.626844][T11506] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  623.643500][T11506] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  623.654374][T11467] veth0_vlan: entered allmulticast mode
[  623.660380][T11506] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  623.681491][T11506] usb 5-1: string descriptor 0 read error: -22
[  623.688546][T11506] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  623.698125][T11506] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  623.738793][T11506] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  623.782420][T11467] vlan0: entered allmulticast mode
[  623.794903][T11467] vlan1: entered allmulticast mode
[  623.807946][T11467] macvlan0: entered allmulticast mode
[  623.833743][T11467] macvlan1: entered allmulticast mode
[  623.866284][T11467] ipvlan0: entered allmulticast mode
[  623.871803][T11467] ipvlan1: entered allmulticast mode
[  623.891215][T11467] geneve0: entered allmulticast mode
[  623.914743][T11467] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  623.923687][T11467] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  623.934998][T11467] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  623.951440][T11467] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  623.964954][T11467] geneve1: entered allmulticast mode
[  623.985516][T11467] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  624.019870][T11467] netdevsim netdevsim2 netdevsim1: entered allmulticast mode
[  624.049540][T11519] kvm: user requested TSC rate below hardware speed
[  624.065974][T11467] netdevsim netdevsim2 netdevsim2: entered allmulticast mode
[  624.083802][T11535] hugetlbfs: Bad value for 'mode'
[  624.105624][T11467] netdevsim netdevsim2 netdevsim3: entered allmulticast mode
[  624.171656][T11467] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  624.197526][T11467] vlan2: left promiscuous mode
[  624.212625][T11467] bridge0: left promiscuous mode
[  624.219397][T11467] vlan2: entered allmulticast mode
[  624.229585][T11467] ip6gre1: entered allmulticast mode
[  624.235415][T11467] ip6tnl1: entered allmulticast mode
[  624.298919][T11506] usb 5-1: USB disconnect, device number 16
[  625.716870][T11563] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  626.576544][T11578] siw: device registration error -23
[  626.859578][T11579] binder: 11574:11579 ioctl c00c6211 ffffffffffffffff returned -14
[  627.354991][T11586] binder: 11585:11586 ioctl 541b 200000000140 returned -22
[  627.733109][ T5953] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  628.354684][ T5953] usb 3-1: Using ep0 maxpacket: 16
[  628.377359][ T5953] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  628.418864][ T5953] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22
[  628.449975][ T5953] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  628.461177][ T5953] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  628.474761][T11506] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  628.494669][ T5953] usb 3-1: SerialNumber: syz
[  628.652247][T11506] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  628.680813][T11506] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  628.717696][T11506] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  628.737290][ T5928] usb 3-1: USB disconnect, device number 30
[  628.764069][T11506] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  628.791678][T11506] usb 4-1: config 0 descriptor??
[  629.062487][T11609] netlink: 'syz.0.1686': attribute type 1 has an invalid length.
[  629.679486][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  629.692912][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  630.391794][T11623] binder: 11622:11623 ioctl 541b 200000000140 returned -22
[  631.636226][T11506] usb 4-1: string descriptor 0 read error: -71
[  631.685125][T11506] usb 4-1: USB disconnect, device number 25
[  633.176545][T11657] syz_tun: entered allmulticast mode
[  633.193760][T11656] syz_tun: left allmulticast mode
[  633.671981][T11673] virtio-fs: tag </dev/md0> not found
[  633.790416][T11675] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1709'.
[  633.827118][T11674] binder: 11671:11674 ioctl 541b 200000000140 returned -22
[  633.924246][T11676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1709'.
[  633.993832][T11669] xt_CT: No such helper "netbios-ns"
[  634.171861][T11680] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  635.133870][T11694] netlink: 'syz.0.1715': attribute type 9 has an invalid length.
[  635.177923][T11694] netlink: 184 bytes leftover after parsing attributes in process `syz.0.1715'.
[  635.619332][T11697] 9pnet_fd: Insufficient options for proto=fd
[  636.900642][T11700] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.242921][T11700] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.289292][T11718] netlink: 'syz.3.1722': attribute type 1 has an invalid length.
[  637.346217][T11721] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1722'.
[  637.351445][T11718] bond3: entered promiscuous mode
[  637.361303][T11718] 8021q: adding VLAN 0 to HW filter on device bond3
[  637.471037][T11700] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.493373][T11721] batman_adv: batadv0: Interface deactivated: dummy0
[  637.562470][T11700] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.728018][T11700] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  637.738091][T11729] netlink: 'syz.3.1725': attribute type 4 has an invalid length.
[  637.765339][T11700] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  637.780667][T11729] veth1_macvtap: left promiscuous mode
[  637.972345][T11700] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  638.105206][T11700] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  640.173735][T11758] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1735'.
[  640.284457][T11765] netlink: 'syz.1.1737': attribute type 10 has an invalid length.
[  640.300012][T11765] bridge0: port 2(bridge_slave_1) entered disabled state
[  640.307539][T11765] bridge0: port 1(bridge_slave_0) entered disabled state
[  640.335993][T11767] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1737'.
[  640.614652][T11775] FAULT_INJECTION: forcing a failure.
[  640.614652][T11775] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  640.628152][T11775] CPU: 0 UID: 0 PID: 11775 Comm: syz.2.1741 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  640.628182][T11775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  640.628196][T11775] Call Trace:
[  640.628206][T11775]  <TASK>
[  640.628215][T11775]  dump_stack_lvl+0x189/0x250
[  640.628244][T11775]  ? irqentry_exit+0x74/0x90
[  640.628270][T11775]  ? __pfx_dump_stack_lvl+0x10/0x10
[  640.628315][T11775]  should_fail_ex+0x414/0x560
[  640.628342][T11775]  _copy_from_user+0x2d/0xb0
[  640.628374][T11775]  ___sys_sendmsg+0x158/0x2a0
[  640.628412][T11775]  ? __pfx____sys_sendmsg+0x10/0x10
[  640.628486][T11775]  ? __fget_files+0x2a/0x420
[  640.628510][T11775]  ? __fget_files+0x3a0/0x420
[  640.628546][T11775]  __x64_sys_sendmsg+0x19b/0x260
[  640.628582][T11775]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  640.628626][T11775]  ? __pfx_ksys_write+0x10/0x10
[  640.628653][T11775]  ? do_syscall_64+0xbe/0x3b0
[  640.628682][T11775]  do_syscall_64+0xfa/0x3b0
[  640.628708][T11775]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.628730][T11775]  ? asm_sysvec_call_function_single+0x1a/0x20
[  640.628752][T11775]  ? clear_bhb_loop+0x60/0xb0
[  640.628779][T11775]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.628800][T11775] RIP: 0033:0x7f0a48b8e9a9
[  640.628820][T11775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  640.628839][T11775] RSP: 002b:00007f0a49aa5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  640.628863][T11775] RAX: ffffffffffffffda RBX: 00007f0a48db6080 RCX: 00007f0a48b8e9a9
[  640.628879][T11775] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000005
[  640.628894][T11775] RBP: 00007f0a49aa5090 R08: 0000000000000000 R09: 0000000000000000
[  640.628919][T11775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  640.628932][T11775] R13: 0000000000000000 R14: 00007f0a48db6080 R15: 00007ffd7452ba28
[  640.628965][T11775]  </TASK>
[  641.237920][T11765] bridge0: port 2(bridge_slave_1) entered blocking state
[  641.245213][T11765] bridge0: port 2(bridge_slave_1) entered forwarding state
[  641.252829][T11765] bridge0: port 1(bridge_slave_0) entered blocking state
[  641.260149][T11765] bridge0: port 1(bridge_slave_0) entered forwarding state
[  641.285003][T11778] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[  641.291608][T11778] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  641.310701][T11765] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  641.364948][T11778] vhci_hcd vhci_hcd.0: Device attached
[  641.470879][T11767] bridge_slave_1: left allmulticast mode
[  641.503908][T11767] bridge_slave_1: left promiscuous mode
[  641.529023][T11767] bridge0: port 2(bridge_slave_1) entered disabled state
[  641.556846][T11767] bridge_slave_0: left allmulticast mode
[  641.579395][T11767] bridge_slave_0: left promiscuous mode
[  641.593271][T11767] bridge0: port 1(bridge_slave_0) entered disabled state
[  641.605211][   T44] vhci_hcd: vhci_device speed not set
[  641.634711][T11779] vhci_hcd: connection closed
[  641.655935][ T3980] vhci_hcd: stop threads
[  641.685193][   T44] usb 41-1: new full-speed USB device number 2 using vhci_hcd
[  641.732359][  T926] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  642.483581][ T3980] vhci_hcd: release socket
[  642.525048][ T3980] vhci_hcd: disconnect device
[  642.604808][  T926] usb 3-1: device descriptor read/64, error -71
[  642.964742][  T926] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  643.449251][T11767] bond0: (slave bridge0): Releasing backup interface
[  643.718636][  T926] usb 3-1: device descriptor read/64, error -71
[  644.292221][  T926] usb usb3-port1: attempt power cycle
[  644.425527][T11820] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  644.637775][  T926] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  645.198042][  T926] usb 3-1: device descriptor read/8, error -71
[  645.658462][T11830] 9pnet_fd: Insufficient options for proto=fd
[  646.336152][T11843] siw: device registration error -23
[  646.808747][   T44] vhci_hcd: vhci_device speed not set
[  647.094731][  T926] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  647.645313][  T926] usb 3-1: device descriptor read/8, error -71
[  647.816879][  T926] usb usb3-port1: unable to enumerate USB device
[  648.792352][T11862] binder: 11855:11862 ioctl c018620c 200000000380 returned -22
[  648.911340][T11863] pim6reg: entered allmulticast mode
[  650.836262][T11881] 9pnet_fd: Insufficient options for proto=fd
[  651.256718][T11884] PKCS7: Unknown OID: [4] 0.38.107.217331280.32(bad)
[  651.263508][T11884] PKCS7: Only support pkcs7_signedData type
[  653.735867][T11505] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  653.981947][T11892] syz.1.1771 (11892): drop_caches: 2
[  655.692558][T11910] 9pnet_fd: Insufficient options for proto=fd
[  656.594717][T11505] usb 5-1: device descriptor read/all, error -71
[  659.240559][T11948] netlink: 'syz.3.1789': attribute type 32 has an invalid length.
[  659.282785][T11945] overlayfs: failed to clone upperpath
[  661.502563][T11952] mkiss: ax0: crc mode is auto.
[  662.301941][T11977] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  663.492545][T12008] netlink: 'syz.0.1807': attribute type 1 has an invalid length.
[  663.530470][T12011] mkiss: ax0: crc mode is auto.
[  666.166350][T12022] binder: 12017:12022 ioctl c00c6211 ffffffffffffffff returned -14
[  666.290555][T12026] 9pnet_fd: Insufficient options for proto=fd
[  691.117987][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  691.124362][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  698.243805][T12029] netlink: 'syz.1.1813': attribute type 12 has an invalid length.
[  698.251900][T12031] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  698.252122][T12031] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  698.262418][T12029] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.1813'.
[  717.954382][T12051] xt_ecn: cannot match TCP bits for non-tcp packets
[  718.503312][T12053] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  719.368620][T12067] openvswitch: netlink: Actions may not be safe on all matching packets
[  721.091101][T12093] binder: 12085:12093 ioctl c00c6211 ffffffffffffffff returned -14
[  721.140447][T12095] PKCS7: Unknown OID: [4] 0.38.107.217331280.32(bad)
[  721.155635][T12095] PKCS7: Only support pkcs7_signedData type
[  721.667580][   T30] audit: type=1326 audit(1753787600.822:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12098 comm="syz.4.1830" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6abb58e9a9 code=0x0
[  721.727323][T12105] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  721.733939][T12105] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  721.764432][T12105] vhci_hcd vhci_hcd.0: Device attached
[  721.865117][T12111] 9pnet_fd: Insufficient options for proto=fd
[  721.966433][T12113] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1834'.
[  721.975878][T12113] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1834'.
[  722.138306][   T44] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  722.146127][  T926] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  722.354749][   T44] usb 3-1: Using ep0 maxpacket: 16
[  722.381551][   T44] usb 3-1: config 0 has no interfaces?
[  722.391986][   T44] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  722.419627][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  722.431020][   T44] usb 3-1: config 0 descriptor??
[  722.716429][T11506] usb 3-1: USB disconnect, device number 35
[  722.722611][T11505] IPVS: starting estimator thread 0...
[  722.730498][T12107] usb 37-1: recv xbuf, 0
[  722.984023][ T3980] vhci_hcd: stop threads
[  723.061791][ T3980] vhci_hcd: release socket
[  723.084843][T12123] IPVS: using max 23 ests per chain, 55200 per kthread
[  723.171844][ T3980] vhci_hcd: disconnect device
[  723.539579][T12128] netlink: 304 bytes leftover after parsing attributes in process `syz.3.1839'.
[  723.554719][  T926] vhci_hcd: vhci_device speed not set
[  724.812547][T12153] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1848'.
[  724.858910][T12153] 9pnet_fd: Insufficient options for proto=fd
[  724.945934][T11506] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  725.179363][T11506] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  725.190036][T11506] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  725.206308][T11506] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  725.216051][T11506] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  725.237508][T11506] usb 3-1: Product: syz
[  725.360633][T11506] usb 3-1: Manufacturer: syz
[  725.366674][T11506] usb 3-1: SerialNumber: syz
[  725.382669][T11506] usb 3-1: config 0 descriptor??
[  725.388858][T12143] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  725.401356][T12143] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  725.612379][T12143] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  725.623423][T12143] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  726.465257][T11506] Error reading MAC address
[  726.476200][T11506] usb 3-1: USB disconnect, device number 36
[  727.777856][T12197] 9pnet_fd: Insufficient options for proto=fd
[  728.168662][T12191] loop6: detected capacity change from 0 to 63
[  728.838971][T12191] buffer_io_error: 650 callbacks suppressed
[  728.839010][T12191] Buffer I/O error on dev loop6, logical block 0, async page read
[  729.195166][T12202] 9pnet_fd: Insufficient options for proto=fd
[  729.366848][T12191] Buffer I/O error on dev loop6, logical block 1, async page read
[  729.394965][T12191] Buffer I/O error on dev loop6, logical block 2, async page read
[  729.408370][T12191] Buffer I/O error on dev loop6, logical block 3, async page read
[  729.417372][T12191] Buffer I/O error on dev loop6, logical block 0, async page read
[  729.547488][T12191] Buffer I/O error on dev loop6, logical block 1, async page read
[  729.823935][T12191] Buffer I/O error on dev loop6, logical block 2, async page read
[  729.883459][T12191] Buffer I/O error on dev loop6, logical block 3, async page read
[  729.893712][T12191] Buffer I/O error on dev loop6, logical block 0, async page read
[  730.195293][T12191] Buffer I/O error on dev loop6, logical block 1, async page read
[  730.684013][T12223] FAULT_INJECTION: forcing a failure.
[  730.684013][T12223] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  730.710849][T12223] CPU: 1 UID: 0 PID: 12223 Comm: syz.2.1871 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  730.710881][T12223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  730.710895][T12223] Call Trace:
[  730.710904][T12223]  <TASK>
[  730.710914][T12223]  dump_stack_lvl+0x189/0x250
[  730.710946][T12223]  ? __pfx____ratelimit+0x10/0x10
[  730.710970][T12223]  ? __pfx_dump_stack_lvl+0x10/0x10
[  730.711006][T12223]  ? __pfx__printk+0x10/0x10
[  730.711035][T12223]  ? __might_fault+0xb0/0x130
[  730.711069][T12223]  should_fail_ex+0x414/0x560
[  730.711098][T12223]  _copy_from_user+0x2d/0xb0
[  730.711129][T12223]  memdup_user+0x5e/0xd0
[  730.711159][T12223]  strndup_user+0x68/0xd0
[  730.711186][T12223]  __se_sys_mount+0x9c/0x410
[  730.711213][T12223]  ? ksys_write+0x22a/0x250
[  730.711236][T12223]  ? __pfx___se_sys_mount+0x10/0x10
[  730.711259][T12223]  ? rcu_is_watching+0x15/0xb0
[  730.711289][T12223]  ? do_syscall_64+0xbe/0x3b0
[  730.711312][T12223]  ? __x64_sys_mount+0x20/0xc0
[  730.711339][T12223]  do_syscall_64+0xfa/0x3b0
[  730.711363][T12223]  ? lockdep_hardirqs_on+0x9c/0x150
[  730.711386][T12223]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  730.711414][T12223]  ? clear_bhb_loop+0x60/0xb0
[  730.711441][T12223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  730.711463][T12223] RIP: 0033:0x7f0a48b8e9a9
[  730.711482][T12223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  730.711501][T12223] RSP: 002b:00007f0a49ac6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  730.711525][T12223] RAX: ffffffffffffffda RBX: 00007f0a48db5fa0 RCX: 00007f0a48b8e9a9
[  730.711541][T12223] RDX: 0000200000000040 RSI: 0000200000000a00 RDI: 0000200000000000
[  730.711556][T12223] RBP: 00007f0a49ac6090 R08: 0000000000000000 R09: 0000000000000000
[  730.711569][T12223] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  730.711583][T12223] R13: 0000000000000000 R14: 00007f0a48db5fa0 R15: 00007ffd7452ba28
[  730.711616][T12223]  </TASK>
[  731.024098][T12232] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1876'.
[  731.052815][T12232] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1876'.
[  731.483974][T12240] overlayfs: failed to clone upperpath
[  733.226027][T12264] block nbd1: NBD_DISCONNECT
[  733.248502][T12263] block nbd1: NBD_DISCONNECT
[  733.605367][T11506] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  733.794722][   T44] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  734.094261][T12277] netlink: 'syz.4.1888': attribute type 6 has an invalid length.
[  734.108880][T12277] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1888'.
[  735.527252][T12287] 9pnet_fd: Insufficient options for proto=fd
[  735.765104][T12295] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1896'.
[  735.792591][  T926] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  736.017064][  T926] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  736.028322][  T926] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  736.103797][  T926] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  736.168521][  T926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  736.213491][  T926] usb 3-1: Product: syz
[  736.240110][  T926] usb 3-1: Manufacturer: syz
[  736.280494][  T926] usb 3-1: SerialNumber: syz
[  736.610215][T12302] mkiss: ax0: crc mode is auto.
[  736.678077][T12287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  736.687287][T12287] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  736.699623][  T926] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  736.863435][  T926] usb 3-1: USB disconnect, device number 37
[  737.387955][  T926] usb 3-1: new full-speed USB device number 38 using dummy_hcd
[  737.650728][  T926] usb 3-1: config index 0 descriptor too short (expected 301, got 72)
[  737.706340][  T926] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  737.930740][  T926] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  737.968277][  T926] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 1024, setting to 64
[  737.986327][T12329] loop6: detected capacity change from 0 to 63
[  738.020019][  T926] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  738.020866][T12329] buffer_io_error: 10 callbacks suppressed
[  738.020885][T12329] Buffer I/O error on dev loop6, logical block 0, async page read
[  738.050017][T12329] Buffer I/O error on dev loop6, logical block 1, async page read
[  738.057185][  T926] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  738.058563][T12329] Buffer I/O error on dev loop6, logical block 2, async page read
[  738.081389][T12329] Buffer I/O error on dev loop6, logical block 3, async page read
[  738.090348][T12329] Buffer I/O error on dev loop6, logical block 0, async page read
[  738.095885][  T926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  738.139756][T12329] Buffer I/O error on dev loop6, logical block 1, async page read
[  738.148617][T12329] Buffer I/O error on dev loop6, logical block 2, async page read
[  738.169518][T12329] Buffer I/O error on dev loop6, logical block 3, async page read
[  738.179873][T12329] Buffer I/O error on dev loop6, logical block 0, async page read
[  738.193245][T12329] Buffer I/O error on dev loop6, logical block 1, async page read
[  738.621241][T12335] netlink: 'syz.1.1908': attribute type 1 has an invalid length.
[  741.528777][  T926] usb 3-1: usb_control_msg returned -71
[  741.611776][T12358] netlink: 'syz.3.1912': attribute type 10 has an invalid length.
[  741.644635][  T926] usbtmc 3-1:16.0: can't read capabilities
[  741.709323][T12358] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  741.785649][  T926] usb 3-1: USB disconnect, device number 38
[  743.019474][T12365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1916'.
[  743.251266][T12370] 9pnet_fd: Insufficient options for proto=fd
[  744.947780][T12385] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  745.348070][T12386] siw: device registration error -23
[  746.375126][T12412] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1931'.
[  746.518347][T12412] random: crng reseeded on system resumption
[  746.789386][T12419] binder: 12418:12419 ioctl c0306201 0 returned -14
[  747.484291][T12422] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1932'.
[  747.493501][T12422] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1932'.
[  751.082374][T12453] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1943'.
[  751.091548][T12453] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1943'.
[  751.847485][T12461] comedi comedi1: comedi_config --init_data is deprecated
[  751.911257][T12461] dvmrp0: entered allmulticast mode
[  751.932923][T12461] comedi comedi1: comedi_config --init_data is deprecated
[  751.982224][T12469] binder: 12464:12469 ioctl 541b 200000000140 returned -22
[  752.579707][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  752.587667][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  754.343569][T12493] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1955'.
[  754.618196][T12496] 9pnet_fd: Insufficient options for proto=fd
[  755.005740][T12499] 9pnet_fd: Insufficient options for proto=fd
[  755.083491][T12503] xt_hashlimit: max too large, truncated to 1048576
[  756.107684][  T926] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  756.125076][T12506] kthread_run failed with err -4
[  756.308125][  T926] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  756.371818][  T926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4
[  756.427018][T12524] netlink: 'syz.2.1965': attribute type 1 has an invalid length.
[  756.444802][  T926] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  756.470437][  T926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  756.498915][T12524] 8021q: adding VLAN 0 to HW filter on device bond1
[  756.508400][  T926] usb 4-1: Product: syz
[  756.523790][  T926] usb 4-1: Manufacturer: syz
[  756.546435][T12524] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  756.555805][  T926] usb 4-1: SerialNumber: syz
[  756.562407][  T926] usb 4-1: config 0 descriptor??
[  756.571729][T12524] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  756.587164][T12524] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  756.610825][  T926] em28xx 4-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0)
[  756.634425][T12524] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  756.669878][T12524] bond1: (slave geneve2): making interface the new active one
[  756.688052][T12524] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  756.827879][  T926] em28xx 4-1:0.0: Device initialization failed.
[  756.953006][  T926] em28xx 4-1:0.0: Device must be connected to a high-speed USB 2.0 port.
[  757.195425][   T30] audit: type=1326 audit(1753787636.352:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12509 comm="syz.3.1961" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe6caf8e9a9 code=0x0
[  757.338696][T12535] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  757.444961][T12535] tipc: Disabling bearer <eth:syzkaller0>
[  757.606140][T12541] 9pnet_fd: Insufficient options for proto=fd
[  758.388927][T12545] netlink: ct family unspecified
[  758.394217][T12545] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  759.119169][T11505] usb 4-1: USB disconnect, device number 26
[  759.173521][T12548] binder: 12546:12548 ioctl c0306201 0 returned -14
[  760.349517][T12568] netlink: 'syz.4.1979': attribute type 1 has an invalid length.
[  761.845853][T12577] netlink: 'syz.0.1973': attribute type 21 has an invalid length.
[  761.853823][T12577] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1973'.
[  761.869448][T12578] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1983'.
[  763.279665][T12586] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  763.657950][T12592] netlink: ct family unspecified
[  763.663190][T12592] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  763.875001][  T926] usb 3-1: new full-speed USB device number 39 using dummy_hcd
[  764.382041][T12598] binder: 12596:12598 ioctl c0306201 0 returned -14
[  764.390816][  T926] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  764.414596][  T926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4
[  764.439563][  T926] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  764.457322][  T926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  764.500028][  T926] usb 3-1: Product: syz
[  764.520138][  T926] usb 3-1: Manufacturer: syz
[  764.597596][  T926] usb 3-1: SerialNumber: syz
[  764.838160][  T926] usb 3-1: config 0 descriptor??
[  765.004075][  T926] em28xx 3-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0)
[  765.047542][  T926] em28xx 3-1:0.0: Device initialization failed.
[  765.054032][  T926] em28xx 3-1:0.0: Device must be connected to a high-speed USB 2.0 port.
[  765.342033][   T30] audit: type=1326 audit(1753787644.492:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12590 comm="syz.2.1987" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0a48b8e9a9 code=0x0
[  765.379220][T12608] netlink: 'syz.0.1993': attribute type 1 has an invalid length.
[  766.946153][T11505] usb 3-1: USB disconnect, device number 39
[  766.988911][T12619] xt_CT: No such helper "snmp"
[  767.016296][T12625] batman_adv: batadv0: Adding interface: dummy0
[  767.022643][T12625] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  767.048137][T12625] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  767.292802][T12630] 9pnet_fd: Insufficient options for proto=fd
[  767.625956][T12627] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1999'.
[  767.821191][T12641] 9pnet_fd: Insufficient options for proto=fd
[  768.461143][T12652] netlink: 'syz.4.2006': attribute type 1 has an invalid length.
[  769.124403][T12658] netlink: 'syz.0.2009': attribute type 8 has an invalid length.
[  769.694792][T12666] xt_CT: No such helper "snmp"
[  769.872100][T12679] netlink: 'syz.2.2017': attribute type 10 has an invalid length.
[  770.136677][T12685] 9pnet_fd: Insufficient options for proto=fd
[  771.808728][T12710] netlink: 'syz.2.2023': attribute type 10 has an invalid length.
[  771.817653][T12710] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[  771.859289][T12710] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  771.871156][T12710] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  772.045040][T12711] loop6: detected capacity change from 0 to 7
[  772.053780][T12711] Dev loop6: unable to read RDB block 7
[  772.063859][T12711]  loop6: AHDI p1 p2 p3
[  772.082183][T12711] loop6: partition table partially beyond EOD, truncated
[  772.095771][T12711] loop6: p1 start 926365495 is beyond EOD, truncated
[  772.102964][T12711] loop6: p2 size 116 extends beyond EOD, truncated
[  772.514923][T12717] xt_CT: No such helper "snmp"
[  773.552554][   T30] audit: type=1800 audit(1753787652.702:91): pid=12736 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.2034" name="bus" dev="tmpfs" ino=2502 res=0 errno=0
[  777.325326][T12765] 9pnet_fd: Insufficient options for proto=fd
[  780.701006][T12805] siw: device registration error -23
[  781.680141][T12810] loop6: detected capacity change from 0 to 63
[  781.698407][T12810] buffer_io_error: 126 callbacks suppressed
[  781.698459][T12810] Buffer I/O error on dev loop6, logical block 0, async page read
[  781.732191][T12810] Buffer I/O error on dev loop6, logical block 1, async page read
[  781.746473][T12810] Buffer I/O error on dev loop6, logical block 2, async page read
[  781.763294][T12810] Buffer I/O error on dev loop6, logical block 3, async page read
[  781.805154][T12810] Buffer I/O error on dev loop6, logical block 0, async page read
[  781.814700][T12810] Buffer I/O error on dev loop6, logical block 1, async page read
[  781.824517][T12810] Buffer I/O error on dev loop6, logical block 2, async page read
[  781.839043][T12810] Buffer I/O error on dev loop6, logical block 3, async page read
[  781.859971][T12810] Buffer I/O error on dev loop6, logical block 0, async page read
[  781.874222][T12810] Buffer I/O error on dev loop6, logical block 1, async page read
[  783.033477][T12825] binder: 12821:12825 ioctl c00c6211 ffffffffffffffff returned -14
[  783.234107][T12834] trusted_key: encrypted_key: insufficient parameters specified
[  784.175727][   T44] IPVS: starting estimator thread 0...
[  784.441238][T12859] IPVS: using max 30 ests per chain, 72000 per kthread
[  785.427024][T12870] binder: 12864:12870 ioctl c00c6211 ffffffffffffffff returned -14
[  785.985726][T12874] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  787.336536][T12890] netlink: 'syz.4.2082': attribute type 1 has an invalid length.
[  787.512014][T12890] 8021q: adding VLAN 0 to HW filter on device bond3
[  790.053142][T12928] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  791.113475][T12934] 9pnet_fd: Insufficient options for proto=fd
[  794.070607][T12959] 9pnet_fd: Insufficient options for proto=fd
[  794.766084][T12973] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  795.604881][   T30] audit: type=1326 audit(1753787674.172:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12963 comm="syz.3.2106" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe6caf8e9a9 code=0x0
[  795.809386][T12984] binder: 12960:12984 ioctl c00c6211 ffffffffffffffff returned -14
[  796.242636][T12992] loop6: detected capacity change from 0 to 63
[  796.381322][T12992] buffer_io_error: 134 callbacks suppressed
[  796.381381][T12992] Buffer I/O error on dev loop6, logical block 0, async page read
[  796.399722][T12992] Buffer I/O error on dev loop6, logical block 1, async page read
[  796.411442][T12992] Buffer I/O error on dev loop6, logical block 2, async page read
[  796.421825][T12992] Buffer I/O error on dev loop6, logical block 3, async page read
[  796.433119][T12992] Buffer I/O error on dev loop6, logical block 0, async page read
[  796.443888][T12992] Buffer I/O error on dev loop6, logical block 1, async page read
[  796.454569][T12992] Buffer I/O error on dev loop6, logical block 2, async page read
[  796.464556][T12992] Buffer I/O error on dev loop6, logical block 3, async page read
[  796.474594][T12992] Buffer I/O error on dev loop6, logical block 0, async page read
[  796.485305][T12992] Buffer I/O error on dev loop6, logical block 1, async page read
[  797.478153][T13008] FAULT_INJECTION: forcing a failure.
[  797.478153][T13008] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  797.497494][T13008] CPU: 0 UID: 0 PID: 13008 Comm: syz.4.2117 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  797.497527][T13008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  797.497542][T13008] Call Trace:
[  797.497551][T13008]  <TASK>
[  797.497561][T13008]  dump_stack_lvl+0x189/0x250
[  797.497590][T13008]  ? __pfx____ratelimit+0x10/0x10
[  797.497614][T13008]  ? __pfx_dump_stack_lvl+0x10/0x10
[  797.497639][T13008]  ? __pfx__printk+0x10/0x10
[  797.497668][T13008]  ? __might_fault+0xb0/0x130
[  797.497699][T13008]  should_fail_ex+0x414/0x560
[  797.497723][T13008]  _copy_from_user+0x2d/0xb0
[  797.497748][T13008]  memdup_user+0x5e/0xd0
[  797.497771][T13008]  strndup_user+0x68/0xd0
[  797.497826][T13008]  __se_sys_mount+0xde/0x410
[  797.497847][T13008]  ? ksys_write+0x22a/0x250
[  797.497865][T13008]  ? __pfx___se_sys_mount+0x10/0x10
[  797.497883][T13008]  ? rcu_is_watching+0x15/0xb0
[  797.497906][T13008]  ? do_syscall_64+0xbe/0x3b0
[  797.497924][T13008]  ? __x64_sys_mount+0x20/0xc0
[  797.497945][T13008]  do_syscall_64+0xfa/0x3b0
[  797.497964][T13008]  ? lockdep_hardirqs_on+0x9c/0x150
[  797.497983][T13008]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.498000][T13008]  ? clear_bhb_loop+0x60/0xb0
[  797.498021][T13008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.498037][T13008] RIP: 0033:0x7f6abb58e9a9
[  797.498053][T13008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  797.498068][T13008] RSP: 002b:00007f6ab93f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  797.498088][T13008] RAX: ffffffffffffffda RBX: 00007f6abb7b5fa0 RCX: 00007f6abb58e9a9
[  797.498101][T13008] RDX: 0000200000000040 RSI: 0000200000000a00 RDI: 0000200000000000
[  797.498113][T13008] RBP: 00007f6ab93f6090 R08: 0000000000000000 R09: 0000000000000000
[  797.498124][T13008] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  797.498134][T13008] R13: 0000000000000000 R14: 00007f6abb7b5fa0 R15: 00007ffd37830fa8
[  797.498160][T13008]  </TASK>
[  798.687444][T13022] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2123'.
[  799.769066][T13039] loop6: detected capacity change from 0 to 63
[  801.922514][  T926] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  802.075591][  T926] usb 5-1: device descriptor read/64, error -71
[  802.324795][  T926] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  802.526048][  T926] usb 5-1: device descriptor read/64, error -71
[  802.635659][  T926] usb usb5-port1: attempt power cycle
[  802.974725][  T926] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  803.041502][  T926] usb 5-1: device descriptor read/8, error -71
[  803.304923][  T926] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  803.351436][  T926] usb 5-1: device descriptor read/8, error -71
[  803.467937][  T926] usb usb5-port1: unable to enumerate USB device
[  804.270032][T13082] netlink: 16098 bytes leftover after parsing attributes in process `syz.4.2137'.
[  805.652151][T13106] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2143'.
[  806.023597][T13112] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[  807.172494][T13117] loop6: detected capacity change from 0 to 63
[  807.180265][T13117] buffer_io_error: 1730 callbacks suppressed
[  807.180279][T13117] Buffer I/O error on dev loop6, logical block 0, async page read
[  807.194349][T13117] Buffer I/O error on dev loop6, logical block 1, async page read
[  807.202348][T13117] Buffer I/O error on dev loop6, logical block 2, async page read
[  807.210302][T13117] Buffer I/O error on dev loop6, logical block 3, async page read
[  807.218448][T13117] Buffer I/O error on dev loop6, logical block 0, async page read
[  807.226395][T13117] Buffer I/O error on dev loop6, logical block 1, async page read
[  807.234313][T13117] Buffer I/O error on dev loop6, logical block 2, async page read
[  807.242320][T13117] Buffer I/O error on dev loop6, logical block 3, async page read
[  807.250332][T13117] Buffer I/O error on dev loop6, logical block 0, async page read
[  807.258253][T13117] Buffer I/O error on dev loop6, logical block 1, async page read
[  808.792078][T13131] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2151'.
[  809.001484][T13136] netlink: 'syz.2.2153': attribute type 4 has an invalid length.
[  810.183129][T13154] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  811.264828][  T926] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  811.441889][  T926] usb 3-1: Using ep0 maxpacket: 8
[  811.459655][  T926] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7
[  811.487358][  T926] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  811.524782][  T926] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  811.565742][  T926] usb 3-1: Product: syz
[  811.570051][  T926] usb 3-1: Manufacturer: syz
[  811.581450][T13169] sit0: Master is either lo or non-ether device
[  811.605394][  T926] usb 3-1: SerialNumber: syz
[  811.965678][  T926] usb 3-1: Invalid connection information received from device
[  812.098912][T13176] siw: device registration error -23
[  812.490607][T13156] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  812.696080][T13156] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  812.797727][  T926] usb 3-1: USB disconnect, device number 40
[  813.469705][T13196] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  813.481847][T13196] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  813.500612][T13196] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  813.512522][T13196] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  813.521826][T13196] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  813.950094][T13195] lo speed is unknown, defaulting to 1000
[  814.005391][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  814.011796][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  814.140303][T13205] binder: 13201:13205 ioctl c00c6211 ffffffffffffffff returned -14
[  814.927127][T13195] chnl_net:caif_netlink_parms(): no params data found
[  815.576822][T13195] bridge0: port 1(bridge_slave_0) entered blocking state
[  815.604618][ T5844] Bluetooth: hci5: command tx timeout
[  815.614011][T13195] bridge0: port 1(bridge_slave_0) entered disabled state
[  815.676863][T13230] x_tables: duplicate underflow at hook 1
[  815.870486][T13195] bridge_slave_0: entered allmulticast mode
[  816.638232][T11506] usb 3-1: new full-speed USB device number 41 using dummy_hcd
[  816.657902][T13195] bridge_slave_0: entered promiscuous mode
[  816.700233][T13195] bridge0: port 2(bridge_slave_1) entered blocking state
[  816.714155][T13217] delete_channel: no stack
[  816.739220][T13195] bridge0: port 2(bridge_slave_1) entered disabled state
[  816.774938][T13195] bridge_slave_1: entered allmulticast mode
[  816.821213][T13195] bridge_slave_1: entered promiscuous mode
[  816.843130][T11506] usb 3-1: not running at top speed; connect to a high speed hub
[  816.852967][T11506] usb 3-1: config 1 interface 0 altsetting 208 endpoint 0x82 has invalid maxpacket 1023, setting to 64
[  816.881716][T11506] usb 3-1: config 1 interface 0 has no altsetting 0
[  816.895018][T11506] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  816.914623][T11506] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  816.932521][T11506] usb 3-1: Product: 䌀駧㤲莝ሣ臈励猛鴌벁躙憛⭿ۜ뫏큨㔱◫쾡墨蓿窿昼譱໮ࡴDŽ괯꒙ℓ✕︕ヱ퐺癉秽潶奙䟕㳺䝈圯拣ꧯ慓韘쪢Ⰷ沂蜕飥뵞紇䇞潩ꊜ켊慄茌䣷ѻ袝ᇶ呿臝થ輬蒈俎骍殮齗
[  816.993451][T11506] usb 3-1: Manufacturer: 䄸쇉躪ά쌛靎习Ҽꩥ鼍嶆苎난赅歒鮢䋰とꀘ㓎葓宅㐱㍴ଦ⋦⿢㍮ⓣ짖ᮅ瀃噐㠬烴鱋휷㬒ᵜﾠ၁앃飔噚䙦횥唃烦穡팒铌ﲅ余䨎锔鿈曭谬钙탎莫댧З思갫橎彽곬
[  817.045936][T13195] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  817.069867][T13195] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  817.094546][T11506] usb 3-1: SerialNumber: 䠊
[  817.113148][T13228] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  817.615393][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[  817.687007][ T5844] Bluetooth: hci5: command tx timeout
[  817.813371][T11506] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71
[  817.850733][T11506] usb 3-1: USB disconnect, device number 41
[  817.923519][T13195] team0: Port device team_slave_0 added
[  817.966260][T13195] team0: Port device team_slave_1 added
[  818.079135][T13195] batman_adv: batadv0: Adding interface: batadv_slave_0
[  818.086631][T13195] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  818.148645][T13195] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  818.193023][T13195] batman_adv: batadv0: Adding interface: batadv_slave_1
[  818.210667][T13195] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  818.236622][    C1] vkms_vblank_simulate: vblank timer overrun
[  818.271537][T13195] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  818.337865][T13243] overlay: ./bus is not a directory
[  819.421777][T13195] hsr_slave_0: entered promiscuous mode
[  819.454040][T13195] hsr_slave_1: entered promiscuous mode
[  819.491157][T13195] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  819.504682][T13195] Cannot create hsr debugfs directory
[  819.783546][ T5844] Bluetooth: hci5: command tx timeout
[  820.689601][T13262] sctp: [Deprecated]: syz.2.2189 (pid 13262) Use of int in max_burst socket option.
[  820.689601][T13262] Use struct sctp_assoc_value instead
[  820.723994][T13261] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2189'.
[  820.744679][T13261] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2189'.
[  821.016418][   T30] audit: type=1326 audit(1753787700.132:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13263 comm="syz.4.2191" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6abb58e9a9 code=0x0
[  821.838388][ T5844] Bluetooth: hci5: command tx timeout
[  821.875714][T13195] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  821.893611][T13195] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  821.916095][T13195] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  821.932323][T13272] binder: 13268:13272 ioctl c00c6211 ffffffffffffffff returned -14
[  821.949618][T13195] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  823.656013][T13195] 8021q: adding VLAN 0 to HW filter on device bond0
[  823.694371][T13195] 8021q: adding VLAN 0 to HW filter on device team0
[  823.812010][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  823.819292][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  823.866380][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  823.873546][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  824.115242][ T5928] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  824.507075][ T5928] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  824.544578][ T5928] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[  824.553600][ T5928] usb 5-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  824.784893][ T5928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  824.812669][ T5928] usb 5-1: config 0 descriptor??
[  824.878715][T13195] 8021q: adding VLAN 0 to HW filter on device batadv0
[  825.118519][T13287] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2196'.
[  825.375381][T13287] 8021q: adding VLAN 0 to HW filter on device bond4
[  825.615956][ T5928] Bluetooth: Can't get version to change to load ram patch err
[  825.623567][ T5928] Bluetooth: Loading patch file failed
[  825.684691][ T5928] ath3k 5-1:0.0: probe with driver ath3k failed with error -71
[  825.700241][ T5928] usb 5-1: USB disconnect, device number 24
[  826.068438][T13317] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2201'.
[  827.685791][T13323] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2204'.
[  827.695494][T13327] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2204'.
[  827.704811][T13327] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  827.712398][T13327] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  827.828553][T13195] veth0_vlan: entered promiscuous mode
[  827.873507][T13195] veth1_vlan: entered promiscuous mode
[  827.947526][T13195] veth0_macvtap: entered promiscuous mode
[  827.970931][T13195] veth1_macvtap: entered promiscuous mode
[  828.021506][T13195] batman_adv: batadv0: Interface activated: batadv_slave_0
[  828.091702][T13195] batman_adv: batadv0: Interface activated: batadv_slave_1
[  828.449585][T13195] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  828.461370][T13334] No control pipe specified
[  828.487645][T13195] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  828.509783][T13195] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  828.521553][T13195] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  829.116330][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  829.124649][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  829.132515][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  829.140071][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  830.920993][T13361] IPv6: NLM_F_REPLACE set, but no existing node found!
[  832.330222][T13371] loop6: detected capacity change from 0 to 7
[  832.338056][T13371] Dev loop6: unable to read RDB block 7
[  832.346453][T13371]  loop6: AHDI p1 p2 p3
[  832.351344][T13371] loop6: partition table partially beyond EOD, truncated
[  832.359988][T13371] loop6: p1 start 926365495 is beyond EOD, truncated
[  832.374742][T13371] loop6: p2 size 116 extends beyond EOD, truncated
[  832.654607][ T5953] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[  833.076526][ T5953] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  833.098854][ T5953] usb 5-1: too many endpoints for config 2 interface 0 altsetting 1: 128, using maximum allowed: 30
[  833.119470][ T5953] usb 5-1: config 2 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 128
[  833.133727][ T5953] usb 5-1: config 2 interface 0 has no altsetting 0
[  833.143053][ T5953] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  833.154797][ T5953] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  833.165072][ T5953] usb 5-1: Product: syz
[  833.169359][ T5953] usb 5-1: Manufacturer: syz
[  833.190216][ T5953] usb 5-1: SerialNumber: syz
[  833.212087][ T5953] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  833.225324][ T5953] usb 5-1: selecting invalid altsetting 0
[  833.237869][ T5953] usb 5-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  833.410882][T13390] netlink: 'syz.2.2223': attribute type 9 has an invalid length.
[  833.412673][ T5953] usb 5-1: USB disconnect, device number 25
[  833.435134][T13390] netlink: 184 bytes leftover after parsing attributes in process `syz.2.2223'.
[  835.701616][T13417] 9pnet_fd: Insufficient options for proto=fd
[  835.786723][T13428] loop6: detected capacity change from 0 to 524287999
[  838.072802][T13196] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  838.163487][T13196] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  838.173861][T13196] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  838.231676][T13196] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  838.243904][T13196] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  839.406193][T13457] lo speed is unknown, defaulting to 1000
[  840.314610][T13196] Bluetooth: hci6: command tx timeout
[  841.148290][T13457] chnl_net:caif_netlink_parms(): no params data found
[  841.618288][T13492] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2248'.
[  842.395330][T13196] Bluetooth: hci6: command tx timeout
[  842.426211][T13457] bridge0: port 1(bridge_slave_0) entered blocking state
[  842.433592][T13457] bridge0: port 1(bridge_slave_0) entered disabled state
[  842.455264][T13457] bridge_slave_0: entered allmulticast mode
[  842.463431][T13457] bridge_slave_0: entered promiscuous mode
[  842.523136][T13457] bridge0: port 2(bridge_slave_1) entered blocking state
[  842.539520][T13457] bridge0: port 2(bridge_slave_1) entered disabled state
[  842.557622][T13457] bridge_slave_1: entered allmulticast mode
[  842.597179][T13457] bridge_slave_1: entered promiscuous mode
[  843.081179][T13457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  843.134259][T13457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  843.299961][T13457] team0: Port device team_slave_0 added
[  843.380130][T13457] team0: Port device team_slave_1 added
[  843.668544][T13457] batman_adv: batadv0: Adding interface: batadv_slave_0
[  843.843374][T13457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  843.869383][    C0] vkms_vblank_simulate: vblank timer overrun
[  844.101501][T13457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  844.196333][T13457] batman_adv: batadv0: Adding interface: batadv_slave_1
[  844.203382][T13457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  844.474982][T13196] Bluetooth: hci6: command tx timeout
[  844.801402][T13457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  845.068281][T13457] hsr_slave_0: entered promiscuous mode
[  845.095756][T13457] hsr_slave_1: entered promiscuous mode
[  845.124018][T13457] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  845.144860][T13457] Cannot create hsr debugfs directory
[  846.459752][T13552] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  846.535455][   T30] audit: type=1800 audit(1753787725.682:94): pid=13553 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.2265" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  846.556099][T13196] Bluetooth: hci6: command tx timeout
[  846.668491][T13457] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  846.975632][T13457] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  847.020996][T13457] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  847.060789][T13457] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  847.338646][T13457] 8021q: adding VLAN 0 to HW filter on device bond0
[  848.237117][T13457] 8021q: adding VLAN 0 to HW filter on device team0
[  848.458954][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  848.466256][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  849.269023][ T3980] bridge0: port 2(bridge_slave_1) entered blocking state
[  849.276389][ T3980] bridge0: port 2(bridge_slave_1) entered forwarding state
[  851.437471][T13457] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  851.448843][T13457] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  852.565543][T13457] 8021q: adding VLAN 0 to HW filter on device batadv0
[  853.707819][T13457] veth0_vlan: entered promiscuous mode
[  853.783150][T13457] veth1_vlan: entered promiscuous mode
[  853.884242][T13457] veth0_macvtap: entered promiscuous mode
[  853.907026][T13609] netlink: 'syz.1.2277': attribute type 12 has an invalid length.
[  853.909503][T13457] veth1_macvtap: entered promiscuous mode
[  853.944644][T13609] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.2277'.
[  853.991777][T13457] batman_adv: batadv0: Interface activated: batadv_slave_0
[  854.022126][T13457] batman_adv: batadv0: Interface activated: batadv_slave_1
[  854.062754][T13457] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  854.087572][T13457] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  854.110779][T13457] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  854.128398][T13457] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  854.448095][ T3980] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  854.519203][T13611] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  854.594733][ T3980] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  854.743820][ T5989] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  854.752942][T13613] overlayfs: workdir and upperdir must be separate subtrees
[  854.761675][ T5989] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  856.132535][T13627] 9pnet_fd: Insufficient options for proto=fd
[  857.488634][T13642] 9pnet_fd: Insufficient options for proto=fd
[  858.121332][T13645] 9pnet_fd: Insufficient options for proto=fd
[  859.639634][T13655] netlink: 'syz.5.2290': attribute type 1 has an invalid length.
[  862.304265][T13672] 9pnet_fd: Insufficient options for proto=fd
[  863.460600][T13682] binder: 13681:13682 ioctl 541b 200000000140 returned -22
[  863.824753][T13687] binder: 13686:13687 ioctl 541b 200000000140 returned -22
[  864.183264][T13693] netlink: 'syz.2.2301': attribute type 1 has an invalid length.
[  867.238619][   T44] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  867.639086][   T44] usb 2-1: Using ep0 maxpacket: 8
[  867.647287][   T44] usb 2-1: too many configurations: 120, using maximum allowed: 8
[  867.673138][   T44] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  867.692062][   T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=24
[  868.754654][T13729] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2313'.
[  868.771530][   T44] usb 2-1: Product: syz
[  868.777741][   T44] usb 2-1: Manufacturer: syz
[  868.782800][   T44] usb 2-1: SerialNumber: syz
[  868.872769][   T44] usb 2-1: config 0 descriptor??
[  868.893992][   T44] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  868.903023][   T44] usb 2-1: setting power ON
[  868.997503][   T44] dvb-usb: bulk message failed: -22 (2/0)
[  869.054354][   T44] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  869.068902][T13732] binder: 13731:13732 ioctl 541b 200000000140 returned -22
[  869.083439][   T44] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  869.100071][T13707] dvb-usb: bulk message failed: -22 (3/0)
[  869.131725][T13707] dvb-usb: bulk message failed: -22 (4/0)
[  869.141892][   T44] usb 2-1: media controller created
[  869.164665][T13707] cxusb: i2c read failed
[  869.237836][   T44] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  869.422124][   T44] usb 2-1: selecting invalid altsetting 6
[  869.440640][   T44] usb 2-1: digital interface selection failed (-22)
[  869.604754][   T44] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  869.615488][   T44] usb 2-1: setting power OFF
[  869.620680][   T44] dvb-usb: bulk message failed: -22 (2/0)
[  869.633253][   T44] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  869.643124][   T44] (NULL device *): no alternate interface
[  869.747654][T13740] siw: device registration error -23
[  870.722977][   T44] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  870.776567][T11506] usb 2-1: USB disconnect, device number 30
[  872.434728][T11506] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  872.586427][T11506] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  872.608791][T11506] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  872.669833][T11506] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  872.715117][T11506] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  872.764359][T13755] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  872.779732][T11506] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  873.352274][T11506] usb 5-1: USB disconnect, device number 26
[  873.482324][T13771] binder: 13769:13771 ioctl 541b 200000000140 returned -22
[  875.448006][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  875.454666][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  875.673825][T13785] netlink: 'syz.5.2329': attribute type 32 has an invalid length.
[  876.104806][T11506] usb 7-1: new low-speed USB device number 2 using dummy_hcd
[  876.278003][T11506] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  876.289428][ T5953] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  876.307410][T11506] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  876.324153][T11506] usb 7-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  876.334038][T11506] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  876.352699][T11506] usb 7-1: config 0 descriptor??
[  876.440982][T13806] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 00:00:00:00:00:00
[  876.464949][ T5953] usb 5-1: Using ep0 maxpacket: 16
[  876.482498][ T5953] usb 5-1: unable to get BOS descriptor or descriptor too short
[  876.492318][ T5953] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1568, setting to 1024
[  876.505024][ T5953] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  876.515597][ T5953] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  876.525915][ T5953] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  876.540675][ T5953] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  876.550008][ T5953] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.558355][ T5953] usb 5-1: Product: syz
[  876.562656][ T5953] usb 5-1: Manufacturer: syz
[  876.568846][ T5953] usb 5-1: SerialNumber: syz
[  876.704989][  T926] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  876.782723][T11506] lenovo 0003:17EF:6047.0007: unknown main item tag 0x0
[  876.867277][  T926] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  876.904544][  T926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  876.924874][  T926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  876.949653][  T926] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  876.983220][  T926] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  877.002848][  T926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  877.076528][  T926] usb 2-1: config 0 descriptor??
[  877.120522][T11506] lenovo 0003:17EF:6047.0007: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.6-1/input0
[  878.160290][  T926] usbhid 2-1:0.0: can't add hid device: -71
[  878.388084][  T926] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  878.415006][  T926] usb 2-1: USB disconnect, device number 31
[  879.171456][ T5953] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[  879.204536][ T5953] cdc_ncm 5-1:1.0: bind() failure
[  879.241061][ T5953] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  879.252992][  T926] usb 7-1: USB disconnect, device number 2
[  879.264788][ T5953] cdc_ncm 5-1:1.1: bind() failure
[  879.274294][ T5953] usb 5-1: USB disconnect, device number 27
[  883.574399][T13878] binder: 13874:13878 ioctl c00c6211 ffffffffffffffff returned -14
[  885.684240][T13885] ALSA: mixer_oss: invalid OSS volume ''
[  885.715172][T13893] netlink: 'syz.2.2361': attribute type 1 has an invalid length.
[  887.809761][   T30] audit: type=1326 audit(1753787766.882:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13912 comm="syz.5.2368" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd76438e9a9 code=0x0
[  888.042035][T13920] bridge0: port 2(bridge_slave_1) entered disabled state
[  888.049855][T13920] bridge0: port 1(bridge_slave_0) entered disabled state
[  888.375212][T13922] bridge_slave_1: left allmulticast mode
[  888.381847][T13922] bridge_slave_1: left promiscuous mode
[  888.390803][T13922] bridge0: port 2(bridge_slave_1) entered disabled state
[  888.578942][T13927] 9pnet_fd: Insufficient options for proto=fd
[  888.960315][T13922] bridge_slave_0: left allmulticast mode
[  888.984845][T13922] bridge_slave_0: left promiscuous mode
[  888.990739][T13922] bridge0: port 1(bridge_slave_0) entered disabled state
[  889.296860][T13929] mac80211_hwsim hwsim25 wlan0: entered promiscuous mode
[  889.377008][T13929] macsec1: entered promiscuous mode
[  889.384239][T13939] netlink: 'syz.1.2375': attribute type 1 has an invalid length.
[  889.403616][T13929] macsec1: entered allmulticast mode
[  889.771343][T13929] mac80211_hwsim hwsim25 wlan0: entered allmulticast mode
[  890.198562][T13945] binder: 13944:13945 ioctl c0306201 0 returned -14
[  891.499724][T13959] netlink: 'syz.5.2380': attribute type 1 has an invalid length.
[  891.528002][T13959] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2380'.
[  893.669108][  T926] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  894.557836][  T926] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  894.661310][  T926] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  894.734823][  T926] usb 7-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[  894.744071][  T926] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  894.783462][  T926] usb 7-1: config 0 descriptor??
[  894.980763][T13988] netlink: 'syz.2.2387': attribute type 1 has an invalid length.
[  895.548980][  T926] bigben 0003:146B:0902.0008: unexpected rdesc, please submit for review
[  895.595938][  T926] bigben 0003:146B:0902.0008: item fetching failed at offset 1/5
[  895.622139][  T926] bigben 0003:146B:0902.0008: parse failed
[  895.634999][T13995] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2389'.
[  895.644270][  T926] bigben 0003:146B:0902.0008: probe with driver bigben failed with error -22
[  895.868194][  T926] usb 7-1: USB disconnect, device number 3
[  896.736203][ T5844] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  896.756827][ T5844] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  896.773625][ T5844] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  897.312476][ T5845] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  897.327896][T14020] binder: 14011:14020 ioctl c00c6211 ffffffffffffffff returned -14
[  897.465654][ T5845] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  897.650422][T14010] lo speed is unknown, defaulting to 1000
[  899.514715][ T5845] Bluetooth: hci7: command tx timeout
[  901.141015][T14010] chnl_net:caif_netlink_parms(): no params data found
[  901.594830][ T5845] Bluetooth: hci7: command tx timeout
[  901.659572][T14073] netlink: 848 bytes leftover after parsing attributes in process `syz.1.2406'.
[  901.675557][T14010] bridge0: port 1(bridge_slave_0) entered blocking state
[  901.682769][T14010] bridge0: port 1(bridge_slave_0) entered disabled state
[  901.707390][T14010] bridge_slave_0: entered allmulticast mode
[  901.720928][T14076] netlink: 'syz.5.2408': attribute type 9 has an invalid length.
[  901.738633][T14010] bridge_slave_0: entered promiscuous mode
[  901.751563][T14076] netlink: 184 bytes leftover after parsing attributes in process `syz.5.2408'.
[  901.773441][T14010] bridge0: port 2(bridge_slave_1) entered blocking state
[  901.781179][T14010] bridge0: port 2(bridge_slave_1) entered disabled state
[  901.791501][T14010] bridge_slave_1: entered allmulticast mode
[  901.800066][T14010] bridge_slave_1: entered promiscuous mode
[  901.875065][  T926] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  901.904051][T14010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  901.928021][T14010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  902.004869][  T926] usb 2-1: device descriptor read/64, error -71
[  902.069644][T14010] team0: Port device team_slave_0 added
[  902.097712][T14010] team0: Port device team_slave_1 added
[  902.202115][T14084] FAULT_INJECTION: forcing a failure.
[  902.202115][T14084] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  902.238646][T14084] CPU: 0 UID: 0 PID: 14084 Comm: syz.5.2411 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  902.238685][T14084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  902.238699][T14084] Call Trace:
[  902.238709][T14084]  <TASK>
[  902.238718][T14084]  dump_stack_lvl+0x189/0x250
[  902.238748][T14084]  ? __pfx____ratelimit+0x10/0x10
[  902.238773][T14084]  ? __pfx_dump_stack_lvl+0x10/0x10
[  902.238797][T14084]  ? __pfx__printk+0x10/0x10
[  902.238838][T14084]  should_fail_ex+0x414/0x560
[  902.238867][T14084]  strncpy_from_user+0x36/0x290
[  902.238907][T14084]  getname_flags+0xf3/0x540
[  902.238932][T14084]  ? _copy_from_user+0x94/0xb0
[  902.238966][T14084]  user_path_at+0x24/0x60
[  902.238997][T14084]  __se_sys_mount+0x2d3/0x410
[  902.239030][T14084]  ? __pfx___se_sys_mount+0x10/0x10
[  902.239052][T14084]  ? rcu_is_watching+0x15/0xb0
[  902.239082][T14084]  ? do_syscall_64+0xbe/0x3b0
[  902.239105][T14084]  ? __x64_sys_mount+0x20/0xc0
[  902.239131][T14084]  do_syscall_64+0xfa/0x3b0
[  902.239155][T14084]  ? lockdep_hardirqs_on+0x9c/0x150
[  902.239176][T14084]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  902.239197][T14084]  ? clear_bhb_loop+0x60/0xb0
[  902.239223][T14084]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  902.239245][T14084] RIP: 0033:0x7fd76438e9a9
[  902.239264][T14084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  902.239284][T14084] RSP: 002b:00007fd7651ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  902.239307][T14084] RAX: ffffffffffffffda RBX: 00007fd7645b5fa0 RCX: 00007fd76438e9a9
[  902.239324][T14084] RDX: 0000200000000040 RSI: 0000200000000a00 RDI: 0000200000000000
[  902.239340][T14084] RBP: 00007fd7651ff090 R08: 0000000000000000 R09: 0000000000000000
[  902.239354][T14084] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  902.239367][T14084] R13: 0000000000000000 R14: 00007fd7645b5fa0 R15: 00007fffeb9b4528
[  902.239400][T14084]  </TASK>
[  902.248048][  T926] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  902.346057][T14088] netlink: 'syz.6.2412': attribute type 1 has an invalid length.
[  902.420604][T14089] netlink: 'syz.5.2413': attribute type 1 has an invalid length.
[  902.580330][  T926] usb 2-1: device descriptor read/64, error -71
[  902.924657][T14099] binder: 14093:14099 ioctl c00c6211 ffffffffffffffff returned -14
[  903.192331][  T926] usb usb2-port1: attempt power cycle
[  903.263629][T14010] batman_adv: batadv0: Adding interface: batadv_slave_0
[  903.274683][T14010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  903.318737][T14010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  903.391336][T14092] bond1: (slave veth3): Enslaving as an active interface with a down link
[  903.408407][T14010] batman_adv: batadv0: Adding interface: batadv_slave_1
[  903.415865][T14010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  903.458198][T14010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  903.578918][  T926] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  903.635747][  T926] usb 2-1: device descriptor read/8, error -71
[  903.677662][ T5845] Bluetooth: hci7: command tx timeout
[  903.778735][T14010] hsr_slave_0: entered promiscuous mode
[  903.796388][T14010] hsr_slave_1: entered promiscuous mode
[  903.809494][T14010] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  903.827947][T14010] Cannot create hsr debugfs directory
[  903.894934][  T926] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  903.935518][  T926] usb 2-1: device descriptor read/8, error -71
[  904.424687][  T926] usb usb2-port1: unable to enumerate USB device
[  904.490053][T14010] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  904.606030][T14010] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  904.630451][T14010] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  904.661978][T14010] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  905.013848][T14137] netlink: 'syz.1.2424': attribute type 1 has an invalid length.
[  905.063152][T14010] 8021q: adding VLAN 0 to HW filter on device bond0
[  905.274348][T14010] 8021q: adding VLAN 0 to HW filter on device team0
[  906.164000][ T5845] Bluetooth: hci7: command tx timeout
[  906.465270][T14144] bridge0: port 1(bridge_slave_0) entered blocking state
[  906.472528][T14144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  906.516859][T14144] bridge0: port 2(bridge_slave_1) entered blocking state
[  906.524071][T14144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  906.711449][T14148] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2427'.
[  907.094802][T11506] usb 3-1: new full-speed USB device number 42 using dummy_hcd
[  907.129147][T14155] xt_CT: No such helper "snmp"
[  907.175788][T14159] FAULT_INJECTION: forcing a failure.
[  907.175788][T14159] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  907.195098][T14159] CPU: 0 UID: 0 PID: 14159 Comm: syz.1.2429 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  907.195146][T14159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  907.195160][T14159] Call Trace:
[  907.195169][T14159]  <TASK>
[  907.195179][T14159]  dump_stack_lvl+0x189/0x250
[  907.195207][T14159]  ? __pfx____ratelimit+0x10/0x10
[  907.195232][T14159]  ? __pfx_dump_stack_lvl+0x10/0x10
[  907.195257][T14159]  ? __pfx__printk+0x10/0x10
[  907.195310][T14159]  should_fail_ex+0x414/0x560
[  907.195339][T14159]  _copy_to_user+0x31/0xb0
[  907.195373][T14159]  simple_read_from_buffer+0xe1/0x170
[  907.195402][T14159]  proc_fail_nth_read+0x1df/0x250
[  907.195434][T14159]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  907.195464][T14159]  ? rw_verify_area+0x258/0x650
[  907.195498][T14159]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  907.195526][T14159]  vfs_read+0x200/0x980
[  907.195566][T14159]  ? __pfx___mutex_lock+0x10/0x10
[  907.195592][T14159]  ? __pfx_vfs_read+0x10/0x10
[  907.195628][T14159]  ? __fget_files+0x2a/0x420
[  907.195658][T14159]  ? __fget_files+0x3a0/0x420
[  907.195679][T14159]  ? __fget_files+0x2a/0x420
[  907.195711][T14159]  ksys_read+0x145/0x250
[  907.195733][T14159]  ? __pfx_ksys_read+0x10/0x10
[  907.195747][T14159]  ? rcu_is_watching+0x15/0xb0
[  907.195775][T14159]  ? do_syscall_64+0xbe/0x3b0
[  907.195801][T14159]  do_syscall_64+0xfa/0x3b0
[  907.195823][T14159]  ? lockdep_hardirqs_on+0x9c/0x150
[  907.195844][T14159]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  907.195863][T14159]  ? clear_bhb_loop+0x60/0xb0
[  907.195888][T14159]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  907.195906][T14159] RIP: 0033:0x7f4c5a78d3bc
[  907.195949][T14159] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  907.195965][T14159] RSP: 002b:00007f4c5b560030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  907.195985][T14159] RAX: ffffffffffffffda RBX: 00007f4c5a9b6160 RCX: 00007f4c5a78d3bc
[  907.195999][T14159] RDX: 000000000000000f RSI: 00007f4c5b5600a0 RDI: 0000000000000004
[  907.196011][T14159] RBP: 00007f4c5b560090 R08: 0000000000000000 R09: 0000000000000000
[  907.196023][T14159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  907.196034][T14159] R13: 0000000000000001 R14: 00007f4c5a9b6160 R15: 00007ffd6edf01c8
[  907.196065][T14159]  </TASK>
[  907.456196][T14010] 8021q: adding VLAN 0 to HW filter on device batadv0
[  907.550389][T11506] usb 3-1: config 16 has an invalid interface number: 168 but max is 0
[  907.558928][T11506] usb 3-1: config 16 has no interface number 0
[  907.565217][T11506] usb 3-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  907.577112][T11506] usb 3-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  907.588365][T11506] usb 3-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  907.598853][T11506] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  907.611033][T14151] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  907.622142][T11506] HFC-S_USB 3-1:16.168: probe with driver HFC-S_USB failed with error -5
[  907.704582][T14164] 9pnet_fd: Insufficient options for proto=fd
[  908.578977][T11485] usb 3-1: USB disconnect, device number 42
[  909.465937][T14186] netlink: 'syz.5.2436': attribute type 1 has an invalid length.
[  910.043774][T14010] veth0_vlan: entered promiscuous mode
[  910.097441][T14010] veth1_vlan: entered promiscuous mode
[  910.211154][T14010] veth0_macvtap: entered promiscuous mode
[  910.290224][T14010] veth1_macvtap: entered promiscuous mode
[  910.334371][T14010] batman_adv: batadv0: Interface activated: batadv_slave_0
[  910.363536][T14010] batman_adv: batadv0: Interface activated: batadv_slave_1
[  910.596282][T14010] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  910.605250][T14010] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  910.614035][T14010] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  910.623429][T14010] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  912.379004][T14210] netlink: 148 bytes leftover after parsing attributes in process `syz.2.2443'.
[  912.388535][T14210] netlink: 116 bytes leftover after parsing attributes in process `syz.2.2443'.
[  912.775722][T14144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  912.783715][T14144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  912.868886][ T1340] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  912.901012][ T1340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  913.457016][T14226] netlink: 'syz.1.2447': attribute type 1 has an invalid length.
[  919.619692][T14269] netlink: 'syz.1.2459': attribute type 1 has an invalid length.
[  920.754643][T11504] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  921.928751][T11504] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  922.022702][T11504] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  922.099190][T11504] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  922.155827][T11504] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  922.206557][T14275] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  922.247641][T11504] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  922.682705][T11504] usb 3-1: USB disconnect, device number 43
[  923.082318][T14299] netlink: 'syz.5.2471': attribute type 11 has an invalid length.
[  923.104191][   T30] audit: type=1326 audit(1753787802.252:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14298 comm="syz.5.2471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76438e9a9 code=0x7ffc0000
[  923.143681][T11504] libceph: connect (1)[c::]:6789 error -101
[  923.164714][T11504] libceph: mon0 (1)[c::]:6789 connect error
[  923.172461][T14300] ceph: No mds server is up or the cluster is laggy
[  923.180179][T11504] libceph: connect (1)[c::]:6789 error -101
[  923.187467][   T30] audit: type=1326 audit(1753787802.252:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14298 comm="syz.5.2471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76438e9a9 code=0x7ffc0000
[  923.224679][T11504] libceph: mon0 (1)[c::]:6789 connect error
[  923.646679][T14312] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  925.584208][T14311] netlink: 'syz.2.2474': attribute type 1 has an invalid length.
[  928.073496][T14343] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  928.416511][T14350] netlink: 'syz.1.2486': attribute type 1 has an invalid length.
[  929.011634][ T5953] usb 3-1: new full-speed USB device number 44 using dummy_hcd
[  929.608104][ T5953] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  929.621463][ T5953] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  929.630824][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  929.639880][ T5953] usb 3-1: Product: syz
[  929.644117][ T5953] usb 3-1: Manufacturer: syz
[  929.644831][   T44] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  929.648795][ T5953] usb 3-1: SerialNumber: syz
[  929.794309][T14373] batadv1: entered promiscuous mode
[  929.843582][ T5953] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  930.500064][ T5953] usb 3-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  930.520561][   T44] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  930.537899][ T5953] usb 3-1: USB disconnect, device number 44
[  930.554035][T14375] vlan2: entered promiscuous mode
[  930.565608][   T44] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  930.590142][   T44] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  930.610369][   T44] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  930.610563][T14375] bridge0: entered promiscuous mode
[  930.670297][   T44] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  930.694533][   T44] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  930.724120][   T44] usb 7-1: config 0 descriptor??
[  931.159672][T14368] batman_adv: batadv0: Adding interface: dummy0
[  931.166104][T14368] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  931.191521][T14368] batman_adv: batadv0: Interface activated: dummy0
[  931.203111][T14368] batadv0: mtu less than device minimum
[  931.209894][T14368] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  931.221397][T14368] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  931.232851][T14368] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  931.244266][T14368] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  931.255698][T14368] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  931.267153][T14368] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  931.278568][T14368] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  931.290008][T14368] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  931.301684][T14368] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  932.022770][   T44] usbhid 7-1:0.0: can't add hid device: -71
[  932.039375][   T44] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  932.080894][   T44] usb 7-1: USB disconnect, device number 4
[  932.131429][T14382] netlink: 'syz.2.2498': attribute type 1 has an invalid length.
[  935.187975][ T5845] Bluetooth: hci3: unexpected event for opcode 0x0419
[  937.375372][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  937.381746][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  937.688007][T14418] loop6: detected capacity change from 0 to 7
[  937.689252][T14420] netlink: 'syz.7.2509': attribute type 1 has an invalid length.
[  937.735538][T14418] Dev loop6: unable to read RDB block 7
[  937.771853][T14418]  loop6: AHDI p1 p2 p3
[  937.797363][T14418] loop6: partition table partially beyond EOD, truncated
[  937.834284][T14418] loop6: p1 start 926365495 is beyond EOD, truncated
[  937.874387][T14418] loop6: p2 size 116 extends beyond EOD, truncated
[  938.405602][T14430] netlink: 'syz.6.2513': attribute type 9 has an invalid length.
[  938.430328][T14430] netlink: 184 bytes leftover after parsing attributes in process `syz.6.2513'.
[  938.578436][T14436] netlink: 'syz.2.2516': attribute type 3 has an invalid length.
[  938.591348][T14436] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2516'.
[  939.024654][ T5953] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  939.216695][ T5953] usb 6-1: config 0 has an invalid interface number: 214 but max is 0
[  939.254692][ T5953] usb 6-1: config 0 has no interface number 0
[  939.270479][ T5953] usb 6-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  939.374856][ T5953] usb 6-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  939.461677][T13196] Bluetooth: hci5: command 0x0406 tx timeout
[  939.825438][ T5953] usb 6-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  939.839224][ T5953] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  939.852708][ T5953] usb 6-1: Product: syz
[  939.858490][ T5953] usb 6-1: Manufacturer: syz
[  939.863628][ T5953] usb 6-1: SerialNumber: syz
[  939.905157][ T5953] usb 6-1: config 0 descriptor??
[  940.114346][T14442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  940.145113][T14442] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  940.176923][ T5953] usbtouchscreen 6-1:0.214: Failed to read FW rev: -71
[  940.184141][ T5953] usbtouchscreen 6-1:0.214: probe with driver usbtouchscreen failed with error -71
[  940.240975][ T5953] usb 6-1: USB disconnect, device number 2
[  940.404006][T14458] binder: 14454:14458 ioctl c00c6211 ffffffffffffffff returned -14
[  941.289381][T14464] netlink: 'syz.6.2524': attribute type 1 has an invalid length.
[  941.915032][T11485] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  942.007099][T14479] 9pnet_fd: Insufficient options for proto=fd
[  942.324669][T11485] usb 7-1: Using ep0 maxpacket: 32
[  942.371976][T11485] usb 7-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  942.398503][T11485] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  942.465991][T11485] usb 7-1: config 0 descriptor??
[  942.501854][T11485] as10x_usb: device has been detected
[  942.521599][T11485] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  943.758156][T11485] usb 7-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  943.918174][T11485] as10x_usb: error during firmware upload part1
[  943.949094][T11485] Registered device nBox DVB-T Dongle
[  944.097428][T14495] ipvlan2: entered promiscuous mode
[  944.109201][T14495] ipvlan2: entered allmulticast mode
[  944.115210][T14495] hsr0: entered allmulticast mode
[  944.120453][T14495] hsr_slave_0: entered allmulticast mode
[  944.126679][T14495] hsr_slave_1: entered allmulticast mode
[  944.850948][T14504] netlink: 'syz.5.2538': attribute type 1 has an invalid length.
[  944.894765][ T5953] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  944.976248][T11485] usb 7-1: USB disconnect, device number 5
[  945.041895][T11485] Unregistered device nBox DVB-T Dongle
[  945.064117][T11485] as10x_usb: device has been disconnected
[  945.077613][ T5953] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  945.102162][T14506] x_tables: duplicate underflow at hook 2
[  945.124731][ T5953] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  945.175039][ T5953] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  945.208340][ T5953] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  945.279584][ T5953] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  945.318192][ T5953] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.358107][ T5953] usb 3-1: config 0 descriptor??
[  945.924849][T14525] net_ratelimit: 10 callbacks suppressed
[  945.924868][T14525] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  946.945294][T14500] batman_adv: batadv0: Adding interface: dummy0
[  946.951654][T14500] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  947.231423][T14500] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  947.327341][ T5953] usbhid 3-1:0.0: can't add hid device: -71
[  947.333516][ T5953] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  947.566367][ T5953] usb 3-1: USB disconnect, device number 45
[  948.888306][T14545] netlink: 'syz.6.2549': attribute type 1 has an invalid length.
[  949.459589][T14549] FAULT_INJECTION: forcing a failure.
[  949.459589][T14549] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  949.481777][T14549] CPU: 0 UID: 0 PID: 14549 Comm: syz.5.2550 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  949.481826][T14549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  949.481840][T14549] Call Trace:
[  949.481848][T14549]  <TASK>
[  949.481858][T14549]  dump_stack_lvl+0x189/0x250
[  949.481888][T14549]  ? __pfx____ratelimit+0x10/0x10
[  949.481912][T14549]  ? __pfx_dump_stack_lvl+0x10/0x10
[  949.481937][T14549]  ? __pfx__printk+0x10/0x10
[  949.481967][T14549]  ? fs_reclaim_acquire+0x7d/0x100
[  949.482004][T14549]  should_fail_ex+0x414/0x560
[  949.482032][T14549]  prepare_alloc_pages+0x213/0x610
[  949.482068][T14549]  __alloc_frozen_pages_noprof+0x123/0x370
[  949.482101][T14549]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  949.482141][T14549]  ? policy_nodemask+0x27c/0x720
[  949.482160][T14549]  ? __lock_acquire+0xab9/0xd20
[  949.482187][T14549]  alloc_pages_mpol+0x232/0x4a0
[  949.482216][T14549]  vma_alloc_folio_noprof+0xe4/0x200
[  949.482249][T14549]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  949.482287][T14549]  folio_prealloc+0x30/0x180
[  949.482312][T14549]  __handle_mm_fault+0x2c88/0x5620
[  949.482369][T14549]  ? __pfx___handle_mm_fault+0x10/0x10
[  949.482423][T14549]  ? find_vma+0xe7/0x160
[  949.482442][T14549]  ? __pfx_find_vma+0x10/0x10
[  949.482461][T14549]  ? kasan_save_free_info+0x46/0x50
[  949.482494][T14549]  handle_mm_fault+0x2d5/0x7f0
[  949.482540][T14549]  do_user_addr_fault+0x764/0x1390
[  949.482591][T14549]  exc_page_fault+0x76/0xf0
[  949.482618][T14549]  asm_exc_page_fault+0x26/0x30
[  949.482639][T14549] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  949.482671][T14549] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  949.482690][T14549] RSP: 0018:ffffc9000421fa48 EFLAGS: 00050202
[  949.482710][T14549] RAX: ffffffff84b95b01 RBX: 0000000000000048 RCX: 0000000000000048
[  949.482725][T14549] RDX: 0000000000000000 RSI: ffffc9000421fb20 RDI: 0000200000002480
[  949.482739][T14549] RBP: ffffc9000421fc30 R08: ffffc9000421fb67 R09: 1ffff92000843f6c
[  949.482755][T14549] R10: dffffc0000000000 R11: fffff52000843f6d R12: 00002000000024c8
[  949.482772][T14549] R13: 00007ffffffff000 R14: ffffc9000421fb20 R15: 0000200000002480
[  949.482802][T14549]  ? _copy_from_user+0x71/0xb0
[  949.482841][T14549]  _copy_to_user+0x8a/0xb0
[  949.482874][T14549]  snd_ctl_read+0x5d4/0x7b0
[  949.482921][T14549]  ? __pfx_snd_ctl_read+0x10/0x10
[  949.482960][T14549]  ? __import_iovec+0x5d4/0x7f0
[  949.482993][T14549]  ? __pfx_default_wake_function+0x10/0x10
[  949.483029][T14549]  ? bpf_lsm_file_permission+0x9/0x20
[  949.483052][T14549]  ? security_file_permission+0x75/0x290
[  949.483079][T14549]  ? rw_verify_area+0x258/0x650
[  949.483117][T14549]  vfs_readv+0x5aa/0x850
[  949.483144][T14549]  ? __pfx_snd_ctl_read+0x10/0x10
[  949.483179][T14549]  ? __pfx_vfs_readv+0x10/0x10
[  949.483223][T14549]  ? __fget_files+0x2a/0x420
[  949.483253][T14549]  ? __fget_files+0x3a0/0x420
[  949.483276][T14549]  ? __fget_files+0x2a/0x420
[  949.483311][T14549]  do_readv+0x14d/0x2d0
[  949.483339][T14549]  ? __pfx_do_readv+0x10/0x10
[  949.483363][T14549]  ? rcu_is_watching+0x15/0xb0
[  949.483392][T14549]  ? do_syscall_64+0xbe/0x3b0
[  949.483421][T14549]  do_syscall_64+0xfa/0x3b0
[  949.483443][T14549]  ? lockdep_hardirqs_on+0x9c/0x150
[  949.483465][T14549]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  949.483487][T14549]  ? clear_bhb_loop+0x60/0xb0
[  949.483513][T14549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  949.483534][T14549] RIP: 0033:0x7fd76438e9a9
[  949.483553][T14549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  949.483571][T14549] RSP: 002b:00007fd7651ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  949.483591][T14549] RAX: ffffffffffffffda RBX: 00007fd7645b5fa0 RCX: 00007fd76438e9a9
[  949.483607][T14549] RDX: 0000000000000001 RSI: 0000200000000640 RDI: 0000000000000003
[  949.483621][T14549] RBP: 00007fd7651ff090 R08: 0000000000000000 R09: 0000000000000000
[  949.483634][T14549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  949.483647][T14549] R13: 0000000000000000 R14: 00007fd7645b5fa0 R15: 00007fffeb9b4528
[  949.483680][T14549]  </TASK>
[  950.629257][T14567] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  950.787589][T14574] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  950.795059][T14574] overlayfs: failed to set xattr on upper
[  950.800866][T14574] overlayfs: ...falling back to redirect_dir=nofollow.
[  950.808365][T14574] overlayfs: ...falling back to index=off.
[  951.739188][T14561] x_tables: duplicate underflow at hook 2
[  952.939233][T14591] xt_hashlimit: max too large, truncated to 1048576
[  952.946357][T14591] xt_hashlimit: overflow, try lower: 18446744073709551488/8
[  953.899978][T14594] netlink: ct family unspecified
[  953.905190][T14594] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  953.956862][T14600] netlink: 'syz.5.2563': attribute type 1 has an invalid length.
[  954.955082][T14611] FAULT_INJECTION: forcing a failure.
[  954.955082][T14611] name failslab, interval 1, probability 0, space 0, times 0
[  954.968450][T14611] CPU: 0 UID: 0 PID: 14611 Comm: syz.7.2567 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  954.968479][T14611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  954.968493][T14611] Call Trace:
[  954.968502][T14611]  <TASK>
[  954.968512][T14611]  dump_stack_lvl+0x189/0x250
[  954.968542][T14611]  ? __pfx____ratelimit+0x10/0x10
[  954.968565][T14611]  ? __pfx_dump_stack_lvl+0x10/0x10
[  954.968589][T14611]  ? __pfx__printk+0x10/0x10
[  954.968623][T14611]  ? __pfx___might_resched+0x10/0x10
[  954.968652][T14611]  should_fail_ex+0x414/0x560
[  954.968680][T14611]  should_failslab+0xa8/0x100
[  954.968724][T14611]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  954.968748][T14611]  ? __alloc_skb+0x112/0x2d0
[  954.968784][T14611]  __alloc_skb+0x112/0x2d0
[  954.968819][T14611]  netlink_sendmsg+0x5c6/0xb30
[  954.968862][T14611]  ? __pfx_netlink_sendmsg+0x10/0x10
[  954.968903][T14611]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  954.968925][T14611]  ? __pfx_netlink_sendmsg+0x10/0x10
[  954.968957][T14611]  __sock_sendmsg+0x21c/0x270
[  954.968986][T14611]  ____sys_sendmsg+0x505/0x830
[  954.969027][T14611]  ? __pfx_____sys_sendmsg+0x10/0x10
[  954.969072][T14611]  ? import_iovec+0x74/0xa0
[  954.969107][T14611]  ___sys_sendmsg+0x21f/0x2a0
[  954.969144][T14611]  ? __pfx____sys_sendmsg+0x10/0x10
[  954.969226][T14611]  ? __fget_files+0x2a/0x420
[  954.969250][T14611]  ? __fget_files+0x3a0/0x420
[  954.969285][T14611]  __x64_sys_sendmsg+0x19b/0x260
[  954.969322][T14611]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  954.969368][T14611]  ? __pfx_ksys_write+0x10/0x10
[  954.969386][T14611]  ? rcu_is_watching+0x15/0xb0
[  954.969416][T14611]  ? do_syscall_64+0xbe/0x3b0
[  954.969446][T14611]  do_syscall_64+0xfa/0x3b0
[  954.969469][T14611]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.969492][T14611]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.969514][T14611]  ? clear_bhb_loop+0x60/0xb0
[  954.969542][T14611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.969563][T14611] RIP: 0033:0x7fa675d8e9a9
[  954.969583][T14611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  954.969602][T14611] RSP: 002b:00007fa676b9f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  954.969625][T14611] RAX: ffffffffffffffda RBX: 00007fa675fb6160 RCX: 00007fa675d8e9a9
[  954.969641][T14611] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000007
[  954.969655][T14611] RBP: 00007fa676b9f090 R08: 0000000000000000 R09: 0000000000000000
[  954.969668][T14611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  954.969681][T14611] R13: 0000000000000000 R14: 00007fa675fb6160 R15: 00007ffd07effd78
[  954.969715][T14611]  </TASK>
[  956.123666][T14622] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  957.451078][T14628] openvswitch: netlink: VXLAN extension message has 2 unknown bytes.
[  957.780017][T14631] binder: 14625:14631 ioctl c00c6211 ffffffffffffffff returned -14
[  958.066299][T14634] netlink: 'syz.7.2574': attribute type 32 has an invalid length.
[  960.074679][T11506] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  960.244738][T11506] usb 6-1: Using ep0 maxpacket: 16
[  960.252829][T11506] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  960.290978][T11506] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  960.330947][T11506] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  960.431751][T11506] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  960.490477][T11506] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  960.588642][T11506] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  960.598813][T11506] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  960.616403][T11506] usb 6-1: Manufacturer: syz
[  960.645192][T11506] usb 6-1: config 0 descriptor??
[  960.712944][T14653] netlink: 'syz.7.2579': attribute type 1 has an invalid length.
[  962.344483][T11506] rc_core: IR keymap rc-hauppauge not found
[  962.444475][T11506] Registered IR keymap rc-empty
[  962.449685][T11506] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  962.484695][T11506] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  962.515798][T11506] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  962.688590][T14669] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  962.726039][T14665] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2581'.
[  962.735931][T14665] netlink: 92 bytes leftover after parsing attributes in process `syz.7.2581'.
[  962.766906][T11506] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input17
[  962.981006][T11506] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  963.021499][T11506] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  963.069781][T11506] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  963.124580][T11506] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  963.211323][T11506] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  963.275482][T11506] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  963.404599][T11506] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  963.424737][T11506] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  963.454665][T11506] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  963.494839][T11506] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  963.527043][T11506] mceusb 6-1:0.0: Registered Ѕ with mce emulator interface version 1
[  963.557952][T11506] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  963.590494][T11506] usb 6-1: USB disconnect, device number 3
[  963.966924][T14684] 9pnet_fd: Insufficient options for proto=fd
[  964.330142][T14688] loop6: detected capacity change from 0 to 524287999
[  964.347945][T14688] buffer_io_error: 10726 callbacks suppressed
[  964.347964][T14688] Buffer I/O error on dev loop6, logical block 0, async page read
[  964.364501][T14688] Buffer I/O error on dev loop6, logical block 0, async page read
[  964.373429][T14688] Buffer I/O error on dev loop6, logical block 0, async page read
[  964.384071][T14688] Buffer I/O error on dev loop6, logical block 0, async page read
[  964.393489][T14688] Buffer I/O error on dev loop6, logical block 0, async page read
[  964.403692][T14688] Buffer I/O error on dev loop6, logical block 0, async page read
[  964.412661][T14688] Buffer I/O error on dev loop6, logical block 0, async page read
[  964.421785][T14688] Buffer I/O error on dev loop6, logical block 0, async page read
[  964.434553][T14688] ldm_validate_partition_table(): Disk read failed.
[  964.443745][T14688] Buffer I/O error on dev loop6, logical block 0, async page read
[  964.453380][T14688] Buffer I/O error on dev loop6, logical block 0, async page read
[  964.464049][T14688] Dev loop6: unable to read RDB block 0
[  964.474221][T14688]  loop6: unable to read partition table
[  964.482002][T14688] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  964.557915][ T5845] Bluetooth: hci6: command 0x0406 tx timeout
[  966.213905][T14682] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2587'.
[  966.248606][T14682] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2587'.
[  966.267606][T14682] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  968.180831][T14732] binder: 14724:14732 ioctl c00c6211 ffffffffffffffff returned -14
[  968.371702][   T30] audit: type=1326 audit(1753787847.522:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14735 comm="syz.6.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff070b8e9a9 code=0x7ffc0000
[  968.380668][T14736] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2602'.
[  968.393319][    C0] vkms_vblank_simulate: vblank timer overrun
[  968.424922][T14736] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2602'.
[  968.444278][T14736] netlink: 'syz.6.2602': attribute type 20 has an invalid length.
[  968.453063][   T30] audit: type=1326 audit(1753787847.522:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14735 comm="syz.6.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff070b8e9a9 code=0x7ffc0000
[  968.474724][    C0] vkms_vblank_simulate: vblank timer overrun
[  968.497208][   T30] audit: type=1326 audit(1753787847.532:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14735 comm="syz.6.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7ff070b8e9a9 code=0x7ffc0000
[  968.538272][   T30] audit: type=1326 audit(1753787847.532:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14735 comm="syz.6.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff070b8e9a9 code=0x7ffc0000
[  968.559946][    C0] vkms_vblank_simulate: vblank timer overrun
[  968.629882][   T30] audit: type=1326 audit(1753787847.532:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14735 comm="syz.6.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff070b8e9a9 code=0x7ffc0000
[  968.742367][   T30] audit: type=1326 audit(1753787847.532:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14735 comm="syz.6.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff070b8e9a9 code=0x7ffc0000
[  968.781529][   T30] audit: type=1326 audit(1753787847.532:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14735 comm="syz.6.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff070b8e9a9 code=0x7ffc0000
[  968.819469][   T30] audit: type=1326 audit(1753787847.532:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14735 comm="syz.6.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff070b8e9a9 code=0x7ffc0000
[  968.887509][   T30] audit: type=1326 audit(1753787847.532:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14735 comm="syz.6.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff070b8e9a9 code=0x7ffc0000
[  968.906545][T14749] netlink: 'syz.1.2607': attribute type 10 has an invalid length.
[  968.923526][   T30] audit: type=1326 audit(1753787847.682:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14735 comm="syz.6.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff070b8e9a9 code=0x7ffc0000
[  969.040273][T11485] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  969.218139][T11485] usb 7-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  969.229101][T14756] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  969.239659][T14756] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  969.249078][T14756] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  969.257905][T14756] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  969.277760][T11485] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  969.296801][T11485] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  969.313721][T11485] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  969.330932][T11485] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  969.345898][T14742] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  969.415448][T11506] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  969.587225][T11506] usb 6-1: config 0 has an invalid interface number: 34 but max is 0
[  969.598854][T11506] usb 6-1: config 0 has an invalid descriptor of length 152, skipping remainder of the config
[  969.654582][T11506] usb 6-1: config 0 has no interface number 0
[  969.660907][T11506] usb 6-1: config 0 interface 34 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  969.702164][T11506] usb 6-1: New USB device found, idVendor=083a, idProduct=c512, bcdDevice=bb.9b
[  969.743369][T11506] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  969.764773][T11506] usb 6-1: config 0 descriptor??
[  970.054771][T11506] usb 6-1: string descriptor 0 read error: -71
[  970.302922][T11485] aiptek 7-1:17.0: Aiptek using 400 ms programming speed
[  970.473859][T11485] input: Aiptek as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:17.0/input/input19
[  970.586762][T11506] usb 6-1: USB disconnect, device number 4
[  970.794808][   T31] INFO: task syz.0.2187:13251 blocked for more than 143 seconds.
[  970.818881][   T31]       Not tainted 6.16.0-syzkaller #0
[  970.842767][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  970.924488][   T31] task:syz.0.2187      state:D stack:25752 pid:13251 tgid:13250 ppid:5835   task_flags:0x400040 flags:0x00004004
[  971.350401][   T31] Call Trace:
[  971.353768][   T31]  <TASK>
[  971.357368][   T31]  __schedule+0x16aa/0x4c90
[  971.361963][   T31]  ? schedule+0x165/0x360
[  971.393111][   T31]  ? __pfx___schedule+0x10/0x10
[  971.419219][   T31]  ? schedule+0x91/0x360
[  971.428908][   T31]  schedule+0x165/0x360
[  971.433142][   T31]  ? rwsem_down_read_slowpath+0x568/0x880
[  971.449463][   T31]  schedule_preempt_disabled+0x13/0x30
[  971.459012][   T31]  rwsem_down_read_slowpath+0x552/0x880
[  971.471301][T11505] usb 7-1: USB disconnect, device number 6
[  971.471297][    C1] aiptek 7-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  971.504577][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  971.510750][   T31]  ? super_lock+0x2a9/0x3b0
[  971.527225][   T31]  down_read+0x98/0x2e0
[  971.540549][   T31]  super_lock+0x2a9/0x3b0
[  971.557360][   T31]  ? __pfx_super_lock+0x10/0x10
[  971.584545][   T31]  ? do_raw_spin_lock+0x121/0x290
[  971.589776][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  971.609501][   T31]  __iterate_supers+0x126/0x250
[  971.619612][   T31]  ? __pfx_quota_sync_one+0x10/0x10
[  971.625787][   T31]  __se_sys_quotactl+0x353/0x950
[  971.630912][   T31]  ? __se_sys_futex+0x36f/0x400
[  971.636480][   T31]  ? __fget_files+0x2a/0x420
[  971.641276][   T31]  ? __pfx___se_sys_quotactl+0x10/0x10
[  971.647290][   T31]  ? rcu_is_watching+0x15/0xb0
[  971.652228][   T31]  ? do_syscall_64+0xbe/0x3b0
[  971.657409][   T31]  do_syscall_64+0xfa/0x3b0
[  971.662036][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  971.667908][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.674159][   T31]  ? clear_bhb_loop+0x60/0xb0
[  971.680338][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.687872][   T31] RIP: 0033:0x7f0c8d18e9a9
[  971.712177][   T31] RSP: 002b:00007f0c8e0c0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  971.721559][   T31] RAX: ffffffffffffffda RBX: 00007f0c8d3b5fa0 RCX: 00007f0c8d18e9a9
[  971.732425][   T31] RDX: 0d00000000000000 RSI: 0000000000000000 RDI: ffffffff80000102
[  971.748992][   T31] RBP: 00007f0c8d210d69 R08: 0000000000000000 R09: 0000000000000000
[  971.765743][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  971.782954][   T31] R13: 0000000000000000 R14: 00007f0c8d3b5fa0 R15: 00007ffd2433c3f8
[  971.802368][   T31]  </TASK>
[  971.813151][   T31] 
[  971.813151][   T31] Showing all locks held in the system:
[  971.829164][   T31] 1 lock held by khungtaskd/31:
[  971.881111][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  971.891623][   T31] 4 locks held by kworker/u8:7/1340:
[  971.898270][   T31] 2 locks held by getty/5602:
[  971.903010][   T31]  #0: ffff88814c6df0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  971.914173][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  971.929254][   T31] 1 lock held by syz-executor/5836:
[  971.934594][   T31]  #0: ffff888054bf20e0 (&type->s_umount_key#82){++++}-{4:4}, at: deactivate_super+0xa9/0xe0
[  971.945310][   T31] 2 locks held by kworker/u8:10/5988:
[  971.950717][   T31]  #0: ffff88801e73b948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  971.962157][   T31]  #1: ffffc9000ad5fbc0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  971.974718][   T31] 7 locks held by kworker/0:4/11505:
[  971.980040][   T31]  #0: ffff8880212fc548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  971.991751][   T31]  #1: ffffc900045dfbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  972.004363][   T31]  #2: ffff888028484198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  972.013682][   T31]  #3: ffff888055657198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950
[  972.023886][   T31]  #4: ffff888056729160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0
[  972.034643][   T31]  #5: ffffffff8ef805e8 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x2d8/0x5e0
[  972.045202][   T31]  #6: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[  972.056242][   T31] 1 lock held by syz.0.2187/13251:
[  972.061373][   T31]  #0: ffff888054bf20e0 (&type->s_umount_key#82){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
[  972.071391][   T31] 1 lock held by syz.4.2341/13822:
[  972.078699][   T31]  #0: ffff888054bf20e0 (&type->s_umount_key#82){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
[  972.088925][   T31] 
[  972.092192][   T31] =============================================
[  972.092192][   T31] 
[  972.115152][   T31] NMI backtrace for cpu 1
[  972.115171][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  972.115194][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  972.115207][   T31] Call Trace:
[  972.115215][   T31]  <TASK>
[  972.115224][   T31]  dump_stack_lvl+0x189/0x250
[  972.115251][   T31]  ? __wake_up_klogd+0xd9/0x110
[  972.115282][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  972.115306][   T31]  ? __pfx__printk+0x10/0x10
[  972.115347][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  972.115383][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  972.115411][   T31]  ? _printk+0xcf/0x120
[  972.115442][   T31]  ? __pfx__printk+0x10/0x10
[  972.115471][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  972.115506][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  972.115541][   T31]  watchdog+0xfee/0x1030
[  972.115576][   T31]  ? watchdog+0x1de/0x1030
[  972.115615][   T31]  kthread+0x70e/0x8a0
[  972.115653][   T31]  ? __pfx_watchdog+0x10/0x10
[  972.115683][   T31]  ? __pfx_kthread+0x10/0x10
[  972.115713][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  972.115733][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  972.115753][   T31]  ? __pfx_kthread+0x10/0x10
[  972.115782][   T31]  ret_from_fork+0x3fc/0x770
[  972.115806][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  972.115833][   T31]  ? __switch_to_asm+0x39/0x70
[  972.115857][   T31]  ? __switch_to_asm+0x33/0x70
[  972.115881][   T31]  ? __pfx_kthread+0x10/0x10
[  972.115910][   T31]  ret_from_fork_asm+0x1a/0x30
[  972.115951][   T31]  </TASK>
[  972.115959][   T31] Sending NMI from CPU 1 to CPUs 0:
[  972.302489][    C0] NMI backtrace for cpu 0
[  972.302508][    C0] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  972.302530][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  972.302543][    C0] Workqueue: bat_events batadv_nc_worker
[  972.302579][    C0] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x37/0x90
[  972.302615][    C0] Code: 08 90 9c 92 65 8b 0d 18 66 dc 10 81 e1 00 01 ff 00 74 11 81 f9 00 01 00 00 75 5b 83 ba 3c 16 00 00 00 74 52 8b 8a 18 16 00 00 <83> f9 03 75 47 48 8b 8a 20 16 00 00 44 8b 8a 1c 16 00 00 49 c1 e1
[  972.302650][    C0] RSP: 0018:ffffc90000ac79a8 EFLAGS: 00000246
[  972.302665][    C0] RAX: ffffffff8b34c610 RBX: ffffffff8b34c8d0 RCX: 0000000000000000
[  972.302677][    C0] RDX: ffff8881404e9e00 RSI: 0000000000000001 RDI: 0000000000000000
[  972.302689][    C0] RBP: ffff888053b46238 R08: 0000000000000000 R09: ffffffff8b34c5da
[  972.302701][    C0] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: dffffc0000000000
[  972.302714][    C0] R13: 1ffff1100af01313 R14: 0000000000000001 R15: ffff888057808d80
[  972.302727][    C0] FS:  0000000000000000(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
[  972.302742][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  972.302754][    C0] CR2: 00007ff070d83178 CR3: 000000000df38000 CR4: 00000000003526f0
[  972.302769][    C0] Call Trace:
[  972.302776][    C0]  <TASK>
[  972.302782][    C0]  batadv_nc_process_nc_paths+0xf0/0x3a0
[  972.302804][    C0]  ? batadv_nc_process_nc_paths+0xba/0x3a0
[  972.302824][    C0]  batadv_nc_worker+0x429/0x610
[  972.302852][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  972.302872][    C0]  process_scheduled_works+0xade/0x17b0
[  972.302906][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  972.302934][    C0]  worker_thread+0x8a0/0xda0
[  972.302967][    C0]  kthread+0x70e/0x8a0
[  972.302991][    C0]  ? __pfx_worker_thread+0x10/0x10
[  972.303009][    C0]  ? __pfx_kthread+0x10/0x10
[  972.303033][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  972.303049][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  972.303066][    C0]  ? __pfx_kthread+0x10/0x10
[  972.303089][    C0]  ret_from_fork+0x3fc/0x770
[  972.303108][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  972.303128][    C0]  ? __switch_to_asm+0x39/0x70
[  972.303149][    C0]  ? __switch_to_asm+0x33/0x70
[  972.303169][    C0]  ? __pfx_kthread+0x10/0x10
[  972.303192][    C0]  ret_from_fork_asm+0x1a/0x30
[  972.303223][    C0]  </TASK>
[  972.324548][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  972.324585][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  972.324615][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  972.324632][   T31] Call Trace:
[  972.324643][   T31]  <TASK>
[  972.324655][   T31]  dump_stack_lvl+0x99/0x250
[  972.324689][   T31]  ? __asan_memcpy+0x40/0x70
[  972.324726][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  972.324754][   T31]  ? __pfx__printk+0x10/0x10
[  972.324800][   T31]  panic+0x2db/0x790
[  972.324833][   T31]  ? __pfx_panic+0x10/0x10
[  972.324858][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  972.324895][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  972.324934][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  972.324980][   T31]  watchdog+0x102d/0x1030
[  972.325018][   T31]  ? watchdog+0x1de/0x1030
[  972.325065][   T31]  kthread+0x70e/0x8a0
[  972.325103][   T31]  ? __pfx_watchdog+0x10/0x10
[  972.325137][   T31]  ? __pfx_kthread+0x10/0x10
[  972.325171][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  972.325195][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  972.325219][   T31]  ? __pfx_kthread+0x10/0x10
[  972.325251][   T31]  ret_from_fork+0x3fc/0x770
[  972.325279][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  972.325310][   T31]  ? __switch_to_asm+0x39/0x70
[  972.325339][   T31]  ? __switch_to_asm+0x33/0x70
[  972.325366][   T31]  ? __pfx_kthread+0x10/0x10
[  972.325399][   T31]  ret_from_fork_asm+0x1a/0x30
[  972.325447][   T31]  </TASK>
[  972.680562][   T31] Kernel Offset: disabled
[  972.684895][   T31] Rebooting in 86400 seconds..