last executing test programs:

13m23.463197556s ago: executing program 2 (id=3653):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0x2, 0x60b924, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x5, 0xb}, {0x6, 0xfff4}}}, 0x24}, 0x1, 0x0, 0x0, 0x2400c0e0}, 0x20000091)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x3e7, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002e00090027097000000000220400000008000c"], 0x28}, 0x1, 0x0, 0x0, 0x42804}, 0x0)

13m23.301267575s ago: executing program 2 (id=3655):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newqdisc={0x84, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x54, 0x2, {{0x100, 0x7, 0x6361, 0x34b, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x211}, @TCA_NETEM_SLOT={0x2c, 0xc, {0xfffffffffffffff4, 0x2, 0x8, 0x0, 0x5, 0x7}}]}}}]}, 0x84}, 0x1, 0x0, 0x0, 0xc04c001}, 0x20000804)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xffe0}, {0x2, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000050}, 0x0)
r8 = openat$kvm(0xffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0xc9)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x13101}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0)

13m23.069880902s ago: executing program 2 (id=3658):
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f00000067c0)={0x1, 0x0, [{0x8c}]})
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000040)={0xf0f024})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x78b})
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f0000000040)=0x3)
ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000880)={"43d064455ca79c3698dcca60005c1ba163b1d8f04d69d873792c0cbfc95dacc7cd39a49df12a052d0d8f1bd04b722b4f262437efc030e706916de618763f4600660b41f320706e06860fe29f1bb455ef507156d0a5738f130784a1aad99f74b3e592254eede14eb1b64af356cfaa8ff002c4deed2899a1b39ba72979c5f3ed91ff89e73e09f7f88fe58bce505f0500764c95c8bed7499213d10731b60ed6c8806ab094843295ac02f06dc46485bb56f2eb2eb3c5ef1e50a2431a2082b54c4b0e1357daaefd30e08322fb5f922f6d9fa3226faf7aeb9630aabe81617fe2b92fb80f07dfa9d831f4f7ef48923e287a3f0c31cf1343d4c0dddee937e639671ec2ceab9e5048d5bcd9f52a9c90ddd1fee1fda90a114fdf7298b7607c5294efdea04743a0045e96aae496fcb06636a8620f6e007e0002000000000000fb3a7820dbe2241b017e917eafb27d13feba7de3a28dd4c29c7959ae5c0724c848f8960fbea5f7b7a35ac32fa6bbf820a5631dcea68ffa7d456869c4e79f6033f38fa88ccd53dc1feb5381c01dd71ec0446e3633270b7fb961e04ad7e1f44e3fd0d96c724499e1ec2cff23a3d5a97952ec0a44dd967491dc45d4df48ad83027df0be02e35ca4c107bdf957f4c7a831df8a2e1302445dc02b5bc38f7c8a6260723e5350623114bb436c5d9f6bf35cbe24605821baf9ea6aaa31cb2dd74e29863a0c71e3367846cffe17c4a29a76eb635e95c6d7f4d846f3369affbfb70b3716c1c0234a0deb9abfac12686d55ba97952e8a50480c5f44e038b1a4d5cd9301d02b942afacfaa30b6ef315d72eaf41dddda4983608dc2f5d5e92392a141b0f2f8d34042d1a6cd45d9f9df4c83b8c8b55959d58843ab3564d3f49d81ed2ccd42bb8ad9c8e4b92c2df872c9383c88f4b1bbaf116fff233f55d99b43677eb29ad63e00ea4eee69c72a604b2cdd7641d9c682d1d4ea8e5bd0de857ac1a55b2d6374a4a18af8f27887ffb4b2168e764a5aa9b303a35873d2177de8c5a00be39726baa6d336b7a36b8ec6000054b4542f3fb3ca678a0ecca183a7c2655931f38ed26219fde45ab8469db2a156953b028abec63c6b841c8bd9f9f0861e7aeb8195013444d2d326cad53718e40be06aea644573a9ef22b13692a17ed8a451af9e2de15b4bfce7c257063e28c07e4c3301a1bff37d72efc14d34ddabbb286f53264e0c8122f215de4f2e06f6e0472674c2476a61ad2e309abfed7e3367bc7373876507764e60b193e8c5abbe95f42adfc74dd25c9098dfba8272f7361d0000000000000000000000000000000000000000000000000000e000"})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x1, 0x6, 0x7, 0x80000001, 0xfffffffffffffffc, 0x2, 0xfffffffffffff844, 0x3, 0x0, 0x0, 0x9, 0x4, 0xf4e9, 0x1, 0x5], 0xeeef0000, 0x67b41})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

13m22.975990302s ago: executing program 2 (id=3659):
pipe(&(0x7f0000000600)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xffffffffffffffff, 0x0, 0x800, 0x0, 0x4, 0x10000000}, 0x0, &(0x7f0000000400)={0x1f, 0x0, 0x800000000000, 0x0, 0x1000000000, 0x0, 0xfffffffffffffffe}, 0x0, 0x0)
write(r1, &(0x7f0000000000)="fc", 0x1)
vmsplice(r0, &(0x7f0000000200)=[{&(0x7f0000000040)="af", 0x1}], 0x1, 0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r2 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r2, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x20d036, 0x0, 0x0, 0x0, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x41)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', r4, &(0x7f0000000100)='./file0\x00', 0x220)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r6=>0x0], &(0x7f0000000180)=[<r7=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r6, r7], 0x2, 0x0, 0x0, <r8=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1}, 0x94)
r9 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_STATUS(r9, 0x84, 0xe, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, @in={{0x2, 0x0, @broadcast}}}}, &(0x7f0000000280)=0xb0)
r10 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r10, 0x0)
syz_pidfd_open(r10, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000580)={&(0x7f0000000480)=[0x0, 0x0, <r11=>0x0], 0x0, 0x0, 0x0, 0x3})
ioctl$DRM_IOCTL_MODE_SETCRTC(r8, 0xc06864a2, &(0x7f00000005c0)={0x0, 0x0, r6, r11, 0xf8, 0x8, 0x7ff, 0x6, {0x8, 0x8, 0x0, 0x5, 0x0, 0x2, 0x1, 0x1, 0x0, 0xffff, 0x8, 0x7c0, 0xffffffff, 0x77, "ba9a42184edc4097e01b52f22e2cbb318719fb31f6699332292cc81f89f07580"}})

13m21.877101285s ago: executing program 2 (id=3665):
clock_adjtime(0x5, &(0x7f0000004dc0)={0xb, 0x45, 0x8c, 0x1, 0x9, 0x7cca, 0xa, 0xc634, 0x2, 0x4, 0x7c, 0x7, 0x1, 0x8c, 0xcfe, 0x0, 0x0, 0x40000080000, 0xfffffffffffffff9, 0x6, 0x7, 0xa5, 0x1, 0x9018, 0x10, 0x8000006})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@gettaction={0x48, 0x32, 0x400, 0x70bd2a, 0x25cfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x28, 0x1, [{0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81f7}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4008000}, 0x4040090)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c000000100003040000fff30000ea0000000400", @ANYRES32=r1, @ANYBLOB="60bc010004a701003c00128009000100626f6e6400000000"], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x4000044)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="40010000", @ANYRES16=r3, @ANYBLOB="01000000000004000000010000002400030000000000000000000000000000000000000000000000000000000000000000001400020077673100000000000000000000000000f4000880"], 0x140}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000200)={0x0, 0x30000, &(0x7f0000000080)={&(0x7f0000000140)={0x4c, r3, 0x1, 0x70bd2d, 0x25dfdbfa, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20d0}, 0x44000)

13m21.538892539s ago: executing program 2 (id=3666):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x4d)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000cc0)}], 0x1)
open$dir(&(0x7f0000000100)='.\x00', 0x18100, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
getsockname(r2, &(0x7f0000000140)=@alg, &(0x7f0000000040)=0x80)
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'veth0_virt_wifi\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3df], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x24004040)

13m21.221842255s ago: executing program 32 (id=3666):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x4d)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000cc0)}], 0x1)
open$dir(&(0x7f0000000100)='.\x00', 0x18100, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
getsockname(r2, &(0x7f0000000140)=@alg, &(0x7f0000000040)=0x80)
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'veth0_virt_wifi\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3df], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x24004040)

7.69088546s ago: executing program 4 (id=8508):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
listen(r0, 0x2)
syz_emit_ethernet(0x27d, &(0x7f0000000000)={@remote, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "000dea", 0x247, 0x6, 0x1, @local, @local, {[@hopopts={0x1d, 0x3d, '\x00', [@generic={0x7, 0xec, "c0464e2d9e834cf4fb32d5c7116fcaf3d7ae6165394c86b0dc77c4358067d0afc63f85f2137c62fe660c3f864de108763d110edf38e4d762a884b2df15a2d3d110f81df1b86cc71df3f06d063dc41f85da359e2ba80c1d56cd23c5896fcf43bf7982500835a1f4e1d9e8fe107927a06cbb9b360905ded11c3a64942bdeee8f6052371f5ad138da660e41a016da7a4c21f46985082bc84e0c0832c6cbafaa619f6cb6a2740e7e585bf67d6266b2a795832e3280dcb73578dc0d2c7e4acef30892776f8ce4e5fb51efce5817612db8a190123cdff291a1e9ea14ae3626452804f07cc29d1b860e2adf5dded73f"}, @ra={0x5, 0x2, 0x8d53}, @generic={0x40, 0xf6, "cc4d0d47144c3883a466c92579b66350f3616123513e996e8b0c85374475917e6fa22d3b5c0080ccca6c57cefdd3ffc8a816b0d376497f7eefa05728062c89d3141e8a7a2040c7cc7a3a048ac70cd42b27e11faf1086544ce2be4eae14314aed42f1d6366e14d8bc5420ad4d835ccd88be90cfb0526d1ba9b4c3f50cc776068cb948ca922174b1f160663527e19837736aded0f2dbf7705272d9cf6bd5e197e0cfb77b974cf7edb7f602e9b2a6bda870738b7e368d7de3fedf4532a1b0efed41caf58685016737703c9511a15cf185f9e78f944f07952a11563ebb9730e4a43c59e19d2f5032b3f6e9abff6e233475d2d26c6891bbca"}]}], {{0x0, 0x4e23, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x5, "44ee61"}]}}, {"9f936928c7767f470ba44424ae5a15b669f6fae030d404f4b01f73d878a7e3fc722a9422eb7024d1fabdd445e32f37a492082c"}}}}}}}, 0x0)

5.950035618s ago: executing program 5 (id=8515):
syz_usb_connect(0x3, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="21010000db168920402000d92ca9010203010902120001000000000904"], 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x2, 0x4, 0x7fff7fff}]})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x800, 0x5, 0xc000, 0xe, "0062ba7d8200000016001b000200f705096604"})
r1 = syz_open_pts(r0, 0xa0200)
pselect6(0x900, 0x0, 0x0, &(0x7f0000000240)={0x1f}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
r2 = dup3(r1, r0, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r3=>0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(r3, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x6, 0x0, r4, 0x0, 0x0, 0x2000000004000000, 0x0, 0x2, r2}])
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$usbmon(&(0x7f0000000340), 0x3, 0x101)
pselect6(0x40, &(0x7f0000000100)={0x0, 0xffffffffffffffff}, &(0x7f0000000000)={0x1f, 0x0, 0x5, 0x0, 0x3}, 0x0, 0x0, 0x0)
ioctl$TCSETAF(r2, 0x5408, &(0x7f00000000c0)={0x8, 0x2, 0x0, 0x3ff, 0x14, "d382f1a316b3ccae"})
socket(0x10, 0x80002, 0x4)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0)
r5 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000a40)={&(0x7f0000000700)=[{0x5, 0xac39d643e9965aa2, 0x0, 0x0}, {0x8, 0x8000, 0x0, 0x0}], 0x2})

4.136756626s ago: executing program 1 (id=8518):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x2, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xfff2}, {0x2, 0xb}, {0xffe0, 0xb}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0xe}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4008000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="ac141411e0"], 0x48}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

3.509170044s ago: executing program 5 (id=8520):
socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r3, @ANYBLOB="06001500070000000c0016"], 0x38}}, 0x10)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioprio_set$pid(0x2, 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000300)=[&(0x7f0000000100)={0x0, 0x0, 0x20, 0x5, 0x2000, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, r4}])
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r7, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f00000004c0)={r8, 0x0, 0x0, 0x0, 0x0, [<r9=>0x0], [0xfffffffc, 0x7, 0x3]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000080)={r9, 0x0, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000200)={r8, 0x0, 0x0, 0x6, 0x0, [<r11=>0x0], [], [0x0, 0xfffffffc, 0xfffffff7], [0x0, 0x0, 0x0, 0xffffffffffffffff]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r10})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, &(0x7f0000000440)={r11})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_open_dev$vim2m(0x0, 0x7, 0x2)

3.196727279s ago: executing program 1 (id=8521):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
read$FUSE(r1, &(0x7f0000000840)={0x2020}, 0x2020)
r2 = openat$fuse(0xffffff9c, &(0x7f0000000100), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000002880)={0x2020}, 0x2020)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
pipe2$9p(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
splice(r3, 0x0, r0, 0x0, 0xffff, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)

2.900445597s ago: executing program 4 (id=8509):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x4000, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001000ffff26bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="151700000000000008000a00", @ANYRES32=r2, @ANYBLOB="140012800c0001006d616376746170000400028008000500", @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x24004844}, 0x8000002)

2.544942322s ago: executing program 4 (id=8523):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x109881, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000000)={0x0, 0x40000105, 0x0, 0x0})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x400000b7, 0x0, 0x7fffffff}]})
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10)
setsockopt$inet_tcp_int(r5, 0x6, 0x6, &(0x7f0000000140)=0xd, 0x4)
r6 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d804dd0000000000000109022400018000000009040000010300000009210500000122050009058103"], 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x2, "d2903a4e"}]}}, 0x0}, 0x0)
r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r7, 0x720, &(0x7f0000000980)={0x0, 0xef, 0x4, &(0x7f0000000940)={0x15, "79b8142115db2c05f171f5306cf013f1e37ef9335bd9112c19fd2077a025abe98e"}})

2.381726814s ago: executing program 5 (id=8526):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
r2 = dup(r0)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000140)={<r3=>0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @rand_addr=0x64010100}]}, &(0x7f0000000180)=0xc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000003c0)={r3, 0xa4, &(0x7f00000002c0)=[@in={0x2, 0x4e22, @local}, @in6={0xa, 0x4e20, 0x9, @remote, 0x5c3}, @in6={0xa, 0x4e22, 0x10000, @private0, 0xe9}, @in={0x2, 0x4e22, @broadcast}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x14}}, @in={0x2, 0x4e20, @remote}, @in6={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x80000001}, @in={0x2, 0x4e20, @multicast1}]}, &(0x7f00000004c0)=0xc)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @remote}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x48, 0xff}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
pipe2$9p(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r5, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
splice(r4, 0x0, r0, 0x0, 0xffff, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c)

2.207168178s ago: executing program 0 (id=8527):
socket$inet6(0xa, 0x1, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c000000130001000400"/20, @ANYRES32=0x0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r4, @ANYBLOB="1400350064756d6d7930"], 0x3c}, 0x1, 0x0, 0x0, 0x8004010}, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000080)={'dummy0\x00'})

2.202992182s ago: executing program 1 (id=8528):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
timer_create(0x3, 0x0, &(0x7f0000000200)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000240))
socket$unix(0x1, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0)
ioctl$USBDEVFS_CLEAR_HALT(0xffffffffffffffff, 0xc0105502, 0x0)
ioctl$PTP_EXTTS_REQUEST2(0xffffffffffffffff, 0xc4c03d12, &(0x7f0000000040)={0x5, 0x4})
syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0)
readv(0xffffffffffffffff, &(0x7f00000012c0)=[{0x0}], 0x1)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f00000000c0)='\x00')
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x4e21, @empty=0xfdfdffff}})
bind$unix(r2, &(0x7f0000000080)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
r5 = socket$unix(0x1, 0x2, 0x0)
sendmmsg(r5, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0)

2.020974545s ago: executing program 0 (id=8529):
r0 = socket(0x2, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'veth0_virt_wifi\x00', &(0x7f0000000080)=@ethtool_sset_info={0x37, 0x9, 0xfffffffffffffff7}})
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000880)=@newsa={0x180, 0x10, 0x1, 0x3, 0x0, {{@in=@broadcast, @in6=@mcast2, 0x0, 0x4, 0x0, 0x0, 0x2}, {@in=@broadcast, 0x0, 0x6c}, @in=@loopback, {0x800, 0x0, 0x4}, {0x0, 0x0, 0x100}, {}, 0x0, 0x0, 0xa, 0x1}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @algo_comp={0x48, 0x3, {{'lzs\x00'}}}]}, 0x180}}, 0x0)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)={0x6c, r4, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback={0x2e00}, 0x8004}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty, 0x1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x10024, &(0x7f0000000480)=ANY=[@ANYRES64])

1.79919053s ago: executing program 0 (id=8530):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x2, 0x300)
socket$inet(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$media(&(0x7f0000000040), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="16000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec309d59191b00867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3)

1.677801688s ago: executing program 0 (id=8531):
r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x8000, 0x2)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket(0x2c, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r3=>0x0}, &(0x7f00000005c0)=0x8)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000300)={r3, 0x9}, &(0x7f0000000340)=0x8)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x1d, 0x2, 0x0, "d569e8061000fa44967600af00a86903140000000100", 0x7f0801})
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fd, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000580)={0x1, @vbi={0x97c, 0x100, 0x4, 0x34424752, [0x101, 0x9], [0x200, 0x101], 0x1}})
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000240)=0x1)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb4, 0x19, 0x1, 0x0, 0x0, {{@in=@private, @in=@remote, 0x0, 0xfffd, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb4}}, 0x4040000)

1.639087183s ago: executing program 0 (id=8532):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x104)
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, 0x0, 0x4000000)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time_for_children\x00')
socket(0x6, 0xa, 0x4)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000540)={0x2, @win={{0xffffffff, 0x401, 0x80000000, 0xcb81}, 0x1, 0x9, 0x0, 0x7f, 0x0, 0x6}})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x3ff})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x13, 0xffffffffffffffff, 0x0)
r4 = eventfd(0x7)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f00000001c0)=r4)
chroot(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')
close(r3)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x2, 0x0, 0x4}}, 0x2e)
socket$pppl2tp(0x18, 0x1, 0x1)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x20301, 0x0)
ioctl$TIOCPKT(r6, 0x5420, &(0x7f0000000040)=0x800003)
ioctl$TIOCPKT(r6, 0x5420, &(0x7f0000000000)=0x2)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000040)={0xfffd, 0x0, &(0x7f0000000880)={&(0x7f00000008c0)=ANY=[@ANYBLOB="020300020c00000000000000000000000200080018000000d0be830000000000030006000000000002000000ffffffff000000000000000002000100000004d50000080201000040030005003200000002000000000000000015d00800000000"], 0x60}, 0x1, 0x7}, 0x0)
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x5, 0x8, 0xa000000000000000}, &(0x7f0000000140))

1.525923486s ago: executing program 3 (id=8533):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="33fa2bbd7000fcdbdf250700000008000300", @ANYRES32=r2, @ANYBLOB="140004006361696630000000000000000000000008000500090000000a00e8"], 0x44}, 0x1, 0x0, 0x0, 0xc804}, 0xc2010)

1.357510083s ago: executing program 5 (id=8534):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_virt_wifi\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_FLAGS={0x6, 0x2, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x44}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_virt_wifi\x00'}) (async)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_FLAGS={0x6, 0x2, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x44}}, 0x0) (async)

1.356872179s ago: executing program 3 (id=8535):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = syz_open_dev$swradio(&(0x7f0000000380), 0x0, 0x2)
ioctl$VIDIOC_S_FMT(r4, 0xc0cc5605, &(0x7f00000003c0)={0xd, @pix={0x8, 0xde8, 0x33363248, 0x0, 0x8, 0x8, 0x2, 0x7, 0x1, 0x2, 0x2, 0x3}})
unshare(0x8000280)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = syz_pidfd_open(r5, 0x0)
ioctl$EXT4_IOC_MIGRATE(r6, 0xff08)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r3, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r1], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r7=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=@newchain={0x4c, 0x64, 0x100, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x9, 0xa}, {0x7, 0xb}, {0x8, 0x2}}, [@TCA_CHAIN={0x8, 0xb, 0x1}, @TCA_RATE={0x6, 0x5, {0x1}}, @TCA_RATE={0x6, 0x5, {0x7, 0x9}}, @TCA_CHAIN={0x8, 0xb, 0xfffffbff}, @TCA_RATE={0x6, 0x5, {0x3, 0x1}}]}, 0x4c}}, 0x40000)
getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000340))
openat$dlm_plock(0xffffff9c, &(0x7f00000004c0), 0x4000, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r9=>0x0})
close_range(0xffffffffffffffff, r6, 0x0)
r10 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r10, 0x107, 0xd, &(0x7f0000000180)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
ppoll(&(0x7f0000000000)=[{r10, 0x2210}], 0x1, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="33fa2bbd7000fcdbdf250700000008000300", @ANYRES32=r9, @ANYBLOB="140004006361696630000000000000000000000008000500090000000a00e8"], 0x44}, 0x1, 0x0, 0x0, 0xc804}, 0xc2010)

1.136201169s ago: executing program 5 (id=8536):
socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r3, @ANYBLOB="06001500070000000c0016"], 0x38}}, 0x10)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioprio_set$pid(0x2, 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000300)=[&(0x7f0000000100)={0x0, 0x0, 0x20, 0x5, 0x2000, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, r4}])
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r7, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f00000004c0)={r8, 0x0, 0x0, 0x0, 0x0, [<r9=>0x0], [0xfffffffc, 0x7, 0x3]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000080)={r9, 0x0, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000200)={r8, 0x0, 0x0, 0x6, 0x0, [<r11=>0x0], [], [0x0, 0xfffffffc, 0xfffffff7], [0x0, 0x0, 0x0, 0xffffffffffffffff]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r10})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, &(0x7f0000000440)={r11})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_open_dev$vim2m(0x0, 0x7, 0x2)

999.046391ms ago: executing program 3 (id=8537):
ioctl$VIDIOC_ENUM_FREQ_BANDS(0xffffffffffffffff, 0xc0405665, &(0x7f00000003c0)={0x0, 0x2, 0x0, 0x1, 0x7, 0x7, 0xa}) (async)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x4008000) (async)
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x48, 0x0, 0x2, 0x3, 0x0, 0x0, {0x2, 0x0, 0x4}, [@CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x4}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}, @CTA_EXPECT_TUPLE={0x1c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x20000040)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'ip_vti0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x0, 0x20, 0x80000001, 0x1, {{0x5, 0x4, 0x0, 0x21, 0x14, 0x64, 0x0, 0x80, 0x2f, 0x0, @multicast2, @remote}}}}) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000280)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x2, r4, 0x0, 0x0, 0x0, 0x0, 0x1}) (async)
ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f0000000040)={0x7, 0x80000000}) (async)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='T\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002dbd7000fbdbdf254400000008000d00fffeffff0400080108ce788f7c000000050019019f00000000000800a1000400000008002201d8"], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4004001)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r5, 0x5393, &(0x7f0000000000))

645.564408ms ago: executing program 3 (id=8538):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$igmp(0x2, 0x3, 0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000002380)='net/ip_mr_cache\x00')
setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, 0x0, 0x0)
setpgid(0xffffffffffffffff, 0x0)
pread64(r2, &(0x7f0000000100)=""/253, 0xfd, 0xadc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x58, 0x2, 0x6, 0xb05, 0x0, 0x0, {0x7, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x10000080}, 0x42)

645.159999ms ago: executing program 4 (id=8539):
socket$inet6(0xa, 0x1, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c000000130001000400"/20, @ANYRES32=0x0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r4, @ANYBLOB="1400350064756d6d7930"], 0x3c}, 0x1, 0x0, 0x0, 0x8004010}, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000080)={'dummy0\x00'})

595.686852ms ago: executing program 4 (id=8540):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$poke(0x420f, r0, 0x0, 0x20000000000008)

537.601034ms ago: executing program 4 (id=8541):
syz_usb_connect(0x3, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="21010000db168920402000d92ca9010203010902120001000000000904"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000700)=[{0x5, 0xac39d643e9965aa2, 0x0, 0x0}, {0x1900, 0x8000, 0x0, 0x0}], 0x2})

421.945185ms ago: executing program 3 (id=8542):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
syz_emit_ethernet(0x2a, &(0x7f0000000040)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @broadcast}, @address_reply={0x2a}}}}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x7ff, 0x100000000, 0x6eb, 0x5, 0x7, 0x2c0b}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x6}, {0x0, 0xb}, {0xffe0, 0xb}}, [@qdisc_kind_options=@q_pfifo={{0xa}, {0x8, 0x2, 0x5}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

289.972324ms ago: executing program 1 (id=8543):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0x4, &(0x7f00000008c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x20}, 0x94)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6gretap0\x00'})
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e20, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xb}, 0x1c)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
setsockopt$inet_mreq(r3, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x7, 0x0, 0x0, 0x3, 0xc58, {0x5, 0x4, 0x0, 0x7, 0x0, 0x65, 0xe, 0x4e, 0x24, 0xc, @empty, @dev={0xac, 0x14, 0x14, 0x44}}}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r4, 0xff00, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe00003a4, 0x0, "02823f6bd900000000000097efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)

192.680823ms ago: executing program 0 (id=8544):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
r2 = fsopen(&(0x7f0000000440)='iso9660\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00'})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})
setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000340)={0xffffffffffffffff, 0x1, 0x4, 0x2, @vifc_lcl_addr=@rand_addr=0x64010100, @rand_addr=0x64010101}, 0x10)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_CONTROL(r4, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0xf00, 0x0, 0x2, 0x0, 0x0})

121.199675ms ago: executing program 1 (id=8545):
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000040)={0x0, 0x0, "d607f8f9951e76c13f64323723e7eecdf40c363423eb3d259266ec9c37865c6c1a4640ce1b22bb3327ef4f001d34c09f39c3539e4f8d3ee0878ae95bc7f52363c468b257ff2424852548deb01efd54f11ed2c41d078b9cf1fc8f72566153c97e4af37017ea6b16b694bb4a6e4606c3fb19d1d2bd3c8c4e97da2213f9d5c3b90400000000000000c279f03558083906666827d61dcc3a633bffff0e0b5a293e3877adc1660edbc9a0307a25720a70e419dc44febf7ddc73fd4a5a0b6c28667f7f46c7084e17c809268103a2584ab40a68e528329d97afc3612e325c1eb4a3ab2e156a97444800", "0615e456c196e819a321fdb3690bfab19538829a732a01781564ef7738cb5b82a704b3952f81c68bb4ceeaad63206f88201638e87c4981cbf9332cbc9c4d69e392bd33237ece7ad91e44edac0da8dacad81adf2e08c21ad6b44ce1f90bd618c255ca40cdb411485fb48a51d329c816b3488c7d032ef69c502c6e1236bd381efd410165988847c1dcb98a18ca2b853910e52044fa3b3026cb88de269537c8f26ffc3b15cbf279832bfc90bd95939043182e88050dfd2a4784a5d1453610fb1f1c2bac36c3ecd3e6fb756ef8880debeef3636afd981d8af4ab119928448f90351aec113335eacf52a18c87738d9679d3acc032a16fbefc64776f363610a15b37bcd36e6a7cba931151b9c9ba5779d550e9ab21603a43a25f3b4895d8dc4f3ce0e7d5e964e888169ea79a0848e9338b3d34d62e963fbf98834f4455419907f0ffdb76373af77a34edee7789f56e7f01bdab9614a0d460f791a06e6cf5243bf2b3a1624a80ec7e1116f1c81f5ef4b895be74bf67eea9193428b58a8b62b7976d3d2e59796c46ec918c83cd49c3f43dbd2967586966c19ace7b0bef5f94eb333b362649f1bfa114f8b1f126e97ec672cff77e2130823fa7a1df6760c6a8917815e9f0a409ed32b133df7dc9afceffcd472b35145c83c9167764d25ce214133c6170adeb6653b30b226a3b6ff1363ac862a540c7fab584cd051ce7ee951e0f121d43cff75afbdec6bc6f6e8f7db58c8086751320d22ee8582e915cabc536e3767e9a9230c9ae8b92398f0ca2a7141ea4588af7afde10e5ec2a6fe85ba5712e126629d4e3998fc4721cb638f2ef8356049e3448466e2c400d5e8baf843fa399907cb526b791c5350ce29204cb6fe50b892a69ec6dbecc28f032a745738faa12c2a34222942fef0ec0511da5fe0b565ceac429da7cc25cfe0320b40a514723e2392a6a361032343edb79fd83cd0a354837153542fd61b3156b54c566036e493250c3a3214738e3cacc24a50d5dfd17d5008b4ca629c3062f3417cb69c48b8b888ae51256bb4e6c68e95a71a00383ad9df263f6a775ded64fef20ed5cb5f31c33cb86f839d00a12e40cd31219113619c4e0585454cb1776278bfd7f5c4275792afb790e83ff0fc6925355c7aee7a070477d9ec2292366e39b9dc66f7adcf449a1a718e5217183faf0f679efc5cef20bcdcf2d12ea0684084ec0d693256e280025b23b5a08b7b1ebe7d41fb045793f971d6ee066604818cb09d86c1eda99a44c35476a113fd5d1a7543f8f99424ebb78dd9e00d719502a6eafa743a061fa3fa55e4deaa0a011b6b9d633f10e0c9446b5a2e3f6d6014ab00695366c1a6bf0c32f703aebb7988c7d4d322681458e85626302c70f37628835e1fcfff1da3099c0b4af433eb9a51f9609f2c0c09a98b18880c846b34d6ac0210f073765666100976ee1d928893f983580ea47a012144633b98e02c3e81869534ab985eb3a5ee0bac892dac949f85db949285a6a7a490b1075467226af23df82d8dd09b7282490fbb3ada9ed4cae8f761aefbe0701de6b132f12044c58ac1c2607c8f51361de5bed021dea13fd0a440263cf0b304522a324b581ab274e7bdae5994316657b5c0ab0220d9b08739729f7a35d436878c182aec4f08dd161c11ee5b7937fae7835e8bfe98a44c8d4bbb2e0eee0cb5d7c93517e96a9fc8132e60f3ef7c735bea1934b37df451f981c8d9210e61278c871e6dad6ceb89aa4d7245658a63e65cec7b81d307426a60a31cc917844a14e1d9ad83bef1c9f736d1836687c950d1275caece0d46ab9f3b0e95d9cf560eb8134e8346b35e0a6f60e6a87a14c4aeb3e0d06158390660a52a6e44b524c1e16de2bf99870f78fc81d267072bc63e97d3f26d23fd59799ff2c847d6a724cebc2377a582ba73d99a610a095c28d66c60910ac64b7d18847fa98fd8528b72e0a149b082c731575b2e2763e67c821ba29eecd8b8c87981c4fb1fbbaaa4e8aa077ec98de1362fc7af7a0ac5e3297fd0d924124b2e255b5cc4f6b0873f3d34418d5ae0d6f734628f38cb9b856b2db3fbb2fafb76983eabc51a348e55789e997fa25cbe6e5031bd2e33d4e2686f964a65d1abf7f96a20a8b270b1522ace4adf6fdade5cd3f101574960d13267e2382f70027ebe5ef7f9418e14e6a8a130d2aec2253c8fe21825e3295774db0c9b1340ea28a96589ba0d9f79aa61b92aea6f704ef7f716d849b8c77e6922e198a086d8133491d0bb85b925825a6d307d7cc8f09c655aa3edabf84c75560dfb279ee3e8b825323279edc58c3161e72cf9ae02ef80d500da922c0abeb8b164abd9c17ef7c02e89000d67b0c2ddd078cacbf37c4826be3845948d598980d63c1d7aade89d0637d80a4c102a35eb027a08ef90cc20d17fc514926914e68e5de54b861200ffa4ce1cbc16e4ecf342a1176cdb561f7dea38b3ae0fd81260f72d34e6f33d364cf313d3b3161410dcbf5f0f0579a1d235b49bb5d27f85825b94f1899e7846d0292ad912d934574f9d55d2152dbfb39d662e6e0f2496182d012af8b4bebbdfa1d68e3e988869fb5cd9612db97e6cc574444f4b5025ec9827bafc55341bf6ad3fd4fab2ee43f343cb9bcec0c38384b5699e5c6d5973ba591978275c51a40200d340b9ed3681f08c69f58320f538f9cd78a34eb6ed55710d2478ea4bd15813921817b42f88f1bb038033b519668f0a2e8693b9a19c7bcf96eec04bda625b31c32f4286be922ab2c87aa30310c8f46551450d5bc26b5fbfdedaae0f756384023bb9a28d3200cfeaedd63d6afe076513e8ad73d16607cd4ede16344e60d8707357e82b1089258c56d851a435e23ce0919825e04471dd61a44c43e87c2959d4e89311a30ee8be010094d0ef109bb210dda58b21b685b9e9c078c9ded6117d9a88dd7799291969851cd4c3f22b5f870a275a692188dafcf6e89ba87b0eb61011de031fda25fb3349901d40da2bbdb76eda417c9fafd90fb23504ab150ca0033ea1d00000000000086ba3aaa79d0df4f2e4e4afa565e66d28aa167f835d080bf1d41d0e52dbf81c671f8eacae234bf4fc328302671fab46613b73daf2ace80aff2f80f6a9d84b82480178cc612aa90adfc80ab3bba7d1527fc6ab04f009011bf093494a0d329df4e53d855b1c0ff6a25d22052b3a778e1ca2fbe59c9eeedf99e13682d06da269560524ffa0f404b73b946edf900ee958ceba09a051e27a620fb78e7a352c182c8c2981ce822eeaf6323965b4b3f322d40d406a158b6f3cf5d74822de952fefc341d0dead6c1c8fed8e48e0a85b51c1dcc7796d3f45bb1f50467a475da76c356c9e031b096867da1dbb89c3a038d475dbcdb2df1278d5dba55c2fb5ba6a9778c2a244198491f0f711cdb2ef0332f347afffb1b098b4c59041ccb0c286bb2dd40e7ec713f6ffe0b1067678c748615dae3c1e090f3739a9035767fb9972580d19fdef49a5071f99c3706b8fa4991f430721cf3ca11af0e3bd7c4d0cd0ab5b7d98ee66730c20a098110e4a15ce0bfc88c41fe375f261fe3557e14eb5ff4a2cdf6a008fd7b6702951b8456e940fbd269a0f3ed515ac03cfecce67027d579e1226bd7b7381827453550343566508d38790ee838c3bf85c6c91a45e7a44752f57313533a3e82e4042e65d346afb20c0527575f79080aef4e1aa8d5868d190c8d37bdae7592e41bed37b9d4c30d8126d3debde02dff25f5ef1e48133e2a41cd55347bd23dcce57a00189619db629c530dc112d22ac72bce353681264b5175be40b3ba84408d0f56762cc720e96c128447be7128748e185be2640115556bac64d060207e629b0144e501c1c49c6abd15c7982b01e22da2ad04bb28df1a27f31e18040c16406071d798bb40d901d001e22cc5ed870d08702f49f0021814cdd814901a13c7ab061bb4b8172c639b3449e24f656fee58186e69e6874ea95d946da781b49ca080ffb4a3c87746c661f43e9be52d0ba2ee368b9c143687c8846abac599069decf41e69fddcadf31c5f715917df12df4eedbfcc5805fe8e661b8fcd7b130d7bcc4a9a152de93a15dddacf3cf52479956185a3c5000d18ddce0236d5858c0d8761bca7446e3d30f3e8f48d5e8f86a60cbe46f038b1028ffd35590bdacfeebb86e28d42a923bdc3f9a307b919341a2a7dda096d41070db245c2c424aedd4a4bb9863169454d09f25fd0aa2da7bfc97ad7aca886dd998e041133e07899ad48f7cda600de48ac3951152dfbe6331b8acae24cfd2dd2b14696c75040685c756942a0d049ee9863a2e480388f93876f3910ecb3a59fa16c25b2b3636a542f92744495e10a4ce37f19f5c2256e2d61775d388e2a86b52f76add2f956aa02501f5badb94da12595b2bbf88b05dc70caae6766fd3df4f299d0ff71c8787249b255ea49b3d33b3f1a8c9403cb75d64264465c3578538382b23d721f8a49134020ca2d9e887d9949624ac6d63322b6507e277a0020db9bfa2928736b96c72fa3406a95adfe6b374ffa27001d37d3bbe725e75c257834572026c511f57dce67153a4008f9e75e07ed9237f600005800ee667c137fc78bc4fd4ebf4d228979ab0ccafbcd8b8daad76fb2abcfc585377ea6e19f170db898b950a7b0f4e75466a2ba26e7d60e0a6f5c54a3fe78677f3362c5b01ae791b62ee8a5d0fd65b739ece4f3b758d05a8e4e4ea7e4866ee67750ce2769f72a9f45780eadfae73b42d4dd4c614c797c694ece8af88cc732edabfa26ace57de54835c7551154dfa3be11a0d3b5845ac97b2da84410a652e72cd563acbb2b02bb59370cebaaa80014e3ad280944eae6fbf8d5f85237257bb5b8e5ec3e52dc06f8394176b325a577804e9eb78d7015172d17ed15f905f705d56687f53988bb207c74fbeb2b03a700258e835362886239f4d8f1c2cf6d4d10ff26d2579ea40a5fb99e5b6d01cdeda050d3faa78ed674f2899be08332086c8bf0410a7d06099c50a2d949d49a0f21b43bcdfbdf435875cf5a9def46db63746574ee8a5b1fbcef411154e914dd9e5bb1b1bd2944581083fb66a017e7972df3daefc487e4198cb281d3a80637d52b417354335f8cf20d0d96ee5d72465657593339506fd0c3807cd6445eb54cfb5ca9d35ef93eec6383224ebf85197eb6ed75f6c324f6a0345a25be6bb52ed347e57ccb059b903fb7db4e9f46513a4158ce29c1f5d6081b556bbc471e89225cad81aed34dae0f90ee8e7237b3b286e29b49d7a1700c537b28571f7d7e2a55e10792d6f7779ddefa3febdea5693048372a45903c04f1035a96c6cfbe6f6c2b754581aac02f8a70e698be6e37fd411cf4b76317b47683f6b0f80dfdeef3a9767c7e5c30dff786093a21477431fea0458023953700"})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e000000000000000000140000001100"], 0x80}}, 0x0)
bpf$BPF_BTF_LOAD(0x25, &(0x7f0000000040)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x28)
syz_emit_ethernet(0x5e, &(0x7f0000001040)=ANY=[@ANYBLOB="e33110495bfdaaaaaaaaaa0086dd60cb653e00283afffe800000000000000000000000000000fc0200000000000000000000000000008900907800000000200100fc010000000000000000000000000000d997ae65094fdbe2d18a83596d84535101c21ce0a7f5af5d46c0ce1d2403a3952b94d33d9db9d86855c476121fbbfdd15a24b039fdc8bdfbcca4d16dfe46425e4211bae0c2f54ee7dc0a9fa19300e3b4bd35ee3c68621fa25e72"], 0x0)
epoll_create(0x4)

63.418429ms ago: executing program 3 (id=8546):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xa)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_buf(r4, 0x0, 0x2f, &(0x7f00000000c0)="170000000200010000ffbe8c5ee17688a2003c000301000a000002a257fc5ad90200bb6a880000d6c8db000000df018002000000fc0607bdff59100ac45761547a681f009cee4a5acb3da400001fb774674f00c88ebbf9315033bf79ac2dfc060115003901000000000000ea000000000000000062068f5ee50ce5af9b1c568302ffff02ff030000ba000840024f0298e9e90539062a80e605007f71174aa951f3c63e5a1b47b63a6323ded2231454668492f9c681a6", 0xb6)
dup(r2)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSWINSZ(r5, 0x5414, &(0x7f0000000040)={0x3, 0x84a, 0x4, 0x8})
ftruncate(0xffffffffffffffff, 0x200004)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r7 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r8 = fcntl$dupfd(r7, 0x0, r7)
ioctl$SG_GET_REQUEST_TABLE(r8, 0x2286, 0x0)
ioctl$KVM_CAP_X2APIC_API(r6, 0x4068aea3, 0x0)
ioctl$KVM_SIGNAL_MSI(r6, 0x4020aea5, &(0x7f0000000140)={0x8080000, 0x4, 0x44, 0x1, 0x80000003})
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r9, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)

14.04789ms ago: executing program 1 (id=8547):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x301201)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socket$xdp(0x2c, 0x3, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=0x0], 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'macvlan1\x00', <r5=>0x0})
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f00000001c0)={@remote, r5}, 0x14)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x1, 0x2, 0xfffffffe, 0x3, 0x22}, 0x7})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r8 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
fsopen(&(0x7f0000001280)='ntfs3\x00', 0x0)
close(r8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
bind$unix(r10, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
close_range(r9, r10, 0x0)
openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/pm_wakeup_irq', 0x325840, 0x197)
syz_open_dev$evdev(&(0x7f0000000080), 0x9, 0x2303)

0s ago: executing program 5 (id=8548):
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x30, 0x1000, 0xbb3a, 0x2, 0x0, 0x100, {0xfffffffd, 0x40002000}, {0x3, 0x2, 0x1}, {0x4200000, 0x7}, {0xf, 0x8, 0x40000}, 0x0, 0x3f0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x1, 0x3, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3})

kernel console output (not intermixed with test programs):

81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1447.157118][T21920] RSP: 002b:00000000f53dc24c EFLAGS: 00000206 ORIG_RAX: 000000000000005b
[ 1447.157134][T21920] RAX: ffffffffffffffda RBX: 00000000f51bd000 RCX: 0000000000043000
[ 1447.157144][T21920] RDX: 00000000f73b0ff4 RSI: 0000000000021000 RDI: 0000000000100000
[ 1447.157154][T21920] RBP: 00000000f5200000 R08: 0000000000000000 R09: 0000000000000000
[ 1447.157163][T21920] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1447.157172][T21920] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1447.157194][T21920]  </TASK>
[ 1447.546400][T15739] usb 2-1: new full-speed USB device number 95 using dummy_hcd
[ 1447.558976][T21924] netlink: 'syz.0.8037': attribute type 21 has an invalid length.
[ 1447.594759][T21924] netlink: 156 bytes leftover after parsing attributes in process `syz.0.8037'.
[ 1447.627785][T21925] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8037'.
[ 1447.697902][T15739] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1447.716277][T15739] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1447.729948][T15739] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1447.739126][T15739] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1447.864225][T21929] FAULT_INJECTION: forcing a failure.
[ 1447.864225][T21929] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1447.916186][T21929] CPU: 0 UID: 0 PID: 21929 Comm: syz.0.8038 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1447.916216][T21929] Tainted: [L]=SOFTLOCKUP
[ 1447.916223][T21929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1447.916232][T21929] Call Trace:
[ 1447.916240][T21929]  <TASK>
[ 1447.916248][T21929]  dump_stack_lvl+0xe8/0x150
[ 1447.916275][T21929]  should_fail_ex+0x412/0x560
[ 1447.916297][T21929]  _copy_from_user+0x2d/0xb0
[ 1447.916322][T21929]  get_compat_msghdr+0xb3/0x4c0
[ 1447.916351][T21929]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1447.916374][T21929]  ? kfree+0x4d/0x630
[ 1447.916402][T21929]  ___sys_recvmsg+0x1dd/0x590
[ 1447.916431][T21929]  ? __lock_acquire+0x6b5/0x2cf0
[ 1447.916452][T21929]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1447.916487][T21929]  do_recvmmsg+0x3a5/0x800
[ 1447.916511][T21929]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1447.916539][T21929]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1447.916570][T21929]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1447.916602][T21929]  __sys_recvmmsg+0x1a5/0x290
[ 1447.916622][T21929]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 1447.916637][T21929]  ? ksys_write+0x242/0x270
[ 1447.916650][T21929]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[ 1447.916665][T21929]  __do_fast_syscall_32+0x20d/0x640
[ 1447.916680][T21929]  ? do_fast_syscall_32+0x33/0x70
[ 1447.916699][T21929]  ? asm_int80_emulation+0x1a/0x20
[ 1447.916717][T21929]  ? do_int80_emulation+0x274/0x4d0
[ 1447.916732][T21929]  ? trace_irq_disable+0x3b/0x150
[ 1447.916758][T21929]  do_fast_syscall_32+0x33/0x70
[ 1447.916770][T21929]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1447.916781][T21929] RIP: 0023:0xf6feef6c
[ 1447.916792][T21929] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1447.916801][T21929] RSP: 002b:00000000f53dd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[ 1447.916813][T21929] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000840
[ 1447.916820][T21929] RDX: 0000000000000414 RSI: 0000000000000000 RDI: 0000000000000000
[ 1447.916831][T21929] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1447.916841][T21929] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1447.916851][T21929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1447.916878][T21929]  </TASK>
[ 1448.173175][T15739] usb 2-1: usb_control_msg returned -32
[ 1448.195810][T21880] delete_channel: no stack
[ 1448.207749][T15739] usbtmc 2-1:16.0: can't read capabilities
[ 1448.240986][T15739] usb 2-1: USB disconnect, device number 95
[ 1448.245386][T14581] usb 6-1: USB disconnect, device number 33
[ 1448.294080][T21949] FAULT_INJECTION: forcing a failure.
[ 1448.294080][T21949] name failslab, interval 1, probability 0, space 0, times 0
[ 1448.344557][T21949] CPU: 1 UID: 0 PID: 21949 Comm: syz.5.8039 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1448.344578][T21949] Tainted: [L]=SOFTLOCKUP
[ 1448.344582][T21949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1448.344589][T21949] Call Trace:
[ 1448.344594][T21949]  <TASK>
[ 1448.344599][T21949]  dump_stack_lvl+0xe8/0x150
[ 1448.344617][T21949]  should_fail_ex+0x412/0x560
[ 1448.344632][T21949]  should_failslab+0xa8/0x100
[ 1448.344646][T21949]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 1448.344663][T21949]  ? __alloc_skb+0x186/0x7d0
[ 1448.344676][T21949]  ? __alloc_skb+0x1d0/0x7d0
[ 1448.344686][T21949]  ? __local_bh_enable_ip+0xd0/0x130
[ 1448.344706][T21949]  __alloc_skb+0x1d0/0x7d0
[ 1448.344719][T21949]  ? netlink_ack_tlv_len+0x6c/0x210
[ 1448.344732][T21949]  netlink_ack+0x146/0xa50
[ 1448.344745][T21949]  ? __kmalloc_cache_noprof+0x31c/0x660
[ 1448.344759][T21949]  nfnetlink_rcv+0x2517/0x27b0
[ 1448.344769][T21949]  ? is_bpf_text_address+0x26/0x2b0
[ 1448.344794][T21949]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1448.344809][T21949]  ? __lock_acquire+0x6b5/0x2cf0
[ 1448.344837][T21949]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1448.344855][T21949]  netlink_unicast+0x80f/0x9b0
[ 1448.344869][T21949]  ? __pfx_netlink_unicast+0x10/0x10
[ 1448.344881][T21949]  ? netlink_sendmsg+0x650/0xb40
[ 1448.344891][T21949]  ? skb_put+0x11b/0x210
[ 1448.344904][T21949]  netlink_sendmsg+0x813/0xb40
[ 1448.344920][T21949]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1448.344933][T21949]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1448.344945][T21949]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1448.344957][T21949]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1448.344967][T21949]  ____sys_sendmsg+0xa68/0xad0
[ 1448.344985][T21949]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1448.345001][T21949]  ? kstrtoull+0x12f/0x1d0
[ 1448.345015][T21949]  ___sys_sendmsg+0x2a5/0x360
[ 1448.345031][T21949]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1448.345046][T21949]  ? get_pid_task+0x20/0x1f0
[ 1448.345055][T21949]  ? get_pid_task+0x20/0x1f0
[ 1448.345062][T21949]  ? get_pid_task+0x20/0x1f0
[ 1448.345082][T21949]  ? __fget_files+0x2a/0x420
[ 1448.345096][T21949]  ? __fget_files+0x3a0/0x420
[ 1448.345114][T21949]  __sys_sendmsg+0x183/0x260
[ 1448.345128][T21949]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1448.345151][T21949]  __do_fast_syscall_32+0x20d/0x640
[ 1448.345162][T21949]  ? do_fast_syscall_32+0x33/0x70
[ 1448.345170][T21949]  ? asm_int80_emulation+0x1a/0x20
[ 1448.345180][T21949]  ? do_int80_emulation+0x274/0x4d0
[ 1448.345188][T21949]  ? trace_irq_disable+0x3b/0x150
[ 1448.345204][T21949]  do_fast_syscall_32+0x33/0x70
[ 1448.345213][T21949]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1448.345225][T21949] RIP: 0023:0xf7f97f6c
[ 1448.345234][T21949] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1448.345243][T21949] RSP: 002b:00000000f545650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1448.345255][T21949] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[ 1448.345262][T21949] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1448.345267][T21949] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1448.345272][T21949] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1448.345278][T21949] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1448.345291][T21949]  </TASK>
[ 1449.267875][T21955] program syz.5.8041 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1450.508990][T21975] FAULT_INJECTION: forcing a failure.
[ 1450.508990][T21975] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1450.532173][T21975] CPU: 0 UID: 0 PID: 21975 Comm: syz.3.8045 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1450.532200][T21975] Tainted: [L]=SOFTLOCKUP
[ 1450.532207][T21975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1450.532217][T21975] Call Trace:
[ 1450.532224][T21975]  <TASK>
[ 1450.532231][T21975]  dump_stack_lvl+0xe8/0x150
[ 1450.532268][T21975]  should_fail_ex+0x412/0x560
[ 1450.532295][T21975]  _copy_to_iter+0x1e4/0x17d0
[ 1450.532318][T21975]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1450.532343][T21975]  ? __pfx__copy_to_iter+0x10/0x10
[ 1450.532362][T21975]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1450.532383][T21975]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1450.532405][T21975]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1450.532424][T21975]  ? __skb_try_recv_datagram+0x3d4/0x4d0
[ 1450.532453][T21975]  __skb_datagram_iter+0xf8/0x980
[ 1450.532479][T21975]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 1450.532508][T21975]  skb_copy_datagram_iter+0xb5/0x270
[ 1450.532534][T21975]  netlink_recvmsg+0x2c3/0xa50
[ 1450.532561][T21975]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1450.532585][T21975]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1450.532606][T21975]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1450.532623][T21975]  ? security_socket_recvmsg+0x7e/0x2c0
[ 1450.532647][T21975]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1450.532667][T21975]  sock_recvmsg+0x22c/0x270
[ 1450.532688][T21975]  __sys_recvfrom+0x240/0x3c0
[ 1450.532713][T21975]  ? __pfx___sys_recvfrom+0x10/0x10
[ 1450.532764][T21975]  __ia32_compat_sys_socketcall+0x898/0xa10
[ 1450.532790][T21975]  ? __pfx___ia32_compat_sys_socketcall+0x10/0x10
[ 1450.532818][T21975]  ? ksys_write+0x242/0x270
[ 1450.532838][T21975]  ? __pfx_ksys_write+0x10/0x10
[ 1450.532859][T21975]  ? asm_int80_emulation+0x1a/0x20
[ 1450.532879][T21975]  do_int80_emulation+0x173/0x4d0
[ 1450.532895][T21975]  ? trace_irq_disable+0x3b/0x150
[ 1450.532918][T21975]  ? asm_int80_emulation+0x1a/0x20
[ 1450.532934][T21975]  ? clear_bhb_loop+0x40/0x90
[ 1450.532950][T21975]  ? clear_bhb_loop+0x40/0x90
[ 1450.532969][T21975]  asm_int80_emulation+0x1a/0x20
[ 1450.532985][T21975] RIP: 0023:0xf71f5b6b
[ 1450.533000][T21975] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 1450.533014][T21975] RSP: 002b:00000000f54b535c EFLAGS: 00000246 ORIG_RAX: 0000000000000066
[ 1450.533032][T21975] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f54b540c
[ 1450.533044][T21975] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1450.533054][T21975] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1450.533064][T21975] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1450.533075][T21975] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1450.533098][T21975]  </TASK>
[ 1450.812895][T21977] "syz.5.8046" (21977) uses obsolete ecb(arc4) skcipher
[ 1451.116467][T21981] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8047'.
[ 1452.020861][T22001] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1452.044565][T21982] usb usb8: usbfs: process 21982 (syz.5.8048) did not claim interface 0 before use
[ 1452.217385][T22001] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8053'.
[ 1452.390172][   T29] kauditd_printk_skb: 18 callbacks suppressed
[ 1452.390191][   T29] audit: type=1800 audit(1771671133.059:1076): pid=21988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.8051" name="bus" dev="ramfs" ino=306391 res=0 errno=0
[ 1452.785346][T22017] ip6_vti0: Caught tx_queue_len zero misconfig
[ 1452.847927][   T35] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1452.861067][   T35] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1452.872157][   T35] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1452.888488][   T35] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1454.559862][T22067] ALSA: seq fatal error: cannot create timer (-22)
[ 1454.883863][T21991] delete_channel: no stack
[ 1455.091339][T22085] FAULT_INJECTION: forcing a failure.
[ 1455.091339][T22085] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1455.106045][T22085] CPU: 0 UID: 0 PID: 22085 Comm: syz.3.8072 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1455.106074][T22085] Tainted: [L]=SOFTLOCKUP
[ 1455.106078][T22085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1455.106085][T22085] Call Trace:
[ 1455.106090][T22085]  <TASK>
[ 1455.106094][T22085]  dump_stack_lvl+0xe8/0x150
[ 1455.106124][T22085]  should_fail_ex+0x412/0x560
[ 1455.106148][T22085]  _copy_to_iter+0x404/0x17d0
[ 1455.106181][T22085]  ? __pfx__copy_to_iter+0x10/0x10
[ 1455.106203][T22085]  ? traverse+0x544/0x580
[ 1455.106223][T22085]  seq_read_iter+0x2e9/0xe10
[ 1455.106234][T22085]  ? __lock_acquire+0x6b5/0x2cf0
[ 1455.106250][T22085]  ? __asan_memset+0x22/0x50
[ 1455.106267][T22085]  seq_read+0x367/0x480
[ 1455.106282][T22085]  ? __pfx_seq_read+0x10/0x10
[ 1455.106296][T22085]  ? apparmor_file_permission+0x17f/0x1f0
[ 1455.106316][T22085]  ? __pfx_seq_read+0x10/0x10
[ 1455.106325][T22085]  proc_reg_read+0x1e9/0x2e0
[ 1455.106340][T22085]  ? __pfx_proc_reg_read+0x10/0x10
[ 1455.106354][T22085]  vfs_read+0x20c/0xa70
[ 1455.106368][T22085]  ? __pfx_vfs_read+0x10/0x10
[ 1455.106378][T22085]  ? __fget_files+0x2a/0x420
[ 1455.106393][T22085]  ? __fget_files+0x2a/0x420
[ 1455.106405][T22085]  ? __fget_files+0x3a0/0x420
[ 1455.106417][T22085]  ? __fget_files+0x2a/0x420
[ 1455.106434][T22085]  ksys_pread64+0x126/0x1c0
[ 1455.106445][T22085]  ? __pfx_ksys_pread64+0x10/0x10
[ 1455.106458][T22085]  ? __ia32_sys_ia32_pread64+0x20/0xd0
[ 1455.106472][T22085]  __do_fast_syscall_32+0x20d/0x640
[ 1455.106482][T22085]  ? do_fast_syscall_32+0x33/0x70
[ 1455.106491][T22085]  ? asm_int80_emulation+0x1a/0x20
[ 1455.106500][T22085]  ? do_int80_emulation+0x274/0x4d0
[ 1455.106509][T22085]  ? trace_irq_disable+0x3b/0x150
[ 1455.106525][T22085]  do_fast_syscall_32+0x33/0x70
[ 1455.106534][T22085]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1455.106546][T22085] RIP: 0023:0xf7ff8f6c
[ 1455.106556][T22085] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1455.106564][T22085] RSP: 002b:00000000f54b650c EFLAGS: 00000206 ORIG_RAX: 00000000000000b4
[ 1455.106575][T22085] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000480
[ 1455.106582][T22085] RDX: 00000000000000d0 RSI: 0000000000000002 RDI: 0000000000000000
[ 1455.106589][T22085] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1455.106594][T22085] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1455.106600][T22085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1455.106614][T22085]  </TASK>
[ 1456.721176][T22130] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8085'.
[ 1456.762660][T22130] FAULT_INJECTION: forcing a failure.
[ 1456.762660][T22130] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1456.786334][T15739] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[ 1456.804920][T22130] CPU: 1 UID: 0 PID: 22130 Comm: syz.4.8085 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1456.804954][T22130] Tainted: [L]=SOFTLOCKUP
[ 1456.804959][T22130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1456.804965][T22130] Call Trace:
[ 1456.804970][T22130]  <TASK>
[ 1456.804974][T22130]  dump_stack_lvl+0xe8/0x150
[ 1456.804993][T22130]  should_fail_ex+0x412/0x560
[ 1456.805008][T22130]  _copy_from_iter+0x1d3/0x1670
[ 1456.805026][T22130]  ? __pfx__copy_from_iter+0x10/0x10
[ 1456.805037][T22130]  ? sock_alloc_send_pskb+0x896/0x990
[ 1456.805055][T22130]  ? __pfx__copy_from_iter+0x10/0x10
[ 1456.805068][T22130]  ? page_copy_sane+0x16a/0x270
[ 1456.805080][T22130]  copy_page_from_iter+0xdd/0x170
[ 1456.805094][T22130]  skb_copy_datagram_from_iter+0x306/0x710
[ 1456.805115][T22130]  tun_get_user+0xc38/0x3dd0
[ 1456.805133][T22130]  ? aa_file_perm+0x12d/0x1630
[ 1456.805148][T22130]  ? aa_file_perm+0x440/0x1630
[ 1456.805159][T22130]  ? __pfx_tun_get_user+0x10/0x10
[ 1456.805171][T22130]  ? __lock_acquire+0x6b5/0x2cf0
[ 1456.805185][T22130]  ? __lock_acquire+0x6b5/0x2cf0
[ 1456.805201][T22130]  ? ref_tracker_alloc+0x363/0x4d0
[ 1456.805217][T22130]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1456.805236][T22130]  ? get_pid_task+0x20/0x1f0
[ 1456.805258][T22130]  ? tun_get+0x1c/0x2f0
[ 1456.805281][T22130]  ? tun_get+0x1c/0x2f0
[ 1456.805300][T22130]  ? tun_get+0x1c/0x2f0
[ 1456.805313][T22130]  tun_chr_write_iter+0x113/0x200
[ 1456.805327][T22130]  vfs_write+0x61d/0xb90
[ 1456.805341][T22130]  ? __pfx_vfs_write+0x10/0x10
[ 1456.805355][T22130]  ? __fget_files+0x2a/0x420
[ 1456.805373][T22130]  ksys_write+0x150/0x270
[ 1456.805383][T22130]  ? __pfx_ksys_write+0x10/0x10
[ 1456.805397][T22130]  __do_fast_syscall_32+0x20d/0x640
[ 1456.805408][T22130]  ? do_fast_syscall_32+0x33/0x70
[ 1456.805417][T22130]  ? asm_int80_emulation+0x1a/0x20
[ 1456.805427][T22130]  ? do_int80_emulation+0x274/0x4d0
[ 1456.805438][T22130]  do_fast_syscall_32+0x33/0x70
[ 1456.805447][T22130]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1456.805464][T22130] RIP: 0023:0xf709ef6c
[ 1456.805474][T22130] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1456.805482][T22130] RSP: 002b:00000000f548d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1456.805493][T22130] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800002c0
[ 1456.805500][T22130] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000
[ 1456.805506][T22130] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1456.805512][T22130] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1456.805517][T22130] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1456.805531][T22130]  </TASK>
[ 1457.400425][T15739] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1457.410821][T15739] usb 6-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1457.426945][T15739] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1457.437445][T15739] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1457.458803][T15739] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1457.519893][T15739] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1457.591751][T22156] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8087'.
[ 1457.701250][T22158] netlink: 'syz.4.8088': attribute type 61 has an invalid length.
[ 1459.966047][T22203] netlink: 104 bytes leftover after parsing attributes in process `syz.4.8097'.
[ 1459.988514][T22203] netlink: 104 bytes leftover after parsing attributes in process `syz.4.8097'.
[ 1460.021219][T15750] usb 6-1: USB disconnect, device number 34
[ 1460.187655][T22120] delete_channel: no stack
[ 1460.446101][T22227] binder: 22226:22227 ioctl c0306201 80000180 returned -14
[ 1460.643324][T22231] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[ 1461.346201][T29903] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[ 1461.496446][T29903] usb 2-1: Using ep0 maxpacket: 8
[ 1461.503092][T29903] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1461.514252][T29903] usb 2-1: config 179 has no interface number 0
[ 1461.542144][T29903] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1461.566426][T29903] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1461.578010][T29903] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1461.589347][T29903] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1461.603811][T29903] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1461.617558][T29903] usb 2-1: config 179 interface 65 has no altsetting 0
[ 1461.626246][T29903] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1461.640931][T29903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1461.672872][T29903] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input167
[ 1461.930628][T22233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1461.941342][T22233] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1461.954349][T29903] usb 2-1: USB disconnect, device number 96
[ 1462.411693][T22335] bridge_slave_0: left promiscuous mode
[ 1462.446392][T22335] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1462.477095][T22335] bridge_slave_1: left allmulticast mode
[ 1462.484315][T22335] bridge_slave_1: left promiscuous mode
[ 1462.510211][T22338] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8113'.
[ 1462.510345][T22335] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1462.590792][T22335] bond0: (slave bond_slave_0): Releasing backup interface
[ 1462.665036][T22335] bond0: (slave bond_slave_1): Releasing backup interface
[ 1462.688399][T22335] team0: Port device team_slave_0 removed
[ 1462.695251][T22335] team0: Port device team_slave_1 removed
[ 1462.703730][T22335] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1462.720539][T22335] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1462.734009][T22351] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8114'.
[ 1462.747464][T22335] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1462.808306][T22349] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1462.886287][T22350] syzkaller0: entered promiscuous mode
[ 1462.892482][T22350] syzkaller0: entered allmulticast mode
[ 1463.112100][T22372] FAULT_INJECTION: forcing a failure.
[ 1463.112100][T22372] name failslab, interval 1, probability 0, space 0, times 0
[ 1463.139428][T22372] CPU: 0 UID: 0 PID: 22372 Comm: syz.1.8117 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1463.139457][T22372] Tainted: [L]=SOFTLOCKUP
[ 1463.139464][T22372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1463.139474][T22372] Call Trace:
[ 1463.139482][T22372]  <TASK>
[ 1463.139491][T22372]  dump_stack_lvl+0xe8/0x150
[ 1463.139516][T22372]  should_fail_ex+0x412/0x560
[ 1463.139532][T22372]  should_failslab+0xa8/0x100
[ 1463.139546][T22372]  __kvmalloc_node_noprof+0x178/0x8a0
[ 1463.139557][T22372]  ? __nf_register_net_hook+0x232/0x930
[ 1463.139571][T22372]  ? nf_hook_entries_grow+0x288/0x720
[ 1463.139586][T22372]  nf_hook_entries_grow+0x288/0x720
[ 1463.139605][T22372]  __nf_register_net_hook+0x2c9/0x930
[ 1463.139622][T22372]  nf_register_net_hook+0xb2/0x190
[ 1463.139636][T22372]  nf_register_net_hooks+0x44/0x1b0
[ 1463.139650][T22372]  nf_ct_netns_do_get+0x212/0x5c0
[ 1463.139663][T22372]  ? rcu_is_watching+0x15/0xb0
[ 1463.139678][T22372]  ? __pfx_nf_ct_netns_do_get+0x10/0x10
[ 1463.139692][T22372]  ? __kmalloc_noprof+0x37d/0x760
[ 1463.139706][T22372]  ? nf_ct_netns_get+0xe9/0x320
[ 1463.139728][T22372]  nf_tables_newrule+0x17ac/0x28b0
[ 1463.139764][T22372]  ? __pfx_nf_tables_newrule+0x10/0x10
[ 1463.139786][T22372]  ? nfnl_pernet+0x23/0x240
[ 1463.139801][T22372]  ? __nla_parse+0x40/0x60
[ 1463.139815][T22372]  nfnetlink_rcv+0x1240/0x27b0
[ 1463.139825][T22372]  ? is_bpf_text_address+0x26/0x2b0
[ 1463.139852][T22372]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1463.139867][T22372]  ? __lock_acquire+0x6b5/0x2cf0
[ 1463.139897][T22372]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1463.139920][T22372]  netlink_unicast+0x80f/0x9b0
[ 1463.139934][T22372]  ? __pfx_netlink_unicast+0x10/0x10
[ 1463.139945][T22372]  ? netlink_sendmsg+0x650/0xb40
[ 1463.139955][T22372]  ? skb_put+0x11b/0x210
[ 1463.139970][T22372]  netlink_sendmsg+0x813/0xb40
[ 1463.139986][T22372]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1463.139999][T22372]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1463.140012][T22372]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1463.140024][T22372]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1463.140048][T22372]  ____sys_sendmsg+0xa68/0xad0
[ 1463.140078][T22372]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1463.140104][T22372]  ? kstrtoull+0x12f/0x1d0
[ 1463.140119][T22372]  ___sys_sendmsg+0x2a5/0x360
[ 1463.140136][T22372]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1463.140150][T22372]  ? get_pid_task+0x20/0x1f0
[ 1463.140159][T22372]  ? get_pid_task+0x20/0x1f0
[ 1463.140167][T22372]  ? get_pid_task+0x20/0x1f0
[ 1463.140189][T22372]  ? __fget_files+0x2a/0x420
[ 1463.140203][T22372]  ? __fget_files+0x3a0/0x420
[ 1463.140220][T22372]  __sys_sendmsg+0x183/0x260
[ 1463.140235][T22372]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1463.140260][T22372]  __do_fast_syscall_32+0x20d/0x640
[ 1463.140270][T22372]  ? do_fast_syscall_32+0x33/0x70
[ 1463.140280][T22372]  ? asm_int80_emulation+0x1a/0x20
[ 1463.140290][T22372]  ? do_int80_emulation+0x274/0x4d0
[ 1463.140299][T22372]  ? trace_irq_disable+0x3b/0x150
[ 1463.140314][T22372]  do_fast_syscall_32+0x33/0x70
[ 1463.140324][T22372]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1463.140336][T22372] RIP: 0023:0xf70aef6c
[ 1463.140346][T22372] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1463.140355][T22372] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1463.140367][T22372] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[ 1463.140374][T22372] RDX: 0000000024000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1463.140380][T22372] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1463.140386][T22372] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1463.140392][T22372] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1463.140406][T22372]  </TASK>
[ 1463.846822][T22388] bond0: (slave syz_tun): Releasing backup interface
[ 1463.863203][T22388] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1463.900281][T22388] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8120'.
[ 1464.446335][T14581] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[ 1464.579248][   T29] audit: type=1800 audit(1771671145.269:1077): pid=22383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.8119" name="bus" dev="ramfs" ino=307844 res=0 errno=0
[ 1464.616253][T14581] usb 5-1: Using ep0 maxpacket: 32
[ 1464.624468][T14581] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1464.635876][T14581] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1464.647596][T14581] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1464.659676][T14581] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1464.671743][T14581] usb 5-1: config 0 descriptor??
[ 1464.683541][T14581] hub 5-1:0.0: USB hub found
[ 1464.881018][T14581] hub 5-1:0.0: 1 port detected
[ 1464.930166][T22428] FAULT_INJECTION: forcing a failure.
[ 1464.930166][T22428] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1464.973093][T22428] CPU: 1 UID: 0 PID: 22428 Comm: syz.0.8126 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1464.973123][T22428] Tainted: [L]=SOFTLOCKUP
[ 1464.973137][T22428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1464.973148][T22428] Call Trace:
[ 1464.973157][T22428]  <TASK>
[ 1464.973165][T22428]  dump_stack_lvl+0xe8/0x150
[ 1464.973186][T22428]  should_fail_ex+0x412/0x560
[ 1464.973201][T22428]  _copy_to_user+0x31/0xb0
[ 1464.973217][T22428]  simple_read_from_buffer+0xe1/0x170
[ 1464.973241][T22428]  proc_fail_nth_read+0x1bb/0x230
[ 1464.973268][T22428]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1464.973295][T22428]  ? rw_verify_area+0x2a6/0x4d0
[ 1464.973312][T22428]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1464.973328][T22428]  vfs_read+0x20c/0xa70
[ 1464.973336][T22428]  ? fdget_pos+0x246/0x320
[ 1464.973352][T22428]  ? __pfx___mutex_lock+0x10/0x10
[ 1464.973368][T22428]  ? __pfx_vfs_read+0x10/0x10
[ 1464.973380][T22428]  ? __fget_files+0x2a/0x420
[ 1464.973405][T22428]  ? __fget_files+0x3a0/0x420
[ 1464.973428][T22428]  ? __fget_files+0x2a/0x420
[ 1464.973456][T22428]  ksys_read+0x150/0x270
[ 1464.973476][T22428]  ? __pfx_ksys_read+0x10/0x10
[ 1464.973497][T22428]  ? asm_int80_emulation+0x1a/0x20
[ 1464.973520][T22428]  do_int80_emulation+0x173/0x4d0
[ 1464.973532][T22428]  ? trace_irq_disable+0x3b/0x150
[ 1464.973553][T22428]  ? asm_int80_emulation+0x1a/0x20
[ 1464.973570][T22428]  ? clear_bhb_loop+0x40/0x90
[ 1464.973587][T22428]  ? clear_bhb_loop+0x40/0x90
[ 1464.973609][T22428]  asm_int80_emulation+0x1a/0x20
[ 1464.973625][T22428] RIP: 0023:0xf7125b6b
[ 1464.973636][T22428] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 1464.973644][T22428] RSP: 002b:00000000f53dd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 1464.973656][T22428] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f53dd5d0
[ 1464.973663][T22428] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[ 1464.973669][T22428] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1464.973675][T22428] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1464.973680][T22428] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1464.973703][T22428]  </TASK>
[ 1465.327188][T15750] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[ 1465.447073][T22441] netlink: 'syz.1.8129': attribute type 39 has an invalid length.
[ 1465.486185][T15750] usb 6-1: Using ep0 maxpacket: 8
[ 1465.492850][T15750] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[ 1465.501436][T15750] usb 6-1: config 179 has no interface number 0
[ 1465.513276][T15750] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1465.525879][T15750] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1465.541910][T15750] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1465.560183][T15750] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1465.571686][T15750] usb 6-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1465.586248][T15750] usb 6-1: config 179 interface 65 has no altsetting 0
[ 1465.595074][T15750] usb 6-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1465.606679][T14581] hub 5-1:0.0: activate --> -90
[ 1465.614746][T15750] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1465.687250][T15750] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input168
[ 1465.825152][T14581] hub 5-1:0.0: hub_ext_port_status failed (err = -71)
[ 1465.825463][T29903] usb 5-1: USB disconnect, device number 74
[ 1465.975889][T22478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1465.990499][T22478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1465.995405][T22476] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1466.009969][T15739] usb 6-1: USB disconnect, device number 35
[ 1466.136622][T14581] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[ 1466.286184][T14581] usb 2-1: Using ep0 maxpacket: 32
[ 1466.294714][T14581] usb 2-1: config 0 has an invalid interface number: 145 but max is 1
[ 1466.304413][T14581] usb 2-1: config 0 has an invalid interface number: 43 but max is 1
[ 1466.315185][T14581] usb 2-1: config 0 has no interface number 0
[ 1466.323057][T14581] usb 2-1: config 0 has no interface number 1
[ 1466.329433][T14581] usb 2-1: config 0 interface 43 altsetting 250 bulk endpoint 0xF has invalid maxpacket 1023
[ 1466.344803][T14581] usb 2-1: config 0 interface 43 altsetting 250 has a duplicate endpoint with address 0x2, skipping
[ 1466.359343][T14581] usb 2-1: config 0 interface 43 altsetting 250 has an endpoint descriptor with address 0xCE, changing to 0x8E
[ 1466.376771][T14581] usb 2-1: config 0 interface 43 altsetting 250 endpoint 0x8E has an invalid bInterval 180, changing to 11
[ 1466.388401][T14581] usb 2-1: config 0 interface 43 altsetting 250 endpoint 0x8E has invalid maxpacket 16902, setting to 1024
[ 1466.401473][T14581] usb 2-1: config 0 interface 43 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1466.426253][T14581] usb 2-1: config 0 interface 145 has no altsetting 0
[ 1466.434302][T14581] usb 2-1: config 0 interface 43 has no altsetting 0
[ 1466.442158][   T35] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1466.451214][   T35] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1466.462257][   T35] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1466.475406][   T35] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1466.488246][T14581] usb 2-1: New USB device found, idVendor=06cd, idProduct=0104, bcdDevice=c8.6a
[ 1466.497448][T14581] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1466.505409][T14581] usb 2-1: Product: syz
[ 1466.510054][T14581] usb 2-1: Manufacturer: syz
[ 1466.514635][T14581] usb 2-1: SerialNumber: syz
[ 1466.527004][T14581] usb 2-1: config 0 descriptor??
[ 1466.742155][T22468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1466.774555][T22468] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1466.835623][T14581] keyspan_pda 2-1:0.145: required endpoints missing
[ 1466.847359][T14581] keyspan_pda 2-1:0.43: Keyspan PDA converter detected
[ 1466.859723][T14581] usb 2-1: Keyspan PDA converter now attached to ttyUSB0
[ 1466.876699][T14581] usb 2-1: USB disconnect, device number 97
[ 1466.907150][T14581] keyspan_pda ttyUSB0: Keyspan PDA converter now disconnected from ttyUSB0
[ 1466.921911][T14581] keyspan_pda 2-1:0.43: device disconnected
[ 1467.074215][T22533] usb usb8: usbfs: process 22533 (syz.4.8137) did not claim interface 0 before use
[ 1467.106810][T14581] tipc: Node number set to 2199983647
[ 1467.451653][   T29] audit: type=1800 audit(1771671148.139:1078): pid=22509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.8136" name="bus" dev="ramfs" ino=307935 res=0 errno=0
[ 1467.629215][T14581] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[ 1467.788841][T14581] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1467.799985][T14581] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1467.811364][T14581] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1467.830024][T14581] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1467.848649][T14581] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1467.857262][T14581] usb 2-1: Product: syz
[ 1467.862432][T14581] usb 2-1: Manufacturer: syz
[ 1467.868309][T14581] usb 2-1: SerialNumber: syz
[ 1467.883037][T14581] hub 2-1:1.0: bad descriptor, ignoring hub
[ 1467.889888][T14581] hub 2-1:1.0: probe with driver hub failed with error -5
[ 1468.086287][T15750] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1468.095499][T14581] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 98 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1468.258670][T15750] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1468.273917][T15750] usb 6-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1468.287014][T15750] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1468.296064][T15750] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1468.325248][T15750] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1468.329772][T22539] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1500) !
[ 1468.440093][T15750] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1468.697530][T15739] usb 2-1: USB disconnect, device number 98
[ 1468.705104][T15739] usblp0: removed
[ 1469.426305][T15750] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[ 1469.586457][T15750] usb 2-1: Using ep0 maxpacket: 8
[ 1469.594243][T15750] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1469.603335][T15750] usb 2-1: config 179 has no interface number 0
[ 1469.611176][T15750] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1469.622730][T15750] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1469.634374][T15750] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1469.646295][T15750] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1469.656715][T15750] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1469.670270][T15750] usb 2-1: config 179 interface 65 has no altsetting 0
[ 1469.677221][T15750] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1469.686449][T15750] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1469.713170][T15750] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input169
[ 1469.969060][T22636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1469.985803][T22636] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1470.001857][T15750] usb 2-1: USB disconnect, device number 99
[ 1470.310857][T22691] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8155'.
[ 1470.575248][T22705] netlink: 'syz.1.8158': attribute type 15 has an invalid length.
[ 1470.685980][T14581] usb 6-1: USB disconnect, device number 36
[ 1470.698929][T22545] delete_channel: no stack
[ 1470.701714][T22728] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8158'.
[ 1470.803469][T22754] bridge0: entered promiscuous mode
[ 1470.816294][T22754] bridge0: entered allmulticast mode
[ 1470.823346][T22754] team0: Port device bridge0 added
[ 1471.042405][T22774] netlink: 'syz.5.8165': attribute type 1 has an invalid length.
[ 1471.364714][T22785] x_tables: duplicate underflow at hook 4
[ 1471.766212][T15750] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[ 1471.916264][T15750] usb 2-1: Using ep0 maxpacket: 8
[ 1471.923206][T15750] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1471.932549][T15750] usb 2-1: config 179 has no interface number 0
[ 1471.939915][T15750] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1471.952116][T15750] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1471.965028][T15750] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1471.978248][T15750] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1471.990077][T15750] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1472.006252][T15750] usb 2-1: config 179 interface 65 has no altsetting 0
[ 1472.013178][T15750] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1472.024436][T15750] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1472.026308][T15739] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[ 1472.072984][T15750] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input170
[ 1472.188750][T15739] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1472.199699][T15739] usb 6-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1472.213440][T15739] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1472.223854][T15739] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1472.252051][T15739] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1472.351507][T22839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1472.382719][T15739] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1472.402252][T22839] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1472.426571][T15739] usb 2-1: USB disconnect, device number 100
[ 1472.542359][T22858] FAULT_INJECTION: forcing a failure.
[ 1472.542359][T22858] name failslab, interval 1, probability 0, space 0, times 0
[ 1472.555401][T22858] CPU: 1 UID: 0 PID: 22858 Comm: syz.4.8174 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1472.555430][T22858] Tainted: [L]=SOFTLOCKUP
[ 1472.555437][T22858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1472.555447][T22858] Call Trace:
[ 1472.555455][T22858]  <TASK>
[ 1472.555463][T22858]  dump_stack_lvl+0xe8/0x150
[ 1472.555492][T22858]  should_fail_ex+0x412/0x560
[ 1472.555518][T22858]  should_failslab+0xa8/0x100
[ 1472.555541][T22858]  __kmalloc_cache_noprof+0x88/0x660
[ 1472.555562][T22858]  ? sctp_add_bind_addr+0x8c/0x370
[ 1472.555582][T22858]  ? __pfx_sctp_get_port_local+0x10/0x10
[ 1472.555610][T22858]  sctp_add_bind_addr+0x8c/0x370
[ 1472.555629][T22858]  ? sctp_auto_asconf_init+0x15c/0x1e0
[ 1472.555657][T22858]  sctp_do_bind+0x5b2/0x9d0
[ 1472.555692][T22858]  sctp_connect_new_asoc+0x270/0x6b0
[ 1472.555718][T22858]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1472.555746][T22858]  ? __local_bh_enable_ip+0xd0/0x130
[ 1472.555765][T22858]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1472.555785][T22858]  ? security_sctp_bind_connect+0x7e/0x2c0
[ 1472.555813][T22858]  sctp_sendmsg+0x1528/0x2c10
[ 1472.555852][T22858]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1472.555875][T22858]  ? aa_sk_perm+0x15a/0x960
[ 1472.555896][T22858]  ? aa_sk_perm+0x82d/0x960
[ 1472.555922][T22858]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1472.555944][T22858]  ? sock_rps_record_flow+0x19/0x400
[ 1472.555971][T22858]  ? inet_sendmsg+0x2f4/0x370
[ 1472.555998][T22858]  __sys_sendto+0x627/0x7a0
[ 1472.556021][T22858]  ? __pfx___sys_sendto+0x10/0x10
[ 1472.556063][T22858]  ? fput+0xa0/0xd0
[ 1472.556087][T22858]  ? ksys_write+0x242/0x270
[ 1472.556111][T22858]  __ia32_sys_sendto+0xdd/0x100
[ 1472.556135][T22858]  __do_fast_syscall_32+0x20d/0x640
[ 1472.556153][T22858]  ? do_fast_syscall_32+0x33/0x70
[ 1472.556168][T22858]  ? asm_int80_emulation+0x1a/0x20
[ 1472.556183][T22858]  ? do_int80_emulation+0x274/0x4d0
[ 1472.556197][T22858]  ? trace_irq_disable+0x3b/0x150
[ 1472.556224][T22858]  do_fast_syscall_32+0x33/0x70
[ 1472.556240][T22858]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1472.556260][T22858] RIP: 0023:0xf709ef6c
[ 1472.556276][T22858] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1472.556291][T22858] RSP: 002b:00000000f548d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[ 1472.556309][T22858] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[ 1472.556322][T22858] RDX: 0000000000000001 RSI: 0000000000000051 RDI: 0000000080000080
[ 1472.556332][T22858] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[ 1472.556342][T22858] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1472.556359][T22858] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1472.556384][T22858]  </TASK>
[ 1473.146367][T15750] usb 5-1: new full-speed USB device number 75 using dummy_hcd
[ 1473.297434][T15750] usb 5-1: config 0 has an invalid interface number: 128 but max is 0
[ 1473.305796][T15750] usb 5-1: config 0 has no interface number 0
[ 1473.312064][T15750] usb 5-1: config 0 interface 128 altsetting 6 endpoint 0x5 has invalid maxpacket 1024, setting to 1023
[ 1473.323730][T15750] usb 5-1: config 0 interface 128 has no altsetting 0
[ 1473.332258][T15750] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=95.91
[ 1473.341820][T15750] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=1
[ 1473.349922][T15750] usb 5-1: Product: syz
[ 1473.354199][T15750] usb 5-1: Manufacturer: syz
[ 1473.358950][T15750] usb 5-1: SerialNumber: syz
[ 1473.368175][T15750] usb 5-1: config 0 descriptor??
[ 1473.376617][T15750] radio-si470x 5-1:0.128: could not find interrupt in endpoint
[ 1473.384244][T15750] radio-si470x 5-1:0.128: probe with driver radio-si470x failed with error -5
[ 1473.394905][T15750] usbhid 5-1:0.128: couldn't find an input interrupt endpoint
[ 1473.579144][T29903] usb 5-1: USB disconnect, device number 75
[ 1473.638197][T15739] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[ 1473.806180][T15739] usb 2-1: Using ep0 maxpacket: 32
[ 1473.812705][T15739] usb 2-1: config 0 has an invalid interface number: 35 but max is 0
[ 1473.821078][T15739] usb 2-1: config 0 has no interface number 0
[ 1473.828944][T15739] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[ 1473.838221][T15739] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1473.846280][T15739] usb 2-1: Product: syz
[ 1473.850487][T15739] usb 2-1: Manufacturer: syz
[ 1473.855119][T15739] usb 2-1: SerialNumber: syz
[ 1473.862305][T15739] usb 2-1: config 0 descriptor??
[ 1473.870223][T15739] radio-si470x 2-1:0.35: could not find interrupt in endpoint
[ 1473.877797][T15739] radio-si470x 2-1:0.35: probe with driver radio-si470x failed with error -5
[ 1474.069814][T15739] radio-raremono 2-1:0.35: this is not Thanko's Raremono.
[ 1474.077932][T15739] usbhid 2-1:0.35: couldn't find an input interrupt endpoint
[ 1474.669574][T15739] usb 2-1: USB disconnect, device number 101
[ 1475.280422][T22918] syzkaller0: left promiscuous mode
[ 1475.285654][T22918] syzkaller0: left allmulticast mode
[ 1475.545759][T15739] usb 6-1: USB disconnect, device number 37
[ 1475.968829][T22809] delete_channel: no stack
[ 1476.525642][T22959] fuse: Unknown parameter 'use00000000000000000000'
[ 1476.660194][T22967] syzkaller0: entered promiscuous mode
[ 1476.681738][T22967] syzkaller0: entered allmulticast mode
[ 1476.807569][T15739] usb 2-1: new high-speed USB device number 102 using dummy_hcd
[ 1476.976390][T15739] usb 2-1: Using ep0 maxpacket: 8
[ 1476.985482][T22976] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1476.985918][T15739] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1477.006323][T15739] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1477.017352][T15739] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1477.027654][T15739] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1477.041438][T15739] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1477.042277][T22976] syzkaller0: mtu greater than device maximum
[ 1477.067210][T15739] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1477.311997][T15739] usb 2-1: usb_control_msg returned -32
[ 1477.320913][T15739] usbtmc 2-1:16.0: can't read capabilities
[ 1477.689687][T22994] vivid-002: disconnect
[ 1478.097497][T15750] tipc: Node number set to 444804370
[ 1478.140323][T23022] ALSA: mixer_oss: invalid OSS volume '�óõ’£ërÇ3x»ÁCð±'
[ 1478.155870][T23022] ALSA: mixer_oss: invalid OSS volume 'εë§.Sxç'Fæªè¢Üû([½ejp[q%V•hÄ'
[ 1478.257064][T15739] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[ 1478.328552][T23027] syzkaller0: entered promiscuous mode
[ 1478.340114][T23027] syzkaller0: entered allmulticast mode
[ 1478.396238][T29903] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[ 1478.418774][T15739] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1478.476308][T15739] usb 6-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1478.489678][T15739] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1478.501200][T15739] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1478.540153][T15739] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1478.624329][T15739] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1478.707802][T29903] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1478.719449][T29903] usb 5-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1478.732851][T29903] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1478.742323][T29903] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1478.777923][T29903] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1478.857007][T29903] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1479.539594][T29903] usb 2-1: USB disconnect, device number 102
[ 1480.776246][T29903] usb 2-1: new high-speed USB device number 103 using dummy_hcd
[ 1480.946497][T29903] usb 2-1: Using ep0 maxpacket: 8
[ 1480.955689][T29903] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1480.965912][T29903] usb 2-1: config 179 has no interface number 0
[ 1480.973088][T29903] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1480.985035][T29903] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1480.998290][T29903] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1481.009873][T29903] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1481.020518][T29903] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1481.034190][T29903] usb 2-1: config 179 interface 65 has no altsetting 0
[ 1481.041743][T29903] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1481.051170][T29903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1481.078232][T29903] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input171
[ 1481.299761][T29903] usb 6-1: USB disconnect, device number 38
[ 1481.357226][T23011] delete_channel: no stack
[ 1481.363038][T15739] usb 5-1: USB disconnect, device number 76
[ 1481.447445][T23099] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1481.452974][T23020] delete_channel: no stack
[ 1481.458995][T23099] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1481.473238][T14581] usb 2-1: USB disconnect, device number 103
[ 1481.626731][T23140] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8215'.
[ 1481.635693][T23140] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8215'.
[ 1481.745369][T23142] syzkaller0: entered promiscuous mode
[ 1481.751979][T23142] syzkaller0: entered allmulticast mode
[ 1481.968346][T23154] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1481.977201][T23154] syzkaller0: entered promiscuous mode
[ 1481.982664][T23154] syzkaller0: entered allmulticast mode
[ 1482.037877][T23154] syzkaller0: mtu greater than device maximum
[ 1482.060732][T23153] tipc: Resetting bearer <eth:syzkaller0>
[ 1482.108221][T23153] tipc: Disabling bearer <eth:syzkaller0>
[ 1482.136843][T23160] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1482.144476][T23160] syzkaller0: entered promiscuous mode
[ 1482.151812][T23160] syzkaller0: entered allmulticast mode
[ 1482.407648][T14581] usb 6-1: new full-speed USB device number 39 using dummy_hcd
[ 1482.546466][T14581] usb 6-1: device descriptor read/64, error -71
[ 1482.639132][T23192] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8225'.
[ 1482.776294][T15739] usb 2-1: new high-speed USB device number 104 using dummy_hcd
[ 1482.786298][T14581] usb 6-1: new full-speed USB device number 40 using dummy_hcd
[ 1482.916218][T14581] usb 6-1: device descriptor read/64, error -71
[ 1482.929165][T15739] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1482.942655][T15739] usb 2-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1482.963154][T15739] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1482.979670][T15739] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1483.011950][T15739] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1483.026576][T14581] usb usb6-port1: attempt power cycle
[ 1483.079151][T15739] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1483.378326][T14581] usb 6-1: new full-speed USB device number 41 using dummy_hcd
[ 1483.411826][T14581] usb 6-1: device descriptor read/8, error -71
[ 1483.656369][T14581] usb 6-1: new full-speed USB device number 42 using dummy_hcd
[ 1483.676870][T14581] usb 6-1: device descriptor read/8, error -71
[ 1483.786725][T14581] usb usb6-port1: unable to enumerate USB device
[ 1483.902855][T23222] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8230'.
[ 1484.431323][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.438041][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.444685][   T71] bridge_slave_1: left allmulticast mode
[ 1484.450889][   T71] bridge_slave_1: left promiscuous mode
[ 1484.458811][   T71] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1484.467751][   T71] bridge_slave_0: left allmulticast mode
[ 1484.473378][   T71] bridge_slave_0: left promiscuous mode
[ 1484.481937][   T71] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1484.622171][   T71] team0: Port device geneve0 removed
[ 1484.656335][   T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1484.672209][   T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1484.681809][   T71] bond0 (unregistering): Released all slaves
[ 1484.694406][   T71] bond1 (unregistering): Released all slaves
[ 1484.739568][T23240] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1484.748887][T23240] syzkaller0: entered promiscuous mode
[ 1484.755235][T23240] syzkaller0: entered allmulticast mode
[ 1484.793614][T23240] syzkaller0: mtu greater than device maximum
[ 1484.801233][T23239] tipc: Resetting bearer <eth:syzkaller0>
[ 1484.824212][T23239] tipc: Disabling bearer <eth:syzkaller0>
[ 1485.072681][T23159] tipc: Resetting bearer <eth:syzkaller0>
[ 1485.098877][T23159] tipc: Disabling bearer <eth:syzkaller0>
[ 1485.186432][T14581] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[ 1485.334100][T15750] usb 2-1: USB disconnect, device number 104
[ 1485.343686][T14581] usb 5-1: Using ep0 maxpacket: 16
[ 1485.358246][T14581] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1485.371637][T14581] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1485.383615][T23189] delete_channel: no stack
[ 1485.389221][T14581] usb 5-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[ 1485.399461][T14581] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1485.411166][T14581] usb 5-1: config 0 descriptor??
[ 1485.828062][T14581] apple 0003:05AC:0247.0050: unknown main item tag 0x0
[ 1485.835975][T14581] apple 0003:05AC:0247.0050: unknown main item tag 0x0
[ 1485.847364][T14581] apple 0003:05AC:0247.0050: unknown main item tag 0x0
[ 1485.855962][T14581] apple 0003:05AC:0247.0050: unknown main item tag 0x0
[ 1485.863549][T14581] apple 0003:05AC:0247.0050: unknown main item tag 0x0
[ 1485.872564][T14581] apple 0003:05AC:0247.0050: unknown main item tag 0x0
[ 1485.881485][T14581] apple 0003:05AC:0247.0050: unknown main item tag 0x0
[ 1485.889766][T14581] apple 0003:05AC:0247.0050: unknown main item tag 0x0
[ 1485.897971][T14581] apple 0003:05AC:0247.0050: unknown main item tag 0x0
[ 1485.905546][T14581] apple 0003:05AC:0247.0050: unknown main item tag 0x0
[ 1485.917658][T14581] apple 0003:05AC:0247.0050: hidraw0: USB HID v0.00 Device [HID 05ac:0247] on usb-dummy_hcd.4-1/input0
[ 1486.064388][T23248] fuse: Bad value for 'group_id'
[ 1486.074861][T23248] fuse: Bad value for 'group_id'
[ 1486.086723][T15739] usb 5-1: USB disconnect, device number 77
[ 1486.360833][   T71] tipc: Left network mode
[ 1486.579725][   T71] hsr_slave_0: left promiscuous mode
[ 1486.585452][   T71] hsr_slave_1: left promiscuous mode
[ 1486.591707][   T71] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1486.601818][   T71] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1486.843598][   T71] team0 (unregistering): Port device team_slave_1 removed
[ 1486.864116][   T71] team0 (unregistering): Port device team_slave_0 removed
[ 1487.799461][   T71] IPVS: stop unused estimator thread 0...
[ 1488.027560][   T29] audit: type=1326 audit(1771671168.719:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23356 comm="syz.0.8248" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6feef6c code=0x0
[ 1488.108726][T23362] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:20003
[ 1488.124273][T23360] syzkaller0: entered promiscuous mode
[ 1488.130665][T23360] syzkaller0: entered allmulticast mode
[ 1488.656410][T23390] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1488.719548][T23390] tipc: Resetting bearer <eth:syzkaller0>
[ 1488.746522][T14581] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[ 1488.829403][T15747] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[ 1488.842820][T23389] tipc: Disabling bearer <eth:syzkaller0>
[ 1488.902329][T14581] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1488.925424][T14581] usb 5-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1488.946252][T14581] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1488.955504][T14581] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1488.986251][T15747] usb 6-1: Using ep0 maxpacket: 8
[ 1488.997440][T14581] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1489.007084][T15747] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1489.033151][T15747] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1489.074549][T15747] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1489.103648][T15747] usb 6-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[ 1489.139408][T15747] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1489.151319][T14581] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1489.175511][T15747] usb 6-1: config 0 descriptor??
[ 1489.387417][T23397] usb usb8: usbfs: process 23397 (syz.1.8252) did not claim interface 0 before use
[ 1490.627433][T23430] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1490.640526][T23430] syzkaller0: entered promiscuous mode
[ 1490.646864][T23430] syzkaller0: entered allmulticast mode
[ 1490.675093][T23430] tipc: Resetting bearer <eth:syzkaller0>
[ 1490.682996][T23429] tipc: Resetting bearer <eth:syzkaller0>
[ 1490.701379][T23429] tipc: Disabling bearer <eth:syzkaller0>
[ 1490.817135][T23441] FAULT_INJECTION: forcing a failure.
[ 1490.817135][T23441] name failslab, interval 1, probability 0, space 0, times 0
[ 1490.847843][T23441] CPU: 0 UID: 0 PID: 23441 Comm: syz.1.8262 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1490.847876][T23441] Tainted: [L]=SOFTLOCKUP
[ 1490.847883][T23441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1490.847894][T23441] Call Trace:
[ 1490.847902][T23441]  <TASK>
[ 1490.847907][T23441]  dump_stack_lvl+0xe8/0x150
[ 1490.847926][T23441]  should_fail_ex+0x412/0x560
[ 1490.847941][T23441]  should_failslab+0xa8/0x100
[ 1490.847954][T23441]  __kvmalloc_node_noprof+0x178/0x8a0
[ 1490.847966][T23441]  ? alloc_netdev_mqs+0xa6/0x11b0
[ 1490.847981][T23441]  alloc_netdev_mqs+0xa6/0x11b0
[ 1490.847990][T23441]  ? __pfx_macvlan_setup+0x10/0x10
[ 1490.848008][T23441]  rtnl_create_link+0x31f/0xd70
[ 1490.848022][T23441]  rtnl_newlink_create+0x277/0xb70
[ 1490.848035][T23441]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1490.848053][T23441]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1490.848068][T23441]  ? __pfx___mutex_lock+0x10/0x10
[ 1490.848088][T23441]  ? ns_capable+0x89/0xe0
[ 1490.848103][T23441]  rtnl_newlink+0x1666/0x1be0
[ 1490.848122][T23441]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1490.848135][T23441]  ? __lock_acquire+0x6b5/0x2cf0
[ 1490.848150][T23441]  ? __lock_acquire+0x6b5/0x2cf0
[ 1490.848164][T23441]  ? __lock_acquire+0x6b5/0x2cf0
[ 1490.848177][T23441]  ? __lock_acquire+0x6b5/0x2cf0
[ 1490.848194][T23441]  ? unwind_next_frame+0xa5/0x23c0
[ 1490.848219][T23441]  ? __lock_acquire+0x6b5/0x2cf0
[ 1490.848232][T23441]  ? is_bpf_text_address+0x26/0x2b0
[ 1490.848244][T23441]  ? kernel_text_address+0xa5/0xe0
[ 1490.848267][T23441]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1490.848279][T23441]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1490.848293][T23441]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1490.848304][T23441]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1490.848317][T23441]  ? __lock_acquire+0x6b5/0x2cf0
[ 1490.848334][T23441]  netlink_rcv_skb+0x232/0x4b0
[ 1490.848349][T23441]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1490.848361][T23441]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1490.848378][T23441]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1490.848393][T23441]  netlink_unicast+0x80f/0x9b0
[ 1490.848410][T23441]  ? __pfx_netlink_unicast+0x10/0x10
[ 1490.848429][T23441]  ? netlink_sendmsg+0x650/0xb40
[ 1490.848447][T23441]  ? skb_put+0x11b/0x210
[ 1490.848472][T23441]  netlink_sendmsg+0x813/0xb40
[ 1490.848500][T23441]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1490.848515][T23441]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1490.848528][T23441]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1490.848539][T23441]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1490.848550][T23441]  ____sys_sendmsg+0xa68/0xad0
[ 1490.848568][T23441]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1490.848589][T23441]  ___sys_sendmsg+0x2a5/0x360
[ 1490.848606][T23441]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1490.848621][T23441]  ? kstrtoull+0x12f/0x1d0
[ 1490.848645][T23441]  ? __fget_files+0x2a/0x420
[ 1490.848659][T23441]  ? __fget_files+0x3a0/0x420
[ 1490.848682][T23441]  __sys_sendmmsg+0x2e7/0x4e0
[ 1490.848698][T23441]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1490.848725][T23441]  ? fput+0xa0/0xd0
[ 1490.848739][T23441]  ? ksys_write+0x242/0x270
[ 1490.848752][T23441]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[ 1490.848768][T23441]  __do_fast_syscall_32+0x20d/0x640
[ 1490.848778][T23441]  ? do_fast_syscall_32+0x33/0x70
[ 1490.848787][T23441]  ? asm_int80_emulation+0x1a/0x20
[ 1490.848796][T23441]  ? do_int80_emulation+0x274/0x4d0
[ 1490.848805][T23441]  ? trace_irq_disable+0x3b/0x150
[ 1490.848824][T23441]  do_fast_syscall_32+0x33/0x70
[ 1490.848840][T23441]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1490.848860][T23441] RIP: 0023:0xf70aef6c
[ 1490.848876][T23441] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1490.848889][T23441] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[ 1490.848900][T23441] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000800002c0
[ 1490.848907][T23441] RDX: 000000000000009f RSI: 0000000000000000 RDI: 0000000000000000
[ 1490.848914][T23441] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1490.848919][T23441] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1490.848925][T23441] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1490.848940][T23441]  </TASK>
[ 1491.538032][T15739] usb 5-1: USB disconnect, device number 78
[ 1491.565737][T23368] delete_channel: no stack
[ 1491.671627][T15747] usbhid 6-1:0.0: can't add hid device: -71
[ 1491.677894][T15747] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1491.689258][T15747] usb 6-1: USB disconnect, device number 43
[ 1491.756473][T29903] usb 2-1: new high-speed USB device number 105 using dummy_hcd
[ 1491.912086][T29903] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[ 1491.921246][T29903] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1491.932549][T29903] usb 2-1: Product: syz
[ 1491.940828][T29903] usb 2-1: Manufacturer: syz
[ 1491.947924][T29903] usb 2-1: SerialNumber: syz
[ 1491.954919][T29903] usb 2-1: config 0 descriptor??
[ 1492.023102][T23475] netlink: 28 bytes leftover after parsing attributes in process `syz.5.8267'.
[ 1492.037307][T23475] ipvlan1: entered allmulticast mode
[ 1492.042944][T23475] veth0_vlan: entered allmulticast mode
[ 1492.177264][T23447] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1492.200071][T23447] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1493.316565][T15739] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[ 1493.478240][T15739] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1493.489842][T15739] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1493.510490][T15739] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1493.526817][T15739] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1493.540837][T15739] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1493.553169][T15739] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1493.569436][T15739] usb 6-1: config 0 descriptor??
[ 1493.991607][T15739] plantronics 0003:047F:FFFF.0051: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1494.186785][T23499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1494.209939][T23499] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1494.454684][T23530] program syz.4.8275 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1494.570566][T29903] usb-storage 2-1:0.0: USB Mass Storage device detected
[ 1494.652558][T29903] usb 2-1: USB disconnect, device number 105
[ 1494.741997][   T29] audit: type=1800 audit(1771671175.429:1080): pid=23512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.8273" name="bus" dev="ramfs" ino=310166 res=0 errno=0
[ 1494.859887][T29903] usb 6-1: USB disconnect, device number 44
[ 1495.018880][T23565] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1495.036782][T23565] syzkaller0: entered promiscuous mode
[ 1495.040328][T23569] program syz.4.8279 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1495.042282][T23565] syzkaller0: entered allmulticast mode
[ 1495.208924][T23575] bond1: option ad_select: invalid value (34)
[ 1495.218218][T23575] bond1 (unregistering): Released all slaves
[ 1495.255427][T23551] tipc: Resetting bearer <eth:syzkaller0>
[ 1495.329347][T23551] tipc: Disabling bearer <eth:syzkaller0>
[ 1496.176378][T23672] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8286'.
[ 1496.876274][T29903] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[ 1496.921425][T23697] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1497.038458][T29903] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1497.051128][T29903] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1497.066319][T29903] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1497.079362][T29903] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1497.096167][T29903] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1497.106429][T29903] usb 5-1: config 0 descriptor??
[ 1497.161816][T23708] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1497.181968][T23708] tipc: Resetting bearer <eth:syzkaller0>
[ 1497.240484][T23707] tipc: Disabling bearer <eth:syzkaller0>
[ 1497.569478][T29903] plantronics 0003:047F:FFFF.0052: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1498.462672][T23755] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1498.472407][T23755] syzkaller0: entered promiscuous mode
[ 1498.478696][T23755] syzkaller0: entered allmulticast mode
[ 1498.579243][T23754] tipc: Resetting bearer <eth:syzkaller0>
[ 1498.623916][T23754] tipc: Disabling bearer <eth:syzkaller0>
[ 1499.306976][T26450] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[ 1499.317244][T26450] Bluetooth: hci3: Injecting HCI hardware error event
[ 1499.325943][ T5141] Bluetooth: hci3: hardware error 0x00
[ 1499.637293][T14581] usb 5-1: USB disconnect, device number 79
[ 1499.663565][T23788] netlink: 872 bytes leftover after parsing attributes in process `syz.4.8310'.
[ 1499.741508][T23788] netlink: 872 bytes leftover after parsing attributes in process `syz.4.8310'.
[ 1499.775363][   T29] audit: type=1326 audit(1771671180.459:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23800 comm="syz.3.8311" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff8f6c code=0x0
[ 1500.003309][T23807] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8312'.
[ 1500.313351][T23821] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1500.342858][T23821] syzkaller0: entered promiscuous mode
[ 1500.374606][T23821] syzkaller0: entered allmulticast mode
[ 1500.416973][T15739] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[ 1500.441875][T23821] tipc: Resetting bearer <eth:syzkaller0>
[ 1500.548676][T23818] tipc: Resetting bearer <eth:syzkaller0>
[ 1500.577741][T15739] usb 5-1: Using ep0 maxpacket: 16
[ 1500.578209][T23818] tipc: Disabling bearer <eth:syzkaller0>
[ 1500.662699][T23832] FAULT_INJECTION: forcing a failure.
[ 1500.662699][T23832] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1500.706329][T23832] CPU: 0 UID: 0 PID: 23832 Comm: syz.3.8316 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1500.706354][T23832] Tainted: [L]=SOFTLOCKUP
[ 1500.706359][T23832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1500.706368][T23832] Call Trace:
[ 1500.706374][T23832]  <TASK>
[ 1500.706381][T23832]  dump_stack_lvl+0xe8/0x150
[ 1500.706405][T23832]  should_fail_ex+0x412/0x560
[ 1500.706435][T23832]  _copy_to_iter+0x589/0x17d0
[ 1500.706461][T23832]  ? __pfx__copy_to_iter+0x10/0x10
[ 1500.706480][T23832]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1500.706500][T23832]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1500.706519][T23832]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1500.706536][T23832]  ? __skb_try_recv_datagram+0x3d4/0x4d0
[ 1500.706588][T23832]  __skb_datagram_iter+0xf8/0x980
[ 1500.706608][T23832]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 1500.706633][T23832]  skb_copy_datagram_iter+0xb5/0x270
[ 1500.706655][T23832]  netlink_recvmsg+0x2c3/0xa50
[ 1500.706671][T23832]  ? rcu_is_watching+0x15/0xb0
[ 1500.706695][T23832]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1500.706715][T23832]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1500.706732][T23832]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1500.706746][T23832]  ? security_socket_recvmsg+0x7e/0x2c0
[ 1500.706764][T23832]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1500.706780][T23832]  sock_recvmsg+0x22c/0x270
[ 1500.706797][T23832]  ____sys_recvmsg+0x1e6/0x4a0
[ 1500.706821][T23832]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1500.706838][T23832]  ? get_compat_msghdr+0x34b/0x4c0
[ 1500.706871][T23832]  ___sys_recvmsg+0x215/0x590
[ 1500.706892][T23832]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1500.706911][T23832]  ? ktime_get_ts64+0xa9/0x3f0
[ 1500.706925][T23832]  ? ktime_get_ts64+0xa9/0x3f0
[ 1500.706950][T23832]  ? __fget_files+0x3a0/0x420
[ 1500.706975][T23832]  do_recvmmsg+0x3a5/0x800
[ 1500.706999][T23832]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1500.707026][T23832]  ? _copy_from_user+0x94/0xb0
[ 1500.707047][T23832]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1500.707072][T23832]  __sys_recvmmsg+0x12f/0x290
[ 1500.707092][T23832]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 1500.707111][T23832]  ? ksys_write+0x242/0x270
[ 1500.707129][T23832]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[ 1500.707150][T23832]  __do_fast_syscall_32+0x20d/0x640
[ 1500.707164][T23832]  ? do_fast_syscall_32+0x33/0x70
[ 1500.707176][T23832]  ? asm_int80_emulation+0x1a/0x20
[ 1500.707189][T23832]  ? do_int80_emulation+0x274/0x4d0
[ 1500.707201][T23832]  ? trace_irq_disable+0x3b/0x150
[ 1500.707222][T23832]  do_fast_syscall_32+0x33/0x70
[ 1500.707235][T23832]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1500.707251][T23832] RIP: 0023:0xf7ff8f6c
[ 1500.707264][T23832] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1500.707275][T23832] RSP: 002b:00000000f54b650c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[ 1500.707291][T23832] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800037c0
[ 1500.707300][T23832] RDX: 00000000000003b4 RSI: 0000000002040000 RDI: 0000000080003700
[ 1500.707309][T23832] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1500.707318][T23832] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1500.707326][T23832] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1500.707345][T23832]  </TASK>
[ 1501.029334][T15739] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[ 1501.038544][T15739] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1501.048552][T15739] usb 5-1: Product: syz
[ 1501.052724][T15739] usb 5-1: Manufacturer: syz
[ 1501.060228][T15739] usb 5-1: SerialNumber: syz
[ 1501.098034][T15739] usb 5-1: config 0 descriptor??
[ 1501.396433][ T5141] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 1501.414145][T23842] hsr0: entered promiscuous mode
[ 1501.429923][T23842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8318'.
[ 1501.459346][T23842] hsr_slave_0: left promiscuous mode
[ 1501.476754][T23842] hsr_slave_1: left promiscuous mode
[ 1501.497613][T23848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8319'.
[ 1501.521083][T23842] hsr0 (unregistering): left promiscuous mode
[ 1501.537565][T23848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8319'.
[ 1501.577112][T15739] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[ 1501.592853][T15739] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1501.605219][T15739] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[ 1501.614845][T15739] usb 5-1: media controller created
[ 1501.640518][T15739] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1502.196530][T15739] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1502.203641][T15739] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[ 1502.213255][T15739] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[ 1503.003174][T15739] usb 5-1: USB disconnect, device number 80
[ 1503.028936][T15739] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[ 1503.336536][T29903] usb 2-1: new high-speed USB device number 106 using dummy_hcd
[ 1503.531879][T29903] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1503.570394][T29903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1503.600842][T29903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1503.626228][T29903] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1503.666343][T29903] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1503.678837][T29903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1503.707466][T29903] usb 2-1: config 0 descriptor??
[ 1503.764950][T23900] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1503.778712][T23900] syzkaller0: entered promiscuous mode
[ 1503.787283][T23900] syzkaller0: entered allmulticast mode
[ 1503.819287][T23900] tipc: Resetting bearer <eth:syzkaller0>
[ 1503.869697][T23898] tipc: Resetting bearer <eth:syzkaller0>
[ 1503.909611][T23898] tipc: Disabling bearer <eth:syzkaller0>
[ 1504.137092][T29903] plantronics 0003:047F:FFFF.0053: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 1504.334875][T23884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1504.349024][T23884] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1504.982131][T14581] usb 2-1: USB disconnect, device number 106
[ 1505.743331][T23960] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8337'.
[ 1505.766490][T23965] FAULT_INJECTION: forcing a failure.
[ 1505.766490][T23965] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1505.789037][T23965] CPU: 0 UID: 0 PID: 23965 Comm: syz.4.8339 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1505.789055][T23965] Tainted: [L]=SOFTLOCKUP
[ 1505.789059][T23965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1505.789065][T23965] Call Trace:
[ 1505.789070][T23965]  <TASK>
[ 1505.789075][T23965]  dump_stack_lvl+0xe8/0x150
[ 1505.789093][T23965]  should_fail_ex+0x412/0x560
[ 1505.789107][T23965]  _copy_from_user+0x2d/0xb0
[ 1505.789122][T23965]  cmsghdr_from_user_compat_to_kern+0x51b/0x810
[ 1505.789142][T23965]  ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10
[ 1505.789161][T23965]  ____sys_sendmsg+0x240/0xad0
[ 1505.789179][T23965]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1505.789199][T23965]  ___sys_sendmsg+0x2a5/0x360
[ 1505.789214][T23965]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1505.789229][T23965]  ? kstrtoull+0x12f/0x1d0
[ 1505.789251][T23965]  ? __fget_files+0x2a/0x420
[ 1505.789264][T23965]  ? __fget_files+0x3a0/0x420
[ 1505.789281][T23965]  __sys_sendmmsg+0x2e7/0x4e0
[ 1505.789298][T23965]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1505.789323][T23965]  ? fput+0xa0/0xd0
[ 1505.789336][T23965]  ? ksys_write+0x242/0x270
[ 1505.789349][T23965]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[ 1505.789363][T23965]  __do_fast_syscall_32+0x20d/0x640
[ 1505.789374][T23965]  ? do_fast_syscall_32+0x33/0x70
[ 1505.789383][T23965]  ? asm_int80_emulation+0x1a/0x20
[ 1505.789392][T23965]  ? do_int80_emulation+0x274/0x4d0
[ 1505.789401][T23965]  ? trace_irq_disable+0x3b/0x150
[ 1505.789417][T23965]  do_fast_syscall_32+0x33/0x70
[ 1505.789426][T23965]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1505.789438][T23965] RIP: 0023:0xf709ef6c
[ 1505.789449][T23965] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1505.789457][T23965] RSP: 002b:00000000f548d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[ 1505.789468][T23965] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[ 1505.789475][T23965] RDX: 0000000000000001 RSI: 000000000000ff00 RDI: 0000000000000000
[ 1505.789481][T23965] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1505.789487][T23965] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1505.789493][T23965] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1505.789506][T23965]  </TASK>
[ 1506.556660][T23865] delete_channel: no stack
[ 1507.499397][T24011] bond5: option ad_select: invalid value (34)
[ 1507.507267][T24011] bond5 (unregistering): Released all slaves
[ 1507.715425][T24090] binder: 24085:24090 ioctl 5000943a 0 returned -22
[ 1509.127746][T24111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1509.146226][T24112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1509.158021][T24111] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1509.180366][T24112] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1509.240457][T24124] netlink: 80 bytes leftover after parsing attributes in process `syz.3.8357'.
[ 1509.249747][T24123] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1509.269581][T24123] syzkaller0: entered promiscuous mode
[ 1509.286444][T24123] syzkaller0: entered allmulticast mode
[ 1509.317131][T24123] tipc: Resetting bearer <eth:syzkaller0>
[ 1509.427359][T24120] tipc: Resetting bearer <eth:syzkaller0>
[ 1509.464998][T24120] tipc: Disabling bearer <eth:syzkaller0>
[ 1509.836296][T29903] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[ 1510.027934][T29903] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1510.041709][T29903] usb 5-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1510.063150][T29903] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1510.074893][T29903] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1510.100242][T29903] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1510.176726][T29903] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1510.414830][T24174] netlink: 'syz.0.8364': attribute type 3 has an invalid length.
[ 1510.747624][T24189] FAULT_INJECTION: forcing a failure.
[ 1510.747624][T24189] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1510.771114][T24189] CPU: 0 UID: 0 PID: 24189 Comm: syz.5.8367 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1510.771143][T24189] Tainted: [L]=SOFTLOCKUP
[ 1510.771149][T24189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1510.771161][T24189] Call Trace:
[ 1510.771168][T24189]  <TASK>
[ 1510.771175][T24189]  dump_stack_lvl+0xe8/0x150
[ 1510.771195][T24189]  should_fail_ex+0x412/0x560
[ 1510.771209][T24189]  _copy_from_user+0x2d/0xb0
[ 1510.771224][T24189]  get_compat_msghdr+0xb3/0x4c0
[ 1510.771238][T24189]  ? __lock_acquire+0x6b5/0x2cf0
[ 1510.771253][T24189]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1510.771266][T24189]  ? kstrtoull+0x12f/0x1d0
[ 1510.771280][T24189]  ___sys_sendmsg+0x201/0x360
[ 1510.771297][T24189]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1510.771311][T24189]  ? get_pid_task+0x20/0x1f0
[ 1510.771320][T24189]  ? get_pid_task+0x20/0x1f0
[ 1510.771328][T24189]  ? get_pid_task+0x20/0x1f0
[ 1510.771348][T24189]  ? __fget_files+0x2a/0x420
[ 1510.771362][T24189]  ? __fget_files+0x3a0/0x420
[ 1510.771379][T24189]  __sys_sendmsg+0x183/0x260
[ 1510.771394][T24189]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1510.771417][T24189]  __do_fast_syscall_32+0x20d/0x640
[ 1510.771428][T24189]  ? do_fast_syscall_32+0x33/0x70
[ 1510.771436][T24189]  ? asm_int80_emulation+0x1a/0x20
[ 1510.771445][T24189]  ? do_int80_emulation+0x274/0x4d0
[ 1510.771456][T24189]  do_fast_syscall_32+0x33/0x70
[ 1510.771465][T24189]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1510.771478][T24189] RIP: 0023:0xf7f97f6c
[ 1510.771488][T24189] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1510.771496][T24189] RSP: 002b:00000000f545650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1510.771508][T24189] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800002c0
[ 1510.771515][T24189] RDX: 0000000024000080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1510.771521][T24189] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1510.771527][T24189] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1510.771532][T24189] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1510.771546][T24189]  </TASK>
[ 1512.365642][T24213] bond3: option ad_select: invalid value (34)
[ 1512.531559][T24213] bond3 (unregistering): Released all slaves
[ 1513.095825][T24299] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1513.103626][T24299] syzkaller0: entered promiscuous mode
[ 1513.109214][T24299] syzkaller0: entered allmulticast mode
[ 1513.199190][T24299] tipc: Resetting bearer <eth:syzkaller0>
[ 1513.394056][T24298] tipc: Resetting bearer <eth:syzkaller0>
[ 1513.426840][T24298] tipc: Disabling bearer <eth:syzkaller0>
[ 1513.779292][T29903] usb 5-1: USB disconnect, device number 81
[ 1514.249760][   T29] audit: type=1326 audit(1771671194.939:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24337 comm="syz.1.8378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 1514.276325][   T29] audit: type=1326 audit(1771671194.939:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24337 comm="syz.1.8378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 1514.307422][   T29] audit: type=1326 audit(1771671194.969:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24337 comm="syz.1.8378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=275 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 1514.336597][   T29] audit: type=1326 audit(1771671194.969:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24337 comm="syz.1.8378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 1514.362969][   T29] audit: type=1326 audit(1771671194.969:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24337 comm="syz.1.8378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 1514.430696][   T29] audit: type=1326 audit(1771671194.999:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24337 comm="syz.1.8378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf71e5b6b code=0x7ffc0000
[ 1514.456704][   T29] audit: type=1326 audit(1771671194.999:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24337 comm="syz.1.8378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 1514.473404][T24140] delete_channel: no stack
[ 1514.479095][   T29] audit: type=1326 audit(1771671194.999:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24337 comm="syz.1.8378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=91 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 1514.479145][   T29] audit: type=1326 audit(1771671194.999:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24337 comm="syz.1.8378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=91 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 1514.479179][   T29] audit: type=1326 audit(1771671194.999:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24337 comm="syz.1.8378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 1514.692130][T24347] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1514.713125][T24347] syzkaller0: entered promiscuous mode
[ 1514.726810][T24347] syzkaller0: entered allmulticast mode
[ 1514.804414][T24347] tipc: Resetting bearer <eth:syzkaller0>
[ 1514.816994][T24346] tipc: Resetting bearer <eth:syzkaller0>
[ 1514.880590][T24346] tipc: Disabling bearer <eth:syzkaller0>
[ 1514.924007][T24358] netlink: 'syz.4.8384': attribute type 1 has an invalid length.
[ 1515.026020][T24358] bond1: entered promiscuous mode
[ 1515.072166][T24358] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1515.139079][T24362] bond1: (slave bridge2): making interface the new active one
[ 1515.166944][T24358] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8384'.
[ 1515.175985][T24362] bridge2: entered promiscuous mode
[ 1515.218754][T24362] bond1: (slave bridge2): Enslaving as an active interface with an up link
[ 1516.426457][ T5141] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[ 1516.435349][ T5141] Bluetooth: hci1: Injecting HCI hardware error event
[ 1516.444549][ T5141] Bluetooth: hci1: hardware error 0x00
[ 1517.297543][T24454] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1517.776268][T14581] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[ 1517.937003][T14581] usb 2-1: Using ep0 maxpacket: 16
[ 1518.006351][T14581] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8
[ 1518.031998][T14581] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1518.042218][T14581] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1518.056326][T14581] usb 2-1: Product: syz
[ 1518.060496][T14581] usb 2-1: Manufacturer: syz
[ 1518.066815][T14581] usb 2-1: SerialNumber: syz
[ 1518.073055][T14581] usb 2-1: config 0 descriptor??
[ 1518.085977][T14581] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[ 1518.095578][T14581] usb 2-1: Detected FT232R
[ 1518.272400][T24417] delete_channel: no stack
[ 1518.282574][T14581] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[ 1518.506294][ T5141] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 1518.510401][T14581] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1518.772785][T14581] usb 2-1: USB disconnect, device number 107
[ 1518.784843][T14581] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1518.813120][T14581] ftdi_sio 2-1:0.0: device disconnected
[ 1519.608926][T24525] syzkaller0: entered promiscuous mode
[ 1519.626313][T24525] syzkaller0: entered allmulticast mode
[ 1520.916276][T14581] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[ 1521.068020][T14581] usb 5-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice= 3.90
[ 1521.078085][T14581] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1521.102078][T14581] usb 5-1: config 0 descriptor??
[ 1521.114297][T14581] bfusb 5-1:0.0: probe with driver bfusb failed with error -5
[ 1521.138188][T24558] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1521.150687][T24531] delete_channel: no stack
[ 1521.167277][T24554] syzkaller0: entered promiscuous mode
[ 1521.180964][T24554] syzkaller0: entered allmulticast mode
[ 1521.268852][T24554] tipc: Resetting bearer <eth:syzkaller0>
[ 1521.313808][T15739] usb 5-1: USB disconnect, device number 82
[ 1521.439564][T24553] tipc: Resetting bearer <eth:syzkaller0>
[ 1521.541099][T24553] tipc: Disabling bearer <eth:syzkaller0>
[ 1521.976653][T24589] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1522.015970][T24596] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1522.030177][T24596] syzkaller0: entered promiscuous mode
[ 1522.035985][T24596] syzkaller0: entered allmulticast mode
[ 1522.097071][T24596] tipc: Resetting bearer <eth:syzkaller0>
[ 1522.129900][T24595] tipc: Resetting bearer <eth:syzkaller0>
[ 1522.173725][T24595] tipc: Disabling bearer <eth:syzkaller0>
[ 1522.612954][ T5191] Dev loop9: unable to read RDB block 7
[ 1522.618659][ T5191]  loop9: unable to read partition table
[ 1522.631198][ T5191] loop9: partition table beyond EOD, truncated
[ 1523.216221][T29903] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[ 1523.226575][T15747] usb 2-1: new full-speed USB device number 108 using dummy_hcd
[ 1523.366212][T29903] usb 6-1: Using ep0 maxpacket: 32
[ 1523.374184][T29903] usb 6-1: config 0 has an invalid interface number: 126 but max is 0
[ 1523.383397][T29903] usb 6-1: config 0 has no interface number 0
[ 1523.427136][T29903] usb 6-1: New USB device found, idVendor=0a46, idProduct=9601, bcdDevice=e5.ac
[ 1523.436479][T29903] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1523.444910][T29903] usb 6-1: Product: syz
[ 1523.455802][T29903] usb 6-1: Manufacturer: syz
[ 1523.462358][T29903] usb 6-1: SerialNumber: syz
[ 1523.468871][T29903] usb 6-1: config 0 descriptor??
[ 1523.487215][T15747] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1523.495274][T15747] usb 2-1: config 0 has no interface number 0
[ 1523.510365][T15747] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1523.521682][T15747] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1523.534135][T24646] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8423'.
[ 1523.534559][T24647] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.8423'.
[ 1523.545783][T15747] usb 2-1: config 0 descriptor??
[ 1523.571962][T15747] usb 2-1: selecting invalid altsetting 1
[ 1523.578565][T15747] dvb_ttusb_budget: ttusb_init_controller: error
[ 1523.582316][T24647] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 1523.587070][T15747] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1523.666831][T15747] DVB: Unable to find symbol cx22700_attach()
[ 1523.717985][T15747] DVB: Unable to find symbol tda10046_attach()
[ 1523.727838][T15747] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1523.812186][T24624] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1523.836344][T24624] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1523.862957][T15739] usb 2-1: USB disconnect, device number 108
[ 1524.006288][T15747] usb 5-1: new low-speed USB device number 83 using dummy_hcd
[ 1524.180664][T15747] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1524.190162][T15747] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1524.200427][T15747] usb 5-1: config 1 interface 0 has no altsetting 0
[ 1524.211509][T15747] usb 5-1: string descriptor 0 read error: -22
[ 1524.219198][T15747] usb 5-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40
[ 1524.236295][T15747] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1524.894669][T24662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1524.904393][T24662] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1524.915225][T24662] netlink: 68 bytes leftover after parsing attributes in process `syz.4.8426'.
[ 1524.981775][T24701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1525.006695][T24701] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1525.636311][T29903] dm9601 6-1:0.126: probe with driver dm9601 failed with error -22
[ 1525.653467][T29903] usb 6-1: USB disconnect, device number 45
[ 1526.784734][T29903] usb 5-1: USB disconnect, device number 83
[ 1527.047113][T24740] FAULT_INJECTION: forcing a failure.
[ 1527.047113][T24740] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1527.064847][T24740] CPU: 1 UID: 0 PID: 24740 Comm: syz.4.8435 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1527.064874][T24740] Tainted: [L]=SOFTLOCKUP
[ 1527.064880][T24740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1527.064890][T24740] Call Trace:
[ 1527.064897][T24740]  <TASK>
[ 1527.064904][T24740]  dump_stack_lvl+0xe8/0x150
[ 1527.064937][T24740]  should_fail_ex+0x412/0x560
[ 1527.064962][T24740]  _copy_from_iter+0x1d3/0x1670
[ 1527.064986][T24740]  ? rcu_is_watching+0x15/0xb0
[ 1527.065011][T24740]  ? __pfx__copy_from_iter+0x10/0x10
[ 1527.065037][T24740]  ? netlink_sendmsg+0x650/0xb40
[ 1527.065055][T24740]  ? skb_put+0x11b/0x210
[ 1527.065079][T24740]  netlink_sendmsg+0x6c0/0xb40
[ 1527.065106][T24740]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1527.065129][T24740]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1527.065151][T24740]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1527.065172][T24740]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1527.065190][T24740]  ____sys_sendmsg+0xa68/0xad0
[ 1527.065221][T24740]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1527.065249][T24740]  ? kstrtoull+0x12f/0x1d0
[ 1527.065275][T24740]  ___sys_sendmsg+0x2a5/0x360
[ 1527.065300][T24740]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1527.065325][T24740]  ? get_pid_task+0x20/0x1f0
[ 1527.065341][T24740]  ? get_pid_task+0x20/0x1f0
[ 1527.065355][T24740]  ? get_pid_task+0x20/0x1f0
[ 1527.065387][T24740]  ? __fget_files+0x2a/0x420
[ 1527.065408][T24740]  ? __fget_files+0x3a0/0x420
[ 1527.065437][T24740]  __sys_sendmsg+0x183/0x260
[ 1527.065462][T24740]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1527.065503][T24740]  __do_fast_syscall_32+0x20d/0x640
[ 1527.065521][T24740]  ? do_fast_syscall_32+0x33/0x70
[ 1527.065536][T24740]  ? asm_int80_emulation+0x1a/0x20
[ 1527.065552][T24740]  ? do_int80_emulation+0x274/0x4d0
[ 1527.065567][T24740]  ? trace_irq_disable+0x3b/0x150
[ 1527.065591][T24740]  do_fast_syscall_32+0x33/0x70
[ 1527.065606][T24740]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1527.065625][T24740] RIP: 0023:0xf709ef6c
[ 1527.065639][T24740] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1527.065652][T24740] RSP: 002b:00000000f548d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1527.065669][T24740] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[ 1527.065680][T24740] RDX: 0000000020040004 RSI: 0000000000000000 RDI: 0000000000000000
[ 1527.065689][T24740] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1527.065699][T24740] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1527.065709][T24740] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1527.065732][T24740]  </TASK>
[ 1527.631860][T24748] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1527.641219][T24748] syzkaller0: entered promiscuous mode
[ 1527.651880][T24748] syzkaller0: entered allmulticast mode
[ 1527.729403][T24748] tipc: Resetting bearer <eth:syzkaller0>
[ 1527.825529][T24756] netlink: 830 bytes leftover after parsing attributes in process `syz.3.8439'.
[ 1527.838774][T24747] tipc: Resetting bearer <eth:syzkaller0>
[ 1527.974738][T24766] trusted_key: encrypted_key: insufficient parameters specified
[ 1527.990725][T24747] tipc: Disabling bearer <eth:syzkaller0>
[ 1528.016790][T24762] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1528.030342][T24762] syzkaller0: entered promiscuous mode
[ 1528.036910][T24762] syzkaller0: entered allmulticast mode
[ 1528.048801][T24762] tipc: Resetting bearer <eth:syzkaller0>
[ 1528.065186][T24761] tipc: Resetting bearer <eth:syzkaller0>
[ 1528.104680][T24761] tipc: Disabling bearer <eth:syzkaller0>
[ 1528.144386][T24682] delete_channel: no stack
[ 1529.376243][T14581] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[ 1529.539779][T14581] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1529.551426][T14581] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1529.564050][T14581] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1529.581413][T14581] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1529.598116][T14581] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1529.613566][T14581] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1529.628668][T14581] usb 6-1: config 0 descriptor??
[ 1530.062435][T14581] plantronics 0003:047F:FFFF.0054: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1530.282507][T24808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1530.333072][T24808] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1530.804860][T24844] usb usb8: usbfs: process 24844 (syz.1.8451) did not claim interface 0 before use
[ 1531.033855][T15739] usb 6-1: USB disconnect, device number 46
[ 1531.661185][T24867] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1531.679531][T24867] syzkaller0: entered promiscuous mode
[ 1531.705339][T24867] syzkaller0: entered allmulticast mode
[ 1531.907754][T24867] tipc: Resetting bearer <eth:syzkaller0>
[ 1531.923039][T24879] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1531.931908][T24882] netlink: 52 bytes leftover after parsing attributes in process `syz.1.8458'.
[ 1532.023518][T24866] tipc: Resetting bearer <eth:syzkaller0>
[ 1532.042860][T24887] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8460'.
[ 1532.062047][T24887] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8460'.
[ 1532.086702][T24866] tipc: Disabling bearer <eth:syzkaller0>
[ 1532.326235][T15739] usb 6-1: new full-speed USB device number 47 using dummy_hcd
[ 1532.489013][T15739] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1532.499484][T15739] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1532.520300][T15739] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[ 1532.531248][T15739] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1532.539340][T15739] usb 6-1: SerialNumber: syz
[ 1532.558970][T15739] usb 6-1: 0:2 : does not exist
[ 1533.063550][T24913] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8464'.
[ 1533.113355][T24913] netlink: 168 bytes leftover after parsing attributes in process `syz.1.8464'.
[ 1533.153116][T24913] netlink: 164 bytes leftover after parsing attributes in process `syz.1.8464'.
[ 1533.340580][T24916] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8465'.
[ 1534.444878][T24932] FAULT_INJECTION: forcing a failure.
[ 1534.444878][T24932] name failslab, interval 1, probability 0, space 0, times 0
[ 1534.486233][T24932] CPU: 0 UID: 0 PID: 24932 Comm: syz.1.8470 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1534.486261][T24932] Tainted: [L]=SOFTLOCKUP
[ 1534.486267][T24932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1534.486277][T24932] Call Trace:
[ 1534.486284][T24932]  <TASK>
[ 1534.486290][T24932]  dump_stack_lvl+0xe8/0x150
[ 1534.486309][T24932]  should_fail_ex+0x412/0x560
[ 1534.486329][T24932]  should_failslab+0xa8/0x100
[ 1534.486349][T24932]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 1534.486376][T24932]  ? __alloc_skb+0x186/0x7d0
[ 1534.486395][T24932]  ? __alloc_skb+0x1d0/0x7d0
[ 1534.486413][T24932]  ? __local_bh_enable_ip+0xd0/0x130
[ 1534.486438][T24932]  __alloc_skb+0x1d0/0x7d0
[ 1534.486452][T24932]  netlink_sendmsg+0x5d4/0xb40
[ 1534.486475][T24932]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1534.486488][T24932]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1534.486509][T24932]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1534.486529][T24932]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1534.486549][T24932]  ____sys_sendmsg+0xa68/0xad0
[ 1534.486569][T24932]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1534.486584][T24932]  ? kstrtoull+0x12f/0x1d0
[ 1534.486598][T24932]  ___sys_sendmsg+0x2a5/0x360
[ 1534.486614][T24932]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1534.486629][T24932]  ? get_pid_task+0x20/0x1f0
[ 1534.486638][T24932]  ? get_pid_task+0x20/0x1f0
[ 1534.486648][T24932]  ? get_pid_task+0x20/0x1f0
[ 1534.486686][T24932]  ? __fget_files+0x2a/0x420
[ 1534.486709][T24932]  ? __fget_files+0x3a0/0x420
[ 1534.486732][T24932]  __sys_sendmsg+0x183/0x260
[ 1534.486747][T24932]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1534.486769][T24932]  __do_fast_syscall_32+0x20d/0x640
[ 1534.486780][T24932]  ? do_fast_syscall_32+0x33/0x70
[ 1534.486789][T24932]  ? asm_int80_emulation+0x1a/0x20
[ 1534.486803][T24932]  ? do_int80_emulation+0x274/0x4d0
[ 1534.486818][T24932]  ? trace_irq_disable+0x3b/0x150
[ 1534.486845][T24932]  do_fast_syscall_32+0x33/0x70
[ 1534.486863][T24932]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1534.486881][T24932] RIP: 0023:0xf70aef6c
[ 1534.486892][T24932] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1534.486900][T24932] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1534.486916][T24932] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000200
[ 1534.486928][T24932] RDX: 0000000004040044 RSI: 0000000000000000 RDI: 0000000000000000
[ 1534.486938][T24932] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1534.486948][T24932] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1534.486958][T24932] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1534.486980][T24932]  </TASK>
[ 1535.324207][T15739] usb 6-1: USB disconnect, device number 47
[ 1535.852162][T24972] netlink: 'syz.1.8476': attribute type 13 has an invalid length.
[ 1535.860726][T24971] netlink: 'syz.1.8476': attribute type 13 has an invalid length.
[ 1535.968113][T24980] bridge_slave_1: default FDB implementation only supports local addresses
[ 1536.229734][T24816] delete_channel: no stack
[ 1536.985520][T25011] kAFS: unable to lookup cell '('
[ 1537.558383][T25025] netlink: 'syz.5.8488': attribute type 2 has an invalid length.
[ 1537.610210][T25025] : entered promiscuous mode
[ 1537.781376][T25038] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8492'.
[ 1537.815556][T25040] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1537.824960][T25038] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8492'.
[ 1537.835127][T25040] syzkaller0: entered promiscuous mode
[ 1537.841187][T25038] FAULT_INJECTION: forcing a failure.
[ 1537.841187][T25038] name failslab, interval 1, probability 0, space 0, times 0
[ 1537.846274][T25040] syzkaller0: entered allmulticast mode
[ 1537.856999][T25038] CPU: 1 UID: 0 PID: 25038 Comm: syz.5.8492 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1537.857024][T25038] Tainted: [L]=SOFTLOCKUP
[ 1537.857031][T25038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1537.857041][T25038] Call Trace:
[ 1537.857048][T25038]  <TASK>
[ 1537.857055][T25038]  dump_stack_lvl+0xe8/0x150
[ 1537.857083][T25038]  should_fail_ex+0x412/0x560
[ 1537.857108][T25038]  should_failslab+0xa8/0x100
[ 1537.857130][T25038]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 1537.857158][T25038]  ? __alloc_skb+0x1d0/0x7d0
[ 1537.857177][T25038]  ? __local_bh_enable_ip+0xd0/0x130
[ 1537.857203][T25038]  __alloc_skb+0x1d0/0x7d0
[ 1537.857227][T25038]  xfrm_send_policy_notify+0x297/0x1bf0
[ 1537.857257][T25038]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1537.857279][T25038]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1537.857304][T25038]  ? __pfx_xfrm_send_policy_notify+0x10/0x10
[ 1537.857337][T25038]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1537.857360][T25038]  ? __local_bh_enable_ip+0xd0/0x130
[ 1537.857379][T25038]  ? km_policy_notify+0x28/0x200
[ 1537.857397][T25038]  ? __pfx_xfrm_send_policy_notify+0x10/0x10
[ 1537.857422][T25038]  km_policy_notify+0x121/0x200
[ 1537.857438][T25038]  ? km_policy_notify+0x28/0x200
[ 1537.857457][T25038]  xfrm_add_policy+0x4ef/0x820
[ 1537.857480][T25038]  ? __pfx_xfrm_add_policy+0x10/0x10
[ 1537.857504][T25038]  ? __nla_parse+0x40/0x60
[ 1537.857530][T25038]  xfrm_user_rcv_msg+0x746/0xb20
[ 1537.857553][T25038]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 1537.857601][T25038]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1537.857629][T25038]  ? rcu_is_watching+0x15/0xb0
[ 1537.857650][T25038]  ? trace_contention_end+0x3d/0x150
[ 1537.857675][T25038]  ? __mutex_lock+0x319/0x1300
[ 1537.857705][T25038]  netlink_rcv_skb+0x232/0x4b0
[ 1537.857726][T25038]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 1537.857746][T25038]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1537.857777][T25038]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1537.857796][T25038]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1537.857817][T25038]  xfrm_netlink_rcv+0x79/0x90
[ 1537.857836][T25038]  netlink_unicast+0x80f/0x9b0
[ 1537.857862][T25038]  ? __pfx_netlink_unicast+0x10/0x10
[ 1537.857881][T25038]  ? netlink_sendmsg+0x650/0xb40
[ 1537.857904][T25038]  ? skb_put+0x11b/0x210
[ 1537.857928][T25038]  netlink_sendmsg+0x813/0xb40
[ 1537.857956][T25038]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1537.857978][T25038]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1537.858000][T25038]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1537.858019][T25038]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1537.858038][T25038]  ____sys_sendmsg+0xa68/0xad0
[ 1537.858070][T25038]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1537.858097][T25038]  ? kstrtoull+0x12f/0x1d0
[ 1537.858122][T25038]  ___sys_sendmsg+0x2a5/0x360
[ 1537.858150][T25038]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1537.858174][T25038]  ? get_pid_task+0x20/0x1f0
[ 1537.858190][T25038]  ? get_pid_task+0x20/0x1f0
[ 1537.858203][T25038]  ? get_pid_task+0x20/0x1f0
[ 1537.858243][T25038]  ? __fget_files+0x2a/0x420
[ 1537.858264][T25038]  ? __fget_files+0x3a0/0x420
[ 1537.858296][T25038]  __sys_sendmsg+0x183/0x260
[ 1537.858321][T25038]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1537.858364][T25038]  __do_fast_syscall_32+0x20d/0x640
[ 1537.858381][T25038]  ? do_fast_syscall_32+0x33/0x70
[ 1537.858397][T25038]  ? asm_int80_emulation+0x1a/0x20
[ 1537.858413][T25038]  ? do_int80_emulation+0x274/0x4d0
[ 1537.858428][T25038]  ? trace_irq_disable+0x3b/0x150
[ 1537.858454][T25038]  do_fast_syscall_32+0x33/0x70
[ 1537.858471][T25038]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1537.858491][T25038] RIP: 0023:0xf7f97f6c
[ 1537.858507][T25038] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1537.858521][T25038] RSP: 002b:00000000f545650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1537.858540][T25038] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000180
[ 1537.858552][T25038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1537.858561][T25038] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1537.858571][T25038] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1537.858581][T25038] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1537.858607][T25038]  </TASK>
[ 1538.702248][T25044] macsec0: entered promiscuous mode
[ 1538.710228][T25046] macsec0: left promiscuous mode
[ 1538.733913][T25040] tipc: Resetting bearer <eth:syzkaller0>
[ 1538.741435][T25039] tipc: Resetting bearer <eth:syzkaller0>
[ 1538.787148][T25039] tipc: Disabling bearer <eth:syzkaller0>
[ 1538.846353][T15747] usb 2-1: new high-speed USB device number 109 using dummy_hcd
[ 1538.996249][T15747] usb 2-1: device descriptor read/64, error -71
[ 1539.176833][T15750] usb 5-1: new full-speed USB device number 84 using dummy_hcd
[ 1539.237216][T15747] usb 2-1: new high-speed USB device number 110 using dummy_hcd
[ 1539.366490][T15747] usb 2-1: device descriptor read/64, error -71
[ 1539.476651][T15747] usb usb2-port1: attempt power cycle
[ 1539.816336][T15747] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[ 1539.846858][T15747] usb 2-1: device descriptor read/8, error -71
[ 1540.086261][T15747] usb 2-1: new high-speed USB device number 112 using dummy_hcd
[ 1540.106934][T15747] usb 2-1: device descriptor read/8, error -71
[ 1540.218013][T15747] usb usb2-port1: unable to enumerate USB device
[ 1540.478427][T25092] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8501'.
[ 1542.304646][T26450] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1542.315568][T26450] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1542.323605][T26450] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1542.331522][T26450] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1542.339450][T26450] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1542.570590][T25140] chnl_net:caif_netlink_parms(): no params data found
[ 1542.642135][   T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1542.656244][T15739] usb 2-1: new full-speed USB device number 113 using dummy_hcd
[ 1542.711901][T25140] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1542.719253][T25140] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1542.734711][T25140] bridge_slave_0: entered allmulticast mode
[ 1542.741909][T25140] bridge_slave_0: entered promiscuous mode
[ 1542.763098][   T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1542.781840][T25140] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1542.789329][T25140] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1542.796676][T25140] bridge_slave_1: entered allmulticast mode
[ 1542.803694][T25140] bridge_slave_1: entered promiscuous mode
[ 1542.820524][T15739] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1542.834502][T15739] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1542.847968][T15739] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1542.866282][T15739] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1542.885394][T15739] usbtmc 2-1:16.0: bulk endpoints not found
[ 1542.919919][   T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1542.939942][T25140] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1542.991202][T25140] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1543.013453][   T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1543.062261][T25140] team0: Port device team_slave_0 added
[ 1543.084493][T25140] team0: Port device team_slave_1 added
[ 1543.138586][T25140] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1543.145554][T25140] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1543.174686][T25140] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1543.236807][T25140] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1543.244399][T25140] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1543.279486][T25140] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1543.589820][   T35] bond1 (unregistering): (slave bridge2): Releasing backup interface
[ 1543.598177][   T35] bridge2 (unregistering): left promiscuous mode
[ 1543.630047][   T35] bond0 (unregistering): Released all slaves
[ 1543.640500][   T35] bond1 (unregistering): Released all slaves
[ 1543.659470][T25140] hsr_slave_0: entered promiscuous mode
[ 1543.667905][T25140] hsr_slave_1: entered promiscuous mode
[ 1543.675585][T25140] debugfs: 'hsr0' already exists in 'hsr'
[ 1543.683677][T25140] Cannot create hsr debugfs directory
[ 1543.773119][   T35] tipc: Disabling bearer <udp:syz2>
[ 1543.779023][   T35] tipc: Left network mode
[ 1544.239660][   T35] hsr_slave_0: left promiscuous mode
[ 1544.245937][   T35] hsr_slave_1: left promiscuous mode
[ 1544.253453][   T35] batadv0: left allmulticast mode
[ 1544.268914][T15739] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[ 1544.276716][   T35] batadv0: left promiscuous mode
[ 1544.348082][   T35] pim6reg (unregistering): left allmulticast mode
[ 1544.436639][ T5141] Bluetooth: hci4: command tx timeout
[ 1544.444495][T15739] usb 6-1: Using ep0 maxpacket: 32
[ 1544.455508][T15739] usb 6-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c
[ 1544.465206][T15739] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1544.485622][T15739] usb 6-1: Product: syz
[ 1544.490723][T15739] usb 6-1: Manufacturer: syz
[ 1544.495330][T15739] usb 6-1: SerialNumber: syz
[ 1544.520089][T15739] usb 6-1: config 0 descriptor??
[ 1544.529054][T15739] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state.
[ 1544.538878][T15739] dw2102: su3000_power_ctrl: 1, initialized 0
[ 1544.544966][T15739] dvb-usb: bulk message failed: -22 (2/0)
[ 1544.564991][T15739] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1544.577002][T15739] dvbdev: DVB: registering new adapter (Hauppauge MAX S2 or WinTV NOVA HD USB2.0)
[ 1544.592074][T15739] usb 6-1: media controller created
[ 1544.597649][T15739] dvb-usb: bulk message failed: -22 (6/0)
[ 1544.603402][T15739] dw2102: i2c transfer failed.
[ 1544.609034][T15739] dvb-usb: bulk message failed: -22 (6/0)
[ 1544.614799][T15739] dw2102: i2c transfer failed.
[ 1544.621307][T15739] dvb-usb: bulk message failed: -22 (6/0)
[ 1544.628313][T15739] dw2102: i2c transfer failed.
[ 1544.633627][T15739] dvb-usb: bulk message failed: -22 (6/0)
[ 1544.641400][T15739] dw2102: i2c transfer failed.
[ 1544.646839][T15739] dvb-usb: bulk message failed: -22 (6/0)
[ 1544.652602][T15739] dw2102: i2c transfer failed.
[ 1544.660574][T15739] dvb-usb: bulk message failed: -22 (6/0)
[ 1544.670244][T15739] dw2102: i2c transfer failed.
[ 1544.675023][T15739] dvb-usb: MAC address: 02:02:02:02:02:02
[ 1544.698614][T15739] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1544.751563][T15739] dvb-usb: bulk message failed: -22 (3/0)
[ 1544.766284][T15739] dw2102: command 0x0e transfer failed.
[ 1544.781420][T15739] dvb-usb: bulk message failed: -22 (3/0)
[ 1544.795325][T15739] dw2102: command 0x0e transfer failed.
[ 1545.126344][T15739] dvb-usb: bulk message failed: -22 (3/0)
[ 1545.132097][T15739] dw2102: command 0x0e transfer failed.
[ 1545.156262][T25140] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1545.163073][T15739] dvb-usb: bulk message failed: -22 (3/0)
[ 1545.169482][T15739] dw2102: command 0x0e transfer failed.
[ 1545.175236][T15739] dvb-usb: bulk message failed: -22 (1/0)
[ 1545.199735][T15739] dw2102: command 0x51 transfer failed.
[ 1545.217310][T25140] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1545.236180][T25439] dvb-usb: bulk message failed: -22 (3/0)
[ 1545.248143][T25140] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1545.292119][T15739] DVB: Unable to find symbol ds3000_attach()
[ 1545.319099][T25140] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1545.330715][T15739] dvb-usb: no frontend was attached by 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0'
[ 1545.358067][T25439] dw2102: i2c transfer failed.
[ 1545.376730][T25439] dvb-usb: bulk message failed: -22 (3/0)
[ 1545.386628][T25439] dw2102: i2c transfer failed.
[ 1545.504382][T15739] rc_core: IR keymap rc-su3000 not found
[ 1545.512176][T15739] Registered IR keymap rc-empty
[ 1545.529470][T15739] rc rc0: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0
[ 1545.558349][T15750] usb 2-1: USB disconnect, device number 113
[ 1545.560672][T15739] input: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input177
[ 1545.645264][T15739] dvb-usb: schedule remote query interval to 150 msecs.
[ 1545.656105][T25140] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1545.662985][T15739] dw2102: su3000_power_ctrl: 0, initialized 1
[ 1545.675367][T15739] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 successfully initialized and connected.
[ 1545.693446][T25140] 8021q: adding VLAN 0 to HW filter on device team0
[ 1545.726713][T15739] usb 6-1: USB disconnect, device number 48
[ 1545.744215][T12373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1545.751381][T12373] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1545.804862][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1545.811990][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1545.876861][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1545.883186][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1545.953330][T25544] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1545.972017][T25544] syzkaller0: entered promiscuous mode
[ 1545.987625][T15739] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2. successfully deinitialized and disconnected.
[ 1546.024561][T25544] syzkaller0: entered allmulticast mode
[ 1546.181172][T25140] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1546.223153][T25544] tipc: Resetting bearer <eth:syzkaller0>
[ 1546.291072][T25140] veth0_vlan: entered promiscuous mode
[ 1546.324112][T25140] veth1_vlan: entered promiscuous mode
[ 1546.378831][T25540] tipc: Resetting bearer <eth:syzkaller0>
[ 1546.430747][T25540] tipc: Disabling bearer <eth:syzkaller0>
[ 1546.459548][T25140] veth0_macvtap: entered promiscuous mode
[ 1546.474792][T25140] veth1_macvtap: entered promiscuous mode
[ 1546.516419][ T5141] Bluetooth: hci4: command tx timeout
[ 1546.538930][T25140] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1546.564134][T25140] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1546.598469][   T71] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1546.607524][T21766] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1546.632760][T21766] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1546.670956][T21766] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1546.813595][   T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1546.814048][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1546.832632][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1546.838569][   T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1546.965737][T25600] bond_slave_0: entered promiscuous mode
[ 1546.971446][T25600] bond_slave_1: entered promiscuous mode
[ 1546.983661][T25600] macvtap1: entered promiscuous mode
[ 1546.991419][T25600] bond0: entered promiscuous mode
[ 1547.001745][T25600] macvtap1: entered allmulticast mode
[ 1547.009474][T25600] bond0: entered allmulticast mode
[ 1547.017079][T25600] bond_slave_0: entered allmulticast mode
[ 1547.024746][T25600] bond_slave_1: entered allmulticast mode
[ 1547.056789][T25600] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1547.067849][T25600] bond0: left allmulticast mode
[ 1547.072900][T25600] bond_slave_0: left allmulticast mode
[ 1547.079092][T25600] bond_slave_1: left allmulticast mode
[ 1547.085719][T25600] bond0: left promiscuous mode
[ 1547.092198][T25600] bond_slave_0: left promiscuous mode
[ 1547.097631][T25600] bond_slave_1: left promiscuous mode
[ 1547.157220][T25607] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8522'.
[ 1547.411808][T25618] ref_tracker: memory allocation failure, unreliable refcount tracker.
[ 1547.465142][T15750] IPVS: starting estimator thread 0...
[ 1547.471951][T25618] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1547.566258][T15739] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[ 1547.574331][T25624] IPVS: using max 30 ests per chain, 72000 per kthread
[ 1547.736338][T15739] usb 5-1: Using ep0 maxpacket: 16
[ 1547.748660][T15739] usb 5-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1547.762717][T15739] usb 5-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1547.776531][T15739] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1547.790401][T15739] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1547.924491][T25639] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8529'.
[ 1547.940443][T25639] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1547.952288][T25639] tmpfs: Unknown parameter 'ÿÿÿÿÿÿÿÿ'
[ 1548.211648][T15739] mcp2221 0003:04D8:00DD.0055: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[ 1548.431562][T15739] usb 5-1: USB disconnect, device number 85
[ 1548.596838][ T5141] Bluetooth: hci4: command tx timeout
[ 1549.442916][T25710] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1549.461523][T25710] syzkaller0: entered promiscuous mode
[ 1549.476674][T25710] syzkaller0: entered allmulticast mode
[ 1549.503940][T25710] tipc: Resetting bearer <eth:syzkaller0>
[ 1549.509758][T15747] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[ 1549.530896][T25709] tipc: Resetting bearer <eth:syzkaller0>
[ 1549.562703][T25709] tipc: Disabling bearer <eth:syzkaller0>
[ 1549.666733][T15747] usb 5-1: Using ep0 maxpacket: 32
[ 1549.679871][T15747] usb 5-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c
[ 1549.689275][T15747] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1549.699199][T15747] usb 5-1: Product: syz
[ 1549.719471][T15747] usb 5-1: Manufacturer: syz
[ 1549.726331][T15747] usb 5-1: SerialNumber: syz
[ 1549.738832][T15747] usb 5-1: config 0 descriptor??
[ 1549.758624][T15747] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state.
[ 1549.776328][T15747] dw2102: su3000_power_ctrl: 1, initialized 0
[ 1549.786511][T15747] dvb-usb: bulk message failed: -22 (2/0)
[ 1549.794952][T15747] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1549.807197][T15747] dvbdev: DVB: registering new adapter (Hauppauge MAX S2 or WinTV NOVA HD USB2.0)
[ 1549.817073][T15747] usb 5-1: media controller created
[ 1549.826581][T15747] dvb-usb: bulk message failed: -22 (6/0)
[ 1549.832390][T15747] dw2102: i2c transfer failed.
[ 1549.837244][T15747] dvb-usb: bulk message failed: -22 (6/0)
[ 1549.843121][T15747] dw2102: i2c transfer failed.
[ 1549.849710][T15747] dvb-usb: bulk message failed: -22 (6/0)
[ 1549.857139][T15747] dw2102: i2c transfer failed.
[ 1549.864328][T15747] dvb-usb: bulk message failed: -22 (6/0)
[ 1549.874201][T15747] dw2102: i2c transfer failed.
[ 1549.880900][T15747] dvb-usb: bulk message failed: -22 (6/0)
[ 1549.889641][T15747] dw2102: i2c transfer failed.
[ 1549.895171][T15747] dvb-usb: bulk message failed: -22 (6/0)
[ 1549.903141][T15747] dw2102: i2c transfer failed.
[ 1549.909643][T15747] dvb-usb: MAC address: 02:02:02:02:02:02
[ 1549.931246][T15747] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1549.955098][T25705] dvb-usb: bulk message failed: -22 (3/0)
[ 1549.962591][T25705] dw2102: i2c transfer failed.
[ 1549.971468][T25705] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI
[ 1549.983358][T25705] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
[ 1549.991790][T25705] CPU: 1 UID: 0 PID: 25705 Comm: syz.4.8541 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1550.002730][T25705] Tainted: [L]=SOFTLOCKUP
[ 1550.007058][T25705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1550.017112][T25705] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0
[ 1550.023017][T25705] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 3d a9 39 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42
[ 1550.042627][T25705] RSP: 0000:ffffc90003a279d0 EFLAGS: 00010202
[ 1550.048708][T25705] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003
[ 1550.056667][T25705] RDX: ffffffff87f60c05 RSI: ffffffff8f7688b0 RDI: 0000000000001900
[ 1550.064627][T25705] RBP: 0000000000000001 R08: ffff888052210000 R09: 0000000000000002
[ 1550.072579][T25705] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000
[ 1550.080534][T25705] R13: 1ffff11006a3c6aa R14: 0000000000000002 R15: ffff8880351e3558
[ 1550.088491][T25705] FS:  0000000000000000(0000) GS:ffff888125566000(0063) knlGS:00000000f5486b40
[ 1550.097406][T25705] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 1550.103975][T25705] CR2: 00000000f547cda4 CR3: 000000003a3a6000 CR4: 00000000003526f0
[ 1550.111932][T25705] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[ 1550.119887][T25705] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1550.127843][T25705] Call Trace:
[ 1550.131106][T25705]  <TASK>
[ 1550.134027][T25705]  __i2c_transfer+0x79a/0x2020
[ 1550.138784][T25705]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1550.144581][T25705]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1550.150374][T25705]  ? i2c_transfer+0xc8/0x2d0
[ 1550.154950][T25705]  i2c_transfer+0x1cc/0x2d0
[ 1550.159439][T25705]  i2cdev_ioctl_rdwr+0x460/0x740
[ 1550.164366][T25705]  compat_i2cdev_ioctl+0x59f/0x5c0
[ 1550.169467][T25705]  ? __pfx_compat_i2cdev_ioctl+0x10/0x10
[ 1550.175087][T25705]  ? __fget_files+0x3a0/0x420
[ 1550.179759][T25705]  ? __fget_files+0x2a/0x420
[ 1550.184349][T25705]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1550.189885][T25705]  __ia32_compat_sys_ioctl+0x5ea/0x950
[ 1550.195331][T25705]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1550.201299][T25705]  ? kmem_cache_free+0x187/0x630
[ 1550.206226][T25705]  ? __se_sys_futex_time32+0x3ab/0x440
[ 1550.211680][T25705]  ? rcu_is_watching+0x15/0xb0
[ 1550.216440][T25705]  __do_fast_syscall_32+0x20d/0x640
[ 1550.221622][T25705]  ? do_fast_syscall_32+0x33/0x70
[ 1550.226625][T25705]  ? asm_int80_emulation+0x1a/0x20
[ 1550.232155][T25705]  ? do_int80_emulation+0x274/0x4d0
[ 1550.237335][T25705]  ? trace_irq_disable+0x3b/0x150
[ 1550.242350][T25705]  do_fast_syscall_32+0x33/0x70
[ 1550.247184][T25705]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1550.253498][T25705] RIP: 0023:0xf7fc5f6c
[ 1550.257549][T25705] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 1550.277140][T25705] RSP: 002b:00000000f548650c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1550.285540][T25705] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000707
[ 1550.293497][T25705] RDX: 0000000080000a40 RSI: 0000000000000000 RDI: 0000000000000000
[ 1550.301455][T25705] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1550.309410][T25705] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1550.317365][T25705] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1550.325324][T25705]  </TASK>
[ 1550.328339][T25705] Modules linked in:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1550.333200][T25705] ---[ end trace 0000000000000000 ]---
[ 1550.375628][T25705] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0
[ 1550.387734][T25705] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 3d a9 39 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42
[ 1550.430782][T25705] RSP: 0000:ffffc90003a279d0 EFLAGS: 00010202
[ 1550.442592][T25705] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003
[ 1550.466174][T25705] RDX: ffffffff87f60c05 RSI: ffffffff8f7688b0 RDI: 0000000000001900
[ 1550.474169][T25705] RBP: 0000000000000001 R08: ffff888052210000 R09: 0000000000000002
[ 1550.516460][T25705] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000
[ 1550.524451][T25705] R13: 1ffff11006a3c6aa R14: 0000000000000002 R15: ffff8880351e3558
[ 1550.532865][T25705] FS:  0000000000000000(0000) GS:ffff888125566000(0063) knlGS:00000000f5486b40
[ 1550.546436][T25705] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 1550.553050][T25705] CR2: 0000000080042018 CR3: 000000003a3a6000 CR4: 00000000003526f0
[ 1550.566147][T25705] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[ 1550.576210][T14581] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[ 1550.576297][T25705] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1550.634769][T25705] Kernel panic - not syncing: Fatal exception
[ 1550.641189][T25705] Kernel Offset: disabled
[ 1550.645496][T25705] Rebooting in 86400 seconds..