last executing test programs:

7m58.82808508s ago: executing program 2 (id=2766):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
read(r0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_MOVE(r0, 0xc028aa05, &(0x7f00000000c0)={&(0x7f0000839000/0x1000)=nil, &(0x7f0000c76000/0x1000)=nil, 0x1000, 0x400000000000000})

7m58.666669327s ago: executing program 2 (id=2767):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x22882, 0x0)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080)="290000001e00190f00003fffffffda060200000000", 0x15}], 0x1)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000e40)='\b', 0x17ff}], 0x5)

7m58.484804374s ago: executing program 2 (id=2772):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x4780, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x58e80, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4)
syz_emit_ethernet(0x46, &(0x7f0000001fc0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "108114", 0x10, 0x11, 0x0, @empty, @mcast2, {[], {0x4000, 0xe22, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0x5}}}}}}}}, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r2 = io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0x3b6})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)

7m58.303565192s ago: executing program 2 (id=2775):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="180100000000010002000000fcffff7f00002c0000000000"], 0x18}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=@framed={{}, [@jmp={0x5, 0x1, 0xa}]}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001b61e308d016a91052300102030109021b0001000000000904000001ff7f8800090503"], 0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="03070000b500000000000000feefffff"], 0xc8)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r3 = fanotify_init(0x200, 0x0)
fanotify_mark(r3, 0x1, 0x40000011, r2, 0x0)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="70010000120001"], 0x170}}, 0x20044840)
splice(r4, 0x0, r2, 0x0, 0x7ffff000, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff)
r6 = openat$panthor(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$DRM_IOCTL_PANTHOR_TILER_HEAP_DESTROY(r6, 0xc008644c, &(0x7f0000000200))
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
syz_emit_ethernet(0x3b6, &(0x7f0000000440)={@random='a_\x00', @link_local={0x17, 0x80, 0xc2, 0x2, 0x9, 0x3}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "001958", 0x380, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x18}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0xa, 0x6, 0x0, 0x80000000, [{0x3, 0xa, "a78ce5400659808000000003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42c60a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000000000026000400"}, {0x4, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a6ac0df33a01e1b773d9be105737a0527f75b655a6653d036397a0acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5"}, {0x6, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a000023f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x18, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743474671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68f2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "fcd1876deaf8e9264e6fa3ce2dff9281c9fe68a3000000006f0000044e43e740e077e1d16212fb00"/55}, {0xe, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1eb91a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d96967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c000000000000000000"}, {0x1f, 0x5, "090000000900000036da018dff16e70b8b1400000000e18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYRES8=r6, @ANYRES16=r5, @ANYBLOB="010029bd7000fedbdf25170000004800068008000600000000003c0004"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x4040800)
syz_emit_ethernet(0x52, &(0x7f0000000800)=ANY=[@ANYBLOB="aaaaaaaaaa2a0180c200000086dd60000000001c0600fe8000000000000000000000090000aafe8000001b000000001c0000000000aa0000400190f3821009758eabdfa597b6bbb7a6f4396f60dbe363824555c65e7c6d7a29d5ce177b8a9b77337f857df7d5e2bc532a2c9a25709da62e84a6b4a54500e2b6bce509f459bf9abae71a64db146653c8f6f249cdda94a7d3a612beefb652116c99bf7a00"/172, @ANYRES32=0x41424344, @ANYRESOCT=r8, @ANYRES64=0x0], 0x0)

7m55.180870896s ago: executing program 2 (id=2796):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x4780, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x58e80, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4)
syz_emit_ethernet(0x46, &(0x7f0000001fc0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "108114", 0x10, 0x11, 0x0, @empty, @mcast2, {[], {0x4000, 0xe22, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0x5}}}}}}}}, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r2 = io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0x3b6})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)

7m54.797598502s ago: executing program 2 (id=2800):
syz_usb_connect(0x3, 0x62, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d2406010103020001000600060924030505030605810924030601030405050724040501"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x3, &(0x7f00000000c0)=[{0x48, 0x37, 0x0, 0x1}, {0x28, 0x2, 0xf7, 0xfffff038}, {0x6, 0x6, 0x0, 0x57c}]}, 0x10)
write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x9ffc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0, 0x0)
mkdirat(r2, &(0x7f0000000040)='./file1\x00', 0x40)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)
syz_usb_connect$midi(0x6, 0x5f, &(0x7f00000003c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xff, 0x1430, 0x474b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4d, 0x1, 0x1, 0x5, 0x80, 0x0, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x3, 0x30, 0xaf, [@midi_out_jack={0xb, 0x24, 0x3, 0x3, 0x5, 0x2, [{0xe, 0x4}, {0xe, 0x6a}], 0x6}, @midi_in_jack={0x6, 0x24, 0x2, 0x2, 0xd5, 0xe4}, @ms_header={0x7, 0x24, 0x1, 0x4000, 0x7}, @ms_header={0x7, 0x24, 0x1, 0x8, 0x7}, @midi_out_jack={0x15, 0x24, 0x3, 0x3, 0x40, 0x7, [{0x6, 0xc}, {0x2, 0x6}, {0x6, 0x2}, {0x4, 0xc}, {0x6, 0x6}, {0x7, 0x2}, {0x6, 0xe}], 0x80}, @ms_header={0x7, 0x24, 0x1, 0x5, 0x7}]}}}}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x71635959cda67b4a, 0x23, 0x3, 0x9, 0xaf, 0x9e}, 0x73, &(0x7f00000000c0)={0x5, 0xf, 0x73, 0x6, [@ssp_cap={0x20, 0x10, 0xa, 0x8, 0x5, 0x5, 0xf00, 0x2, [0x3fc7, 0xff0000, 0x0, 0x3f, 0xff0000]}, @wireless={0xb, 0x10, 0x1, 0xc, 0x1c, 0x88, 0x1, 0x3, 0x9}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "eb6712db0bb83f513023bfa7dcce437f"}, @ptm_cap={0x3}, @ssp_cap={0x10, 0x10, 0xa, 0x7f, 0x1, 0x430, 0xf00, 0x3, [0x3f30]}, @ssp_cap={0x1c, 0x10, 0xa, 0x80, 0x4, 0x9b74, 0x780, 0x1, [0xff0000, 0xffff30, 0xc0c0, 0xff3fcf]}]}, 0x1, [{0x102, &(0x7f00000001c0)=@string={0x102, 0x3, "0db6d3b1751ce7575b052acad9c2feec7886a6d9823a88c060535e526cbbcda87ea4ea4f503e94659bd2ecbf8a68bc4a4993550793e67cf25743f1fe98a394246c63c353b02355b5474d0565d4e6063e453013340e81d3d36a3885cace7bac9fccfee358e2607f6f654e9919659635ace4a4d5fcfcf4525ae17e964347c34f185ed03f34c291d29bfc41fb21ca2957441caa21545dd4fc593c463a1afb8cbde43eda26a73a654eeec7ccab997623192d27b4cea7dafe4c3e66c1a135fb994e54acbdf97bd2e4e121bbf080792dcd9f384e0f675faf4344d1d55f6ed2732971ed51c6d2aba07ab5866c7ecd9a252ab667f1ba31050106437b3435a83b457ddf1a"}}]})
socket$inet_tcp(0x2, 0x1, 0x0)

7m54.222086058s ago: executing program 32 (id=2800):
syz_usb_connect(0x3, 0x62, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d2406010103020001000600060924030505030605810924030601030405050724040501"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x3, &(0x7f00000000c0)=[{0x48, 0x37, 0x0, 0x1}, {0x28, 0x2, 0xf7, 0xfffff038}, {0x6, 0x6, 0x0, 0x57c}]}, 0x10)
write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x9ffc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0, 0x0)
mkdirat(r2, &(0x7f0000000040)='./file1\x00', 0x40)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)
syz_usb_connect$midi(0x6, 0x5f, &(0x7f00000003c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xff, 0x1430, 0x474b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4d, 0x1, 0x1, 0x5, 0x80, 0x0, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x3, 0x30, 0xaf, [@midi_out_jack={0xb, 0x24, 0x3, 0x3, 0x5, 0x2, [{0xe, 0x4}, {0xe, 0x6a}], 0x6}, @midi_in_jack={0x6, 0x24, 0x2, 0x2, 0xd5, 0xe4}, @ms_header={0x7, 0x24, 0x1, 0x4000, 0x7}, @ms_header={0x7, 0x24, 0x1, 0x8, 0x7}, @midi_out_jack={0x15, 0x24, 0x3, 0x3, 0x40, 0x7, [{0x6, 0xc}, {0x2, 0x6}, {0x6, 0x2}, {0x4, 0xc}, {0x6, 0x6}, {0x7, 0x2}, {0x6, 0xe}], 0x80}, @ms_header={0x7, 0x24, 0x1, 0x5, 0x7}]}}}}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x71635959cda67b4a, 0x23, 0x3, 0x9, 0xaf, 0x9e}, 0x73, &(0x7f00000000c0)={0x5, 0xf, 0x73, 0x6, [@ssp_cap={0x20, 0x10, 0xa, 0x8, 0x5, 0x5, 0xf00, 0x2, [0x3fc7, 0xff0000, 0x0, 0x3f, 0xff0000]}, @wireless={0xb, 0x10, 0x1, 0xc, 0x1c, 0x88, 0x1, 0x3, 0x9}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "eb6712db0bb83f513023bfa7dcce437f"}, @ptm_cap={0x3}, @ssp_cap={0x10, 0x10, 0xa, 0x7f, 0x1, 0x430, 0xf00, 0x3, [0x3f30]}, @ssp_cap={0x1c, 0x10, 0xa, 0x80, 0x4, 0x9b74, 0x780, 0x1, [0xff0000, 0xffff30, 0xc0c0, 0xff3fcf]}]}, 0x1, [{0x102, &(0x7f00000001c0)=@string={0x102, 0x3, "0db6d3b1751ce7575b052acad9c2feec7886a6d9823a88c060535e526cbbcda87ea4ea4f503e94659bd2ecbf8a68bc4a4993550793e67cf25743f1fe98a394246c63c353b02355b5474d0565d4e6063e453013340e81d3d36a3885cace7bac9fccfee358e2607f6f654e9919659635ace4a4d5fcfcf4525ae17e964347c34f185ed03f34c291d29bfc41fb21ca2957441caa21545dd4fc593c463a1afb8cbde43eda26a73a654eeec7ccab997623192d27b4cea7dafe4c3e66c1a135fb994e54acbdf97bd2e4e121bbf080792dcd9f384e0f675faf4344d1d55f6ed2732971ed51c6d2aba07ab5866c7ecd9a252ab667f1ba31050106437b3435a83b457ddf1a"}}]})
socket$inet_tcp(0x2, 0x1, 0x0)

3.407326911s ago: executing program 4 (id=5369):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req={0xf54a, 0x9, 0x7ff, 0xf8}, 0x10)
r1 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000040)={<r2=>0x0, 0xd}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={r2, 0x5}, &(0x7f0000000100)=0x8)
syz_usb_connect$cdc_ncm(0x5, 0x15d, &(0x7f0000000140)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x14b, 0x2, 0x1, 0x5, 0x10, 0x7, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "9129f0f1"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0xeb2, 0x9, 0xfff, 0x9}, {0x6, 0x24, 0x1a, 0x9, 0x24}, [@mdlm={0x15, 0x24, 0x12, 0xf09}, @mdlm={0x15, 0x24, 0x12, 0xfe}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x9}, @mdlm_detail={0xb0, 0x24, 0x13, 0x20, "bf95112f9b7a064c29313458ec08a2a39ee29d4852003ba439bfc43ac266a639d785a37bde3d1ac4c8a9a2be66fae9c1bf7920cfd7ab5a72fa1e98907e187d6f967e95efe8135795be8d82b71471c99f69f598f727196790e26e87df98e1e40859d37ec1cce19299629da14e83c42a16a1a8630c9ba7d1f07ad2af269eab7e19b0ebc331ed4c7a31d0f34249f70d54634adb5a2463bb5fabce25d07043b2d3e3e2855d043125dc556b94eb1e"}, @dmm={0x7, 0x24, 0x14, 0xfffc, 0x2}, @obex={0x5, 0x24, 0x15, 0x9}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x9a, 0x7, 0x1}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x1, 0xfa, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x3, 0x4, 0x2f}}}}}}}]}}, &(0x7f00000004c0)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x201, 0x7, 0xdb, 0x8, 0x8, 0x8}, 0x5, &(0x7f0000000300)={0x5, 0xf, 0x5}, 0x4, [{0xbc, &(0x7f0000000340)=@string={0xbc, 0x3, "9543a0918b9e67584eabe1d0d45466865e19b34bcf5ff912ab1041c21d700126e1c16a818511bf8021143254a5d2733a87cc8dad3416f03bc7a527b2439d41474a4b59a09f4de421d1e371befc35f2c3592c20bda32f8e2fc2b4ef60dd152d3df5f4d81e0521b3e68269acb0ace9b29c2ddda04f569d405cc196575026620a54b43b9136ab612ffa46c4b6c0bf455129da0becce88bf76f7b2af7f158797e84c4eed9d03a40731641e5e79464513f9d5c145589863738f591eee"}}, {0x1d, &(0x7f0000000400)=@string={0x1d, 0x3, "63c5296755d1ebb462608dc2566349932ec2aeb61a94ebf74c8fc8"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x437}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x440a}}]})
ioctl$DRM_IOCTL_PANTHOR_BO_MMAP_OFFSET(r1, 0xc0106446, &(0x7f0000000540))
connect$inet(r1, &(0x7f0000000580)={0x2, 0x4e22, @local}, 0x10)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f00000005c0)={0x9, 0x10001, 0xfff, 0x4, 0x9, 0xfffffffc})
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000640)={0x3}, 0x1)
sendmsg$xdp(r1, &(0x7f0000000980)={&(0x7f0000000680)={0x2c, 0x6, 0x0, 0x3a}, 0x10, &(0x7f0000000940)=[{&(0x7f00000006c0)="fe6a3d2ea1c70ef67d0a45ee95677529263abead41a3359943eb0a2923fbdbd85e185d6194d4ee05228e77eccb119f849ffae736bd86f8cc074dee68381eb1988f4a39875cf0e216a8a274bd97f2157e9929a9c1f0c916980c49da2fefe5883de22dea4f6704e742abbb2eca54d63ab818ca90d048ea2e48018deac305126b15362fc5338eef018f37af665c39212048263abf3de605f25208970fb07f2cd8c13d226e78b80c89c53ed702e72382fd6841330cae211e4312332b56915982987056102f7791160d9daf573be12b726c81794fee0002280cb335", 0xd9}, {&(0x7f00000007c0)="91bef0abe1ac5213d26d474f8110cf8e9b176e40bc7c8ece255272718fbd3f2fd6a9771ddf445a809c866dc1f4ea805c1b32b02d2ea43db16928939ba4b220362a5d0d9ddc6ad700f58cee8f3ae338ef4af5df4d975a4e4f24ee000ec2c5bd051c8ec68ee47c101574b37bd0ea0c6f", 0x6f}, {&(0x7f0000000840)="885d483c34ec248ace8366ff40b41a59896dcebf8bb315a504a8cfb7ab0a2a36aa3efda2733b784210d410347ba4c20685bacd9f61791d97d7cb4ca6941b282470e55c7b42be09503459289a22f6b6570f7acb17ba44a1ac2f59a8da83c313dfb99b18a16b02a77bba3fdfd3c2fa33b24adf46f830e15d491c1879132f648f5feed2e21fe80ee0a9a5af142f30dc7aca48eade8f8de7e1820c92ae943c64508dc1b97865873c0f154ead4850ca2c6da2b2c3665513cbfc1d2c7be0", 0xbb}, {&(0x7f0000000900)="eddd2bb2901775ec222d3032eb0b81c1b7165a1189b37e6810ab5202c733837e78666056ff4e73b004a37c72c0602701b2a9e18686fff942a8e231eeeef988bc", 0x40}], 0x4, 0x0, 0x0, 0x40891}, 0x8004000)
ioctl$DRM_IOCTL_SET_UNIQUE(r1, 0x40106410, &(0x7f0000000a00)={0x8, &(0x7f00000009c0)="575a030710674732"})
r3 = accept$inet6(r1, &(0x7f0000000a40)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000a80)=0x1c)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000ac0)=0x10b000, 0x4)
ioctl(r1, 0x4, &(0x7f0000000b00)="a89b1d9cc902f0d2078ebd66fb0e9e17d06d6b63aad7c978cb8b921ea563d63576fb752502a75376fde139dc5e7a8b69fd9a126f249dcd74edd4d51429bd44bb90294ffedbe7de404998db8d854a37edaf6b0af3f7730435e940305fa637ceadc2864e81c3bf8f070230cae08927edac342497")
ioctl$PTP_SYS_OFFSET_EXTENDED(r1, 0xc4c03d09, &(0x7f0000000b80)={0xd})
connect$pptp(r1, &(0x7f0000001040)={0x18, 0x2, {0x0, @empty}}, 0x1e)
r4 = syz_clone(0x80000, &(0x7f0000001080)="148932d2e48f3c2f8c1acac0e4c2b2ee77c22a0437d4fd47ce25feade21832292d5f197f8c625945da792cccc92cc4e553a663a5aa28f511750af7208d3cd47def6fa0c5cb4ad37ae54eec89dc5d88c236053c648228297d6fcddc3b5072137238a4683028ee4f136014f24e8d34a953da1a3f3c3e69141762ce9a76b3601e552838030c51e60fa357dec43a7fff59e6e0d2a044655cc7313b6177817141c10c15dd87dee26e201c2d7defad81589b4ac5679f47ea85bb04d7bb6147456ba0fa4b51ec2754617e0658a973d69b5d0db15930a0abcd6fb0a7dfdf10ba0367767c0f7663", 0xe3, &(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000001200)="af0e1c513ef3a3fe238aa78a8e715b6cf93a4e4dbc5c65cae450f316dfc93cc19734fd006e163c9096a4a1a8bf07bd6d6178264b819cd80dff0176a86d487f504a9659822c5b7e937f2cad8c2f9106d6b89bda54cd7bd5a56bd9a55ce7530a2700640380dcfa337f6b68d4937b8c15f95a25d693091aa71d49fe8ca739365ba9c9fc79ca116d039621e031d6fd803a8e5bf4efd41d933ab85c317543444e")
signalfd(r3, &(0x7f00000012c0)={[0xffff]}, 0x8)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001300)='/sys/kernel/profiling', 0x90000, 0x110)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f0000001340)=@assoc_value={r2, 0x2}, &(0x7f0000001380)=0x8)
ioctl$SG_GET_KEEP_ORPHAN(r1, 0x2288, &(0x7f00000013c0))
syz_open_procfs(r4, &(0x7f0000001400)='net/fib_trie\x00')
r6 = syz_open_dev$swradio(&(0x7f0000003480), 0x0, 0x2)
ioctl$VIDIOC_QUERY_EXT_CTRL(r6, 0xc0e85667, &(0x7f00000034c0)={0xa0000000, 0x274, "6fbedbc3f84bc90a6c203e6ccbae319c8b12596330afc137884eeb9f13f8b6c0", 0x8000000000000000, 0x8000000000000001, 0x3, 0x7, 0x6, 0xfa, 0x6, 0x8, [0x9, 0x7, 0x8, 0x8]})

3.06417322s ago: executing program 0 (id=5374):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000002ec0)='./binderfs/binder-control\x00', 0x2, 0x0)
ioctl$BINDER_CTL_ADD(r1, 0xc1086201, &(0x7f0000002f00)={'binder1\x00'})
socket$kcm(0xa, 0x3, 0x87)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000030400000000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="20000000100000001c001280090001006970697027d6fc6015b652eea28f3b"], 0x3c}}, 0x20000000)
write$tun(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003088700fe88a43de1a400000000000000007d01ff0200"], 0xfdef)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000180)=0x1, 0x4)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000002000010327bd7000ffdbdf250a00000000000099d7000000080006"], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[], 0x28}}, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f0000000640)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r4=>0x0}], 0x4, "ec314bd5c5c99c"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0xd000943e, &(0x7f0000001640)={0x0, r4, "9eced63a86018005c028f1a49eabce4900318a7de7877eed4ef3f971e9994e17fc42e77a2d264359f614ceed4ba777189d5da6ae4f2bf4c28784a2544d3beffe7593d48f92212ebeaa5ead0f44223a7eb31ded740568a60355302a7a077713feb51e77ed8a1be4cf60af8554ff9d2b4e8e580f35d50983b23e20332d8fe11437edc086664cdee2051779f096cf1f8442134a728d19c5553c5d03cd85dd8c4bc3e86e59f356f96b68d25d44b6b367bcddce646978201405bedb5f37e84f46510bc34f94c5598fca55e9d72a5b805ec68a1fe8137b8c13a777dad6013a54712f2626523b7242b374d0ffef4319efd22c7ce4a49c502297532e557eb736d8224e59", "cfe340a7fabcee87c865e5b8c0c6eafe81cbb4136454bea995d3a69be1e56f80fb45293c08f1b2cb92010ac923f7673e88e9d16cb2a60dedb8686554b7ccdb743666584e438b539ae88f7d31ca1f1c68f116545e9e0adb849111179c162cb87414fb292a098a001a8b45d32142bc2792af33c53c84c1495f2fbc7c89fbd38ce70fbca5fcc22b03e67b072fd479100d5075865d49f161ba3cd287b7aefb30ed068df5a257d6e30ac699e6f967ca59a4ed13fe87cc53a0d2377b9d79c35f714a5a879de427c89421d29458a88bce7522ae592e25fe670eab682e6a21b99a62f41aaee891146290fceafb6510f8aaf4f0b7b3b5a163071fec8eed07e94b029792ad3c0aa47a2fe6d76ce83835016c8b29ea89645bd836a3840e8bc81863f56a0057a2bceb2b782e15f4ee430e4a2d19a10d265aaa79fbf20a3583fcf18045d3c0b6f44bd1456d87ebafad10db3e79429f3a3b2297a3230954ef0ab7da09d099f556eff2975a1fc6fb80233de0619c48b7365c9c7a1779fd8372042594eb1e84a3a2bfd5771e33999037abd7339527587a3b373bb0688447cd5734b6f62d4a0ce49ce397b51cf4500fca80f4c13661191d620bf59ca5ad060d85ce11f9f81ce8d092772fe3562c0225263619c8c852b880802f91219766e8c84f61756de0798efb88fa37112b15e1ff41384eee63cde5d58234733dcd71665d82c788b1d3e0184de30dac210a366464a34154c3c71a67010bcd511062558f1ec0bc2e8a40c4bc1fee44192eb1c10ecedf8fe98ea283de7e7ce4b56463064f3050486073347080541450dace7a79ea35232555296e64e96f10d88b9fff9aec3e2288d05e342649d56f1e7bca916012901c55ef709bcfba977621a306fbaedd6f9154c9d9c2460cc8b27b85d883082bc816740eeeb7e385c32c8c904229c5408648a0102ceb6202cdb1a18f89f4f3d7e1b5e6b2e8c14c6675d6b337f55326d0d4a0dc9890d863198d325d3520a630ae2198cba1333cb5447a80c53d6b6718766255e2b3a2c49cdea0903cd48de4c269cf4356904ae6f187df710f5781038dd01dd1c9f0fcea93baec6278d7cb14b07c2df768c1ef7b2d850561e2957874aa089ce040bb18233864c288a9b278d8f77761b21964b958b6e76a791d6a1796c06c77fc4ab0a3280578f92c6476cac7f302392bb559581d29603707caf13dd69a6679222a0fa12b05f796ac1b7d06cfe67258265bbdd2cbc04f345ed379530135e4201be56d536505d0113a330dcf7e2ac4d15ed5621407dbe81aef0d25ffd37513614b12658f348ba33cb7775dd5b0b0b1f034587b4fa52d023d09d43833adfd48c7eb6dc1bbb85b42bd64c94a92141a2151f8debdf92d201a50eaced84d99a3b42126be5f8d51c058e63a553d5c9e00a8ad0d2d1648ca1d171ad7cbed3d122b90c003fa4dbe94f3d524c208c47375539c9b9ec68a265e03b11df858147d781bbd02fb0962ba0c64fe177d91c6eca577d02ed2f909846adcb9e5f11acb4adec1c0c6c328864533e7b16f64b02e952c77bfaeaf4b3914710edafb2da0a2443c2d518501b4672d3935774444b4ebfb743afe09bb77eed6bb93070264fd2be05c5e04331454e5fe9687df3d7877022b150f03c4af057310d744844cf6ef9770d5cd5a151abe4897848730fd6ac9dca078beab3686a03bd3f31dfbb41443175d709defd37805b7af75ee02715b859eca93bf8e641cdbdd5c8a72f3b9df08cf4641f28ab3a5c2b77f403ae8cdcb70a65b56c46bca9535ad1770d6838472cb986621df87f14d1e5901aacdebc8bb6755e130ea0c45a6b5e20f0bfb68acd7fafe189946283c783657638a7791e37a2e78baad273d56ce9d3c9e6f51df7eddbafd2d041bd92511869cce21497d4921c6a7af0c4790031c54726d36bac6237ebb323122fd9491779f4723a72cfa3d73056bb7f5b95b49edc3a3e35bbe3bd927da2c60a67cd6de4a768f120f20558fac177504d7d3c0b74c790e3eb47ef1595be28f98eb8186000f60a99c16503db0b16cb95e64d80786cb741766c0e4be38c75c07b23ade37ce61964167d9eab4a8d09149e643e3f5152e35d78370c5236145d5d99fff78e0aa49892e43625a842dececd74e7006c3e88807d6be5b2854d7daf16f7ad16925b6ddfac4e1a314123bfcd0a14817d2cfbc4ac96dfe2eac0af49cf49a03df78b1f7b267719a6a4db8cd75228c1332bb97201b35308583a4c87cb2527b115e624863152d2a8d5fc73719d31a169c2eadc9e65227ce66eb386355150f03badb9d0794fe6a1207600cde892c422fa885be98335702c6a5275949f2958882e4d2b3bb56524f7db04759d6b86aedc6d2d776aaa9d853fbf9efc80547aa776154c5979a83dfd3be422666ed560a8978bb0fab2f354b48741aaaf04b6b5154b1f58cb55d093a32a2509b372903ecb2587bec39e8f245506cfcfae0ed18a5fc71a64547160a6a14336e0a4f039bd94700eeaf033c90afbd9a0687e6a77a1c845cad1bcb1bdea6d09f5a458b26bfa1b691e8387ca0ac5718ceb7ff9ec9277e132d11e506a647c10178e3ed311e65793bbe2dc26dddced290c4fc0d5d0697d54568ce05bc6e3ce3d2b570bf6c7193ec58aed2d6c92cdd98c2459b64e34caae46c81387bb69e1705ac297933d6001ebc6af034a4e8e2ae4ae0791e02c9b8b6832a5bc9eeaefb1069ae65501db93dc4200e42300b0f0a89f38eeeec0127d7b473671bcbeeb09cbb2f74221c436c12270d51276e9b569bb6d85240f5fced896b123cbb9bb9a43ca6d5936c1c47a42ebf70bc0ba6aee8fe4accde15fd0fd71150dd1912fef7c3173369d5627c1c50709a2f1b00497905fe62837953e7ecfca95e7e68dfec6f35034cf05959b056c59759e7d5e3c0852351e653be365f3f03c4ed1ba968ccc76f4b01429880a8a2b34699b9c8f970f4db1cd57d9884e8a81093643a52dbbea5a317275701d32656918af383ad93d9d4c9a4f644b991109914444c855bd27f3cfc800ad85da3e8b0771e487b85b5990b4b72e8e072aa58263dcb9d12566dcfac55df9516bb7be36bbb962ed9103d8d8586cf16469a34e8f5e535ef179c20a09253721fb71e1c4db43940abcf8a034a78b797eee3feda0d54a6c12836110c020ba3ea9920ea59a001db76b5ae41e4415951d793a99c3993769097c347f3a0dd5a6a3e509a4a8e5d56e6907b3da3ecea75a26cef8664ce514422971a11916fc6e11389de3642bb794ed952b3e7f724ef979f6b4e94657403a1a230e8ae99cb7076e22d8c18f50fd2976807b0a073255505af619051af957b8890ccec952b6e3eb80be587eab0068f38acac6dab3b408ac1e233c7e4f2085b0dfe0ca778e05bafa4efa74bc7e413d69cbfd3e50216440bfcdca8d723a615a386799e9d5ca8979a9fb19233ea5956978a45a344d8d184303d8a23b225dab7884072526c7341de4249f4c2b2e9fb0af35567792248c56ff66abf300be1fcb9803001e4241750c27f0017cf9c9b0d780de455c57d922745b0eaed52347a99085c6aba92fae0090ad3ef556241420eec564db355b7d28a23aced64f432df893790842d9a03e3586eda9a115e9c64a98012be5749a56c38ff0b1c7dca61307637b866d74564efa392dd94d44640e20181bba8cf61a1a4b93f7a58742dfa6a2ef21eaaa8b8e4cab2721d191de3cb65b42bb2cbf92afc089675e844b76e69003d98f28be10a2bd68b27b0bfc52e23203ea25f21a457f37d5ba1e0d3f5d6fb0afe4352da60adee8f6be30b7a47deea70a34eb756cd13586656198c76bc870fcc6f42ffa81ea9dd97b39029d354b17bb4f9010e1acb66d61a071ab30beeeb076b7a0ba40799b3fe7e1b45abf2eac9096985e469f74f4a5faacce9ceca7300b00f45659e4bb0f3d8d400f7f206ca8369eff57d741700e86b0a1d979059bf6ca8db77f7e23c83a36c54f22bb5ff6083ab50fbd6eccac5d9698ee6a2e7923200419a3eb7d5b87f7f80b6783b0aaf0616eb4c89173994dd8df3a6d4e4eb2f6c68efdc1b95f74c3f93a89445979ae496c5c844f98c49043a24f588b69ce7bf860d6a2f340670d463133c8d785c56fccd95a4acbcb7e6cbde94f222fb7bbf4f2a14c38995414302528c068d48cb17c30081eef019d1dbbae1114d62b4c1e8bbdcd83099051ed74823baa984d595d1975c4371c0d2fe7bab558b5418d83d520c071c966ebd550e0c2672deb775b6bfa3b33ab2eb7f51a864db7fb615c22642889bc2ecb07e286be396eca6084167897f5da6ea0965ddefe3eef5cba95831347c2a7da944a77ebee76a6d5cace960e1841c7155a3e66a4c4ab6a5ec32c3e89574306b65a80a7c07edaeeaf0b95066a3fe61ce9b4e134b9b2b7dfd12a7fb2925f8013a918555e681f326d76dfdb1a8d34191adabfdc971e2aba1f76533b8f285fed8c9a5517c8910779f3d074ef79037f81d227113b046c4c71d0880758d8378d4c72ec51ae3751dbe11438495b4d90f94966bf6c40a51ea1363f331c0ccc2238cf1faec1de3387b8472c6dbffd5d1da059ea73ee5c5b7ead07320c23ff9bdd98805c643af59c48a5db58062e04088fd173b2b3dd5101c76b3641af03a595689b479ae44b12fd12c0811ca0e22f8cda08a6785328fff367f39f6ef52fc21cede45076d73594c65860d8ccc8c7f3a8205892ea531a245b599894e418763c79c6cd06f24ddd0af8a72e5feb42307776fdb803d39d5eb8d747456370d94bda31e3016ff12dee1b4b1974c1e56d1139eee2fef7c6a2a8702c9fd82dc91e18a95410193ad3a8822f5acae654f0e4b575e6df1e5828419a1286854d55008cbeef1de226af85fbdafca86ff44479dbef8b098337febb37b4f321d09fb4b05e9597aa0087bfc85481159029e29a70c88775767a7ba52b93fe5a92c3cb5a8684e919cbc91601308d673eb358b4de4afae3a9c50baa71ea97200673f9069f2a8a25d5b00d8282cfeb4d217541fc8406aa73905701a8a36679f5e820b8c0e195e2cc2e3e1897d62971f38aed67ea2f39f732891f3653a88792d4558c710db99e1e565bd8d8e0ca5c513eff754c2c0fc2df8fd1a8640200a22105c2257ef4d64b5cae52eb9f776422ae95313f8570b43dd16d6252c9e8ebde91b44bea4958541eaff2a45d36a596c25afd205c0b167ef383ecbeb76c61e0502de6f8d41f6640b3b400f40f4e22251e82c231e305502bf41c21c5494dd843894aed0fb66b17d415a45ba22d69135ba7c38d035b4102fd2b8029b014ee19a29a78312833cad40210c3f416add657f83f70bbb6fb9a4dbf3afb64522d4b5ae83841b87bab0fda95564243bbe142482d6e3c4557585fea1ac763d56376a946e9322c3be23016882bc722a74fc29fd0b8523848296fd8fffd4f45e01"})
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e1e, 0x5, @remote, 0x6}, 0x1c)
syz_open_procfs(0x0, &(0x7f0000000600)='net/tcp6\x00')

2.948878381s ago: executing program 1 (id=5375):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
getsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5400000010001fff26bd70008000000000000000", @ANYRES32=0x0, @ANYBLOB="05160000102f00002c0012800b00010067726574617000001c00028006000e000100000008000700e0000001060010000100000008000a00", @ANYRES32=r4, @ANYBLOB], 0x54}}, 0x4000)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000000)={<r5=>0xffffffffffffffff})
close(r5)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000580)={&(0x7f0000000500)=[{0x7, 0x2e00, 0xd5, &(0x7f0000000100)="f32c11557df9d09147fe0643e52c32f86cacb59285fe8cff86a846b2fee5c4f862edeced206f6b14df22559f31b781274bd93304e902d9cdd3dd1bba1dc92d10cc83f11a919e2d5288d377e5d65fa9cdd79aba898226c675dc9dfe076661abbb6b2fa0ff10e636e56109db26437f6bf3ff4d827bd937311371dfce92412e614737621f920cbe3fc21e890c4f2c3786162be14107c121827beb3063326165657436173ad6fc3d4be72dd5e86e69147977c9069de23ae3c32c12abfb3ad8abe3e5001de04fc51adda18a1ec41f3a34150e0fdf8d1efa"}, {0x911, 0x1, 0x4a, &(0x7f0000000200)="7631dbc556e861c0a92b3f8fd9a634ed28cb8fff9942f0d0ca5b85eb8b8d768b9d8a808abe5d755e9098d2f99b3b83d0bfcb42a2883d01b9dfec03cf2b963487a44578bf9c9aeb815c42"}, {0x5, 0x1000, 0x43, &(0x7f0000000280)="6935ee8780f7572ae0049edf6ad28b378abfc848d28944ddc6b6cab77b10e90b34dcbf8aac4864c86315c6fcee2d31299b8cdfa0981edca4c32ed152441ff26f4a105b"}, {0x8, 0x11, 0x11, &(0x7f0000000380)="272ebabbd4b1f72282689163b3d80c3f7f"}, {0x9, 0x2000, 0x8, &(0x7f00000003c0)="a8daeae51ca248cb"}, {0xe, 0x8010, 0xce, &(0x7f0000000400)="0ea73ff473f0594ba95db13af83cbbb8eb0d40a93a9a120a3e57e52c2e07c78f79f71537f00c52ec5c334d45d17ad0148fc3f271746e03f7b69df9e2c03806bd5c9f28f572b9fc91b9ea9015d45e920b9f7c11742c4b117b794e5072e8d314a258f8cc2affee3f6de5a90c81a10f002f0d2c593d46842be1921b32009235da40c5b848e03dc21863d043e4099cf6e9737c96c0c661bd17abce0c0e1514acc0e7901f1688ac4f0cacfdfefa626088d36c6acca24ffa5db6c78fca26216a979826e4b0fdd88daf5481428f4b96ce81"}], 0x6})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x66, &(0x7f00000005c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd60e1000000301101fe80000020000000000000082d00000000aaff0200000000000000000000009a8a23f6be386108f55c66bf53d35b00000140002e220030907826b46dfea6c80d423e9f3dd438a03259f4c1f71745384d1c2ba53eb048b8654157576177903f5c04e52c92316ff9efe946b59572d537dac1e49b5da130ef034817a577e5fa37133f539542813f597f95f771"], 0x0)

2.937016897s ago: executing program 0 (id=5376):
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
unshare(0x2040400)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
gettid()
poll(0x0, 0x0, 0xffffffffffbffff8)
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f00000003c0)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0x8000}, 0x1c)
write(r0, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0xfdef)

2.778820162s ago: executing program 1 (id=5377):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000002540)={0x73622a85, 0x1114, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x4, 0x0, &(0x7f0000000040)=[@register_looper], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000200)="0ebc406132894962fe4f10229cd970fa80895a0ab6cabf63e0c52104572f16d388de2d4fe7c4809b5dcab54b5717be26fb12d870a9fe153b944434f40330f4912fae6ed2a57383f0e385ad2ba4d736b2"})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r4)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x180, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, 0x0, {0x10}, {0xfff3}, {0xe, 0x1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x150, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x0, 0x1ff, 0x72, 0x8, 0x2, 0x1, 0xfffffffa, 0x6f2, 0x9, 0xb00, 0x17, 0xb, 0x1c, 0x8, 0x7, 0x1}}, @TCA_GRED_DPS={0x10, 0x3, {0x1, 0x9, 0x0, 0x6}}, @TCA_GRED_STAB={0x104, 0x2, "6a5c8d6e56a3857dfcdef7b2cc5943f5ab90a2a3c7b5b43b3c90ba420a16d00355354d134f9c2ee484adb8416e3f180a4b2d6e5552aa66ae89476a7ec13c04c39a107796cd115bcf28d72b188105acd71d1fee6f6a325169ef91d1e19089385aca27a7ccbdb2c2869cd2985c286e09ae436b1fed83c1b7d7fab107eb218151a560723252a1b16822925e4a160f93b0d43d9ba46411be3bcbad2c3f1e11a392b690c802177bd3ed3d1c2f69044f98128018c150e2c4b6322face88f5ed2cd741343af9eac5a454120c13ddc503835cbad8646351ba5d4af335af601dac0231ef35eb8933c4b7c235387bf398a3a26e3efbadc1616242f1131028e424db8c55351"}]}}]}, 0x180}, 0x1, 0x0, 0x0, 0x4040098}, 0x4000)

2.560381114s ago: executing program 1 (id=5378):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000004c0)="cc", 0xa11c}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000500)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf62776e1bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d47312fa4b716f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf4641682020000e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a23db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651d8a0f30993de53bbfc9d8e14ecc2845d49e2ee2ab0062a3e701bb2477bfd73d78f8ff6a2f11fa4810f9ffc7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc0300000063d684d16a1c71b2c8a568481f4f1b254ccd66fb13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a748d40fc2719b867f89d1dc178c93fb2e6664d30bfb877bee78199a3f5b7de1c027eb0c12e020ab311cc18fea8b20ec67941", 0x3bb}], 0x1}}], 0x2, 0x4040894)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=ANY=[@ANYBLOB="180000001500010029bd7000fedbdf252d"], 0x18}}, 0x20000000)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r4=>0x0})
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
lseek(r5, 0x1, 0x1)
getdents(r5, 0x0, 0x48)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x48, &(0x7f00000001c0)={0x0, 0x0}, 0x10)
setsockopt$TIPC_IMPORTANCE(r5, 0x10f, 0x7f, &(0x7f0000000040)=0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x34, r1, 0x101, 0x20000, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

2.252429495s ago: executing program 3 (id=5379):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x400, 0x3, 0x2}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r0, 0x2, &(0x7f0000000100)={0x2}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x3, 0x2ffffffff}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0xf)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000080)=0x100, 0x4)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x1e, &(0x7f0000000000), 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00', <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r4})
landlock_restrict_self(r0, 0x0)
r5 = landlock_create_ruleset(&(0x7f0000000080)={0x10}, 0x18, 0x0)
landlock_restrict_self(r5, 0x0)
landlock_restrict_self(r5, 0x0)
landlock_restrict_self(r5, 0x0)
landlock_restrict_self(r5, 0x0)
landlock_restrict_self(r5, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x985, 0x3}, 0x18, 0x0)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$SOUND_MIXER_WRITE_RECSRC(r6, 0xc0044dff, &(0x7f00000000c0)=0x9)

2.039649474s ago: executing program 4 (id=5381):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=ANY=[@ANYBLOB], 0xf0}, 0x1, 0x0, 0x0, 0x40000}, 0x4004) (async)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vxcan1\x00', <r1=>0x0})
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') (async)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
fchdir(r2)
unlink(&(0x7f0000000100)='./file0\x00') (async)
bind$can_raw(r0, &(0x7f0000000000)={0x1d, r1}, 0x10) (async)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f00000000c0), 0xf00) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101042, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
preadv2(r3, &(0x7f0000000b00)=[{&(0x7f0000000640)=""/106, 0x6a}], 0x1, 0x4, 0x3ff, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newrule={0x24, 0x1a, 0x1, 0x0, 0x0, {0x81, 0x6abe7a65b1deaed9}, [@FIB_RULE_POLICY=@FRA_TABLE={0x6, 0xf, 0xfe}]}, 0x24}}, 0x8000) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) (async)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000000080)={{0x1, 0x1, 0x18, r5, {0x5}}, './file0\x00'}) (async)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0xfffffffffffdffff) (async)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffff2a0c96caf4ffffaaaaaaaaaabb0800450000000000000000019078ac1414bbffffffff08009078ac1e0001450000000000000000000000ac1414"], 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
close(0x3)

1.996980738s ago: executing program 0 (id=5382):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000000)="aefeda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb0100", 0x25}], 0x1)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r2, &(0x7f0000000900)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, '\x00', 0x14}, 0x6}, 0x1c, 0x0}}, {{&(0x7f0000000040)={0xa, 0x4e23, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c, &(0x7f0000000880)}}], 0x2, 0x4000844)
r3 = syz_open_dev$vim2m(&(0x7f0000000200), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000003c0)={0x0, 0x1, 0x2})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x24044810}, 0x8880)
ioctl$vim2m_VIDIOC_DQBUF(r3, 0xc0585611, &(0x7f0000000040)=@overlay={0x0, 0x1, 0x4, 0x0, 0xd, {}, {0x4, 0x0, 0x0, 0x1, 0x0, 0x0, "12848098"}, 0x5})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6493790710000000000080000b2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249f21c6eee84309e7a23c19a394830f2539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bfb1c0e6b1244d35b213bda84cc172afcc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbb888b0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab2e4b380a00d72bc0480f94479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b844139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323478a9968100000005"], 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x73, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000340)=r7, 0x4)
r8 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400", 0x2}], 0x1, 0x0, 0x0, 0x74000000}, 0x10)
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x185802, 0x0)
sendfile(r9, r9, 0x0, 0x200000)
ioctl$BTRFS_IOC_DEV_INFO(r4, 0xd000941e, &(0x7f0000000980)={0x0, "85efe03e505755d8164287526699fa49"})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000001980)={0x0, 0x4, {0x7fffffffffffffff, @usage, 0x0, 0x7fffffffffffffff, 0x7fff, 0x2, 0xbff, 0x7, 0x80, @usage=0x5, 0x3, 0x2, [0x2c1c, 0x100, 0x7d, 0x200, 0x1, 0x7fffffffffffffff]}, {0x480000000, @usage=0x2, 0x0, 0x4, 0x0, 0xfffffffffffffffd, 0x3, 0x80000000, 0x88, @struct={0x8000, 0xb}, 0xe2, 0x2, [0x9, 0x0, 0x0, 0x800, 0x7, 0xb]}, {0xffffffffffffffff, @struct={0xc8, 0x1}, 0x0, 0x81, 0x1, 0x7ef, 0xfffffffffffffffa, 0x4, 0x80, @struct={0x1000, 0x8}, 0x4e3f, 0x81, [0xed69, 0x3, 0x0, 0x2, 0x7, 0x80000000]}, {0x5, 0xa084, 0x3}})

1.856383981s ago: executing program 4 (id=5383):
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x400000000010, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0xc, &(0x7f0000000340)=0x6, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r1], 0x24}}, 0x0)

1.789833708s ago: executing program 3 (id=5384):
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000009, 0x46031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
getsockopt$sock_buf(r0, 0x1, 0x1f, 0x0, &(0x7f0000000100)=0x37)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)

1.705131311s ago: executing program 4 (id=5385):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r0, 0x3)
accept4(r0, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, &(0x7f0000000140)=0x80, 0x8fff5)
r1 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r1, 0x0, 0x4)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$tipc(r1, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x480c0}, 0x0)
accept4(r0, 0x0, 0x0, 0x400000000000000)

1.625306402s ago: executing program 3 (id=5386):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
mremap(&(0x7f000054e000/0x1000)=nil, 0x3000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)

1.540122418s ago: executing program 1 (id=5387):
syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x40, 0x5ac, 0x237, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xfb, 0x50, 0x9, "", [{{0x9, 0x4, 0x0, 0xd, 0x1, 0x3, 0x1, 0x2, 0x0, {0x9, 0x21, 0xff7f, 0x79, 0x1, {0x22, 0xfb1}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x3, 0x9, 0xf9}}}}}]}}]}}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x601, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa08001900e000000214001b0017"], 0x58}}, 0x0) (async)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x601, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa08001900e000000214001b0017"], 0x58}}, 0x0)

1.539293587s ago: executing program 4 (id=5388):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000002540)={0x73622a85, 0x1114, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x4, 0x0, &(0x7f0000000040)=[@register_looper], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000200)="0ebc406132894962fe4f10229cd970fa80895a0ab6cabf63e0c52104572f16d388de2d4fe7c4809b5dcab54b5717be26fb12d870a9fe153b944434f40330f4912fae6ed2a57383f0e385ad2ba4d736b2"})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r4)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x180, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, 0x0, {0x10}, {0xfff3}, {0xe, 0x1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x150, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x0, 0x1ff, 0x72, 0x8, 0x2, 0x1, 0xfffffffa, 0x6f2, 0x9, 0xb00, 0x17, 0xb, 0x1c, 0x8, 0x7, 0x1}}, @TCA_GRED_DPS={0x10, 0x3, {0x1, 0x9, 0x0, 0x6}}, @TCA_GRED_STAB={0x104, 0x2, "6a5c8d6e56a3857dfcdef7b2cc5943f5ab90a2a3c7b5b43b3c90ba420a16d00355354d134f9c2ee484adb8416e3f180a4b2d6e5552aa66ae89476a7ec13c04c39a107796cd115bcf28d72b188105acd71d1fee6f6a325169ef91d1e19089385aca27a7ccbdb2c2869cd2985c286e09ae436b1fed83c1b7d7fab107eb218151a560723252a1b16822925e4a160f93b0d43d9ba46411be3bcbad2c3f1e11a392b690c802177bd3ed3d1c2f69044f98128018c150e2c4b6322face88f5ed2cd741343af9eac5a454120c13ddc503835cbad8646351ba5d4af335af601dac0231ef35eb8933c4b7c235387bf398a3a26e3efbadc1616242f1131028e424db8c55351"}]}}]}, 0x180}, 0x1, 0x0, 0x0, 0x4040098}, 0x4000)

1.333059745s ago: executing program 4 (id=5389):
r0 = fsopen(&(0x7f0000000200)='btrfs\x00', 0x1)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
rmdir(&(0x7f0000002a40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
connect$inet(r1, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95}, 0x48)
r3 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r1, r2})
sendmmsg$inet(r3, &(0x7f00000028c0)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000280)}, {&(0x7f0000000400)="03362a247861461b950daf81800a038f1ee4d89769187dcd3a5f3b23aaab61614df7ed7e9300c2cbd640ee12e7d98ef42c23e9f77543d8561a06ae5dca898dbcf6c4696e3a49a32599699c258a5766784886810a9a80505a31031800d541c3057f00f988f68cac40b9ff64906e2a4d611b85625dcc2e6ea9891e12b1a9fda5d3a53c6a5fffaddefda1e252bdfa858a25788978e89d8af722c2ee51b5beb204a6df21832f98d6774b8c876e8c42177e5f515e5b0852ed9ecbdcdb4f8b04991d3dc9afe709190f8b22dbd6af44730a68d599c3e3e2137bcc57e3044c962e27d0358fff26441cc47d00ac9734080efeea934d381735a24ddd5a1e88bd286012dc9d4288a26bc76b37073c7bb4e013d4ce3bf6f7d15370f50409f54ee552d7a490f7ae55a32b51e586361e1f2dc16eb8f426876ba006508e3a232cb43d057a5023d493d5dccebcb5cf4d863cfcbd20722023aed8bdb55f1456d3d3071532817816cb28cb0915ed566a6c17c5f621f04c8d9dfa360e96f3137e18389ff4bdb558fcd33c83cdb99fe789acfc7b2b7be37d74297fc05c94e220b63f2317b6137b110248923988a312ac165e66b636b933d2a4db91cf18522ddac19a142e3394c97a9f29639f1f743cf109839a2d35eadc2453ceb05f699bb8068085994c699ff9a49cfdbc70db70ca96e492b33d2da56faf310c6010f926cda4398ffd8ce8c550f589a40cd7a286bbb63220ba98f9110a7fb572a790416eac12d7789368b4668e8bbcc257b46e3c4c13db9a292f83f19de3b90f448742a719a517b0edfa39c3f14bc503b37aa69f70e5a901915aa08d4307285b788608c72411be35516ac3fd3922562359d9fc3616a52fece08389963c840735b00162722d6a23a5cc52e9a1cc52aeda95e7b4a297b5de545926b2db97434d29f7267b42fd773da4b3aad9f60471396aede82f96dd85464fa8bf3d406ae28a4acf14432224620647617eb70cfaf7d823dc8a580fdfda1b7a9a78bfa2be16dcbaaec5fdeba3ab9a92a2addedee882f7f80a1abf694997042267eb0a632584ca1587345879fac1b9a68005f3ec587455112ee44091fc45f0c5176b192adccf55db0267dff5745a810ffb0a23feaa27bc7e228f995b7e3735b24e43ad2771f66156853b9781b8196bbf9f75c6b2186d18490f6bcb5f6b96a5c348210347c1dbde123ccab049ed4e40c7894f83009f20a46ae31bf1cf325b18fab0064ad7d2085d4d1b2a2c6d2b1baf253ac6d5603acd7cb68b532cb458b4a042c4f9145759c178354535ee0530d2d80b09962c2c2bba18e0fed3f438f7ccc5c4e0b068f9682594e842aa9d8eab34581a57bef1bfb881adb216d82a30798fcf1e0d58a0a8588794d259eb214b225df2531a8e3675fabbe9183e7b7f9cd32d58960ecd29c25b5cab77b967afa18affd6273a1dff867527cc5d4e0fd86b25111f1f5db7be27befc50e7e146376d6cbde005f44affe2a57cf8b87b22dc1ce77dde1c3c30f40023fef56dde8b2a5262febdcefeb7e3a6cb0ef41dc661ac61189cac1ffdcd1a36614a7a795908919904a426a25030e7543d4b7febeadf516bff206efb5f83618d7f54934bfa25899ee109d4ac63646dd9628ecbb5028967788107b6d855beb77344f4dcc13dcdfa45596f658e3dfdbc05a31fc42cb0ebd55fead9d46a65a923703354169166069a1949b501162ea4ada11cbf49eec13fe0b434db20399de0542e43c0b75db3784b589b9c349b71f6fa6cfa07622aba0e8db90101b24c7acd6acdb947e4e03fbabe7d1410d10c41e7c32d3395c79860e9fd8d26d14f7fe7775e6968ff729c719231fdce2c58819d14c3b91e971f2c723955164788387a7eb4edbef98136a67e780e80c8810f80ca1b0fdd821af700879df573e9662124ba081b082a95237b521fdaa623d1432c24f0b972aab65ca85d999a8edff56a3d0e695ac42393268253cad4c5c58130690583820cb53cd2b5da938007d617bb22f0108cdecfc3e451f1990b1f92ecc7554d1c70d0e15d3dec2c092d66dcfe33adb040457ee1813201f66034c2ad2ba15dbae8a9c390d8bef9ac58d6cd7562b0b21d787b80aa790c6419edac0cd0e3005bff73418ffbc07642b0e02ca30c3bdff995854e532d733da75fa813be8bda0cbbe2a6f99688d128e3b434f2b549d9d4b2bca9e02c53c87d0943fe78a9c17feba73dd93617eb16b288749bc3aa8c9e4a66da3ebd1c41b3697917938478743adb5309b429e77ae39a7522fd14e1ad20181d4df3dd6b3a2e92b167373e7f73bf8e5b42ba8f9030f7f3718b2a8bffb842f0a0e4e317786ffa9d3eef9407064cbffa5f880e4c00401c4ba1a430e6bb42a39e6c9afa83a50baba9b14105e5e20693e5badad3b758ecc4e0abb29dfb23bc3f0cc4236852d11b5cd696f4bea2310b02a184dd979483ca606d1de047cc34e31c2600e11b7529172424b81f35f7b8d7490e14178a51de0e752f0fee80662e1486bb5619b7e78583d881b410ab26861372ca1df6528bf173f29fed933408fe985f44716406162dea9e628fea4f4d3b6b4bf003576a4bfceb9db63f4924b3ac84e1b8898792077ad8a3736601bff35e47c03abb5cd4aab723a3dd2387a44d8579268656207481e22e5ec4d92fe07b29f17f2d59051121110001c6f29b65c46551c23f76d3a123f790a2936404bd28592c11c48eb4a89d360f8e26107745ab4f8f843a781375cc468277c3ca1ab2b0af3d52236887a9d706c002ac314e3779cf4928b7a0c3f6dce2ee103f33ca8d441ef5ff6c31b4dddbfd88780534308e4d8226753fb0ee385bb816f0e3c0e7b50d91b613852b8464272b65ead9ff4c9f3dcdcf936cfe25a36821a2f3c720a8f9a0f91adbdb09728988c8e2c0c4aebd3d120284461f7a5d3cd06c73a5f4954ec8f7b62939bdfe590ec9a706a8980ee8c01cc29e1cfd0d7cd2eaf676f802d02cf5318390853db8fcc921023a4fe524462e63009a27bacf40ab28d82a604b3dcc9a62d85f85e269fc1a0a09b45742780e2296c403c632e903e53d75d97e0b09f0130f85e43c697c4f09b90f0d422b0800c768b4f776779ecc72c5deea79073ea4fcbd1f8a6ad8442d3d5c462a1cece5c82f935ecf5570715c6515113452b414688db7ec8fd883fa5a52870cd9e182cb5e558dfc61e59f5014cc554af826b6f4c93795994121d5c8be3a389cd4629287f0ce71503554802025080932d60e9b1b0432", 0x8f2}], 0x2}}, {{0x0, 0x0, &(0x7f0000001800)=[{&(0x7f0000001540)="2aba9e4cc9b55274aa3a5dbd35f30d62249f7226e2ffa535df463037a323c732a94981bd91b9d134", 0x28}, {0x0}, {0x0}], 0x3}}], 0x2, 0x40)
close(r3)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(:2', 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000068e04d206f0e2c586831010203010902240001000000000904000002ff47d000090509e702008000040905", @ANYRES64=r0], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)

1.173115102s ago: executing program 3 (id=5390):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x400)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x1, 0x9, 0x401, 0x12000, 0xfffffffe, 0xda, 0xfffffffffc000000, 0x0, 0xfffffffffffffffa, 0x0, 0x3, 0x4})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r2, 0xc06c4124, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11})

821.092295ms ago: executing program 5 (id=5391):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffa7}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x10, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_PROTO={0x5}]}}}]}, 0x40}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}]}, @NFT_MSG_NEWSETELEM={0x60, 0xc, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x34, 0x3, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x24, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xc4}}, 0x0)
r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x4a38, 0x201)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000140)={0x53, 0xffffffffffffffff, 0x6, 0x20, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000200)="19dfac83d098", 0x0, 0x1000000c, 0x0, 0x0, 0x0})
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffa7}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x10, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_PROTO={0x5}]}}}]}, 0x40}}, 0x0) (async)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}]}, @NFT_MSG_NEWSETELEM={0x60, 0xc, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x34, 0x3, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x24, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xc4}}, 0x0) (async)
syz_open_dev$sg(&(0x7f00000003c0), 0x4a38, 0x201) (async)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000140)={0x53, 0xffffffffffffffff, 0x6, 0x20, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000200)="19dfac83d098", 0x0, 0x1000000c, 0x0, 0x0, 0x0}) (async)

659.40966ms ago: executing program 0 (id=5392):
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000e0000901080000000000000000020000050800034008000036080005400000001a100002"], 0x34}, 0x1, 0x0, 0x0, 0x4004840}, 0x10)
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000700000000040014001a80"], 0x34}, 0x1, 0x0, 0x0, 0x60}, 0x0) (fail_nth: 6)

593.089335ms ago: executing program 5 (id=5393):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x400)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x1, 0x9, 0x401, 0x12000, 0xfffffffe, 0xda, 0xfffffffffc000000, 0x0, 0xfffffffffffffffa, 0x0, 0x3, 0x4})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r2, 0xc06c4124, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11})
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r2, 0xc0884123, &(0x7f0000000440)={0x5, "d5245d4302b4a3120c0073b52a215dc4e7fc556e6d2fc79a696d521b8baa2800c63ea51f3de651630c88eed279137089d8344427a057a2f08749c99a026ea30a", {0x800, 0x2}})
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r4 = openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000b80)="d8000000150081044e81f782db44b9040a87080211000000040000a118000200e000000800000e1208000f0100810401a80016ea1f000940032e5f54c92011148ed08734843cb12b00000803600cfab44dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d1688683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bbfe5a09d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x4000884)
ioctl$SNDCTL_SEQ_OUTOFBAND(r4, 0x40085112, &(0x7f0000000180)=@t={0x81, 0x11, 0x8, 0xce})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffd0900010073797a30000000000900030073797a300200000074000000060a010400000000000000000100000008000b400000000038000480340001800a0001006d617463680000002400028008000300e4edf2b708000240000000000e000100636f6e6e6c6162656c0000000900010073797a300000000014000580080001400040002f080002c0f0"], 0xe8}}, 0x4000000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
pipe2(&(0x7f0000000080), 0x4000)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r7)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc))
ioprio_set$pid(0x0, r8, 0x4000)

519.710513ms ago: executing program 0 (id=5394):
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x14bb42, 0x8c)
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100)=0x3)
openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r4=>0x0)
io_submit(r4, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x4e}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x4, 0x6, r3, &(0x7f00000001c0)='m', 0x1, 0x1}])
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r1, 0xc0984124, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f00000007c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000680)='./file1\x00', 0x2)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = fsopen(&(0x7f0000000680)='pvfs2\x00', 0x1)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r7, 0x4, &(0x7f00000006c0)='acl\x00\x9a\v\x9e\xdf@\x18\xe6\xca\xf1\x0f\xc8H\xc83A@\x9a\xe4r\x89h8\x1b\xab\x84<\x85\xe5\x88j_<(nW4\xe4\xbb\xe9PF\x1b|\xc4ZS\'\x8f\x91\xf7\x03\xa2\x8cd\x1f\xd3y\xce\x11Tj\x12\xc2\xf5_\x9c\x98\x00\x00\x00\x00\x00\a\x00\x1c\x1e:^\xdeNT\xe8O\xe8\x1ez\x9e\xc8\x8eo@Th;\xe5F\x0fv\xf1H\xdf\xf1\xe1\x9en\xc1\xd1\xca\xca\x89\"\xe4\x9c\xe6\xc2\xd8\xaa\xf6\f>\x19\x15t=\x1eXp\xbaLO\x06\xa3\xfdS\x01\xd1GE\x0f\x98L\x99#\xef5\xed[<\xd9\xc2v\xbe\xdaH\\H\x104\xcd\xe23l\xd1\x9fc5\x87\xb4\xd7\xf6\xecr)\x0f\xc7\xe4\x1d[\x82\xc3\x18\xa4{\xecF\x00\x00\x00\x00\x00\x00\x17\x96\xf7x4\x8a\x06\xc3\xa2\xceFl\x91%\xe9\xbd=\xff\xaaF\xf7\xa5\xb6\x18;g\xa0:\x06\x84C5\x99\xf8@\x0fC\x8e\x99`[kH*hL\xea3\xd1\xfa\xc1T\xf68\x80\x15\xde\x8a\xfd\t\'4\xe2\bhg\a]WS8?!\xb9\xe4\x1a.\xf6\xe6\xf9\x06J\x01\xf0!\x04\x8f\x82\xeaT\x816\x19\xc2\xb3`\ap\x89\xabp\xade.*\xdc\x00\x10\xa7%T=\xe5\n}\x89\xd42\xf7\xd8J\x90\x9d\x89}|\xe7\x95K<7\xe3\x1a\xf0\xb9\xff\xdd\xe8\xfcI\x16\xfe\x0f\xa2\x06\xa2\xe80\x0e\av\x19\xb5LAr\x97\xa7\xf1\xa8\xfe6\xce\x14c1#\x89CQ\xd5\xac\x10\x88z\xca1\xd1!\xf5\xdf\"\xd7\x8a>\xd8\x82%\x13\xe7\x87\xb8\t\xb3\'2>2z\x81\\\xe8\xbd\x9ec5\xc7<\x05\xea04\x8f2\xa5\x10\b\xc3&\xa9\x15\x9e\xab=\x01\xce& VN=\xe8\xe0\xd4\x92\x06\x82\xa9L\xf7.j\x8d\x96\x1aM\x16\xab\x91\xeb\xa1A\xaa\"\xd3p\xbc\x7f_\x1e\xcb\x92\xef\x00'/469, &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xffffffffffffff9c)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0x9}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0x0, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8801}, 0x20008850)
r10 = socket(0x400000000010, 0x3, 0x0)
r11 = socket$unix(0x1, 0x5, 0x0)
ioctl$FS_IOC_FIEMAP(r5, 0xc020660b, &(0x7f00000008c0)=ANY=[@ANYBLOB="0400000000000000000000efffffff00000000000002000006000000000000000600000000000000800000000000000005000000000000000000000000000000000000000000000080030000000000000000000000000000b6ba0000000000000504000000000000090000000000000000000000000000000000000000000000d576d4610000000000000000000000000400000000000000ff03000000000000040000000000000000000000000000000000000000000000000800000000000000000000000000000f000000000000000e00000000000000194c4678f300000000000000000000000000000000000000008804000000000000000000000000000002000000000000000400000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000b00000000000000ffffff7f00000000090000000000000000000000000000000000000000000000040400000000000000000000000000007440605f7e3948b61455922c46118458d4f230addaa336cfaceb182ac7c3cbd869248a24e9ad61bd5a79196c5642d5e57fa85b9893fc368b500e885843f2cbcc85c0f5a4768f7004b0e4e8c54c16da0b31e19c36ca22e8317efbc710b64c472fb2b25ff1f68cd102fea4e74960f0a7223d655a285afbcdd04c10975d3451c31b01507d0d3b7af9edc57cbaa3166cfc45dddde44b33bce8da62189e10ca9ffdde155627dbd036a91a68f4f7257e60bd76536c03cdc7adc3844214d9be5d9eefdfe939346296fb38fb01d41d9198bf0251c11d309e1f2ed46f1520465255e4b571ae33be5fad8247338b8dfea610d237393088618407cdb090b8c27b6b5cc07bd22de615115fe671516bcc9e3e68320efe60ef6350ad85ee61dc130d091c2355"])
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000800)=@newtfilter={0x38, 0x2c, 0xe1d, 0x870bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r12, {0xfff3, 0xffe0}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x8, 0x2}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

444.763401ms ago: executing program 5 (id=5395):
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x400000000010, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0xc, &(0x7f0000000340)=0x6, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00', @ANYRES32=r1], 0x24}}, 0x0)

346.559061ms ago: executing program 5 (id=5396):
r0 = socket(0x1d, 0x1, 0x6)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x6a, 0x2, 0x20000002, 0x7fffffff) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r1 = socket$kcm(0xa, 0x7, 0x0)
sendmsg$inet(r1, &(0x7f0000000480)={&(0x7f0000000340)={0x2, 0x4e22, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="140000000000000000000000010000000000000000000000180000000000000000000000070000004404dc030100ff971100000000000000000000000700000001000000000000001800"/83], 0x60}, 0x0) (async)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)
r3 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x1e, 0x0, @tid=r3}, 0x0) (async)
socket$unix(0x1, 0x5, 0x0) (async)
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}}, 0x0) (async)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x500000b, 0x204031, 0xffffffffffffffff, 0x47aef000)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) (async)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080))
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) (async)
setsockopt$packet_int(r4, 0x107, 0x16, 0x0, 0x0) (async)
r5 = gettid()
timer_create(0x6, &(0x7f0000533fa0)={0x0, 0x10, 0x800000000004, @thr={&(0x7f00000004c0)="fc0563959e405a155bfdddf3acbe0369ce3d3d95aa1d2c43d1604638e443bf33cdceb0ecbe44b15a5761e8c537c00a0e5fda61af12d666945f0d53c3c9a064c1ddae5a87f0aba3214829286721d911a2b84d991be33b1f0d1dcb68e71beeb4a52d30ea31cba869b866db666dc24fb0ceb860d0addef812d4fb5c52bd3d582a3ac8a24413ad03e95215cb4ae1bef803b8fd599d7c4a1ba37a04734f3b5e01df95d4a9628e939cea9a7923d9f36f4b815b3e38dff1d3ef2bd56605571ae10a9446b7500400f1ae0c9918f0c3eecc72d04355bdd78c9c6bb8b9c11b127d60e0d000679392734540f4a0a4d809e18e4142058aeb1c", &(0x7f00000005c0)="b8ff70b1007b19a3e695e154ae222d5b3091a630f927926d5a"}}, &(0x7f0000000100)) (async)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x1, r5}) (async)
migrate_pages(r5, 0x9, &(0x7f0000000180)=0x9, &(0x7f0000000000)=0x102)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1, 0x200000005c832, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0xa, 0x204031, 0xffffffffffffffff, 0xc9751000) (async)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) (async)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="1201000000000010ac054b02000000000001090224000100003000090400000103000100092100000088224e510905810300"], 0x0) (async)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)

253.146179ms ago: executing program 3 (id=5397):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000640)={0x48, 0x7, r2, 0x0, 0x10000, 0x0, 0x2, 0x2ebad4, 0xa0f97})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x3f, 0x10001, 0x0, 0x5, 0x0, 0x235959})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000080)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x11403f, 0x3f})

202.313191ms ago: executing program 5 (id=5398):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r1, &(0x7f0000000600)=ANY=[@ANYBLOB="fd0200"], 0x233)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x9}, 0x20)
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f0000000000))
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000200)={0x203, 0xa, 0x2})
ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000500)=@userptr={0x6, 0xa, 0x4, 0x2000, 0x7, {0x0, 0x2710}, {0x2, 0x0, 0xd3, 0x6, 0x77, 0x6, "0080ca6f"}, 0xff, 0x2, {&(0x7f00000002c0)}, 0x6})
sendmsg$inet6(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0xa, 0x4e21, 0x80000, @dev={0xfe, 0x80, '\x00', 0x44}, 0x5}, 0x1c, 0x0, 0x0, &(0x7f00000006c0)=[@hoplimit={{0x18, 0x29, 0x34, 0x7fff}}], 0x18}, 0xc4)

156.989704ms ago: executing program 1 (id=5399):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
r2 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_tcp_int(r2, 0x6, 0x8, &(0x7f0000000680)=0x3, 0x4)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002740)={&(0x7f0000000200)=ANY=[@ANYBLOB="b9bb3330", @ANYRES16=r1, @ANYBLOB="010300000000000000004e000000080003"], 0x1c}}, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
timer_settime(r3, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
semtimedop(0x0, &(0x7f0000000080)=[{0x3, 0x7}, {0x2, 0x3, 0x800}, {0x0, 0xe, 0x800}], 0x3, &(0x7f0000000100))

76.503972ms ago: executing program 5 (id=5400):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000200)={0x2ba2, 0x32344d59, 0x2, @stepwise={0x90, 0x5, 0x5, 0x7, 0x8, 0x4bdc}})
r1 = syz_open_pts(0xffffffffffffffff, 0x800)
r2 = socket(0x1e, 0x1, 0x0)
sendmmsg$sock(r2, &(0x7f0000000100)=[{{&(0x7f0000000180)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x1}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1000000}}, {{&(0x7f0000000080)=@tipc=@nameseq={0x1e, 0x4}, 0x80, 0x0}}], 0x2, 0xea)
unshare(0x26020480)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x3, 0x6, 0xff}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x4d, 0x6, 0x3, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x7, 0x3c5b, 0x80000001, 0x25, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x1004c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x7, 0x7, 0x17, 0x1, 0x7, 0x200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x0, 0x1, 0x40], [0x1000000a, 0x1, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x7, 0x6c7, 0x8000009, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0xa0fe, 0x400, 0x401, 0x6, 0x1, 0xff, 0x7, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x80000000, 0xb, 0x40001, 0x9, 0x8, 0x9, 0x6, 0x47, 0x0, 0x1, 0xfe000000, 0x6, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x1, 0xbc45, 0x48c93690, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d3, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x6, 0x5, 0x1, 0x86, 0xffffffff, 0x303c, 0x3e7, 0xb, 0x5, 0x2002, 0x2, 0x3, 0x20000008, 0x2, 0x6d03, 0x800006, 0x38, 0x800003, 0x200, 0x1080, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac9, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x1c, 0x2, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0xb54, 0x101, 0x10000, 0x1ff, 0x7fff, 0x10000, 0x7f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x4, 0x1, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
creat(&(0x7f0000004780)='./file0\x00', 0x200)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x541c, &(0x7f0000000000))

60.234021ms ago: executing program 3 (id=5401):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000180)={0x2020}, 0x2020)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4800000010002104000000000200000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010067726574617000"], 0x48}, 0x1, 0x0, 0x0, 0xc0000}, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000022c0), 0x64140, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r2, 0x3b82, &(0x7f0000000180)={0x18, r3, 0x1, 0x0, &(0x7f0000000140)=[{0x4, 0x1000}]})
ioctl$IOMMU_IOAS_MAP(r2, 0x3b85, &(0x7f0000000000)={0x28, 0x6, r3, 0x0, &(0x7f0000000d40)='L', 0x1, 0x56149216})
unshare(0x8040480)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
r5 = syz_io_uring_setup(0x512d, &(0x7f0000000540)={0x0, 0xcc19, 0x130c8, 0x6, 0x30e}, &(0x7f0000000100), &(0x7f0000000200), &(0x7f0000000000))
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x0, 0x4, 0xa462}, 0x0, &(0x7f0000000100)={0x8, 0xfffffffffffffffd, 0x0, 0x0, 0x3, 0x0, 0x100000000}, 0x0, 0x0)
syz_usb_control_io$uac3(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x438}}}, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
ioctl$int_in(r6, 0x5452, &(0x7f0000000000)=0x8000000000001)
sendmmsg$inet6(r6, &(0x7f0000007240)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0x6, @mcast2, 0x7}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f00000012c0)="1ce02c", 0x3}], 0x1}}, {}], 0x3, 0x1c000)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r5, 0xc, 0x0, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r8 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r8, 0x4008af83, &(0x7f00000001c0)={0x1, 0x1, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = accept$alg(r7, 0x0, 0x0)
sendmmsg$alg(r9, &(0x7f0000000d40)=[{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000640)="eb5974e8be09e387ab90b1569489ca152362cb44b1952d7a95d4e348dd0a24fdb5fbd2dc1f3ddba2f36dd88226e8ab7b58818a357b167f7671a57d73594a9107053189f3589268715fdfc605ce82d5053ca0394bd3ef6ccbdf534483f3c1d4f9ff65fb1863033c0b1caa3693e04df2ec20276f06deaacfacc12fcba68de29bde9a2ea9ba457ea429c807659f0625a5eb47b1ec44b0aa78", 0x97}], 0x1, 0x0, 0x0, 0x20008014}], 0x1, 0x4814)
recvmmsg(r9, &(0x7f000000c4c0)=[{{0x0, 0x0, &(0x7f0000007340)=[{&(0x7f0000000e40)=""/149, 0x95}], 0x1}, 0x4}], 0x1, 0x400001c3, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r4, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, &(0x7f0000000040)={{0x0, 0x0, 0x2}}, 0x0, 0x0}})
socket$inet_tcp(0x2, 0x1, 0x0)

25.207821ms ago: executing program 1 (id=5402):
socketpair(0x1d, 0x3, 0x1, &(0x7f00000000c0))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x25, &(0x7f00000006c0)={0x0, 0x0, 0xac1d, 0x9})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)})
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f00000002c0), 0x420200, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000280)=0x2000)
mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x0, 0x11, r3, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000000)=0x5)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000200)=0x10000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4, 0x8, 0xfa13, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x11c}}, 0x0)
r4 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0)
preadv(r4, &(0x7f0000000040)=[{&(0x7f00000013c0)=""/4096, 0x5}], 0x3f, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid\x00')
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
syz_io_uring_setup(0xcaf, &(0x7f0000000340)={0x0, 0xb601, 0xd63008e48a80453e, 0x5, 0x3e4}, 0x0, 0x0, &(0x7f0000000000))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3800000040000701feffffff00000000017c0000040042800c00018006000600800a0000140002800d00148004000d0004000d"], 0x38}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0xa0, 0x1, 0x70bd26, 0x25dfdbff, {0x82}}, 0x14}, 0x1, 0x0, 0x0, 0x48080}, 0x40010)

0s ago: executing program 0 (id=5403):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x10003, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r5}]}, 0x20}}, 0x0)
ioctl$NILFS_IOCTL_SYNC(0xffffffffffffffff, 0x80086e8a, &(0x7f0000000040))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000006800010003001000fdffff7f00000000000000000c00020001000000150000000c000c800800030001000080060003000100000014c950fb3a2665daac0783ba7c6a35da87e375b2db9fa4b0c6c8d56b778c3552358774e6f1f1609bb55e6ccb91606bfcf673e4"], 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x192}}, 0x20}}, 0x0)
pipe(&(0x7f00000045c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
write$binfmt_script(r7, &(0x7f0000000980)={'#! ', './file0'}, 0xb)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0xe, 0x13e, 0x89, 0xffffffff, 0x2})
r8 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r7, 0x29, 0x41, &(0x7f0000000340)={'filter\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78)
bind$rxrpc(r8, &(0x7f0000001280)=@in6={0x21, 0x300, 0x2, 0x1c, {0xa, 0x300, 0x3000000, @ipv4={'\x00', '\xff\xff', @broadcast}, 0xb7}}, 0x24)
r9 = io_uring_setup(0x61e7, &(0x7f0000000240)={0x0, 0x8ff7, 0x1000, 0x1, 0x343, 0x0, r6})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000007c0)={0x8, <r10=>0x0}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000800)={{0x1, 0x1, 0x18, <r11=>r7}, './file0\x00'})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000008c0)=@bpf_lsm={0x1d, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018380000ff0f00000000000000000000186a000007000000000000000100000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000000000000850000008600f5b1eeb2000006000000000000000000000018220000", @ANYRES32=r6, @ANYBLOB="0000000000000000183a000001000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000000000000850000008600000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000181a0000", @ANYRES32=r7, @ANYBLOB="0000000000000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f00000006c0)='GPL\x00', 0x0, 0x22, &(0x7f0000000700)=""/34, 0x41100, 0x4b, '\x00', 0x0, 0x1b, r1, 0x8, &(0x7f0000000740)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000780)={0x3, 0x7, 0x4, 0xb00}, 0x10, r10, 0x0, 0x1, &(0x7f0000000840)=[r11, r6, r7, r7, 0xffffffffffffffff, r6, r7], &(0x7f0000000880)=[{0x2, 0x1, 0x3, 0x1}], 0x10, 0x9}, 0x94)
io_uring_register$IORING_REGISTER_EVENTFD(r9, 0x4, &(0x7f00000002c0)=r6, 0x1)
splice(r6, 0x0, r8, 0x0, 0x80000001, 0x0)
r12 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80000)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f00000000c0)={'geneve0\x00'})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f7f"], 0x0)

kernel console output (not intermixed with test programs):

mber: 12 but max is 0
[  973.096832][T14046] usb 6-1: config 6 has no interface number 0
[  973.121670][T14046] usb 6-1: config 6 interface 12 has no altsetting 0
[  973.146735][T14046] usb 6-1: New USB device found, idVendor=2019, idProduct=ab31, bcdDevice= e.39
[  973.157761][T14046] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  973.174716][T14046] usb 6-1: Product: syz
[  973.182816][T14043] usb 5-1: new full-speed USB device number 112 using dummy_hcd
[  973.189269][T14046] usb 6-1: Manufacturer: syz
[  973.203256][T14046] usb 6-1: SerialNumber: syz
[  973.347309][T14043] usb 5-1: New USB device found, idVendor=200c, idProduct=100b, bcdDevice= 0.40
[  973.365843][T14043] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  973.367346][T23452] syzkaller0: entered promiscuous mode
[  973.389716][T14043] usb 5-1: Product: syz
[  973.389858][T23452] syzkaller0: entered allmulticast mode
[  973.394099][T14039] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  973.411166][T14043] usb 5-1: Manufacturer: syz
[  973.418172][T14039] usb 1-1: device descriptor read/8, error -71
[  973.442754][T14043] usb 5-1: SerialNumber: syz
[  973.673027][T14039] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  973.686002][T14043] usb 5-1: unit 8 not found!
[  973.690706][T14043] usb 5-1: unit 6 not found!
[  973.706157][T14039] usb 1-1: device descriptor read/8, error -71
[  973.820079][T14043] usb 5-1: USB disconnect, device number 112
[  973.827471][T14039] usb usb1-port1: unable to enumerate USB device
[  973.883794][ T5634] udevd[5634]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  973.980501][T23488] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4988'.
[  974.292805][T14043] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  974.453349][T14043] usb 4-1: Using ep0 maxpacket: 32
[  974.461076][T14043] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  974.471717][T14043] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  974.483875][T14043] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  974.495502][T14043] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  974.514803][T14043] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  974.525015][T14043] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  974.527673][T14046] usb-storage 6-1:6.12: USB Mass Storage device detected
[  974.546715][T14043] usb 4-1: Product: syz
[  974.550986][T14043] usb 4-1: Manufacturer: syz
[  974.555742][T14043] usb 4-1: SerialNumber: syz
[  974.582421][    C0] imon 4-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  974.597189][T14043] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input80
[  974.631738][T14046] usb 6-1: USB disconnect, device number 79
[  974.793162][T14043] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  974.804418][T14043]  (id 0x00)
[  974.893133][T14043] rc_core: IR keymap rc-imon-pad not found
[  974.909175][T14043] Registered IR keymap rc-empty
[  974.915921][T14043] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  974.943160][T14043] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  974.960300][T23536] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4994'.
[  974.996099][T14043] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0
[  975.021982][T14043] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0/input81
[  975.055845][T14043] imon 4-1:155.0: iMON device (15c2:ffdc, intf0) on usb<4:70> initialized
[  975.200554][T23551] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4995'.
[  975.389292][T23563] batadv_slave_1: left promiscuous mode
[  975.732941][T14044] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  975.752084][T14046] usb 4-1: USB disconnect, device number 70
[  975.759393][T23576] imon:send_packet: packet tx failed (-71)
[  975.792722][T23576] imon:vfd_write: send packet #0 failed
[  975.893095][T14044] usb 2-1: Using ep0 maxpacket: 32
[  975.902173][T14044] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  975.911630][T14044] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  975.935478][T14044] gspca_main: nw80x-2.14.0 probing 055f:d001
[  976.089921][   T29] kauditd_printk_skb: 310 callbacks suppressed
[  976.089937][   T29] audit: type=1326 audit(1778233994.048:2065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23593 comm="syz.5.5002" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcd7dd9cdd9 code=0x0
[  976.142305][T23597] tap0: tun_chr_ioctl cmd 1074025677
[  976.155232][T23597] tap0: linktype set to 768
[  976.402832][T14039] usb 6-1: new high-speed USB device number 80 using dummy_hcd
[  976.534284][T23607] bridge9: entered promiscuous mode
[  976.575291][T14039] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  976.611019][T23607] bridge9: entered allmulticast mode
[  976.627109][T14039] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  976.642972][T14044] gspca_nw80x: reg_r err -110
[  976.665422][T14039] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  976.681717][T14044] nw80x 2-1:3.0: probe with driver nw80x failed with error -110
[  976.686973][T14039] usb 6-1: New USB device found, idVendor=7de0, idProduct=676e, bcdDevice=77.db
[  976.715024][T14039] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  976.747335][T14039] usb 6-1: config 0 descriptor??
[  976.825173][T14039] usb 2-1: USB disconnect, device number 4
[  976.972740][T14043] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  977.132936][T14043] usb 4-1: Using ep0 maxpacket: 16
[  977.146410][T14043] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  977.172866][T14043] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  977.183825][T14043] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  977.202900][T14043] usb 4-1: config 1 interface 1 has no altsetting 0
[  977.217120][T14043] usb 4-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40
[  977.236048][T14043] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  977.253109][T14043] usb 4-1: Product: syz
[  977.258625][T14043] usb 4-1: Manufacturer: syz
[  977.266721][T14043] usb 4-1: SerialNumber: syz
[  977.444781][T23645] loop9: detected capacity change from 0 to 2640
[  977.456481][T23645] Buffer I/O error on dev loop9, logical block 0, async page read
[  977.467301][T23645] Buffer I/O error on dev loop9, logical block 0, async page read
[  977.476069][T23645] Buffer I/O error on dev loop9, logical block 0, async page read
[  977.484646][T23645] Buffer I/O error on dev loop9, logical block 0, async page read
[  977.493039][T23645] Buffer I/O error on dev loop9, logical block 0, async page read
[  977.508928][T23645] Buffer I/O error on dev loop9, logical block 0, async page read
[  977.509002][T23645] Buffer I/O error on dev loop9, logical block 0, async page read
[  977.509092][T23645] Buffer I/O error on dev loop9, logical block 0, async page read
[  977.509133][T23645] ldm_validate_partition_table(): Disk read failed.
[  977.509170][T23645] Buffer I/O error on dev loop9, logical block 0, async page read
[  977.509258][T23645] Buffer I/O error on dev loop9, logical block 0, async page read
[  977.509426][T23645] Dev loop9: unable to read RDB block 0
[  977.509745][T23645]  loop9: unable to read partition table
[  977.511684][T23645] loop_reread_partitions: partition scan of loop9 (3�����) failed (rc=-5)
[  977.831245][T23669] batadv_slave_1: entered promiscuous mode
[  977.929935][T23683] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5015'.
[  977.939795][T23683] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5015'.
[  978.513101][T14039] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  978.676905][T14039] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  978.719069][T14039] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  978.739429][T14039] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  978.757717][T14039] usb 1-1: SerialNumber: syz
[  979.107330][T14046] usb 6-1: USB disconnect, device number 80
[  979.281648][   T29] audit: type=1326 audit(1778233997.238:2066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23711 comm="syz.5.5019" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7dd9cdd9 code=0x7ffc0000
[  979.381064][   T29] audit: type=1326 audit(1778233997.238:2067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23711 comm="syz.5.5019" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7dd9cdd9 code=0x7ffc0000
[  979.455903][   T29] audit: type=1326 audit(1778233997.268:2068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23711 comm="syz.5.5019" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fcd7dd9cdd9 code=0x7ffc0000
[  979.532743][   T29] audit: type=1326 audit(1778233997.278:2069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23711 comm="syz.5.5019" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7dd9cdd9 code=0x7ffc0000
[  979.626246][   T29] audit: type=1326 audit(1778233997.278:2070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23711 comm="syz.5.5019" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7dd9cdd9 code=0x7ffc0000
[  979.712436][   T29] audit: type=1326 audit(1778233997.278:2071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23711 comm="syz.5.5019" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcd7dd9cdd9 code=0x7ffc0000
[  979.846727][   T29] audit: type=1326 audit(1778233997.278:2072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23711 comm="syz.5.5019" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7dd9cdd9 code=0x7ffc0000
[  979.916429][T14043] usb 4-1: selecting invalid altsetting 0
[  979.960978][   T29] audit: type=1326 audit(1778233997.278:2073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23711 comm="syz.5.5019" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcd7dd9cdd9 code=0x7ffc0000
[  980.061939][T14039] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  980.083984][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  980.097061][   T29] audit: type=1326 audit(1778233997.278:2074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23711 comm="syz.5.5019" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7dd9cdd9 code=0x7ffc0000
[  980.177421][T14039] usb 1-1: USB disconnect, device number 21
[  980.203770][T21168] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  980.222535][T21168] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  980.232147][T21168] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  980.246681][T21168] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  980.259166][T21168] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  980.335543][T14043] usb 4-1: USB disconnect, device number 71
[  980.509865][ T6306] udevd[6306]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  980.588826][T23762] binder: 23760:23762 ioctl c0306201 2000000003c0 returned -14
[  981.089795][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  981.132963][T14046] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[  981.152552][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  981.258311][T23812] batadv_slave_1: entered promiscuous mode
[  981.303162][T14046] usb 5-1: device descriptor read/64, error -71
[  981.460119][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  981.492778][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  981.552718][T14046] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[  981.690070][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  981.706258][T14046] usb 5-1: device descriptor read/64, error -71
[  981.731065][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  981.825005][T14046] usb usb5-port1: attempt power cycle
[  981.940558][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  981.967204][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  982.192776][T14046] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[  982.224255][T14046] usb 5-1: device descriptor read/8, error -71
[  982.230843][T23744] bridge0: port 1(bridge_slave_0) entered blocking state
[  982.230980][T23744] bridge0: port 1(bridge_slave_0) entered disabled state
[  982.231266][T23744] bridge_slave_0: entered allmulticast mode
[  982.234304][T23744] bridge_slave_0: entered promiscuous mode
[  982.262323][T23744] bridge0: port 2(bridge_slave_1) entered blocking state
[  982.269911][T23744] bridge0: port 2(bridge_slave_1) entered disabled state
[  982.277672][T23744] bridge_slave_1: entered allmulticast mode
[  982.284153][T14044] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  982.285677][T23744] bridge_slave_1: entered promiscuous mode
[  982.383445][ T5632] Bluetooth: hci1: command tx timeout
[  982.455970][T23744] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  982.466238][T14044] usb 1-1: Using ep0 maxpacket: 32
[  982.479536][T14044] usb 1-1: config 0 has an invalid interface number: 188 but max is 0
[  982.488712][T14044] usb 1-1: config 0 has no interface number 0
[  982.495214][T14044] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  982.508971][T14044] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  982.518602][T14044] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  982.526767][T14046] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[  982.534708][T14044] usb 1-1: Product: syz
[  982.539080][T14044] usb 1-1: Manufacturer: syz
[  982.553079][T14044] usb 1-1: SerialNumber: syz
[  982.564003][T14046] usb 5-1: device descriptor read/8, error -71
[  982.576406][T14044] usb 1-1: config 0 descriptor??
[  982.591113][T23871] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  982.607454][T23744] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  982.684370][T14046] usb usb5-port1: unable to enumerate USB device
[  982.801926][T23744] team0: Port device team_slave_0 added
[  982.818221][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  982.818237][   T29] audit: type=1326 audit(1778234000.778:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23711 comm="syz.5.5019" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7dd9cdd9 code=0x7ffc0000
[  982.859754][T23744] team0: Port device team_slave_1 added
[  982.866825][T23871] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  982.932067][   T29] audit: type=1326 audit(1778234000.858:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23711 comm="syz.5.5019" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7dd9cdd9 code=0x7ffc0000
[  983.008646][T23744] batman_adv: batadv0: Adding interface: batadv_slave_0
[  983.025062][T23744] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  983.054568][T23744] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  983.078973][   T12] bridge_slave_1: left allmulticast mode
[  983.084774][   T12] bridge_slave_1: left promiscuous mode
[  983.091026][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  983.107672][   T12] bridge_slave_0: left allmulticast mode
[  983.113822][   T12] bridge_slave_0: left promiscuous mode
[  983.119827][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  983.893129][ T5632] Bluetooth: hci3: command 0x0406 tx timeout
[  983.940404][   T12] bond5 (unregistering): (slave ip6erspan0): Releasing active interface
[  984.063402][   T12] bond4 (unregistering): (slave gre1): Releasing backup interface
[  984.120225][   T12] bond0 (unregistering): (slave vxlan0): Releasing backup interface
[  984.313860][T24012] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5033'.
[  984.322960][T24012] netlink: 'syz.4.5033': attribute type 5 has an invalid length.
[  984.330831][T24012] netlink: 'syz.4.5033': attribute type 8 has an invalid length.
[  984.341124][T24012] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5033'.
[  984.359058][   T12] bond1 (unregistering): (slave bridge2): Releasing active interface
[  984.453268][T21168] Bluetooth: hci1: command tx timeout
[  984.558327][T24015] netlink: 840 bytes leftover after parsing attributes in process `syz.5.5034'.
[  984.739474][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  984.751364][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  984.761808][   T12] bond0 (unregistering): Released all slaves
[  984.774262][   T12] bond1 (unregistering): Released all slaves
[  984.796269][   T12] bond2 (unregistering): Released all slaves
[  984.811503][   T12] bond3 (unregistering): Released all slaves
[  984.846245][   T12] bond4 (unregistering): Released all slaves
[  984.869699][   T12] bond5 (unregistering): Released all slaves
[  984.892231][T23744] batman_adv: batadv0: Adding interface: batadv_slave_1
[  984.901118][T23744] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  984.942185][T23744] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  984.992390][ T5287] 8021q: adding VLAN 0 to HW filter on device eth5
[  985.296992][T24012] geneve2: entered promiscuous mode
[  985.304315][T24012] geneve2: entered allmulticast mode
[  985.332570][   T12] tipc: Left network mode
[  985.332744][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0
[  985.347022][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0
[  985.417712][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0
[  985.420849][T24019] netlink: 840 bytes leftover after parsing attributes in process `syz.5.5034'.
[  985.427920][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0
[  985.681975][T23744] hsr_slave_0: entered promiscuous mode
[  985.708410][T23744] hsr_slave_1: entered promiscuous mode
[  985.723759][T23744] debugfs: 'hsr0' already exists in 'hsr'
[  985.753765][T23744] Cannot create hsr debugfs directory
[  985.814998][T14044] asix 1-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  985.861419][T14044] asix 1-1:0.188 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[  985.919970][T14044] asix 1-1:0.188: probe with driver asix failed with error -71
[  985.969167][T24099] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5038'.
[  985.982841][T14044] usb 1-1: USB disconnect, device number 22
[  986.000299][   T12] hsr_slave_0: left promiscuous mode
[  986.012936][T24099] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5038'.
[  986.023748][   T12] hsr_slave_1: left promiscuous mode
[  986.051946][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  986.079018][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  986.093759][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  986.101825][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  986.152587][   T12] veth1_macvtap: left promiscuous mode
[  986.159098][   T12] veth0_macvtap: left promiscuous mode
[  986.173259][   T12] veth1_vlan: left promiscuous mode
[  986.179908][   T12] veth0_vlan: left promiscuous mode
[  986.532800][T21168] Bluetooth: hci1: command tx timeout
[  986.659528][T24132] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5041'.
[  986.678797][T24132] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5041'.
[  986.890146][   T12] team0 (unregistering): Port device team_slave_1 removed
[  986.913441][   T12] team0 (unregistering): Port device team_slave_0 removed
[  987.088258][ T5287] 8021q: adding VLAN 0 to HW filter on device eth6
[  987.703970][   T12] IPVS: stop unused estimator thread 0...
[  987.773924][T14046] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[  987.973729][T14046] usb 5-1: Using ep0 maxpacket: 32
[  987.988884][T14046] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  988.024126][T14046] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  988.041659][T24260] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5049'.
[  988.074946][T14046] gspca_main: nw80x-2.14.0 probing 055f:d001
[  988.156163][T24260] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[  988.184653][T24260] PKCS7: Only support pkcs7_signedData type
[  988.445124][T24289] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5051'.
[  988.615102][T21168] Bluetooth: hci1: command tx timeout
[  988.705841][T24221] bridge7: entered promiscuous mode
[  988.750237][T24221] bridge7: entered allmulticast mode
[  988.783877][T14046] gspca_nw80x: reg_r err -110
[  988.791106][T14046] nw80x 5-1:3.0: probe with driver nw80x failed with error -110
[  989.078715][T24312] loop2: detected capacity change from 0 to 7
[  989.124040][T24312] Dev loop2: unable to read RDB block 7
[  989.163203][T24312]  loop2: unable to read partition table
[  989.167083][T14039] usb 5-1: USB disconnect, device number 117
[  989.207516][T24312] loop2: partition table beyond EOD, truncated
[  989.259746][T24312] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  989.261579][T23744] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  989.278529][T24303] syz.5.5053 (24303): drop_caches: 2
[  989.296754][T23744] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  989.316981][T23744] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  989.339788][T23744] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  989.361854][T23744] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  989.381485][T23744] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  989.393472][T23744] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  989.408884][T23744] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  989.611384][T23744] 8021q: adding VLAN 0 to HW filter on device bond0
[  989.695098][T23744] 8021q: adding VLAN 0 to HW filter on device team0
[  989.708549][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  989.715765][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  989.730380][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  989.737554][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  989.967409][T23744] 8021q: adding VLAN 0 to HW filter on device batadv0
[  989.990106][T24358] __nla_validate_parse: 2 callbacks suppressed
[  989.990125][T24358] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5057'.
[  990.046645][T24363] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5058'.
[  990.068388][T24363] batman_adv: batadv0: Removing interface: batadv_slave_1
[  990.140057][T24358] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[  990.170588][T23744] veth0_vlan: entered promiscuous mode
[  990.178495][T24358] PKCS7: Only support pkcs7_signedData type
[  990.207222][T23744] veth1_vlan: entered promiscuous mode
[  990.254136][T23744] veth0_macvtap: entered promiscuous mode
[  990.279827][T23744] veth1_macvtap: entered promiscuous mode
[  990.330011][T23744] batman_adv: batadv0: Interface activated: batadv_slave_0
[  990.349703][T23744] batman_adv: batadv0: Interface activated: batadv_slave_1
[  990.369159][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  990.403710][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  990.434718][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  990.445285][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  990.709154][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  990.734294][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  990.844684][T24433] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5063'.
[  990.911519][  T143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  990.944337][  T143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  991.031054][T24443] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[  991.052441][T24443] PKCS7: Only support pkcs7_signedData type
[  992.172333][T24484] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5069'.
[  992.389106][T24494] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5068'.
[  992.826533][T24522] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5070'.
[  992.858091][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  992.864998][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  993.295917][T24510] loop9: detected capacity change from 0 to 7
[  993.362150][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  993.371389][    C0] buffer_io_error: 11 callbacks suppressed
[  993.371405][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  993.442943][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  993.452131][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  993.461509][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  993.470680][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  993.479245][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  993.488459][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  993.501607][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  993.510791][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  993.533525][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  993.542737][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  993.552204][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  993.561353][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  993.572872][T24510] ldm_validate_partition_table(): Disk read failed.
[  993.593464][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  993.602730][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  993.616658][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  993.625827][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  993.635217][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  993.644419][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  993.655685][T24510] Dev loop9: unable to read RDB block 0
[  993.672564][T24510]  loop9: unable to read partition table
[  993.700430][T24510] loop9: partition table beyond EOD, truncated
[  993.717251][T24510] loop_reread_partitions: partition scan of loop9 (��) failed (rc=-5)
[  993.981775][T24561] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5076'.
[  994.211294][T24573] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5079'.
[  994.322749][ T5707] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[  994.377458][T24579] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[  994.395802][T24579] PKCS7: Only support pkcs7_signedData type
[  994.439143][T24578] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5080'.
[  994.482731][ T5707] usb 5-1: Using ep0 maxpacket: 32
[  994.498924][ T5707] usb 5-1: config 1 has an invalid descriptor of length 234, skipping remainder of the config
[  994.522606][ T5707] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  994.583667][ T5707] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  994.599322][ T5707] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  994.617328][ T5707] usb 5-1: Product: ᐌ
[  994.626808][ T5707] usb 5-1: SerialNumber: syz
[  994.848654][T24559] loop6: detected capacity change from 0 to 2640
[  994.864194][T24559] ldm_validate_partition_table(): Disk read failed.
[  994.880124][T24559] Dev loop6: unable to read RDB block 0
[  994.907553][T24559]  loop6: unable to read partition table
[  994.959570][T24559] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  995.024744][ T5707] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  995.084239][ T5707] usb 5-1: USB disconnect, device number 118
[  995.703023][T14044] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  995.712402][ T4992] ldm_validate_partition_table(): Disk read failed.
[  995.749968][ T4992] Dev loop6: unable to read RDB block 0
[  995.774674][ T4992]  loop6: unable to read partition table
[  995.895087][T14044] usb 4-1: Using ep0 maxpacket: 16
[  995.913701][T14044] usb 4-1: config 0 has an invalid descriptor of length 83, skipping remainder of the config
[  995.945952][T14044] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  995.964346][T24645] FAULT_INJECTION: forcing a failure.
[  995.964346][T24645] name failslab, interval 1, probability 0, space 0, times 0
[  996.001742][T14044] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b25, bcdDevice= 0.00
[  996.035839][T14044] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  996.042783][T24645] CPU: 0 UID: 0 PID: 24645 Comm: syz.5.5086 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  996.042812][T24645] Tainted: [L]=SOFTLOCKUP
[  996.042819][T24645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  996.042830][T24645] Call Trace:
[  996.042838][T24645]  <TASK>
[  996.042846][T24645]  dump_stack_lvl+0xe8/0x150
[  996.042872][T24645]  should_fail_ex+0x412/0x560
[  996.042900][T24645]  should_failslab+0xa8/0x100
[  996.042928][T24645]  __kmalloc_noprof+0xe8/0x760
[  996.042952][T24645]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  996.042981][T24645]  tomoyo_realpath_from_path+0xe3/0x5d0
[  996.043006][T24645]  ? tomoyo_domain+0xd7/0x130
[  996.043035][T24645]  ? tomoyo_path_number_perm+0x219/0x630
[  996.043056][T24645]  tomoyo_path_number_perm+0x246/0x630
[  996.043079][T24645]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  996.043102][T24645]  ? sb_end_write+0xe9/0x1c0
[  996.043123][T24645]  ? vfs_write+0x9bc/0xb90
[  996.043176][T24645]  ? ksys_write+0x1fc/0x270
[  996.043204][T24645]  security_file_ioctl+0xc3/0x2a0
[  996.043226][T24645]  __se_sys_ioctl+0x47/0x170
[  996.043251][T24645]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  996.043270][T24645]  do_syscall_64+0x15f/0xf80
[  996.043294][T24645]  ? trace_irq_disable+0x3b/0x140
[  996.043319][T24645]  ? clear_bhb_loop+0x40/0x90
[  996.043340][T24645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  996.043358][T24645] RIP: 0033:0x7fcd7dd9cdd9
[  996.043374][T24645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  996.043390][T24645] RSP: 002b:00007fcd7ec12028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  996.043408][T24645] RAX: ffffffffffffffda RBX: 00007fcd7e015fa0 RCX: 00007fcd7dd9cdd9
[  996.043422][T24645] RDX: 0000200000000200 RSI: 0000000040284504 RDI: 0000000000000003
[  996.043433][T24645] RBP: 00007fcd7ec12090 R08: 0000000000000000 R09: 0000000000000000
[  996.043445][T24645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  996.043465][T24645] R13: 00007fcd7e016038 R14: 00007fcd7e015fa0 R15: 00007fcd7e13fa48
[  996.043492][T24645]  </TASK>
[  996.043500][T24645] ERROR: Out of memory at tomoyo_realpath_from_path.
[  996.072286][T14044] usb 4-1: config 0 descriptor??
[  996.610191][T24618] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  996.635489][T24668] netlink: 'syz.0.5088': attribute type 1 has an invalid length.
[  996.645191][T14046] usb 6-1: new high-speed USB device number 81 using dummy_hcd
[  996.666172][T24618] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  996.824238][T14046] usb 6-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  996.840008][T14046] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  996.864651][T24410] usb 4-1: USB disconnect, device number 72
[  996.878355][T14046] usb 6-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  996.897153][T14046] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  996.916269][T14046] usb 6-1: Product: syz
[  996.919298][T24695] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5091'.
[  996.920650][T14046] usb 6-1: Manufacturer: syz
[  996.931021][T24695] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5091'.
[  996.940424][T14046] usb 6-1: SerialNumber: syz
[  996.952111][T14046] usb 6-1: config 0 descriptor??
[  996.970557][T14046] ims_pcu 6-1:0.0: Missing CDC union descriptor
[  996.978003][T14046] ims_pcu 6-1:0.0: probe with driver ims_pcu failed with error -22
[  997.043073][  T996] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  997.172396][T24703] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  997.195726][T24703] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  997.215432][  T996] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  997.226789][  T996] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  997.236048][  T996] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  997.249467][  T996] usb 2-1: config 0 descriptor??
[  997.451342][T24713] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5093'.
[  997.519445][T24714] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[  997.537762][T24714] PKCS7: Only support pkcs7_signedData type
[  997.670822][  T996] ath6kl: Unsupported hardware version: 0x0
[  997.700516][  T996] ath6kl: Failed to init ath6kl core: -22
[  997.707253][  T996] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -22
[  997.720433][T14048] usb 6-1: USB disconnect, device number 81
[  998.165168][ T5707] usb 6-1: new high-speed USB device number 82 using dummy_hcd
[  998.333148][ T5707] usb 6-1: Using ep0 maxpacket: 32
[  998.352369][ T5707] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  998.390404][ T5707] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  998.466183][ T5707] gspca_main: nw80x-2.14.0 probing 055f:d001
[  998.636137][T14048] usb 2-1: USB disconnect, device number 5
[  998.953809][T24756] bridge9: entered promiscuous mode
[  998.973482][T24756] bridge9: entered allmulticast mode
[  999.173373][ T5707] gspca_nw80x: reg_r err -110
[  999.181729][ T5707] nw80x 6-1:3.0: probe with driver nw80x failed with error -110
[  999.399965][T14048] usb 6-1: USB disconnect, device number 82
[  999.581981][T24781] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5103'.
[  999.878470][T24803] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5107'.
[ 1000.002249][T24803] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[ 1000.031683][T24803] PKCS7: Only support pkcs7_signedData type
[ 1000.762364][T24824] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[ 1001.438245][T24854] tipc: Failed to remove unknown binding: 66,0,0/0:3644665039/3644665040
[ 1001.469837][T24854] tipc: Failed to remove unknown binding: 66,0,0/0:3644665039/3644665040
[ 1001.496195][T24858] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5117'.
[ 1001.602442][T24858] bridge5: entered promiscuous mode
[ 1001.624194][T24858] bridge5: entered allmulticast mode
[ 1001.862851][ T5707] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[ 1002.032805][ T5707] usb 2-1: Using ep0 maxpacket: 16
[ 1002.043125][T24876] netlink: 140 bytes leftover after parsing attributes in process `syz.5.5120'.
[ 1002.058692][ T5707] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 154, changing to 11
[ 1002.077867][ T5707] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023
[ 1002.108961][ T5707] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[ 1002.140297][ T5707] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1002.162000][ T5707] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1002.178218][ T5707] usb 2-1: Product: з
[ 1002.182454][ T5707] usb 2-1: Manufacturer: 앣朩텕듫恢슍捖鍉숮뚮鐚轌
[ 1002.191078][ T5707] usb 2-1: SerialNumber: 䐊
[ 1002.221549][T24410] hid-generic 0008:0091:0009.0023: reserved main item tag 0xd
[ 1002.258028][T24410] hid-generic 0008:0091:0009.0023: item fetching failed at offset 28/32
[ 1002.303145][T24410] hid-generic 0008:0091:0009.0023: probe with driver hid-generic failed with error -22
[ 1002.708696][ T5707] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[ 1002.708731][ T5707] cdc_ncm 2-1:1.0: bind() failure
[ 1002.741273][ T5707] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[ 1002.741313][ T5707] cdc_ncm 2-1:1.1: bind() failure
[ 1002.750531][ T5707] usb 2-1: USB disconnect, device number 6
[ 1002.787731][T24923] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5124'.
[ 1002.859838][T24936] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[ 1002.917269][T24936] PKCS7: Only support pkcs7_signedData type
[ 1003.592166][T24956] batadv_slave_1: left promiscuous mode
[ 1003.617107][T24956] bridge5: left promiscuous mode
[ 1003.929931][T24978] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1003.951670][T24978] batadv_slave_1: entered promiscuous mode
[ 1004.003040][T24410] usb 6-1: new high-speed USB device number 83 using dummy_hcd
[ 1004.183162][T24410] usb 6-1: Using ep0 maxpacket: 16
[ 1004.202500][T24410] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1004.238138][T24410] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1004.285737][T24410] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1004.323066][T24410] usb 6-1: config 1 interface 1 has no altsetting 0
[ 1004.338116][T24410] usb 6-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40
[ 1004.348657][T24410] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1004.357726][T24410] usb 6-1: Product: syz
[ 1004.388881][T24410] usb 6-1: Manufacturer: syz
[ 1004.409381][T24410] usb 6-1: SerialNumber: syz
[ 1004.953415][T14048] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 1005.102409][T25021] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5140'.
[ 1005.115691][T14048] usb 2-1: config 160 has an invalid interface number: 200 but max is 0
[ 1005.133632][T14048] usb 2-1: config 160 has no interface number 0
[ 1005.141133][T14048] usb 2-1: config 160 interface 200 has no altsetting 0
[ 1005.153556][T14048] usb 2-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[ 1005.166971][T14048] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1005.175267][ T5632] Bluetooth: hci3: command 0x0406 tx timeout
[ 1005.186733][T14048] usb 2-1: Product: syz
[ 1005.204453][T14048] usb 2-1: Manufacturer: syz
[ 1005.209128][T14048] usb 2-1: SerialNumber: syz
[ 1005.228276][T25022] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[ 1005.252534][T25022] PKCS7: Only support pkcs7_signedData type
[ 1005.399954][T25028] batadv_slave_1: left promiscuous mode
[ 1005.406186][T25028] bridge2: left promiscuous mode
[ 1005.411434][T25028] bridge3: left promiscuous mode
[ 1005.785026][T25033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5142'.
[ 1005.794699][T25033] bond0: Unable to set up delay as MII monitoring is disabled
[ 1006.446829][T25058] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5147'.
[ 1006.548792][T25061] FAULT_INJECTION: forcing a failure.
[ 1006.548792][T25061] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1006.565055][T25061] CPU: 1 UID: 0 PID: 25061 Comm: syz.3.5148 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1006.565086][T25061] Tainted: [L]=SOFTLOCKUP
[ 1006.565093][T25061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1006.565108][T25061] Call Trace:
[ 1006.565116][T25061]  <TASK>
[ 1006.565121][T25061]  dump_stack_lvl+0xe8/0x150
[ 1006.565138][T25061]  should_fail_ex+0x412/0x560
[ 1006.565155][T25061]  _copy_from_user+0x2d/0xb0
[ 1006.565169][T25061]  ___sys_sendmsg+0x1c6/0x360
[ 1006.565197][T25061]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1006.565219][T25061]  ? __lock_acquire+0x6b5/0x2cf0
[ 1006.565276][T25061]  __sys_sendmmsg+0x27c/0x4e0
[ 1006.565293][T25061]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1006.565306][T25061]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[ 1006.565336][T25061]  ? ksys_write+0x242/0x270
[ 1006.565363][T25061]  ? __pfx_ksys_write+0x10/0x10
[ 1006.565394][T25061]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1006.565418][T25061]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1006.565429][T25061]  do_syscall_64+0x15f/0xf80
[ 1006.565443][T25061]  ? trace_irq_disable+0x3b/0x140
[ 1006.565457][T25061]  ? clear_bhb_loop+0x40/0x90
[ 1006.565469][T25061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1006.565479][T25061] RIP: 0033:0x7fcff839cdd9
[ 1006.565503][T25061] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1006.565519][T25061] RSP: 002b:00007fcff918a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1006.565538][T25061] RAX: ffffffffffffffda RBX: 00007fcff8615fa0 RCX: 00007fcff839cdd9
[ 1006.565552][T25061] RDX: 0400000000000159 RSI: 0000200000001c00 RDI: 0000000000000003
[ 1006.565564][T25061] RBP: 00007fcff918a090 R08: 0000000000000000 R09: 0000000000000000
[ 1006.565572][T25061] R10: 0000000000040840 R11: 0000000000000246 R12: 0000000000000002
[ 1006.565578][T25061] R13: 00007fcff8616038 R14: 00007fcff8615fa0 R15: 00007fcff873fa48
[ 1006.565593][T25061]  </TASK>
[ 1006.583051][ T5707] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[ 1006.879128][T24410] usb 6-1: selecting invalid altsetting 0
[ 1006.955421][ T5707] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[ 1006.964293][ T5707] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1006.987460][ T5707] usb 1-1: config 220 has no interface number 2
[ 1007.001130][T24410] usb 6-1: USB disconnect, device number 83
[ 1007.008601][ T5707] usb 1-1: config 220 interface 1 altsetting 5 bulk endpoint 0x82 has invalid maxpacket 56
[ 1007.045644][ T5707] usb 1-1: config 220 interface 1 altsetting 5 bulk endpoint 0x3 has invalid maxpacket 1023
[ 1007.078731][ T5707] usb 1-1: config 220 interface 1 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 12
[ 1007.123550][ T5707] usb 1-1: config 220 interface 0 has no altsetting 0
[ 1007.144319][ T5707] usb 1-1: config 220 interface 76 has no altsetting 0
[ 1007.151466][ T5707] usb 1-1: config 220 interface 1 has no altsetting 0
[ 1007.163506][ T5636] udevd[5636]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1007.169896][ T5707] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1007.206861][ T5707] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1007.215361][ T5707] usb 1-1: Product: syz
[ 1007.219654][ T5707] usb 1-1: Manufacturer: syz
[ 1007.225148][ T5707] usb 1-1: SerialNumber: syz
[ 1007.452768][T24410] usb 6-1: new high-speed USB device number 84 using dummy_hcd
[ 1007.470687][ T5707] usb 1-1: selecting invalid altsetting 0
[ 1007.478907][ T5707] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1007.486700][ T5707] uvcvideo 1-1:220.0: No valid video chain found.
[ 1007.503750][ T5707] usb 1-1: selecting invalid altsetting 0
[ 1007.512417][ T5707] usbtest 1-1:220.1: probe with driver usbtest failed with error -22
[ 1007.530552][ T5707] usb 1-1: USB disconnect, device number 23
[ 1007.563720][T14048] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1007.574379][T14048] usb 2-1: MIDIStreaming interface descriptor not found
[ 1007.602773][T24410] usb 6-1: Using ep0 maxpacket: 16
[ 1007.618605][T24410] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1007.641743][T24410] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1007.666312][T24410] usb 6-1: Product: syz
[ 1007.675741][T24410] usb 6-1: Manufacturer: syz
[ 1007.680611][T24410] usb 6-1: SerialNumber: syz
[ 1007.697545][T24410] r8152-cfgselector 6-1: Unknown version 0x0000
[ 1007.697760][T14048] usb 2-1: USB disconnect, device number 7
[ 1007.708217][T24410] r8152-cfgselector 6-1: config 0 descriptor??
[ 1007.774058][ T5636] udevd[5636]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1007.920523][T24410] r8152-cfgselector 6-1: Needed 2 retries to read version
[ 1007.927757][T24410] r8152-cfgselector 6-1: Unknown version 0x3c60
[ 1007.934556][T24410] r8152-cfgselector 6-1: No union descriptors
[ 1008.067494][T25160] kvm: user requested TSC rate below hardware speed
[ 1008.102959][T14048] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[ 1008.146308][T25088] Cannot find map_set index 2 as target
[ 1008.208409][T14044] r8152-cfgselector 6-1: USB disconnect, device number 84
[ 1008.259672][T25178] netlink: 224 bytes leftover after parsing attributes in process `syz.0.5158'.
[ 1008.277348][T14048] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1008.311133][T14048] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 3
[ 1008.329135][T14048] usb 2-1: config 220 interface 0 has no altsetting 0
[ 1008.340515][T14048] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1008.351553][T14048] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1008.359903][T14048] usb 2-1: Product: syz
[ 1008.365287][T14048] usb 2-1: Manufacturer: syz
[ 1008.370727][T14048] usb 2-1: SerialNumber: syz
[ 1008.414470][T25183] geneve3: entered promiscuous mode
[ 1008.420315][T25191] FAULT_INJECTION: forcing a failure.
[ 1008.420315][T25191] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1008.435664][T25191] CPU: 0 UID: 0 PID: 25191 Comm: syz.0.5160 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1008.435692][T25191] Tainted: [L]=SOFTLOCKUP
[ 1008.435699][T25191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1008.435709][T25191] Call Trace:
[ 1008.435716][T25191]  <TASK>
[ 1008.435723][T25191]  dump_stack_lvl+0xe8/0x150
[ 1008.435746][T25191]  should_fail_ex+0x412/0x560
[ 1008.435770][T25191]  _copy_from_user+0x2d/0xb0
[ 1008.435795][T25191]  ___sys_sendmsg+0x1c6/0x360
[ 1008.435817][T25191]  ? __lock_acquire+0x6b5/0x2cf0
[ 1008.435837][T25191]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1008.435856][T25191]  ? __lock_acquire+0x6b5/0x2cf0
[ 1008.435875][T25191]  ? irqentry_exit+0x218/0x730
[ 1008.435896][T25191]  ? trace_irq_disable+0x3b/0x140
[ 1008.435961][T25191]  __sys_sendmmsg+0x27c/0x4e0
[ 1008.435986][T25191]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1008.436005][T25191]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[ 1008.436045][T25191]  ? ksys_write+0x242/0x270
[ 1008.436071][T25191]  ? __pfx_ksys_write+0x10/0x10
[ 1008.436098][T25191]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1008.436118][T25191]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1008.436134][T25191]  do_syscall_64+0x15f/0xf80
[ 1008.436154][T25191]  ? trace_irq_disable+0x3b/0x140
[ 1008.436175][T25191]  ? clear_bhb_loop+0x40/0x90
[ 1008.436194][T25191]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1008.436212][T25191] RIP: 0033:0x7f4d7699cdd9
[ 1008.436227][T25191] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1008.436240][T25191] RSP: 002b:00007f4d7791b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1008.436256][T25191] RAX: ffffffffffffffda RBX: 00007f4d76c15fa0 RCX: 00007f4d7699cdd9
[ 1008.436267][T25191] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[ 1008.436278][T25191] RBP: 00007f4d7791b090 R08: 0000000000000000 R09: 0000000000000000
[ 1008.436287][T25191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1008.436297][T25191] R13: 00007f4d76c16038 R14: 00007f4d76c15fa0 R15: 00007f4d76d3fa48
[ 1008.436320][T25191]  </TASK>
[ 1008.686699][T14048] uvcvideo 2-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1008.712581][T14048] uvcvideo 2-1:220.0: No valid video chain found.
[ 1008.757787][T14048] usb 2-1: USB disconnect, device number 8
[ 1009.052068][T25241] FAULT_INJECTION: forcing a failure.
[ 1009.052068][T25241] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1009.067672][T25241] CPU: 1 UID: 0 PID: 25241 Comm: syz.5.5165 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1009.067701][T25241] Tainted: [L]=SOFTLOCKUP
[ 1009.067708][T25241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1009.067719][T25241] Call Trace:
[ 1009.067727][T25241]  <TASK>
[ 1009.067736][T25241]  dump_stack_lvl+0xe8/0x150
[ 1009.067761][T25241]  should_fail_ex+0x412/0x560
[ 1009.067790][T25241]  _copy_from_user+0x2d/0xb0
[ 1009.067819][T25241]  snd_ctl_ioctl+0x433/0x1cf0
[ 1009.067846][T25241]  ? kasan_save_free_info+0x46/0x50
[ 1009.067869][T25241]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[ 1009.067899][T25241]  ? kasan_save_track+0x4f/0x80
[ 1009.067921][T25241]  ? kasan_save_track+0x3e/0x80
[ 1009.067942][T25241]  ? kasan_save_free_info+0x46/0x50
[ 1009.067960][T25241]  ? __kasan_slab_free+0x5c/0x80
[ 1009.067982][T25241]  ? kfree+0x1c5/0x640
[ 1009.068001][T25241]  ? tomoyo_path_number_perm+0x501/0x630
[ 1009.068021][T25241]  ? security_file_ioctl+0xc3/0x2a0
[ 1009.068039][T25241]  ? __se_sys_ioctl+0x47/0x170
[ 1009.068062][T25241]  ? do_syscall_64+0x15f/0xf80
[ 1009.068084][T25241]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.068151][T25241]  ? tomoyo_path_number_perm+0x219/0x630
[ 1009.068173][T25241]  ? tomoyo_path_number_perm+0x219/0x630
[ 1009.068196][T25241]  ? do_vfs_ioctl+0x1166/0x1530
[ 1009.068223][T25241]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1009.068260][T25241]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[ 1009.068303][T25241]  ? __fget_files+0x2a/0x420
[ 1009.068326][T25241]  ? __fget_files+0x2a/0x420
[ 1009.068346][T25241]  ? __fget_files+0x3a0/0x420
[ 1009.068366][T25241]  ? __fget_files+0x2a/0x420
[ 1009.068390][T25241]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1009.068416][T25241]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[ 1009.068443][T25241]  __se_sys_ioctl+0xfc/0x170
[ 1009.068467][T25241]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.068486][T25241]  do_syscall_64+0x15f/0xf80
[ 1009.068509][T25241]  ? trace_irq_disable+0x3b/0x140
[ 1009.068534][T25241]  ? clear_bhb_loop+0x40/0x90
[ 1009.068557][T25241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.068575][T25241] RIP: 0033:0x7fcd7dd9cdd9
[ 1009.068592][T25241] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1009.068614][T25241] RSP: 002b:00007fcd7ec12028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1009.068633][T25241] RAX: ffffffffffffffda RBX: 00007fcd7e015fa0 RCX: 00007fcd7dd9cdd9
[ 1009.068646][T25241] RDX: 0000200000001340 RSI: 00000000c1105517 RDI: 0000000000000003
[ 1009.068658][T25241] RBP: 00007fcd7ec12090 R08: 0000000000000000 R09: 0000000000000000
[ 1009.068670][T25241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1009.068681][T25241] R13: 00007fcd7e016038 R14: 00007fcd7e015fa0 R15: 00007fcd7e13fa48
[ 1009.068710][T25241]  </TASK>
[ 1009.478095][T25248] kvm: user requested TSC rate below hardware speed
[ 1009.695021][T25266] batadv_slave_1: entered promiscuous mode
[ 1009.705734][T25265] batadv_slave_1: left promiscuous mode
[ 1009.775883][ T5707] usb 6-1: new high-speed USB device number 85 using dummy_hcd
[ 1009.841941][T25273] syzkaller0: entered promiscuous mode
[ 1009.848927][T25273] syzkaller0: entered allmulticast mode
[ 1009.936172][ T5707] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1009.944904][ T5707] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1009.954628][ T5707] usb 6-1: string descriptor 0 read error: -22
[ 1009.961220][ T5707] usb 6-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.40
[ 1009.970727][ T5707] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1010.083528][T14044] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[ 1010.176578][T25293] FAULT_INJECTION: forcing a failure.
[ 1010.176578][T25293] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1010.190777][T25293] CPU: 1 UID: 0 PID: 25293 Comm: syz.0.5180 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1010.190806][T25293] Tainted: [L]=SOFTLOCKUP
[ 1010.190813][T25293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1010.190825][T25293] Call Trace:
[ 1010.190833][T25293]  <TASK>
[ 1010.190840][T25293]  dump_stack_lvl+0xe8/0x150
[ 1010.190857][T25293]  should_fail_ex+0x412/0x560
[ 1010.190874][T25293]  _copy_to_user+0x31/0xb0
[ 1010.190890][T25293]  sk_getsockopt+0x1c11/0x2840
[ 1010.190918][T25293]  ? __pfx_sk_getsockopt+0x10/0x10
[ 1010.190958][T25293]  ? __might_fault+0xaf/0x130
[ 1010.190983][T25293]  ? __might_fault+0xaf/0x130
[ 1010.191023][T25293]  do_sock_getsockopt+0x2bd/0x7e0
[ 1010.191043][T25293]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1010.191068][T25293]  ? __fget_files+0x3a0/0x420
[ 1010.191089][T25293]  ? __fget_files+0x2a/0x420
[ 1010.191117][T25293]  __x64_sys_getsockopt+0x1a4/0x240
[ 1010.191149][T25293]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1010.191161][T25293]  do_syscall_64+0x15f/0xf80
[ 1010.191175][T25293]  ? trace_irq_disable+0x3b/0x140
[ 1010.191190][T25293]  ? clear_bhb_loop+0x40/0x90
[ 1010.191202][T25293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1010.191214][T25293] RIP: 0033:0x7f4d7699cdd9
[ 1010.191231][T25293] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1010.191246][T25293] RSP: 002b:00007f4d7791b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1010.191265][T25293] RAX: ffffffffffffffda RBX: 00007f4d76c15fa0 RCX: 00007f4d7699cdd9
[ 1010.191279][T25293] RDX: 0000000000000012 RSI: 0000000000000001 RDI: 0000000000000003
[ 1010.191290][T25293] RBP: 00007f4d7791b090 R08: 00002000000001c0 R09: 0000000000000000
[ 1010.191300][T25293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1010.191306][T25293] R13: 00007f4d76c16038 R14: 00007f4d76c15fa0 R15: 00007f4d76d3fa48
[ 1010.191321][T25293]  </TASK>
[ 1010.386671][T14044] usb 5-1: device descriptor read/64, error -71
[ 1010.399953][ T5707] hid (null): report_id 1010848821 is invalid
[ 1010.484733][ T5707] glorious 0003:22D4:1503.0024: report_id 1010848821 is invalid
[ 1010.502599][ T5707] glorious 0003:22D4:1503.0024: item 0 4 1 8 parsing failed
[ 1010.513912][ T5707] glorious 0003:22D4:1503.0024: probe with driver glorious failed with error -22
[ 1010.645185][T25300] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1010.652611][T25300] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1010.653097][T14044] usb 5-1: new high-speed USB device number 120 using dummy_hcd
[ 1010.798633][T25300] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1010.828414][T25300] batadv_slave_1: left promiscuous mode
[ 1010.834963][T14044] usb 5-1: device descriptor read/64, error -71
[ 1010.966178][T14044] usb usb5-port1: attempt power cycle
[ 1011.134709][   T47] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.145701][T14048] usb 6-1: USB disconnect, device number 85
[ 1011.152861][   T47] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.185586][   T47] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.211367][   T47] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.323006][T14044] usb 5-1: new high-speed USB device number 121 using dummy_hcd
[ 1011.375517][T14044] usb 5-1: device descriptor read/8, error -71
[ 1011.622907][T14044] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[ 1011.653254][T14044] usb 5-1: device descriptor read/8, error -71
[ 1011.763974][T14044] usb usb5-port1: unable to enumerate USB device
[ 1011.776153][T25345] bridge5: left promiscuous mode
[ 1011.797692][T25345] ip6gre1: left promiscuous mode
[ 1011.804732][T25345] bridge6: left promiscuous mode
[ 1011.809950][T25345] bridge7: left promiscuous mode
[ 1011.817890][T25345] bridge8: left promiscuous mode
[ 1011.825662][T25345] bridge9: left promiscuous mode
[ 1011.831565][  T143] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1011.853115][  T143] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1011.870054][  T143] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1011.886869][  T143] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1012.308016][T25356] syzkaller0: mtu less than device minimum
[ 1012.315645][T25356] syzkaller0: entered allmulticast mode
[ 1012.628973][T25366] netlink: 'syz.5.5193': attribute type 12 has an invalid length.
[ 1012.637290][T25366] netlink: 132 bytes leftover after parsing attributes in process `syz.5.5193'.
[ 1012.743846][T25370] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5194'.
[ 1012.753144][T25370] netlink: 'syz.5.5194': attribute type 1 has an invalid length.
[ 1012.993921][T25387] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5197'.
[ 1013.282802][T14044] usb 5-1: new high-speed USB device number 123 using dummy_hcd
[ 1013.322970][ T5707] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[ 1013.432838][T14044] usb 5-1: Using ep0 maxpacket: 16
[ 1013.439513][T14044] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1013.449849][T14044] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1013.458913][T14044] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1013.468799][T14044] usb 5-1: config 1 interface 1 has no altsetting 0
[ 1013.473132][ T5707] usb 2-1: Using ep0 maxpacket: 32
[ 1013.478052][T14044] usb 5-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40
[ 1013.483055][ T5707] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[ 1013.489716][T14044] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1013.500605][ T5707] usb 2-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[ 1013.521111][T14044] usb 5-1: Product: syz
[ 1013.525917][T14044] usb 5-1: Manufacturer: syz
[ 1013.530553][T14044] usb 5-1: SerialNumber: syz
[ 1013.542886][ T5707] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1013.555712][ T5707] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[ 1013.588544][ T5707] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[ 1013.598582][ T5707] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1013.607406][ T5707] usb 2-1: Product: syz
[ 1013.612070][ T5707] usb 2-1: Manufacturer: syz
[ 1013.617110][ T5707] usb 2-1: SerialNumber: syz
[ 1013.631950][    C0] imon 2-1:155.0: imon usb_rx_callback_intf0: status(-71)
[ 1013.641460][ T5707] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/input/input82
[ 1013.730171][T25413] netlink: 72 bytes leftover after parsing attributes in process `syz.5.5201'.
[ 1013.844890][ T5707] imon 2-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[ 1013.853712][ T5707]  (id 0x00)
[ 1013.864716][T25418] syzkaller0: entered promiscuous mode
[ 1013.870373][T25418] syzkaller0: entered allmulticast mode
[ 1013.912760][ T5707] rc_core: IR keymap rc-imon-pad not found
[ 1013.920463][ T5707] Registered IR keymap rc-empty
[ 1013.933574][ T5707] imon 2-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[ 1013.954071][ T5707] imon 2-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1014.044180][ T5707] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/rc/rc0
[ 1014.077397][ T5707] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/rc/rc0/input83
[ 1014.095728][ T5707] imon 2-1:155.0: iMON device (15c2:ffdc, intf0) on usb<2:9> initialized
[ 1014.427077][T25447] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1014.440626][T25448] netlink: 72 bytes leftover after parsing attributes in process `syz.5.5205'.
[ 1014.576147][T25452] FAULT_INJECTION: forcing a failure.
[ 1014.576147][T25452] name failslab, interval 1, probability 0, space 0, times 0
[ 1014.592881][T25452] CPU: 0 UID: 0 PID: 25452 Comm: syz.5.5206 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1014.592909][T25452] Tainted: [L]=SOFTLOCKUP
[ 1014.592916][T25452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1014.592927][T25452] Call Trace:
[ 1014.592934][T25452]  <TASK>
[ 1014.592942][T25452]  dump_stack_lvl+0xe8/0x150
[ 1014.592969][T25452]  should_fail_ex+0x412/0x560
[ 1014.592997][T25452]  ? alloc_inode+0x6a/0x1b0
[ 1014.593018][T25452]  should_failslab+0xa8/0x100
[ 1014.593041][T25452]  kmem_cache_alloc_lru_noprof+0x87/0x640
[ 1014.593055][T25452]  ? simple_start_creating+0xcc/0x110
[ 1014.593071][T25452]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[ 1014.593082][T25452]  alloc_inode+0x6a/0x1b0
[ 1014.593094][T25452]  new_inode+0x22/0x170
[ 1014.593119][T25452]  __debugfs_create_file+0xb8/0x400
[ 1014.593143][T25452]  debugfs_create_file_full+0x3f/0x60
[ 1014.593165][T25452]  ref_tracker_dir_debugfs+0x197/0x360
[ 1014.593189][T25452]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[ 1014.593216][T25452]  ? __kvmalloc_node_noprof+0x545/0x8a0
[ 1014.593230][T25452]  ? alloc_netdev_mqs+0xa8/0x1210
[ 1014.593251][T25452]  ? __raw_spin_lock_init+0x45/0x100
[ 1014.593279][T25452]  alloc_netdev_mqs+0x274/0x1210
[ 1014.593296][T25452]  ? __pfx_geneve_setup+0x10/0x10
[ 1014.593327][T25452]  rtnl_create_link+0x31f/0xd70
[ 1014.593345][T25452]  rtnl_newlink_create+0x277/0xb70
[ 1014.593359][T25452]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1014.593379][T25452]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1014.593394][T25452]  ? __pfx___mutex_lock+0x10/0x10
[ 1014.593429][T25452]  ? ns_capable+0x89/0xe0
[ 1014.593453][T25452]  rtnl_newlink+0x166a/0x1bb0
[ 1014.593488][T25452]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1014.593505][T25452]  ? __lock_acquire+0x6b5/0x2cf0
[ 1014.593518][T25452]  ? __lock_acquire+0x6b5/0x2cf0
[ 1014.593536][T25452]  ? unwind_next_frame+0xa6/0x2550
[ 1014.593556][T25452]  ? unwind_next_frame+0xa6/0x2550
[ 1014.593581][T25452]  ? is_bpf_text_address+0x26/0x2b0
[ 1014.593613][T25452]  ? is_bpf_text_address+0x26/0x2b0
[ 1014.593636][T25452]  ? __lock_acquire+0x6b5/0x2cf0
[ 1014.593649][T25452]  ? kernel_text_address+0xa5/0xe0
[ 1014.593664][T25452]  ? __kernel_text_address+0xd/0x30
[ 1014.593677][T25452]  ? unwind_get_return_address+0x4d/0x90
[ 1014.593688][T25452]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1014.593708][T25452]  ? arch_stack_walk+0xfb/0x150
[ 1014.593741][T25452]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1014.593779][T25452]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1014.593793][T25452]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1014.593805][T25452]  ? kmem_cache_alloc_node_noprof+0x384/0x690
[ 1014.593818][T25452]  ? netlink_sendmsg+0x5d4/0xb40
[ 1014.593832][T25452]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1014.593844][T25452]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1014.593865][T25452]  ? __lock_acquire+0x6b5/0x2cf0
[ 1014.593898][T25452]  netlink_rcv_skb+0x232/0x4b0
[ 1014.593923][T25452]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1014.593941][T25452]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1014.593960][T25452]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1014.593973][T25452]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1014.593989][T25452]  netlink_unicast+0x75c/0x8e0
[ 1014.594017][T25452]  netlink_sendmsg+0x813/0xb40
[ 1014.594051][T25452]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1014.594078][T25452]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1014.594095][T25452]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1014.594110][T25452]  ____sys_sendmsg+0x972/0x9f0
[ 1014.594123][T25452]  ? __might_fault+0xaf/0x130
[ 1014.594139][T25452]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1014.594168][T25452]  ? import_iovec+0x73/0xa0
[ 1014.594199][T25452]  ___sys_sendmsg+0x2a5/0x360
[ 1014.594221][T25452]  ? __lock_acquire+0x6b5/0x2cf0
[ 1014.594239][T25452]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1014.594276][T25452]  ? __fget_files+0x2a/0x420
[ 1014.594287][T25452]  ? __fget_files+0x3a0/0x420
[ 1014.594313][T25452]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1014.594342][T25452]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1014.594375][T25452]  ? __pfx_ksys_write+0x10/0x10
[ 1014.594395][T25452]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1014.594406][T25452]  do_syscall_64+0x15f/0xf80
[ 1014.594421][T25452]  ? trace_irq_disable+0x3b/0x140
[ 1014.594445][T25452]  ? clear_bhb_loop+0x40/0x90
[ 1014.594468][T25452]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1014.594487][T25452] RIP: 0033:0x7fcd7dd9cdd9
[ 1014.594504][T25452] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1014.594519][T25452] RSP: 002b:00007fcd7ec12028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1014.594533][T25452] RAX: ffffffffffffffda RBX: 00007fcd7e015fa0 RCX: 00007fcd7dd9cdd9
[ 1014.594540][T25452] RDX: 0000000000000040 RSI: 0000200000000340 RDI: 0000000000000003
[ 1014.594546][T25452] RBP: 00007fcd7ec12090 R08: 0000000000000000 R09: 0000000000000000
[ 1014.594553][T25452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1014.594558][T25452] R13: 00007fcd7e016038 R14: 00007fcd7e015fa0 R15: 00007fcd7e13fa48
[ 1014.594574][T25452]  </TASK>
[ 1015.100869][T25452] debugfs: out of free dentries, can not create file 'netdev@ffff88807657e658'
[ 1015.117527][T25452] geneve2: entered promiscuous mode
[ 1015.122979][T25452] geneve2: entered allmulticast mode
[ 1015.267262][T25462] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5207'.
[ 1015.301610][T25462] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1015.321777][T25462] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5207'.
[ 1015.330729][T25462] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5207'.
[ 1015.348552][T25462] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1015.358121][T25462] bond2: (slave bond0): making interface the new active one
[ 1015.369059][T25462] bond2: (slave bond0): Enslaving as an active interface with an up link
[ 1015.511548][T25501] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5208'.
[ 1015.524171][T25501] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5208'.
[ 1015.972676][T14044] usb 5-1: selecting invalid altsetting 0
[ 1016.057756][T14044] usb 5-1: USB disconnect, device number 123
[ 1016.122001][ T5740] udevd[5740]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1016.318492][T25453] imon:send_packet: task interrupted
[ 1016.325197][T25453] imon:send_packet: packet tx failed (-512)
[ 1016.340791][T25453] imon:vfd_write: send packet #1 failed
[ 1016.380468][T14044] usb 2-1: USB disconnect, device number 9
[ 1016.593400][T25552] FAULT_INJECTION: forcing a failure.
[ 1016.593400][T25552] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1016.607211][T25552] CPU: 0 UID: 0 PID: 25552 Comm: syz.1.5211 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1016.607238][T25552] Tainted: [L]=SOFTLOCKUP
[ 1016.607245][T25552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1016.607256][T25552] Call Trace:
[ 1016.607264][T25552]  <TASK>
[ 1016.607271][T25552]  dump_stack_lvl+0xe8/0x150
[ 1016.607297][T25552]  should_fail_ex+0x412/0x560
[ 1016.607325][T25552]  _copy_from_iter+0x1d3/0x1670
[ 1016.607359][T25552]  ? __pfx__copy_from_iter+0x10/0x10
[ 1016.607380][T25552]  ? sock_alloc_send_pskb+0x896/0x990
[ 1016.607410][T25552]  ? __pfx__copy_from_iter+0x10/0x10
[ 1016.607438][T25552]  copy_page_from_iter+0x220/0x2d0
[ 1016.607463][T25552]  skb_copy_datagram_from_iter+0x306/0x710
[ 1016.607500][T25552]  tun_get_user+0xc5e/0x43e0
[ 1016.607535][T25552]  ? aa_file_perm+0x192/0x15e0
[ 1016.607563][T25552]  ? aa_file_perm+0x50e/0x15e0
[ 1016.607585][T25552]  ? __pfx_tun_get_user+0x10/0x10
[ 1016.607601][T25552]  ? __lock_acquire+0x6b5/0x2cf0
[ 1016.607614][T25552]  ? kstrtoull+0x12f/0x1d0
[ 1016.607628][T25552]  ? ref_tracker_alloc+0x35c/0x4c0
[ 1016.607643][T25552]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1016.607657][T25552]  ? tun_get+0x1c/0x2f0
[ 1016.607668][T25552]  ? tun_get+0x1c/0x2f0
[ 1016.607682][T25552]  ? tun_get+0x1c/0x2f0
[ 1016.607693][T25552]  ? tun_get+0x1c/0x2f0
[ 1016.607707][T25552]  tun_chr_write_iter+0x113/0x200
[ 1016.607720][T25552]  vfs_write+0x61d/0xb90
[ 1016.607739][T25552]  ? __pfx_vfs_write+0x10/0x10
[ 1016.607756][T25552]  ? __fget_files+0x2a/0x420
[ 1016.607772][T25552]  ksys_write+0x150/0x270
[ 1016.607786][T25552]  ? __pfx_ksys_write+0x10/0x10
[ 1016.607803][T25552]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1016.607814][T25552]  do_syscall_64+0x15f/0xf80
[ 1016.607829][T25552]  ? trace_irq_disable+0x3b/0x140
[ 1016.607843][T25552]  ? clear_bhb_loop+0x40/0x90
[ 1016.607856][T25552]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1016.607866][T25552] RIP: 0033:0x7fa022f9cdd9
[ 1016.607876][T25552] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1016.607885][T25552] RSP: 002b:00007fa023dc7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1016.607896][T25552] RAX: ffffffffffffffda RBX: 00007fa023215fa0 RCX: 00007fa022f9cdd9
[ 1016.607903][T25552] RDX: 000000000000fd6c RSI: 0000200000000280 RDI: 0000000000000004
[ 1016.607910][T25552] RBP: 00007fa023dc7090 R08: 0000000000000000 R09: 0000000000000000
[ 1016.607916][T25552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1016.607922][T25552] R13: 00007fa023216038 R14: 00007fa023215fa0 R15: 00007fa02333fa48
[ 1016.607937][T25552]  </TASK>
[ 1016.978687][T25561] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5212'.
[ 1017.540327][T25600] fuse: Unknown parameter 'griup_id�H�m�'
[ 1018.112178][T25634] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1019.192771][T14044] usb 6-1: new high-speed USB device number 86 using dummy_hcd
[ 1019.333093][T14044] usb 6-1: device descriptor read/64, error -71
[ 1019.377344][T25716] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5237'.
[ 1019.391510][T25716] fuse: Unknown parameter 'grou00000000000000000000'
[ 1019.457053][T25720] batadv_slave_1: entered promiscuous mode
[ 1019.532813][T22247] usb 5-1: new high-speed USB device number 124 using dummy_hcd
[ 1019.592773][T14044] usb 6-1: new high-speed USB device number 87 using dummy_hcd
[ 1019.662767][T22247] usb 5-1: device descriptor read/64, error -71
[ 1019.742857][T14044] usb 6-1: device descriptor read/64, error -71
[ 1019.853061][T14044] usb usb6-port1: attempt power cycle
[ 1019.902804][T22247] usb 5-1: new high-speed USB device number 125 using dummy_hcd
[ 1020.032749][T22247] usb 5-1: device descriptor read/64, error -71
[ 1020.144584][T22247] usb usb5-port1: attempt power cycle
[ 1020.202919][T14044] usb 6-1: new high-speed USB device number 88 using dummy_hcd
[ 1020.224932][T14044] usb 6-1: device descriptor read/8, error -71
[ 1020.462761][T14044] usb 6-1: new high-speed USB device number 89 using dummy_hcd
[ 1020.483907][T22247] usb 5-1: new high-speed USB device number 126 using dummy_hcd
[ 1020.493538][T14044] usb 6-1: device descriptor read/8, error -71
[ 1020.534181][T22247] usb 5-1: device descriptor read/8, error -71
[ 1020.624019][T14044] usb usb6-port1: unable to enumerate USB device
[ 1020.656715][T25748] FAULT_INJECTION: forcing a failure.
[ 1020.656715][T25748] name failslab, interval 1, probability 0, space 0, times 0
[ 1020.675285][T25748] CPU: 0 UID: 0 PID: 25748 Comm: syz.0.5243 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1020.675312][T25748] Tainted: [L]=SOFTLOCKUP
[ 1020.675319][T25748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1020.675330][T25748] Call Trace:
[ 1020.675337][T25748]  <TASK>
[ 1020.675345][T25748]  dump_stack_lvl+0xe8/0x150
[ 1020.675371][T25748]  should_fail_ex+0x412/0x560
[ 1020.675397][T25748]  should_failslab+0xa8/0x100
[ 1020.675422][T25748]  ? dst_alloc+0x105/0x170
[ 1020.675439][T25748]  kmem_cache_alloc_noprof+0x87/0x650
[ 1020.675464][T25748]  ? __lock_acquire+0x6b5/0x2cf0
[ 1020.675486][T25748]  dst_alloc+0x105/0x170
[ 1020.675505][T25748]  ip_route_output_key_hash_rcu+0x14d0/0x25d0
[ 1020.675539][T25748]  ? ip_route_output_key_hash+0xd8/0x2a0
[ 1020.675566][T25748]  ip_route_output_key_hash+0x18d/0x2a0
[ 1020.675591][T25748]  ? ns_capable+0x89/0xe0
[ 1020.675610][T25748]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 1020.675648][T25748]  ip_route_output_flow+0x2a/0x150
[ 1020.675673][T25748]  ? security_sk_classify_flow+0x6d/0x150
[ 1020.675695][T25748]  udp_sendmsg+0x141a/0x21a0
[ 1020.675719][T25748]  ? string+0x279/0x2b0
[ 1020.675746][T25748]  ? __pfx_udp_sendmsg+0x10/0x10
[ 1020.675773][T25748]  ? format_decode+0x5a3/0xe10
[ 1020.675790][T25748]  ? look_up_lock_class+0x57/0x110
[ 1020.675820][T25748]  ? __lock_acquire+0x6b5/0x2cf0
[ 1020.675857][T25748]  ? get_random_u32+0x497/0x8b0
[ 1020.675876][T25748]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1020.675896][T25748]  ? get_random_u32+0x13a/0x8b0
[ 1020.675913][T25748]  ? get_random_u32+0x4ce/0x8b0
[ 1020.675940][T25748]  udpv6_sendmsg+0x996/0x25c0
[ 1020.675976][T25748]  ? __pfx_udpv6_sendmsg+0x10/0x10
[ 1020.675995][T25748]  ? udp_lib_get_port+0x177a/0x1c60
[ 1020.676021][T25748]  ? ip6_datagram_release_cb+0x7c/0x550
[ 1020.676059][T25748]  ? inet_send_prepare+0x1b9/0x270
[ 1020.676077][T25748]  ? inet_send_prepare+0x1b9/0x270
[ 1020.676097][T25748]  ? inet_send_prepare+0x1b9/0x270
[ 1020.676112][T25748]  ? __local_bh_enable_ip+0xd0/0x130
[ 1020.676131][T25748]  ? inet_send_prepare+0x1b9/0x270
[ 1020.676151][T25748]  ? inet6_sendmsg+0xe4/0x120
[ 1020.676172][T25748]  ____sys_sendmsg+0x5c7/0x9f0
[ 1020.676207][T25748]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1020.676240][T25748]  ? import_iovec+0x73/0xa0
[ 1020.676270][T25748]  ___sys_sendmsg+0x2a5/0x360
[ 1020.676294][T25748]  ? __lock_acquire+0x6b5/0x2cf0
[ 1020.676317][T25748]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1020.676375][T25748]  ? __fget_files+0x2a/0x420
[ 1020.676396][T25748]  ? __fget_files+0x3a0/0x420
[ 1020.676427][T25748]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1020.676455][T25748]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1020.676489][T25748]  ? __pfx_ksys_write+0x10/0x10
[ 1020.676522][T25748]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1020.676543][T25748]  do_syscall_64+0x15f/0xf80
[ 1020.676567][T25748]  ? trace_irq_disable+0x3b/0x140
[ 1020.676592][T25748]  ? clear_bhb_loop+0x40/0x90
[ 1020.676614][T25748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1020.676633][T25748] RIP: 0033:0x7f4d7699cdd9
[ 1020.676650][T25748] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1020.676666][T25748] RSP: 002b:00007f4d7791b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1020.676687][T25748] RAX: ffffffffffffffda RBX: 00007f4d76c15fa0 RCX: 00007f4d7699cdd9
[ 1020.676700][T25748] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[ 1020.676712][T25748] RBP: 00007f4d7791b090 R08: 0000000000000000 R09: 0000000000000000
[ 1020.676727][T25748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1020.676738][T25748] R13: 00007f4d76c16038 R14: 00007f4d76c15fa0 R15: 00007f4d76d3fa48
[ 1020.676767][T25748]  </TASK>
[ 1020.883017][T14048] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[ 1021.013025][T22247] usb 5-1: new high-speed USB device number 127 using dummy_hcd
[ 1021.043453][T22247] usb 5-1: device descriptor read/8, error -71
[ 1021.182945][T22247] usb usb5-port1: unable to enumerate USB device
[ 1021.238209][T25752] kvm: user requested TSC rate below hardware speed
[ 1021.294490][T14048] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1021.305476][T14048] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1021.314945][T14048] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1021.339294][T14048] usb 2-1: config 0 descriptor??
[ 1021.733235][T22247] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[ 1021.756435][T14048] ath6kl: Unsupported hardware version: 0x0
[ 1021.780063][T14048] ath6kl: Failed to init ath6kl core: -22
[ 1021.786907][T14048] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -22
[ 1021.884374][T22247] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1021.895530][T22247] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1021.905614][T22247] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1021.914716][T22247] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1021.926435][T25761] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[ 1021.938570][T22247] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1022.165556][T22247] usb 1-1: USB disconnect, device number 24
[ 1022.460768][T14048] usb 2-1: USB disconnect, device number 10
[ 1023.168161][T25866] netlink: 372 bytes leftover after parsing attributes in process `syz.5.5259'.
[ 1023.210961][T25871] batadv_slave_1: left promiscuous mode
[ 1023.320219][T25878] netlink: 'syz.0.5263': attribute type 1 has an invalid length.
[ 1023.487936][T25904] FAULT_INJECTION: forcing a failure.
[ 1023.487936][T25904] name failslab, interval 1, probability 0, space 0, times 0
[ 1023.487980][T25904] CPU: 0 UID: 0 PID: 25904 Comm: syz.1.5265 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1023.488004][T25904] Tainted: [L]=SOFTLOCKUP
[ 1023.488012][T25904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1023.488023][T25904] Call Trace:
[ 1023.488030][T25904]  <TASK>
[ 1023.488038][T25904]  dump_stack_lvl+0xe8/0x150
[ 1023.488064][T25904]  should_fail_ex+0x412/0x560
[ 1023.488093][T25904]  should_failslab+0xa8/0x100
[ 1023.488122][T25904]  __kmalloc_cache_noprof+0x88/0x660
[ 1023.488148][T25904]  ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[ 1023.488172][T25904]  ? __genradix_ptr+0x1e1/0x220
[ 1023.488200][T25904]  sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[ 1023.488235][T25904]  sctp_association_new+0x15d3/0x25e0
[ 1023.488269][T25904]  sctp_connect_new_asoc+0x2e4/0x6b0
[ 1023.488292][T25904]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1023.488317][T25904]  ? __local_bh_enable_ip+0xd0/0x130
[ 1023.488336][T25904]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1023.488361][T25904]  ? security_sctp_bind_connect+0x7e/0x2c0
[ 1023.488384][T25904]  sctp_sendmsg+0x1528/0x2c10
[ 1023.488415][T25904]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1023.488435][T25904]  ? aa_sk_perm+0x6d5/0x900
[ 1023.488463][T25904]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1023.488489][T25904]  ? sock_rps_record_flow+0x19/0x350
[ 1023.488518][T25904]  ? inet_sendmsg+0x2f4/0x370
[ 1023.488539][T25904]  ____sys_sendmsg+0x80a/0x9f0
[ 1023.488571][T25904]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1023.488603][T25904]  ? import_iovec+0x73/0xa0
[ 1023.488631][T25904]  ___sys_sendmsg+0x2a5/0x360
[ 1023.488654][T25904]  ? __lock_acquire+0x6b5/0x2cf0
[ 1023.488677][T25904]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1023.488706][T25904]  ? kstrtouint+0x6e/0xe0
[ 1023.488755][T25904]  ? __fget_files+0x2a/0x420
[ 1023.488775][T25904]  ? __fget_files+0x3a0/0x420
[ 1023.488805][T25904]  __sys_sendmmsg+0x27c/0x4e0
[ 1023.488835][T25904]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1023.488861][T25904]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[ 1023.488910][T25904]  ? ksys_write+0x242/0x270
[ 1023.488936][T25904]  ? __pfx_ksys_write+0x10/0x10
[ 1023.488973][T25904]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1023.488998][T25904]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1023.489017][T25904]  do_syscall_64+0x15f/0xf80
[ 1023.489040][T25904]  ? trace_irq_disable+0x3b/0x140
[ 1023.489065][T25904]  ? clear_bhb_loop+0x40/0x90
[ 1023.489087][T25904]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1023.489105][T25904] RIP: 0033:0x7fa022f9cdd9
[ 1023.489123][T25904] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1023.489137][T25904] RSP: 002b:00007fa023dc7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1023.489156][T25904] RAX: ffffffffffffffda RBX: 00007fa023215fa0 RCX: 00007fa022f9cdd9
[ 1023.489169][T25904] RDX: 0000000000000001 RSI: 0000200000000880 RDI: 0000000000000003
[ 1023.489180][T25904] RBP: 00007fa023dc7090 R08: 0000000000000000 R09: 0000000000000000
[ 1023.489192][T25904] R10: 0000000004004010 R11: 0000000000000246 R12: 0000000000000001
[ 1023.489202][T25904] R13: 00007fa023216038 R14: 00007fa023215fa0 R15: 00007fa02333fa48
[ 1023.489231][T25904]  </TASK>
[ 1023.563691][T22247] usb 6-1: new high-speed USB device number 90 using dummy_hcd
[ 1023.579372][T25898] netlink: 64 bytes leftover after parsing attributes in process `syz.0.5263'.
[ 1023.652195][ T5632] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1023.969936][ T5632] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1023.977193][T22247] usb 6-1: Using ep0 maxpacket: 16
[ 1023.985011][ T5632] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1023.997679][T22247] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 154, changing to 11
[ 1024.009019][ T5632] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1024.021029][T22247] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023
[ 1024.031802][T22247] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[ 1024.043132][ T5632] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1024.059150][T22247] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1024.068376][T22247] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1024.076780][T22247] usb 6-1: Product: з
[ 1024.081220][T22247] usb 6-1: Manufacturer: 앣朩텕듫恢슍捖鍉숮뚮鐚轌
[ 1024.089505][T22247] usb 6-1: SerialNumber: 䐊
[ 1024.249017][T25950] netlink: 'syz.1.5270': attribute type 10 has an invalid length.
[ 1024.268158][T25950] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1024.283612][T25950] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5270'.
[ 1024.314434][T25950] bridge_slave_1: left allmulticast mode
[ 1024.320179][T25950] bridge_slave_1: left promiscuous mode
[ 1024.326676][T25950] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1024.337364][T25950] bridge_slave_0: left allmulticast mode
[ 1024.344096][T25950] bridge_slave_0: left promiscuous mode
[ 1024.350068][T25950] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1024.353049][ T5707] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 1024.368819][T22247] cdc_ncm 6-1:1.0: CDC Union missing and no IAD found
[ 1024.376441][T22247] cdc_ncm 6-1:1.0: bind() failure
[ 1024.384976][T25950] bond0: (slave bridge0): Releasing backup interface
[ 1024.390329][T22247] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[ 1024.402149][T22247] cdc_ncm 6-1:1.1: bind() failure
[ 1024.417339][T22247] usb 6-1: USB disconnect, device number 90
[ 1024.534367][ T5707] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1024.562678][ T5707] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1024.583851][ T5707] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1024.598483][ T5707] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1024.614217][ T5707] usb 5-1: config 0 descriptor??
[ 1024.732413][T26050] FAULT_INJECTION: forcing a failure.
[ 1024.732413][T26050] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1024.758088][T26050] CPU: 0 UID: 0 PID: 26050 Comm: syz.1.5272 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1024.758119][T26050] Tainted: [L]=SOFTLOCKUP
[ 1024.758126][T26050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1024.758137][T26050] Call Trace:
[ 1024.758145][T26050]  <TASK>
[ 1024.758154][T26050]  dump_stack_lvl+0xe8/0x150
[ 1024.758180][T26050]  should_fail_ex+0x412/0x560
[ 1024.758211][T26050]  _copy_from_user+0x2d/0xb0
[ 1024.758242][T26050]  ___sys_sendmsg+0x1c6/0x360
[ 1024.758268][T26050]  ? __lock_acquire+0x6b5/0x2cf0
[ 1024.758292][T26050]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1024.758347][T26050]  ? __fget_files+0x2a/0x420
[ 1024.758369][T26050]  ? __fget_files+0x3a0/0x420
[ 1024.758398][T26050]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1024.758426][T26050]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1024.758459][T26050]  ? __pfx_ksys_write+0x10/0x10
[ 1024.758491][T26050]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1024.758512][T26050]  do_syscall_64+0x15f/0xf80
[ 1024.758536][T26050]  ? trace_irq_disable+0x3b/0x140
[ 1024.758562][T26050]  ? clear_bhb_loop+0x40/0x90
[ 1024.758584][T26050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1024.758603][T26050] RIP: 0033:0x7fa022f9cdd9
[ 1024.758622][T26050] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1024.758637][T26050] RSP: 002b:00007fa023dc7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1024.758657][T26050] RAX: ffffffffffffffda RBX: 00007fa023215fa0 RCX: 00007fa022f9cdd9
[ 1024.758670][T26050] RDX: 0000000000048004 RSI: 0000200000000040 RDI: 0000000000000003
[ 1024.758682][T26050] RBP: 00007fa023dc7090 R08: 0000000000000000 R09: 0000000000000000
[ 1024.758694][T26050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1024.758705][T26050] R13: 00007fa023216038 R14: 00007fa023215fa0 R15: 00007fa02333fa48
[ 1024.758732][T26050]  </TASK>
[ 1024.998159][T25934] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1025.006203][T25934] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1025.020008][T25934] bridge_slave_0: entered allmulticast mode
[ 1025.050772][T25934] bridge_slave_0: entered promiscuous mode
[ 1025.061244][T25934] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1025.070253][T25934] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1025.077879][T25934] bridge_slave_1: entered allmulticast mode
[ 1025.090671][T25934] bridge_slave_1: entered promiscuous mode
[ 1025.129994][T26084] rdma_op ffff88807abe59f0 conn xmit_rdma 0000000000000000
[ 1025.161924][ T5707] hid_parser_main: 15 callbacks suppressed
[ 1025.161948][ T5707] cm6533_jd 0003:0D8C:0022.0025: unknown main item tag 0x0
[ 1025.184773][ T5707] cm6533_jd 0003:0D8C:0022.0025: unknown main item tag 0x0
[ 1025.196029][ T5707] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0025/input/input84
[ 1025.259402][ T5707] cm6533_jd 0003:0D8C:0022.0025: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[ 1025.319265][T25934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1025.368121][T14048] usb 5-1: USB disconnect, device number 2
[ 1025.401566][T25934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1025.410815][T14044] usb 6-1: new high-speed USB device number 91 using dummy_hcd
[ 1025.517019][T25934] team0: Port device team_slave_0 added
[ 1025.534218][T25934] team0: Port device team_slave_1 added
[ 1025.562843][T14044] usb 6-1: device descriptor read/64, error -71
[ 1025.607908][T25934] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1025.618086][T25934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1025.644988][T25934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1025.665755][T25934] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1025.676561][T25934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1025.704601][T25934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1025.758649][T25934] hsr_slave_0: entered promiscuous mode
[ 1025.767306][T25934] hsr_slave_1: entered promiscuous mode
[ 1025.834599][T14044] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[ 1025.842721][ T5707] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[ 1025.985775][T14044] usb 6-1: device descriptor read/64, error -71
[ 1025.993621][ T5707] usb 1-1: Using ep0 maxpacket: 16
[ 1026.010491][ T5707] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1026.040231][ T5707] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1026.050673][ T5707] usb 1-1: config 1 interface 0 has no altsetting 0
[ 1026.053013][T14048] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[ 1026.087066][T26297] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1026.099270][ T5707] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1026.115704][T14044] usb usb6-port1: attempt power cycle
[ 1026.124396][ T5707] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1026.135768][ T5707] usb 1-1: Product: syz
[ 1026.141394][ T5707] usb 1-1: Manufacturer: syz
[ 1026.146555][ T5632] Bluetooth: hci0: command tx timeout
[ 1026.163174][ T5707] usb 1-1: SerialNumber: syz
[ 1026.243860][T14048] usb 2-1: Using ep0 maxpacket: 16
[ 1026.252508][T14048] usb 2-1: config 64 has 0 interfaces, different from the descriptor's value: 1
[ 1026.274528][T14048] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1026.290406][T14048] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1026.311221][T14048] usb 2-1: Manufacturer: syz
[ 1026.504003][T14044] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[ 1026.533691][T14044] usb 6-1: device descriptor read/8, error -71
[ 1026.564034][T26198] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 1026.755402][T26316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1026.776519][T26316] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1026.792826][T14044] usb 6-1: new high-speed USB device number 94 using dummy_hcd
[ 1026.798989][ T5707] usb 1-1: USB disconnect, device number 25
[ 1026.801842][T25934] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1026.831834][T25934] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1026.841610][T26159] netlink: 'syz.0.5278': attribute type 5 has an invalid length.
[ 1026.841709][T14044] usb 6-1: device descriptor read/8, error -71
[ 1026.853945][T26159] netlink: 'syz.0.5278': attribute type 4 has an invalid length.
[ 1026.864153][T25934] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1026.874059][T25934] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1026.881896][T25934] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1026.891439][T25934] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1026.899770][T25934] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1026.912210][T25934] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1026.963309][T14044] usb usb6-port1: unable to enumerate USB device
[ 1026.987846][T25934] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1027.005151][T25934] 8021q: adding VLAN 0 to HW filter on device team0
[ 1027.016897][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1027.024076][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1027.039663][   T47] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1027.046781][   T47] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1027.119059][T25934] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1027.158467][T25934] veth0_vlan: entered promiscuous mode
[ 1027.170286][T25934] veth1_vlan: entered promiscuous mode
[ 1027.198507][T25934] veth0_macvtap: entered promiscuous mode
[ 1027.208102][T25934] veth1_macvtap: entered promiscuous mode
[ 1027.226302][T25934] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1027.241269][T25934] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1027.255847][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1027.265569][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1027.276365][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1027.286092][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1027.425954][   T47] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1027.440723][   T47] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1027.482305][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1027.492136][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1027.600213][T26357] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1027.646280][T26356] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5264'.
[ 1028.213074][ T5632] Bluetooth: hci0: command tx timeout
[ 1028.648707][T14046] usb 2-1: USB disconnect, device number 11
[ 1029.258013][T26387] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5286'.
[ 1029.273505][T26387] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1029.993526][T26395] geneve2: left promiscuous mode
[ 1030.004356][T26395] bridge7: left promiscuous mode
[ 1030.010621][T26395] geneve3: left promiscuous mode
[ 1030.017060][T15207] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 256 - 0
[ 1030.028988][T15207] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 256 - 0
[ 1030.039077][T15207] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 256 - 0
[ 1030.048048][T15207] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 256 - 0
[ 1030.285745][T26406] netlink: 372 bytes leftover after parsing attributes in process `syz.5.5290'.
[ 1030.294926][ T5632] Bluetooth: hci0: command tx timeout
[ 1030.435163][T26416] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5293'.
[ 1030.447799][T26416] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5293'.
[ 1030.543970][T26421] FAULT_INJECTION: forcing a failure.
[ 1030.543970][T26421] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1030.549985][T26423] netlink: 'syz.0.5295': attribute type 1 has an invalid length.
[ 1030.557622][T26421] CPU: 1 UID: 0 PID: 26421 Comm: syz.5.5294 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1030.557647][T26421] Tainted: [L]=SOFTLOCKUP
[ 1030.557653][T26421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1030.557664][T26421] Call Trace:
[ 1030.557672][T26421]  <TASK>
[ 1030.557680][T26421]  dump_stack_lvl+0xe8/0x150
[ 1030.557706][T26421]  should_fail_ex+0x412/0x560
[ 1030.557735][T26421]  _copy_from_user+0x2d/0xb0
[ 1030.557760][T26421]  kstrtouint_from_user+0xd6/0x180
[ 1030.557784][T26421]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1030.557821][T26421]  proc_fail_nth_write+0x8e/0x210
[ 1030.557845][T26421]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1030.557872][T26421]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1030.557896][T26421]  vfs_write+0x29a/0xb90
[ 1030.557928][T26421]  ? __pfx_vfs_write+0x10/0x10
[ 1030.557954][T26421]  ? __fget_files+0x2a/0x420
[ 1030.557978][T26421]  ? __fget_files+0x3a0/0x420
[ 1030.557998][T26421]  ? __fget_files+0x2a/0x420
[ 1030.558026][T26421]  ksys_write+0x150/0x270
[ 1030.558052][T26421]  ? __pfx_ksys_write+0x10/0x10
[ 1030.558083][T26421]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1030.558103][T26421]  do_syscall_64+0x15f/0xf80
[ 1030.558126][T26421]  ? trace_irq_disable+0x3b/0x140
[ 1030.558152][T26421]  ? clear_bhb_loop+0x40/0x90
[ 1030.558173][T26421]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1030.558191][T26421] RIP: 0033:0x7fcd7dd5d60e
[ 1030.558207][T26421] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1030.558223][T26421] RSP: 002b:00007fcd7ec11fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1030.558242][T26421] RAX: ffffffffffffffda RBX: 00007fcd7ec126c0 RCX: 00007fcd7dd5d60e
[ 1030.558256][T26421] RDX: 0000000000000001 RSI: 00007fcd7ec120a0 RDI: 0000000000000004
[ 1030.558267][T26421] RBP: 00007fcd7ec12090 R08: 0000000000000000 R09: 0000000000000000
[ 1030.558278][T26421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1030.558289][T26421] R13: 00007fcd7e016038 R14: 00007fcd7e015fa0 R15: 00007fcd7e13fa48
[ 1030.558318][T26421]  </TASK>
[ 1030.695168][T26424] FAULT_INJECTION: forcing a failure.
[ 1030.695168][T26424] name failslab, interval 1, probability 0, space 0, times 0
[ 1030.792529][T26424] CPU: 1 UID: 0 PID: 26424 Comm: syz.0.5295 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1030.792562][T26424] Tainted: [L]=SOFTLOCKUP
[ 1030.792569][T26424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1030.792580][T26424] Call Trace:
[ 1030.792587][T26424]  <TASK>
[ 1030.792596][T26424]  dump_stack_lvl+0xe8/0x150
[ 1030.792621][T26424]  should_fail_ex+0x412/0x560
[ 1030.792649][T26424]  should_failslab+0xa8/0x100
[ 1030.792676][T26424]  __kmalloc_cache_noprof+0x88/0x660
[ 1030.792700][T26424]  ? __hw_addr_create+0x60/0x250
[ 1030.792730][T26424]  __hw_addr_create+0x60/0x250
[ 1030.792752][T26424]  ? stack_depot_init+0x36/0x1a0
[ 1030.792779][T26424]  __hw_addr_add_ex+0x1c2/0x520
[ 1030.792809][T26424]  dev_addr_init+0x15e/0x240
[ 1030.792838][T26424]  ? __pfx_dev_addr_init+0x10/0x10
[ 1030.792866][T26424]  ? alloc_netdev_mqs+0xa8/0x1210
[ 1030.792892][T26424]  alloc_netdev_mqs+0x2b3/0x1210
[ 1030.792908][T26424]  ? __pfx_vlan_setup+0x10/0x10
[ 1030.792931][T26424]  rtnl_create_link+0x31f/0xd70
[ 1030.792957][T26424]  rtnl_newlink_create+0x277/0xb70
[ 1030.792981][T26424]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1030.793017][T26424]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1030.793045][T26424]  ? __pfx___mutex_lock+0x10/0x10
[ 1030.793081][T26424]  ? ns_capable+0x89/0xe0
[ 1030.793103][T26424]  rtnl_newlink+0x166a/0x1bb0
[ 1030.793141][T26424]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1030.793176][T26424]  ? __lock_acquire+0x6b5/0x2cf0
[ 1030.793197][T26424]  ? __lock_acquire+0x6b5/0x2cf0
[ 1030.793223][T26424]  ? unwind_next_frame+0xa6/0x2550
[ 1030.793250][T26424]  ? unwind_next_frame+0xa6/0x2550
[ 1030.793272][T26424]  ? is_bpf_text_address+0x26/0x2b0
[ 1030.793301][T26424]  ? is_bpf_text_address+0x26/0x2b0
[ 1030.793323][T26424]  ? __lock_acquire+0x6b5/0x2cf0
[ 1030.793345][T26424]  ? kernel_text_address+0xa5/0xe0
[ 1030.793369][T26424]  ? __kernel_text_address+0xd/0x30
[ 1030.793392][T26424]  ? unwind_get_return_address+0x4d/0x90
[ 1030.793413][T26424]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1030.793440][T26424]  ? arch_stack_walk+0xfb/0x150
[ 1030.793471][T26424]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1030.793507][T26424]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1030.793529][T26424]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1030.793549][T26424]  ? kmem_cache_alloc_node_noprof+0x384/0x690
[ 1030.793573][T26424]  ? netlink_sendmsg+0x5d4/0xb40
[ 1030.793597][T26424]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1030.793617][T26424]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1030.793639][T26424]  ? __lock_acquire+0x6b5/0x2cf0
[ 1030.793671][T26424]  netlink_rcv_skb+0x232/0x4b0
[ 1030.793696][T26424]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1030.793720][T26424]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1030.793756][T26424]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1030.793779][T26424]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1030.793808][T26424]  netlink_unicast+0x75c/0x8e0
[ 1030.793840][T26424]  netlink_sendmsg+0x813/0xb40
[ 1030.793874][T26424]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1030.793901][T26424]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1030.793927][T26424]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1030.793955][T26424]  ____sys_sendmsg+0x972/0x9f0
[ 1030.793979][T26424]  ? __might_fault+0xaf/0x130
[ 1030.794008][T26424]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1030.794041][T26424]  ? import_iovec+0x73/0xa0
[ 1030.794070][T26424]  ___sys_sendmsg+0x2a5/0x360
[ 1030.794094][T26424]  ? __lock_acquire+0x6b5/0x2cf0
[ 1030.794117][T26424]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1030.794184][T26424]  ? __fget_files+0x2a/0x420
[ 1030.794206][T26424]  ? __fget_files+0x3a0/0x420
[ 1030.794237][T26424]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1030.794265][T26424]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1030.794298][T26424]  ? __pfx_ksys_write+0x10/0x10
[ 1030.794330][T26424]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1030.794351][T26424]  do_syscall_64+0x15f/0xf80
[ 1030.794375][T26424]  ? trace_irq_disable+0x3b/0x140
[ 1030.794400][T26424]  ? clear_bhb_loop+0x40/0x90
[ 1030.794423][T26424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1030.794440][T26424] RIP: 0033:0x7f4d7699cdd9
[ 1030.794457][T26424] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1030.794472][T26424] RSP: 002b:00007f4d778fa028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1030.794492][T26424] RAX: ffffffffffffffda RBX: 00007f4d76c16090 RCX: 00007f4d7699cdd9
[ 1030.794505][T26424] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000005
[ 1030.794517][T26424] RBP: 00007f4d778fa090 R08: 0000000000000000 R09: 0000000000000000
[ 1030.794529][T26424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1030.794540][T26424] R13: 00007f4d76c16128 R14: 00007f4d76c16090 R15: 00007f4d76d3fa48
[ 1030.794570][T26424]  </TASK>
[ 1031.387472][T26423] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1031.460464][T26431] bond2: (slave geneve2): making interface the new active one
[ 1031.485844][T26431] bond2: (slave geneve2): Enslaving as an active interface with an up link
[ 1031.519567][ T7083] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1031.567025][ T7083] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1031.674119][ T7083] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1031.727209][ T7083] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1031.771367][T26483] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1031.794695][T26483] batadv_slave_1: entered promiscuous mode
[ 1032.372978][ T5632] Bluetooth: hci0: command tx timeout
[ 1032.980864][T26527] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1033.039419][T26523] FAULT_INJECTION: forcing a failure.
[ 1033.039419][T26523] name failslab, interval 1, probability 0, space 0, times 0
[ 1033.116636][T26523] CPU: 1 UID: 0 PID: 26523 Comm: syz.1.5307 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1033.116656][T26523] Tainted: [L]=SOFTLOCKUP
[ 1033.116661][T26523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1033.116667][T26523] Call Trace:
[ 1033.116675][T26523]  <TASK>
[ 1033.116680][T26523]  dump_stack_lvl+0xe8/0x150
[ 1033.116696][T26523]  should_fail_ex+0x412/0x560
[ 1033.116713][T26523]  should_failslab+0xa8/0x100
[ 1033.116729][T26523]  __kmalloc_cache_noprof+0x88/0x660
[ 1033.116744][T26523]  ? iopt_alloc_pages+0x85/0x490
[ 1033.116756][T26523]  iopt_alloc_pages+0x85/0x490
[ 1033.116767][T26523]  iopt_alloc_user_pages+0x42/0xe0
[ 1033.116778][T26523]  iopt_map_user_pages+0x4e/0xd0
[ 1033.116792][T26523]  iommufd_ioas_map+0x397/0x4d0
[ 1033.116810][T26523]  ? __pfx_iommufd_ioas_map+0x10/0x10
[ 1033.116828][T26523]  iommufd_fops_ioctl+0x4b5/0x5d0
[ 1033.116844][T26523]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1033.116861][T26523]  ? __fget_files+0x2a/0x420
[ 1033.116875][T26523]  ? __fget_files+0x2a/0x420
[ 1033.116888][T26523]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1033.116903][T26523]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1033.116918][T26523]  __se_sys_ioctl+0xfc/0x170
[ 1033.116933][T26523]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1033.116943][T26523]  do_syscall_64+0x15f/0xf80
[ 1033.116957][T26523]  ? trace_irq_disable+0x3b/0x140
[ 1033.116971][T26523]  ? clear_bhb_loop+0x40/0x90
[ 1033.116984][T26523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1033.116993][T26523] RIP: 0033:0x7fa022f9cdd9
[ 1033.117004][T26523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1033.117013][T26523] RSP: 002b:00007fa023dc7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1033.117026][T26523] RAX: ffffffffffffffda RBX: 00007fa023215fa0 RCX: 00007fa022f9cdd9
[ 1033.117033][T26523] RDX: 0000200000000000 RSI: 0000000000003b85 RDI: 0000000000000003
[ 1033.117040][T26523] RBP: 00007fa023dc7090 R08: 0000000000000000 R09: 0000000000000000
[ 1033.117046][T26523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1033.117052][T26523] R13: 00007fa023216038 R14: 00007fa023215fa0 R15: 00007fa02333fa48
[ 1033.117067][T26523]  </TASK>
[ 1033.700537][T26536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5308'.
[ 1033.886075][T26545] netlink: 52 bytes leftover after parsing attributes in process `syz.5.5309'.
[ 1033.905925][T26545] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5309'.
[ 1034.108783][T26555] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5312'.
[ 1034.256102][T14046] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[ 1034.413001][T14046] usb 1-1: Using ep0 maxpacket: 32
[ 1034.427132][T14046] usb 1-1: config 0 has an invalid interface number: 188 but max is 0
[ 1034.458987][T14046] usb 1-1: config 0 has no interface number 0
[ 1034.474177][T14046] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 1034.497557][T14046] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[ 1034.507149][T14046] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1034.519426][T14046] usb 1-1: Product: syz
[ 1034.524104][T14046] usb 1-1: Manufacturer: syz
[ 1034.528928][T14046] usb 1-1: SerialNumber: syz
[ 1034.540033][T14046] usb 1-1: config 0 descriptor??
[ 1034.549491][T26550] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1034.766596][T26550] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1034.942757][T14044] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[ 1035.112699][T14044] usb 4-1: Using ep0 maxpacket: 16
[ 1035.121209][T14044] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 154, changing to 11
[ 1035.147210][T14044] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023
[ 1035.162825][T14044] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[ 1035.187271][T14044] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1035.210183][T14044] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1035.243699][T14044] usb 4-1: Product: з
[ 1035.252486][T14044] usb 4-1: Manufacturer: 앣朩텕듫恢슍捖鍉숮뚮鐚轌
[ 1035.265704][T14044] usb 4-1: SerialNumber: 䐊
[ 1035.579597][T26617] xt_cgroup: xt_cgroup: no path or classid specified
[ 1035.643989][T14044] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[ 1035.658272][T14046] asix 1-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[ 1035.673065][T14044] cdc_ncm 4-1:1.0: bind() failure
[ 1035.693277][T14046] asix 1-1:0.188 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffc3
[ 1035.705498][T14044] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[ 1035.722948][T14044] cdc_ncm 4-1:1.1: bind() failure
[ 1035.729937][T14046] asix 1-1:0.188: probe with driver asix failed with error -61
[ 1035.753905][T14044] usb 4-1: USB disconnect, device number 73
[ 1036.246872][T14044] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 1036.373441][ T5707] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[ 1036.403392][T14044] usb 5-1: Using ep0 maxpacket: 32
[ 1036.416300][T14044] usb 5-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[ 1036.430500][T14044] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1036.442915][T26659] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 3, id = 0
[ 1036.444071][T14044] usb 5-1: Product: syz
[ 1036.467700][T14044] usb 5-1: Manufacturer: syz
[ 1036.477802][T14044] usb 5-1: SerialNumber: syz
[ 1036.496111][T14044] usb 5-1: config 0 descriptor??
[ 1036.507730][T26662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5324'.
[ 1036.554311][ T5707] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1036.571901][ T5707] usb 6-1: config 0 has no interface number 0
[ 1036.586234][ T5707] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1036.611567][ T5707] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1036.627719][ T5707] usb 6-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1036.643482][ T5707] usb 6-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[ 1036.652858][ T5707] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1036.679184][ T5707] usb 6-1: config 0 descriptor??
[ 1036.735686][T14044] peak_usb 5-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[ 1036.765159][T14044] peak_usb 5-1:0.0: unable to read PCAN-USB Pro firmware info (err -71)
[ 1036.853531][T14044] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -71
[ 1036.893995][T14044] usb 5-1: USB disconnect, device number 3
[ 1036.970862][ T5707] uclogic 0003:28BD:0042.0026: failed retrieving string descriptor #100: -71
[ 1036.993992][ T5707] uclogic 0003:28BD:0042.0026: failed retrieving pen parameters: -71
[ 1037.011562][ T5707] uclogic 0003:28BD:0042.0026: pen probing failed: -71
[ 1037.038955][ T5707] uclogic 0003:28BD:0042.0026: failed probing parameters: -71
[ 1037.047983][T26700] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5328'.
[ 1037.063275][T14039] usb 1-1: USB disconnect, device number 26
[ 1037.073429][ T5707] uclogic 0003:28BD:0042.0026: probe with driver uclogic failed with error -71
[ 1037.089027][T26700] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1037.105169][ T5707] usb 6-1: USB disconnect, device number 95
[ 1037.747954][T26735] kvm: pic: non byte write
[ 1037.901162][T26739] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1037.923637][T26741] netlink: 372 bytes leftover after parsing attributes in process `syz.1.5333'.
[ 1038.332926][T14044] usb 6-1: new high-speed USB device number 96 using dummy_hcd
[ 1038.515082][T14044] usb 6-1: Using ep0 maxpacket: 16
[ 1038.541758][T14044] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1038.588702][T14044] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1038.621892][T14044] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1038.652918][T14044] usb 6-1: config 1 interface 1 has no altsetting 0
[ 1038.675800][T14044] usb 6-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40
[ 1038.688285][T14044] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1038.711137][T14044] usb 6-1: Product: syz
[ 1038.730493][T14044] usb 6-1: Manufacturer: syz
[ 1038.752014][T14044] usb 6-1: SerialNumber: syz
[ 1039.395851][T26764] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5337'.
[ 1039.844761][T26776] QAT: Invalid ioctl 1075883590
[ 1039.857702][T26776] QAT: Invalid ioctl 1075883590
[ 1039.876679][T26776] QAT: Invalid ioctl 1075883590
[ 1039.954127][T26776] QAT: Invalid ioctl 1075883590
[ 1039.992599][T26776] QAT: Invalid ioctl 1075883590
[ 1040.012544][T26776] QAT: Invalid ioctl 1075883590
[ 1040.142926][T26776] QAT: Invalid ioctl 1075883590
[ 1040.150353][T26776] QAT: Invalid ioctl 1075883590
[ 1040.175582][T26776] QAT: Invalid ioctl 1075883590
[ 1040.198479][T26783] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[ 1040.211006][T26776] QAT: Invalid ioctl 1075883590
[ 1040.219868][T26783] PKCS7: Only support pkcs7_signedData type
[ 1041.165084][T14044] usb 6-1: selecting invalid altsetting 0
[ 1041.520941][T14044] usb 6-1: USB disconnect, device number 96
[ 1041.635581][ T6306] udevd[6306]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1042.101224][ T5707] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[ 1042.142928][T14039] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[ 1042.263631][ T5707] usb 5-1: Using ep0 maxpacket: 16
[ 1042.285324][ T5707] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1042.312729][T14039] usb 2-1: Using ep0 maxpacket: 32
[ 1042.320493][ T5707] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1042.337876][T14039] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[ 1042.355853][ T5707] usb 5-1: config 1 interface 0 has no altsetting 0
[ 1042.371838][T14039] usb 2-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[ 1042.394471][ T5707] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1042.407683][T14039] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1042.418907][ T5707] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1042.438582][ T5707] usb 5-1: Product: syz
[ 1042.442925][T14039] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[ 1042.456072][ T5707] usb 5-1: Manufacturer: syz
[ 1042.466198][ T5707] usb 5-1: SerialNumber: syz
[ 1042.483681][T14039] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[ 1042.504583][T14039] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1042.523534][T14039] usb 2-1: Product: syz
[ 1042.532728][T14039] usb 2-1: Manufacturer: syz
[ 1042.545771][T14039] usb 2-1: SerialNumber: syz
[ 1042.584350][    C0] imon 2-1:155.0: imon usb_rx_callback_intf0: status(-71)
[ 1042.612131][T14039] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/input/input85
[ 1042.804145][T14039] imon 2-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[ 1042.823574][T14039]  (id 0x00)
[ 1042.922776][T14039] rc_core: IR keymap rc-imon-pad not found
[ 1042.928854][T14039] Registered IR keymap rc-empty
[ 1042.946928][T14039] imon 2-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[ 1042.983775][T26872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1043.003185][T26872] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1043.004641][T14039] imon 2-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1043.035969][T22247] usb 5-1: USB disconnect, device number 4
[ 1043.045612][T14039] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/rc/rc0
[ 1043.079630][T26872] netlink: 'syz.4.5344': attribute type 5 has an invalid length.
[ 1043.081394][T14039] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/rc/rc0/input86
[ 1043.098426][ T5707] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[ 1043.099749][T26872] netlink: 'syz.4.5344': attribute type 4 has an invalid length.
[ 1043.144070][T14039] imon 2-1:155.0: iMON device (15c2:ffdc, intf0) on usb<2:12> initialized
[ 1043.265636][T14039] usb 2-1: USB disconnect, device number 12
[ 1043.272190][ T5707] usb 1-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x2C, changing to 0xC
[ 1043.301431][ T5707] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0xC has invalid wMaxPacketSize 0
[ 1043.332302][ T5707] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1043.347677][ T5707] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1043.360950][ T5707] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1043.373135][ T5707] usb 1-1: Product: syz
[ 1043.392023][ T5707] usb 1-1: Manufacturer: syz
[ 1043.401823][ T5707] usb 1-1: SerialNumber: syz
[ 1043.440978][ T5707] usb 1-1: config 0 descriptor??
[ 1043.465237][ T5707] usb 1-1: selecting invalid altsetting 0
[ 1043.730165][ T5707] usb 1-1: USB disconnect, device number 27
[ 1043.992898][ T5690] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[ 1044.074157][T26956] batadv_slave_1: entered promiscuous mode
[ 1044.172678][ T5690] usb 4-1: Using ep0 maxpacket: 32
[ 1044.187538][ T5690] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1044.211881][ T5690] usb 4-1: config 0 has no interfaces?
[ 1044.224029][ T5690] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[ 1044.242688][ T5690] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1044.268994][ T5690] usb 4-1: config 0 descriptor??
[ 1044.306606][T26973] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5361'.
[ 1044.317352][T26973] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5361'.
[ 1044.448770][T26979] ALSA: mixer_oss: invalid OSS volume 'PHl�6��q
ӆ���ONEOUT'
[ 1044.712751][ T5690] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[ 1044.872516][T26983] bridge1: entered promiscuous mode
[ 1044.878080][T26983] bridge1: entered allmulticast mode
[ 1044.888451][ T5690] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1044.903565][ T5690] usb 1-1: config 3 has an invalid interface number: 4 but max is 0
[ 1044.920676][ T5690] usb 1-1: config 3 has no interface number 0
[ 1044.934511][ T5690] usb 1-1: config 3 interface 4 altsetting 184 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1044.949347][ T5690] usb 1-1: config 3 interface 4 has no altsetting 0
[ 1044.966124][ T5690] usb 1-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=7a.1f
[ 1044.977960][ T5690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1044.987241][ T5690] usb 1-1: Product: syz
[ 1044.991830][ T5690] usb 1-1: Manufacturer: syz
[ 1044.996650][ T5690] usb 1-1: SerialNumber: syz
[ 1045.234112][ T5690] radio-si470x 1-1:3.4: could not find interrupt in endpoint
[ 1045.243128][ T5690] radio-si470x 1-1:3.4: probe with driver radio-si470x failed with error -5
[ 1045.252271][ T5690] usbhid 1-1:3.4: couldn't find an input interrupt endpoint
[ 1045.255380][T26996] syzkaller0: entered promiscuous mode
[ 1045.268077][ T5690] usb 1-1: USB disconnect, device number 28
[ 1045.278435][T26996] syzkaller0: entered allmulticast mode
[ 1045.771132][T27037] batadv_slave_1: entered promiscuous mode
[ 1045.813823][T27042] batadv_slave_1: left promiscuous mode
[ 1045.930481][T27045] xt_recent: hitcount (134217728) is larger than allowed maximum (65535)
[ 1045.962789][ T5707] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[ 1046.094466][T27062] netlink: 'syz.1.5375': attribute type 1 has an invalid length.
[ 1046.113741][ T5707] usb 5-1: Using ep0 maxpacket: 16
[ 1046.121762][ T5707] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 154, changing to 11
[ 1046.136539][ T5707] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023
[ 1046.147309][ T5707] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[ 1046.160172][ T5707] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1046.169905][ T5707] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1046.178518][ T5707] usb 5-1: Product: з
[ 1046.185036][ T5707] usb 5-1: Manufacturer: 앣朩텕듫恢슍捖鍉숮뚮鐚轌
[ 1046.187234][T27090] gretap1: entered allmulticast mode
[ 1046.196185][ T5707] usb 5-1: SerialNumber: 䐊
[ 1046.224866][T27090] bond1: (slave gretap1): making interface the new active one
[ 1046.233645][T27090] bond1: (slave gretap1): Enslaving as an active interface with an up link
[ 1046.332495][T27105] syzkaller0: entered promiscuous mode
[ 1046.338273][T27105] syzkaller0: entered allmulticast mode
[ 1046.451953][ T5707] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[ 1046.460062][ T5707] cdc_ncm 5-1:1.0: bind() failure
[ 1046.475079][ T5707] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[ 1046.489981][ T5707] cdc_ncm 5-1:1.1: bind() failure
[ 1046.505474][ T5707] usb 5-1: USB disconnect, device number 5
[ 1046.796100][ T5707] usb 4-1: USB disconnect, device number 74
[ 1046.872410][T27134] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5380'.
[ 1046.883582][T27134] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5380'.
[ 1047.073216][   T29] audit: type=1326 audit(1778234065.028:2081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27141 comm="syz.4.5381" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc23d79cdd9 code=0x0
[ 1047.595038][T27174] syzkaller0: entered promiscuous mode
[ 1047.602550][T27174] syzkaller0: entered allmulticast mode
[ 1047.744954][T14044] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[ 1047.915653][T14044] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1047.927733][T14044] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1047.939072][T14044] usb 2-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.40
[ 1047.954210][T14044] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1047.968103][T14044] usb 2-1: Product: syz
[ 1047.979948][T14044] usb 2-1: Manufacturer: syz
[ 1047.989741][T14044] usb 2-1: SerialNumber: syz
[ 1048.092745][T14039] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[ 1048.209924][T27167] netlink: 'syz.1.5387': attribute type 27 has an invalid length.
[ 1048.252700][T14039] usb 5-1: Using ep0 maxpacket: 32
[ 1048.276398][T14039] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[ 1048.313397][T27193] netlink: 'syz.1.5387': attribute type 27 has an invalid length.
[ 1048.321599][T14039] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1048.325216][T27196] ipip1: entered promiscuous mode
[ 1048.340535][T27196] ipip1: entered allmulticast mode
[ 1048.350147][T14039] usb 5-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[ 1048.368153][T14044] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input87
[ 1048.386961][T14039] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1048.396464][T14039] usb 5-1: Product: syz
[ 1048.400818][T14039] usb 5-1: Manufacturer: syz
[ 1048.407302][ T4977] bcm5974 2-1:1.0: could not read from device
[ 1048.407438][T14039] usb 5-1: SerialNumber: syz
[ 1048.433354][T14039] usb 5-1: config 0 descriptor??
[ 1048.450160][ T4977] bcm5974 2-1:1.0: could not read from device
[ 1048.478252][T14044] usb 2-1: USB disconnect, device number 13
[ 1048.486530][ T4977] bcm5974 2-1:1.0: could not read from device
[ 1048.498103][ T4977] bcm5974 2-1:1.0: could not read from device
[ 1048.540040][T27218] netlink: 132 bytes leftover after parsing attributes in process `syz.5.5393'.
[ 1049.077652][T27265] ==================================================================
[ 1049.085757][T27265] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1049.094360][T27265] Write of size 1280 at addr ffffc90005666b40 by task vivid-000-vid-c/27265
[ 1049.098810][T27266] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5401'.
[ 1049.103029][T27265] 
[ 1049.103044][T27265] CPU: 1 UID: 0 PID: 27265 Comm: vivid-000-vid-c Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1049.103068][T27265] Tainted: [L]=SOFTLOCKUP
[ 1049.103075][T27265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1049.103086][T27265] Call Trace:
[ 1049.103093][T27265]  <TASK>
[ 1049.103100][T27265]  dump_stack_lvl+0xe8/0x150
[ 1049.103123][T27265]  print_address_description+0x55/0x1e0
[ 1049.103141][T27265]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1049.103161][T27265]  print_report+0x58/0x70
[ 1049.103174][T27265]  kasan_report+0x117/0x150
[ 1049.103198][T27265]  ? irqentry_exit+0x218/0x730
[ 1049.103232][T27265]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1049.103256][T27265]  kasan_check_range+0x264/0x2c0
[ 1049.103280][T27265]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1049.103300][T27265]  __asan_memcpy+0x40/0x70
[ 1049.103320][T27265]  tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1049.103370][T27265]  vivid_thread_vid_cap_tick+0x1021/0x5fd0
[ 1049.103403][T27265]  ? finish_task_switch+0x41f/0xbe0
[ 1049.103423][T27265]  ? __schedule+0x17ca/0x5680
[ 1049.103450][T27265]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1049.103471][T27265]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1049.103495][T27265]  ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10
[ 1049.103522][T27265]  ? vivid_thread_vid_cap+0x491/0x1190
[ 1049.103555][T27265]  vivid_thread_vid_cap+0x909/0x1190
[ 1049.103579][T27265]  ? __lock_acquire+0x6b5/0x2cf0
[ 1049.103607][T27265]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 1049.103636][T27265]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1049.103657][T27265]  ? __kthread_parkme+0x7a/0x1f0
[ 1049.103680][T27265]  kthread+0x388/0x470
[ 1049.103701][T27265]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 1049.103724][T27265]  ? __pfx_kthread+0x10/0x10
[ 1049.103745][T27265]  ret_from_fork+0x514/0xb70
[ 1049.103764][T27265]  ? __pfx_ret_from_fork+0x10/0x10
[ 1049.103781][T27265]  ? __switch_to+0xc79/0x1410
[ 1049.103805][T27265]  ? __pfx_kthread+0x10/0x10
[ 1049.103825][T27265]  ret_from_fork_asm+0x1a/0x30
[ 1049.103851][T27265]  </TASK>
[ 1049.103858][T27265] 
[ 1049.309014][T27265] The buggy address belongs to a 4-page vmalloc region starting at 0xffffc90005663000 allocated at vb2_vmalloc_alloc+0xef/0x360
[ 1049.322213][T27265] The buggy address belongs to the physical page:
[ 1049.328622][T27265] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29f2b
[ 1049.337365][T27265] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1049.344462][T27265] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 1049.353027][T27265] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 1049.361587][T27265] page dumped because: kasan: bad access detected
[ 1049.367986][T27265] page_owner tracks the page as allocated
[ 1049.373678][T27265] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 27259, tgid 27258 (syz.5.5400), ts 1049062456133, free_ts 1049029784672
[ 1049.393630][T27265]  post_alloc_hook+0x231/0x280
[ 1049.398384][T27265]  get_page_from_freelist+0x24ba/0x2540
[ 1049.403918][T27265]  __alloc_frozen_pages_noprof+0x18d/0x380
[ 1049.409714][T27265]  alloc_pages_mpol+0x235/0x490
[ 1049.414552][T27265]  alloc_pages_noprof+0xac/0x2a0
[ 1049.419472][T27265]  __vmalloc_node_range_noprof+0x7a7/0x1750
[ 1049.425350][T27265]  vmalloc_user_noprof+0xad/0xe0
[ 1049.430276][T27265]  vb2_vmalloc_alloc+0xef/0x360
[ 1049.435113][T27265]  __vb2_queue_alloc+0x9c5/0x15a0
[ 1049.440132][T27265]  vb2_core_reqbufs+0xc1f/0x1410
[ 1049.445071][T27265]  __vb2_init_fileio+0x318/0xff0
[ 1049.450004][T27265]  vb2_core_poll+0x4c1/0x840
[ 1049.454590][T27265]  vb2_fop_poll+0x193/0x310
[ 1049.459084][T27265]  v4l2_poll+0x147/0x2c0
[ 1049.463318][T27265]  do_sys_poll+0x96c/0x10e0
[ 1049.467811][T27265]  __se_sys_ppoll+0x209/0x2b0
[ 1049.472478][T27265] page last free pid 5629 tgid 5629 stack trace:
[ 1049.478787][T27265]  __free_frozen_pages+0xbc7/0xd30
[ 1049.483893][T27265]  __slab_free+0x274/0x2c0
[ 1049.488301][T27265]  qlist_free_all+0x99/0x100
[ 1049.492879][T27265]  kasan_quarantine_reduce+0x148/0x160
[ 1049.498329][T27265]  __kasan_slab_alloc+0x22/0x80
[ 1049.503179][T27265]  __kmalloc_noprof+0x316/0x760
[ 1049.508035][T27265]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1049.513584][T27265]  tomoyo_path_perm+0x283/0x560
[ 1049.518433][T27265]  security_inode_getattr+0x12b/0x310
[ 1049.523800][T27265]  __x64_sys_newfstat+0x13b/0x270
[ 1049.528811][T27265]  do_syscall_64+0x15f/0xf80
[ 1049.533390][T27265]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1049.539271][T27265] 
[ 1049.541578][T27265] Memory state around the buggy address:
[ 1049.547191][T27265]  ffffc90005666f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1049.555237][T27265]  ffffc90005666f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1049.563281][T27265] >ffffc90005667000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1049.571334][T27265]                    ^
[ 1049.575394][T27265]  ffffc90005667080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1049.583440][T27265]  ffffc90005667100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1049.591483][T27265] ==================================================================
[ 1049.617612][T27266] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5401'.
[ 1049.646074][T27265] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1049.653314][T27265] CPU: 0 UID: 0 PID: 27265 Comm: vivid-000-vid-c Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1049.664680][T27265] Tainted: [L]=SOFTLOCKUP
[ 1049.668996][T27265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1049.679037][T27265] Call Trace:
[ 1049.682304][T27265]  <TASK>
[ 1049.685222][T27265]  vpanic+0x56c/0xa60
[ 1049.689204][T27265]  ? __pfx_vpanic+0x10/0x10
[ 1049.693702][T27265]  ? __pfx___schedule+0x10/0x10
[ 1049.698558][T27265]  panic+0xc5/0xd0
[ 1049.702282][T27265]  ? __pfx_panic+0x10/0x10
[ 1049.706694][T27265]  ? preempt_schedule_common+0x82/0xd0
[ 1049.712150][T27265]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1049.717779][T27265]  check_panic_on_warn+0x89/0xb0
[ 1049.722714][T27265]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1049.728342][T27265]  end_report+0x73/0x170
[ 1049.732582][T27265]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1049.738214][T27265]  kasan_report+0x128/0x150
[ 1049.742713][T27265]  ? irqentry_exit+0x218/0x730
[ 1049.747472][T27265]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1049.753096][T27265]  kasan_check_range+0x264/0x2c0
[ 1049.758028][T27265]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1049.763654][T27265]  __asan_memcpy+0x40/0x70
[ 1049.768063][T27265]  tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1049.773535][T27265]  vivid_thread_vid_cap_tick+0x1021/0x5fd0
[ 1049.779343][T27265]  ? finish_task_switch+0x41f/0xbe0
[ 1049.784532][T27265]  ? __schedule+0x17ca/0x5680
[ 1049.789204][T27265]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1049.795005][T27265]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1049.800199][T27265]  ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10
[ 1049.806355][T27265]  ? vivid_thread_vid_cap+0x491/0x1190
[ 1049.811813][T27265]  vivid_thread_vid_cap+0x909/0x1190
[ 1049.817099][T27265]  ? __lock_acquire+0x6b5/0x2cf0
[ 1049.822034][T27265]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 1049.827751][T27265]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1049.833548][T27265]  ? __kthread_parkme+0x7a/0x1f0
[ 1049.838476][T27265]  kthread+0x388/0x470
[ 1049.842531][T27265]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 1049.848244][T27265]  ? __pfx_kthread+0x10/0x10
[ 1049.852826][T27265]  ret_from_fork+0x514/0xb70
[ 1049.857405][T27265]  ? __pfx_ret_from_fork+0x10/0x10
[ 1049.862499][T27265]  ? __switch_to+0xc79/0x1410
[ 1049.867169][T27265]  ? __pfx_kthread+0x10/0x10
[ 1049.871751][T27265]  ret_from_fork_asm+0x1a/0x30
[ 1049.876517][T27265]  </TASK>
[ 1049.880099][T27265] Kernel Offset: disabled
[ 1049.884407][T27265] Rebooting in 86400 seconds..