last executing test programs:

10m46.813644789s ago: executing program 2 (id=1827):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x2, 0x2, 0x0, 0x2, 0xd, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "fd"}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0xa0000000}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}, @sadb_x_nat_t_type={0x1}]}, 0x68}, 0x1, 0x7}, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r1)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)={0x20, r2, 0x1, 0x1070bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_SEC_DEVKEY={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000041}, 0xc880)

10m46.595030633s ago: executing program 2 (id=1829):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = dup3(0xffffffffffffffff, r0, 0x0)
mq_notify(r1, &(0x7f0000000000)={0x110c230000, 0x33, 0x1, @tid=0xffffffffffffffff})

10m45.8910498s ago: executing program 2 (id=1832):
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$cgroup_devices(r1, &(0x7f0000000080)=ANY=[@ANYBLOB='b'], 0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r3 = openat$cgroup_devices(r2, &(0x7f00000001c0)='devices.deny\x00', 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
splice(r0, 0x0, r3, 0x0, 0x8, 0x0)

10m44.530772535s ago: executing program 2 (id=1835):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket$inet(0x2, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x6734, 0x80, 0x2, 0x34f}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000040)={0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000300)={0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000200)={<r5=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000240)={r5})
ioctl$DRM_IOCTL_SYNCOBJ_QUERY(r0, 0xc01864cb, &(0x7f0000000440)={&(0x7f0000000380), &(0x7f00000003c0), 0x0, 0x1})
unshare(0x4000400)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000500), 0x8001, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f00000005c0)=ANY=[@ANYBLOB="120000003a000000080000000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000001c80c301091962cf63d3ea94fe9f611b2305fdaf582cc2ad26bb5ef2d63ca51a95741775842548d81e7035dc5f8b4e8a5a783902490a839de3563f6ed6a3f1cc933b1a6357ae4a34e100f03141f9f67d981125dbfa8776e530f0b2de7b6e2e92749ed639acbdbd4984f650b585dac88ecbd52a0b552acc4fd28f2fe"], 0x50)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456})
epoll_create1(0x0)
io_uring_enter(r2, 0x57de, 0x0, 0x0, 0x0, 0x0)

10m41.787447239s ago: executing program 2 (id=1837):
r0 = syz_clone(0x1080000, 0x0, 0xfffffe81, 0x0, 0x0, 0x0)
r1 = syz_pidfd_open(r0, 0x0)
process_madvise(r1, 0x0, 0x0, 0x14, 0x0)

10m40.563306774s ago: executing program 2 (id=1844):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r1, &(0x7f0000000180)={0xa, 0x0, 0x404000, @loopback, 0x7cfd1f0f}, 0x20)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x40000, 0x7}, 0x20)
connect$l2tp6(r1, &(0x7f0000000200)={0xa, 0x0, 0x9, @empty, 0x100095, 0x8}, 0x20)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
write$UHID_INPUT(r2, &(0x7f0000000a00)={0x8, {"7e92e4cf5b7ddf03fbbe0fe6510d8072011840a9c23d865569a4d14fff20b7f9cccc980970b40536c44f8d3dd5ed8758cfd0cb14c086d4a6ac0542e812017aa0d7849e88a65e4e4b8a7766261a6fbcd59ab8dd52383bbb1f064aa85ea8b20dfe62f25ac6e5bc371b0bbd859c4b71eac97ad31e8ae87fbbdeb1c695d72ad63f83199c3718bbefa73a4efc393a4b0a1e42dc121ae281b272fc968035a4eb058b591e89ab1b713d78341d2b95768b7966668eb57aff39a78e1fdcb4b72e591af1e9cca644545b9f1a7aa0733d029d0bc6024ae9afa0bcd81bdb045ab2de5dd5af3af3b39286566b71ba9daaf6a5b1e0364e665d9ae068c59e6b82914ad703d5f7fe48fd219941c46993c0ace49f44635391cdb99dcafc2845f20f2641a8386ce48062270219a2cef7f86039adb2638a8138b7598dd3cb455de19b64e0d2ea1e4b46302d68002d5cc781de626f1e8e057c12a8c69730d7f3e444ef1faee533825696e740aa8e464d1c5dd13f18ec48781a8858eee352f69465b1b26220a63347a9f2e2b87e8d1f1849a691f12604feeb1b47f58c753a5bb6d4d03981fa0e3951425687b78e6516b7668fe4d5a6091f49cec0c8da8be0f89fe576fb35e44d724215fb07c8fe05d4d9011cc9a1448ce11e18f197a0e6677225b8f3c3617b9f2e7d035feeffd3abd94287321a5106608a22af339be013b6c057c3b3ef7fb5a714ce92740cf62faea18b00ec198f2f779d280be3eb9bde4f9ba17575ce9b9a319e437cb45ea9e1ce2b8c8bfbe198f1571718489920e93d812534ff58e35a930a3af85cdfc9d7bd55cd885bb59be6ac326f84042abb8803c2b466912f422e4794d398c2fba58c95f3adb7f7df02fe06fff2b3f457af28ea6ccbcda38602a38e180c0071e654f1f75407fcca2a003fa0f693baa078c3adcd3f13f4bff6acd4d93906788bf3cb93141c98a9015e489fa8157ef626dc0e6509c6a1d1d76dd98c344fbc2c4830b222a0719d2fbaf13381d22fbe5d0c90ce2553e7858fb8b2e25e796e6320a2328ecfb8a1571a5f07effd9bc7aa4cc0e07209e1555d4b3e1db350f6f265167ccebc46fc85f4388be0df85f541217a34212986f568552faadda1d0be89918e11d8892fef3aefb51c15e90b9d383d6446c79e0e499ea74667905693774e2cc7533b4cb37093ed97ef9c03daff45ea7146c23c64b7261a6bf3dd47e6beaf0766824d28dc2144871efa52db27ce8cf8262a90b44257921cf3a9060643a73e6cd633577eb1418d3bc3c504c0b056f1a28d382940e2c4c39964dd668fe1128a15df01d0a62caefa9cdb769e581bf2673f838b33b963c4ec0f7deef07df684db97d48d0e1db9f35014be2ea9acf2787cc7d6b5a11f9675970503e16c5353270577684fee484db373ffce364aa30962785a7e6897bf040913582beb9889ea0bd519eda24897006ff70cc4db22f3595a163b33d744a84827f424daae8716c3d2688337763ce9278cca42574b737ee55d9fa8aa80a97870976260a8a9e07765abcbb641c434c671b923e02e7982e25cf30271dbfaee1c606a30ebb04bde1bb88214137de552b86b1259b11b580d6d765d5cd7134a6de8072cbde5fd94c9ed76596dcf75da893a9510821ea8ef8a9ef79bbf57b4705440bb3267c23a1ca95e54ba91e9fe6c0200fd37924bf519784d3b13810e1a0abc58a9ef62612e0ab8cc9fb0c500027e30c04e5772a4065df1ef83f6778f8c2c3c360825bf1db745314c3a0a857c38bc099317ea7c93d02de2acf44abbc017e1139c168cc767bfc4e21e7d4269f1e572332ad420a2bd5989333831ff8acb3fcab1ada0c711c9e431b4ae27a9164384648a6749bac524dfcbe109e9f391c590c744613d0f1159fb092ed2f853c0c04add0e783111ef7cbfaf98dd122d56177621363ea8c7176f1e4c2dd3d94f5918edaab73518e55e6876912a6411faa38f479e0fd9aed468895cf8f9de2b00eeeae9ebd49dd8411c7202127dd48bae96d1163c79978433b7c98639451e1646c786aaf0bd08b14f1ffeb1d61f835e99a50230c0a867b82452fe3fd2605e0beb1be8916733997aed76815c80e6e09b2ca9ec2b92337217e073654e0d633497c2624ec2e3abed78966182e3bb05e1a22cad12b562fcec57db84e07136bdc3be7e5f9ac1e8873f4a1029a2dd5d1cfd11e581ec7c192b97efc02f1fab4a072abd0c975f584ee86aa1f0dccff88ddda727a470ecf8258320dde1bfc9054c1f3530ef6afa157e109215b00edf8f45ad373570ad3f28e19c128144691a67583882e9e84643babfb837ada0d4db4a403f872df08a8df03252ff5d0d093816fea8ed36797eda05838837657816c0d5d077de3bcaa8996b926444353ba1c41ce28ae2805764d8964a02ea51a714e543091ba21218b7a381980d1d72e13ad04990f2d80572ad22e88379137a11d66e564d3fd7bc68c32e32fe503ac537d37315256e5c3908fc1ec7b4cdc9839aff1b55d9ac5ad0571917bf1724661fdf589b9f8c1a599b3316ab7fb863fa23ea2679faea83f8d6408d79a57d41302ead7257ac962abcaed7e5836aadda7aee6165367c9c3a8b20359b238b9485f190600e931429d918b1ac20a9a902b89a0a597490f7e8f9137febaf82db281b261edc17cea371642a7a9e6193b15c0c70322302c3a49b91698273b4850e6b6c58febf69b80cffef663043330ff17a9a9cb92232e903f80791e0c83e0ea14ae5c64676d111c903a26f32fc8bf276790a955624b76173b4c09d0fd66edbf9cc89abb26817323170dcf5f16b31a54d38ce2602d04ab16273f404d2a801f4c0f85c27e8e29b32674f2b6ad7aa53ac1a069c297ce1aad58692f9fa0bd0da125a404c51fd3a6486549af7c2a197ddc4087d1fd5b63fde0a72be1078f24036466c281f1b1e76e9664b5b488fe3f1291ee1d817bb1da52eced89376c6e857c410169e20f25b62c7b343dfd1d24d83835e063782fd87f1e3f14f1a0a7b445ebfd60ba5ee10758f3ae6c6b4abb792de86706a62686537487ef52bbf6f760ffb8adeacddf4fb316243ae0eabc54e7619d20cd3f7d60d49da8f6145eaa6170aa0302c34759a787d79eb3835232d38804bc2548db2dcfa7655566157773bd8e0df3cb4d4128c8cdac03f1fbaab37a985561a299ab203374b8643617371f80ae57cf821d8a0382b340c0860af0a612b7d50830678492fc29ffea37002de2e67357f44be3f7e4bd2641ea6c6b81075795170a9705d5d2b9df91120a78f703d0ada583b5f5d159a91b7f010289a659615ea9f621fcae53c992df4e43fb38b3204f7a6205b1d3112dcf2f01843f346f0b0cee4758bc5e367a38c5b7e1c8cf03aa129679b43762b9da1dddf8c827e6a73a5af5a0a3f8e6fa012fb9c0834d04aac82f820582beeab929613a99f2b8b567b1d4ef57ff58b8757e35c9699bf4a4836e683123d5ea158e8666e576ea38a1e0258c42b4ad92fed0fa5d1f209e2202e36ad2430cd9d7ca8d8fbd68e23f9d3bba1b5774173ee10e082bfb0dc83e3ba4b15ba1d39db2895070b02f6b53e506163d8284e198bea9b733cf24d66f60c59b79c41f4bc5e25515e0f753871106d73a54e6064c172ba374a13a1f71c7f197a79ae854fbf4ca23de609dd05104352186c662e760bfe88982b3c9d6201a1729c8f6969beeb942317260d247cc8274c8fdff60aaf4a533a62ba5a8fbe9dc69fd6ed40fb80a9f6d0cc113564def0e1d3b684b2db39072ba3c0960054e1bbeaff408ee266e6e5a17667ae8abf89e403548f19da9074213e39040566b03b417877be011c647412069694ab79b2462349dd9f1c1a846a0771439523566f585149bebe949a46b78301557f1efe85340cd8d097cce6c98baaa13700e40e0f4355834fb94331b1b0012020cb05dcb422f38a928e80998bd4f046af1f6b1554dc8516833b077ae2c97f46c05f35ebba6b399f2c2f86ef1d8cb610ebd72d5986ca8fd367e4ae7e2f40a07546cdc4d6ed61363b39c5b22233db6ae9e755401d54634972b7c410774bab6e2cd729d15670aa6a62517cfdbbe7b941f20d6d46e8ad231f382a2bbe472b8af40992b8ad8cbfad64637fb04c67916c2919532ef7af2e75ff987044f48e8c34746688b95b28b744f1e38564d7a3cd0549046b5ca347b8b46e24b7dfc21ed236947d5c6b17e259a154856bbeafb1eb48ea9ecc7afb4e050ec440d6cdd9be44ec054ae76f33c5334fe4d3c728313a49a1c1c290c41f30f9223d41a91b434edfe9e4d68fe3937b21b9e3800fa5356080a730f7aba722e8394abbb3d5dbc5661d9e114fe80808d183ac4b29a1a13d5f3f0e135875ae6fdbbdac751cc05b6634134d5a548d94af282f14ed89a7238564f571b38e8627508387c9e519f684da6c406db7927eee60431309a29ad31b9c39c6653659c84b66c3a4d7a077bb09193fafa41866436c7cbb211e338cacd07a1fabedfcae40dccb4e83db2c7edef85ed2b651b8cc573a37d4b43fb952b1ddaa22049833fdffb4f5f88ab9e6637f14ce4061b89a6d1c926ac8c480dbbab496d5ccce1d89cfdf16c6a6a1f667f35c59ffab32943eba6addaf5f2df6ef98f75a80b4f74b18a90b7d6f87a6ee39e414560a97202e42382a3e4fdfbade2591d0c2f5d3c200281ddb954a44b763325a3e10c299d592adc68b5620d52e5d949952f1f64ad1240f55e50c5f7829d5f609e7363b8417c21069d893acf40fc98545b38c412fbfbeee915472a2bf6c84983c42ea553715f791d45a8b0404a57a5477a8771e664030b467b2e904b520992025d5da967f0245abf6b8fd36202fde76cca642f836cc65b5043d71c50285b1f29b705b4ea95f4c62437c05b3b8b0b9176643901b92ae213a9f2197578c38feb17116c254f6cd73c40a26d00a66a2f51b38e07dd0b5faa3aba8da627a17ebe3b906e572de0156c2261c878da38553055ae7a3a8c090175cae92e9618cddd52c8f60dcebe80ce96bb2a16366a627cc98d2bf48ebf9d79d6a33ad95ce8607932802dd7193e0c70a567d8588f278a3e50be89d19eec2ade1bf30794087a526e3f39d6a672bb03a37d66ff6c418d292c80ea8be3118718425d985a02ef7c4a6174c0a2e61f7da2119a4957e75e8edc4794f05a7e2784bd5de45ef3c7b7d733d4e612d29526ede3b0451809d70bbbb88626bc2c2c7133ad58d169d20a527d8f4cda4fa37280d760c8426ba4398ed99f517733a99bef6bf431a13dbe86bcc883a8295d30deb1efd5bff65b3b88e81db6b95da98848cb2fc1b5b04cc8d568c93af3d436cd641f9bc7f5a1309ef14561e9c361f7066d6609189ee537167f853dc2660808338df017a77e2cf2805cd2036411c8f7e413d870eeca51c69b155595e30e0b3fb52d3172c5b9038d74f40ff964a886fe2b674465fafe494255d9c4e98199a4dff44f71899f542207a9a57f0e7d21dd38b94c5e7e0a7854f807a7434a0798101f2bd143cb092b36811afdf7dd77e853ddedbf156cb9c2142c27014bf2ca427abaa44b8a41120678b0c7a939c52a29ae2fb801b49b9af6013a765a9cf33e55d5875a9f8039752979d7f75b4521ce8bd53eaaec36a3d36cb72b80fb53bac067aafb07c83142dd43aabe735736fd02eb5d60d7c8409853e8cb4cd66a29237fb05b6006e5f2231fe6007fb848a8cadc28db4101318393089e510174760d959a44d28bae1c22409f0d55096ed6cac0c8ce077e6c7c9fb9429981d6f4a9d25ac6f3fce009403927ddc606a278f8160bf0126fbebdcd0a4cc27fe3ce0b1b1bb1782", 0x1000}}, 0x1006)

10m25.057465452s ago: executing program 32 (id=1844):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r1, &(0x7f0000000180)={0xa, 0x0, 0x404000, @loopback, 0x7cfd1f0f}, 0x20)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x40000, 0x7}, 0x20)
connect$l2tp6(r1, &(0x7f0000000200)={0xa, 0x0, 0x9, @empty, 0x100095, 0x8}, 0x20)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
write$UHID_INPUT(r2, &(0x7f0000000a00)={0x8, {"7e92e4cf5b7ddf03fbbe0fe6510d8072011840a9c23d865569a4d14fff20b7f9cccc980970b40536c44f8d3dd5ed8758cfd0cb14c086d4a6ac0542e812017aa0d7849e88a65e4e4b8a7766261a6fbcd59ab8dd52383bbb1f064aa85ea8b20dfe62f25ac6e5bc371b0bbd859c4b71eac97ad31e8ae87fbbdeb1c695d72ad63f83199c3718bbefa73a4efc393a4b0a1e42dc121ae281b272fc968035a4eb058b591e89ab1b713d78341d2b95768b7966668eb57aff39a78e1fdcb4b72e591af1e9cca644545b9f1a7aa0733d029d0bc6024ae9afa0bcd81bdb045ab2de5dd5af3af3b39286566b71ba9daaf6a5b1e0364e665d9ae068c59e6b82914ad703d5f7fe48fd219941c46993c0ace49f44635391cdb99dcafc2845f20f2641a8386ce48062270219a2cef7f86039adb2638a8138b7598dd3cb455de19b64e0d2ea1e4b46302d68002d5cc781de626f1e8e057c12a8c69730d7f3e444ef1faee533825696e740aa8e464d1c5dd13f18ec48781a8858eee352f69465b1b26220a63347a9f2e2b87e8d1f1849a691f12604feeb1b47f58c753a5bb6d4d03981fa0e3951425687b78e6516b7668fe4d5a6091f49cec0c8da8be0f89fe576fb35e44d724215fb07c8fe05d4d9011cc9a1448ce11e18f197a0e6677225b8f3c3617b9f2e7d035feeffd3abd94287321a5106608a22af339be013b6c057c3b3ef7fb5a714ce92740cf62faea18b00ec198f2f779d280be3eb9bde4f9ba17575ce9b9a319e437cb45ea9e1ce2b8c8bfbe198f1571718489920e93d812534ff58e35a930a3af85cdfc9d7bd55cd885bb59be6ac326f84042abb8803c2b466912f422e4794d398c2fba58c95f3adb7f7df02fe06fff2b3f457af28ea6ccbcda38602a38e180c0071e654f1f75407fcca2a003fa0f693baa078c3adcd3f13f4bff6acd4d93906788bf3cb93141c98a9015e489fa8157ef626dc0e6509c6a1d1d76dd98c344fbc2c4830b222a0719d2fbaf13381d22fbe5d0c90ce2553e7858fb8b2e25e796e6320a2328ecfb8a1571a5f07effd9bc7aa4cc0e07209e1555d4b3e1db350f6f265167ccebc46fc85f4388be0df85f541217a34212986f568552faadda1d0be89918e11d8892fef3aefb51c15e90b9d383d6446c79e0e499ea74667905693774e2cc7533b4cb37093ed97ef9c03daff45ea7146c23c64b7261a6bf3dd47e6beaf0766824d28dc2144871efa52db27ce8cf8262a90b44257921cf3a9060643a73e6cd633577eb1418d3bc3c504c0b056f1a28d382940e2c4c39964dd668fe1128a15df01d0a62caefa9cdb769e581bf2673f838b33b963c4ec0f7deef07df684db97d48d0e1db9f35014be2ea9acf2787cc7d6b5a11f9675970503e16c5353270577684fee484db373ffce364aa30962785a7e6897bf040913582beb9889ea0bd519eda24897006ff70cc4db22f3595a163b33d744a84827f424daae8716c3d2688337763ce9278cca42574b737ee55d9fa8aa80a97870976260a8a9e07765abcbb641c434c671b923e02e7982e25cf30271dbfaee1c606a30ebb04bde1bb88214137de552b86b1259b11b580d6d765d5cd7134a6de8072cbde5fd94c9ed76596dcf75da893a9510821ea8ef8a9ef79bbf57b4705440bb3267c23a1ca95e54ba91e9fe6c0200fd37924bf519784d3b13810e1a0abc58a9ef62612e0ab8cc9fb0c500027e30c04e5772a4065df1ef83f6778f8c2c3c360825bf1db745314c3a0a857c38bc099317ea7c93d02de2acf44abbc017e1139c168cc767bfc4e21e7d4269f1e572332ad420a2bd5989333831ff8acb3fcab1ada0c711c9e431b4ae27a9164384648a6749bac524dfcbe109e9f391c590c744613d0f1159fb092ed2f853c0c04add0e783111ef7cbfaf98dd122d56177621363ea8c7176f1e4c2dd3d94f5918edaab73518e55e6876912a6411faa38f479e0fd9aed468895cf8f9de2b00eeeae9ebd49dd8411c7202127dd48bae96d1163c79978433b7c98639451e1646c786aaf0bd08b14f1ffeb1d61f835e99a50230c0a867b82452fe3fd2605e0beb1be8916733997aed76815c80e6e09b2ca9ec2b92337217e073654e0d633497c2624ec2e3abed78966182e3bb05e1a22cad12b562fcec57db84e07136bdc3be7e5f9ac1e8873f4a1029a2dd5d1cfd11e581ec7c192b97efc02f1fab4a072abd0c975f584ee86aa1f0dccff88ddda727a470ecf8258320dde1bfc9054c1f3530ef6afa157e109215b00edf8f45ad373570ad3f28e19c128144691a67583882e9e84643babfb837ada0d4db4a403f872df08a8df03252ff5d0d093816fea8ed36797eda05838837657816c0d5d077de3bcaa8996b926444353ba1c41ce28ae2805764d8964a02ea51a714e543091ba21218b7a381980d1d72e13ad04990f2d80572ad22e88379137a11d66e564d3fd7bc68c32e32fe503ac537d37315256e5c3908fc1ec7b4cdc9839aff1b55d9ac5ad0571917bf1724661fdf589b9f8c1a599b3316ab7fb863fa23ea2679faea83f8d6408d79a57d41302ead7257ac962abcaed7e5836aadda7aee6165367c9c3a8b20359b238b9485f190600e931429d918b1ac20a9a902b89a0a597490f7e8f9137febaf82db281b261edc17cea371642a7a9e6193b15c0c70322302c3a49b91698273b4850e6b6c58febf69b80cffef663043330ff17a9a9cb92232e903f80791e0c83e0ea14ae5c64676d111c903a26f32fc8bf276790a955624b76173b4c09d0fd66edbf9cc89abb26817323170dcf5f16b31a54d38ce2602d04ab16273f404d2a801f4c0f85c27e8e29b32674f2b6ad7aa53ac1a069c297ce1aad58692f9fa0bd0da125a404c51fd3a6486549af7c2a197ddc4087d1fd5b63fde0a72be1078f24036466c281f1b1e76e9664b5b488fe3f1291ee1d817bb1da52eced89376c6e857c410169e20f25b62c7b343dfd1d24d83835e063782fd87f1e3f14f1a0a7b445ebfd60ba5ee10758f3ae6c6b4abb792de86706a62686537487ef52bbf6f760ffb8adeacddf4fb316243ae0eabc54e7619d20cd3f7d60d49da8f6145eaa6170aa0302c34759a787d79eb3835232d38804bc2548db2dcfa7655566157773bd8e0df3cb4d4128c8cdac03f1fbaab37a985561a299ab203374b8643617371f80ae57cf821d8a0382b340c0860af0a612b7d50830678492fc29ffea37002de2e67357f44be3f7e4bd2641ea6c6b81075795170a9705d5d2b9df91120a78f703d0ada583b5f5d159a91b7f010289a659615ea9f621fcae53c992df4e43fb38b3204f7a6205b1d3112dcf2f01843f346f0b0cee4758bc5e367a38c5b7e1c8cf03aa129679b43762b9da1dddf8c827e6a73a5af5a0a3f8e6fa012fb9c0834d04aac82f820582beeab929613a99f2b8b567b1d4ef57ff58b8757e35c9699bf4a4836e683123d5ea158e8666e576ea38a1e0258c42b4ad92fed0fa5d1f209e2202e36ad2430cd9d7ca8d8fbd68e23f9d3bba1b5774173ee10e082bfb0dc83e3ba4b15ba1d39db2895070b02f6b53e506163d8284e198bea9b733cf24d66f60c59b79c41f4bc5e25515e0f753871106d73a54e6064c172ba374a13a1f71c7f197a79ae854fbf4ca23de609dd05104352186c662e760bfe88982b3c9d6201a1729c8f6969beeb942317260d247cc8274c8fdff60aaf4a533a62ba5a8fbe9dc69fd6ed40fb80a9f6d0cc113564def0e1d3b684b2db39072ba3c0960054e1bbeaff408ee266e6e5a17667ae8abf89e403548f19da9074213e39040566b03b417877be011c647412069694ab79b2462349dd9f1c1a846a0771439523566f585149bebe949a46b78301557f1efe85340cd8d097cce6c98baaa13700e40e0f4355834fb94331b1b0012020cb05dcb422f38a928e80998bd4f046af1f6b1554dc8516833b077ae2c97f46c05f35ebba6b399f2c2f86ef1d8cb610ebd72d5986ca8fd367e4ae7e2f40a07546cdc4d6ed61363b39c5b22233db6ae9e755401d54634972b7c410774bab6e2cd729d15670aa6a62517cfdbbe7b941f20d6d46e8ad231f382a2bbe472b8af40992b8ad8cbfad64637fb04c67916c2919532ef7af2e75ff987044f48e8c34746688b95b28b744f1e38564d7a3cd0549046b5ca347b8b46e24b7dfc21ed236947d5c6b17e259a154856bbeafb1eb48ea9ecc7afb4e050ec440d6cdd9be44ec054ae76f33c5334fe4d3c728313a49a1c1c290c41f30f9223d41a91b434edfe9e4d68fe3937b21b9e3800fa5356080a730f7aba722e8394abbb3d5dbc5661d9e114fe80808d183ac4b29a1a13d5f3f0e135875ae6fdbbdac751cc05b6634134d5a548d94af282f14ed89a7238564f571b38e8627508387c9e519f684da6c406db7927eee60431309a29ad31b9c39c6653659c84b66c3a4d7a077bb09193fafa41866436c7cbb211e338cacd07a1fabedfcae40dccb4e83db2c7edef85ed2b651b8cc573a37d4b43fb952b1ddaa22049833fdffb4f5f88ab9e6637f14ce4061b89a6d1c926ac8c480dbbab496d5ccce1d89cfdf16c6a6a1f667f35c59ffab32943eba6addaf5f2df6ef98f75a80b4f74b18a90b7d6f87a6ee39e414560a97202e42382a3e4fdfbade2591d0c2f5d3c200281ddb954a44b763325a3e10c299d592adc68b5620d52e5d949952f1f64ad1240f55e50c5f7829d5f609e7363b8417c21069d893acf40fc98545b38c412fbfbeee915472a2bf6c84983c42ea553715f791d45a8b0404a57a5477a8771e664030b467b2e904b520992025d5da967f0245abf6b8fd36202fde76cca642f836cc65b5043d71c50285b1f29b705b4ea95f4c62437c05b3b8b0b9176643901b92ae213a9f2197578c38feb17116c254f6cd73c40a26d00a66a2f51b38e07dd0b5faa3aba8da627a17ebe3b906e572de0156c2261c878da38553055ae7a3a8c090175cae92e9618cddd52c8f60dcebe80ce96bb2a16366a627cc98d2bf48ebf9d79d6a33ad95ce8607932802dd7193e0c70a567d8588f278a3e50be89d19eec2ade1bf30794087a526e3f39d6a672bb03a37d66ff6c418d292c80ea8be3118718425d985a02ef7c4a6174c0a2e61f7da2119a4957e75e8edc4794f05a7e2784bd5de45ef3c7b7d733d4e612d29526ede3b0451809d70bbbb88626bc2c2c7133ad58d169d20a527d8f4cda4fa37280d760c8426ba4398ed99f517733a99bef6bf431a13dbe86bcc883a8295d30deb1efd5bff65b3b88e81db6b95da98848cb2fc1b5b04cc8d568c93af3d436cd641f9bc7f5a1309ef14561e9c361f7066d6609189ee537167f853dc2660808338df017a77e2cf2805cd2036411c8f7e413d870eeca51c69b155595e30e0b3fb52d3172c5b9038d74f40ff964a886fe2b674465fafe494255d9c4e98199a4dff44f71899f542207a9a57f0e7d21dd38b94c5e7e0a7854f807a7434a0798101f2bd143cb092b36811afdf7dd77e853ddedbf156cb9c2142c27014bf2ca427abaa44b8a41120678b0c7a939c52a29ae2fb801b49b9af6013a765a9cf33e55d5875a9f8039752979d7f75b4521ce8bd53eaaec36a3d36cb72b80fb53bac067aafb07c83142dd43aabe735736fd02eb5d60d7c8409853e8cb4cd66a29237fb05b6006e5f2231fe6007fb848a8cadc28db4101318393089e510174760d959a44d28bae1c22409f0d55096ed6cac0c8ce077e6c7c9fb9429981d6f4a9d25ac6f3fce009403927ddc606a278f8160bf0126fbebdcd0a4cc27fe3ce0b1b1bb1782", 0x1000}}, 0x1006)

30.881886952s ago: executing program 0 (id=3308):
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xa6}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6(0xa, 0x3, 0x7fffffff)
syz_emit_vhci(&(0x7f0000000780)=@HCI_EVENT_PKT={0x4, @hci_ev_pin_code_req={{0x16, 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0x9)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffed]}, 0x0, 0x8)
kexec_load(0xf5, 0x1, &(0x7f0000000b80)=[{0x0, 0x0, 0x0, 0x1000}], 0x0)

29.868429143s ago: executing program 0 (id=3309):
mmap(&(0x7f0000261000/0xc00000)=nil, 0xc00000, 0x3000003, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
memfd_create(0x0, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="5cbf8164aa7e02df717bbfcfec51a7f76ca2c146232089848de0f35be50c270d0673c4e728232815dd6d11be436391e2e117258a4a60", 0x36)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)={0x6})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=ANY=[@ANYRESDEC=r3], 0x4c}, 0x1, 0xba01, 0x0, 0x20000084}, 0x48854)
pipe2$watch_queue(&(0x7f00000000c0)={<r4=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x10)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r2, &(0x7f0000004980), 0x0, 0x2000c810)
setsockopt$inet_tcp_TLS_TX(r2, 0x6, 0x1, 0x0, 0x0)
socket$kcm(0x10, 0x7, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, 0x0)
r5 = creat(&(0x7f0000000340)='./file0\x00', 0x8)
close(r5)
socket$l2tp6(0xa, 0x2, 0x73)
socket$nl_generic(0x10, 0x3, 0x10)

28.328565891s ago: executing program 0 (id=3312):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r2, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x50000}, {{0x0, 0x0, 0x0}, 0x40000e}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f00000007c0)=""/245, 0xf5}, {&(0x7f0000000240)=""/97, 0x61}, {&(0x7f0000001400)=""/4103, 0x1007}, {&(0x7f00000006c0)=""/229, 0xe5}, {&(0x7f0000000000)=""/222, 0xde}], 0x6}, 0x80000010}], 0x4, 0x40000302, 0x0) (async)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x53, &(0x7f000002eff0)={0x0, 0x0}, 0x10) (async)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r3, @ANYRESDEC=r2], 0x64}}, 0x0)

25.346819537s ago: executing program 0 (id=3320):
r0 = syz_open_dev$usbfs(0x0, 0x206, 0x121102)
r1 = socket(0x2b, 0x80801, 0x1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000040)="b90103600040f000009e0ff008001f", 0x0, 0x100, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000040), 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x48)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f00000002c0)='./file0\x00', 0x0, 0x4008, r0}, 0x18)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x44, 0x2, 0x6, 0x5, 0x600, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x44}}, 0x0)

25.208294887s ago: executing program 0 (id=3322):
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$P9_RGETLOCK(r1, &(0x7f00000002c0)=ANY=[], 0x200002e6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e000000040000000800000007"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xf, 0x4, 0x8, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa20000000000000702000000feffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
fcntl$setpipe(r1, 0x407, 0x100000)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0xaea6, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102400, 0x19000)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, &(0x7f0000000440)={{0x9, 0x1, 0x9, 0x89, 'syz0\x00', 0x2c7a}, 0x2, 0x20, 0x100, r5, 0x2, 0xda, 'syz0\x00', &(0x7f0000000180)=['devpts\x00', '/dev/cpu/#/msr\x00'], 0x16})
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={<r7=>0xffffffffffffffff})
fcntl$setsig(r7, 0xa, 0x100004)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x40, 0x5d, 0x2, 0x190b87f9}, {0x6, 0x0, 0x4, 0x1}]}, 0x10)

23.700299596s ago: executing program 0 (id=3327):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x8000000000000002, &(0x7f0000000000))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x50, 0xffffffffffffffff, 0x4000)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0xee31b000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r5, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r7 = accept(r4, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)
recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)

8.574258252s ago: executing program 33 (id=3327):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x8000000000000002, &(0x7f0000000000))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x50, 0xffffffffffffffff, 0x4000)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0xee31b000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r5, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r7 = accept(r4, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)
recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)

7.876135324s ago: executing program 4 (id=3363):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94)
syz_emit_ethernet(0x106, &(0x7f0000000300)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0xd0, 0x3a, 0x0, @loopback, @loopback, {[@hopopts={0x51, 0x15, '\x00', [@ra={0x5, 0x2, 0xfff}, @ra={0x5, 0x2, 0x6}, @jumbo={0xc2, 0x4, 0x1197}, @generic={0x6, 0x96, "806ba986898319d4c6af2c6430a3aeb5317bffb685c742b0490008bd85331b86240693f91cc6bd30331429fa7d7be30e03792575b1c40a7b570bfc788741f69ecfdf795ece421b653964657d3e026da6c5f5d67b2f8da617c21cb1afcdda9f92dd442676cfb5909b3291e7b42c9e61c9bbd77f493defb1585b52c16d5f64d2a0e344e2c4a1be1837f61f15fd6d5444f3e01ff02077bf"}, @pad1, @pad1]}], @mld={0x83, 0x0, 0x0, 0x9, 0xc036, @remote}}}}}}, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xfffffffffffffd2e, &(0x7f0000000000)='e', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x48)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
ioctl$KVM_GET_API_VERSION(r2, 0xae00, 0x0)
sendmsg$nl_crypto(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000a00)=ANY=[@ANYBLOB="e0000000110001002cbd7000fedbdf25647262675f6e6f70e4e0005c61725f686d61635f736861b235360000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000edffffffffffffff00000000000028000000140000"], 0xe0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

7.281448484s ago: executing program 3 (id=3366):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8)
sendto$inet6(r0, &(0x7f0000000140)="f4", 0x1, 0x8000, &(0x7f0000000240)={0xa, 0x4e20, 0x7fffffff, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x5}, 0x8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
connect$netlink(r1, &(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfc, 0x8}, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000015c0)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001580)={&(0x7f0000001380)=ANY=[@ANYBLOB="140000001000050000000000000000000100000a280000000b0a010200000000000000000a0000080900010073797a300000000008000c400000000914"], 0x50}, 0x1, 0x0, 0x0, 0x20004800}, 0x4000080)
socket$inet6_sctp(0xa, 0x801, 0x84) (async)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8) (async)
sendto$inet6(r0, &(0x7f0000000140)="f4", 0x1, 0x8000, &(0x7f0000000240)={0xa, 0x4e20, 0x7fffffff, @rand_addr=' \x01\x00'}, 0x1c) (async)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) (async)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x5}, 0x8) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
connect$netlink(r1, &(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfc, 0x8}, 0xc) (async)
sendmsg$NFT_BATCH(r1, &(0x7f00000015c0)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001580)={&(0x7f0000001380)=ANY=[@ANYBLOB="140000001000050000000000000000000100000a280000000b0a010200000000000000000a0000080900010073797a300000000008000c400000000914"], 0x50}, 0x1, 0x0, 0x0, 0x20004800}, 0x4000080) (async)

7.022877619s ago: executing program 4 (id=3368):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$rds(0x15, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
getcwd(0x0, 0xfffffffffffffe7d)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xd, 0x1c, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

7.022498574s ago: executing program 3 (id=3369):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@delneigh={0x30, 0x1a, 0x1, 0x0, 0x800, {0xa}, [@NDA_CACHEINFO={0x14, 0x3, {0x7}}]}, 0x30}}, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r3 = accept4$unix(0xffffffffffffffff, &(0x7f0000000a40)=@abs, &(0x7f0000000980)=0x6e, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64=r3, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r4, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000700000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

6.74005242s ago: executing program 4 (id=3370):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000e40), 0x40040, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xa)
mkdir(&(0x7f0000000100)='./file0\x00', 0x24)
socket$unix(0x1, 0xc17a9ab45fe0440f, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40880}, 0x24000800)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xc, @multicast, 'ip6tnl0\x00'}}, 0x1e)
syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@local, @remote, @void, {@llc={0x8864, {@snap={0x0, 0x0, '~', "3fab95", 0x892f}}}}}, 0x0)
r3 = socket$phonet(0x23, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'hsr0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0xc})
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xe315}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x44}}, 0x0)

6.703141992s ago: executing program 3 (id=3371):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003600)=[{{&(0x7f0000000800)={0xa, 0x4e21, 0x6, @private1, 0x4}, 0x1c, 0x0}}, {{&(0x7f0000000bc0)={0xa, 0x4e23, 0xa1, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x9}, 0x18, 0x0}}], 0x2, 0x400c404)

5.946453367s ago: executing program 3 (id=3373):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$alg(0x26, 0x5, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/tcp6\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f00000001c0)={<r4=>0x0, 0x3, 0x30}, &(0x7f00000002c0)=0x18)
getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000300)={r4, 0x7c7b912c}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x89f0, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, 0x0}, 0x50)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014"], 0x98}}, 0x0)
r8 = bpf$PROG_LOAD(0x88, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x8, 0x3}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x7}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r5}, {}, {0x46, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x5, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r8, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001200)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x8, 0x0, 0x0}}, 0x10)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000005c0)={'syz', 0x1}, &(0x7f0000000980)="475a251bdb1e4c438649cdf2494dde32cd76aeabc8ca949257819f25159c532504978ed33d145658cce40a3dd867df925cbedfbd01f157cae933c958c5dfdc1e0132e03f60e3418410fe17f95bdb8090c4adb3636ea342fb8589cf4944e42579da1d2aa919fa78d9e27565fc30d2513293f3cc7d6c7d2d1fb756b0d7b352efd07bd38bedcabb8d856610db17155de5bb0409e3713b2c73464055345b98fe30949e7ee8cddc663f3d5d50881520df8da5115d6d8d81bc62e8dde2460f128365ca184efc5e1b14ff3f4ad1c1f7bad98a9435c0d757ddb9dcd577f5ae33ef675676ba7b44be538aeec0e6ec4973865dc2bb0f0847ded0a131f3b01ac48e070783564cd9031b3b9fcbeafb69dd253e8cbc2c12307f03154573a27f6f00073aae7c4c1701a3f745744c254ddd3b43988c7bbdec9c1e158fda3cdffc887206b78fb1fc943810dc473894738286878513d06aa7f074a11983261f5be648b4b76893a5f733bdafcf42427743534de2bfcf27f014923488c6476dd417344045c747c68c69e3eb5357e69d97a2cfafa44e2547aa21548dfc0739e49321684120c8bdb64448689a3412eebaca2e4b2a2ecf96690f9fec7d569087bc8561cff6012cf5cb14775230226b95a9ded9cccfedafe61c550376adf0b1b59abf9f92da6247e1061afe2eaa9d8f5a28d63db50fca875020da59426501eab6602beb74de33df143ccb60c70f950f5f53f1d5aca6371dfc8dd68cbe7ccfbe0f52e1ff238105dd93d8a3a72da45ce79824d6b091d9c91509cb290afd01f1945b118f2c1c58f17c0b59fbd872412d7d291dcecad019af039375aeee7ddcf36ede82914f64bb41281962c9b10216907c37d06aa5a5b33afe0547c6726ee169779ad6d5cfc5f373f75b234df4ac2007c6db9dc6a0fc3e7e1d2f2658e928c2a854483e6780d69908692d0166ab5334cd5ceb7a69a420803b7ca33e4609f61cfda3b631b54fb81a7473b4bbe2eabc17276f8a009668d634f332fe47fda76a1fae8fe9c3c8962f7ca7a102d5ecd1d6029abb6c422026af6ef277a4c6c21f07121cd8bcce6f1792ea6a628580b478d72b32dd50f59e893bfcf353bea1e2ddbd349c16ccc23bceb8f3b64aa16257eedabadaead30f912bd0e579c0b71e6cd86804fc39a074f94da63f0db97c5f41e38541bf441f49d2751966cc78dacd150ae0b91ffe1f5a117fe494a8b60a17ccfbc780f82f0ea96d8db842e07fb4d68edbe28119a6c2ab72ea15a5ba75ac8193dd7411d9aeece6fc23ac00370c84d7e03990ca3697a0187cc3286e4536ace023ec21389ff08cddb1e9075d1e1b3a98a95720f44e50830ad54fecd437a40f483579c7a5eb40e52e75099d9ada449ba4d0751e44de6edd5e17caa91cfb3bf88bb1e093bd76952c80669845d3cbcde8acf7415ed30ad3a0ff648968d036af2de90f2ab93b250b9386fcba42c1ba01cc951fa1f62ebbb99ad6576d803d29e81ed319350ee0a032bfab9b079ea5a29c66f665ce9ccb6b908593ae2406332c5ac7d11c9b830593576177b2af5d70c65dda56b98448862b75a54b3447534d45e0b5a52edc1a76c97f511030bd261bb1a443e1a38a78973f0781efa9910ebe207457587dbc803e68b2cb985c03c4dfbac440d58c90de66a634c07b13197b9e7d42657fb0537abe475fb56fe24cdcd771d9ac5bcea1c915a77d731d2d16a54885387e034aab6db1718521eeb07b0326d23decd5bba45b311d8617bbfd3afc10923567e8987c95260ab90ba3ff1309273a2a615174d9a33c11bfd393013c314d3df8cf4e584b752c30f54e09a38409a34cdaee74f30547b7dfdb3c48d6b4d5b7346ebcaf7fdbb91d9d45ba303e2ea2736f28301c7b8354bc6f89f58841cb844646a57153c83cd03687d8d3a6b95e93f8abd1218af123ada0de5025d18e4599c8d34cdd8ecf91af7a647c6b43d4704446a104829783ec10b68d95418ddfe8b0dc6552069bd07e4452821317131b7a76887fd792c431e6c07d770926c4e60243d198372482b911d29daac57d", 0x5a5, 0xfffffffffffffffb)
ioctl$TIOCGPKT(0xffffffffffffffff, 0x40045431, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x4004)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)

4.922581307s ago: executing program 3 (id=3377):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x44, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x7fffffff, 0x46}}}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random='n'}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_BSS_BASIC_RATES={0x5, 0x24, [{0xb, 0x1}]}]}, 0x44}}, 0x4800)

4.737451974s ago: executing program 1 (id=3378):
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x2c0, 0x0, &(0x7f0000000180)=[0x6bd1a312, 0x5, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x100000000000004, 0x4, 0x100, 0x9004, 0x0, 0x3, 0x4, 0x5, 0x49, 0x3ff, 0x5, 0x0, 0x9, 0x8, 0x7, 0x1c1, 0x1000000003, 0x2, 0x2, 0x6, 0x7, 0x96, 0xffffffff, 0xffffffff00000000, 0x5, 0x4, 0x7, 0x23b, 0x3, 0x2, 0x5, 0x4, 0x4, 0x6, 0x6, 0x3, 0xa3de, 0x1020000000006, 0x8, 0x5c3e, 0x400, 0x10, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x7, 0x4, 0xe6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0xc, 0xd, 0x9, 0xe8, 0x80000000, 0xfffffffffffffc00, 0x1, 0x4, 0x2, 0xcdc, 0x7fffffff, 0x2, 0x5, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x6, 0xab6, 0x0, 0x100010000000004, 0xfff, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x400000000008061d, 0x3, 0x8, 0xf6, 0x4, 0x6, 0x200, 0x7, 0xe53e, 0x2c, 0x8, 0x2293332f, 0x6, 0x5, 0x0, 0xd, 0x2, 0x5, 0x2, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x8, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0x3ffc00000, 0x8, 0x3]})
ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x8, 0xc003, 0x3, 0x5, 0x0, 0x4, 0x7, 0xd, 0xb9, 0x0, 0xe, 0x4, 0x208}, {0x804, 0x1, 0x4, 0x45, 0x7, 0xff, 0x2, 0x0, 0x0, 0x0, 0x4, 0x7b, 0x20c}, {0x1, 0x6, 0x18, 0x5, 0x80, 0xfd, 0x3, 0x2, 0x0, 0x70, 0x4, 0x7}], 0xfbffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x5ffffffffff, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0x1, 0x202})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000480)={[{0x9570000, 0x3, 0x0, 0x0, 0x85, 0x1, 0xff, 0x2, 0x6, 0x4, 0x47, 0xf, 0x1}, {0x9f83, 0x7, 0xe, 0x5a, 0x1, 0x3, 0x9, 0x81, 0x7, 0x5, 0x6, 0x3, 0x6}, {0x6, 0x1005, 0x81, 0xa, 0x6, 0x46, 0xf8, 0x4f, 0xc, 0x98, 0x1a, 0x1, 0x8}], 0x3})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="011a1b0000009fd4e09f7a4a"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0x4e20, 0x6, @remote, 0xb}, 0x1c)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e24, 0xffffffff, @ipv4={'\x00', '\xff\xff', @local}, 0xa}, 0x1c)
syz_emit_ethernet(0xfef3, &(0x7f0000000200)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x64, 0x11, 0x0, @remote, @local, {[], {0x4e20, 0xe22, 0x64, 0x0, @wg=@response={0x2, 0x1, 0x100004, "628e0960f6d6d3f6ee6d6b84b345dccac643e7df3e526ff07833b291322d4a74", "882ed6741e7632daeaec0c95f2ad1cd6", {"8fb3d9fd3efe8e4ea8b5ec7448ddd6a3", "215990e1b896120966af96b22cf049f0"}}}}}}}}, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r3, 0x8004e500, &(0x7f0000000180)=r3)

4.732480075s ago: executing program 5 (id=3379):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$rds(0x15, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
getcwd(0x0, 0xfffffffffffffe7d)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xd, 0x1c, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4.390995232s ago: executing program 3 (id=3380):
syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x15, r2})
r3 = openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0xfffd, 0x0, @mcast1, 0x9}, 0x1c)
r5 = socket$igmp6(0xa, 0x3, 0x2)
read$FUSE(0xffffffffffffffff, &(0x7f0000001900)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000003940)={0x60, 0xfffffffffffffff5, r6, {{0xffefffffffffffaa, 0x5, 0xaa1d, 0x6, 0x7, 0x7, 0x7ff, 0x1}}}, 0x60)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
ioctl$mixer_OSS_GETVERSION(r3, 0x80044d76, &(0x7f0000000800))
sendmsg(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="2c10", 0x2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
unshare(0x6a040000)
r7 = socket(0xad8be4affdeeb8b5, 0x3, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000740)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd6019270600000000000000000000000000008000000000000000000000000016924ad53852422901fa00aa0000000e0000008b6411c8ae0000000000008b", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000200)={'macvlan0\x00'})
sendmsg$nl_route(r7, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003a00)=ANY=[@ANYRES8=r8, @ANYRESDEC=r3, @ANYRES32=r8], 0x2c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0)
ioctl$sock_netrom_SIOCADDRT(r7, 0x6180, 0x0)
connect$pppl2tp(r7, &(0x7f00000007c0)=@pppol2tpv3={0x18, 0x1, {0x0, r9, {0x2, 0x4e22, @local}, 0x3, 0x4, 0x2}}, 0x2e)
r10 = syz_open_dev$sndctrl(&(0x7f0000000040), 0xfa2, 0x109000)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r10, 0xc1105517, &(0x7f00000003c0)={{0x80400005, 0x5, 0xb48, 0x7, 'syz0\x00', 0x1}, 0x3, 0x40, 0x7, 0x0, 0x4, 0xfffffffd, 'syz1\x00', &(0x7f0000000840)=['.*\x00', '$%]]^-\x00', ')(\x8f\a$.}}{:\x00', '\x00'], 0x16})
recvmmsg(r7, &(0x7f0000001840)=[{{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000003a40)=""/4103, 0x1007}, {&(0x7f0000000080)=""/197, 0xc5}], 0x2, &(0x7f0000000240)=""/215, 0xd7}, 0x6}, {{&(0x7f0000000500)=@in={0x2, 0x0, @local}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000580)=""/136, 0x88}, {&(0x7f0000000640)=""/161, 0xa1}, {&(0x7f00000001c0)=""/14, 0xe}], 0x3, &(0x7f0000000700)=""/51, 0x33}, 0x1}], 0x3, 0x1, &(0x7f00000039c0))

4.389913732s ago: executing program 4 (id=3381):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$kcm(0x2d, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r0}, 0xffffffffffffffd2)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='mm_vmscan_lru_shrink_active\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40046f41, &(0x7f0000000440)=0x1f)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB="0300000004000000040000000a0000000000", @ANYRES32, @ANYBLOB="0f00"/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="03000000020000000400"/28], 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001500)=@bpf_ext={0x1c, 0x10, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000001000000000000009c94ffff18110000", @ANYRES32, @ANYRESOCT=r0], &(0x7f0000001180)='syzkaller\x00', 0x4, 0x17, &(0x7f00000011c0)=""/23, 0x41100, 0x62, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000012c0)={0x3, 0x9, 0x10000, 0x10000}, 0x10, 0x274f8, 0xffffffffffffffff, 0x6, &(0x7f0000001440)=[0xffffffffffffffff, r5, 0xffffffffffffffff, r5], &(0x7f0000001480)=[{0x3, 0x1, 0x10, 0x1}, {0x3, 0x3, 0x2, 0x2}, {0x5, 0x3, 0x1, 0x7}, {0x2, 0x1, 0x0, 0xc}, {0x4, 0x2, 0xa, 0x8}, {0x0, 0x5, 0x80000f, 0xb}], 0x10, 0x8}, 0x94)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0xf, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0xba}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20}, 0x90)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r6, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x0, 0x2, {0x4, 0x1}, 0x3, 0x800})
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x195)
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)

3.747370877s ago: executing program 5 (id=3382):
keyctl$join(0x1, 0xfffffffffffffffd)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x17)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0xffffffffffffffff)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0xd]})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03080000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021440000000c0a09030000000000000000070000000900020073797a31000000000900010073797a300000000018000380140000800800034000000002050006405200000014000000110001"], 0xc8}}, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000440)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a682174f000000000000000010e200"}})

3.650725474s ago: executing program 1 (id=3383):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000004c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
lsm_set_self_attr(0x66, 0x0, 0x20, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_COALESCE(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, r3, 0x100, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x1e}, @void, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8c4)
ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f00000001c0)=@generic={0x0, 0x610, 0x200})
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'veth1_to_bridge\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES16=r5, @ANYRESHEX=r0, @ANYBLOB="0300"/20, @ANYRES32=r6, @ANYRESHEX=r5, @ANYRES8=r5], 0x50)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYRESOCT, @ANYRES32=r7, @ANYBLOB="4349d1f2ced513d0e245763f8967f6f406c2a77e80037f40b588e176", @ANYRESOCT=0x0, @ANYRESOCT=r2], 0x48)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$sock_buf(r9, 0x1, 0x4a, 0x0, &(0x7f0000003080))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f0000000200)=ANY=[@ANYRES32=r9, @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000018000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a60000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x11}, 0x94)

2.631939925s ago: executing program 4 (id=3384):
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x40)
creat(0x0, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[], 0x50)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r6, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4868b81f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e347081fdb93cee93217e11f19cde423e6138bd1b79ee615527ccaf8049959ac6e32af46d777ccb8c26ca925f69590df13a81aee3213e80ba5cacf1f930b3cc49093d11594ef13325790b55efbdc0dd99ed1c3c609a49cc151", 0xc4}, {&(0x7f00000002c0)="9c811ff500139d7d28a5f0de630ec6041ed353d314e58721edf306c382ac611fe34479cb9e2585745ff3c61da74b06eb64f69a4e90d706178176dc533f123b66d04d51fb740c1efdf8db3b99ed18fb67c1f75ef7d55b3bb185f5f38665ea5e09", 0x60}, {&(0x7f0000000380)="3f82090ccda4f8ce1b08afd200c6075794cdd2e0021e32a0f6267447162a2085457cf687e74d142e85e9c4ac6eefcdaa493bcb54152b1339a38d3898707b77a9333cfb7bdc7c523ab4", 0x49}], 0x3}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b", 0x37}], 0x1}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade", 0x14c}], 0x1}}], 0x3, 0x0)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r6, 0x0, 0x0, 0x10008095, 0x0, 0x0)
shutdown(r6, 0x1)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040), 0x0)
socket$netlink(0x10, 0x3, 0x0)

2.618019246s ago: executing program 5 (id=3385):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="110000000400000004000000ff00"], 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r3)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)

1.622851052s ago: executing program 5 (id=3386):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$inet_sctp(0x2, 0x5, 0x84) (async)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f00000004c0)=0x8)
setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000000)={r3, 0x1}, 0x8) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a00)=@bridge_newvlan={0x18, 0x70, 0x239, 0x70bd28, 0x25dfdbff, {0x7, 0x0, 0x0, r4}}, 0x18}, 0x1, 0x0, 0x0, 0x800}, 0x8008) (async)
syz_usb_connect(0x5, 0x51, &(0x7f00000001c0)=ANY=[@ANYBLOB="120101024cf1c50863070210845f0102030109023f0001000000000904000005ff87e7000905ee63dd0000000009050300000000000009050cf2010002060209050f000000400000090507cade"], &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0})

1.569777693s ago: executing program 4 (id=3387):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000300)={0x4, <r1=>0x0}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000c80)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597", @ANYRES32=r0], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xfffffffd, 0x1}, 0x8, 0x10, &(0x7f0000000000), 0x10, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x6, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000004040)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x20, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
ioctl$MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000c40)={0x0, 0xfe72})
ioctl$MON_IOCX_GETX(r3, 0x80089203, &(0x7f0000000a40)={0x0, 0x0})
syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
sendmsg$OSF_MSG_REMOVE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)={0x268, 0x1, 0x5, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [{{0x254, 0x1, {{0x0, 0x3}, 0x26, 0x8, 0x10, 0xfffe, 0x22, 'syz1\x00', "7aa06b42c8ac3809cdf3c705106929186116c0b29127fa62a4b71e2f36f21f58", "6abb2ea546c7765d5298e39a6e548899a2725112f14ea62815d91663acd3b99c", [{0x8, 0x8, {0x3, 0x401}}, {0x0, 0x9, {0x2, 0x8}}, {0x0, 0x5, {0x0, 0x3ff}}, {0x2, 0x3, {0x0, 0xbd}}, {0x3, 0x6, {0x3, 0x23}}, {0x531d, 0x75, {0x0, 0xaab}}, {0x7de, 0x6, {0x2}}, {0xd796, 0x3, {0x0, 0x90000000}}, {0x200, 0x9, {0x1, 0x3}}, {0xbfdb, 0x1, {0x1, 0x80000000}}, {0xffc0, 0x9, {0x1, 0x7}}, {0x8001, 0x8000, {0x2, 0x10001}}, {0x8, 0x5, {0x3, 0x3}}, {0xf6, 0x4c17, {0x1, 0x1ff}}, {0x3, 0x5, {0x1, 0x8ed}}, {0x0, 0x9}, {0x2, 0x7, {0x2, 0x5}}, {0xe, 0x3, {0x2, 0x1}}, {0xfffb, 0x0, {0x1, 0x1}}, {0x0, 0xa, {0x0, 0xfffffff7}}, {0xffff, 0x5, {0x1, 0xffffffff}}, {0xa, 0x1, {0x1, 0xf1}}, {0x4, 0x8, {0x1, 0x1}}, {0x400, 0x5, {0x3, 0x6}}, {0x5, 0x6, {0x1, 0x8}}, {0xcf7, 0x81, {0x0, 0x6}}, {0x6, 0x401, {0x2, 0x5}}, {0x4, 0x5c, {0x2, 0x7}}, {0x5, 0x1e, {0x3, 0x9}}, {0xb, 0xff, {0x0, 0x3}}, {0x9, 0x246b, {0x1, 0x9}}, {0xfff, 0x2, {0x3, 0x5}}, {0xe, 0xfff7, {0x3, 0x321f}}, {0xef, 0xbf29, {0x0, 0xffffffc0}}, {0x3, 0x73ac, {0x3, 0x9}}, {0x25f, 0x11, {0x2, 0xbc}}, {0xe, 0x9a, {0x3, 0x100}}, {0xbd4f, 0x9, {0x1, 0x5}}, {0xf8, 0x3, {0x0, 0x7}}, {0x7, 0x5, {0x0, 0x1}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x24008010}, 0x844)

1.469095749s ago: executing program 1 (id=3388):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, 0x0)
r1 = socket(0x80000000000000a, 0x2, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$sock_int(r2, 0x1, 0x10, 0x0, 0x0)
connect$unix(r2, &(0x7f00000008c0)=@file={0x1, './file0\x00'}, 0x6e)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, 0x0)
umount2(0x0, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400}, 0x0)
chown(0x0, 0x0, 0xee01)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000340)='./cgroup\x00', &(0x7f0000000300)='squashfs\x00', 0x1a0c000, 0x0)
fgetxattr(r1, &(0x7f0000000000)=@random={'security.', '\x00'}, 0x0, 0x0)
r5 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
ioctl$HIDIOCSFEATURE(r5, 0xc0404806, 0x0)

1.468622182s ago: executing program 5 (id=3389):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x8, 0x0, 0xfffffdfc}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000400)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffe, 0x0, 0x4)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000001180)=0x2000000)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r6, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r6, 0x5008, 0x0)
ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r6, 0x800c5012, &(0x7f0000000200))
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)

376.496648ms ago: executing program 5 (id=3390):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xa}}, 0x14}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002940)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xcb}]}, 0x2c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r6 = fsmount(0xffffffffffffffff, 0x1, 0x7)
setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f00000002c0)={{0xa, 0x4e22, 0xfffffffa, @loopback, 0xa3d4}, {0xa, 0x4e23, 0x1000, @mcast2, 0xe0a}, 0x0, {[0x2, 0x1, 0x9, 0x5, 0x1ff, 0x200, 0x1, 0x3]}}, 0x5c)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000004c0)={0x64, r5, 0x1, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x3f, 0x33, @probe_request={{{0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x1}, @device_b, @device_a, @initial, {0x4, 0x9}, @value=@ver_80211n={0x0, 0x9, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, @void, @void, @val={0x3, 0x1, 0x74}, @val={0x2d, 0x1a, {0x80, 0x0, 0x5, 0x0, {0x2, 0x10, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1}, 0x300, 0x4, 0x8d}}, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}]}, 0x64}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008080)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000008d02"])
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000440)='contention_end\x00', r10}, 0x18)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001b80), r11)
r13 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r13, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r13, &(0x7f00000021c0)={0x2020, 0x0, <r14=>0x0}, 0x2020)
syz_fuse_handle_req(r13, &(0x7f0000004300)="afe28a28263ffd9dbc5af980196765a3c1f82c4a1fae7a322fdf0f6eec50303f6104db417704a701a8d6c5e7f5c99a5cf3eed4e0e1c82545122d6933469933ec605aaf61a5b8b1f8aacbafca498796976da62837e4a0d818ea71474d0412cfe162a7260456c425f2604cbd262e2aef92d09d6d2e105b7e7d377c95ccfe1d0f9af9f7e6a6d85d4a8ebee6fa703efd8c4a106793205a405938d47f97266eaa5fda88f11a03a8305399889ccc48f85c4b6a7747f489dc76c93b06be84635190224018e13954cd2fe714fec88f6aac3c57d5fec99307b8c8327e8854000e81d781e2f5bc37e96bbc3077555f696c6fadd199d9bfbf0997e76925fe17923ac5976e32f52ee407c43070cd8a709a2326ac96b94051cd0cc8f29b43edbc4ed850ae7a30b45db7e72114aeb46bd3a91775582c9206a638456a0e3da847a7be2e21620df89ea7e2da53f77f39cf0eb2d0b601d507d4dd57a534b5c77076052cdb03dd0c241f75f442fdb07624ad9d9fcbba92a4f20b20b424e3c9c92f2831e5efe0be454f3b4dbb9dbe6152bb152206ff0451edeffdbaba54deb39f00e74297c676effb60950dce7a847031ca85a1b3690f573bc31094d6e7d95f5821c0eae6a2685958619d94108eefcbc0dc5dda47ca509878dd8caa875d69af6c88997b5d67e5c67bf9daf89547a55061eb0cc55e2c696b71c7384ba16928fa81f7394a048329c467ef813df172236464f9d1418e5d5386b0eb6d5c4f765d0246ee91ab39c07310b61680788e3a57dab96d1eabe1a0efc2b6c882aed50d993d15f8561bc1f6bde7e79b711bb206685344aae196c1c4b97cd515911341cd60c6ad108e0013f87d063385ea5f057de4315284cb6f8545436981ce1c4bbf13f178e3a504bc0c8b1bead105f7e7622c288aca7206ee18dbb97b1b393d102d9c65e3a765e87f554d98383e4e49ad1c600d8fac4acb970ce04e0c866806bd44b21b5c891c3bccefb87bdf389d6a36992cacfe52b96e7e1014cc58ec29fe0ac221ea6d49f759f2a746e7603272d572515fbbb33d2b6f94eb9c6571118b606e18ef88ff88366aa3ecccd6c845f9b8534f49997c940a930693fcdf742fde3676c6cee9eda06ab856a4dfee75c7c9cda6b11da6441644b62116e6fdcae5b5e0148047028a5842c21fb9637771a5ac84ba9740c9c9b56b58c08730a48e81c05b312449edd27843c173d1875c28aeca43761a06fed193378129243aa514bf74d6b76ccd70807440401948d6f3bd9a352cd432e1289f2d4e78add381e4477dd8ac2f2ccd3b6533121ac51c393dc773b9e120ea8194e51d76749b4f0c4e6e40132ba1535015d5ff224ff77310be5a31a6defa004262918136b9db98a94a1fd244be1f5a7cf6762e7bea536df1d312a72776baa881833d295f1a60f2ac98d54f302d8fc72f135ab3256d065a618b60d2a6982ee89c60bac90dd81e0cfc24118c568e8e3a29a9f29e55f479a8fb5638d6cd724605b69aaacafd440020f4776652537454041acc13cdb0bf1489fbac78c4bfae755b259764756407204b22cfe838ddf82523c03b4bc1eeb55c43b1f50b7d03fd4da448ae51cc4a844fd0240e0d131c2693ed770844bf25e3bbea974a5c2a40ed65f1c3a729ed93ec22b93899aa861ce301e1cc1f3e98846a39a49169cbe3eef35e3595207f1014a8dc89d6b512dc05cd23ed4b4741f6ac778794cd1282f42a72301f37816859cb92d53db6793f294df19d0ef1bb453685f3c666b3941c25c92b204c8307c0e83469032f276cef4ce538a4570d652aa212de6fae8ae4d62399de49f0d4bfc0a47fbd79e7a86e12c9d863dde004f9e9d605dac7d688dc5daff78c27bbe727fbab0cd3058e75544261d5d83468ef23e3a224f0ec460855aad927c5c5b3bfce0a3e3c45abb0ee6dbd04242ec765e324209bdf07f4ed21eb15e2f030476fbc3cd05554f54858232625e9b37ac41b8e354ebc85a0282fbf9ad5d6e0c2d7b093bc1f887646faa1e7622f110b546dadf44eff6bafb2a58631a93e560bd67b42ab96d4a9f044f26a481feb8b3f2018a7236799c2d1877a63e5fe64dd207be729eb1cda7977d59bc139e1d2f6cae1defe90b8f6a99ae4dbac317413745521247f3691e894af33c7484afb11f4d2f858ee87e93ad202f9853c6ceee0a92e052225ebf283a017ae2e7cfcf924ea4e3b319a05a9bfe3f476308aa5039fb8a7d3642043957a2090e0727120a7aea16d16e7a4b15d5676966041f76188fb69d89080b6eb2d4d42bc84e298dedda4db06b78df5c7198230ab439f0c3b4f3f649d531664c59eee2d73fe14f01133776b717f6b7118afdb264ace9e44af5bfdf35bfa7f7ab538004c0085c11da725ed284a34c7f27da78acf488bd0f54e6026efbf81af934558c36473d0fdc85519e11b4f30fa3b7ef757c35f4c88a360549def898cc460557433e44621589e71f3118003b4695f3130dc005d32c0330b950c12e430d2a2a6b9a68995bc9e1345dcfa30585603f09e74296cffe8d758b216de00e8302eed0e06f94e7bdf835cf27fcbe57651f36d6d2de82f179f42fc8e7fed4f5c7f5b691c6e038a76cab3e604e42ceda945e155db89cc0013564726053ccd77cd8e626bac72468ae0998f686450d5e0a17ce88e1b15d05f212c336d7cb5013eb94fa861b588be01ed252b487b4d1918c87a341b5daf74f3083bd49ccc6ee26ff8993b5398145ae7f9505c1398f1bdd2cb90636f9e99da243cedccc97252fe15ee10e886c187e5c614f33bbf630c654b1d87e693b765f3a36b67bd1fb46afcd24c96a0b7784e4cabb8a8a5abca853d51694da85296a430b8856f51173946c9f143db65fd1b51b9534657d3a7953ba7186651ddc6f0a625563c3b43cfbc83330507d399ae87731e1ab1f15320779da21d2000d85155a8c9cbd6f642695a565dec615d7bdf8a47a76005b3607cde6176b8303b7eeb2212179d6f5176e45b1759810fcec418e6c41e7b33da9f92211631a070257cea55e644498466d5fc5744f903e6c4a2d3809eb6e70d50a82f66a1a05079ebe9ae0b756bb2781dafd14b1a06c0eb2c9b77b0d8d005d47aacf5447a104f85df3decb0ef8bf1483b47be9c945b95634c474f9cebdc97a91f85aba7172d05cd7b06afa043b8900ab400770fa270029e34ebab31a69367a18057ce532cd66e52b807b8665475977a56ec5407c778994ce9c85e8b96f1313e468cf83d266f14250acee2a4a52001de174d2208bc2a679916e4231fb30a99263a0398e99e9f8236010f17a5de367d673a95b374158d2baae4612ec6898d0fec2f95b45c6bd760a0cabcac1067470492c5e66c11ea745ae803dd24a5c89cac5a0d64bcc15648b1d812be638d10311d640b3251a8001619d09f138bf04e35c02807c2c87c222a6f54da320f0169cece864f4d37af54f0fdcfd455051c0effe17d2c04b3b67807af05cd8176017cd8e35c1ca1b13112f2dddde84be95ef67a6c8ad8a4ab0e7175fd124bda62656c4afec4dc8c0261a855e75575ddbb375e45a5b635fc7bc528ba387dd24f485ba69a9ba2761c243d359bce078d0ba0cdc13b6ee7d66a8546c49a4429af5866f866ba2e1e0a10ff4a3c3b5e240d918f6a896c35f51ad7b02e6d0747ee80a99c8812577600e359b703e571ec18d6b88866f28aef250de65f39b266f6795237f7d3f741127f3d47cefb255d1b3c06c7d8fec9bb8e5c666d7ca7b803dbabc6cacecbca1ed8e89ddc2140f45c4f8572c146d7ab2be20eb72baaee4b1d371aa9f06833ba1a0cb66b701c1fd90e8bcdcfb9bd57a8cad381e7cb2b99250d21384ebf771833ac6f32f4115fcb0ffa177dcae6673b1ff80cbefbaec2c863b263035ad2a0d0a340fed260d4fbf008745bc1b51e5b011b54584f6c0cf3a401f8cfd23f23e830a311bec365064895cbe8a664184aff212bac6f164f6b619e4d8521ae447abc8f59b284aa2e94061aa15afd9070fef452d4fd644da4b6b716784109d92abd31d3221a76eaf592e6529e70a67bd92cdb431c7af9f658b2ace3d954c4a5208f1edcdb8a04461262ed26b24bb3df41b1c28ec42880590b3685f56a3982250ae96c7e1fcb9aa6a9887639d2209cf190e9ea82d5634513eb36c5c0e0769250948967240e29921da36aa0c07c76c81c7bd8b7f1c1c9063b4b1fcd88f63aaf568a7cc9249fad5c996853dd160d80f5251673643fb5e0067c97b0d2b513c1d22a3c2e73786c3c5c17f14c57c2df7c830216e5c3ef066468069428501e1a78c935f4c520c5cfe9daa89ca4bb4895fec8a328453ff630848eeac719bcc09d7bee73e58f4b7cf90f098bb7019c73912b630af92ed9b309c53c5c4edaa3788f9e6d486bd363619cd2c140d9a7175f6c5f977eb6e6f58f18c8d0ace671570e0dd6ed78ca228782ddb71c6f137cf0e27fa85b52b1c15ddf184a72dab098a8b1c1f6746238a8a92848f2478b690b80c131c85e90b69953f5eb54c0b47d59b7e440190e1c9b2d72fdd94c64296ca33aab32cc8f69091df05aaefd4ea00303a3522672f01b5373abae33d34844831a1af2e51276b61e637a93e02e09c306e5fb9619e82bbcf0e43e2f5e8ec8a458b9f1c612634645eb82051fa34f4b13439c3ba2e016972df37f197d09121bd377b1472a2da64698efb11cc88fa36ac173c83ee155b73716639f5d73a29fb783fb27e5ccbab5f9b95a4dca6a7406cd053a7ac9ff25f42ebddd9afe7df308979c314acaacecea602267c6d57fb5f5222e4ccd4b18573b32d6a19f1798a1d78b36b32f0723f7b33b06c2ca43b22e4cce6cda741b3e68a056a0cd6d51b6929cf4a16fb7b2490cbe87e5612dfa7d26ad40ec412021f9033aa2884ee86c7610623fb64663ac5554e694e84877708e77d243bcdb198714fff672b0f927f9cbe5b2436002f02a559dda5232cc150170d7b32d547a080f852c6838809f8ae1995e7ad4b24c7d1ecdb6b5dabca5da671493a3a1b4da1e7ad13ca4b4dbcf53a71348366cef7ee45cb719a8321205aa70da47104e66f344393e64dcfcd015b9d6bc75ec3dd31551de4b614bdc4d89c8de1254a91c4f33cdddf98d8ddf36e8cdc537a7d11dbf51913ca87ca9f644a2a08905e15c0f2bc58168e425b52055e7878ba468909dbed30815e01720df5a1be196471d30c1525070efa59fe62720960e473dc237d7866d77e8ac69cbaa50cea6205b7ccef9437b132f41e87906f3b9c48e9750e7ed1993597f8e599ab8596f4378853ee10e26289e72b92c425f5f0ad0f94d4694415739ccfc06bc5a49237157071116578df4f8aaa1eb4c123c8ada753e4a631f3f9660fbc9404d8af9ef1af380ccee1f2e520c03615fe7c5d276e917d84061f8cc0e5814caac9ecb0ebdf8bfae551197d66ff22236832a0ac38586b059a4ae9054d1810d361f50da921b33904cb6ea7faf44b811e7f7348d07cd32c8f83da01d4d74092493ef5cd3d2cbb9eeed6986f3e4615b8d341cbe13d6eac3bc1e9217fc2f86dd0cab958a6b4e0f0604501b48d352118611e96a974e3642fa785538e7d5b3bc7a363ca95a98a0816e6179bb438f3c110036770da0978987ebcd241464136b2a8d45bf1c2b499b6dba8e44448c73163ae7df71d7c98b705af886dc195cc918c2552fc1696d6749222a4e83279a14001ccb540a64a713fa1691c30e99ae0bf8fdacaaf4aea9d4f89db7d4f364f7a30c80b782f5cd7af01347d78769902f2ed675b6b859b5467cad1bed59a64f13a4b5a827e029c9a3107b08e5f18b930855f7d85f1d78d45d7d3c909b87213158dbe5cfda90936388885a32a61529ab30bf31fcc1d6df9ead0f49ada899dc8be042d2289383f6d09411aea11e6002359ff2e36345b8454ec5f126db94349666a3666323ca164a0f72873b63c9dcc0c60785a66862655d4ab5749bc00bd98ba9e20325e78a572fc93739ce884f3398218c614f8ea33cdff4b797dc2c2874d20670733f30acf52ae4d14c9e83f54533acd42931ea42fcbf89f7a8e68c3c8ecefa4a1e1c693244d4604f9488df30718c455f719a6d93b30173305264c9bdb21e8a68a74e7310dbecdc27afc7b162466c444ce4bda0d937104e683349828a4f0ca8723d54fe13287286f7a6dbb8ece6a7ece355fbee7424e7e524ec33ed5fed03a1ea964af0830108c5e69a071606d9d28450977245cba4d0e1ed8177752526e218cb5e113dff2236c663808533c580da3d83ad502a3d5d30949ca2cea660ccb613cc7661d6857b3b70588976ac8ceed944f7f738e43101369bea05a26ff31692ab45b6c95f794a5c92d8bd42ce8803162cc730782e0c1e468c9d090488763d9d1f1471c2ab1cd8599e078d81a0e84707ea02a0f91c3d588bb54f1f5ba58845617b80263ab8fb2c6757d72eebe00591c7b6cffddb969f6fee2ef9f016f641aa2ccfd59c839ba40ac1a10bb9d94f96e1c6829dd4d2dcb9d0f71726c31d813fa78af8b7621fa47f4b0ed9d9d98e4209676969728a00a92dd592dfee41c806076f0e4100e371c7427f888ef91f03c5b16d87b2ade294f69b77afb199de38bfebfa3ec9285d1829c7c0714bd100c84efc8eb71146a1d4c7f659d77c42119b738d6bcfede23855780a6627d4a417aab498ec60bf69c44fc1f3fd4f99ed941a1234ad1f3120dcc71275c464be23453749841dc1c36a76b28b3659e809a1216aea67658ff76e99580cb202eedb9d4cab23e879723d11f8d4086362271f8f2e6816d47eaeaa5066c3c4338868fd3c8b832581490b6801278e9d1d59771dcc73eef6b9903ba9b9f5e565eece392568c878662ad9cbb931242a27d883fe7839e7e502c368e736f5dc057ed2e4b5c963c54712c772535e22e94c61a13ed50682c065cad0d861b3888ef332ed0236e2747720f97793b46eb39b51057b44f2b9e05de8c077cff7ef5afb56a5d28754d76161909a05573f8aaee5fdf260d80eda7e1b83539e09362a4f9aa0e8f069e0cf221eca87593457b342de27c99cf14c4bc0d8050aa19c8e4a56b3b5d2c3fcc23633f5ab20ec063270c9922292b645a5523f9bba5c6f66368c227bb4b2ad6c1f4c8927552f6b41a312a4bec49669e2968a7d6bf30cf09f8d3fb473ce5a839ed27fa906dbf504aec3a5a2884bf4c569235202dffa763b14f4501ecb8608e77aeb4fda0e4177fad0bc02da3224f183355ad62f6c50efa3c8f8e02bf3cf47ff31210606bb87ce4acb53ead7eff942d65d9905e9bf6acf5829eed4855da2488e0896ad346da16a5c988e31b0632592a2dc3030d28b6d62a3a4638a0a3736f5103ce5fe72baac7fa23d5295c42cd81075ca9f7a9a7fe3cf418f50f7eccd8a7c3e6fb1e8b30c5d8dbb0772a8b44f44cebd8249ce10eb24d1f668765796b4a56a482580456ac49db677284f3b2deaa9514973ad5c156bb4961b2ad05bcde1bcea522790765208eab6eb27777c2ef643ab0c85e9625d259ae29a3b2e864bf936cefd90b63ba2281f8bf8505ef6040335c258d338c014c31810a324dfe382699ac0b92a2747973a297e94fcd75ec7d156bd61cf848d7144f9a9dd89c72b9c323ed6f37110f722da90396816050ad800fb33a92651b0356fd15c4cf876a3509ab32cca3f5bd6906ce5ec186391effb13fac0a10525622023645bfb9742472695c81461db0298f84af1983b6e5e94ae355e0e790fb51fe558bd70e889744872c9ababf42b930340e192ab4295ee72e1392f2bbb137533a919d72e651cbafa37a88232d0f464bd4531e49c65abd629f3e8b920ae3bde61a3538514866f18a937848f7bd99e4a0fbea506b9ee5ab47e41cad31dc261020f91d65c88bf2251c617cfde3314ec540c8128adf417f1ee716473c3d3c049dc7714a832c128869bb4a9bad6f8be1b0a6bb5c0e40417d594a876a5fb50055e7c67e2519698e5ca89fada7c84032a811b0eb5c67364ea809c6be960c9a7b98afc8e6315e780d8f556b97ea65b7fd27ca6fab61164d60a109d182b9b8f7995ee915eb68be320000db4b0bb821ce13a8d55ff70629a5f2bb89a1c7a4b874b49bcb13105493a9560344f89877e7c5e409a15bcda6d27073c3b744b386b0b82098d307dc3aab1ead4306a73cf8382bd3451c0aaa14a8333c6f34e6b5e5d3b240e01243749b3938840c835e16129ddca5d9439511b4fd22752d904dcd60f9405467918e48fa17547493e51a14ccb47128c7449b51cef63178f32cb06155b9e9cb65dba65f8a6f9a45d8d49852609dd0cf8418f463cb15eaaea77c1c89f530c1f6c6c7820d66957ff2fe731628a328f4e7896d5cf6fcc0782c05c47b8f01d28908913e379334fa90ea01906e865202fc6386fc69fb683a1dfd037ec5bbdb368b3530a3cbbbecf2107faeaf32081c65b48a3bd352998df0a781dd86c7c8112407db1bf1ac6446a0c77e8f2e3374fb8217abd59b3d40c9582a3ab663f278a83b22685914b4b2bacc973ffb2dec5e6eb98d6c16463c1e9a896ca4e65206687ca4423c359b4e1ce06a57ecb083b750026719dff109a1d823b4ccff79e5ce416bf3756d913b31faad8c0bab1c62276a581ba8830da7c59c5224db7dd38b032db7cf7022502a8f3cef31dc8344a2d02af978d6f901b1b0097dc425f4f34b73c6ee02a8b48d7a23299c1c6e5190221f84c2ecfe5bdb67b36c5dc23455ae466722c5e4f52b07aa667a6cb55c6a411225e88cf513c7cdd2065a1e044c0008f8b6a5b28f3f00f14e7da47e944ca666cec951593ac26ce5e75f17ca2d438dd8f926ac57d1761a72024187a2f77ef42a7d246f906166afecdcdcf8db8cef6f8855ecd97185fda05bae717eaf3165b99021fbdcee50384a22c8c025c8f82d4839dcb0a6075642dc453c21a4dcdc997d70315dce9a3ac7eb0185924436965d1376624b5c08772ba59b142a066bcd0ad044628e463921d78f1efcf8e8cd1e0fcf525115ae2b104c31561574003770c21e847ab80b65d3a2b53e6ad4a3d5227e3bc82b58b5feabc9c70b55264b32b658227851518664baa871f8128bd826ce818be1edef708e033155ed69a0bd83b246d83ac85b33d7370dcc7f930c25609e2e5f86f1738ba266b079a3743180b9b84a24e4915b1743834ec319e5b238ba6942e4128348be821b21892477e4c5ad3a2031f0ef11d9d54cc90f87cf093e582b1384c8960c36421969f7ee247001f37c66f10ff6dc3edc7de984acb599e9b8bd3e792855ddc703698578edfe74bd27e967dbe77bd4cd0bcbe08ebfa7c5bf95745e670438097ee29215d3ecbde9e8e50e14ec41a9d746de20230140d854e36e95f7c13446db26715b9a30a3d3afa3a5645e0afd3eaf8457a87c528792241e99a415b8709ae334bfa81fd8508c77b50e3d1f2ecf8f7b6b1d187bbac0bd3d49f00fb5c21836a2bd79ea2839bd3a1d396422699dfe0958479c36964efdb2f602d25f202a534df612f347696de6fecffb673d2162f2572c6d04895fc22b638dbf54dfad4d6058683919ec47cc3d3d1f5e4528bae31632081b9b80770ce0e7d44287e18fde786801e7beda77c0b9ee3965f3a4956496fe8e892b65e137d9e47e8e164f7c6fe9c6ac9ece1b7eead32a5a188df5539537e1b736f1c5d67b604d064eda6b6730c51e182cae81e65290f12f68a7146888e438a799d04931f2a0b9b6c565d47d9d322e7358ccdbc08eafc2470414c44f97e33013b976b995bcf96409789bc2bc97d7add4b6eaaa84c18ea936f0eb332185f9de597d6f7793215df2c0be4b5b4085910adb83d248be16deeac399070ad00a24a67cebef51694726a612ea5763f1bbff03a77357d867ec5461c33d73a47db4a51b496be6960ca7c8cb92a51dd578f99e4b1d2b18ce406b2751aeb065ad0225aeb1eedce3b26e3feec915361cd6b4acc105a2962edcd6547691a557f4deb9ca96d39bd92ebc96e763b6139a0421f42c561a7a20ffebef94bc0b7538466064610134ede0221cde98d085531471c0e9761880904952234f0ae34502b3790aad682fe6e7fd7977816e21aa3f7793ca99312ee07ef9b34a31102710bbaa31dcd57d941e6d5fd6b6607d3449bbffb1434d67edc10727230c3283ab7e212152039e9403bc7ae082cb3934794468dc7549aa35cdf35d3c0f754b7fdf47dbb5bc5047923f6841b9a4054a0eef23de222f0ecc04410fccfe3779820d2ac659b84ea56eeefaae980f1bd43aef8e78705ce1995cee4f88400903f66e6d24307090e23d04387909a62a3394890118549baec01b6f2a5c416f68b71bfc2b7a0bf289587664a2b6194d4eccb51bd4177c9487b724f91d088ce68f20882a8dd633b17ad73584e68382877eba4fae1af839baca07f3adc4c9796e07dc69e90bd5efe3a84d3ca40fa8209c2bc9c9303ff2c7979a9508d925c021cea6c7f1483b5c5b00232c292f302fad79aa5fa4820b04a5aed1f9be4cbf4430bd2b6b559133979e5239f514e87559950808fd098792c0b1bd0b9cb94463b22be92962692dca35a8bd0fe0edc28e7e759d2d753177fc29860d419a29fd89c0a2c11e957483f9c13637e2f66e96bf3454b943b7dd368b71243ef58b0b3d469cdf5572a990a5c998c5796b80031f56bc98f5bf70a717cc5ff4febbfc32b29543548d8862f1ab57fbdbeda2a9901593c0d92d4eca205312c18ce649ed5a3263b66d8ca52734a16035daaa182c24e9ae2851e8dd153d2fe34978e8df50402f133190ada04cfaaac56ca6fa20771a195c76a84651ca4aa9c7c4eb16007ef1e965055ab6cb08a02db6c1a82f8c695ec370095c0afd535ed8abf17ff514451055854a99de69863f393e1679ddf5326e1f4de42220df3839ee71c8fab2c3faee9af0f5e9ee5a3c4c146ae7d36536064a11644a9a195290f3d75f64652050ca8a1ef17eed6f5077a651af1ce5304f2e6fa781a83df2a7c4f5e1c8337d35f93633d684803b7bec4fea60e1f9925580f9199f40f307bfd84de2d51f1df191eeb52a48ed4a19c4f524cc26f7043bbabb1c43c4f20d950e218dbcf09a8bda0e1ca1759466938dd764c85c3d8de92b3534ff5c492d024e6ca87952243fe8b6379ba189032926685afcd3839a4423ba19cb0c5488982ce7cad134c60bc329f855ba4be63475ade6110d6db66613c3c7647e76e3949f8e5299738014743523662fd6b1626bcc0cffdb3b757ddcbeefa2facc49da06d907d21888b9344a3167d143e5f8e022d8c75229fd491145c451ac92f000aeee43219215a8136c7c17327f6e0a3eef7fe1861930d143d92f33aa74984c89f9ba3e9ee887bef4f9b16654cbc739fd6b2eebb255596dfd6639896685b72b0e1ea92019884468f5c78d21a3a69df24a3d8d517cec2122417bad0ac7db0182cc87b8b752e7474a36acb8508d118d44d509cd8594dea3a3a611a6c1c0b3bcf48b4834d8bb5cd18f420ed7aea21810c0303ca2d5fc67b116491f1bbd055221c79ec0dfcfc22c17cba3eb4fea49127615fdcef9cbecba603dd2e01e07af17ab0f4a6179f54edb34db2dc0c937a0aa1151c8a9474afd1af7c0a83174aa1fdd8e4bfb9b10841df5ccf068a5612627c8724b1c68fd3879a57265836409a6d851f1baf0023ca", 0x2000, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x78, 0x0, 0x0, {0x88, 0x0, 0x0, {0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x10000000, 0xffffffffffffffff, 0x0, 0x0, 0x9}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r13, &(0x7f0000004200)={0x50, 0x0, r14, {0x7, 0x21, 0x0, 0x1120081, 0x1, 0x0, 0xfffffffd}}, 0x50)
write$FUSE_INIT(r6, &(0x7f0000000340)={0x50, 0x0, r14, {0x7, 0x2b, 0x3, 0x2480000, 0x6b, 0x8000, 0x8, 0x877, 0x0, 0x0, 0x1, 0x7}}, 0x50)
sendmsg$IEEE802154_LIST_IFACE(r11, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001bc0)={0x14, r12, 0x50be6fea6f3bdfbb, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000)
ioctl$VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000080)={0x200, 0x3})
socket$phonet_pipe(0x23, 0x5, 0x2)

321.808904ms ago: executing program 1 (id=3391):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$rds(0x15, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
getcwd(0x0, 0xfffffffffffffe7d)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xd, 0x1c, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

155.61482ms ago: executing program 1 (id=3392):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'veth1_virt_wifi\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x24, 0x24dfdbff, {0x60, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x5}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000805}, 0x0)

0s ago: executing program 1 (id=3393):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$kcm(0x2d, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r0}, 0xffffffffffffffd2)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='mm_vmscan_lru_shrink_active\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40046f41, &(0x7f0000000440)=0x1f)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB="0300000004000000040000000a0000000000", @ANYRES32, @ANYBLOB="0f00"/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="03000000020000000400"/28], 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001500)=@bpf_ext={0x1c, 0x10, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000001000000000000009c94ffff18110000", @ANYRES32, @ANYRESOCT=r0], &(0x7f0000001180)='syzkaller\x00', 0x4, 0x17, &(0x7f00000011c0)=""/23, 0x41100, 0x62, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000012c0)={0x3, 0x9, 0x10000, 0x10000}, 0x10, 0x274f8, 0xffffffffffffffff, 0x6, &(0x7f0000001440)=[0xffffffffffffffff, r5, 0xffffffffffffffff, r5], &(0x7f0000001480)=[{0x3, 0x1, 0x10, 0x1}, {0x3, 0x3, 0x2, 0x2}, {0x5, 0x3, 0x1, 0x7}, {0x2, 0x1, 0x0, 0xc}, {0x4, 0x2, 0xa, 0x8}, {0x0, 0x5, 0x80000f, 0xb}], 0x10, 0x8}, 0x94)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0xf, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0xba}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20}, 0x90)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r6, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x0, 0x2, {0x4, 0x1}, 0x3, 0x800})
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x195)
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)

kernel console output (not intermixed with test programs):

980][T16083] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2586'.
[ 1103.503546][   T30] audit: type=1326 audit(1752393945.814:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16086 comm="syz.5.2585" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe7f938e929 code=0x0
[ 1104.971406][T16104] netlink: 'syz.5.2592': attribute type 1 has an invalid length.
[ 1104.981691][T16104] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2592'.
[ 1105.934086][ T5910] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1106.093947][ T5910] usb 6-1: Using ep0 maxpacket: 8
[ 1106.137527][ T5910] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[ 1106.175825][ T5910] usb 6-1: config 179 has no interface number 0
[ 1106.207069][ T5910] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1106.255825][ T5910] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1106.318408][ T5910] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1106.396114][ T5910] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1106.459174][ T5910] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1106.489474][ T5910] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1106.514325][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1106.579363][T16109] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1106.600155][ T5910] xpad 6-1:179.65: probe with driver xpad failed with error -5
[ 1107.485577][T16134] ubi31: attaching mtd0
[ 1107.491977][T16134] ubi31: scanning is finished
[ 1107.740629][T16134] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 1107.811518][T16134] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[ 1107.871951][T16134] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 1107.908560][T16134] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[ 1107.916460][T16134] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 1107.928540][T16134] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[ 1107.942961][T16134] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1663439114
[ 1107.960822][T16134] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 1107.973770][T16140] ubi31: background thread "ubi_bgt31d" started, PID 16140
[ 1109.348839][ T5919] usb 6-1: USB disconnect, device number 14
[ 1109.523769][T16160] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2606'.
[ 1109.570343][T16164] fuse: Unknown parameter 'fD'
[ 1111.274391][T16176] TCP: TCP_TX_DELAY enabled
[ 1111.281701][T16176] program syz.5.2610 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1111.932663][T16183] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2615'.
[ 1111.943652][T16183] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2615'.
[ 1113.042269][ T5910] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[ 1114.082663][ T5910] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1114.117148][ T5910] usb 4-1: config 0 has no interface number 0
[ 1114.129330][ T5910] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1114.144881][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1114.162457][ T5910] usb 4-1: config 0 descriptor??
[ 1114.173959][ T5910] usb 4-1: selecting invalid altsetting 1
[ 1114.188919][ T5910] dvb_ttusb_budget: ttusb_init_controller: error
[ 1114.199188][ T5910] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1114.304765][ T5910] DVB: Unable to find symbol cx22700_attach()
[ 1114.992694][T16204] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2621'.
[ 1115.018329][T16204] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2621'.
[ 1115.267100][T16204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2621'.
[ 1115.323807][T16211] binder: 16210:16211 ioctl c00c6211 0 returned -14
[ 1115.370957][ T5910] DVB: Unable to find symbol tda10046_attach()
[ 1115.422590][T16214] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2622'.
[ 1115.448978][ T5910] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1115.492319][ T5910] usb 4-1: USB disconnect, device number 28
[ 1115.502000][T16215] binder: 16213:16215 ioctl f504 0 returned -22
[ 1115.812485][ T5963] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[ 1116.489498][T16226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1116.510161][T16226] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1116.760175][ T5963] usb 2-1: config 0 has an invalid interface number: 64 but max is 0
[ 1117.305062][ T5963] usb 2-1: config 0 has no interface number 0
[ 1117.550199][ T5963] usb 2-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[ 1117.586367][ T5963] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1117.660495][ T5963] usb 2-1: Product: syz
[ 1117.761193][ T5963] usb 2-1: Manufacturer: syz
[ 1117.951570][ T5963] usb 2-1: SerialNumber: syz
[ 1117.992896][ T5963] usb 2-1: config 0 descriptor??
[ 1118.112391][T16247] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2632'.
[ 1118.121959][T16247] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2632'.
[ 1118.746441][ T5919] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1118.801682][T16250] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2634'.
[ 1118.813251][T16250] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2634'.
[ 1118.832413][ T5963] usb 2-1: Found UVC 0.08 device syz (046d:0823)
[ 1118.832757][T16250] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2634'.
[ 1118.882111][ T5963] usb 2-1: Failed to create links for entity 32
[ 1118.896655][ T5963] usb 2-1: Failed to register entities (-22).
[ 1118.914315][ T5919] usb 5-1: Using ep0 maxpacket: 32
[ 1118.931183][ T5919] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1118.935886][ T5963] usb 2-1: USB disconnect, device number 38
[ 1118.972458][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1119.017984][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1119.041269][ T5919] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1119.055708][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1119.071133][ T5919] usb 5-1: config 0 descriptor??
[ 1119.086717][T16246] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1119.102357][ T5919] hub 5-1:0.0: USB hub found
[ 1119.353706][ T5919] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[ 1119.416217][ T5919] usbhid 5-1:0.0: can't add hid device: -71
[ 1119.429938][ T5919] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1119.587484][ T5919] usb 5-1: USB disconnect, device number 42
[ 1127.754035][ T5919] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[ 1128.027740][T16328] fuse: Bad value for 'fd'
[ 1128.217544][ T5919] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1128.225769][T16329] netlink: 'syz.3.2655': attribute type 1 has an invalid length.
[ 1128.237469][T16329] netlink: 'syz.3.2655': attribute type 2 has an invalid length.
[ 1128.252991][ T5919] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1128.279529][ T5919] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1128.305715][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1128.321508][T16322] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1128.347358][ T5919] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1128.499598][T16336] FAULT_INJECTION: forcing a failure.
[ 1128.499598][T16336] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1128.514638][T16336] CPU: 1 UID: 0 PID: 16336 Comm: syz.3.2658 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[ 1128.514667][T16336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1128.514680][T16336] Call Trace:
[ 1128.514689][T16336]  <TASK>
[ 1128.514698][T16336]  dump_stack_lvl+0x189/0x250
[ 1128.514726][T16336]  ? __pfx____ratelimit+0x10/0x10
[ 1128.514756][T16336]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1128.514778][T16336]  ? __pfx__printk+0x10/0x10
[ 1128.514804][T16336]  ? __might_fault+0xb0/0x130
[ 1128.514843][T16336]  should_fail_ex+0x414/0x560
[ 1128.514877][T16336]  _copy_from_user+0x2d/0xb0
[ 1128.514901][T16336]  do_sock_getsockopt+0x1cd/0x650
[ 1128.514929][T16336]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1128.514953][T16336]  ? do_syscall_64+0x20/0x3b0
[ 1128.514971][T16336]  ? __fget_files+0x3a0/0x420
[ 1128.514988][T16336]  ? __fget_files+0x2a/0x420
[ 1128.515014][T16336]  __x64_sys_getsockopt+0x1a5/0x250
[ 1128.515038][T16336]  ? do_syscall_64+0x20/0x3b0
[ 1128.515058][T16336]  ? do_syscall_64+0x20/0x3b0
[ 1128.515080][T16336]  do_syscall_64+0xfa/0x3b0
[ 1128.515097][T16336]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1128.515126][T16336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.515156][T16336]  ? clear_bhb_loop+0x60/0xb0
[ 1128.515179][T16336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.515223][T16336] RIP: 0033:0x7fa2a098e929
[ 1128.515240][T16336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1128.515257][T16336] RSP: 002b:00007fa2a170f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1128.515290][T16336] RAX: ffffffffffffffda RBX: 00007fa2a0bb5fa0 RCX: 00007fa2a098e929
[ 1128.515304][T16336] RDX: 000000000000000f RSI: 0000000000000084 RDI: 0000000000000003
[ 1128.515315][T16336] RBP: 00007fa2a170f090 R08: 0000200000000080 R09: 0000000000000000
[ 1128.515327][T16336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1128.515338][T16336] R13: 0000000000000000 R14: 00007fa2a0bb5fa0 R15: 00007ffe43700cb8
[ 1128.515367][T16336]  </TASK>
[ 1129.277264][ T5963] usb 2-1: USB disconnect, device number 39
[ 1132.457103][T16367] netlink: 420 bytes leftover after parsing attributes in process `syz.4.2668'.
[ 1132.758093][T16366] trusted_key: encrypted_key: master key parameter 'user:' is invalid
[ 1134.195257][T16382] FAULT_INJECTION: forcing a failure.
[ 1134.195257][T16382] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1134.209141][T16382] CPU: 1 UID: 0 PID: 16382 Comm: syz.1.2672 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[ 1134.209167][T16382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1134.209177][T16382] Call Trace:
[ 1134.209185][T16382]  <TASK>
[ 1134.209192][T16382]  dump_stack_lvl+0x189/0x250
[ 1134.209219][T16382]  ? __pfx____ratelimit+0x10/0x10
[ 1134.209247][T16382]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1134.209266][T16382]  ? __pfx__printk+0x10/0x10
[ 1134.209290][T16382]  ? __might_fault+0xb0/0x130
[ 1134.209327][T16382]  should_fail_ex+0x414/0x560
[ 1134.209358][T16382]  _copy_from_user+0x2d/0xb0
[ 1134.209380][T16382]  core_sys_select+0x604/0xa20
[ 1134.209419][T16382]  ? __pfx_core_sys_select+0x10/0x10
[ 1134.209471][T16382]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1134.209503][T16382]  __se_sys_pselect6+0x27a/0x300
[ 1134.209534][T16382]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 1134.209562][T16382]  ? __pfx_ksys_write+0x10/0x10
[ 1134.209584][T16382]  ? rcu_is_watching+0x15/0xb0
[ 1134.209610][T16382]  ? __x64_sys_pselect6+0x21/0xf0
[ 1134.209640][T16382]  do_syscall_64+0xfa/0x3b0
[ 1134.209657][T16382]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1134.209684][T16382]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1134.209703][T16382]  ? clear_bhb_loop+0x60/0xb0
[ 1134.209725][T16382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1134.209743][T16382] RIP: 0033:0x7f1cab58e929
[ 1134.209759][T16382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1134.209775][T16382] RSP: 002b:00007f1cac4e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1134.209802][T16382] RAX: ffffffffffffffda RBX: 00007f1cab7b5fa0 RCX: 00007f1cab58e929
[ 1134.209816][T16382] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000040
[ 1134.209828][T16382] RBP: 00007f1cac4e2090 R08: 0000200000000280 R09: 0000000000000000
[ 1134.209840][T16382] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[ 1134.209852][T16382] R13: 0000000000000000 R14: 00007f1cab7b5fa0 R15: 00007ffd245c9dc8
[ 1134.209891][T16382]  </TASK>
[ 1134.417284][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1135.575012][T16394] nftables ruleset with unbound chain
[ 1136.623783][T16408] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2680'.
[ 1138.445718][T16419] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1140.037790][T16423] 8021q: VLANs not supported on ipvlan0
[ 1143.201165][T16464] fuse: Invalid rootmode
[ 1145.031253][   T30] audit: type=1400 audit(1752393987.884:359): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=16479 comm="syz.4.2700" daddr=::ffff:172.20.20.47
[ 1145.059998][T16487] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2698'.
[ 1146.824519][ T5832] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 1146.876699][T16496] 8021q: VLANs not supported on ipvlan0
[ 1146.964297][ T5832] usb 5-1: device descriptor read/64, error -71
[ 1147.961274][T16498] netlink: 'syz.5.2702': attribute type 1 has an invalid length.
[ 1147.969624][T16498] netlink: 'syz.5.2702': attribute type 2 has an invalid length.
[ 1148.085930][ T5832] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1148.215583][T16519] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2706'.
[ 1148.464388][ T5832] usb 5-1: device descriptor read/64, error -71
[ 1148.674614][ T5832] usb usb5-port1: attempt power cycle
[ 1149.044129][ T5832] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1149.831244][ T5832] usb 5-1: device descriptor read/8, error -71
[ 1152.284181][ T5972] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 1160.064290][ T5972] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[ 1160.471888][ T5972] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1162.115597][ T5972] usb 2-1: string descriptor 0 read error: -71
[ 1162.122000][ T5972] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1162.133518][ T5972] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1162.274086][ T5972] usb 2-1: can't set config #1, error -71
[ 1162.324368][ T5972] usb 2-1: USB disconnect, device number 40
[ 1166.013129][ T6011] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1166.242284][ T6011] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1166.367111][ T6011] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1166.542553][T16676] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2745'.
[ 1166.603006][ T6011] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1166.790934][T16683] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(13)
[ 1166.797604][T16683] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1166.805642][T16683] vhci_hcd vhci_hcd.0: Device attached
[ 1166.813975][T16683] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(15)
[ 1166.820580][T16683] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1166.828626][T16683] vhci_hcd vhci_hcd.0: Device attached
[ 1166.835707][T16683] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1166.855261][T16683] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(19)
[ 1166.861905][T16683] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1166.870002][T16683] vhci_hcd vhci_hcd.0: Device attached
[ 1166.878165][T16683] vhci_hcd vhci_hcd.0: pdev(1) rhport(4) sockfd(21)
[ 1166.884790][T16683] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1166.892836][T16683] vhci_hcd vhci_hcd.0: Device attached
[ 1166.907563][T16683] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(23)
[ 1166.914243][T16683] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1166.922427][T16683] vhci_hcd vhci_hcd.0: Device attached
[ 1166.929705][T16683] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1166.939638][T16683] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1166.984113][T16683] vhci_hcd vhci_hcd.0: pdev(1) rhport(7) sockfd(31)
[ 1166.990781][T16683] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1167.000454][T16683] vhci_hcd vhci_hcd.0: Device attached
[ 1167.024151][ T3092] vhci_hcd: vhci_device speed not set
[ 1167.093918][ T3092] usb 35-1: new full-speed USB device number 2 using vhci_hcd
[ 1167.107924][T16684] vhci_hcd: connection closed
[ 1167.111937][T13571] vhci_hcd: stop threads
[ 1167.143786][T16686] vhci_hcd: connection closed
[ 1167.150075][T16688] vhci_hcd: connection closed
[ 1167.155024][T13571] vhci_hcd: release socket
[ 1167.182180][T13571] vhci_hcd: disconnect device
[ 1167.246504][T13571] vhci_hcd: stop threads
[ 1167.269306][T13571] vhci_hcd: release socket
[ 1167.287720][ T6011] bridge_slave_1: left allmulticast mode
[ 1167.321431][T16690] vhci_hcd: connection closed
[ 1167.328046][T13571] vhci_hcd: disconnect device
[ 1167.329724][T16692] vhci_hcd: connection closed
[ 1167.353827][ T6011] bridge_slave_1: left promiscuous mode
[ 1167.364595][T13571] vhci_hcd: stop threads
[ 1167.372764][T13571] vhci_hcd: release socket
[ 1167.406102][T13571] vhci_hcd: disconnect device
[ 1167.414114][ T6011] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1167.423058][T13571] vhci_hcd: stop threads
[ 1167.437879][T13571] vhci_hcd: release socket
[ 1167.442743][T13571] vhci_hcd: disconnect device
[ 1167.466538][ T6011] bridge_slave_0: left allmulticast mode
[ 1167.475950][ T6011] bridge_slave_0: left promiscuous mode
[ 1167.487504][ T6011] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1167.514969][T13571] vhci_hcd: stop threads
[ 1167.519375][T13571] vhci_hcd: release socket
[ 1167.537562][T13571] vhci_hcd: disconnect device
[ 1168.016237][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1168.028817][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1168.042913][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1168.055669][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1168.095290][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1168.516227][T16694] vhci_hcd: connection closed
[ 1168.522093][T13571] vhci_hcd: stop threads
[ 1168.540734][T13571] vhci_hcd: release socket
[ 1168.546358][T13571] vhci_hcd: disconnect device
[ 1168.671734][T16705] futex_wake_op: syz.1.2748 tries to shift op by 32; fix this program
[ 1168.698117][ T6011] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1168.712368][ T6011] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1168.726630][ T6011] bond0 (unregistering): Released all slaves
[ 1168.879960][ T6011] tipc: Left network mode
[ 1169.779542][ T6011] hsr_slave_0: left promiscuous mode
[ 1169.811113][ T6011] hsr_slave_1: left promiscuous mode
[ 1169.892489][ T6011] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1169.965062][ T6011] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1170.186161][T13508] Bluetooth: hci2: command tx timeout
[ 1170.211550][ T6011] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1170.333657][ T6011] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1170.591678][ T6011] veth1_macvtap: left promiscuous mode
[ 1170.603904][ T6011] veth0_macvtap: left promiscuous mode
[ 1170.614368][ T6011] veth1_vlan: left promiscuous mode
[ 1170.619782][ T6011] veth0_vlan: left promiscuous mode
[ 1172.325938][ T3092] vhci_hcd: vhci_device speed not set
[ 1172.334408][T13508] Bluetooth: hci2: command tx timeout
[ 1173.754390][ T5832] usb usb36-port1: attempt power cycle
[ 1174.389177][ T6011] team_slave_1 (unregistering): left promiscuous mode
[ 1174.399274][ T5832] usb usb36-port1: unable to enumerate USB device
[ 1174.413598][T13508] Bluetooth: hci2: command tx timeout
[ 1174.452862][ T6011] team0 (unregistering): Port device team_slave_1 removed
[ 1174.502583][T16759] snd_dummy snd_dummy.0: control 0:129:-2:syz0:5 is already present
[ 1174.609128][ T6011] team_slave_0 (unregistering): left promiscuous mode
[ 1174.651168][ T6011] team0 (unregistering): Port device team_slave_0 removed
[ 1175.205142][T16770] program syz.1.2766 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1176.493543][T13508] Bluetooth: hci2: command tx timeout
[ 1178.078674][T16785] netlink: 'syz.0.2773': attribute type 1 has an invalid length.
[ 1178.086978][T16785] netlink: 'syz.0.2773': attribute type 2 has an invalid length.
[ 1178.670485][T16810] FAULT_INJECTION: forcing a failure.
[ 1178.670485][T16810] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1178.684382][T16810] CPU: 1 UID: 0 PID: 16810 Comm: syz.1.2776 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[ 1178.684419][T16810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1178.684432][T16810] Call Trace:
[ 1178.684443][T16810]  <TASK>
[ 1178.684453][T16810]  dump_stack_lvl+0x189/0x250
[ 1178.684482][T16810]  ? __pfx____ratelimit+0x10/0x10
[ 1178.684514][T16810]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1178.684536][T16810]  ? __pfx__printk+0x10/0x10
[ 1178.684562][T16810]  ? __might_fault+0xb0/0x130
[ 1178.684602][T16810]  should_fail_ex+0x414/0x560
[ 1178.684636][T16810]  _copy_from_user+0x2d/0xb0
[ 1178.684661][T16810]  i2cdev_ioctl_smbus+0x334/0x6d0
[ 1178.684697][T16810]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[ 1178.684742][T16810]  i2cdev_ioctl+0x5d3/0x7f0
[ 1178.684769][T16810]  ? __pfx_i2cdev_ioctl+0x10/0x10
[ 1178.684793][T16810]  ? __rcu_read_unlock+0x84/0xe0
[ 1178.684821][T16810]  ? __fget_files+0x2a/0x420
[ 1178.684839][T16810]  ? __fget_files+0x3a0/0x420
[ 1178.684863][T16810]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1178.684882][T16810]  ? __pfx_i2cdev_ioctl+0x10/0x10
[ 1178.684909][T16810]  __se_sys_ioctl+0xf9/0x170
[ 1178.684938][T16810]  do_syscall_64+0xfa/0x3b0
[ 1178.684959][T16810]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1178.684978][T16810]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1178.684998][T16810]  ? clear_bhb_loop+0x60/0xb0
[ 1178.685022][T16810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1178.685042][T16810] RIP: 0033:0x7f1cab58e929
[ 1178.685060][T16810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1178.685077][T16810] RSP: 002b:00007f1cac4a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1178.685098][T16810] RAX: ffffffffffffffda RBX: 00007f1cab7b6160 RCX: 00007f1cab58e929
[ 1178.685113][T16810] RDX: 00002000000000c0 RSI: 0000000000000720 RDI: 0000000000000007
[ 1178.685126][T16810] RBP: 00007f1cac4a0090 R08: 0000000000000000 R09: 0000000000000000
[ 1178.685139][T16810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1178.685150][T16810] R13: 0000000000000000 R14: 00007f1cab7b6160 R15: 00007ffd245c9dc8
[ 1178.685182][T16810]  </TASK>
[ 1178.901646][ T5832] usb 5-1: new full-speed USB device number 47 using dummy_hcd
[ 1179.061836][ T5832] usb 5-1: device descriptor read/64, error -71
[ 1179.394518][ T5832] usb 5-1: new full-speed USB device number 48 using dummy_hcd
[ 1179.481629][T16697] chnl_net:caif_netlink_parms(): no params data found
[ 1179.540730][ T5832] usb 5-1: device descriptor read/64, error -71
[ 1180.118246][T16697] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1180.364137][ T5832] usb usb5-port1: attempt power cycle
[ 1180.393816][T16697] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1180.411643][T16697] bridge_slave_0: entered allmulticast mode
[ 1180.422035][T16697] bridge_slave_0: entered promiscuous mode
[ 1180.434200][T16697] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1180.441541][T16697] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1180.454062][T16697] bridge_slave_1: entered allmulticast mode
[ 1180.462225][T16697] bridge_slave_1: entered promiscuous mode
[ 1180.530008][T16697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1180.549163][T16697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1180.589006][T16697] team0: Port device team_slave_0 added
[ 1180.599746][T16697] team0: Port device team_slave_1 added
[ 1180.656767][T16697] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1180.734268][ T5832] usb 5-1: new full-speed USB device number 49 using dummy_hcd
[ 1180.766596][ T5832] usb 5-1: device descriptor read/8, error -71
[ 1180.923133][T16697] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1180.950339][T16697] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1180.970639][T16697] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1180.978414][T16697] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1181.004386][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1181.011330][T16697] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1181.092041][T16697] hsr_slave_0: entered promiscuous mode
[ 1181.099524][ T5832] usb 5-1: new full-speed USB device number 50 using dummy_hcd
[ 1181.110231][T16697] hsr_slave_1: entered promiscuous mode
[ 1181.122413][T16697] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1181.130572][ T5832] usb 5-1: device descriptor read/8, error -71
[ 1181.137812][T16697] Cannot create hsr debugfs directory
[ 1181.247562][ T5832] usb usb5-port1: unable to enumerate USB device
[ 1181.842109][T16836] snd_dummy snd_dummy.0: control 0:129:-2:syz0:5 is already present
[ 1183.133522][ T5910] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[ 1183.442635][ T5910] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1183.483041][ T5910] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1184.046693][ T5910] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1184.091441][ T5910] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1184.248952][T16847] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1184.322309][ T5910] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1185.278146][ T5832] usb 2-1: USB disconnect, device number 41
[ 1186.804373][T16873] lo speed is unknown, defaulting to 1000
[ 1186.810672][T16873] lo speed is unknown, defaulting to 1000
[ 1186.821126][T16873] lo speed is unknown, defaulting to 1000
[ 1186.835059][T16873] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[ 1186.852705][T16873] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1186.891685][T16873] lo speed is unknown, defaulting to 1000
[ 1186.899807][T16873] lo speed is unknown, defaulting to 1000
[ 1186.907559][T16873] lo speed is unknown, defaulting to 1000
[ 1186.915224][T16873] lo speed is unknown, defaulting to 1000
[ 1186.922341][T16873] lo speed is unknown, defaulting to 1000
[ 1186.929897][T16873] lo speed is unknown, defaulting to 1000
[ 1187.032196][T16697] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1187.137819][T16697] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1187.159980][T16697] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1187.174808][T16697] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1187.462914][T16697] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1187.529262][T16697] 8021q: adding VLAN 0 to HW filter on device team0
[ 1187.564000][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1187.571263][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1187.590817][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1187.598057][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1189.461789][T16903] FAULT_INJECTION: forcing a failure.
[ 1189.461789][T16903] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.475501][T16903] CPU: 0 UID: 0 PID: 16903 Comm: syz.3.2800 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[ 1189.475529][T16903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1189.475542][T16903] Call Trace:
[ 1189.475548][T16903]  <TASK>
[ 1189.475554][T16903]  dump_stack_lvl+0x189/0x250
[ 1189.475575][T16903]  ? __pfx____ratelimit+0x10/0x10
[ 1189.475621][T16903]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1189.475656][T16903]  ? __pfx__printk+0x10/0x10
[ 1189.475684][T16903]  should_fail_ex+0x414/0x560
[ 1189.475709][T16903]  _copy_to_user+0x31/0xb0
[ 1189.475727][T16903]  simple_read_from_buffer+0xe1/0x170
[ 1189.475753][T16903]  proc_fail_nth_read+0x1df/0x250
[ 1189.475770][T16903]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1189.475787][T16903]  ? rw_verify_area+0x258/0x650
[ 1189.475806][T16903]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1189.475822][T16903]  vfs_read+0x200/0x980
[ 1189.475845][T16903]  ? __pfx___mutex_lock+0x10/0x10
[ 1189.475859][T16903]  ? __pfx_vfs_read+0x10/0x10
[ 1189.475879][T16903]  ? __fget_files+0x2a/0x420
[ 1189.475896][T16903]  ? __fget_files+0x3a0/0x420
[ 1189.475908][T16903]  ? __fget_files+0x2a/0x420
[ 1189.475928][T16903]  ksys_read+0x145/0x250
[ 1189.475949][T16903]  ? __pfx_ksys_read+0x10/0x10
[ 1189.475966][T16903]  ? rcu_is_watching+0x15/0xb0
[ 1189.475987][T16903]  ? do_syscall_64+0xbe/0x3b0
[ 1189.476004][T16903]  do_syscall_64+0xfa/0x3b0
[ 1189.476018][T16903]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1189.476032][T16903]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1189.476047][T16903]  ? clear_bhb_loop+0x60/0xb0
[ 1189.476064][T16903]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1189.476078][T16903] RIP: 0033:0x7fa2a098d33c
[ 1189.476091][T16903] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1189.476103][T16903] RSP: 002b:00007fa29e7f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1189.476119][T16903] RAX: ffffffffffffffda RBX: 00007fa2a0bb6080 RCX: 00007fa2a098d33c
[ 1189.476129][T16903] RDX: 000000000000000f RSI: 00007fa29e7f60a0 RDI: 0000000000000009
[ 1189.476138][T16903] RBP: 00007fa29e7f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1189.476147][T16903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1189.476155][T16903] R13: 0000000000000000 R14: 00007fa2a0bb6080 R15: 00007ffe43700cb8
[ 1189.476178][T16903]  </TASK>
[ 1189.713629][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1189.937378][T16905] netlink: 'syz.1.2802': attribute type 1 has an invalid length.
[ 1189.947244][T16905] netlink: 144 bytes leftover after parsing attributes in process `syz.1.2802'.
[ 1189.957480][T16905] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2802'.
[ 1190.747228][T16917] netlink: 'syz.3.2803': attribute type 21 has an invalid length.
[ 1190.896986][T16917] netlink: 'syz.3.2803': attribute type 1 has an invalid length.
[ 1190.922434][T16919] fuse: Bad value for 'fd'
[ 1190.923381][T16917] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2803'.
[ 1193.258908][T16697] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1193.397485][T16933] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1193.440427][ T6104] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1193.545742][T16939] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2809'.
[ 1193.563369][T16938] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2810'.
[ 1193.572527][T16938] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2810'.
[ 1195.454066][ T5848] Bluetooth: hci5: command 0xfc11 tx timeout
[ 1195.462109][T13508] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[ 1195.729973][T16697] veth0_vlan: entered promiscuous mode
[ 1195.820601][T16697] veth1_vlan: entered promiscuous mode
[ 1196.689073][ T3092] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[ 1197.128591][T16697] veth0_macvtap: entered promiscuous mode
[ 1197.243182][T16697] veth1_macvtap: entered promiscuous mode
[ 1197.269053][T16697] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1197.290044][T16697] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1197.317031][ T3092] usb 2-1: config 0 has too many interfaces: 65, using maximum allowed: 32
[ 1197.335883][T16697] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1197.345505][ T3092] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 65
[ 1197.355970][T16697] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1197.390659][ T3092] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1197.421479][T16697] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1197.434087][ T3092] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1197.443267][T16697] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1197.461659][ T3092] usb 2-1: config 0 descriptor??
[ 1198.546617][T16980] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1198.576403][T16980] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1198.682150][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1198.712873][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1198.772147][T16954] lo speed is unknown, defaulting to 1000
[ 1198.828581][ T3092] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor
[ 1198.905822][ T5946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1198.940905][ T5946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1200.918395][T16993] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2821'.
[ 1202.507997][ T3092] [drm:udl_init] *ERROR* Selecting channel failed
[ 1202.587024][ T3092] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2
[ 1202.596332][T17007] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2826'.
[ 1202.608495][T17007] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2826'.
[ 1202.628117][ T3092] [drm] Initialized udl on minor 2
[ 1202.662883][ T3092] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1203.597092][ T3092] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[ 1203.700678][ T3092] usb 2-1: USB disconnect, device number 42
[ 1203.724318][T17021] netlink: 'syz.3.2825': attribute type 1 has an invalid length.
[ 1203.732321][T17021] netlink: 'syz.3.2825': attribute type 2 has an invalid length.
[ 1203.734195][ T5963] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed
[ 1204.047133][ T5963] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[ 1208.394699][T17052] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2834'.
[ 1210.731512][T17069] netlink: 'syz.3.2840': attribute type 1 has an invalid length.
[ 1210.742559][T17069] netlink: 'syz.3.2840': attribute type 2 has an invalid length.
[ 1219.224907][T17116] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2850'.
[ 1219.687023][T17119] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2853'.
[ 1219.723458][T17119] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2853'.
[ 1219.742887][T17119] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2853'.
[ 1219.771577][T17119] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2853'.
[ 1220.204458][ T5885] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 1221.169497][ T5885] usb 5-1: Using ep0 maxpacket: 32
[ 1221.480813][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1221.498539][ T5885] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1221.546891][ T5885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 1221.578387][ T5885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[ 1221.601499][ T5885] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1221.626643][ T5885] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1221.640542][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1221.648798][ T5885] usb 5-1: Product: syz
[ 1221.656150][ T5885] usb 5-1: Manufacturer: syz
[ 1221.663041][ T5885] usb 5-1: SerialNumber: syz
[ 1221.672251][ T5885] usb 5-1: config 0 descriptor??
[ 1221.713713][T17142] block nbd5: Device being setup by another task
[ 1221.743090][T17134] block nbd5: shutting down sockets
[ 1221.975121][ T3092] usb 5-1: USB disconnect, device number 51
[ 1223.512603][ T3092] usb 5-1: new full-speed USB device number 52 using dummy_hcd
[ 1223.628215][T17163] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2863'.
[ 1225.482724][T17164] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2862'.
[ 1226.318876][T17175] 8021q: VLANs not supported on ipvlan0
[ 1226.327133][T17183] x_tables: duplicate underflow at hook 4
[ 1228.853730][T17210] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2875'.
[ 1229.640846][T17216] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2879'.
[ 1232.184048][T17232] x_tables: duplicate underflow at hook 4
[ 1237.273960][ T3092] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[ 1237.813840][ T3092] usb 2-1: device descriptor read/64, error -71
[ 1237.893524][T17284] 8021q: VLANs not supported on wg0
[ 1238.074202][ T3092] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[ 1238.287995][ T3092] usb 2-1: device descriptor read/64, error -71
[ 1238.294962][T17287] loop9: detected capacity change from 0 to 7
[ 1238.295608][T17287] buffer_io_error: 6 callbacks suppressed
[ 1238.295626][T17287] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1238.357274][T17287] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1238.419352][T17287] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1238.437890][ T3092] usb usb2-port1: attempt power cycle
[ 1238.449710][T17287] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1238.505186][T17287] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1238.543704][T17287] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1238.551875][T17287] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1238.578313][T17287] ldm_validate_partition_table(): Disk read failed.
[ 1238.595731][T17287] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1238.633182][T17287] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1238.661655][T17287] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1238.698770][T17287] Dev loop9: unable to read RDB block 0
[ 1238.759912][T17287]  loop9: unable to read partition table
[ 1238.794283][T17287] loop9: partition table beyond EOD, truncated
[ 1238.804438][ T3092] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[ 1238.836293][T17287] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[ 1238.836293][T17287] 
) failed (rc=-5)
[ 1238.866885][ T3092] usb 2-1: device descriptor read/8, error -71
[ 1239.114046][ T3092] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[ 1239.142786][T17296] netlink: 'syz.0.2896': attribute type 1 has an invalid length.
[ 1239.152761][T17296] netlink: 'syz.0.2896': attribute type 2 has an invalid length.
[ 1239.247155][ T3092] usb 2-1: device descriptor read/8, error -71
[ 1239.415544][ T3092] usb usb2-port1: unable to enumerate USB device
[ 1239.545211][ T5963] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[ 1239.701846][ T5963] usb 5-1: device descriptor read/64, error -71
[ 1239.974575][ T5963] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 1240.604136][ T5963] usb 5-1: device descriptor read/64, error -71
[ 1241.682785][ T5963] usb usb5-port1: attempt power cycle
[ 1242.867495][T17323] FAULT_INJECTION: forcing a failure.
[ 1242.867495][T17323] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1242.881963][T17323] CPU: 0 UID: 0 PID: 17323 Comm: syz.1.2904 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[ 1242.881992][T17323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1242.882017][T17323] Call Trace:
[ 1242.882026][T17323]  <TASK>
[ 1242.882034][T17323]  dump_stack_lvl+0x189/0x250
[ 1242.882063][T17323]  ? __pfx____ratelimit+0x10/0x10
[ 1242.882095][T17323]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1242.882118][T17323]  ? __pfx__printk+0x10/0x10
[ 1242.882145][T17323]  ? __might_fault+0xb0/0x130
[ 1242.882185][T17323]  should_fail_ex+0x414/0x560
[ 1242.882220][T17323]  _copy_from_user+0x2d/0xb0
[ 1242.882243][T17323]  ___sys_sendmsg+0x158/0x2a0
[ 1242.882272][T17323]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1242.882337][T17323]  ? __fget_files+0x2a/0x420
[ 1242.882355][T17323]  ? __fget_files+0x3a0/0x420
[ 1242.882385][T17323]  __x64_sys_sendmsg+0x19b/0x260
[ 1242.882414][T17323]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1242.882450][T17323]  ? __pfx_ksys_write+0x10/0x10
[ 1242.882475][T17323]  ? rcu_is_watching+0x15/0xb0
[ 1242.882503][T17323]  ? do_syscall_64+0xbe/0x3b0
[ 1242.882526][T17323]  do_syscall_64+0xfa/0x3b0
[ 1242.882545][T17323]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1242.882574][T17323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1242.882594][T17323]  ? clear_bhb_loop+0x60/0xb0
[ 1242.882619][T17323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1242.882638][T17323] RIP: 0033:0x7f1cab58e929
[ 1242.882656][T17323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1242.882673][T17323] RSP: 002b:00007f1cac4e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1242.882694][T17323] RAX: ffffffffffffffda RBX: 00007f1cab7b5fa0 RCX: 00007f1cab58e929
[ 1242.882709][T17323] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1242.882722][T17323] RBP: 00007f1cac4e2090 R08: 0000000000000000 R09: 0000000000000000
[ 1242.882734][T17323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1242.882746][T17323] R13: 0000000000000000 R14: 00007f1cab7b5fa0 R15: 00007ffd245c9dc8
[ 1242.882778][T17323]  </TASK>
[ 1243.764046][T13508] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[ 1243.773104][T13508] Bluetooth: hci2: Injecting HCI hardware error event
[ 1243.783046][T13508] Bluetooth: hci2: hardware error 0x00
[ 1245.222156][T17337] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1246.005193][T13570] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[ 1246.414074][T13508] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[ 1246.530975][T13570] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1246.704584][T13570] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1246.725279][T13570] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1246.735502][T13570] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1246.744000][T13570] usb 2-1: Manufacturer: syz
[ 1246.782308][T13570] usb 2-1: config 0 descriptor??
[ 1246.895847][T13570] igorplugusb 2-1:0.0: incorrect number of endpoints
[ 1247.172926][T17347] netlink: 'syz.5.2911': attribute type 1 has an invalid length.
[ 1247.196619][T17347] netlink: 'syz.5.2911': attribute type 2 has an invalid length.
[ 1247.485858][ T5848] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1247.500458][ T5848] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1247.509656][ T5848] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1247.518924][ T5848] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1247.527142][ T5848] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1248.919162][T17356] lo speed is unknown, defaulting to 1000
[ 1249.441710][ T5919] usb 2-1: USB disconnect, device number 47
[ 1249.716054][T13508] Bluetooth: hci5: command tx timeout
[ 1250.082241][T17376] 9pnet_fd: Insufficient options for proto=fd
[ 1250.300114][ T6609] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1250.309466][T17381] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1251.774644][T13508] Bluetooth: hci5: command tx timeout
[ 1251.809898][ T6609] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1252.447727][ T6609] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1253.854299][T13508] Bluetooth: hci5: command tx timeout
[ 1254.238008][ T6609] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1254.465669][T17411] x_tables: duplicate underflow at hook 4
[ 1254.893600][ T5910] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 1255.015651][T17356] chnl_net:caif_netlink_parms(): no params data found
[ 1255.073571][ T5910] usb 4-1: device descriptor read/64, error -71
[ 1255.353734][ T5910] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[ 1255.513490][ T5910] usb 4-1: device descriptor read/64, error -71
[ 1255.653133][ T5910] usb usb4-port1: attempt power cycle
[ 1255.696401][T17426] Invalid ELF header len 8
[ 1255.934258][T13508] Bluetooth: hci5: command tx timeout
[ 1256.034081][ T5910] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 1256.081093][ T5910] usb 4-1: device descriptor read/8, error -71
[ 1256.404033][ T5910] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[ 1256.465704][ T5910] usb 4-1: device descriptor read/8, error -71
[ 1256.783839][ T5910] usb usb4-port1: unable to enumerate USB device
[ 1258.995170][ T6609] bond3 (unregistering): (slave bridge1): Releasing active interface
[ 1259.008562][ T6609] bridge1 (unregistering): left promiscuous mode
[ 1259.121331][ T6609] bridge1 (unregistering): left allmulticast mode
[ 1260.998110][T17464] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2943'.
[ 1261.007297][T17464] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2943'.
[ 1261.024533][ T6609] bond0 (unregistering): Released all slaves
[ 1261.025076][T17464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2943'.
[ 1261.043253][ T6609] bond1 (unregistering): Released all slaves
[ 1261.158943][ T6609] bond2 (unregistering): Released all slaves
[ 1261.174754][ T6609] bond3 (unregistering): Released all slaves
[ 1261.300716][ T6609] bond4 (unregistering): Released all slaves
[ 1261.338899][T17434] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1261.361446][T17434] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1261.402486][T17434] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1261.406894][T17470] fuse: Unknown parameter '0x0000000000000003'
[ 1261.665575][T17356] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1261.755981][T17356] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1261.822482][T17356] bridge_slave_0: entered allmulticast mode
[ 1261.999227][T17356] bridge_slave_0: entered promiscuous mode
[ 1262.233958][T17419] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[ 1262.890697][T17356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1262.913710][T17356] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1263.110433][T17419] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1263.120859][T17419] usb 4-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1263.134809][T17419] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1263.143258][T17356] bridge_slave_1: entered allmulticast mode
[ 1263.162146][T17419] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1263.207601][T17356] bridge_slave_1: entered promiscuous mode
[ 1265.442748][ T5885] usb 4-1: USB disconnect, device number 34
[ 1265.490013][T17356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1265.559892][T17356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1265.572736][T17506] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2955'.
[ 1265.681143][ T6609] hsr_slave_0: left promiscuous mode
[ 1265.704515][ T6609] hsr_slave_1: left promiscuous mode
[ 1265.780572][ T6609] veth1_macvtap: left promiscuous mode
[ 1265.790194][ T6609] veth0_macvtap: left promiscuous mode
[ 1265.801484][ T6609] veth1_vlan: left promiscuous mode
[ 1265.810421][ T6609] veth0_vlan: left promiscuous mode
[ 1265.813700][T17419] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[ 1265.875038][T17509] fuse: Unknown parameter '0x0000000000000003'
[ 1265.975548][T17419] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1265.990731][T17419] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1266.041559][T17419] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1266.083512][T17419] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1266.127210][T17419] usb 6-1: config 0 descriptor??
[ 1267.269940][T13570] usb 6-1: USB disconnect, device number 15
[ 1267.699079][T17515] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1269.503941][T17538] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1270.789076][T17551] fuse: Unknown parameter 'group_i���
�Q+��`}����������6��ߴb�ݜ��Ϛ��-$�����f�h
��01�Y|��]��Q���e��9�}e� d���FLjG��2�'
[ 1270.797145][T17550] fuse: Unknown parameter '0x0000000000000003'
[ 1271.106924][T13570] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[ 1271.345309][T13570] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1271.528652][T13570] usb 4-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1271.549370][T13570] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1271.583433][T13570] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1271.752969][ T6609] veth0_to_bridge (unregistering): left allmulticast mode
[ 1271.780536][T17561] x_tables: duplicate underflow at hook 4
[ 1272.497778][ T6609] dummy0 (unregistering): left allmulticast mode
[ 1272.541126][ T5885] usb 4-1: USB disconnect, device number 35
[ 1272.593901][T17419] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[ 1272.675043][T17356] team0: Port device team_slave_0 added
[ 1272.686420][T17527] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2960'.
[ 1272.724152][T17356] team0: Port device team_slave_1 added
[ 1272.758819][T17419] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1272.798399][T17419] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1272.840689][T17419] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1272.861200][T17571] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2972'.
[ 1272.870742][T17419] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1272.878171][T17419] usb 6-1: config 0 descriptor??
[ 1272.879197][T17571] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2972'.
[ 1273.176348][ T3092] usb 6-1: USB disconnect, device number 16
[ 1273.623603][T17356] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1273.630785][T17356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1273.659612][T17356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1273.681533][T17356] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1273.688798][T17356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1273.718641][T17356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1274.118369][T17356] hsr_slave_0: entered promiscuous mode
[ 1275.048582][T17356] hsr_slave_1: entered promiscuous mode
[ 1275.055103][T17356] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1275.062716][T17356] Cannot create hsr debugfs directory
[ 1278.698819][ T6609] IPVS: stop unused estimator thread 0...
[ 1280.411895][T17615] fuse: Unknown parameter 'rootmod��wi�R�:�g���{�0e'
[ 1287.846372][T17669] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2992'.
[ 1289.182158][T17356] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1289.214346][T17356] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1289.377221][T17683] block nbd3: shutting down sockets
[ 1289.822179][T17356] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1290.061342][T17356] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1293.345253][T17356] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1293.445367][T17356] 8021q: adding VLAN 0 to HW filter on device team0
[ 1293.981964][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1293.989169][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1294.571948][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1294.579225][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1297.450603][T17749] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3014'.
[ 1300.588788][T17356] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1301.763670][ T5963] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 1302.203704][ T5963] usb 2-1: Using ep0 maxpacket: 8
[ 1302.218591][ T5963] usb 2-1: config 0 has an invalid interface number: 122 but max is 1
[ 1302.244648][ T5963] usb 2-1: config 0 has an invalid interface number: 146 but max is 1
[ 1302.265109][ T5963] usb 2-1: config 0 has no interface number 0
[ 1302.284353][ T5963] usb 2-1: config 0 has no interface number 1
[ 1302.291130][ T5963] usb 2-1: config 0 interface 122 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1302.313026][ T5963] usb 2-1: config 0 interface 122 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[ 1302.372567][ T5963] usb 2-1: config 0 interface 122 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 1024
[ 1302.536970][ T5963] usb 2-1: config 0 interface 122 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1302.582669][ T5963] usb 2-1: config 0 interface 122 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1302.631924][T17798] 8021q: VLANs not supported on wg0
[ 1302.651537][ T5963] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[ 1302.717195][ T5963] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1302.859079][ T5963] usb 2-1: New USB device found, idVendor=1f2f, idProduct=b838, bcdDevice=bb.65
[ 1302.946670][ T5963] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1303.003524][ T5963] usb 2-1: Product: syz
[ 1303.016681][ T5963] usb 2-1: Manufacturer: syz
[ 1303.027968][ T5963] usb 2-1: SerialNumber: syz
[ 1303.058530][ T5963] usb 2-1: config 0 descriptor??
[ 1303.067279][T17780] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1303.070119][T17356] veth0_vlan: entered promiscuous mode
[ 1303.084959][ T5963] usb-storage 2-1:0.122: USB Mass Storage device detected
[ 1303.149232][T17356] veth1_vlan: entered promiscuous mode
[ 1303.262119][T17356] veth0_macvtap: entered promiscuous mode
[ 1303.739565][T17356] veth1_macvtap: entered promiscuous mode
[ 1304.184741][T17356] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1304.208171][T17356] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1304.285987][T17356] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1304.354694][T17356] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1304.382824][ T5919] usb 2-1: USB disconnect, device number 48
[ 1304.414375][ T5885] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[ 1304.443069][T17356] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1305.325314][T17356] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1306.264735][ T5885] usb 6-1: device descriptor read/all, error -71
[ 1306.646786][T17837] x_tables: duplicate underflow at hook 4
[ 1308.472004][T17852] 8021q: VLANs not supported on wg0
[ 1308.685569][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1308.715354][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1308.740299][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1308.752654][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1308.768512][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1309.938601][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1310.864680][T13508] Bluetooth: hci3: command tx timeout
[ 1311.294758][T13570] IPVS: starting estimator thread 0...
[ 1311.306714][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1311.435945][T17885] IPVS: using max 27 ests per chain, 64800 per kthread
[ 1311.449884][T17860] lo speed is unknown, defaulting to 1000
[ 1311.489834][T17890] x_tables: duplicate underflow at hook 4
[ 1311.491767][T17880] syzkaller0: entered allmulticast mode
[ 1311.860992][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1313.054899][T13508] Bluetooth: hci3: command tx timeout
[ 1313.181835][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1314.236065][T17917] netlink: 'syz.1.3056': attribute type 1 has an invalid length.
[ 1314.286148][T17916] vlan2: entered allmulticast mode
[ 1314.291941][T17916] veth1: entered allmulticast mode
[ 1315.133772][T13508] Bluetooth: hci3: command tx timeout
[ 1316.221032][T17860] chnl_net:caif_netlink_parms(): no params data found
[ 1316.380675][   T12] bridge_slave_1: left allmulticast mode
[ 1316.403882][   T12] bridge_slave_1: left promiscuous mode
[ 1316.409708][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1316.673508][   T12] bridge_slave_0: left allmulticast mode
[ 1316.719697][   T12] bridge_slave_0: left promiscuous mode
[ 1316.778644][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1317.215803][T13508] Bluetooth: hci3: command tx timeout
[ 1317.577339][ T5885] usb 4-1: new full-speed USB device number 36 using dummy_hcd
[ 1317.876398][ T5885] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1317.918929][ T5885] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1317.934701][ T5885] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1318.050503][ T5885] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1318.060404][ T5885] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1318.081520][ T5885] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1318.098200][ T5885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1318.123445][ T5885] usb 4-1: Product: syz
[ 1318.127694][ T5885] usb 4-1: Manufacturer: syz
[ 1318.144875][ T5885] usb 4-1: SerialNumber: syz
[ 1318.165508][ T5885] usb 4-1: config 0 descriptor??
[ 1318.397000][ T5885] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000
[ 1318.931758][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1319.055674][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1319.111469][   T12] bond0 (unregistering): Released all slaves
[ 1319.221526][ T5885] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[ 1319.235252][ T5885] radio-si470x 4-1:0.0: software version 0, hardware version 0
[ 1319.242847][ T5885] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[ 1319.260922][ T5885] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[ 1319.277067][ T5885] radio-si470x 4-1:0.0: submitting int urb failed (-90)
[ 1319.439094][T17961] Falling back ldisc for ptm0.
[ 1319.549026][   T12] hsr_slave_0: left promiscuous mode
[ 1319.560810][   T12] hsr_slave_1: left promiscuous mode
[ 1319.581612][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1319.609656][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1319.644852][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1319.659578][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1319.744421][   T12] veth1_macvtap: left promiscuous mode
[ 1319.761776][   T12] veth0_macvtap: left promiscuous mode
[ 1319.787370][   T12] veth1_vlan: left promiscuous mode
[ 1319.797126][   T12] veth0_vlan: left promiscuous mode
[ 1320.265165][ T5885] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -110
[ 1320.343783][ T5885] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -22
[ 1320.369698][T17944] xt_cluster: node mask cannot exceed total number of nodes
[ 1320.393828][ T5963] usb 4-1: USB disconnect, device number 36
[ 1321.638578][T17976] __vm_enough_memory: pid: 17976, comm: syz.5.3069, bytes: 21200471834624 not enough memory for the allocation
[ 1322.578917][   T12] team0 (unregistering): Port device team_slave_1 removed
[ 1322.641854][   T12] team0 (unregistering): Port device team_slave_0 removed
[ 1323.099526][T17989] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[ 1323.099526][T17989] The task syz.0.3072 (17989) triggered the difference, watch for misbehavior.
[ 1324.113950][T13570] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[ 1324.125801][T17860] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1324.132983][T17860] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1324.163698][T17860] bridge_slave_0: entered allmulticast mode
[ 1324.171693][T17860] bridge_slave_0: entered promiscuous mode
[ 1324.618070][T13570] usb 4-1: Using ep0 maxpacket: 8
[ 1325.257096][T17998] nvme_fabrics: missing parameter 'transport=%s'
[ 1325.273841][T17860] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1325.281029][T17860] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1325.302950][T17860] bridge_slave_1: entered allmulticast mode
[ 1325.329335][T17860] bridge_slave_1: entered promiscuous mode
[ 1325.350502][T13570] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[ 1325.381866][T13570] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[ 1325.403635][T13570] usb 4-1: New USB device found, idVendor=04b4, idProduct=07b1, bcdDevice= 0.00
[ 1325.412856][T13570] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1325.423524][T17998] nvme_fabrics: missing parameter 'nqn=%s'
[ 1325.470261][T13570] usb 4-1: config 0 descriptor??
[ 1325.626009][T18004] FAULT_INJECTION: forcing a failure.
[ 1325.626009][T18004] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1325.639557][T18004] CPU: 0 UID: 0 PID: 18004 Comm: syz.5.3077 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[ 1325.639584][T18004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1325.639595][T18004] Call Trace:
[ 1325.639603][T18004]  <TASK>
[ 1325.639611][T18004]  dump_stack_lvl+0x189/0x250
[ 1325.639639][T18004]  ? __pfx____ratelimit+0x10/0x10
[ 1325.639668][T18004]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1325.639689][T18004]  ? __pfx__printk+0x10/0x10
[ 1325.639725][T18004]  should_fail_ex+0x414/0x560
[ 1325.639756][T18004]  _copy_to_user+0x31/0xb0
[ 1325.639780][T18004]  vivid_radio_rx_read+0x9e5/0xb70
[ 1325.639816][T18004]  ? __pfx_vivid_radio_rx_read+0x10/0x10
[ 1325.639834][T18004]  ? __import_iovec+0x40e/0x7f0
[ 1325.639857][T18004]  ? video_devdata+0x6b/0xd0
[ 1325.639876][T18004]  ? vivid_radio_read+0x7a/0xc0
[ 1325.639896][T18004]  v4l2_read+0x19c/0x2c0
[ 1325.639931][T18004]  vfs_readv+0x5a7/0x850
[ 1325.639951][T18004]  ? __pfx_v4l2_read+0x10/0x10
[ 1325.639974][T18004]  ? __pfx_vfs_readv+0x10/0x10
[ 1325.640007][T18004]  ? __fget_files+0x2a/0x420
[ 1325.640029][T18004]  ? __fget_files+0x3a0/0x420
[ 1325.640044][T18004]  ? __fget_files+0x2a/0x420
[ 1325.640070][T18004]  __x64_sys_preadv+0x197/0x2a0
[ 1325.640100][T18004]  ? __pfx___x64_sys_preadv+0x10/0x10
[ 1325.640125][T18004]  ? rcu_is_watching+0x15/0xb0
[ 1325.640160][T18004]  ? do_syscall_64+0xbe/0x3b0
[ 1325.640196][T18004]  do_syscall_64+0xfa/0x3b0
[ 1325.640213][T18004]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1325.640240][T18004]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1325.640258][T18004]  ? clear_bhb_loop+0x60/0xb0
[ 1325.640291][T18004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1325.640307][T18004] RIP: 0033:0x7ff74d58e929
[ 1325.640322][T18004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1325.640337][T18004] RSP: 002b:00007ff74e43c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 1325.640356][T18004] RAX: ffffffffffffffda RBX: 00007ff74d7b6080 RCX: 00007ff74d58e929
[ 1325.640369][T18004] RDX: 0000000000000002 RSI: 0000200000000140 RDI: 0000000000000005
[ 1325.640380][T18004] RBP: 00007ff74e43c090 R08: 0000000000000000 R09: 0000000000000000
[ 1325.640390][T18004] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001
[ 1325.640400][T18004] R13: 0000000000000000 R14: 00007ff74d7b6080 R15: 00007fff036604d8
[ 1325.640427][T18004]  </TASK>
[ 1325.648194][T17860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1326.075755][T13570] usb 4-1: string descriptor 0 read error: -71
[ 1326.449785][T13570] usbhid 4-1:0.0: can't add hid device: -71
[ 1326.454503][T17860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1326.595196][T13570] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1326.633563][T13570] usb 4-1: USB disconnect, device number 37
[ 1326.664896][T17860] team0: Port device team_slave_0 added
[ 1326.705375][T17860] team0: Port device team_slave_1 added
[ 1327.594938][T18019] lo speed is unknown, defaulting to 1000
[ 1328.186936][T17860] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1328.224205][T17860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1328.256233][T17860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1328.446681][T17860] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1328.454305][T17860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1328.480554][T17860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1332.213934][T18050] netlink: 'syz.5.3087': attribute type 10 has an invalid length.
[ 1332.240060][T17860] hsr_slave_0: entered promiscuous mode
[ 1332.247190][T17860] hsr_slave_1: entered promiscuous mode
[ 1332.255284][T17860] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1332.264151][T17860] Cannot create hsr debugfs directory
[ 1332.271680][T18050] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1332.280428][T18050] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1332.293862][T18051] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3087'.
[ 1332.336560][T18050] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1332.343931][T18050] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1332.351502][T18050] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1332.358691][T18050] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1332.393022][T18050] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1332.442039][T18051] bridge_slave_1: left allmulticast mode
[ 1332.448073][T18051] bridge_slave_1: left promiscuous mode
[ 1332.454666][T18051] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1332.476209][T18051] bridge_slave_0: left allmulticast mode
[ 1332.481948][T18051] bridge_slave_0: left promiscuous mode
[ 1332.487995][T18051] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1332.537944][T18051] bond0: (slave bridge0): Releasing backup interface
[ 1332.688846][T17416] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[ 1333.106779][T17416] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1333.120170][T18059] netlink: 'syz.1.3090': attribute type 1 has an invalid length.
[ 1333.128043][T18059] netlink: 'syz.1.3090': attribute type 2 has an invalid length.
[ 1333.146030][T17416] usb 4-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1333.192234][T17416] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1333.261549][T17416] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1333.282068][T17416] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1333.333766][T17416] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 1333.707806][T17416] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1334.537260][T17416] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 1335.305589][T17416] usb 2-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.00
[ 1335.384923][T17416] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1335.444199][T17416] usb 2-1: config 0 descriptor??
[ 1335.518247][T17416] go7007 2-1:0.0: probe with driver go7007 failed with error -12
[ 1335.688567][T17416] usb 4-1: USB disconnect, device number 38
[ 1335.908080][ T5919] usb 2-1: USB disconnect, device number 49
[ 1336.572640][T17860] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1336.608606][T17860] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1336.681325][T17860] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1336.721235][T17860] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1337.677469][T17860] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1337.799244][T17860] 8021q: adding VLAN 0 to HW filter on device team0
[ 1338.745089][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1338.752305][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1338.804918][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1338.812168][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1338.888153][T18114] netlink: 'syz.0.3102': attribute type 1 has an invalid length.
[ 1338.900993][T18114] netlink: 'syz.0.3102': attribute type 2 has an invalid length.
[ 1340.101918][T17860] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1341.557609][T18143] trusted_key: syz.0.3108 sent an empty control message without MSG_MORE.
[ 1342.456954][   T30] audit: type=1326 audit(1752394185.294:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18147 comm="syz.1.3112" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1cab58e929 code=0x0
[ 1343.088198][T17860] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1344.587598][T18174] netlink: 'syz.1.3116': attribute type 1 has an invalid length.
[ 1344.595554][T18174] netlink: 'syz.1.3116': attribute type 2 has an invalid length.
[ 1345.250503][T17860] veth0_vlan: entered promiscuous mode
[ 1345.271713][T17860] veth1_vlan: entered promiscuous mode
[ 1345.328710][T17860] veth0_macvtap: entered promiscuous mode
[ 1345.349108][T17860] veth1_macvtap: entered promiscuous mode
[ 1345.395707][T17860] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1345.453774][T17860] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1345.505980][T17860] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1345.541543][T17860] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1345.583852][T17860] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1345.618352][T17860] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1345.848259][T18193] Cannot find add_set index 1 as target
[ 1347.447307][ T6609] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1347.492362][ T6609] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1347.592845][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1347.625761][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1348.191885][T18213] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 47052 - 0
[ 1348.252396][T18213] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 47052 - 0
[ 1348.340979][T18213] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 47052 - 0
[ 1348.392775][T18213] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 47052 - 0
[ 1348.694846][T18213] netdevsim netdevsim3 netdevsim0: set [1, 2] type 2 family 0 port 54480 - 0
[ 1348.723581][T18213] netdevsim netdevsim3 netdevsim1: set [1, 2] type 2 family 0 port 54480 - 0
[ 1348.768418][T18213] netdevsim netdevsim3 netdevsim2: set [1, 2] type 2 family 0 port 54480 - 0
[ 1348.777765][T18213] netdevsim netdevsim3 netdevsim3: set [1, 2] type 2 family 0 port 54480 - 0
[ 1348.786922][T18213] geneve2: entered promiscuous mode
[ 1348.792380][T18213] geneve2: entered allmulticast mode
[ 1352.381130][T18251] netlink: 'syz.5.3137': attribute type 1 has an invalid length.
[ 1352.452231][ T5848] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1352.463062][ T5848] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1352.471642][ T5848] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1352.481763][ T5848] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1352.491926][ T5848] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1353.347478][T18254] lo speed is unknown, defaulting to 1000
[ 1354.124131][T18268] FAULT_INJECTION: forcing a failure.
[ 1354.124131][T18268] name failslab, interval 1, probability 0, space 0, times 0
[ 1354.186692][T18268] CPU: 1 UID: 0 PID: 18268 Comm: syz.5.3141 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[ 1354.186722][T18268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1354.186734][T18268] Call Trace:
[ 1354.186742][T18268]  <TASK>
[ 1354.186750][T18268]  dump_stack_lvl+0x189/0x250
[ 1354.186778][T18268]  ? __pfx____ratelimit+0x10/0x10
[ 1354.186809][T18268]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1354.186832][T18268]  ? __pfx__printk+0x10/0x10
[ 1354.186863][T18268]  ? __pfx___might_resched+0x10/0x10
[ 1354.186884][T18268]  ? fs_reclaim_acquire+0x7d/0x100
[ 1354.186909][T18268]  should_fail_ex+0x414/0x560
[ 1354.186944][T18268]  should_failslab+0xa8/0x100
[ 1354.186976][T18268]  __kmalloc_noprof+0xcb/0x4f0
[ 1354.187002][T18268]  ? kfree+0x4d/0x440
[ 1354.187025][T18268]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1354.187053][T18268]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1354.187077][T18268]  ? tomoyo_domain+0xda/0x130
[ 1354.187105][T18268]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1354.187135][T18268]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1354.187167][T18268]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1354.187215][T18268]  ? __lock_acquire+0xab9/0xd20
[ 1354.187264][T18268]  ? __fget_files+0x2a/0x420
[ 1354.187287][T18268]  ? __fget_files+0x2a/0x420
[ 1354.187304][T18268]  ? __fget_files+0x3a0/0x420
[ 1354.187321][T18268]  ? __fget_files+0x2a/0x420
[ 1354.187343][T18268]  security_file_ioctl+0xcb/0x2d0
[ 1354.187377][T18268]  __se_sys_ioctl+0x47/0x170
[ 1354.187405][T18268]  do_syscall_64+0xfa/0x3b0
[ 1354.187424][T18268]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1354.187454][T18268]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1354.187478][T18268]  ? clear_bhb_loop+0x60/0xb0
[ 1354.187503][T18268]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1354.187541][T18268] RIP: 0033:0x7ff74d58e929
[ 1354.187560][T18268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1354.187579][T18268] RSP: 002b:00007ff74e45d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1354.187602][T18268] RAX: ffffffffffffffda RBX: 00007ff74d7b5fa0 RCX: 00007ff74d58e929
[ 1354.187617][T18268] RDX: 0000200000000080 RSI: 000000008028640c RDI: 0000000000000003
[ 1354.187630][T18268] RBP: 00007ff74e45d090 R08: 0000000000000000 R09: 0000000000000000
[ 1354.187642][T18268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1354.187653][T18268] R13: 0000000000000000 R14: 00007ff74d7b5fa0 R15: 00007fff036604d8
[ 1354.187686][T18268]  </TASK>
[ 1354.187695][T18268] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1354.650920][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1354.663921][ T5848] Bluetooth: hci5: command tx timeout
[ 1355.168678][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1356.731698][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1356.745883][ T5848] Bluetooth: hci5: command tx timeout
[ 1357.673050][T18254] chnl_net:caif_netlink_parms(): no params data found
[ 1357.686409][T18300] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3147'.
[ 1357.703501][T18300] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3147'.
[ 1358.128273][T18300] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3147'.
[ 1358.797877][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1358.813489][ T5848] Bluetooth: hci5: command tx timeout
[ 1358.934752][T18300] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1359.033692][ T5885] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[ 1359.059723][T18300] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1359.101503][T18300] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1359.209852][ T5885] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1359.224974][T18254] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1359.225009][ T5885] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1359.232163][T18254] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1359.244346][ T5885] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1359.264360][ T5885] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1359.280979][ T5885] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1359.508626][T18254] bridge_slave_0: entered allmulticast mode
[ 1359.626828][T18254] bridge_slave_0: entered promiscuous mode
[ 1359.684072][ T5885] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1359.773285][T18254] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1359.797675][ T5885] usb 6-1: invalid MIDI out EP 0
[ 1359.808682][T18254] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1360.185558][T18254] bridge_slave_1: entered allmulticast mode
[ 1360.340850][T18254] bridge_slave_1: entered promiscuous mode
[ 1360.363496][ T5885] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 1360.926057][ T5848] Bluetooth: hci5: command tx timeout
[ 1361.139790][T18333] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3154'.
[ 1361.256734][T18336] input: syz0 as /devices/virtual/input/input29
[ 1363.306087][T18254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1363.327737][T18254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1363.887580][T17419] usb 6-1: USB disconnect, device number 19
[ 1363.890325][T18254] team0: Port device team_slave_0 added
[ 1364.438038][T18254] team0: Port device team_slave_1 added
[ 1364.708319][T18357] snd_dummy snd_dummy.0: control 0:129:-2:syz0:5 is already present
[ 1364.777269][T18354] input: syz1 as /devices/virtual/input/input30
[ 1364.980377][T18359] xt_SECMARK: invalid mode: 2
[ 1366.796269][T18254] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1366.839151][T18254] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1366.963626][T18254] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1366.979814][   T12] bridge_slave_1: left allmulticast mode
[ 1366.986017][   T12] bridge_slave_1: left promiscuous mode
[ 1366.998523][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1367.075446][   T12] bridge_slave_0: left allmulticast mode
[ 1367.099328][   T12] bridge_slave_0: left promiscuous mode
[ 1367.105340][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1367.863933][ T5919] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1368.042199][ T5919] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1368.072439][ T5919] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1368.096872][ T5919] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1368.110932][ T5919] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1368.129661][ T5919] usb 4-1: Manufacturer: syz
[ 1368.159301][ T5919] usb 4-1: config 0 descriptor??
[ 1368.178481][ T5919] igorplugusb 4-1:0.0: incorrect number of endpoints
[ 1368.980322][ T5919] usb 4-1: USB disconnect, device number 39
[ 1369.839838][T18401] netlink: 'syz.5.3170': attribute type 1 has an invalid length.
[ 1369.896039][   T12] bond0 (unregistering): (slave 
c
1�): Releasing backup interface
[ 1369.914575][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1369.929603][   T12] bond0 (unregistering): Released all slaves
[ 1370.127341][T18407] snd_dummy snd_dummy.0: control 0:129:-2:syz0:5 is already present
[ 1370.502410][   T12] bond1 (unregistering): Released all slaves
[ 1370.788311][   T12] bond2 (unregistering): Released all slaves
[ 1370.932515][   T12] bond3 (unregistering): Released all slaves
[ 1370.953322][T18254] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1370.962582][T18254] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1370.990075][T18254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1371.020640][T18391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3167'.
[ 1371.021860][T18401] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1371.240184][   T12] : left promiscuous mode
[ 1371.433460][T18254] hsr_slave_0: entered promiscuous mode
[ 1371.440450][T18254] hsr_slave_1: entered promiscuous mode
[ 1371.447452][T18254] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1371.455248][T18254] Cannot create hsr debugfs directory
[ 1374.484049][ T5919] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1374.614760][T18443] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3179'.
[ 1375.457280][T18450] snd_dummy snd_dummy.0: control 0:129:-2:syz0:5 is already present
[ 1375.962851][ T5919] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1376.011699][ T5919] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1378.035638][T18451] hsr0: entered promiscuous mode
[ 1378.041253][T18451] macvtap1: entered promiscuous mode
[ 1378.047015][T18451] macvtap1: entered allmulticast mode
[ 1378.052569][T18451] hsr0: entered allmulticast mode
[ 1378.057768][T18451] hsr_slave_0: entered allmulticast mode
[ 1378.110024][T18451] hsr_slave_1: entered allmulticast mode
[ 1378.170429][ T5919] usb 5-1: string descriptor 0 read error: -71
[ 1378.343666][ T5919] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1379.051261][ T5919] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1379.053240][T18451] hsr0: left allmulticast mode
[ 1379.091163][   T30] audit: type=1400 audit(1752394221.944:361): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=18460 comm="syz.5.3187" daddr=::ffff:172.20.20.0
[ 1379.093902][T18451] hsr_slave_0: left allmulticast mode
[ 1379.124943][T18451] hsr_slave_1: left allmulticast mode
[ 1379.132273][ T5919] usb 5-1: config 0 descriptor??
[ 1379.144910][ T5919] usb 5-1: can't set config #0, error -71
[ 1379.178998][ T5919] usb 5-1: USB disconnect, device number 56
[ 1379.665001][   T12] hsr_slave_0: left promiscuous mode
[ 1379.693240][   T12] hsr_slave_1: left promiscuous mode
[ 1379.715357][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1379.747995][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1379.772633][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1379.795194][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1379.875776][   T12] veth1_macvtap: left promiscuous mode
[ 1379.887817][   T12] veth0_macvtap: left promiscuous mode
[ 1379.903268][   T12] veth1_vlan: left promiscuous mode
[ 1379.918451][   T12] veth0_vlan: left promiscuous mode
[ 1381.351934][T18475] 9pnet_fd: Insufficient options for proto=fd
[ 1381.987472][T18500] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3197'.
[ 1382.033440][T17419] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 1382.198579][T17419] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1382.221583][T17419] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1382.248304][T17419] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1382.277655][T17419] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1382.288207][T17419] usb 6-1: Manufacturer: syz
[ 1382.305911][T17419] usb 6-1: config 0 descriptor??
[ 1382.355085][T17419] igorplugusb 6-1:0.0: incorrect number of endpoints
[ 1382.553799][T17419] usb 6-1: USB disconnect, device number 20
[ 1382.605376][   T12] team0 (unregistering): Port device team_slave_1 removed
[ 1382.662962][   T12] team0 (unregistering): Port device team_slave_0 removed
[ 1382.673558][ T5963] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[ 1382.829038][ T5963] usb 4-1: Using ep0 maxpacket: 32
[ 1382.842330][ T5963] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1382.859504][ T5963] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1382.869889][ T5963] usb 4-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[ 1382.890464][ T5963] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1382.902730][ T5963] usb 4-1: config 0 descriptor??
[ 1383.329260][T13570] lo speed is unknown, defaulting to 1000
[ 1383.341566][T13570] syz0: Port: 1 Link DOWN
[ 1383.348615][T18487] 8021q: VLANs not supported on ipvlan0
[ 1383.405893][ T5963] hkems 0003:2006:0118.000E: item fetching failed at offset 0/2
[ 1383.419816][ T5963] hkems 0003:2006:0118.000E: parse failed
[ 1383.425914][ T5963] hkems 0003:2006:0118.000E: probe with driver hkems failed with error -22
[ 1383.803636][T18524] virtio-fs: tag </dev/md0> not found
[ 1383.810641][T18524] netlink: 88 bytes leftover after parsing attributes in process `syz.5.3204'.
[ 1384.143487][   T30] audit: type=1326 audit(1752394226.984:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18527 comm="syz.1.3205" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1cab58e929 code=0x0
[ 1384.143716][T17419] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 1384.312120][T18533] tipc: Started in network mode
[ 1384.317418][T18533] tipc: Node identity ac1414aa, cluster identity 4711
[ 1384.325420][T18533] tipc: Enabled bearer <udp:syz0>, priority 10
[ 1384.373360][T18535] fuse: Unknown parameter 'grou00000000000000000000'
[ 1384.401708][T18254] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1384.416187][T17419] usb 5-1: Using ep0 maxpacket: 32
[ 1384.422199][   T12] IPVS: stop unused estimator thread 0...
[ 1384.439287][T17419] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1384.521808][T18254] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1384.533505][T17419] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1385.502704][ T5919] tipc: Node number set to 2886997162
[ 1385.513782][T18254] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1385.521206][T17419] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00
[ 1385.530404][T17419] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1385.545466][T18254] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1386.509131][T17419] usb 5-1: config 0 descriptor??
[ 1386.839823][T18254] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1386.894770][T18254] 8021q: adding VLAN 0 to HW filter on device team0
[ 1386.919689][T18435] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1386.926895][T18435] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1387.280837][ T1013] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1387.288128][ T1013] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1388.435290][T18254] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1388.501864][T18254] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1390.349735][T18254] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1390.560338][T18254] veth0_vlan: entered promiscuous mode
[ 1390.634621][T18254] veth1_vlan: entered promiscuous mode
[ 1390.743225][T18254] veth0_macvtap: entered promiscuous mode
[ 1390.787471][T18254] veth1_macvtap: entered promiscuous mode
[ 1390.852363][T18254] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1390.889690][T18254] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1390.928033][T18254] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1390.965877][T18254] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1390.995055][T18254] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1391.017565][T18254] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1391.407816][ T6609] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1391.425641][ T6609] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1391.445593][T17419] usbhid 5-1:0.0: can't add hid device: -71
[ 1391.464755][T17419] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1391.489279][T17419] usb 5-1: USB disconnect, device number 57
[ 1391.507192][ T6609] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1391.537762][ T6609] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1391.940593][   T30] audit: type=1400 audit(1752394234.794:363): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=18585 comm="syz.5.3216"
[ 1392.251158][T18589] net_ratelimit: 11 callbacks suppressed
[ 1392.251175][T18589] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1394.223691][ T5885] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 1394.437137][ T5885] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1394.481911][ T5885] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1394.521657][ T5885] usb 6-1: Product: syz
[ 1394.544417][ T5885] usb 6-1: Manufacturer: syz
[ 1394.569345][ T5885] usb 6-1: SerialNumber: syz
[ 1394.607401][ T5885] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1394.690223][T13508] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1394.707011][T13508] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1394.707071][ T5919] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1394.720981][T13508] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1394.734922][T13508] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1394.743237][T13508] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1395.774495][ T5919] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[ 1395.782025][ T5919] ath9k_htc: Failed to initialize the device
[ 1396.566925][T17419] usb 6-1: USB disconnect, device number 21
[ 1396.615088][T17419] usb 6-1: ath9k_htc: USB layer deinitialized
[ 1396.814373][T13508] Bluetooth: hci0: command tx timeout
[ 1396.966227][T18626] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3225'.
[ 1397.860407][T18608] chnl_net:caif_netlink_parms(): no params data found
[ 1398.175283][T13508] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[ 1398.185122][T13508] Bluetooth: hci5: Injecting HCI hardware error event
[ 1398.195555][T13508] Bluetooth: hci5: hardware error 0x00
[ 1398.893647][ T5848] Bluetooth: hci0: command tx timeout
[ 1399.180114][T18608] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1399.206226][T18608] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1399.262287][T18608] bridge_slave_0: entered allmulticast mode
[ 1399.288460][T18608] bridge_slave_0: entered promiscuous mode
[ 1399.328563][T18608] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1399.349247][T18608] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1399.373107][T18608] bridge_slave_1: entered allmulticast mode
[ 1399.404183][T18608] bridge_slave_1: entered promiscuous mode
[ 1400.166200][T18656] 8021q: VLANs not supported on wg0
[ 1400.217762][T18608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1400.284600][T18608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1400.333445][T13508] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[ 1400.570469][T18608] team0: Port device team_slave_0 added
[ 1400.608344][T18608] team0: Port device team_slave_1 added
[ 1400.973424][T13508] Bluetooth: hci0: command tx timeout
[ 1402.102968][T18608] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1402.110539][T18608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1402.214778][T18608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1402.258950][T18608] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1402.316100][T18608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1402.404274][T18608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1402.572930][T18685] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3236'.
[ 1403.248089][T13508] Bluetooth: hci0: command tx timeout
[ 1403.988492][T18608] hsr_slave_0: entered promiscuous mode
[ 1404.006682][T18608] hsr_slave_1: entered promiscuous mode
[ 1404.714115][ T5963] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 1404.722448][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[ 1404.858446][T18710] 8021q: VLANs not supported on wg0
[ 1404.886509][ T5963] usb 5-1: device descriptor read/64, error -32
[ 1404.961042][T18608] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1405.090694][T18608] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1405.164590][ T5963] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 1405.207232][T18608] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1405.343613][ T5963] usb 5-1: Using ep0 maxpacket: 32
[ 1405.351846][ T5963] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1405.367534][ T5963] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1405.394826][ T5963] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1405.430141][T18608] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1405.439046][ T5963] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1405.491075][ T5963] usb 5-1: config 0 descriptor??
[ 1405.511345][ T5963] hub 5-1:0.0: USB hub found
[ 1405.712466][T18707] netlink: 172 bytes leftover after parsing attributes in process `syz.4.3244'.
[ 1405.721965][ T5963] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[ 1405.783886][T18608] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1406.006027][T18608] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1406.727426][ T5963] usbhid 5-1:0.0: can't add hid device: -71
[ 1406.738023][ T5963] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1406.765143][T18608] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1406.789103][ T5963] usb 5-1: USB disconnect, device number 59
[ 1406.822347][T18608] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1406.974782][T18726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3249'.
[ 1408.206241][T18729] FAULT_INJECTION: forcing a failure.
[ 1408.206241][T18729] name failslab, interval 1, probability 0, space 0, times 0
[ 1408.346900][T18729] CPU: 1 UID: 0 PID: 18729 Comm: syz.0.3250 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[ 1408.346933][T18729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1408.346947][T18729] Call Trace:
[ 1408.346955][T18729]  <TASK>
[ 1408.346965][T18729]  dump_stack_lvl+0x189/0x250
[ 1408.346993][T18729]  ? __pfx____ratelimit+0x10/0x10
[ 1408.347023][T18729]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1408.347045][T18729]  ? __pfx__printk+0x10/0x10
[ 1408.347080][T18729]  ? __pfx___might_resched+0x10/0x10
[ 1408.347102][T18729]  ? fs_reclaim_acquire+0x7d/0x100
[ 1408.347127][T18729]  should_fail_ex+0x414/0x560
[ 1408.347160][T18729]  should_failslab+0xa8/0x100
[ 1408.347192][T18729]  __kmalloc_noprof+0xcb/0x4f0
[ 1408.347218][T18729]  ? tomoyo_encode+0x28b/0x550
[ 1408.347243][T18729]  tomoyo_encode+0x28b/0x550
[ 1408.347269][T18729]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1408.347302][T18729]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1408.347331][T18729]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1408.347362][T18729]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1408.347407][T18729]  ? __lock_acquire+0xab9/0xd20
[ 1408.347446][T18729]  ? __fget_files+0x2a/0x420
[ 1408.347468][T18729]  ? __fget_files+0x2a/0x420
[ 1408.347485][T18729]  ? __fget_files+0x3a0/0x420
[ 1408.347505][T18729]  ? __fget_files+0x2a/0x420
[ 1408.347527][T18729]  security_file_ioctl+0xcb/0x2d0
[ 1408.347577][T18729]  __se_sys_ioctl+0x47/0x170
[ 1408.347607][T18729]  do_syscall_64+0xfa/0x3b0
[ 1408.347646][T18729]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1408.347666][T18729]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1408.347687][T18729]  ? clear_bhb_loop+0x60/0xb0
[ 1408.347714][T18729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1408.347735][T18729] RIP: 0033:0x7faff538e929
[ 1408.347754][T18729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1408.347774][T18729] RSP: 002b:00007faff6228038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1408.347797][T18729] RAX: ffffffffffffffda RBX: 00007faff55b5fa0 RCX: 00007faff538e929
[ 1408.347813][T18729] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000003
[ 1408.347828][T18729] RBP: 00007faff6228090 R08: 0000000000000000 R09: 0000000000000000
[ 1408.347841][T18729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1408.347854][T18729] R13: 0000000000000000 R14: 00007faff55b5fa0 R15: 00007fff70721558
[ 1408.347887][T18729]  </TASK>
[ 1408.854755][T18729] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1411.093725][T18608] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1411.122689][T18608] 8021q: adding VLAN 0 to HW filter on device team0
[ 1411.175839][ T6608] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1411.183023][ T6608] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1411.372618][ T6608] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1411.379892][ T6608] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1413.113393][   T30] audit: type=1326 audit(1752394255.954:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18764 comm="syz.3.3256" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa2a098e929 code=0x0
[ 1413.725776][T18608] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1414.978332][T18608] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1416.059612][ T5848] Bluetooth: hci0: command 0x0405 tx timeout
[ 1416.896378][T18608] veth0_vlan: entered promiscuous mode
[ 1416.954275][T18608] veth1_vlan: entered promiscuous mode
[ 1417.082983][T18608] veth0_macvtap: entered promiscuous mode
[ 1417.127156][T18608] veth1_macvtap: entered promiscuous mode
[ 1417.163541][T18815] netlink: 'syz.4.3270': attribute type 3 has an invalid length.
[ 1417.191823][T18815] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3270'.
[ 1417.197567][T18608] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1417.227251][T18608] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1417.255656][T18608] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.293377][T18608] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.319832][T18608] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.338467][T18608] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.487007][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1417.495021][ T5919] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 1417.512752][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1417.605743][ T5972] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 1417.799312][ T5919] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1417.849917][ T5972] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1417.900522][ T5972] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[ 1417.906728][ T5919] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1417.910815][ T5972] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[ 1417.932197][ T5972] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1418.013430][ T5972] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1418.027370][ T5919] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1418.100235][ T6608] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1418.113655][ T5919] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1418.116125][ T5972] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1418.140826][ T6608] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1418.152552][T18817] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1418.256145][ T5972] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -12
[ 1418.262198][ T5919] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1419.313210][T18827] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1419.603119][ T5919] usb 5-1: USB disconnect, device number 60
[ 1420.104830][T16696] usb 6-1: USB disconnect, device number 22
[ 1420.659682][T18838] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3277'.
[ 1420.730695][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1420.747471][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1420.759404][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1420.772167][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1420.794006][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1420.841783][   T30] audit: type=1326 audit(1752394263.694:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18837 comm="syz.0.3277" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faff538e929 code=0x0
[ 1420.862764][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1421.065527][T16696] usb 4-1: USB disconnect, device number 40
[ 1421.238036][ T6608] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1421.249847][ T6608] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 47052 - 0
[ 1421.261940][ T6608] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 54480 - 0
[ 1421.402883][ T6608] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1421.419404][ T6608] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 47052 - 0
[ 1421.432003][ T6608] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 54480 - 0
[ 1422.249145][ T6608] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1422.256675][T18868] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1422.266991][ T6608] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 47052 - 0
[ 1422.281897][ T6608] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 54480 - 0
[ 1422.500282][ T6608] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1422.518886][ T6608] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 47052 - 0
[ 1422.533127][ T6608] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 54480 - 0
[ 1422.814551][T13508] Bluetooth: hci1: command tx timeout
[ 1423.276244][T18840] chnl_net:caif_netlink_parms(): no params data found
[ 1423.811521][T18884] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3288'.
[ 1423.978586][T18884] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3288'.
[ 1424.007348][T18884] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3288'.
[ 1425.002426][T13508] Bluetooth: hci1: command tx timeout
[ 1425.242415][T18840] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1425.252962][T18896] Cannot find add_set index 1 as target
[ 1425.402872][T18840] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1425.410846][T18840] bridge_slave_0: entered allmulticast mode
[ 1425.415449][T18900] 9pnet_fd: Insufficient options for proto=fd
[ 1425.419961][T18840] bridge_slave_0: entered promiscuous mode
[ 1425.443048][T18898] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3292'.
[ 1427.064010][T13508] Bluetooth: hci1: command tx timeout
[ 1429.021277][ T6608] bond0 (unregistering): Released all slaves
[ 1429.133879][T13508] Bluetooth: hci1: command tx timeout
[ 1429.232843][ T6608] bond1 (unregistering): Released all slaves
[ 1429.396911][ T6608] bond2 (unregistering): Released all slaves
[ 1429.555240][ T6608] bond3 (unregistering): Released all slaves
[ 1429.693572][ T6608] bond4 (unregistering): Released all slaves
[ 1429.715558][ T6608] bond5 (unregistering): Released all slaves
[ 1429.738443][T18840] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1429.753478][T18840] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1429.761472][T18840] bridge_slave_1: entered allmulticast mode
[ 1429.772661][T18840] bridge_slave_1: entered promiscuous mode
[ 1430.128580][ T6608] tipc: Left network mode
[ 1430.142508][T18840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1430.179154][T18840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1430.642655][T18840] team0: Port device team_slave_0 added
[ 1430.670122][T18968] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1879179264 (3758358528 ns) > initial count (1236996 ns). Using initial count to start timer.
[ 1430.687986][T16696] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1431.278815][T18840] team0: Port device team_slave_1 added
[ 1431.317327][T16696] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1431.345124][T16696] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1431.374946][T16696] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1431.389391][T16696] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1431.462707][T18964] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1431.496071][T16696] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1431.503276][ T6608] hsr_slave_0: left promiscuous mode
[ 1431.530316][ T6608] hsr_slave_1: left promiscuous mode
[ 1431.665766][ T6608] veth1_macvtap: left promiscuous mode
[ 1431.684655][ T6608] veth0_macvtap: left promiscuous mode
[ 1431.696929][ T6608] veth1_vlan: left promiscuous mode
[ 1431.702847][ T6608] veth0_vlan: left promiscuous mode
[ 1433.092771][ T5919] usb 2-1: USB disconnect, device number 50
[ 1433.404654][T18994] program syz.4.3314 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1433.589322][T18998] netlink: 15 bytes leftover after parsing attributes in process `syz.5.3315'.
[ 1433.602490][T18998] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3315'.
[ 1433.687736][T17416] hid-generic C990:0003:007F.000F: item fetching failed at offset 0/17
[ 1433.728615][T17416] hid-generic C990:0003:007F.000F: probe with driver hid-generic failed with error -22
[ 1433.747995][T18998] loop4: detected capacity change from 0 to 7
[ 1433.795232][T17860] Dev loop4: unable to read RDB block 7
[ 1433.800897][T17860]  loop4: AHDI p1 p2
[ 1433.821700][T17860] loop4: partition table partially beyond EOD, truncated
[ 1433.844054][T17860] loop4: p1 size 4227858431 extends beyond EOD, truncated
[ 1433.974892][T18998] Dev loop4: unable to read RDB block 7
[ 1433.980547][T18998]  loop4: AHDI p1 p2
[ 1433.990584][T18998] loop4: partition table partially beyond EOD, truncated
[ 1434.009187][T18998] loop4: p1 size 4227858431 extends beyond EOD, truncated
[ 1435.508011][T16698] Bluetooth: hci3: command 0x0406 tx timeout
[ 1436.012759][T19011] netlink: 'syz.4.3317': attribute type 1 has an invalid length.
[ 1436.038250][T19011] netlink: 'syz.4.3317': attribute type 2 has an invalid length.
[ 1436.060581][T18840] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1436.088080][T18840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1436.213579][T18840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1436.258119][T18840] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1436.263260][T19022] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1436.272821][T18840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1436.298758][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1436.366357][T18840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1436.715909][T18840] hsr_slave_0: entered promiscuous mode
[ 1436.905479][T18840] hsr_slave_1: entered promiscuous mode
[ 1437.033650][T18840] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1437.268281][T18840] Cannot create hsr debugfs directory
[ 1437.759040][T19038] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3326'.
[ 1437.779665][T19030] pimreg: entered allmulticast mode
[ 1437.798336][T19038] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3326'.
[ 1440.441790][T19059] fuse: Bad value for 'group_id'
[ 1440.447578][T19059] fuse: Bad value for 'group_id'
[ 1440.503161][   T30] audit: type=1326 audit(1752394283.314:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19048 comm="syz.1.3331" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15b318e929 code=0x0
[ 1442.666443][T18840] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1442.724799][T18840] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1442.786052][T18840] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1442.840674][T18840] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1442.914280][T19079] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3336'.
[ 1442.923376][T19079] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3336'.
[ 1443.767612][T18840] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1444.349792][T18840] 8021q: adding VLAN 0 to HW filter on device team0
[ 1444.503249][T19096] netlink: 'syz.1.3338': attribute type 21 has an invalid length.
[ 1444.511245][T19096] netlink: 'syz.1.3338': attribute type 22 has an invalid length.
[ 1444.519739][T19096] netlink: 'syz.1.3338': attribute type 23 has an invalid length.
[ 1444.529352][T19096] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3338'.
[ 1444.824779][T19094] wg1 speed is unknown, defaulting to 1000
[ 1444.848318][T18435] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1444.855522][T18435] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1444.950956][T18435] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1444.958329][T18435] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1445.035703][T19094] wg1 speed is unknown, defaulting to 1000
[ 1445.061571][T19094] wg1 speed is unknown, defaulting to 1000
[ 1445.117603][T19094] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1445.191519][T18840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1445.261893][T19094] wg1 speed is unknown, defaulting to 1000
[ 1445.300740][T19094] wg1 speed is unknown, defaulting to 1000
[ 1445.347889][T19094] wg1 speed is unknown, defaulting to 1000
[ 1445.376550][T19094] wg1 speed is unknown, defaulting to 1000
[ 1445.396747][T19094] wg1 speed is unknown, defaulting to 1000
[ 1445.431607][T19094] wg1 speed is unknown, defaulting to 1000
[ 1445.674508][T13508] Bluetooth: hci3: unexpected event for opcode 0x1004
[ 1446.470988][T19116] netlink: 'syz.4.3345': attribute type 3 has an invalid length.
[ 1446.660247][T18840] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1447.345391][T18840] veth0_vlan: entered promiscuous mode
[ 1447.368679][T18840] veth1_vlan: entered promiscuous mode
[ 1448.639604][T18840] veth0_macvtap: entered promiscuous mode
[ 1448.751415][T18840] veth1_macvtap: entered promiscuous mode
[ 1448.780698][T19134] loop9: detected capacity change from 0 to 7
[ 1448.807869][T19134] buffer_io_error: 4 callbacks suppressed
[ 1448.807888][T19134] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1448.854510][T18840] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1448.872389][T19134] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1448.935687][T19134] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1448.947741][T18840] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1448.955446][T19134] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1448.980168][T18840] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1449.619597][T19134] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1449.629580][T19134] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1449.637594][T18840] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1449.647752][T19140] tty tty3: ldisc open failed (-12), clearing slot 2
[ 1449.664571][T19134] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1449.675509][T18840] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1449.688202][T19134] ldm_validate_partition_table(): Disk read failed.
[ 1449.701525][T18840] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1449.720860][T19134] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1449.729202][T13508] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[ 1449.738499][T13508] Bluetooth: hci3: Injecting HCI hardware error event
[ 1449.747764][T16698] Bluetooth: hci3: hardware error 0x00
[ 1449.804346][T19134] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1449.823642][T19134] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1449.856605][T19134] Dev loop9: unable to read RDB block 0
[ 1449.862651][T19134]  loop9: unable to read partition table
[ 1449.875411][T19134] loop9: partition table beyond EOD, truncated
[ 1449.889308][T19134] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[ 1449.889308][T19134] 
) failed (rc=-5)
[ 1450.212765][T13508] Bluetooth: hci3: unexpected event for opcode 0x1004
[ 1450.237461][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1450.263429][T17416] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[ 1450.291813][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1450.330150][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1450.353107][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1450.472740][T17416] usb 6-1: Using ep0 maxpacket: 32
[ 1450.533767][T17416] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1450.643174][T17416] usb 6-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[ 1450.809213][T17416] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1450.922759][T17416] usb 6-1: Product: syz
[ 1450.997655][T17416] usb 6-1: Manufacturer: syz
[ 1451.002344][T17416] usb 6-1: SerialNumber: syz
[ 1451.027097][T17416] usb 6-1: config 0 descriptor??
[ 1451.045174][T17416] cdc_ether 6-1:0.0: skipping garbage
[ 1451.050634][T17416] usb 6-1: bad CDC descriptors
[ 1451.064966][T17416] usb 6-1: unsupported MDLM descriptors
[ 1451.923479][T16698] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 1452.554361][T19165] netlink: 'syz.1.3358': attribute type 1 has an invalid length.
[ 1452.562199][T19165] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3358'.
[ 1452.821619][T18254] ptm ptm0: ldisc open failed (-12), clearing slot 0
[ 1452.863478][    T9] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1453.013394][    T9] usb 4-1: Using ep0 maxpacket: 8
[ 1453.027156][    T9] usb 4-1: config 11 has an invalid interface number: 95 but max is 0
[ 1453.039781][    T9] usb 4-1: config 11 has no interface number 0
[ 1453.060829][    T9] usb 4-1: config 11 interface 95 altsetting 64 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1453.108587][    T9] usb 4-1: config 11 interface 95 altsetting 64 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1453.146279][    T9] usb 4-1: config 11 interface 95 altsetting 64 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1453.177389][    T9] usb 4-1: config 11 interface 95 has no altsetting 0
[ 1453.203112][    T9] usb 4-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[ 1453.221252][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1453.247589][    T9] usb 4-1: Product: syz
[ 1453.259709][    T9] usb 4-1: Manufacturer: syz
[ 1453.276230][    T9] usb 4-1: SerialNumber: syz
[ 1453.379451][ T5972] usb 6-1: USB disconnect, device number 23
[ 1453.541385][    T9] usbtouchscreen 4-1:11.95: probe with driver usbtouchscreen failed with error -90
[ 1453.591710][    T9] usb 4-1: USB disconnect, device number 41
[ 1453.697264][T19174] xt_CT: No such helper "syz0"
[ 1453.754201][T13508] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1453.774812][T13508] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1453.783831][T13508] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1453.792856][T13508] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1453.803135][T13508] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1453.890933][T19179] wg1 speed is unknown, defaulting to 1000
[ 1454.002973][   T12] bridge_slave_1: left allmulticast mode
[ 1454.027265][   T12] bridge_slave_1: left promiscuous mode
[ 1454.050022][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1454.230184][   T12] bridge_slave_0: left allmulticast mode
[ 1454.257084][   T12] bridge_slave_0: left promiscuous mode
[ 1454.289433][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1454.652997][T19201] netlink: 'syz.3.3369': attribute type 3 has an invalid length.
[ 1454.957864][   T30] audit: type=1400 audit(1752394297.814:367): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=19204 comm="syz.3.3371" daddr=::ffff:224.0.0.2 dest=20003
[ 1455.680865][T19215] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3373'.
[ 1455.693786][T19215] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3373'.
[ 1455.705761][T19215] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3373'.
[ 1455.864563][T16698] Bluetooth: hci4: command tx timeout
[ 1456.155115][   T12] bond0 (unregistering): Released all slaves
[ 1456.287684][   T12] bond1 (unregistering): Released all slaves
[ 1456.341366][T19205] hsr0: entered promiscuous mode
[ 1456.348208][T19205] macvtap1: entered promiscuous mode
[ 1456.355465][T19205] macvtap1: entered allmulticast mode
[ 1456.391041][T19205] hsr0: entered allmulticast mode
[ 1456.398504][T19205] hsr_slave_0: entered allmulticast mode
[ 1456.410970][T19205] hsr_slave_1: entered allmulticast mode
[ 1456.520721][T19205] hsr0: left allmulticast mode
[ 1456.532985][T19205] hsr_slave_0: left allmulticast mode
[ 1456.550171][T19205] hsr_slave_1: left allmulticast mode
[ 1456.579121][T19217] 8021q: VLANs not supported on ipvlan0
[ 1456.700008][   T12] tipc: Disabling bearer <udp:syz0>
[ 1456.716074][   T12] tipc: Left network mode
[ 1457.327656][   T30] audit: type=1400 audit(1752394300.184:368): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=19228 comm="syz.1.3378" daddr=::ffff:172.20.20.170 dest=20004
[ 1457.383929][T19239] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1458.078955][T16698] Bluetooth: hci4: command tx timeout
[ 1458.203334][    C1] hrtimer: interrupt took 55468 ns
[ 1459.047689][T19262] 9pnet_fd: Insufficient options for proto=fd
[ 1459.060416][T19262] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3385'.
[ 1459.078585][T19242] wg1 speed is unknown, defaulting to 1000
[ 1459.087881][T19179] chnl_net:caif_netlink_parms(): no params data found
[ 1460.150916][T16698] Bluetooth: hci4: command tx timeout
[ 1461.323696][ T6011] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1461.363106][ T6011] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1461.373284][   T12] hsr_slave_0: left promiscuous mode
[ 1461.407080][   T12] hsr_slave_1: left promiscuous mode
[ 1461.417535][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1461.433722][   T12] batman_adv: batadv0: Interface deactivated: dummy0
[ 1461.453409][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1461.463268][   T12] batman_adv: batadv0: Removing interface: dummy0
[ 1461.497450][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1461.506259][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1461.528777][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1461.536851][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1461.571319][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1461.594068][T18435] ------------[ cut here ]------------
[ 1461.600090][T18435] WARNING: CPU: 0 PID: 18435 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3ca/0x440
[ 1461.610251][T18435] Modules linked in:
[ 1461.614636][T18435] CPU: 0 UID: 0 PID: 18435 Comm: kworker/u8:6 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[ 1461.626985][T18435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1461.637777][T18435] Workqueue: cfg80211 cfg80211_event_work
[ 1461.644451][T18435] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440
[ 1461.650668][T18435] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 48 d8 a2 00 cc e8 32 f7 f7 f6 90 0f 0b 90 eb bd e8 27 f7 f7 f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 17 f7 f7 f6 90 0f 0b 90 e9 de fd
[ 1461.671113][T18435] RSP: 0018:ffffc90003aaf8e0 EFLAGS: 00010293
[ 1461.677546][T18435] RAX: ffffffff8ac83b29 RBX: dffffc0000000000 RCX: ffff888076798000
[ 1461.685903][T18435] RDX: 0000000000000000 RSI: ffffffff8d985441 RDI: ffffffff8be1ca00
[ 1461.694344][T18435] RBP: ffffc90003aaf9b8 R08: ffffffff8fa0cbf7 R09: 1ffffffff1f4197e
[ 1461.702377][T18435] R10: dffffc0000000000 R11: fffffbfff1f4197f R12: ffff8880320c4d90
[ 1461.710610][T18435] R13: 1ffff92000755f24 R14: ffff88802499b338 R15: 0000000000000006
[ 1461.718900][T18435] FS:  0000000000000000(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000
[ 1461.728136][T18435] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1461.734777][T18435] CR2: 00007f309399af98 CR3: 000000004c956000 CR4: 00000000003526f0
[ 1461.742790][T18435] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1461.751351][T18435] DR3: 000000000000000c DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1461.759941][T18435] Call Trace:
[ 1461.763267][T18435]  <TASK>
[ 1461.766281][T18435]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1461.771526][T18435]  ? __pfx___cfg80211_ibss_joined+0x10/0x10
[ 1461.777623][T18435]  ? cfg80211_event_work+0x24/0x60
[ 1461.782778][T18435]  ? __pfx___mutex_lock+0x10/0x10
[ 1461.787912][T18435]  cfg80211_process_wdev_events+0x38a/0x4f0
[ 1461.793910][T18435]  cfg80211_process_rdev_events+0xa1/0x110
[ 1461.799765][T18435]  cfg80211_event_work+0x2c/0x60
[ 1461.804787][T18435]  ? process_scheduled_works+0x9ef/0x17b0
[ 1461.810527][T18435]  process_scheduled_works+0xade/0x17b0
[ 1461.816163][T18435]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1461.822200][T18435]  worker_thread+0x8a0/0xda0
[ 1461.826858][T18435]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1461.833237][T18435]  ? __kthread_parkme+0x7b/0x200
[ 1461.838262][T18435]  kthread+0x711/0x8a0
[ 1461.842376][T18435]  ? __pfx_worker_thread+0x10/0x10
[ 1461.847548][T18435]  ? __pfx_kthread+0x10/0x10
[ 1461.852627][T18435]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1461.858359][T18435]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1461.863684][T18435]  ? __pfx_kthread+0x10/0x10
[ 1461.868334][T18435]  ret_from_fork+0x3fc/0x770
[ 1461.872948][T18435]  ? __pfx_ret_from_fork+0x10/0x10
[ 1461.873534][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1461.878105][T18435]  ? __switch_to_asm+0x39/0x70
[ 1461.890043][T18435]  ? __switch_to_asm+0x33/0x70
[ 1461.894874][T18435]  ? __pfx_kthread+0x10/0x10
[ 1461.899503][T18435]  ret_from_fork_asm+0x1a/0x30
[ 1461.904323][T18435]  </TASK>
[ 1461.907372][T18435] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1461.914664][T18435] CPU: 0 UID: 0 PID: 18435 Comm: kworker/u8:6 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[ 1461.926928][T18435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1461.936997][T18435] Workqueue: cfg80211 cfg80211_event_work
[ 1461.942730][T18435] Call Trace:
[ 1461.946026][T18435]  <TASK>
[ 1461.948959][T18435]  dump_stack_lvl+0x99/0x250
[ 1461.953561][T18435]  ? __asan_memcpy+0x40/0x70
[ 1461.958161][T18435]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1461.963397][T18435]  ? __pfx__printk+0x10/0x10
[ 1461.968044][T18435]  panic+0x2db/0x790
[ 1461.971969][T18435]  ? __pfx_panic+0x10/0x10
[ 1461.976478][T18435]  ? show_trace_log_lvl+0x4fb/0x550
[ 1461.981698][T18435]  ? ret_from_fork_asm+0x1a/0x30
[ 1461.986658][T18435]  __warn+0x31b/0x4b0
[ 1461.990650][T18435]  ? __cfg80211_ibss_joined+0x3ca/0x440
[ 1461.996231][T18435]  ? __cfg80211_ibss_joined+0x3ca/0x440
[ 1462.001796][T18435]  report_bug+0x2be/0x4f0
[ 1462.006140][T18435]  ? __cfg80211_ibss_joined+0x3ca/0x440
[ 1462.011703][T18435]  ? __cfg80211_ibss_joined+0x3ca/0x440
[ 1462.017265][T18435]  ? __cfg80211_ibss_joined+0x3cc/0x440
[ 1462.022835][T18435]  handle_bug+0x84/0x160
[ 1462.027090][T18435]  exc_invalid_op+0x1a/0x50
[ 1462.031599][T18435]  asm_exc_invalid_op+0x1a/0x20
[ 1462.036454][T18435] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440
[ 1462.042630][T18435] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 48 d8 a2 00 cc e8 32 f7 f7 f6 90 0f 0b 90 eb bd e8 27 f7 f7 f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 17 f7 f7 f6 90 0f 0b 90 e9 de fd
[ 1462.062256][T18435] RSP: 0018:ffffc90003aaf8e0 EFLAGS: 00010293
[ 1462.068354][T18435] RAX: ffffffff8ac83b29 RBX: dffffc0000000000 RCX: ffff888076798000
[ 1462.076372][T18435] RDX: 0000000000000000 RSI: ffffffff8d985441 RDI: ffffffff8be1ca00
[ 1462.084360][T18435] RBP: ffffc90003aaf9b8 R08: ffffffff8fa0cbf7 R09: 1ffffffff1f4197e
[ 1462.092346][T18435] R10: dffffc0000000000 R11: fffffbfff1f4197f R12: ffff8880320c4d90
[ 1462.100343][T18435] R13: 1ffff92000755f24 R14: ffff88802499b338 R15: 0000000000000006
[ 1462.108334][T18435]  ? __cfg80211_ibss_joined+0x3c9/0x440
[ 1462.113915][T18435]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1462.119136][T18435]  ? __pfx___cfg80211_ibss_joined+0x10/0x10
[ 1462.125046][T18435]  ? cfg80211_event_work+0x24/0x60
[ 1462.130173][T18435]  ? __pfx___mutex_lock+0x10/0x10
[ 1462.135226][T18435]  cfg80211_process_wdev_events+0x38a/0x4f0
[ 1462.141167][T18435]  cfg80211_process_rdev_events+0xa1/0x110
[ 1462.146993][T18435]  cfg80211_event_work+0x2c/0x60
[ 1462.151937][T18435]  ? process_scheduled_works+0x9ef/0x17b0
[ 1462.157668][T18435]  process_scheduled_works+0xade/0x17b0
[ 1462.163254][T18435]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1462.169273][T18435]  worker_thread+0x8a0/0xda0
[ 1462.173875][T18435]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1462.180228][T18435]  ? __kthread_parkme+0x7b/0x200
[ 1462.185190][T18435]  kthread+0x711/0x8a0
[ 1462.189278][T18435]  ? __pfx_worker_thread+0x10/0x10
[ 1462.194406][T18435]  ? __pfx_kthread+0x10/0x10
[ 1462.199027][T18435]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1462.204259][T18435]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1462.209473][T18435]  ? __pfx_kthread+0x10/0x10
[ 1462.214083][T18435]  ret_from_fork+0x3fc/0x770
[ 1462.218738][T18435]  ? __pfx_ret_from_fork+0x10/0x10
[ 1462.223882][T18435]  ? __switch_to_asm+0x39/0x70
[ 1462.228667][T18435]  ? __switch_to_asm+0x33/0x70
[ 1462.233450][T18435]  ? __pfx_kthread+0x10/0x10
[ 1462.238069][T18435]  ret_from_fork_asm+0x1a/0x30
[ 1462.242864][T18435]  </TASK>
[ 1462.246367][T18435] Kernel Offset: disabled
[ 1462.250735][T18435] Rebooting in 86400 seconds..